CSX North America Presentations and Descriptions 

 

Essential
Sessions beneficial to all delegates.

Depth
Sessions shall be deep dives into a topic. These sessions require participants already possess foundational/working knowledge of the topic to maximize session effectiveness. Sessions may also cover new tactics and/or techniques within a topic area.


 

Track 1—Identify

111–The Art of Performing Risk Assessments

  Download Presentation

Ali Pabrai
CEO
Ecfirst

How do you know what to prepare for in your industry? Risks are rising, and continue to do so: 48% of breaches in the financial industry are the result of Web application attacks, while 34% are the result of DDoS attacks. A risk assessment exercise must be comprehensive and thorough. The results from a robust risk assessment exercise establishes the foundation for a credible cyber security program.

After completing this session, you will be able to:

  • Better understand what constitutes a thorough and comprehensive risk assessment exercise: What are core components of such an exercise? What should the scope & schedule be for such an exercise? What are compliance & industry mandates?
  • Learn how to integrate a technical vulnerability assessment and penetration test within the scope of a risk assessment plan
  • Experience walking through a sample risk assessment report to better understand and communicate key sections such as a Corrective Action Plan (CAP) to your team and leadership

121–A 180 View of the Cybersecurity Kill Chain

  Download Presentation

William Crowe, CISA, CISM, CRISC
IT Security Manager
Citizens Property Insurance Corp

Newton's law describes "for every action there is an equal and opposite reaction", the 180-degree view of the ISACA Cyber Security Kill Chain identifies in each phase an equal and opposite reaction. Once we have identified the "view" we then look at the risks posed. Where are they in the Cyber Security kill chain; how do they affect my organization and, are they critical or low-risk? Preventative measures will be discussed as outlined in the Cyber Security Fundamentals study guide.

After completing this session, you will be able to:

  • Identify phases of the Cyber Security kill chain
  • Discuss the opposite action (180-degree view) of the Cyber Security kill chain
  • Discuss the risks posed by the 180-degree view of the ISACA Cyber Security kill chain
  • Describe preventative measures that can be put in place

131–Classified or Just Classy - Kicking Ass(ets) with Data Classification

  Download Presentation

Reg Harnish, CISA, CISM
Chief Security Strategist
GreyCastle Security

Abraham Lincoln said, "if I had 6 hours to chop down a tree, I'd spend the first 4 sharpening the axe." If you're implementing security controls before classifying your assets, you're swinging a dull axe! Data classification is often an afterthought or skipped altogether. Join GreyCastle Security as we explore the barriers to classification, demystify the process and demonstrate how classification can save organizations’ time, money and energy.

After completing this session, you will be able to:

  • Correctly classify and rank assets
  • Gain efficiencies in classifying assets and data to save time
  • Classify data - therefore mitigating risks
  • Have a comprehensive policy implemented at your company

141–Threat-Centric Vulnerability Management

  Download Presentation

Kevin Flynn
Director of Product Marketing
Skybox Security

Monetarily-motivated attacks are by far the most prevalent cyberthreat to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. Learn how distributed cybercrime is forcing a rethink in vulnerability management and see how a threat-centric approach improves prioritization based on exploits in the real world, powering imminent threat response as well as gradual risk reduction.

After completing this session, you will be able to:

  • Gauge the attack-preparedness of your organization: the success of vulnerability management programs will be based on ability to combine security operations, analytics and reporting (SOAR) data with real-world threat intelligence
  • Augment gradual risk reduction with imminent threat elimination: impactful vulnerability management programs continually target a certain percent of their known vulnerabilities while prioritizing those exploited in the wild for immediate remediation
  • Systematically reduce the attack surface: vulnerabilities with available or active exploits pose the greatest risk for attacks; having processes in place to continuously root out such vulnerabilities will give have major impacts on security status
  • Mature your security program: the threat-centric approach provides the needed intelligence to focus limited resources where they will have the most impact, improving efficiency as well as security

151–Best Practices for Proactive IT Governance

  Download Presentation

Berk Algan, CISA, CGEIT, CRISC
Director, IT Governance
Silicon Valley Bank

In this session, learn how this innovative banking institution evolved their IT Governance Framework from a reactive firefighting mode to a proactive risk-based approach. A review of key components of their framework with real-life examples will also provide attendees with take-away templates and documents which can be leveraged upon your return to your own organization.

After completing this session, you will be able to:

  • Learn about a practical approach to creating an IT Governance framework
  • Understand the cornerstones of a proactive First Line of Defense model
  • Gain tools and knowledge to build an effective IT Governance framework and a proactive First Line of Defense model
  • Learn how to avoid common pitfalls when implementing proactive First Line of Defense model

211–Building Security in the Startup Culture

  Download Presentation

Ryan Kelch, CISM
Security Engineering Manager
The Climate Corporation

Building an information security program in any organization is hard. Now, imagine trying to sell it to an organization who firmly believes that they don't want it just because it will change their core culture. Impossible? No. Building a new security organization in the startup world takes finesse strategy, support, and a lot of patience. Learn how to talk the language of engineers and scientists, and be able to connect with leadership to tap into the heartbeat of the company to create change by thinking differently about building security. Learn what it takes!

After completing this session, you will be able to:

• Understand why building a security team in a startup is harder than building one in a more traditional organization
• Identify the best parts of the organizations to build relationships with for support and initial identification of issues
• Understand challenges of performing risk assessments in a non-traditional technology landscape with staff who are highly intelligent and likely to challenge you at every turn
• Understand high-level concepts that go into building a long-term strategy for developing an information security organization in a startup culture


221–Understanding the Risks of Smart Cities

  Download Presentation

Eduardo Cabrera
Chief Cybersecurity Officer
Trend Micro

As the urban population around the world continues to rise, both public and private sectors have begun investing in smart technologies to improve efficiency. Research reveals vulnerabilities that organizations must be aware of when developing or simply doing business in smart cities whose complex attack surfaces include both devices and critical infrastructure. Hear results from recent research on the exposed assets in the 10 largest U.S. cities and reveal the various vulnerabilities that governments, public companies, citizens and tech leaders must be aware of while gaining best practices and recommendations on how to secure data and devices.

After completing this session, you will be able to:

  • Understand the steps you can take to secure company data in an age of smart cities.
  • Learn to secure devices with in your home and work using network segmentation, data classification, and other techniques.
  • Understand smart city vulnerabilities that can affect your organization, including data in cloud servers, mobile app ecosystems, data transfers and more
  • Learn how to minimize the risk of critical infrastructure from attacks.

231–Where Cybersecurity Strategy (Risk Management) and Practical Deployment Meet

  Download Presentation

Miranda Ritchie
Manager
Security Intelligence Analyst Group

A Risk-based Strategy is in great demand for all organizations, but how do you formulate a risk approach that can realize a practical deployment? Are there practical examples of how to do this and can you use them to be effective in stopping the wide array of threats facing your organization? Where do you start and what tools and customized frameworks can help you to move beyond compliance to a Risk-based strategy that your management understands and supports? Take it past just a strategy and risk approach to a practical reality.

After completing this session, you will be able to:

  • Learn about Risk-based Strategy.
  • Understand how you formulate a risk approach that can realize a practical deployment
  • Learn where you start & what tools can help with risk based strategy
  • Learn to get past strategy and to the practical reality

241–Company Risk Management w/IT Supply Chain

  Download Presentation

Carlos Carrion Rodriguez
IT and ERP Advisor
Caribbean Investment Partners SRL

 

 

Ana Martinez
Accounting Advisor
Caribbean Investment Partners

The performance of the IT supply chain can be affected by adverse events entering the system and affecting all exchanges of products, services and information between actors as a supply chain network. The management of these events is known as Supply Chain Risk Management (SCRM) which is defined as a collaborative set of tools for dealing with risk and uncertainty caused by, or having an impact on the activities, logistical, resources in holistic manner. In this context, it is important to study the influences of these actors to each other, their strategies, their convergences and divergences of objectives and their balance of power to a better risk management. The purpose of this paper is to apply MICMAC, MACTOR (Matrix of Alliances and Conflicts: Tactics, Objectives and Recommendations) and Analysis Hierarchy Process AHP. Then, actors' convergences and divergences towards a number of issues and objectives associated with risk management are analyzed. Therefore, the most suitable risk mitigation strategies for each supply actor and objectives are constructed.

Through mitigation strategies risk according to the type of business established to achieve the objectives previously determined by Micmac, actors through MACTOR, and risk assessment with AHP, subject to the COBIT standard, is standardize and project security to all involved and engage with the company, including to implement and tracking using Balanced Score Card, not only with Risk Matrix. Identify as COBIT Risk Standard works with Risk Management and IT Tools for identification, assessment, implementation and tracking the results in order to minimize the risks and get the objectives evaluated.

Induct with practical exercises using Micmac, MACTOR, AHP, Risk Matrix, Data Mining, Dendrograms, Picalo and Balanced Scorecard for effective and evidencable Risk Management in the supply chain of IT services to the company

Plenament clarify the parameters and naming risks for the enterprise IT environment, such as Occurrence, Impact, Consequence, Attitude, Aptitude, relevance, and others of the COBIT standard for application software.

Knowing applications of the Micmac to establish the consolidation of influence and dependence between all variables and ways of thinking about some topic to analyze with unlimited amount and level of participants.

After completing this session, you will be able to:

  • Apply in data analysis or Auditing the Segmentation of large amount of data to establish behaviors, groups or trends cases derived from information using high level software, with the Dendrograms
  • Understand the methods and techniques of data segmentation (clustering) to interpret levels of convergence or divergence based on facts provided by the data that can be large and to interpret the Dendrograms
  • Compare and contrast the steps and tools of data segmentation methods according to the nature of its origin and objectives of the study that belong, compared with Dendrograms and the R-system software and the MS Excel Add-In
  • Understand the importance of Dendrograms types, as performed and interpreted with R-system software and the incorporating Dendrograms by Microsoft in Add-in UNISTAT Excel with spreadsheets, ideal for Auditor

251–Cybersecurity: Getting the Business Engaged

  Download Presentation

Allan Boardman, CISA, CISM, CGEIT, CRISC
Director, Business Information Security Officer
GlaxoSmithKline (GSK)

Business executives need help in understanding that cyber security is critical to their business operations and that it can no longer be regarded as solely an IT issue. This presentation will provide a practical approach cyber professionals can follow to help their businesses understand and have better context and knowledge of the cyber related risks within their enterprises. Based on a case study, you will step through a staged process in a workshop format which you can then use afterward to help your businesses risk assess the cyber threats to your most critical information assets. This will cover identification of the most critical information assets, assessing the main threats and attack scenarios, risk assessing the scenarios to determine the appropriate controls, exploring the processes and controls currently in place, identifying the main gaps and, agreeing action plans to remediate the control deficiencies.

After completing this session, you will be able to:

  • Understand and appreciate some of the key challenges the businesses face in trying to manage cyber threats
  • Adopt a structured approach to helping the business identify cyber threats and risk scenarios applicable to their own businesses
  • Follow a risk based approach to managing cyber security from a business perspective
  • Be armed with more effective tools and best practices to engage with their businesses on cyber security and follow a business-driven security strategy

311–Building Next-Gen Cyber Professionals

  Download Presentation

Ronald Woerner, CISM
Senior Cyber Security Architect
Bellevue University

We need more people with cyber smart skills, but many aren't educated on the underlying security and technologies. How will we develop them? As the US CyberPatriot cyber security competition mentor of the year, Professor Woerner will talk about his experiences in coaching hundreds of high school and college students in information technology and security. This esteemed educator will show you tips, tricks and techniques for teaching security for all levels of students and employees. This session explains through stories, case studies and demonstrations why and how these this future workforce needs to learn these skills in a fun and ethical way, through hacking, games, and competitions. Let's work together to raise the next generation of cyber warriors!

After completing this session, you will be able to:

  • Analyze solutions for teaching, mentoring, and coaching all levels of students in cyber security technologies and practices
  • Employ concrete ways for advancing the cyber security workforce to meet today's and tomorrow’s needs using hacking, games, and competitions
  • Identify opportunities for the cyber security workforce to balance their IT investments and maintain support for a robust cyber defense capability
  • Better invest in human capital with relevant cyber security training and education

321–Red Team Assessment - How to Get Started

  Download Presentation

James Bothe
Director of Operations
Coordinated Response

 

 

James Meyer, CISM, CRISC
Managing Director
Coordinated Response

This session presents a red team methodology based on the Sandia National Laboratories’ Information Design Assurance Red Team (IDART™) and the Institute for Security and Open Methodologies’ (ISECOM) Open Source Security Testing Methodology Manual Version 3 (OSSTMM). IDART provides a high-level approach to the development and implementation of a Red Team exercise. OSSTMM provides a detailed, granular framework that complements the IDART approach. This session identifies missing details or gaps in IDART that are addressed by OSSTMM. Throughout, a Red Team exercise will be discussed. Rules of engagement for the exercise will be developed with input from the audience along with the details of the Red Team test plan. A copy of the Red Team Development Methodology has been uploaded for attendees to have access to this document, along with the electronic version of the presentation.

