CSX North America Presentations and Descriptions 

 

Essential
Sessions beneficial to all delegates.

Depth
Sessions shall be deep dives into a topic. These sessions require participants already possess foundational/working knowledge of the topic to maximize session effectiveness. Sessions may also cover new tactics and/or techniques within a topic area.


 

Track 1—Identify

111–The Art of Performing Risk Assessments

Ali Pabrai
CEO
Ecfirst

How do you know what to prepare for in your industry? Risks are rising, and continue to do so: 48% of breaches in the financial industry are the result of Web application attacks, while 34% are the result of DDoS attacks. A risk assessment exercise must be comprehensive and thorough. The results from a robust risk assessment exercise establishes the foundation for a credible cyber security program.

After completing this session, you will be able to:

  • Better understand what constitutes a thorough and comprehensive risk assessment exercise: What are core components of such an exercise? What should the scope & schedule be for such an exercise? What are compliance & industry mandates?
  • Learn how to integrate a technical vulnerability assessment and penetration test within the scope of a risk assessment plan
  • Experience walking through a sample risk assessment report to better understand and communicate key sections such as a Corrective Action Plan (CAP) to your team and leadership

121–A 180 View of the Cybersecurity Kill Chain

William Crowe, CISA, CISM, CRISC
IT Security Manager
Citizens Property Insurance Corp

Newton's law describes "for every action there is an equal and opposite reaction", the 180-degree view of the ISACA Cyber Security Kill Chain identifies in each phase an equal and opposite reaction. Once we have identified the "view" we then look at the risks posed. Where are they in the Cyber Security kill chain; how do they affect my organization and, are they critical or low-risk? Preventative measures will be discussed as outlined in the Cyber Security Fundamentals study guide.

After completing this session, you will be able to:

  • Identify phases of the Cyber Security kill chain
  • Discuss the opposite action (180-degree view) of the Cyber Security kill chain
  • Discuss the risks posed by the 180-degree view of the ISACA Cyber Security kill chain
  • Describe preventative measures that can be put in place

131–Covering Your Ass(ets) – Effective Data Classification

Reg Harnish, CISA, CISM
Chief Security Strategist
GreyCastle Security

Abraham Lincoln said, "if I had 6 hours to chop down a tree, I'd spend the first 4 sharpening the axe." If you're implementing security controls before classifying your assets, you're swinging a dull axe! Data classification is often an afterthought or skipped altogether. Join GreyCastle Security as we explore the barriers to classification, demystify the process and demonstrate how classification can save organizations’ time, money and energy.

After completing this session, you will be able to:

  • Correctly classify and rank assets
  • Gain efficiencies in classifying assets and data to save time
  • Classify data - therefore mitigating risks
  • Have a comprehensive policy implemented at your company

141–Threat-Centric Vulnerability Management

Kevin Flynn
Director of Product Marketing
Skybox Security

Monetarily-motivated attacks are by far the most prevalent cyberthreat to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. Learn how distributed cybercrime is forcing a rethink in vulnerability management and see how a threat-centric approach improves prioritization based on exploits in the real world, powering imminent threat response as well as gradual risk reduction.

After completing this session, you will be able to:

  • Gauge the attack-preparedness of your organization: the success of vulnerability management programs will be based on ability to combine security operations, analytics and reporting (SOAR) data with real-world threat intelligence
  • Augment gradual risk reduction with imminent threat elimination: impactful vulnerability management programs continually target a certain percent of their known vulnerabilities while prioritizing those exploited in the wild for immediate remediation
  • Systematically reduce the attack surface: vulnerabilities with available or active exploits pose the greatest risk for attacks; having processes in place to continuously root out such vulnerabilities will give have major impacts on security status
  • Mature your security program: the threat-centric approach provides the needed intelligence to focus limited resources where they will have the most impact, improving efficiency as well as security

151–Best Practices for Proactive IT Governance

Berk Algan, CISA, CGEIT, CRISC
Director, IT Governance
Silicon Valley Bank

In this session, learn how this innovative banking institution evolved their IT Governance Framework from a reactive firefighting mode to a proactive risk-based approach. A review of key components of their framework with real-life examples will also provide attendees with take-away templates and documents which can be leveraged upon your return to your own organization.

After completing this session, you will be able to:

  • Learn about a practical approach to creating an IT Governance framework
  • Understand the cornerstones of a proactive First Line of Defense model
  • Gain tools and knowledge to build an effective IT Governance framework and a proactive First Line of Defense model
  • Learn how to avoid common pitfalls when implementing proactive First Line of Defense model

211–Building Security in the Startup Culture

Ryan Kelch, CISM
Security Engineering Manager
Nighthawk Group, Inc.

Building an information security program in any organization is hard. Now, imagine trying to sell it to an organization who firmly believes that they don't want it just because it will change their core culture. Impossible? No. Building a new security organization in the startup world takes finesse strategy, support, and a lot of patience. Learn how to talk the language of engineers and scientists, and be able to connect with leadership to tap into the heartbeat of the company to create change by thinking differently about building security. Learn what it takes!

After completing this session, you will be able to:

• Understand why building a security team in a startup is harder than building one in a more traditional organization
• Identify the best parts of the organizations to build relationships with for support and initial identification of issues
• Understand challenges of performing risk assessments in a non-traditional technology landscape with staff who are highly intelligent and likely to challenge you at every turn
• Understand high-level concepts that go into building a long-term strategy for developing an information security organization in a startup culture


221–Understanding the Risks of Smart Cities

Eduardo Cabrera
Chief Cybersecurity Officer
Trend Micro

As the urban population around the world continues to rise, both public and private sectors have begun investing in smart technologies to improve efficiency. Research reveals vulnerabilities that organizations must be aware of when developing or simply doing business in smart cities whose complex attack surfaces include both devices and critical infrastructure. Hear results from recent research on the exposed assets in the 10 largest U.S. cities and reveal the various vulnerabilities that governments, public companies, citizens and tech leaders must be aware of while gaining best practices and recommendations on how to secure data and devices.

After completing this session, you will be able to:

  • Understand the steps you can take to secure company data in an age of smart cities.
  • Learn to secure devices with in your home and work using network segmentation, data classification, and other techniques.
  • Understand smart city vulnerabilities that can affect your organization, including data in cloud servers, mobile app ecosystems, data transfers and more
  • Learn how to minimize the risk of critical infrastructure from attacks.

231–Where Cybersecurity Strategy (Risk Management) and Practical Deployment Meet

Peter Allor
Sr Security Strategist
IBM

A Risk-based Strategy is in great demand for all organizations, but how do you formulate a risk approach that can realize a practical deployment? Are there practical examples of how to do this and can you use them to be effective in stopping the wide array of threats facing your organization? Where do you start and what tools and customized frameworks can help you to move beyond compliance to a Risk-based strategy that your management understands and supports? Take it past just a strategy and risk approach to a practical reality.

After completing this session, you will be able to:

  • Learn about Risk-based Strategy.
  • Understand how you formulate a risk approach that can realize a practical deployment
  • Learn where you start & what tools can help with risk based strategy
  • Learn to get past strategy and to the practical reality

241–Company Risk Management w/IT Supply Chain

Carlos Carrion Rodriguez
IT and ERP Advisor
Caribbean Investment Partners SRL

 

 

Ana Martinez
Accounting Advisor
Caribbean Investment Partners

The performance of the IT supply chain can be affected by adverse events entering the system and affecting all exchanges of products, services and information between actors as a supply chain network. The management of these events is known as Supply Chain Risk Management (SCRM) which is defined as a collaborative set of tools for dealing with risk and uncertainty caused by, or having an impact on the activities, logistical, resources in holistic manner. In this context, it is important to study the influences of these actors to each other, their strategies, their convergences and divergences of objectives and their balance of power to a better risk management. The purpose of this paper is to apply MICMAC, MACTOR (Matrix of Alliances and Conflicts: Tactics, Objectives and Recommendations) and Analysis Hierarchy Process AHP. Then, actors' convergences and divergences towards a number of issues and objectives associated with risk management are analyzed. Therefore, the most suitable risk mitigation strategies for each supply actor and objectives are constructed.