After completing this session, you will be able to:

  • Discuss the challenges and benefits of using Red Team testing as part of a Cybersecurity assessment program
  • Recognize the challenges and sensitivities of Red Team testing
  • Describe the rules of engagement for a Red Team test including their development and review
  • Determine when to deploy a Red Team and whether to use an internal team or engage a third party


Return to Event Page >>

 

Track 2—Protect

112–Internet of Things (IoT): Privacy, Security and Regulation

  Download Presentation

Salar Atrizadeh, Esq.
Attorney at Law
Law Offices of Salar Atrizadeh

Concerned about the legal aspects of what is connecting to what – and where your organization may be liable? This session will discuss the important legal facts of IoT, big data and related challenges through discussion, data and statistics review, as well as analyzation of various court cases and relevant state, federal, or international laws.

After completing this session, you will be able to:

  • Understand major security concerns associated with IoT and how data security is affected by this technology
  • Gain a better understanding for the common reasons of network breaches, including: Hackers, Malware, Network breach (e.g., DoS/DDoS/PDoS attacks), Malicious insider (e.g., disgruntled employee), or Mobile devices (e.g., BYOD)
  • Better understand legal aspects regarding IoT; how is privacy affected by using this technology and how is security is being affected by this technology
  • Learn which governmental agencies regulate this technology, what are applicable rules and regulations and, what differentiates North America from Europe in regard to government rules and regulations
  • Better anticipate what legal aspects you should be concerned about in the future

122–Encryption: Policy to Practice

  Download Presentation

Ali Pabrai
CEO
Ecfirst

Firewall systems are the first line of defense. Encryption is the last line of defense. In between these two lines of defense, businesses deploy a multitude of security controls to prevent unauthorized access and tenacious attacks. How prepared is your organization to reduce the risk associated with breaches and non-compliance with security mandates? Encryption is one of several dozens of possible security controls. Serious thought must be expended in understanding options to ensure encryption capabilities are appropriately implemented consistently across your enterprise.

After completing this session, you will be able to:

  • Examine encryption mandates defined in HIPAA Security, HITECH Act, PCI DSS, State regulations and more
  • Review specific areas that encryption can have a significant impact in lowering enterprise risk, while improving compliance posture.
  • Step through core elements of an encryption policy to address both at rest and in motion requirements.
  • Understand how to simplify the use of encryption in your organization, and do so consistently

132–Cyber Crime & Terrorism

David Darnell, CISA, CISM
CEO
Systrends

State supported teams of “bad actors” have developed cyber threats and cyber weapons to successfully challenge the defenses of any nation’s critical infrastructure. This presentation will analyze and show details of the current top cyber threats and vulnerabilities that are enabling cyber crime & cyber terrorism. In addition, a review of possible best defenses along with disaster preparedness will be presented, including case study analysis about protecting the power grid and the welfare of key personnel.

After completing this session, you will be able to:

  • Describe and have a better awareness of power grid cyber threats
  • Describe cyber terrorism threats & "kill lists"
  • Explain possible defenses to cyber terrorism
  • Better understand and explain disaster preparedness for cyber terrorism

142–Data Loss Prevention Program

  Download Presentation

Aravindan Ganesan, CISA, CISM, CRISC
Consultant

Recent public security breaches have severely impacted brand images and revenue of the companies involved. It isn’t easy, but one of the best security solutions is to implement a carefully analyzed, planned and on-going data loss prevention and employee awareness program to avoid any data leakages and security breaches.

After completing this session, you will be able to:

  • Know better how to use one of the best ways of preventing security breaches
  • Learn various methods to identify sensitive and confidential data
  • Understand concepts of data loss prevention and several modules of data loss prevention, including data-at rest, data in use and data in transit
  • Prevent or block hackers or users copying or sending confidential and sensitive information outside your corporate network

152–Sex, Lies and Mobile Devices

  Download Presentation

Reg Harnish, CISA, CISM
Chief Security Strategist
GreyCastle Security

The device in your pocket has become the Big Brother we always feared and you agreed to it. Join GreyCastle Security as we demystify the security and privacy risks of your smartphone and provide practical tips for dealing with this new phenomenon.

After completing this session, you will be able to:

  • Create effective BYOD policies for your company
  • Understand risks associated with mobile devices
  • Understand what exactly you agreed to with devices
  • Understand how to better train employees when it comes to mobile device usage

212–Trends in Cyber-Law 2017

  Download Presentation

David M. Adler, Esq.
President
Adler Law Group

Intellectual Property rights (copyright, patent, trademark, trade secrets) and information technology systems each play a crucial role in business competitiveness. In order to realize the full potential of a company’s intangible business assets, it is necessary to be able to identify, locate and safeguard their disclosure and use. Cyber Security plays a crucial role in managing these internal and external business and legal risks. This “Hot Topics” discussion is a snapshot of developments in law, policy, regulation and court cases focusing on privacy and civil liberties, identity, cyber-conflict, IoT, standards, corporate structuring and the international technology marketplace.

After completing this session, you will be able to:

  • Understand how developments in smart home devices are creating new cyber security challenges
  • Learn how changes in regulatory agency policies and personnel are creating new privacy risks and opportunities
  • Identify new legal cases affecting business operations
  • Recognize new business and legal risks in relationships with customers and vendors and, implement changes to mitigate such risks

222–Under the Unfluence - Dark Side of Hacking

  Download Presentation

Ronald Woerner, CISM
Senior Cyber Security Architect
Bellevue University

People are the easiest hack. This session explains how malicious hackers influence or (or, “ unfluence”) their victims using social engineering to bypass security controls. This topic is often overlooked within both physical and information security programs, but you cannot effectively manage security without understanding people. Security professionals should understand how and where human hacking happens, so they can detect, deter, and prevent it.

After completing this session, you will be able to:

  • Identify how human hackers use psychology and persuasion methods for bypassing technical and non-technical security controls
  • Integrate simple techniques to protect, detect, and defeat social engineering techniques both on-line and in real life
  • Assess risks associated with human vulnerabilities in order to better introduce and manage compliance and governance within the business infrastructure
  • Develop and deliver simple and effective security awareness campaigns to address human hacking

232–Blockchain, Transforming Cybersecurity

  Download Presentation

Gerard Daché
President
Government Blockchain Association

 

 

John McCarthy
Security Engineer
Systems Criteria

According to Forbes Magazine, the blockchain will transform everything from banking to government to our identities. The blockchain increase security by reducing identity theft, preventing data tampering, and preventing denial of service attacks.

After completing this session, you will be able to:

  • Discuss how blockchain technology addresses protecting identities
  • Recognize how blockchain technology addresses protecting data integrity
  • Identify how blockchain technology addresses protecting critical infrastructure
  • Develop a plan to integrate Blockchain technology into a cyber security program

242–Digital Certificates—Next Black Market

  Download Presentation

Tim Bedard
Director, Digital Trust Analytics
Venafi

All businesses and governments rely on digital certificates—in datacenters, on desktops, on mobile and IoT devices, and in the cloud. The new digital certificate black market is undermining our cyber security foundation. If secured, certificates can still be effective in protecting communications, commerce, critical systems and data, and mobile and user access. This session will include survey results on enterprise digital certificate usage and growth while stepping through a couple of attack reconstructions to learn how rogue and stolen SSL/TLS, mobile and user certificates are being used to undermine security. Guidelines will be provided on how to protect, detect, and respond to these attacks and improve the effectiveness of your other security controls.

After completing this session, you will be able to:

  • Know the different digital certificate use cases for encryption and authentication to have a holistic view of the attack surface and potential exposure
  • Understand how certifications are misused in attacks based on reconstructions of real-world attacks
  • Fix policies and processes to mitigate certificate vulnerabilities
  • Increase efficiency of existing security controls by improving and integrating certificate management

252–Top 7 Security Solutions for PCI DSS

  Download Presentation

Aravindan Ganesan, CISA, CISM, CRISC
Consultant

PCI DSS standards affect financial institutions, healthcare providers, transportation service providers, the food and hospitality industry, & payment service providers, among many others. For many organizations, achieving and maintaining PCI compliance requirements can be challenging and time-consuming.

After completing this session, you will be able to:

  • Use best methods to prevent security breaches
  • Know how to secure the systems and reduce the scope of the PCI DSS requirements
  • Protect a Merchant or Service Provider’s image and reputation
  • Have peace of mind regarding PCI DSS compliance

312–Sprinting to Cybersecurity in 30 Days

  Download Presentation

Bryan Murphy
Director - Consulting Services, Americas
CyberArk

Regaining control of privileged credentials is a top priority for breached organizations. Cyber attackers often use simple attacks like phishing emails to compromise privileged credentials, turning end-point malware infections into attacks on a businesses’ critical assets and sensitive information. Based on lessons learned from actual data breaches at Global 1000 organizations, this session will: walk attendees through the common attacks their organization could face; share insights gained from rebuilding IT controls in a post-breach environment; provide a framework for applying the same controls that could have prevented the breach in 30-days or less. Attendees will also receive a framework to implement the most important steps security teams should take over a 30-day period to drive a proactive, measurable security program that prioritizes the first actions in a post-breach environment – securing privileged credentials and rebuilding trust in their IT infrastructure.

After completing this session, you will be able to:

  • Apply the specific lessons organizations learned from actual data breaches
  • Gain an understanding of the full scope of privileged-account related risks and how susceptible the participant’s organization may be
  • Sharpen your knowledge of the cyber-attack techniques used against major organizations, and how to explain these techniques – and the company’s corresponding security strategy – to executives and stakeholders
  • Assess the cyber-risks your organization is facing, determine the levels of susceptibility to these risks based on an analysis of existing security controls, and how to prioritize mitigation
  • Implement a proactive, measurable security framework based on post-breach experiences as vetted by more than 1000 Global CISOs to place key controls on privileged credentials in 30-days or less

322–The Human Exploitation Kill Chain

  Download Presentation

Ira Winkler
President
Secure Mentem

If a single user action can create major damage, the entire security program is a failure.

Humans are the primary attack vector for advanced attacks according to just about every source. There needs to be in-depth defense for human vulnerabilities. Given the pervasiveness and resulting damage, companies generally push out videos and launch phishing simulation campaigns. As attendees realize, these efforts still fail in preventing attacks with security professionals then deeming such awareness efforts as a waste of time and money. Human vulnerabilities should not have to be mitigated with awareness related activities alone. By preventing the attack from reaching the human, you can stop the damaging action, which stops the action from having a negative impact. This interactive and engaging presentation will discuss these concepts in detail.

After completing this session, you will be able to:

  • Understand what a Kill Chain is and know how to use it to determine how to better protect a network, detect potential attacks in progress, and react appropriately to minimize damage
  • Identify not only user failures, but the technology that should have prevented that failure
  • Work your way through a phishing attack to see how the kill chain is implemented for phishing, the most common human attack vector
  • Examine your own environment to determine how to minimize the opportunities for users to commit the wrong actions


Return to Event Page >>

 

Track 3—Detect

113–Cloud Security - Detecting Digital Dangers

  Download Presentation

Robert Brzezinski, CISA
Principal
Bizwit LLC

Cloud solutions have transitioned from Shadow IT to Main Street IT. Are your business users pushing for Cloud solutions adoption to improve systems scalability, agility and potentially cost efficiencies? In this presentation, you’ll learn what to look for when selecting Cloud Service Providers and whether cloud solutions can improve an organization's security and/or security audit capabilities. Through an overview of Microsoft Azure’s security and compliance, Azure security tools and functionality, you’ll learn what can help you manage information privacy, security and compliance risks.

After completing this session, you will be able to:

  • Understand why cloud solutions may be advantageous for organizations. Understand and use resources to verify cloud services providers (CSP) trust and compliance, review and verify CSP security controls, GRC reports and attestations
  • Understand the concept of shared security responsibility in SaaS cloud solutions, use audit and security tools built into Office 365/Azure environment to protect user’s credentials and identities
  • Learn and compare Azure system's visibility, security and compliance capabilities with other Cloud Service Providers offerings and solutions to make the best decision for the organization’s goals and objectives

123–Understanding Covert Channels of Communication

  Download Presentation

Professor Claudio Cilli, CISA, CISM, CGEIT, CRISC
Cyber Security & Cyber Intelligence Specialist Faculty
University of Rome

Covert channels will be explained through examples taken from real-world examples in addition with demonstrating usage of specialized tools to help combat this threat. Special attention will be paid on how to identify covert channels and to prevent data leakage from your enterprise.

After completing this session, you will be able to:

  • What are covert channels and how they work
  • Understand steganography principles and message hiding techniques
  • Discover covert channels and perform basic steganalysis
  • Set proper countermeasures to prevent data leakage

133–Insider Risk: Automated or Manual Data

  Download Presentation

Amy Boawn, CISM
Senior Lead Technologist
Booz Allen Hamilton

 

 

Chris White, CISSP
Senior Associate, Chief Engineer, Commercial Data Protection
Booz | Allen | Hamilton

As organizations develop holistic insider risk programs, they face the daunting task of aggregating disparate data sources to enable improved detection and early response . Insider risk programs aggregate data to detect risks. Although expensive & time-consuming, automated tools enable analysis of more data with less staff. This session will provide a comparison of the pros/cons of analytics with manual correlation based on industry & size.

After completing this session, you will be able to:

  • Recognize the advantages and disadvantages of using analytic dashboards as part of an insider risk program
  • Recognize the advantages and disadvantages of using manual data correlation and analysis as part of an insider risk program.
  • Understand how the level of regulation in an industry impacts the analytics approach decision
  • Understand how the size of an organization impacts the analytics approach decision

143–Taking Risk Measurement Seriously

  Download Presentation

Jack Jones, CISA, CISM, CRISC
EVP R&D
RiskLens, Inc.

The business, technology, and cyber threat landscape is complex and dynamic. At the same time, resources for managing the risk within this landscape are invariably limited. This combination of factors makes it imperative that your organization fully understand the very serious importance of measuring risk management.

After completing this session, you will be able to:

  • Recognize the systemic effect of poor risk measurement in achieving risk management objectives
  • Understand most common factors that drive poor risk measurement
  • Overcome poor risk measurement practices
  • Learn steps you can take to overcome obstacles to provide better risk measurement within your organization

153–Optimize Defenses Against Invisible Threats

  Download Presentation

Alex Holden
President & CISO
Hold Security, LLC

How do you defend against the unknown? Learn from hacker successes - and mistakes - to build a better defense infrastructure. We will examine real-world examples where detection of hacker behaviors can lead to your organization’s successes or failures. Through looking at examples of large scale e-commerce abuse, financial system manipulation and corporate infrastructure compromises we will demonstrate how hacker successes can become their downfalls with proper defense scaling.

After completing this session, you will be able to:

  • Understand current hacker abuse techniques in corporate and consumer environments
  • Identify effective behavioral detection methodologies
  • Understand scalable defenses against unknown or unpredictable attacks
  • Understand the difference between signature, behavior, and technique attacks matching in identification

213–Anatomy of a Phish: Why and How Spam Works

  Download Presentation

Marcelle Lee, CSX-P, GCIA, GPEN, GCFA, GCIH, GISF, GCCC, C|EH, CCNA
Cybersecurity | Digital Forensics | Education & Training
Lookingglass Cyber Solutions

Phishing continues to be successful and no one is immune. Phishing attempts can allow access into your organization despite multiple layers of network defense. The level of sophistication of these attempts has been rising, and it is becoming increasingly more difficult to defend against them. In this talk, we will cover the psychology behind phishing, and will explain targeting techniques. Insider threat does not necessarily mean malicious insider activity. In fact, it is much more common for insider threat to be the result of inadvertent clicking on links or downloading malicious attachments.

After completing this session, you will be able to:

  • Demonstrate these technical aspects using a variety of exemplar phishing emails and associated methodology
  • Discuss how to arm your organization against these attacks by leveraging engaging cyber education for your employees

223–Managing the Space-Time Continuum of Cyberdefense

  Download Presentation

Tony Sager
Senior Vice President and Chief Evangelist
CIS (Center for Internet Security)

Attackers in cyberspace seem overwhelming, but they are not superhuman. Attackers also have a budget, a boss, an objective, and their own “risk model” of behavior. Our goal is not to create a perfect defense, but instead to dynamically manage defenses that: force the attacker into less space; and allow the defender to deal with them earlier in time. Narrowing the attack surface through prevention, threat intelligence, interrupting their life-cycle, raising visibility, rapid detection and effective response – these are all crucial defensive actions that need to be seen as part of a holistic cyberdefense machine that manages space and time to defensive advantage.

After completing this session, you will be able to:

  • Holistically and effectively organize your overall cyberdefense program
  • Make use of dynamic models of defense, like Kill Chains, Attacker Models, etc
  • Implement information management strategies that keep your defenses current and more effective
  • Better assess your enterprise for defensive gaps and opportunities for improvement

233–Know Your Adversary: A Live Hack Simulation Using NSA's Stolen Digital Weapons

  Download Presentation

Vinny Troia
CEO, Security Consultant
NightLion Security

When NSA's digital armory was leaked, it was only a matter of time before the code was morphed into a ransom seeking worm. What do these tools mean for the average user? How can they protect themselves? This talk aims to educate the audience by providing a history of these digital weapons, a demonstration of how they are used, and a demonstration a LIVE HACK of a virtual environment. We will show the ease in which these digital weapons can be downloaded and used by a novice user to infiltrate even the most secure networks, and we will provide users with a better understanding of how they can secure their company systems against these and future attacks.

After completing this session, you will be able to:

  • First-hand view of the tools being utilized by the NSA and other nation state agencies
  • Live demonstration of easy in which a novice user can download and learn how to use these tools
  • Live hack recordings from an actual pen test
  • Learn how to defend against these attacks!

243–Practical Physical Security Detection

  Download Presentation

Kevin Dunn
Technical VP
NCC GROUP

Physical security practices are often overlooked when considering the overall security posture for a company. While simple common-sense tells us we should control access to an office or facility, the means by which organizations choose to do this are often found to be lacking or easily defeated. For many companies, considering physical security practices is prioritized lower than other methods of security. The abuse of a weak physical security posture can be used to bypass technical protections, undermine your perimeter protections, or generally go ‘straight for the gold’ when attacking an organization’s most critical assets.

This presentation will highlight the key ways in which most companies are found lacking in physical security design, implementation and policy. Methods used most often to bypass weak physical security will be demonstrated and combined with simple defenses you can use to stop these physical breaches.

After completing this session, you will be able to:

  • Understand the common physical security weaknesses that plague most companies
  • Understand the bypass techniques used to defeat expensive physical protection systems and equipment
  • Identify how to analyze at physical security in your organization
  • Create a road map to detect & defend against physical security vulnerabilities

253–P0wned M4ch1n3 - Recovery Tips for SMBs

  Download Presentation

James Woods, CISA, CRISC
CEO/Founder
Exposed

Stealing merely requires something of interest to be taken. Whether the action of theft was through direct use of force or a perceived use of force is unimportant in cyberspace; layers of anonymity exist. Cyber security is a business owner’s responsibility. Without a formal recovery plan, internal controls may be needed to even qualify for reimbursement of business losses with creditors and/or insurers. Often, Small and Medium-sized Businesses (SMBs) will stop doing business permanently. This session will consider SMBs to lack essential resources and experience to investigate and track a sneaky, sophisticated, nation-state perpetrator. Learn cost-benefit analysis basics, common qualifications to receive protection with creditors and/or insurers, and evaluate whether crisis recovery is appropriate for Small/Medium-sized Business. Instead of following typical guidance to recover from a cyber incident through focused security efforts and highly specialized response teams, a practical path forward will be outlined to evaluate the appropriateness of crisis recovery for SMBs.

After completing this session, you will be able to:

  • Identify uncodified controls for any online business presence
  • Identify a data gathering process to facilitate cost-benefit analysis for SMBs
  • Evaluate qualifications for SMBs to receive protection following a cyber incident
  • Evaluate appropriateness of crisis recovery for SMBs

313–Extending COBIT 5 - Continuous Enforcement

  Download Presentation

Vincent Lam
Global Head of Corporate Marketing
Protegrity

As the nature of today’s enterprises becomes more inter-connected and collaborative, the notion of securing network perimeters has become less relevant. Connected, collaborative enterprises need more than a perimeter, access control, and process. Today’s enterprise security needs to consider the entire enterprise ecosystem. They require data centric/person centric security by design. This presentation covers extensions to COBIT 5 to ensure sensitive data is better governed and attempted access violations are blocked, monitored and detected. This requires that data—especially non-public sensitive or regulated data--be governed better. We need to have what Ann Cavoukian, Ph.D. calls “data security/privacy by design”. In this presentation, we will cover what is required to extend COBIT 5 to ensure that the data access rules are established, monitored and enforced.

After completing this session, you will be able to:

  • Share COBIT 5’s security and data prescriptions and why they remain an extremely important enterprise baseline
  • Explain why enterprise CIOs and CISOs have determined perimeter based security and access control plus great process only take enterprises so far
  • Explain why data flying all over the place needs data-centric/person-centric security
  • Explain data-centric security and privacy by design
  • Explain what is required to extend COBIT 5 controls to ensure that particularly sensitive or regulated data is better governed and protected

323–Vulnerability Management is NOT Dead (Despite our Best Efforts to Kill It)

  Download Presentation

Nathan Wenzler
Chief Security Strategist
AsTech

We're constantly looking for innovative ways to achieve compliance and execute sound governance. But, the answer may not be latest and greatest technology, but rather a focus on using what you already have to its fullest potential. Organizations everywhere already possess some form of vulnerability management toolsets, managing credentials and performing Q&A on applications and code. These programs have been around for a long time, and aren't considered as effective as the "latest and greatest" tools. Can a tweaking of these basic security tools operate in your environment, strengthen the effectiveness of new tools, but also lower overall costs, increase operational efficiency AND allow you to mark the compliance checkboxes - simply by rethinking how these programs are leveraged? This session will examine how these security fundamentals are being disregarded, how they can empower your broader security program in many ways, and how you can use this to reduce risk, achieve compliance and make future security program improvements easier.

After completing this session, you will be able to:

  • Identify security tools and functions already in use today that can be leveraged more fully to empower the rest of your security program
  • Understand how better utilizing these fundamental security tools can drastically improve the effectiveness of other advanced security tools
  • Learn how to optimally implement these basic tools to gain both operational efficiency and satisfy compliance requirements
  • See examples of how to achieve greater ROI for existing security tool investments by using detection tools and processes to empower more active security controls


Return to Event Page >>

 

Track 4—Respond

114–Cyber Hunt Operations of Cyber Criminals

  Download Presentation

Jarrett Kolthoff
President/CEO
SpearTip, LLC

Cyber Security responsibility now lays squarely on the shoulders of Directors, Senior Executives and “C-levels”. This real-world cyber counterintelligence case study analysis will assist today’s business leaders in overseeing and implementing cyber risk management initiatives. Highlighting core tenets of Cyber Counterintelligence, this session will introduce the technical means of identifying and countering cyber-criminal activity. You will be exposed to host-based and network incident response / digital forensic tactics utilized and will discuss the process of collecting several disparate evidentiary elements and combing the technical data within a Fusion Cell methodology, which you can then utilize at your own enterprise.

After completing this session, you will be able to:

  • Prepare Senior Executives and Directors to identify risk, prioritize threats, and create board-level governance for cyber threat management by developing a strategic roadmap within their own organization
  • Understand the deployment of "magic quadrant" technologies and how to prepare for the breach, including being exposed to these critical lessons learned from real-world case studies
  • Develop a process of collecting several disparate evidentiary elements and combine the technical data within a Fusion Cell methodology that can be implemented within your own organization
  • Leverage internal expertise and combine external resources to include developing a roadmap for training of internal personnel

124–Practice What They Breach

  Download Presentation

Simone Petrella
Chief Cyberstrategy Officer
CyberVista

How many security leaders get to feel the pressure of a breach beyond mitigating the incident? Understanding the executive perspective will help practitioners better understand how their positions fit within the full corporate ecosystem. Security practitioners and leaders will participate in an interactive, near-real time role play session to understand the perspective of the C-Suite. Your facilitator will guide the group through a scenario aimed at understanding the top-down questions, needs, and response during an incident as a way to build a better business lexicon for practitioners seeking to bridge the gap between management and IT security.

After completing this session, you will be able to:

  • Describe and comprehend the strategic-level impacts of a cyber attack at a major corporation through case study learning
  • Understand the roles and responsibilities of C-Suite executives during a cyber attack and their respective perspectives
  • Grasp the business decisions that have to be made due to impact on customers, vendors, investors, and fellow employees
  • Share best practices to better integrate technical remediation with the other components of crisis planning and response

134–eDiscovery, Computer Forensics and Data Collection

  Download Presentation

Salar Atrizadeh, Esq.
Attorney at Law
Law Offices of Salar Atrizadeh

The fact-finding process of discovery is a common and important staple in the course of litigation. In today's technological world, more people and businesses are choosing to store documents and information online, which poses procedural questions for the discovery process. Electronic discovery (a/k/a "e-Discovery") is an entirely new way to conduct discovery. The process includes restructuring or rephrasing discovery requests to include electronically stored information ("ESI") to seek relevant information such as, emails, text messages, online chats, or similar data.

After completing this session, you will be able to:

  • Understand electronic discovery
  • Explain what is electronically stored information
  • Recognize the issues arise that during e-Discover
  • Illustrate what data collection is and how is it relevant to e-Discovery
  • Discuss e-Discovery and arbitration
  • Discuss e-Discovery and international aspects
  • Discuss outsourcing e-Discovery and related issues
  • Understand the future of e-Discovery?

144–Diagnosing Incidents: Incident or Breach?

  Download Presentation

Mahmood Sher-Jan
CEO
RADAR, Inc.

 

 

Alex Wall, Esq.
Senior Counsel and Global Privacy Officer
RADAR, Inc.

Chances are your organization’s data will be, or already has been, exposed. Latest data reveals an employee clicks on malware every 81 seconds. This, plus cyber attacks, ransomware and employee negligence, puts sensitive information at constant risk. Properly diagnosing incidents is critical to comply with legal and contractual data breach obligations. Properly diagnosing and categorizing incidents is critical in order to comply with legal and contractual data breach obligations, reduce risk, and protect your reputation is imperative.