Through mitigation strategies risk according to the type of business established to achieve the objectives previously determined by Micmac, actors through MACTOR, and risk assessment with AHP, subject to the COBIT standard, is standardize and project security to all involved and engage with the company, including to implement and tracking using Balanced Score Card, not only with Risk Matrix. Identify as COBIT Risk Standard works with Risk Management and IT Tools for identification, assessment, implementation and tracking the results in order to minimize the risks and get the objectives evaluated.

Induct with practical exercises using Micmac, MACTOR, AHP, Risk Matrix, Data Mining, Dendrograms, Picalo and Balanced Scorecard for effective and evidencable Risk Management in the supply chain of IT services to the company

Plenament clarify the parameters and naming risks for the enterprise IT environment, such as Occurrence, Impact, Consequence, Attitude, Aptitude, relevance, and others of the COBIT standard for application software.

Knowing applications of the Micmac to establish the consolidation of influence and dependence between all variables and ways of thinking about some topic to analyze with unlimited amount and level of participants.

After completing this session, you will be able to:

  • Apply in data analysis or Auditing the Segmentation of large amount of data to establish behaviors, groups or trends cases derived from information using high level software, with the Dendrograms
  • Understand the methods and techniques of data segmentation (clustering) to interpret levels of convergence or divergence based on facts provided by the data that can be large and to interpret the Dendrograms
  • Compare and contrast the steps and tools of data segmentation methods according to the nature of its origin and objectives of the study that belong, compared with Dendrograms and the R-system software and the MS Excel Add-In
  • Understand the importance of Dendrograms types, as performed and interpreted with R-system software and the incorporating Dendrograms by Microsoft in Add-in UNISTAT Excel with spreadsheets, ideal for Auditor

251–Cybersecurity: Getting the Business Engaged

Allan Boardman, CISA, CISM, CGEIT, CRISC
Director, Business Information Security Officer
GlaxoSmithKline (GSK)

Business executives need help in understanding that cyber security is critical to their business operations and that it can no longer be regarded as solely an IT issue. This presentation will provide a practical approach cyber professionals can follow to help their businesses understand and have better context and knowledge of the cyber related risks within their enterprises. Based on a case study, you will step through a staged process in a workshop format which you can then use afterward to help your businesses risk assess the cyber threats to your most critical information assets. This will cover identification of the most critical information assets, assessing the main threats and attack scenarios, risk assessing the scenarios to determine the appropriate controls, exploring the processes and controls currently in place, identifying the main gaps and, agreeing action plans to remediate the control deficiencies.

After completing this session, you will be able to:

  • Understand and appreciate some of the key challenges the businesses face in trying to manage cyber threats
  • Adopt a structured approach to helping the business identify cyber threats and risk scenarios applicable to their own businesses
  • Follow a risk based approach to managing cyber security from a business perspective
  • Be armed with more effective tools and best practices to engage with their businesses on cyber security and follow a business-driven security strategy

311–Developing Next-Gen Cyber Professionals

Ronald Woerner, CISM
Senior Cyber Security Architect
Bellevue University

We need more people with cyber smart skills, but many aren't educated on the underlying security and technologies. How will we develop them? As the US CyberPatriot cyber security competition mentor of the year, Professor Woerner will talk about his experiences in coaching hundreds of high school and college students in information technology and security. This esteemed educator will show you tips, tricks and techniques for teaching security for all levels of students and employees. This session explains through stories, case studies and demonstrations why and how these this future workforce needs to learn these skills in a fun and ethical way, through hacking, games, and competitions. Let's work together to raise the next generation of cyber warriors!

After completing this session, you will be able to:

  • Analyze solutions for teaching, mentoring, and coaching all levels of students in cyber security technologies and practices
  • Employ concrete ways for advancing the cyber security workforce to meet today's and tomorrow’s needs using hacking, games, and competitions
  • Identify opportunities for the cyber security workforce to balance their IT investments and maintain support for a robust cyber defense capability
  • Better invest in human capital with relevant cyber security training and education

321–Red Team Assessment - How to Get Started

James Bothe
Director of Operations
Coordinated Response

 

 

James Meyer, CISM, CRISC
Managing Director
Coordinated Response

This session presents a red team methodology based on the Sandia National Laboratories’ Information Design Assurance Red Team (IDART™) and the Institute for Security and Open Methodologies’ (ISECOM) Open Source Security Testing Methodology Manual Version 3 (OSSTMM). IDART provides a high-level approach to the development and implementation of a Red Team exercise. OSSTMM provides a detailed, granular framework that complements the IDART approach. This session identifies missing details or gaps in IDART that are addressed by OSSTMM. Throughout, a Red Team exercise will be discussed. Rules of engagement for the exercise will be developed with input from the audience along with the details of the Red Team test plan. A copy of the Red Team Development Methodology has been uploaded for attendees to have access to this document, along with the electronic version of the presentation.

After completing this session, you will be able to:

  • Discuss the challenges and benefits of using Red Team testing as part of a Cybersecurity assessment program
  • Recognize the challenges and sensitivities of Red Team testing
  • Describe the rules of engagement for a Red Team test including their development and review
  • Determine when to deploy a Red Team and whether to use an internal team or engage a third party


Return to Event Page >>

 

Track 2—Protect

112–Internet of Things (IoT): Privacy, Security and Regulation

Salar Atrizadeh, Esq.
Attorney at Law
Law Offices of Salar Atrizadeh

Concerned about the legal aspects of what is connecting to what – and where your organization may be liable? This session will discuss the important legal facts of IoT, big data and related challenges through discussion, data and statistics review, as well as analyzation of various court cases and relevant state, federal, or international laws.

After completing this session, you will be able to:

  • Understand major security concerns associated with IoT and how data security is affected by this technology
  • Gain a better understanding for the common reasons of network breaches, including: Hackers, Malware, Network breach (e.g., DoS/DDoS/PDoS attacks), Malicious insider (e.g., disgruntled employee), or Mobile devices (e.g., BYOD)
  • Better understand legal aspects regarding IoT; how is privacy affected by using this technology and how is security is being affected by this technology
  • Learn which governmental agencies regulate this technology, what are applicable rules and regulations and, what differentiates North America from Europe in regard to government rules and regulations
  • Better anticipate what legal aspects you should be concerned about in the future

122–Encryption: Policy to Practice

Ali Pabrai
CEO
Ecfirst

Firewall systems are the first line of defense. Encryption is the last line of defense. In between these two lines of defense, businesses deploy a multitude of security controls to prevent unauthorized access and tenacious attacks. How prepared is your organization to reduce the risk associated with breaches and non-compliance with security mandates? Encryption is one of several dozens of possible security controls. Serious thought must be expended in understanding options to ensure encryption capabilities are appropriately implemented consistently across your enterprise.

After completing this session, you will be able to:

  • Examine encryption mandates defined in HIPAA Security, HITECH Act, PCI DSS, State regulations and more
  • Review specific areas that encryption can have a significant impact in lowering enterprise risk, while improving compliance posture.
  • Step through core elements of an encryption policy to address both at rest and in motion requirements.
  • Understand how to simplify the use of encryption in your organization, and do so consistently

132–Cyber Terrorism - Real Threats Exist

David Darnell, CISA, CISM
CEO
Systrends

State supported teams of “bad actors” have developed cyber threats and cyber weapons to successfully challenge the defenses of any nation’s critical infrastructure. This presentation will analyze and show details of the current top cyber threats and vulnerabilities that are enabling cyber crime & cyber terrorism. In addition, a review of possible best defenses along with disaster preparedness will be presented, including case study analysis about protecting the power grid and the welfare of key personnel.

After completing this session, you will be able to:

  • Describe and have a better awareness of power grid cyber threats
  • Describe cyber terrorism threats & "kill lists"
  • Explain possible defenses to cyber terrorism
  • Better understand and explain disaster preparedness for cyber terrorism

142–Data Loss Prevention Program

Aravindan Ganesan, CISA, CISM, CRISC
Consultant

Recent public security breaches have severely impacted brand images and revenue of the companies involved. It isn’t easy, but one of the best security solutions is to implement a carefully analyzed, planned and on-going data loss prevention and employee awareness program to avoid any data leakages and security breaches.