After completing this session, you will be able to:

  • Recognize differences between a privacy or security incident and a data breach and learn how to diagnose if it is a reportable breach
  • Understand the complexities of the data breach legal and regulatory landscape, how you fit into it, and what legal compliance requirements you must meet with each and every incident and breach
  • Put best practices into place to protect customers’ sensitive data, reputation, how to minimize risks, and fulfill compliance obligations with state and federal, and business partners
  • Understand how to make a determination for every incident by performing a documented multi-factor incident risk assessment

154–IR Decisions - Make them all Beforehand!

  Download Presentation

Matthew Harvey, CISA
Director of Advisory Services
Anchor Technologies

Under the pressure of an active intrusion, decision-making is often rushed or paralyzed. Incident response requires technical skills, but it also is an exercise in decision-making; the right decisions made in a timely manner drives efficient, effective incident response. How? The solution is to make all your key decisions beforehand when the pressure is off and everyone is thinking clearly with a detailed game plan. You will learn from some real-world experiences of incident response problems due to poor decision-making – and learn how to implement such a plan in your organization.

After completing this session, you will be able to:

  • Identify key areas of decision-making in incident response
  • Identify critical considerations for incident response decisions to avoid disastrous outcomes
    • Devise decision trees showing key inputs and parameters to drive efficient decisions in a crisis situation
    • Use examples and exercises to demonstrate to senior management in your organization the critical need for a decision-oriented incident response plan

214–SHA-1—Foreshadows Future Struggles

  Download Presentation

Phil Biegler
Vice President, Professional Services
Venafi

The industry just completed a migration away from SHA-1 certificates, and more mass certificate migration requirements are emerging. Hear real-world SHA-1 migration successes and pitfalls and apply these lessons learned to certificate replacement to be able to better prepare your enterprise to respond to these significant upcoming events.

After completing this session, you will be able to:

  • Set better expectations within your organization around future upcoming large scale certificate replacements—what’s coming and what’s needed
  • Compare your certificate replacement effectiveness against industry SHA-1 migration and Heartbleed remediation data
  • Comprehend the current debates around certificate rotation lifecycles, including any deadlines for shorter validity periods and what to do about them
  • Understand the best practices for addressing future large scale certificate replacements, including how to prioritize implementation and optimize infrastructure

224–3 Common Misconceptions in Incident Response

  Download Presentation

Alex Wall, Esq.
Senior Counsel and Global Privacy Officer
RADAR, Inc.

 

 

Mahmood Sher-Jan
CEO
RADAR, Inc.

Misconceptions in incident response management persist largely due to analysis of reported data breaches as opposed to data incidents. Breaches are far less common than incidents when there is a strong culture of detection, risk mitigation and compliance. This session will discuss the top three misconceptions in Incident Response and explain guidelines to help organizations combat common misconceptions in incident response and develop better processes to solidify incident response management efforts.

After completing this session, you will be able to:

  • Learn how to identify incident trends and root causes, to empower organizations proactively mitigate risks
  • Gain insight from the “near misses”—incidents that didn’t become public data breaches—to identify an organization’s greatest security vulnerabilities
  • Understand the lifecycle of an incident—from assessment to compliance—to better plan for the steps toward stronger incident response management
  • Learn how to be “incident ready” in order to better mitigate risks caused by incidents and breaches

234–Finding Ms Right: Cyber Drivers Wanted!

  Download Presentation

Greg Witte, CISM
Senior Security Engineer
G2, Inc.

 

 

Tom Conkle
Cybersecurity Engineer
G2, Inc.

Cyber security workers are often seen as serving within one big bucket called “The Cyber”. This lack of clarity leads to confusion about what’s needed, what’s available, and where “I” fit in the cyber universe. A lack of diversity compounds the problem: a recent ISACA study pointed out that nearly 9 in 10 survey participants are somewhat or very concerned about the low percentage of women in the technology sector. The CSX State of Cyber Security 2017 report showed just how important it is to demonstrate qualification and identify specific training for all. While information is available in well-respected frameworks, we need to apply these raw materials to the way we hire, train, promote and retain quality workers. This session explores how lab-based training, real-world proficiency exams, and well-known frameworks combine to find and keep the incident responders of tomorrow - encouraging diversity and innovation from a professional workforce.

After completing this session, you will be able to:

  • Understand how to leverage these existing frameworks (e.g., COBIT 5, Cybersecurity Framework, National Cyber Workforce Framework) to determine the applicable work roles for cyber event responders and other specific practice areas
  • Learn how specificity in work roles help provide a hiring, promotion, and retention strategy that motivates and supports an engaged workforce
  • Understand how to leverage skills and abilities to build actionable and accountable response and recovery strategies to help real people solve real challenges
  • Identify how to determine the best ways to seek and find truly qualified responders (and other cyber workforce candidates) based on knowledge, skills and abilities

244–DFIR for the IoT Filled Cloud Part 1

  Download Presentation

Andrew Neal, CISM, CRISC
President, Forensic Technology & Consulting
TransPerfect Legal Solutions

The IT landscape of today is vastly different from only a short time ago. Cloud, mobile, IoT, and SaaS have radically changed where data is stored and used. This has had a profound impact on how incidents are recognized and investigated.

The purpose of this 2-part session is to help responders, investigators, and managers understand the changes caused by the shift to these new technologies, and develop strategies to prepare for and anticipate the next wave of chang. The use of real world examples of cloud based storage discovery, investigating Alexa-type activity, and the implications of IoT based incidents will be featured.

After completing this session, you will be able to:

  • Discuss the fundamental changes occurring in how data is generated, stored and communicated
  • Identify those incident response and forensic concepts which still universally apply
  • Learn to apply the basic steps in the forensic acquisition and analysis process, regardless of data source
  • Develop a list of pre-incident policies that may set the stage for successful responses to cloud and IoT based events
  • Engage in forward thinking to anticipate where the changes in technology and data use may be taking us

254–DFIR for the IoT Filled Cloud Part 2

  Download Presentation

Andrew Neal, CISM, CRISC
President, Forensic Technology & Consulting
TransPerfect Legal Solutions

The IT landscape of today is vastly different from only a short time ago. Cloud, mobile, IoT, and SaaS have radically changed where data is stored and used. This has had a profound impact on how incidents are recognized and investigated.

The purpose of this 2-part session is to help responders, investigators, and managers understand the changes caused by the shift to these new technologies, and develop strategies to prepare for and anticipate the next wave of change. The use of real world examples of cloud based storage discovery, investigating Alexa-type activity, and the implications of IoT based incidents will be featured.

After completing this session, you will be able to:

  • Discuss the fundamental changes occurring in how data is generated, stored and communicated
  • Identify those incident response and forensic concepts which still universally apply
  • Learn to apply the basic steps in the forensic acquisition and analysis process, regardless of data source
  • Develop a list of pre-incident policies that may set the stage for successful responses to cloud and IoT based events
  • Engage in forward thinking to anticipate where the changes in technology and data use may be taking us

314–Attack, Investigate, Learn - Part 1

  Download Presentation

Keatron Evans
Managing Partner
KM Cyber Security

More and more CISO’s and executives are caught by surprise when there’s a breach or other major incident. They end up having to bring in a considerable amount of outside help at great cost, so…how do you improve or measure your incident response team’s technical capabilities? This technical presentation will feature live attacks which will then be investigated to show how technical incident response skills can be developed on your team so there is constant progress and positive knowledge transfer. By walking through technical demonstrations of attacks, explaining the attacks and continuing through technical demonstrations of performing forensics and investigations will result in a fun, engaging and enlightening presentation. A list of source files and a tools list will be provided ahead of time for attendees who wish to work through the technical exercises during these sessions.

After completing this session, you will be able to:

  • Explain how current attacks actually work and happen. You will then be able to recreate attacks in a scenario style to challenge or train, your own incident response teams
  • Recognize not so obvious signs of breaches and exfiltration
  • Apply proper network and packet forensics techniques and tools to close the gap and answer important breach questions in a timely manner
  • Assess when to engage which types of skillsets in a breach or other incident

324–Attack, Investigate, Learn - Part 2

  Download Presentation

Keatron Evans
Managing Partner
KM Cyber Security

More and more CISO’s and executives are caught by surprise when there’s a breach or other major incident. They end up having to bring in a considerable amount of outside help at great cost, so…how do you improve or measure your incident response team’s technical capabilities? This technical presentation will feature live attacks which will then be investigated to show how technical incident response skills can be developed on your team so there is constant progress and positive knowledge transfer. By walking through technical demonstrations of attacks, explaining the attacks and continuing through technical demonstrations of performing forensics and investigations will result in a fun, engaging and enlightening presentation. A list of source files and a tools list will be provided ahead of time for attendees who wish to work through the technical exercises during these sessions.

After completing this session, you will be able to:

  • Explain how current attacks actually work and happen. You will then be able to recreate attacks in a scenario style to challenge or train, your own incident response teams
  • Recognize not so obvious signs of breaches and exfiltration
  • Apply proper network and packet forensics techniques and tools to close the gap and answer important breach questions in a timely manner
  • Assess when to engage which types of skillsets in a breach or other incident


Return to Event Page >>

 

Track 5—Recover

115–Insuring Your Cyber Assets

  Download Presentation

Sean Scranton, CISA, CISM, CRISC
Director, Underwriting
RLI Corp

 

 

Natasha Richard
Cyber Liability Director
RLI Corp

Cyber Insurance – What is it? How does it work? Why is it so confusing? This session will demystify the current cyber insurance swamp of perplexing forms, high deductibles, hidden exclusions, and insurance companies that “never pay out”.

After completing this session, you will be able to:

  • Understand the current cyber insurance market landscape
  • Identify common coverages and exclusions
  • Ask for value-added services as part of coverage
  • Engage ERM and Security to determine appropriate coverages

125–Analyst View: Cybersecurity Jobs Workforce Review

David Foote
Co-founder and CEO
Foote Partners, LLC

The Internet of Things (IoT) is exploding: McKinsey is expecting a 32.6% CAGR between 2015 and 2020 as businesses look to IoT and digital technologies to enable new business models and transform business processes. However, nothing will happen without the people to build, support, and secure disruptive digital engagement. Join Foote Partners to learn about their analysis of the current/future state of Cybersecurity jobs and workforce evolution, as informed by proprietary deep-dive data from 3,100 US and Canadian employers, including reviews of jobs, salaries, and cash pay premiums for skills and certifications.

After completing this session, you will be able to:

  • Understand detailed duties/responsibilities; skills and knowledge; experience requirements for the entire family of cyber security jobs in 2017
  • Learn current salary and skills/certifications cash premiums for cyber security roles and jobs in 65 US and 18 Canadian cities from 3,100 employers surveyed in Foote Partners IT Professional Salary Survey, IT Skills & Certifications Pay Index
  • Understand infosec-to-cybersec transition of job paths and promotions from case studies of successful transitions (40+ industries) and how employers are building cyber security capabilities through internal skills development and external hiring
  • Learn first-hand about Foote Partners detailed forecast for cyber security jobs, skills, and workforce evolution over the Next 5 years

135–Practical Risk Response Using COBIT 5 Part 1

  Download Presentation

Mark Thomas, CGEIT, CRISC
President
Escoute

Challenges organizations face today are increasingly more complex, and they must constantly scan their environments to take practical steps for making risk-informed decisions that provide value for stakeholders. A core practice to accomplish this is to use the concept of risk scenarios as the starting point and basis of any assessment while constantly updating, communicating, analyzing and improving response plans based on a changing landscape. Join this practical, two-part hands-on workshop exploring the process of creating scenarios using a real-world case study where you will walk through the steps of the risk management cycle through to the response and recovery stages.

After completing this session, you will be able to:

  • Understand how to use techniques from various COBIT guides to effectively execute risk response and recovery plans
  • Learn how to create risk scenarios as a basis for an assessment, and link these to their effects on business goals which assists in the prioritization of recovery plans
  • Understand how to analyze and assess risks, determine appropriate responses and recovery planning techniques
  • Create an enterprise risk register that can be flexible, and tied to various other business risk processes

145–Practical Risk Response Using COBIT 5 Part 2

  Download Presentation

Mark Thomas, CGEIT, CRISC
President
Escoute

Challenges organizations face today are increasingly more complex, and they must constantly scan their environments to take practical steps for making risk-informed decisions that provide value for stakeholders. A core practice to accomplish this is to use the concept of risk scenarios as the starting point and basis of any assessment while constantly updating, communicating, analyzing and improving response plans based on a changing landscape. Join this practical, two-part hands-on workshop exploring the process of creating scenarios using a real-world case study where you will walk through the steps of the risk management cycle through to the response and recovery stages.

After completing this session, you will be able to:

  • Understand how to use techniques from various COBIT guides to effectively execute risk response and recovery plans
  • Learn how to create risk scenarios as a basis for an assessment, and link these to their effects on business goals which assists in the prioritization of recovery plans
  • Understand how to analyze and assess risks, determine appropriate responses and recovery planning techniques
  • Create an enterprise risk register that can be flexible, and tied to various other business risk processes

155–Teaching SMBs to Think Like an Attacker

  Download Presentation

Terry Bradley, CISSP, CEH
Chief Technology Officer and Director of Cyber Security Solutions
PLEX Solutions

Teaching SMBs to Think Like an Attacker

Small and Medium-sized businesses tend to have a product focus when they approach their cybersecurity protections. As a result, they are surprised when adversaries bypass their security mechanisms and their steal sensitive data. By learning to think like an attacker, SMBs can better identify their most pressing risks and prioritize their security investments. This talk is based upon the speaker’s experience performing penetration tests, security assessments, and incident response work in the commercial sector for the last three years and working as the lead of an internal Red Team for a large technology and strategy consulting firm prior to that.

After completing this session, you will be able to:

  • Identify the most common attack techniques using by Internet-based hackers
  • Assess your organization’s “attack surface” and ways to reduce it
  • Understand gaps in your security program from a NIST Cybersecurity Framework point of view
  • Create a stronger narrative to justify security program improvements

215–Cyber Warfare & the New Threats to Security

  Download Presentation

Claudio Cilli, CISA, CISM, CGEIT, CRISC
Cyber Security and Cyber Intelligence Specialist Faculty
University of Rome

The rules of cyber-war are comparable to the conventional, and is the last frontier of human insanity. Learn more about rules of cyber-war, how dangerous an information war can be and why it can be used against either a nation or a big company. Learn through real-life examples how to protect your critical infrastructure from information flooding and how to recover critical infrastructure functionality after a cyber-attack. Critical infrastructures: What they are and why they need to be protected.

After completing this session, you will be able to:

  • Learn more about the what and why of critical infrastructures – and how they need to be protected
  • Better comprehend cyber-warfare definition, techniques and rules
  • More completely prepare for cyber-warfare and how to protect your company from attacks
  • Know how to recover after cyber-attacks

225–Legal Issues with Third Party Risk

  Download Presentation

Shawn Tuma
Cybersecurity & Data Privacy Attorney
Scheef & Stone, LLP

Most people know the lesson of Target led to one of the most notorious data breaches in history. Third party / supply chain risk management became a priority afterward. In the wake of this, many federal and state agencies began to focus on the issue of third party risk and supply chain risk management. These agencies have now issued a multitude of regulations focused on legal and compliance requirements aimed at addressing third party risk. This session will explain key federal and state regulations and key contractual terms for business partners and examine best practices for ensuring compliance/IR.

After completing this session, you will be able to:

  • Understand what federal and state regulations for third party risk and supply chain risk management typically focus on in the cyber security context and what they require
  • Understand why contracts with third party business partners are one of the most important mechanisms for ensuring compliance with federal and state information security and data privacy regulations as well as cooperation with and allocating responsibility
  • Understand what key terms practical third party contracts need to include in order to satisfy the required information security and data privacy obligations as well as cooperation with and allocating responsibilities for incident response
  • Understand the most common areas of contention when negotiating third party contracts, learn effective strategies for resolving these issues, and learn strategies for protecting the company when the business partner is no longer compliant or unable to comply

235–Business Driven Security (BDS)

  Download Presentation

Marshall Toburen
GRC Strategist, Enterprise Risk Management
Dell Technologies (RSA)

Cyber risk is on the minds of all managers and boards today. Unfortunately, Information security professionals struggle to articulate information security risk in terms that their business understands. This leads to precarious problems of not being able to justify needed resources to strengthen the information security program, prioritizing limited resources on the most important problems, or being able to communicate the extent and impact of incidents and breaches when they occur. Business-driven security is an approach to understand, manage, and depict information security risk in context, terms, & manner most efficiently and effectively used by the organization’s business leaders, executive management, & board of directors. This session will provide concrete, proven guidance on how to enable business-driven security using GRC technology and techniques that relate to each functional area of the NIST Cybersecurity framework, with emphasis on its application to recovering from cyber security events.

After completing this session, you will be able to:

  • Differentiate between traditional approach & BDS
  • Deploy principles and techniques of BDS
  • Talk about information security risk in business terms
  • Better justify information regarding security investments & priorities

245–Scaling and Accelerating the Supply of “Workforce Ready” Entry Level Cyber/Risk Professionals to Effectively Respond and Recover from Incidents

  Download Presentation

Dennis O’Connell
Cybersecurity Work Alliance (CWA) Managing Director
IQ4

A breakthrough from combining technology and an industry-formulated curricular means that the workforce pipeline of well-equipped graduates needed in Cybersecurity is no longer restricted by the limited numbers of cyber-trained faculty. CWA virtual-internships “Virtual-Menternships™” massively scale a school’s capacity by bringing the workplace and mentors into the classroom to create job-role experience and workforce-ready candidates in tech-security, compliance and risk. The industry developed curriculum is designed to build experience and identify ideal candidates for the high priority roles needed by employers; i.e. Behavioural Analyst, IT Risk Analyst, Compliance Analyst, Cyber Threat Analyst, and Information Security Officer. The CWA applied experiential learning by leveraging the standards of Essential Skills and the NIST Critical Infrastructure Framework and the National Initiative for Cybersecurity Education (NICE) KSAs, Work Roles, Competencies Taxonomy. These standards are automated on the iQ4 Workforce Risk and Mobility Platform which underpins the CWA community.

After completing this session, you will be able to:

  • Understand how the NIST National Cybersecurity Workforce Framework (NCWF) can be leveraged to develop workforce Competencies Knowledge Skills and Abilities
  • See that scalability via virtual-internships means that, through mentors investing 1-hour per week over 12-weeks, they can develop many more skilled interns/employees far more economically than is achieved via internships on-premises
  • Visualize how the NIST Cybersecurity Workforce Framework (NCWF) is automated and how the common lexicon and framework becomes of increased value to employers, educators, students and regulators/examiners
  • Be aware of the Cybersecurity Workforce Alliance and how to find out more

255–Beyond Technology: 2017, The Year Of The Human Factor

  Download Presentation

Michael Simmons
President and CEO
Benchmark Cybersecurity & Consulting

Although many people view cybersecurity as a “technology” issue, the reality is that 90 – 95% of all cyber incidents are initiated by human interaction. With data breaches increasing exponentially, a common attack vector remains human involvement, either malicious or unintentional misconduct. In this discussion, we will explore the human factor in cybersecurity in a practical discussion that will address all aspects of human involvement in today’s cyber threat landscape and what companies can do to minimize human risk. Technology alone has not proven to be a complete solution to cybersecurity. Only when the human factor is addressed, will cyber resilience be achieved.

After completing this session, you will be able to:

  • Understand why can’t we just rely on technology solutions to deter cyber threats;
  • Learn what are the most common threats exploiting humans and why do they continue to work;
  • Understand that when you look at the human aspect of the cyber threat, what are some situations that set up the user to be a victim;
  • Learn how to create am effective program that incorporates cybersecurity awareness into your corporate DNA; and,
  • Understand how to bridge the chasm between technology and business teams.

Lessons learned:

  • Specific steps to ensure employees are aware of current policies and procedures;
  • Common phishing techniques and how to combat those types of emails;
  • Learn what steps to take if you are compromised by an attack; and,
  • Specific steps to ensure that your employees are not the weakest link in your cybersecurity program.

315–Ransomware Recovery - Part 1

  Download Presentation

Edward McCabe, CISM, CGEIT, CRISC, ISO/IEC 27K1 ISMS LI
Principal Consultant (Co-Founder)
Rendition InfoSec, LLC

You come into the office on a Tuesday morning and you can feel it as soon as you step into the lobby. A sense of panic and dread so thick you can cut it with a knife. As you look towards the main conference room, you can see that is crammed with people. Executive Leadership, IT Staff, Corporate Communications. The voices coming out of the conference room are raised, you can see what looks like a network map drawn haphazardly on the white board. The tone of the throng tells you that tensions are high. As you walk over, you hear the phrase no one wants to hear “Its ransomware.”

In this session, we’ll talk about the evolution of malicious software, tracing the origins to the current incarnation of what we are seeing with Ransomware. Not only will we address the IT impact, but also discuss and cover business considerations in preparation for a ransomware event and how to recover. We’ll review a case studies and how ransomware impacted those organizations and why it is so important to ensure that we are prepared for a ransomware event.


325–Ransomware Recovery - Part 2 

  Download Presentation

Edward McCabe, CISM, CGEIT, CRISC, ISO/IEC 27K1 ISMS LI
Principal Consultant (Co-Founder)
Rendition InfoSec, LLC

You come into the office on a Tuesday morning and you can feel it as soon as you step into the lobby. A sense of panic and dread so thick you can cut it with a knife. As you look towards the main conference room, you can see that is crammed with people. Executive Leadership, IT Staff, Corporate Communications. The voices coming out of the conference room are raised, you can see what looks like a network map drawn haphazardly on the white board. The tone of the throng tells you that tensions are high. As you walk over, you hear the phrase no one wants to hear “Its ransomware.”

In this session, we’ll talk about the evolution of malicious software, tracing the origins to the current incarnation of what we are seeing with Ransomware. Not only will we address the IT impact, but also discuss and cover business considerations in preparation for a ransomware event and how to recover. We’ll review a case studies and how ransomware impacted those organizations and why it is so important to ensure that we are prepared for a ransomware event.


Return to Event Page >>

 

Track 6—Defend

116–Executive Panel: Improving Security Governance for Better Business Outcomes

Moderator

Matt Loeb, CGEIT, FASAE, CAE
CEO
ISACA

 

 

Panelists

The Honorable Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CISSP, CPA
Inspector General, U.S. House of Representatives
Board Chair,
ISACA

 

 

Richard H.L. Marshall, Esq.
Founder and Chairman of the Board, Cinturion Group. Inc.
CEO, X-SES Consultants, LLC

 

 

Dottie Schindlinger
VP/Governance Technology Evangelist
Diligent Corporation

Expanding cyber threats and ongoing digital transformation are placing even greater emphasis on the ability of organizations to effectively and securely leverage technology. How are senior leaders handling their growing responsibility for sound oversight of areas such as cyber security, risk management and business continuity planning? To better understand the issues, attitudes, and actions, ISACA conducted a worldwide survey, the results of which will be analyzed during this executive panel featuring Theresa Grafenstine, ISACA Board Chair and Inspector General at the US House of Representatives; Richard H.L. Marshall, Esq., Founder and Chairman of the Board of Cinturion Group. Inc., and CEO of X-SES Consultants LLC; and Dottie Schindlinger, VP/Governance Technology Evangelist with Diligent Corporation. The panel will be moderated by ISACA CEO Matt Loeb.


126–Cloud Migration 2.0: Securing IaaS

  Download Presentation

Mike Ainsworth
Director of Security Engineering, Public Sector
Skyhigh Networks

The path to the cloud may start with SaaS, but the destination for mature cloud programs is IaaS. Every company is now a software security company. Learn how organizations have overcome the security challenges for custom applications in the cloud.

After completing this session, you will be able to:

  • Identify the security challenges unique to monitoring administrator behavior and auditing IaaS security configurations for vulnerabilities
  • Identify threats, regulatory risks, compliance challenges, and vulnerabilities associated with deploying custom-developed, proprietary applications in public cloud IaaS environments
  • Point to techniques, tools, and architecture for applying critical security capabilities including threat intelligence, activity monitoring, and data loss prevention
  • Enforce internal security and regulatory compliance policies consistently across all applications, whether they are SaaS, IaaS, PaaS, or in the corporate data center

136–Identifying Insider Threats

  Download Presentation

Bethany Larson
US Chief Confidentiality & Privacy Officer
Deloitte & Touche LLP

 

 

Dr. Michael Gelles
Managing Director
Deloitte Consulting, LLP

To prevent and mitigate the risk resulting from insider threats, your organization should focus on a proactive, enterprise-wide and people-centric program. In this session, you will discuss building an insider threat program and enhancing Corporate Culture through a proactive, enterprise-wide and people-centric program that is secure, vigilant and resilient.

After completing this session, you will be able to:

  • Define insider threat and the three drivers of insider threat
  • Detect/identify where change is needed by looking at the art of the possible highlighting specific potential risk indicators/use cases/user behavior analytics
  • Understand the scale of maturity for an insider threat program including current industry trends, leading practices, preventive controls and pitfalls
  • Prevent and mobilize culture change by reviewing these five important success factors:
    1. Communication and impact on change
    2. Policy implementation to shape behavior through compliance
    3. Training
    4. Employee engagement
    5. Using the insider threat working group (ITWG) for change

146–Packet Hour of Power - Become a Packet Hunter!

  Download Presentation

T. Frank Downs
Senior Manager Cyber/Information Security
ISACA

One of the unspoken truths in today’s cyber security industry is that many professionals have never worked in a hands-on way with a packet. Thanks to extensive utilities which provide logs, analytics, and reports about network health and security, many professionals have never felt the need to understand packets on such a low level. However, those security professionals who do understand these basic elements of network communications experience substantial advantages when complex analytic capabilities are unavailable. This session aims to introduce professionals to the packet and show them how to unlock the goldmine of information each one can contain. In one short hour, attendees are taken through a whirlwind tour of a packet capture in Wireshark and shown how to pull key security information from it, resulting in a detailed network topology and characterization of a client.