After completing this session, you will be able to:

  • Know better how to use one of the best ways of preventing security breaches
  • Learn various methods to identify sensitive and confidential data
  • Understand concepts of data loss prevention and several modules of data loss prevention, including data-at rest, data in use and data in transit
  • Prevent or block hackers or users copying or sending confidential and sensitive information outside your corporate network

152–Sex, Lies and Mobile Devices

Reg Harnish, CISA, CISM
Chief Security Strategist
GreyCastle Security

The device in your pocket has become the Big Brother we always feared and you agreed to it. Join GreyCastle Security as we demystify the security and privacy risks of your smartphone and provide practical tips for dealing with this new phenomenon.

After completing this session, you will be able to:

  • Create effective BYOD policies for your company
  • Understand risks associated with mobile devices
  • Understand what exactly you agreed to with devices
  • Understand how to better train employees when it comes to mobile device usage

212–Trends in Cyber-Law 2017

David M. Adler, Esq.
President
Adler Law Group

Intellectual Property rights (copyright, patent, trademark, trade secrets) and information technology systems each play a crucial role in business competitiveness. In order to realize the full potential of a company’s intangible business assets, it is necessary to be able to identify, locate and safeguard their disclosure and use. Cyber Security plays a crucial role in managing these internal and external business and legal risks. This “Hot Topics” discussion is a snapshot of developments in law, policy, regulation and court cases focusing on privacy and civil liberties, identity, cyber-conflict, IoT, standards, corporate structuring and the international technology marketplace.

After completing this session, you will be able to:

  • Understand how developments in smart home devices are creating new cyber security challenges
  • Learn how changes in regulatory agency policies and personnel are creating new privacy risks and opportunities
  • Identify new legal cases affecting business operations
  • Recognize new business and legal risks in relationships with customers and vendors and, implement changes to mitigate such risks

222–Under the Unfluence - Dark Side of Hacking

Ronald Woerner, CISM
Senior Cyber Security Architect
Bellevue University

People are the easiest hack. This session explains how malicious hackers influence or (or, “ unfluence”) their victims using social engineering to bypass security controls. This topic is often overlooked within both physical and information security programs, but you cannot effectively manage security without understanding people. Security professionals should understand how and where human hacking happens, so they can detect, deter, and prevent it.

After completing this session, you will be able to:

  • Identify how human hackers use psychology and persuasion methods for bypassing technical and non-technical security controls
  • Integrate simple techniques to protect, detect, and defeat social engineering techniques both on-line and in real life
  • Assess risks associated with human vulnerabilities in order to better introduce and manage compliance and governance within the business infrastructure
  • Develop and deliver simple and effective security awareness campaigns to address human hacking

232–Blockchain, Transforming Cybersecurity

Gerard Dache
President
Common Sense Solutions

According to Forbes Magazine, the blockchain will transform everything from banking to government to our identities. The blockchain increase security by reducing identity theft, preventing data tampering, and preventing denial of service attacks.

After completing this session, you will be able to:

  • Discuss how blockchain technology addresses protecting identities
  • Recognize how blockchain technology addresses protecting data integrity
  • Identify how blockchain technology addresses protecting critical infrastructure
  • Develop a plan to integrate Blockchain technology into a cyber security program

242–Digital Certificates—Next Black Market

Tim Bedard
Director, Digital Trust Analytics
Venafi

All businesses and governments rely on digital certificates—in datacenters, on desktops, on mobile and IoT devices, and in the cloud. The new digital certificate black market is undermining our cyber security foundation. If secured, certificates can still be effective in protecting communications, commerce, critical systems and data, and mobile and user access. This session will include survey results on enterprise digital certificate usage and growth while stepping through a couple of attack reconstructions to learn how rogue and stolen SSL/TLS, mobile and user certificates are being used to undermine security. Guidelines will be provided on how to protect, detect, and respond to these attacks and improve the effectiveness of your other security controls.

After completing this session, you will be able to:

  • Know the different digital certificate use cases for encryption and authentication to have a holistic view of the attack surface and potential exposure
  • Understand how certifications are misused in attacks based on reconstructions of real-world attacks
  • Fix policies and processes to mitigate certificate vulnerabilities
  • Increase efficiency of existing security controls by improving and integrating certificate management

252–Top 7 Security Solutions for PCI DSS

Aravindan Ganesan, CISA, CISM, CRISC
Consultant

PCI DSS standards affect financial institutions, healthcare providers, transportation service providers, the food and hospitality industry, & payment service providers, among many others. For many organizations, achieving and maintaining PCI compliance requirements can be challenging and time-consuming.

After completing this session, you will be able to:

  • Use best methods to prevent security breaches
  • Know how to secure the systems and reduce the scope of the PCI DSS requirements
  • Protect a Merchant or Service Provider’s image and reputation
  • Have peace of mind regarding PCI DSS compliance

312–Sprinting to Cybersecurity in 30 Days

Bryan Murphy
Director - Consulting Services, Americas
CyberArk

Regaining control of privileged credentials is a top priority for breached organizations. Cyber attackers often use simple attacks like phishing emails to compromise privileged credentials, turning end-point malware infections into attacks on a businesses’ critical assets and sensitive information. Based on lessons learned from actual data breaches at Global 1000 organizations, this session will: walk attendees through the common attacks their organization could face; share insights gained from rebuilding IT controls in a post-breach environment; provide a framework for applying the same controls that could have prevented the breach in 30-days or less. Attendees will also receive a framework to implement the most important steps security teams should take over a 30-day period to drive a proactive, measurable security program that prioritizes the first actions in a post-breach environment – securing privileged credentials and rebuilding trust in their IT infrastructure.

After completing this session, you will be able to:

  • Apply the specific lessons organizations learned from actual data breaches
  • Gain an understanding of the full scope of privileged-account related risks and how susceptible the participant’s organization may be
  • Sharpen your knowledge of the cyber-attack techniques used against major organizations, and how to explain these techniques – and the company’s corresponding security strategy – to executives and stakeholders
  • Assess the cyber-risks your organization is facing, determine the levels of susceptibility to these risks based on an analysis of existing security controls, and how to prioritize mitigation
  • Implement a proactive, measurable security framework based on post-breach experiences as vetted by more than 1000 Global CISOs to place key controls on privileged credentials in 30-days or less

322–The Human Exploitation Kill Chain

Ira Winkler
President
Secure Mentem

If a single user action can create major damage, the entire security program is a failure.

Humans are the primary attack vector for advanced attacks according to just about every source. There needs to be in-depth defense for human vulnerabilities. Given the pervasiveness and resulting damage, companies generally push out videos and launch phishing simulation campaigns. As attendees realize, these efforts still fail in preventing attacks with security professionals then deeming such awareness efforts as a waste of time and money. Human vulnerabilities should not have to be mitigated with awareness related activities alone. By preventing the attack from reaching the human, you can stop the damaging action, which stops the action from having a negative impact. This interactive and engaging presentation will discuss these concepts in detail.

After completing this session, you will be able to:

  • Understand what a Kill Chain is and know how to use it to determine how to better protect a network, detect potential attacks in progress, and react appropriately to minimize damage
  • Identify not only user failures, but the technology that should have prevented that failure
  • Work your way through a phishing attack to see how the kill chain is implemented for phishing, the most common human attack vector
  • Examine your own environment to determine how to minimize the opportunities for users to commit the wrong actions


Return to Event Page >>

 

Track 3—Detect

113–Cloud Security - Detecting Digital Dangers

Robert Brzezinski, CISA
Principal
Bizwit LLC

Cloud solutions have transitioned from Shadow IT to Main Street IT. Are your business users pushing for Cloud solutions adoption to improve systems scalability, agility and potentially cost efficiencies? In this presentation, you’ll learn what to look for when selecting Cloud Service Providers and whether cloud solutions can improve an organization's security and/or security audit capabilities. Through an overview of Microsoft Azure’s security and compliance, Azure security tools and functionality, you’ll learn what can help you manage information privacy, security and compliance risks.

After completing this session, you will be able to:

  • Understand why cloud solutions may be advantageous for organizations. Understand and use resources to verify cloud services providers (CSP) trust and compliance, review and verify CSP security controls, GRC reports and attestations
  • Understand the concept of shared security responsibility in SaaS cloud solutions, use audit and security tools built into Office 365/Azure environment to protect user’s credentials and identities
  • Learn and compare Azure system's visibility, security and compliance capabilities with other Cloud Service Providers offerings and solutions to make the best decision for the organization’s goals and objectives

123–Understanding Covert Channels of Communication

Professor Claudio Cilli, CISA, CISM, CGEIT, CRISC
Cyber Security & Cyber Intelligence Specialist Faculty
University of Rome

Covert channels will be explained through examples taken from real-world examples in addition with demonstrating usage of specialized tools to help combat this threat. Special attention will be paid on how to identify covert channels and to prevent data leakage from your enterprise.

After completing this session, you will be able to:

  • What are covert channels and how they work
  • Understand steganography principles and message hiding techniques
  • Discover covert channels and perform basic steganalysis
  • Set proper countermeasures to prevent data leakage

133–Insider Risk: Automated or Manual Data

Amy Boawn, CISM
Senior Lead Technologist
Booz Allen Hamilton

As organizations develop holistic insider risk programs, they face the daunting task of aggregating disparate data sources to enable improved detection and early response . Insider risk programs aggregate data to detect risks. Although expensive & time-consuming, automated tools enable analysis of more data with less staff. This session will provide a comparison of the pros/cons of analytics with manual correlation based on industry & size.

After completing this session, you will be able to:

  • Recognize the advantages and disadvantages of using analytic dashboards as part of an insider risk program
  • Recognize the advantages and disadvantages of using manual data correlation and analysis as part of an insider risk program.
  • Understand how the level of regulation in an industry impacts the analytics approach decision
  • Understand how the size of an organization impacts the analytics approach decision

143–Taking Risk Measurement Seriously

Jack Jones, CISA, CISM, CRISC
EVP R&D
RiskLens, Inc.

The business, technology, and cyber threat landscape is complex and dynamic. At the same time, resources for managing the risk within this landscape are invariably limited. This combination of factors makes it imperative that your organization fully understand the very serious importance of measuring risk management.

After completing this session, you will be able to:

  • Recognize the systemic effect of poor risk measurement in achieving risk management objectives
  • Understand most common factors that drive poor risk measurement
  • Overcome poor risk measurement practices
  • Learn steps you can take to overcome obstacles to provide better risk measurement within your organization

153–Optimizing Defenses Against Invisible Threat

Alex Holden
President & CISO
Hold Security, LLC

How do you defend against the unknown? Learn from hacker successes - and mistakes - to build a better defense infrastructure. We will examine real-world examples where detection of hacker behaviors can lead to your organization’s successes or failures. Through looking at examples of large scale e-commerce abuse, financial system manipulation and corporate infrastructure compromises we will demonstrate how hacker successes can become their downfalls with proper defense scaling.

After completing this session, you will be able to:

  • Understand current hacker abuse techniques in corporate and consumer environments
  • Identify effective behavioral detection methodologies
  • Understand scalable defenses against unknown or unpredictable attacks
  • Understand the difference between signature, behavior, and technique attacks matching in identification

213–Anatomy of a Phish: Why and How Spam Works

Marcelle Lee, CSX-P, GCIA, GPEN, GCFA, GCIH, GISF, GCCC, C|EH, CCNA
Cybersecurity | Digital Forensics | Education & Training
Fractal Security Group, LLC

Phishing continues to be successful and no one is immune. Phishing attempts can allow access into your organization despite multiple layers of network defense. The level of sophistication of these attempts has been rising, and it is becoming increasingly more difficult to defend against them. In this talk, we will cover the psychology behind phishing, and will explain targeting techniques. Insider threat does not necessarily mean malicious insider activity. In fact, it is much more common for insider threat to be the result of inadvertent clicking on links or downloading malicious attachments.

After completing this session, you will be able to:

  • Demonstrate these technical aspects using a variety of exemplar phishing emails and associated methodology
  • Discuss how to arm your organization against these attacks by leveraging engaging cyber education for your employees

223–Please check back soon for updated content!

 


233–Understanding Your Adversary

Vinny Troia
CEO, Security Consultant
NightLion Security

How do you know if your cloud is secure? There are many different cloud security frameworks, each with their own set of requirements and interpretations for those requirements. How do you know which framework is the “right” one? More importantly, what are we even protecting ourselves against? We will begin our journey with a Live Hacking demonstration. I will show you how an average, no-skill hacker with only basic knowledge can penetrate your fully secure cloud environment. Next, I will show you how you can protect yourselves against these attackers by developing your own organization specific set of security standards using the Cyber Security Framework.

After completing this session, you will be able to:

  • Experience a Live Hacking Demonstration
  • Review Different Cloud Security Frameworks
  • Understand how to choose the "right" framework for your organization
  • Develop a custom testing framework using the Cyber Security Framework
  • Save time and resources with framework mapping (and, receive a free database download)

243–Practical Physical Security Detection

Kevin Dunn
Technical VP
NCC GROUP

Physical security practices are often overlooked when considering the overall security posture for a company. While simple common-sense tells us we should control access to an office or facility, the means by which organizations choose to do this are often found to be lacking or easily defeated. For many companies, considering physical security practices is prioritized lower than other methods of security. The abuse of a weak physical security posture can be used to bypass technical protections, undermine your perimeter protections, or generally go ‘straight for the gold’ when attacking an organization’s most critical assets.

This presentation will highlight the key ways in which most companies are found lacking in physical security design, implementation and policy. Methods used most often to bypass weak physical security will be demonstrated and combined with simple defenses you can use to stop these physical breaches.

After completing this session, you will be able to:

  • Understand the common physical security weaknesses that plague most companies
  • Understand the bypass techniques used to defeat expensive physical protection systems and equipment
  • Identify how to analyze at physical security in your organization
  • Create a road map to detect & defend against physical security vulnerabilities

253–P0wned M4ch1n3 - What Might Recovery Look Like

James Woods, CISA, CRISC
Business Intelligence
State Farm Insurance

Stealing merely requires something of interest to be taken. Whether the action of theft was through direct use of force or a perceived use of force is unimportant in cyberspace; layers of anonymity exist. Cyber security is a business owner’s responsibility. Without a formal recovery plan, internal controls may be needed to even qualify for reimbursement of business losses with creditors and/or insurers. Often, Small and Medium-sized Businesses (SMBs) will stop doing business permanently. This session will consider SMBs to lack essential resources and experience to investigate and track a sneaky, sophisticated, nation-state perpetrator. Learn cost-benefit analysis basics, common qualifications to receive protection with creditors and/or insurers, and evaluate whether crisis recovery is appropriate for Small/Medium-sized Business. Instead of following typical guidance to recover from a cyber incident through focused security efforts and highly specialized response teams, a practical path forward will be outlined to evaluate the appropriateness of crisis recovery for SMBs.

After completing this session, you will be able to:

  • Identify uncodified controls for any online business presence
  • Identify a data gathering process to facilitate cost-benefit analysis for SMBs
  • Evaluate qualifications for SMBs to receive protection following a cyber incident
  • Evaluate appropriateness of crisis recovery for SMBs

313–Extending COBIT 5 - Continuous Enforcement

Myles Suer
Director, Solutions & Industry Marketing
Protegrity

As the nature of today’s enterprises becomes more inter-connected and collaborative, the notion of securing network perimeters has become less relevant. Connected, collaborative enterprises need more than a perimeter, access control, and process. Today’s enterprise security needs to consider the entire enterprise ecosystem. They require data centric/person centric security by design. This presentation covers extensions to COBIT 5 to ensure sensitive data is better governed and attempted access violations are blocked, monitored and detected. This requires that data—especially non-public sensitive or regulated data--be governed better. We need to have what Ann Cavoukian, Ph.D. calls “data security/privacy by design”. In this presentation, we will cover what is required to extend COBIT 5 to ensure that the data access rules are established, monitored and enforced.