After attending this session, you will be able to:

  • Basic Wireshark navigation;
  • Packet analysis;
  • Network mapping; and
  • Device characterization

156–From IT Audit to Cybersecurity Audit: Bridging The Gap

  Download Presentation

Keith Brown, CISA, CISSP
IT Audit – Cybersecurity
SunTrust Bank 

In this session we’ll look at ways to bridge the gap between what IT audit looks like today and what cybersecurity-focused auditing may look like tomorrow. From conceptual discussion to real-life examples from the financial services industry, we’ll cover considerations for how to improve on your capabilities, as well as the potential value of your audit engagements to the organization. While we’ll approach this from an audit vantage, the topic is also useful for those cyber-practitioners on the receiving end of audits, so that you may better understand, engage, and anticipate the needs of your auditors.

After completing this session, you should be able to:

  • Recognize common challenges in the performance of cybersecurity-focused audit engagements
  • Identify key changes to common audit methodology you could make to increase the value of your audit results
  • Identify gaps in current capabilities that you should improve upon to better equip yourself for cybersecurity-focused audits
  • Understand the objectives of the auditors (for those practitioners subject to audits

216–Responding to a Targeted Phishing Attack, Part 1

  Download Presentation
Prior to attending, delegates should download the most up to date presentation hosted here. We will provide the password at the beginning of instruction. The file will be posted by Friday AM to download.

Blake J. Darché
CSO & Co-Founder
Area 1 Security

 

 

Michael Zeberlein
Director of Threat Intelligence
Area 1 Security

Phishing attacks continue to represent over 95% of all breaches. They grow in specificity and functionality daily. Employing various methods, attackers tactically target individual users to gain access to their targets for core objectives. In this presentation you will learn to respond to targeted phishing attacks. You will experience first hand analysis of both malware and link based attacks. From the years largest breaches, we cover everything from an attack against a major political campaigns to a fast food chain.

After completing this session, you will be able to:

  • Recognize anomalous traits in emails and attachments
  • Assess their context (Targeted or Criminal)
  • Analyze their technical content and scripts
  • Identify the code logic and intent
  • Unwrap obfuscations
  • Recognize multi-phase exploitation chains
  • Extract IOCs
  • Use tools to perform analysis

NOTE: All students should ensure they have access to a computer where they can look at malicious files without fear of execution. Laptop and VMware Player/Workstation (Windows) or Fusion (Macintosh) required. 16GB disk space required. You will use a provided VM (fully loaded with the necessary tools) in this class to perform in-depth analysis to real phishing attacks and develop mitigation strategies. Please download the VM in advance from the presentation posted.


226–Responding to a Targeted Phishing Attack, Part 2

  Download Presentation
Prior to attending, delegates should download the most up to date presentation hosted here. We will provide the password at the beginning of instruction. The file will be posted by Friday AM to download.

Blake J. Darché
CSO & Co-Founder
Area 1 Security

 

 

Michael Zeberlein
Director of Threat Intelligence
Area 1 Security

Phishing attacks continue to represent over 95% of all breaches. They grow in specificity and functionality daily. Employing various methods, attackers tactically target individual users to gain access to their targets for core objectives. In this presentation you will learn to respond to targeted phishing attacks. You will experience first hand analysis of both malware and link based attacks. From the years largest breaches, we cover everything from an attack against a major political campaigns to a fast food chain.

After completing this session, you will be able to:

  • Recognize anomalous traits in emails and attachments
  • Assess their context (Targeted or Criminal)
  • Analyze their technical content and scripts
  • Identify the code logic and intent
  • Unwrap obfuscations
  • Recognize multi-phase exploitation chains
  • Extract IOCs
  • Use tools to perform analysis

NOTE: All students should ensure they have access to a computer where they can look at malicious files without fear of execution. Laptop and VMware Player/Workstation (Windows) or Fusion (Macintosh) required. 16GB disk space required. You will use a provided VM (fully loaded with the necessary tools) in this class to perform in-depth analysis to real phishing attacks and develop mitigation strategies. Please download the VM in advance from the presentation posted.


236–IoT: Get Ahead of the Curve

  Download Presentation

Pritesh Parekh, CISA, CISM, CRISC
VP, Chief Security Officer
Zuora Inc.

IoT is becoming a major avenue for hackers for the simple reason that vulnerabilities increase and become more impactful when more devices are connected. What systems and processes do security professionals need to put in place to defend against IoT product risk in the not-too-distant future? In this session, we will cover key techniques and defenses against IoT threats by sharing the key security considerations and techniques to build a holistic security program for IoT. This will cover key security themes around infrastructure, authentication & authorization, encryption, compliance, privacy and device security that belong in every stage of the product development life cycle.

After completing this session, you will be able to:

  • Understand the current IoT threat landscape and learn about anticipated future threats. Learn various threats to sensitive, personal data that can impact security and privacy of their consumers
  • Learn tools and techniques used by hackers to compromise IoT devices across multiple device types by watching live demo
  • Gain key strategies for embedding IoT security as part of the product development life cycle to mitigate wide range of IoT threats
  • Understand security considerations and techniques to build a holistic security program for IoT by covering key security themes around infrastructure, authentication & authorization, encryption, compliance, privacy and device security

246–Understanding the Critical Security Controls - Practical Defenses Against Advanced Attacks

  Download Presentation

James Tarala, CISA
Principal Consultant
Enclave Security

Cyber security attacks are evolving so rapidly that it is more difficult than ever to prevent them. In this presentation you will earn specific, proven techniques needed to implement and audit against the CIS Critical Security Controls. They are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.

After completing this session, you will be able to:

  • Understand and apply the philosophies behind the CIS Critical Security Controls to their audit practices and architectures for defense
  • Implement practical, prioritized controls to defend their organization's information systems against all forms of advanced cyber attacks
  • Build comprehensive and prioritized audit programs based on industry standards for cyber defense
  • Understand how to take advantage of real-world, current threat intelligence to select prioritized controls for cyber defense

256–McAfee SIEM Use Cases

  Download Presentation

Richard Hart
SIEM ETS
McAfee

 

 

After completing this session, you will be able to:

  • Know user behaviour
  • Monitor SOC
  • Understand IOC Threat Hunting

316–Prioritize Vulnerabilities in the Cloud

  Download Presentation

Amol Sarwate
Director of Security Research
CloudPassage

In this presentation we will discuss cloud infrastructures and how to prioritize remediation based on exploits kits, attacks and different vulnerability attributes. We will share best practices for improving remediation and reducing risk in the age of vulnerability disclosure overload.

Organizations are expected to protect their assets and users from existing vulnerabilities and from the thousands of new ones disclosed every year. Unfortunately, when it comes to vulnerability remediation many organizations face an excess of cyber-threats and a shortage of InfoSec professionals. IT departments must prioritize remediation, so that they can promptly fix the vulnerabilities that represent the greatest risk to their organization at any given point in time.

After completing this session, you will be able to:

  • Understand how attacks happen in real world
  • Understand Exploits and Vulnerabilities
  • Understand how to prioritize remediation
  • Reduce overall risk

326–New Insights for Assessing Cybersecurity Risk

  Download Presentation

Dr. Charles Harry
Director of Operations
Maryland Global Initiative in Cybersecurity

What cyber security threats are you including in your risk assessment? How easy is it to identify key areas of risk to your enterprise? While standards continue to extol the virtues of risk assessment, the lack of a repeatable and consistent approach for estimating risk presents enormous challenges to separate threats that remain a private problem versus a public concern.

After completing this session, you will be able to:

  • Identify and categorize key exploitive and disruptive risks to your enterprise
  • Exposure to UMD research exploring effects modelling for primary and secondary cyber effects
  • Learn about a new means of measuring the primary effect of disruptive cyber events
  • How to structure risk scores around organizational processes and combine with red team reports in a way that stands out to corporate leadership and policy makers


Return to Event Page >>

 

Track 7—Explore

117–Purposeful Ignorance is No Excuse for Plausible Deniability! Think About It!

Brian Marshall
President
Vanguard Integrity Professionals

Plausible deniability is the ability of people (typically senior officials in a formal or informal chain of command) to deny knowledge of or responsibility for any damnable actions committed by others in an organizational hierarchy because of a lack of evidence or information that can confirm their participation, even if they were aware...

Risk Management, Compliance and IT Departments traditionally struggle to obtain the budgets they need for security. The impact and cost of recent security breaches to major companies; understanding NIST, SOX, PCI-DSS, HIPPA,GLB, GDPR etc. and actions that you as an organization can prevent with certain steps to know sooner than later on non-compliance issues with; these steps will reduce the risk and likelihood that prevent a company suffering a security breach; and understanding how to convey that the cost of non-compliance could and likely would exceed the investment for security.

After completing this session you will be able to:

  • Understand the potential cost of a data breach and the likelihood of a data breach for your organization
  • Understand the potential costs and other penalties associated with non-compliance Approach your company’s decision makers to obtain a budget for security solutions
  • Have a High level understanding of the pertinent regulations from NIST, SOX, PCI-DSS, HIPAA, GLBA and GDPR

127–Cyber Across the Organization: How to Fight it Together

  Download Presentation

Sponsored by Deloitte & Touche LLP

Bradley Mervis
Senior Manager
Deloitte & Touche LLP

 

 

 Sean Choun
Senior IT Program Manager, Internal Audit Department
XL Catlin

How can you effectively manage cyber across your entire organization? “Cyber” is a headlining topic on many boardroom agendas, but getting leaders across the organization on the same page with respect to cyber risk can be quite challenging. Siloed business areas, inconsistent communications between the first, second and third lines of defense, and rapidly changing priorities only exacerbate the issue. A holistic cyber risk program aligns risk, regulation, technology, and governance.

Join in on an invigorating discussion of the benefits of coming together to address cyber risk. We’ll discuss perspectives on how to make this pipe dream a reality by leveraging risk to accelerate performance and raise the bar on cyber risk management. Increase the odds by fighting it together!

After completing this session, you will be able to:

  • Deliver a point of view on the effectiveness of your organization’s cyber risk management program
  • Discuss techniques for cybersecurity alignment across all lines of defense
  • Identify the team to start aligning cyber within the organization
  • Clearly report cybersecurity risks and status across the organization
  • Understand how cyber risk can be used as a driver to elevate the organization

137–Managing IT Risk in a Threat Filled World: Let’s Get Practical

Sponsored by SAI Global

  Download Presentation

Laura Buckley, CISSP, CISA, CRISC
Senior Vice President, Director of Technology Risk & Compliance
Cadence Bank, N.A.

Increasingly complex technology risks threaten assets and processes vital to all levels of the business world. IT risk can result from malicious intent, human error and even compliance regulations. As threats to security become more sophisticated and the use of technology becomes more critical, reliance on a set of security solutions is not sufficient. Approaching IT Risk like any other key business risk is vital to avoiding or minimizing the impact of fraud, data breaches, failures in resiliency and a host of other activities that could result in unwanted expenses, lawsuits and reputational damage.

Every project, purchase and process should have IT Risk Governance woven into it. However, it is often considered an unnecessary inconvenience by those who do not understand its value.

After completing this session, you will be able to:

  • Identify who’s responsible for technology risk in your organization (Hint: It’s not always the person with “Risk” in their job title)
  • Understand the value of self-identified risks and how to use them for your advantage
  • Plan a holistic risk assessment calendar that makes sense
  • Discern the right methodology for the right assessment
  • Understand how to monitor and communicate your IT Risk

147–Bridging the Gap: Measuring and Communicating Risk across the Enterprise

  Download Presentation

Ben Smith
Field Chief Technology Officer (East)
RSA, a Dell Technologies business

Organizations of all sizes today face serious and consequential risk management challenges. Technology is often presented as the ultimate solution to this problem, but in many cases, organizations are experiencing not just a technical challenge, but a *language* challenge when considering the risk management communications between various levels of the organization. Ultimately, our goal is to provide trusted, transparent and aggregated risk data in order to drive more informed, confident and effective business decisions. Frequently, metrics serve as a foundation for how each group attempts to communicate business risk to the other.

But how do we translate operational measurements into meaningful risk metrics for the business? Doing so effectively is essential, because you can't manage what you don't measure.

After completing this session, you will be able to:

  • List some best practices to keep in mind when selecting metrics
  • Determine whether your audience(s) dictates which metrics to select
  • Decide what behaviors are you trying to influence with these metrics
  • Communicate those metrics internally within your organization for maximum impact

157–EU Privacy Update: All About the New Disruptive Regulation, The GDPR

Bénédicte Dambrine
Privacy Counsel
OneTrust

 

 

 


217–Leveraging Container Technology to Better Achieve Compliance

Prasant Vadlamudi
Sr. Manager – Risk Advisory and Assurance Services
Adobe Systems, Inc.

Adobe continues to grow as a business, and scaling up new and existing services in a compliant and more secure way is critical for its growth. One way that Adobe has found to assist with this effort is to leverage container technology to assist with scalability, operational efficiency, and productivity. One of key aspects with hosting service applications on containers is in aligning them with existing security and compliance policies. This is accomplished by leveraging automation to standardize security controls. This session will discuss these key issues and how containers have emerged as part of the solution to these issues.

After completing this session, you will be able to:

  • How scalable container platforms have been built with integrated security control, that help in maintaining compliance.
  • How to best leverage automation to ensure standard security controls for the service applications running on containers.
  • How to make use of a common controls framework to accelerate deployment of compliance controls using containers.

227–Applied Cognitive Security in the Security Operation Center (SOC) to Keep Pace With a Persistent Threat Landscape

  Download Presentation

Vijay Dheap
IBM Master Inventor, Program Director – Cognitive Security
IBM

The problems SOC teams face is that several cognitive tasks need to be performed quickly, consistently, accurately and at scale. In today’s threat environment, given the sophistication and increase in cyber-attacks, security analysts must investigate every incident in 20 minutes or less just to keep up with current alerts, allowing inaccuracies to creep in while they simultaneously navigate and correlate information from multiple sources.

At IBM Security, we have pioneered a cognitive security solution that can learn about security from structured and unstructured information sources. It is then able to apply its knowledge to enrich the context of a security incident, and apply reasoning to assist in qualifying an incident and identifying root cause.

Learn how you can automate insights and uncover hidden threats with a cognitive solution that augments a security analyst to accurately and confidently investigate an incident at speed and scale.

After completing this session, you will be able to:

  • Understand how cognitive solutions can augment a SOC analyst’s investigation
  • Know the latest breakthrough and trends in cognitive technology applied to the cybersecurity landscape
  • Make use of cognitive solutions when investigating incidents in the SOC

237–Employee Awareness: Principles of an Effective Security Awareness Program

  Download Presentation

Gail Ricketts, CISA, CRISC
Sr. Information Security & Risk Analyst
ON Semiconductor

Discuss the underlying assumptions and beliefs, beginning state, strategy, end state, incentives, and messaging of an employee awareness program. We will also discuss what the mission, vision, and goals of a successful awareness program looks like.

After completing this session, you will be able to:

  • Develop an effective and engaging employee awareness program
  • Stimulate and strengthen your employees’ cyber security awareness IQ
  • Identify and document the five “do's” and three “don'ts” of cyber security
  • Ensure your employees are engaged with your program’s goals and recognize that they are your company's greatest asset in preventing a cyber security breach

247–How Machine Learning Can Enhance the Data Classification User Experience

  Download Presentation

Steph Charbonneau
Founder and CTO
TITUS

Learn about the promise – and challenges - of machine learning. Can you really get up and running in 5 minutes? What does machine learning actually mean in the context of data classification, and what does it require in terms of costs, resources, and expertise?

After completing this session, you will be able to:

  • Identify various machine learning approaches and their suitability for data classification
  • Identify some of the limitations of machine learning and how this impacts data classification
  • Explain why supervised learning is the current preferred approach
  • List the benefits of scoping machine learning examples to a targeted group
  • Implement options for machine learning, including open source and Machine Learning as a Service (MLaaS)

257–Hiring: Find the Needle in the Haystack

  Download Presentation

Tammy Moskites
CIO / CISO
Venafi

Good help is hard to find – at least in IT security! With more IT security jobs than people to fill them, how do you find the right people for your team? Discuss ISACA’s 2017 report Current Trends in Workforce Development focusing on IT security workforce trends and get guidance on hiring, retaining, growing, and rewarding your team.

After completing this session, you will be able to:

  • Understand what IT security professionals believe are the most important IT security applicant attributes
  • See where organizations are struggling with hiring, including the time it takes to fill a position, the average number of applicants, the percentage of qualified applicants, and how to use this information to better set internal hiring expectations
  • Know what to look for beyond IT security skills when hiring IT security professionals and why these skills are important within the overall team dynamic
  • Apply experience-tested tips to discover, build, and apply your IT security team’s strengths and how to work with the right people in the organization to support growth

 

Workshops

WS1–Cybersecurity Fundamentals - Session A is SOLD OUT

John Tannahill, CISM, CGEIT, CRISC
Management Consultant
J. Tannahill & Associates

 

 

WS5–Cybersecurity Fundamentals - Session B is SOLD OUT

Jonathan Brandt, CISM, CISSP, CSA+, PMP
Senior Manager of Cybersecurity Exams
ISACA

Cyber security is rapidly evolving and spreading to impact every sector of global commerce and technology. As a result, it is more and more crucial that professionals involved in almost all areas of information systems understand the central concepts that frame and define this increasingly pervasive field. The Cybersecurity Fundamentals Workshop is ideal for information systems professionals wishing to advance their knowledge in or transfer to cyber security, and for recent college/university graduates looking to start a career in this in-demand, fiercely competitive field.

The Cybersecurity Fundamentals Workshop is designed to enhance the knowledge of beginning learners and prepare those who wish to obtain a globally recognized credential for the Cybersecurity Fundamentals Certificate Exam which can be taken online at a later date.

This workshop will cover four key areas of cyber security:

  1. Cyber security architecture principles
  2. Security of networks, systems, applications and data
  3. Incident response
  4. The security implications of the adoption of emerging technologies.

After completing this workshop, you will be able to:

  • Understand basic cyber security concepts and definitions
  • Define network security architecture concepts
  • Recognize malware analysis concepts and methodology
  • Identify computer network defense (CND) and vulnerability assessment tools, including open source tools and their capabilities
  • Explain network systems management principles, models, methods, and tools
  • Distinguish system and application security threats and vulnerabilities
  • Classify types of incidents (categories, responses, and timelines for responses)
  • Outline disaster recovery and business continuity planning
  • Comprehend incident response and handling methodologies
  • Understand security event correlation tools, and how different file types can be used for atypical behavior
  • Be aware of the basic concepts, practices, tools, tactics, techniques, and procedures for processing digital forensic data
  • Recognize new and emerging information technology and information security technologies
  • Identify and communicate business needs for in-house threat intelligence platforms
  • Identify existing repositories of threat intelligence information
  • Understand capabilities and methodologies available to help you create a holistic view of your environment
  • Operationalize data sources for specific business needs

WS2–COBIT 5 for NIST

Mark Thomas, CGEIT, CRISC
President
Escoute

Preview Mark Thomas Here

 

 

As part of the knowledge, tools and guidance provided through the globally respected Cybersecurity Nexus (CSX) program, ISACA has developed a guide and course: Implementing NIST Cybersecurity Framework Using COBIT 5.

This course presents deep insights on the Cybersecurity Framework (CSF), its goals, implementation steps and the ability to apply this information. The course is well-suited for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cyber security program for their enterprises.

Students will learn to understand the goals of the CSF and what it means to align to it, understand the seven CSF implementation steps, and apply and evaluate the steps using COBIT 5.


WS3–Know Thy Enemy

Ted Harrington
Executive Partner
Independent Security Evaluators

Preview Ted Harrington Here

 

 

In his seminal work The Art of War, Sun Tzu advocated that we must “know thy enemy” in order to defeat that enemy. Utilizing a mixture of presentation and group exercise modules, this workshop leverages that mantra, adopting the attacker’s viewpoint in order to understand how to defend. Presented by the elite group of security researchers and consultants widely known as the first company to hack the iPhone, this session examines secure design principles, attack anatomies, and real world case studies from a variety of industries. Notably, this session extracts lessons from recently published security research by the presenters, including the seminal whitepaper Hacking Hospitals, in which it was investigated how hackers could cause patient harm or fatality. Attendees can expect to be challenged to consider a new defense paradigm, and will leave with actionable guidance that can be immediately implemented at their organizations.

After completing this workshop, you will be able to:

  • Identify the different adversary categories, and the characteristics that define them, including motivation, skill level, and access to resources (financial, computational, time)
  • Understand different defense techniques to be used against different adversary types
  • Define asset value
  • Explore the differences between external adversaries and the internal threat
  • Learn what a threat model is, why it is important, and how to build one
  • Analyze the financial implications of varying approaches to security assessment
  • Dissect the anatomies of different breaches in order to extract lessons that can be applied to your own organization
  • Empower executives and other leaders to articulate risk and build effective security programs

WS4–CSX Practitioner Lab Bonanza

T. Frank Downs
Senior Manager Cyber/Information Security
ISACA

 
 

Dustin Brewer
Cybersecurity Platform Engineer
ISACA

The CSX Practitioner Lab Bonanza offers attendees the opportunity to experience all of the labs presented in the one week Bootcamp in two intensive, action-packed days!

ISACA staff instructors and program developers will guide you through these technically advanced, hands-on labs where you will be dissecting typical problem spots, and learning through detailed insight to ensure your comprehension and application upon return to the office so you are better equipped to overcome threats and create competitive advantages for your career and your organization.

By attending this workshop you will find that by being immersed into the CSX P process you will be able to develop a more robust background to meet current a future cyber security challenges and be better prepared to sit for the rigorous demands of the CSX-P certification program.

After completing this workshop, you will be able to:

  • Continue to prepare for the CSX-Practitioner certification course

***Please note, while this course is intended to help provide insights into the rigors of the CSX P Exam, students will still need to prepare for the exam independently following the conclusion of this workshop. Students will have access to these labs for 6 months following this workshop to help facilitate this ongoing exam preparation.

Please note: To fully participate in this workshop, all attendees are required to bring a laptop with an Internet accessible browser.


WS6–IoT + DDoS = Disruptive (Business + Cyber) Risk!

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), Security+, CCSFP, Member of InfraGard (FBI)
CEO
ecfirst

Gartner estimates about 6.4 billion Internet of Things (IoT) devices today, such as DVRs, surveillance cameras, and many others, all connected to the Web and all with Internet (IP) addresses. By 2020, it is expected that the number of Web-connected devices will increase to 20.8 billion.

So, why are these numbers relevant to cyber-security? An IoT fact is that these devices were not designed or developed with security at their core. Further, these devices are typically not configured securely.

As IoT becomes pervasive across industries, including healthcare, financial, and government; organizations, must be prepared for this rising, and disruptive threat. Further, the risk from IoT increases the challenge for addressing compliance mandates associated with sensitive and confidential information.

After completing this workshop, you will be able to:

  • Examine why IoT = Internet of Threats
  • Step through how botnets and DDoS can be disruptive to sites and Web applications
  • Walk thru an IoT Security Policy that addresses key compliance requirements
  • Develop a strategy for addressing such emerging threats in the context of your enterprise cyber security plan

 

Return to Event Page >>

 

Spotlight Education Sessions

SES1–Automated COMPLIANCE on Z/OS

Brian Marshall
President
Vanguard Integrity Professionals

How Multifactor can help you meet Compliance standards such as PCI.

Learning Objectives:

  • Come learn about Multi-Factor Authentication
  • How to meet MFA requirements for the mainframe
  • Learn about the numerous different choices available including; RSA, Yubikey, OATH tokens, Ping, Duo, PIV and Tokenless authentication
  • Technical/Product Detail

SES2–Scaling Control Services Across a Multi-Cloud Enterprise

  Download Presentation

Kenny Scott
Sr. Manager – Risk Advisory & Assurance Services
Adobe

Adobe provides the tools needed to design and deliver exceptional digital experiences. Executing on this vision in a multi-cloud environment requires high levels of creativity and innovation; but it also calls for an enterprise-wide governance program built on carefully designed controls that will scale in diverse, dynamic environments. Looking back on Adobe's successful digital transformation over the last 5 years, we know that creativity and innovation in software does not have to come at the expense of a best-in-class information security and data privacy program.

In this presentation, we will walk through the key aspects of the implementation of the Common Controls Framework (CCF) by Adobe:

  • Establish Effective, Enforceable Standards
  • Develop and Drive Adoption of Simple, Scalable Control Services
  • Automate Audit and Compliance Capabilities

After completing this session, you will be able to:

  • Understand how to Develop Company-wide, Effective and Enforceable Control Standards
  • Understand how to identify control capabilities that can be leveraged across multiple teams and business units
  • Pocket some pragmatic examples of spinning up out-of-the-box compliant services in diverse cloud environments and how to automate audit and compliance capabilities
  • Receive a free copy of the Adobe CCF that maps to SOC2 (Security, Availability) and ISO 27001/27002

SES3–It is all about the DATA!!

  Download Presentation

Fouad Khalil
VP of Compliance
SSH Communications Security

Maintaining authorized access to protected data is a tough challenge to many organizations. Have you considered all types of access into my production environments? The session will shed light on what constitutes "complete access".

Audit, compliance and privacy officials are faced with tough challenges to maintain authorized access to protected data. We strive to implement effective controls that minimize risk and ensure compliance with PCI DSS, SOX, HIPAA, to name a few. This is possible if we have complete visibility into all types of access to ALL environments. What if there exists a type of access that is hidden, privileged and deployed across all production environments? As we expand to the cloud; maintain sanity over the explosion of IoT; ensure true Governance, Risk and Compliance; maintain a solid cybersecurity perimeter and satisfy regulatory requirements and standards specifications - Organizations do not have the bandwidth to maintain and monitor access. During this session, we will cover applicable regulatory requirements and provide a high level understanding of the hidden access gap.

After completing this session, you will be able to:

  • Walk away with an understanding of "Governance for your trusted access". Introduce a new perspective on access most organizations are not aware of or even addressing. A best practice approach to governing all trusted access is also provided.
  • Have a better understanding of the 2017, 2018 and beyond security threats and challenges based on expert opinions and industry best practices. Have a better understanding of what's on the horizon from a regulatory and standards perspective. What are the auditors looking for?
  • Go back to the basic reason for implementing security - "Protect what's important and valuable!" Introduction to the concept of "protected data" and controls necessary to ensure compliance.