After completing this session, you will be able to:

  • Share COBIT 5’s security and data prescriptions and why they remain an extremely important enterprise baseline
  • Explain why enterprise CIOs and CISOs have determined perimeter based security and access control plus great process only take enterprises so far
  • Explain why data flying all over the place needs data-centric/person-centric security
  • Explain data-centric security and privacy by design
  • Explain what is required to extend COBIT 5 controls to ensure that particularly sensitive or regulated data is better governed and protected

323–Empowering Compliance by Getting Back to Basics

Nathan Wenzler
Technical Account Manager
Qualys

We're constantly looking for innovative ways to achieve compliance and execute sound governance. But, the answer may not be latest and greatest technology, but rather a focus on using what you already have to its fullest potential. Organizations everywhere already possess some form of vulnerability management toolsets, managing credentials and performing Q&A on applications and code. These programs have been around for a long time, and aren't considered as effective as the "latest and greatest" tools. Can a tweaking of these basic security tools operate in your environment, strengthen the effectiveness of new tools, but also lower overall costs, increase operational efficiency AND allow you to mark the compliance checkboxes - simply by rethinking how these programs are leveraged? This session will examine how these security fundamentals are being disregarded, how they can empower your broader security program in many ways, and how you can use this to reduce risk, achieve compliance and make future security program improvements easier.

After completing this session, you will be able to:

  • Identify security tools and functions already in use today that can be leveraged more fully to empower the rest of your security program
  • Understand how better utilizing these fundamental security tools can drastically improve the effectiveness of other advanced security tools
  • Learn how to optimally implement these basic tools to gain both operational efficiency and satisfy compliance requirements
  • See examples of how to achieve greater ROI for existing security tool investments by using detection tools and processes to empower more active security controls


Return to Event Page >>

 

Track 4—Respond

114–Cyber Hunt Operations of Cyber Criminals

Jarrett Kolthoff
President/CEO
SpearTip, LLC

Cyber Security responsibility now lays squarely on the shoulders of Directors, Senior Executives and “C-levels”. This real-world cyber counterintelligence case study analysis will assist today’s business leaders in overseeing and implementing cyber risk management initiatives. Highlighting core tenets of Cyber Counterintelligence, this session will introduce the technical means of identifying and countering cyber-criminal activity. You will be exposed to host-based and network incident response / digital forensic tactics utilized and will discuss the process of collecting several disparate evidentiary elements and combing the technical data within a Fusion Cell methodology, which you can then utilize at your own enterprise.

After completing this session, you will be able to:

  • Prepare Senior Executives and Directors to identify risk, prioritize threats, and create board-level governance for cyber threat management by developing a strategic roadmap within their own organization
  • Understand the deployment of "magic quadrant" technologies and how to prepare for the breach, including being exposed to these critical lessons learned from real-world case studies
  • Develop a process of collecting several disparate evidentiary elements and combine the technical data within a Fusion Cell methodology that can be implemented within your own organization
  • Leverage internal expertise and combine external resources to include developing a roadmap for training of internal personnel

124–Practice What You Breach

Simone Petrella
Chief Cyberstrategy Officer
CyberVista

How many security leaders get to feel the pressure of a breach beyond mitigating the incident? Understanding the executive perspective will help practitioners better understand how their positions fit within the full corporate ecosystem. Security practitioners and leaders will participate in an interactive, near-real time role play session to understand the perspective of the C-Suite. Your facilitator will guide the group through a scenario aimed at understanding the top-down questions, needs, and response during an incident as a way to build a better business lexicon for practitioners seeking to bridge the gap between management and IT security.

After completing this session, you will be able to:

  • Describe and comprehend the strategic-level impacts of a cyber attack at a major corporation through case study learning
  • Understand the roles and responsibilities of C-Suite executives during a cyber attack and their respective perspectives
  • Grasp the business decisions that have to be made due to impact on customers, vendors, investors, and fellow employees
  • Share best practices to better integrate technical remediation with the other components of crisis planning and response

134–eDiscovery, Computer Forensics and Data Collection

Salar Atrizadeh, Esq.
Attorney at Law
Law Offices of Salar Atrizadeh

The fact-finding process of discovery is a common and important staple in the course of litigation. In today's technological world, more people and businesses are choosing to store documents and information online, which poses procedural questions for the discovery process. Electronic discovery (a/k/a "e-Discovery") is an entirely new way to conduct discovery. The process includes restructuring or rephrasing discovery requests to include electronically stored information ("ESI") to seek relevant information such as, emails, text messages, online chats, or similar data.

After completing this session, you will be able to:

  • Understand electronic discovery
  • Explain what is electronically stored information
  • Recognize the issues arise that during e-Discover
  • Illustrate what data collection is and how is it relevant to e-Discovery
  • Discuss e-Discovery and arbitration
  • Discuss e-Discovery and international aspects
  • Discuss outsourcing e-Discovery and related issues
  • Understand the future of e-Discovery?

144–Diagnosing Incidents: Incident or Breach?

Mahmood Sher-Jan
CEO
RADAR, Inc.

 

 

Alex Wall, Esq.
Senior Counsel and Global Privacy Officer
RADAR, Inc.

Chances are your organization’s data will be, or already has been, exposed. Latest data reveals an employee clicks on malware every 81 seconds. This, plus cyber attacks, ransomware and employee negligence, puts sensitive information at constant risk. Properly diagnosing incidents is critical to comply with legal and contractual data breach obligations. Properly diagnosing and categorizing incidents is critical in order to comply with legal and contractual data breach obligations, reduce risk, and protect your reputation is imperative.

After completing this session, you will be able to:

  • Recognize differences between a privacy or security incident and a data breach and learn how to diagnose if it is a reportable breach
  • Understand the complexities of the data breach legal and regulatory landscape, how you fit into it, and what legal compliance requirements you must meet with each and every incident and breach
  • Put best practices into place to protect customers’ sensitive data, reputation, how to minimize risks, and fulfill compliance obligations with state and federal, and business partners
  • Understand how to make a determination for every incident by performing a documented multi-factor incident risk assessment

154–IR Decisions - Make them all Beforehand!

Matthew Harvey, CISA
Director of Advisory Services
Anchor Technologies

Under the pressure of an active intrusion, decision-making is often rushed or paralyzed. Incident response requires technical skills, but it also is an exercise in decision-making; the right decisions made in a timely manner drives efficient, effective incident response. How? The solution is to make all your key decisions beforehand when the pressure is off and everyone is thinking clearly with a detailed game plan. You will learn from some real-world experiences of incident response problems due to poor decision-making – and learn how to implement such a plan in your organization.

After completing this session, you will be able to:

  • Identify key areas of decision-making in incident response
  • Identify critical considerations for incident response decisions to avoid disastrous outcomes
    • Devise decision trees showing key inputs and parameters to drive efficient decisions in a crisis situation
    • Use examples and exercises to demonstrate to senior management in your organization the critical need for a decision-oriented incident response plan

214–SHA-1—Foreshadows Future Struggles

Phil Biegler
Vice President, Professional Services
Venafi

The industry just completed a migration away from SHA-1 certificates, and more mass certificate migration requirements are emerging. Hear real-world SHA-1 migration successes and pitfalls and apply these lessons learned to certificate replacement to be able to better prepare your enterprise to respond to these significant upcoming events.

After completing this session, you will be able to:

  • Set better expectations within your organization around future upcoming large scale certificate replacements—what’s coming and what’s needed
  • Compare your certificate replacement effectiveness against industry SHA-1 migration and Heartbleed remediation data
  • Comprehend the current debates around certificate rotation lifecycles, including any deadlines for shorter validity periods and what to do about them
  • Understand the best practices for addressing future large scale certificate replacements, including how to prioritize implementation and optimize infrastructure

224–3 Common Misconceptions: Incident Response

Alex Wall, Esq.
Senior Counsel and Global Privacy Officer
RADAR, Inc.