SES4–Top Tips for Database Audit and Assessment

  Download Presentation

Sangameswaran Iyer Manikkayam
Manager – System Engineering
Trustwave Canada

As we see from all the historic data breaches, relational databases and big data stores are a prime target for attackers due to the amount of sensitive information residing within, such as customer information, intellectual property and proprietary secrets. Yet many businesses fall victim to database intrusions because of common database flaws. To address their ever-expanding network perimeters that become more porous as they swell, organizations need to push data security deeper. Reducing the risk of compromise and fulfilling compliance requirements requires extending data protection measures all the way through to the database.

In this engaging session, focus would be on the paradigm shift on securing the most important assets of any organization, i.e., the databases, where the valuable data is stored and required for smooth business operations without compromising on security. We would be discussing about Top security issues around Database security and tips on auditing and securing the databases.

After completing this session, you will be able to:

  • How to change your approach in database security auditing and get different results
  • Top Database vulnerabilities and misconfigurations
  • Learn about Database audit checklist
  • How to automate the process to make it repeatable

SES7–Securing Office 365: Your 2017 Action Plan

Gleb Evfarestov
Solutions Engineer
Bitglass

Office 365 quickly taking over the enterprise, with a very compelling value prop: Bring cloud-based productivity tools under the company’s security umbrella so that people can work the way they want to, without sending sensitive company data astray. The idea that you can simply shift responsibility for your company’s data security to Microsoft, however, couldn’t be further from the truth. This session will focus on how peer organizations are using technologies like Cloud Access Security Brokers, together with Office 365’s built-in security functionality, to help you develop a comprehensive action plan for 2017.

After completing this session, you will be able to:

  • Understand the benefits of CASB
  • Develop a comprehensive action plan for 2018
  • Secure your office 365

SES8–Beyond Scoring: A Humanistic Approach to Vendor Risk Management

  Download Presentation

Carlos Krause, CISSP
VP, Professional Services, IT GRC & Digital Risk
SAI Global

Companies can have a difficult time mitigating, detecting and minimizing risks associated with third parties that have access to their sensitive or confidential information. An integrated VRM assessment solution that goes beyond standard vendor scoring through onsite interviews and an extensive questionnaire provides greater visibility and security to improve vendor profiles.

During this session, you’ll hear from Carlos Krause, an expert in information security, as he explains the criticality of an integrated approach to Vendor Risk Management that will help you uncover your organization’s 3rd party security posture and bring the human element into the valuation process.

After completing this session, you will be able to:

  • Understand the need for an holistic approach to VRM
  • Identify gaps in current VRM programs
  • Value the investment of expanding due diligence efforts

SES9–Securely Super-Power Your Organization’s Digital Transformation

  Download Presentation

Nir Carmel
Program Director, WW Offering Manager
IBM Data Security - Guardium, Encryption, ISKLM

Recent research indicates that more than 75% of companies have mandates to move to the Cloud, expand their consumer infrastructures and/or incorporate IoT into their security programs. At IBM, we refer to this phenomenon as Digital Transformation.

However, business reality is that all of the expanding technological infrastructure needs to be protected from potential data breaches, which takes significant time and money for you to do effectively. How do you prevent IT Security from becoming a roadblock to rapid technological growth?

Join seasoned IT Security professional Nir Carmel, as he educates you about how you can securely make the Digital Transformation leap.

After completing this session, you will be able to:

  • Simplify and unify IT security protection across your organization.
  • Keep the IT transformation train chugging forward, while complying with the growing array of government regulations and industry mandates.
  • Stay ahead of your competition by accelerating business innovation.

Space is limited, so register now.

 

Innovation Stage

IN1–The Rise of Ransomware and Human Sensors | Sponsored by PhishMe

  Download Presentation

Jeffrey Fleischer
Director of Sales
PhishMe

Jeff will demonstrate some Ransomware techniques and patterns that have been successful in penetrating networks undetected. He will also provide insight on how organizations can best posture to quickly identify these attacks and help prevent breaches.

This session will cover:

  • Ransomware Trends
  • Threat Actor Tactics
  • Maximize resiliency with pro-active detection
  • Leverage true awareness

IN2–Automating Technical Control Assessment | Sponsored by Qualys

Mark Holub
Security Solutions Architect, Policy Compliance
Qualys

As enterprises face pressure from recent security attacks and growing compliance requirements, organizations are looking for ways to determine if technical controls are in place and how to assess the current state of those technical controls. Mark Holub offers insights on what companies should be focused on as well as tools and strategies to automate technical control assessments. Using real world examples and forward-looking principles, Mark will equip IT and audit departments to stay in touch with their security posture.

After completing this session you will be able to:

  • Learn why it is important to automate technical control assessments
  • Learn about technical controls that need to be covered for desktop, server, database, and network technologies
  • Learn why it is important to focus on compliance targets beyond traditional targets

IN3–The NIST RMF ain’t just for Feds | Sponsored by Telos Corporation

  Download Presentation

Richard P. Tracy
Senior Vice President, Chief Security Officer
Telos Corporation

The NIST Risk Management Framework (RMF), which was originally designed for Federal agency use, is of increasing interest to non-Federal organizations as well. The robust nature of the RMF and underlying 800-53 controls can also be used to demonstrate a standard of due care, improve risk posture, and address regulatory requirements. Enjoy this showcase of the new Xacta 360 solution from Telos Corporation, which operationalizes the entire NIST Risk Management Framework and can be used to easily satisfy other information and cyber security standards. Understand how Xacta 360 can be used to accelerate RMF implementation and satisfy overlapping regulatory requirements using such cutting edge features as Adaptive Controls Mapping and Advanced Inheritance in a continuous manner – on prem, in cloud, or both (hybrid)..

After completing this session you will be able to:

  • Understand the unique benefits of the NIST RMF and NIST CSF
  • Grasp relationships between NIST controls and regulatory requirements
  • Understand how automation can be used to more quickly implement the RMF and Satisfy regulatory requirements
  • See how the RMF can benefit you from the perspective of Governance and Standard of Due care.

IN5–Industry Trends and Best Practices in Third Party Governance | Sponsored by RSA Security

  Download Presentation

Marshall Toburen
GRC Strategist, Enterprise Risk Management
Dell Technologies (RSA)

Organizations are becoming increasingly reliant on third party relationships. Amid the benefits of outsourcing, there lies significant risk. Simply stated, responsibility and liability cannot be outsourced. Organizations are faced with taking steps to ensure vendor compliance and mitigate risk. Join us for this quick presentation to review current key best practices and trends in third party governance.

After completing this session you will be able to:

  • Overview of risks that emerge from third party relationships
  • Approach taken by leading organizations to manage third party-risk on a holistic basis and benefits there from
  • Challenges faced by information security professionals around third party risk and emerging techniques to address these challenges

IN6–Preparing for Revised NIST Cybersecurity, Privacy, and Risk Management Standards | Sponsored by Grant Thornton

  Download Presentation

David Simprini
Principal
Grant Thornton

With the continuously evolving landscape of cyber, privacy, and IT security threats, the National Institute of Standards and Technology (NIST) continues to enhance and improve its frameworks, methodologies, overlays, and baselines to secure critical data in both the public and commercial sectors. This briefing will provide an overview of the upcoming revisions to three of NIST’s foundational control frameworks and how companies and government agencies can prepare for these changes.

After completing this session you will be able to understand:

  • Key enhancements and changes expected in the following NIST frameworks:
    • NIST Special Publication 800-53, rev 5, Security and Privacy Controls for Information Systems and Organizations
    • NIST Special Publication 800-37, rev 2, Guide for Applying the Risk Management Framework to Federal Information Systems
    • NIST Cyber Security Framework (CSF), version 1.1
  • Critical actions that agencies should consider to prepare for NIST framework revisions
  • The interrelationship of all three frameworks and how they complement each other from a holistic, end-to-end security perspective.

IN7–Hunting Modern Malware – The Latest Techniques | Sponsored by EventTracker

  Download Presentation

A.N. Ananth
CEO
EventTracker

The threatscape is evolving rapidly, but many IT security heads and admins are so busy managing operations and ensuring the company's ongoing security efforts that they miss key indicators that their network has been compromised.

As malware and ransomware attacks continue to advance and increase, it has become crucial for enterprises to be able to assess and detect digital threat incidents quickly and easily for the security of their infrastructures.

This session will cover:

  • How modern malware and ransomware, such as WannaCry and Petya, enter and spread through your network
  • Best methods of detecting malware and finding hidden copies (polymorphic, mutating or dormant malware hunting)
  • What to do after you’ve detected a potential attack
  • Tools to consider to improve threat detection

The emphasis is on practical approaches that can be quickly implemented and provide a quick win.

 

Events

Cyber Challenge

SE1–CSX Cyber Challenge: Master’s Class

 CSX Cyber Challenge 2017 – About

Tuesday, 3 October 2017 | 10:00AM – 12:15PM
Join Hector Monsegur in a Capture-the-flag style network assessment and network defense competition tutorial. Train to play capture-the-flag (CTF) for the first time! Includes remote access to a practice environment two weeks before and after the event when you register! True beginners can learn how to access the virtual competition environment, and get step-by-step guidance on how to play a traditional capture-the-flag-style, network assessment and network defense game. Attendees will also learn the importance of cyber games in the advancement of hands-on technical skills. Bonus targets will be incorporated for the chance to win prizes!

Exhibit Hall A - Lower Level


SE2–CSX Cyber Challenge Competition

 CSX Cyber Challenge 2017 – About

Tuesday, 3 October 2017 | 1:45PM – 5:15PM
Practice and play for prizes! All CSX Conference attendees who are first-time or experienced players looking to train in Capture-the-Flag, practice new skills to build a resume/CV or improve their abilities in a live environment are welcome to join. Prizes will be awarded for capturing bonus targets, as well as for players with the 1st, 2nd, and 3rd highest points accumulated by the end of the game.

CSX Cyber Challenge games provide you with a great opportunity to try out new tools, scripts, techniques, and exploits in a controlled, low risk environment. During the games, all player names will remain publicly anonymous. Competitors will be assigned a hash and icon at the beginning of the session. These will appear on the scoreboard as players accumulate points. Also, the target environments are made up of a variety of operating systems and applications—giving participants a wide range of opportunities to exercise existing skills or learn new ones.

Exhibit Hall A - Lower Level


Welcome Reception

Sunday, 1 October 2017 | 5:30PM – 6:30PM
Come connect with your industry peers as we toast to the start of the conference and enjoy complimentary beverages and light hors d’oeuvres. Registration for the conference will be open during this time as well, so plan to stop by and pick up your badge and materials and skip the rush the next morning!


Networking Reception in the Innovation Exchange

Monday 2 October 2017 | 5:15PM – 7:15PM
Join us for this exciting opportunity to network with other IS/IT professionals and learn more about current and emerging solutions within the industry. Enjoy complimentary hors d’oeuvres and beverages provided by ISACA as you network throughout this engaging event. Don’t miss this special attendee benefit!


SheLeadsTech™:  The Benefits of a Diverse Workforce

SheLeadsTechTuesday, 3 October 2017 | 6:00PM – 8:30PM
Doors open at 6PM
6:15 – 7:30: Discussion
7:30 – 8:30: Networking

Join us for a discussion, “The Benefits of a Diverse Workforce”. Our panelists will talk about their own experiences as women in tech and ways they have seen companies benefit from a diverse workforce. The panelists come from a variety of backgrounds including government, global and local, and private sector, and will lend their own perspective to the conversation.

Moderator:

Tammy Moskites
CIO / CISO
Venafi

 

 

Panelists:

Sarah Abedin
Senior Managing Consultant
IBM

 

 

Theresa Grafenstine
Inspector General
U.S. House of Representatives

 

 

Lisa Mascolo
Managing Director
IBM

 

 

Marianne A. Azer
Member
Egyptian Parliament

 

 

Linda Kostic
Business Line Risk Officer

 

 

 


Washington after Dark

Monday, 2 October – departure 7:15PM from Hotel (sunset 6:48PM)!

Aboard your luxury motor coach, your licensed tour guide will share fascinating facts on Washington DC’s beautifully illuminated monuments and landmarks.

In this all-encompassing night tour of Washington, you will pass such sights as the White House, the U.S. Capitol Building, the Old Post Office Building, the Washington Monument, the World War II and Jefferson Memorial, the Smithsonian Museums, and the Tidal Basin. You will circle the Iwo Jima Memorial and then make a stop at the Lincoln Memorial where you can enjoy the stunning views of the National Mall and Potomac River – and take a great photo to memorialize the occasion with friends you’ve already made on this tour! You will also be able to visit the Vietnam and Korean War Memorials which are just a short walk from the Lincoln Memorial. Grab a beverage or snack before you leave the Hotel – make sure your phone or camera has a full charge and your memory card is empty – and let’s go see these stunning sights!

Cost is $50/person based on a minimum of 40 guests confirmed prior to Monday, 25 September. Tour will occur rain or moonlight, provided minimum attendance is secured by this date.

Register Now!


Return to Event Page >>