 

 

Mahmood Sher-Jan
CEO
RADAR, Inc.

Misconceptions in incident response management persist largely due to analysis of reported data breaches as opposed to data incidents. Breaches are far less common than incidents when there is a strong culture of detection, risk mitigation and compliance. This session will discuss the top three misconceptions in Incident Response and explain guidelines to help organizations combat common misconceptions in incident response and develop better processes to solidify incident response management efforts.

After completing this session, you will be able to:

  • Learn how to identify incident trends and root causes, to empower organizations proactively mitigate risks
  • Gain insight from the “near misses”—incidents that didn’t become public data breaches—to identify an organization’s greatest security vulnerabilities
  • Understand the lifecycle of an incident—from assessment to compliance—to better plan for the steps toward stronger incident response management
  • Learn how to be “incident ready” in order to better mitigate risks caused by incidents and breaches

234–Finding Ms Right: Cyber Drivers Wanted!

Greg Witte, CISM
Senior Security Engineer
G2, Inc.

 

 

Tom Conkle
Cybersecurity Engineer
G2, Inc.

Cyber security workers are often seen as serving within one big bucket called “The Cyber”. This lack of clarity leads to confusion about what’s needed, what’s available, and where “I” fit in the cyber universe. A lack of diversity compounds the problem: a recent ISACA study pointed out that nearly 9 in 10 survey participants are somewhat or very concerned about the low percentage of women in the technology sector. The CSX State of Cyber Security 2017 report showed just how important it is to demonstrate qualification and identify specific training for all. While information is available in well-respected frameworks, we need to apply these raw materials to the way we hire, train, promote and retain quality workers. This session explores how lab-based training, real-world proficiency exams, and well-known frameworks combine to find and keep the incident responders of tomorrow - encouraging diversity and innovation from a professional workforce.

After completing this session, you will be able to:

  • Understand how to leverage these existing frameworks (e.g., COBIT 5, Cybersecurity Framework, National Cyber Workforce Framework) to determine the applicable work roles for cyber event responders and other specific practice areas
  • Learn how specificity in work roles help provide a hiring, promotion, and retention strategy that motivates and supports an engaged workforce
  • Understand how to leverage skills and abilities to build actionable and accountable response and recovery strategies to help real people solve real challenges
  • Identify how to determine the best ways to seek and find truly qualified responders (and other cyber workforce candidates) based on knowledge, skills and abilities

244–DFIR for the IoT Filled Cloud Part 1

Andrew Neal, CISM, CRISC
President, Forensic Technology & Consulting
TransPerfect Legal Solutions

The IT landscape of today is vastly different from only a short time ago. Cloud, mobile, IoT, and SaaS have radically changed where data is stored and used. This has had a profound impact on how incidents are recognized and investigated.

The purpose of this 2-part workshop is to help responders, investigators, and managers understand the changes caused by the shift to these new technologies, and develop strategies to prepare for and anticipate the next wave of chang. The use of real world examples of cloud based storage discovery, investigating Alexa-type activity, and the implications of IoT based incidents will be featured.

After completing this session, you will be able to:

  • Discuss the fundamental changes occurring in how data is generated, stored and communicated
  • Identify those incident response and forensic concepts which still universally apply
  • Learn to apply the basic steps in the forensic acquisition and analysis process, regardless of data source
  • Develop a list of pre-incident policies that may set the stage for successful responses to cloud and IoT based events
  • Engage in forward thinking to anticipate where the changes in technology and data use may be taking us

254–DFIR for the IoT Filled Cloud Part 2

Andrew Neal, CISM, CRISC
President, Forensic Technology & Consulting
TransPerfect Legal Solutions

The IT landscape of today is vastly different from only a short time ago. Cloud, mobile, IoT, and SaaS have radically changed where data is stored and used. This has had a profound impact on how incidents are recognized and investigated.

The purpose of this 2-part session is to help responders, investigators, and managers understand the changes caused by the shift to these new technologies, and develop strategies to prepare for and anticipate the next wave of change. The use of real world examples of cloud based storage discovery, investigating Alexa-type activity, and the implications of IoT based incidents will be featured.

After completing this session, you will be able to:

  • Discuss the fundamental changes occurring in how data is generated, stored and communicated
  • Identify those incident response and forensic concepts which still universally apply
  • Learn to apply the basic steps in the forensic acquisition and analysis process, regardless of data source
  • Develop a list of pre-incident policies that may set the stage for successful responses to cloud and IoT based events
  • Engage in forward thinking to anticipate where the changes in technology and data use may be taking us

314–Attack, Investigate, Learn - Part 1

Keatron Evans
Owner
Blink Digital Security

More and more CISO’s and executives are caught by surprise when there’s a breach or other major incident. They end up having to bring in a considerable amount of outside help at great cost, so…how do you improve or measure your incident response team’s technical capabilities? This technical presentation will feature live attacks which will then be investigated to show how technical incident response skills can be developed on your team so there is constant progress and positive knowledge transfer. By walking through technical demonstrations of attacks, explaining the attacks and continuing through technical demonstrations of performing forensics and investigations will result in a fun, engaging and enlightening presentation. A list of source files and a tools list will be provided ahead of time for attendees who wish to work through the technical exercises during these sessions.

After completing this session, you will be able to:

  • Explain how current attacks actually work and happen. You will then be able to recreate attacks in a scenario style to challenge or train, your own incident response teams
  • Recognize not so obvious signs of breaches and exfiltration
  • Apply proper network and packet forensics techniques and tools to close the gap and answer important breach questions in a timely manner
  • Assess when to engage which types of skillsets in a breach or other incident

324–Attack, Investigate, Learn - Part 2

Keatron Evans
Owner
Blink Digital Security

More and more CISO’s and executives are caught by surprise when there’s a breach or other major incident. They end up having to bring in a considerable amount of outside help at great cost, so…how do you improve or measure your incident response team’s technical capabilities? This technical presentation will feature live attacks which will then be investigated to show how technical incident response skills can be developed on your team so there is constant progress and positive knowledge transfer. By walking through technical demonstrations of attacks, explaining the attacks and continuing through technical demonstrations of performing forensics and investigations will result in a fun, engaging and enlightening presentation. A list of source files and a tools list will be provided ahead of time for attendees who wish to work through the technical exercises during these sessions.

After completing this session, you will be able to:

  • Explain how current attacks actually work and happen. You will then be able to recreate attacks in a scenario style to challenge or train, your own incident response teams
  • Recognize not so obvious signs of breaches and exfiltration
  • Apply proper network and packet forensics techniques and tools to close the gap and answer important breach questions in a timely manner
  • Assess when to engage which types of skillsets in a breach or other incident


Return to Event Page >>

 

Track 5—Recover

115–Insuring Your Cyber Assets

Sean Scranton, CISA, CISM, CRISC
Director, Underwriting
RLI Corp

 

 

Natasha Richard
Cyber Liability Director
RLI Corp

Cyber Insurance – What is it? How does it work? Why is it so confusing? This session will demystify the current cyber insurance swamp of perplexing forms, high deductibles, hidden exclusions, and insurance companies that “never pay out”.

After completing this session, you will be able to:

  • Understand the current cyber insurance market landscape
  • Identify common coverages and exclusions
  • Ask for value-added services as part of coverage
  • Engage ERM and Security to determine appropriate coverages

125–Analyst View: Cybersecurity Jobs Workforce Review

David Foote
Co-founder and CEO
Foote Partners, LLC

The Internet of Things (IoT) is exploding: McKinsey is expecting a 32.6% CAGR between 2015 and 2020 as businesses look to IoT and digital technologies to enable new business models and transform business processes. However, nothing will happen without the people to build, support, and secure disruptive digital engagement. Join Foote Partners to learn about their analysis of the current/future state of Cybersecurity jobs and workforce evolution, as informed by proprietary deep-dive data from 3,100 US and Canadian employers, including reviews of jobs, salaries, and cash pay premiums for skills and certifications.

After completing this session, you will be able to:

  • Understand detailed duties/responsibilities; skills and knowledge; experience requirements for the entire family of cyber security jobs in 2017
  • Learn current salary and skills/certifications cash premiums for cyber security roles and jobs in 65 US and 18 Canadian cities from 3,100 employers surveyed in Foote Partners IT Professional Salary Survey, IT Skills & Certifications Pay Index
  • Understand infosec-to-cybersec transition of job paths and promotions from case studies of successful transitions (40+ industries) and how employers are building cyber security capabilities through internal skills development and external hiring
  • Learn first-hand about Foote Partners detailed forecast for cyber security jobs, skills, and workforce evolution over the Next 5 years

135–Practical Risk Response Using COBIT 5 Part 1

Mark Thomas, CGEIT, CRISC
President
Escoute

Challenges organizations face today are increasingly more complex, and they must constantly scan their environments to take practical steps for making risk-informed decisions that provide value for stakeholders. A core practice to accomplish this is to use the concept of risk scenarios as the starting point and basis of any assessment while constantly updating, communicating, analyzing and improving response plans based on a changing landscape. Join this practical, two-part hands-on workshop exploring the process of creating scenarios using a real-world case study where you will walk through the steps of the risk management cycle through to the response and recovery stages.

After completing this session, you will be able to:

  • Understand how to use techniques from various COBIT guides to effectively execute risk response and recovery plans
  • Learn how to create risk scenarios as a basis for an assessment, and link these to their effects on business goals which assists in the prioritization of recovery plans
  • Understand how to analyze and assess risks, determine appropriate responses and recovery planning techniques
  • Create an enterprise risk register that can be flexible, and tied to various other business risk processes

145–Practical Risk Response Using COBIT 5 Part 2

Mark Thomas, CGEIT, CRISC
President
Escoute

Challenges organizations face today are increasingly more complex, and they must constantly scan their environments to take practical steps for making risk-informed decisions that provide value for stakeholders. A core practice to accomplish this is to use the concept of risk scenarios as the starting point and basis of any assessment while constantly updating, communicating, analyzing and improving response plans based on a changing landscape. Join this practical, two-part hands-on workshop exploring the process of creating scenarios using a real-world case study where you will walk through the steps of the risk management cycle through to the response and recovery stages.

After completing this session, you will be able to:

  • Understand how to use techniques from various COBIT guides to effectively execute risk response and recovery plans
  • Learn how to create risk scenarios as a basis for an assessment, and link these to their effects on business goals which assists in the prioritization of recovery plans
  • Understand how to analyze and assess risks, determine appropriate responses and recovery planning techniques
  • Create an enterprise risk register that can be flexible, and tied to various other business risk processes

155–Please check back soon for updated content!

 


215–Cyber Warfare & the New Threats to Security

Claudio Cilli, CISA, CISM, CGEIT, CRISC
Cyber Security and Cyber Intelligence Specialist Faculty
University of Rome

The rules of cyber-war are comparable to the conventional, and is the last frontier of human insanity. Learn more about rules of cyber-war, how dangerous an information war can be and why it can be used against either a nation or a big company. Learn through real-life examples how to protect your critical infrastructure from information flooding and how to recover critical infrastructure functionality after a cyber-attack. Critical infrastructures: What they are and why they need to be protected.

After completing this session, you will be able to:

  • Learn more about the what and why of critical infrastructures – and how they need to be protected
  • Better comprehend cyber-warfare definition, techniques and rules
  • More completely prepare for cyber-warfare and how to protect your company from attacks
  • Know how to recover after cyber-attacks

225–Legal Issues with Third Party Risk

Shawn Tuma
Cybersecurity & Data Privacy Attorney
Scheef & Stone, LLP

Most people know the lesson of Target led to one of the most notorious data breaches in history. Third party / supply chain risk management became a priority afterward. In the wake of this, many federal and state agencies began to focus on the issue of third party risk and supply chain risk management. These agencies have now issued a multitude of regulations focused on legal and compliance requirements aimed at addressing third party risk. This session will explain key federal and state regulations and key contractual terms for business partners and examine best practices for ensuring compliance/IR.

After completing this session, you will be able to:

  • Understand what federal and state regulations for third party risk and supply chain risk management typically focus on in the cyber security context and what they require
  • Understand why contracts with third party business partners are one of the most important mechanisms for ensuring compliance with federal and state information security and data privacy regulations as well as cooperation with and allocating responsibility
  • Understand what key terms practical third party contracts need to include in order to satisfy the required information security and data privacy obligations as well as cooperation with and allocating responsibilities for incident response
  • Understand the most common areas of contention when negotiating third party contracts, learn effective strategies for resolving these issues, and learn strategies for protecting the company when the business partner is no longer compliant or unable to comply

235–Business Driven Security (BDS)

Marshall Toburen
GRC Strategist, Enterprise Risk Management
Dell Technologies (RSA)

Cyber risk is on the minds of all managers and boards today. Unfortunately, Information security professionals struggle to articulate information security risk in terms that their business understands. This leads to precarious problems of not being able to justify needed resources to strengthen the information security program, prioritizing limited resources on the most important problems, or being able to communicate the extent and impact of incidents and breaches when they occur. Business-driven security is an approach to understand, manage, and depict information security risk in context, terms, & manner most efficiently and effectively used by the organization’s business leaders, executive management, & board of directors. This session will provide concrete, proven guidance on how to enable business-driven security using GRC technology and techniques that relate to each functional area of the NIST Cybersecurity framework, with emphasis on its application to recovering from cyber security events.

After completing this session, you will be able to:

  • Differentiate between traditional approach & BDS
  • Deploy principles and techniques of BDS
  • Talk about information security risk in business terms
  • Better justify information regarding security investments & priorities

245–Scaling and Accelerating the Supply of “Workforce Ready” Entry Level Cyber/Risk Professionals to Effectively Respond and Recover from Incidents

Frank Cicio
CEO
IQ4

Scott Jackson, CISSP
NA Regional Info Security Officer
Standard Chartered Bank

A breakthrough from combining technology and an industry-formulated curricular means that the workforce pipeline of well-equipped graduates needed in Cybersecurity is no longer restricted by the limited numbers of cyber-trained faculty. CWA virtual-internships “Virtual-Menternships™” massively scale a school’s capacity by bringing the workplace and mentors into the classroom to create job-role experience and workforce-ready candidates in tech-security, compliance and risk. The industry developed curriculum is designed to build experience and identify ideal candidates for the high priority roles needed by employers; i.e. Behavioural Analyst, IT Risk Analyst, Compliance Analyst, Cyber Threat Analyst, and Information Security Officer. The CWA applied experiential learning by leveraging the standards of Essential Skills and the NIST Critical Infrastructure Framework and the National Initiative for Cybersecurity Education (NICE) KSAs, Work Roles, Competencies Taxonomy. These standards are automated on the iQ4 Workforce Risk and Mobility Platform which underpins the CWA community.

After completing this session, you will be able to:

  • Understand how the NIST National Cybersecurity Workforce Framework (NCWF) can be leveraged to develop workforce Competencies Knowledge Skills and Abilities
  • See that scalability via virtual-internships means that, through mentors investing 1-hour per week over 12-weeks, they can develop many more skilled interns/employees far more economically than is achieved via internships on-premises
  • Visualize how the NIST Cybersecurity Workforce Framework (NCWF) is automated and how the common lexicon and framework becomes of increased value to employers, educators, students and regulators/examiners
  • Be aware of the Cybersecurity Workforce Alliance and how to find out more

255–Please check back soon for updated content!

 


315–Ransomware Recovery

Edward McCabe, CISM, CGEIT, CRISC, ISO/IEC 27K1 ISMS LI
Principal Consultant (Co-Founder)
Rendition InfoSec, LLC

You come into the office on a Tuesday morning and you can feel it as soon as you step into the lobby. A sense of panic and dread so thick you can cut it with a knife. As you look towards the main conference room, you can see that is crammed with people. Executive Leadership, IT Staff, Corporate Communications. The voices coming out of the conference room are raised, you can see what looks like a network map drawn haphazardly on the white board. The tone of the throng tells you that tensions are high. As you walk over, you hear the phrase no one wants to hear “Its ransomware.”

In this session, we’ll talk about the evolution of malicious software, tracing the origins to the current incarnation of what we are seeing with Ransomware. Not only will we address the IT impact, but also discuss and cover business considerations in preparation for a ransomware event and how to recover. We’ll review a case studies and how ransomware impacted those organizations and why it is so important to ensure that we are prepared for a ransomware event.


325–Ransomware Recovery

Edward McCabe, CISM, CGEIT, CRISC, ISO/IEC 27K1 ISMS LI
Principal Consultant (Co-Founder)
Rendition InfoSec, LLC

You come into the office on a Tuesday morning and you can feel it as soon as you step into the lobby. A sense of panic and dread so thick you can cut it with a knife. As you look towards the main conference room, you can see that is crammed with people. Executive Leadership, IT Staff, Corporate Communications. The voices coming out of the conference room are raised, you can see what looks like a network map drawn haphazardly on the white board. The tone of the throng tells you that tensions are high. As you walk over, you hear the phrase no one wants to hear “Its ransomware.”

In this session, we’ll talk about the evolution of malicious software, tracing the origins to the current incarnation of what we are seeing with Ransomware. Not only will we address the IT impact, but also discuss and cover business considerations in preparation for a ransomware event and how to recover. We’ll review a case studies and how ransomware impacted those organizations and why it is so important to ensure that we are prepared for a ransomware event.


Return to Event Page >>

 

Track 6—Defend

116–Hiring: Find the Needle in the Haystack

Tammy Moskites
CIO / CISO
Venafi

Good help is hard to find – at least in IT security! With more IT security jobs than people to fill them, how do you find the right people for your team? Discuss ISACA’s 2017 report Current Trends in Workforce Development focusing on IT security workforce trends and get guidance on hiring, retaining, growing, and rewarding your team.

After completing this session, you will be able to:

  • Understand what IT security professionals believe are the most important IT security applicant attributes
  • See where organizations are struggling with hiring, including the time it takes to fill a position, the average number of applicants, the percentage of qualified applicants, and how to use this information to better set internal hiring expectations
  • Know what to look for beyond IT security skills when hiring IT security professionals and why these skills are important within the overall team dynamic
  • Apply experience-tested tips to discover, build, and apply your IT security team’s strengths and how to work with the right people in the organization to support growth

126–Cloud Migration 2.0: Securing IaaS

Srini Gurrapu
VP, Customer Solutions & Strategy
Skyhigh Networks

The path to the cloud may start with SaaS, but the destination for mature cloud programs is IaaS. Every company is now a software security company. Learn how organizations have overcome the security challenges for custom applications in the cloud.

After completing this session, you will be able to:

  • Identify the security challenges unique to monitoring administrator behavior and auditing IaaS security configurations for vulnerabilities
  • Identify threats, regulatory risks, compliance challenges, and vulnerabilities associated with deploying custom-developed, proprietary applications in public cloud IaaS environments
  • Point to techniques, tools, and architecture for applying critical security capabilities including threat intelligence, activity monitoring, and data loss prevention
  • Enforce internal security and regulatory compliance policies consistently across all applications, whether they are SaaS, IaaS, PaaS, or in the corporate data center

136–Identifying Insider Threats

Bethany Larson
US Chief Confidentiality & Privacy Officer
Deloitte & Touche LLP

 

 

Dr. Michael Gelles
Managing Director
Deloitte Consulting, LLP

To prevent and mitigate the risk resulting from insider threats, your organization should focus on a proactive, enterprise-wide and people-centric program. In this session, you will discuss building an insider threat program and enhancing Corporate Culture through a proactive, enterprise-wide and people-centric program that is secure, vigilant and resilient.

After completing this session, you will be able to:

  • Define insider threat and the three drivers of insider threat
  • Detect/identify where change is needed by looking at the art of the possible highlighting specific potential risk indicators/use cases/user behavior analytics
  • Understand the scale of maturity for an insider threat program including current industry trends, leading practices, preventive controls and pitfalls
  • Prevent and mobilize culture change by reviewing these five important success factors:
    1. Communication and impact on change
    2. Policy implementation to shape behavior through compliance
    3. Training
    4. Employee engagement
    5. Using the insider threat working group (ITWG) for change

146–Security in a Containerized World

Todd Bushnell
CTO & DevOps Managing Partner
Strata Consulting

 

 

Thomas Fou, CISM, CRISC
Principal Consultant
Strata Consulting

The rise of container technology hail scalability, efficiency, and high availability. In this session, we share learnings and best practices on how to meet security and compliance challenges using containers, automation and DevOps methodologies.

After completing this session, you will be able to:

  • Know the answer to “Why containers?”: If you’re managing systems the traditional way, we will provide an overview of the pros and cons for using containers
  • Understand why managing containers needs a new approach: This will achieve high availability, scalability, and reliability as well as security and compliance objectives, by leveraging automation while embracing DevOps methodologies and principles
  • Learn more best practices to maintain secure container infrastructure including Image Signing, Image Vulnerability Scanning, Runtime Environment Security, Container Isolation, Runtime Threat Detection & Response
  • Build security and compliance into your container management pipeline: We will provide specific recommendations on how to implement security and compliance into your pipeline

156–Please check back soon for updated content!

 


216–Please check back soon for updated content!

 


226–Employee Awareness Program

Gail Ricketts, CISA, CRISC
Sr. Information Security & Risk Analyst
ON Semiconductor

Discuss the underlying assumptions and beliefs, beginning state, strategy, end state, incentives, and messaging of an employee awareness program. We will also discuss what the mission, vision, and goals of a successful awareness program looks like.

After completing this session, you will be able to:

  • Develop an effective and engaging employee awareness program
  • Stimulate and strengthen your employees’ cyber security awareness IQ
  • Identify and document the five “do's” and three “don'ts” of cyber security
  • Ensure your employees are engaged with your program’s goals and recognize that they are your company's greatest asset in preventing a cyber security breach

236–IoT: Get Ahead of the Curve

Pritesh Parekh, CISA, CISM, CRISC
VP, Chief Security Officer
Zuora Inc.

IoT is becoming a major avenue for hackers for the simple reason that vulnerabilities increase and become more impactful when more devices are connected. What systems and processes do security professionals need to put in place to defend against IoT product risk in the not-too-distant future? In this session, we will cover key techniques and defenses against IoT threats by sharing the key security considerations and techniques to build a holistic security program for IoT. This will cover key security themes around infrastructure, authentication & authorization, encryption, compliance, privacy and device security that belong in every stage of the product development life cycle.

After completing this session, you will be able to:

  • Understand the current IoT threat landscape and learn about anticipated future threats. Learn various threats to sensitive, personal data that can impact security and privacy of their consumers
  • Learn tools and techniques used by hackers to compromise IoT devices across multiple device types by watching live demo
  • Gain key strategies for embedding IoT security as part of the product development life cycle to mitigate wide range of IoT threats
  • Understand security considerations and techniques to build a holistic security program for IoT by covering key security themes around infrastructure, authentication & authorization, encryption, compliance, privacy and device security

246–Applying the CIS Critical Security Controls

James Tarala, CISA
Principal Consultant
Enclave Security

Cyber security attacks are evolving so rapidly that it is more difficult than ever to prevent them. In this presentation you will earn specific, proven techniques needed to implement and audit against the CIS Critical Security Controls. They are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.

After completing this session, you will be able to:

  • Understand and apply the philosophies behind the CIS Critical Security Controls to their audit practices and architectures for defense
  • Implement practical, prioritized controls to defend their organization's information systems against all forms of advanced cyber attacks
  • Build comprehensive and prioritized audit programs based on industry standards for cyber defense
  • Understand how to take advantage of real-world, current threat intelligence to select prioritized controls for cyber defense

256–Please check back soon for updated content!

 


316–Prioritize Vulnerability Remediation

Amol Sarwate
Director of Vulnerability Labs
Qualys

In this presentation, we will discuss a year-long study of exploits kits, attacks and vulnerability attributes and learn how to use them for prioritization. We will share best practices for improving remediation and reducing risk.

Organizations are expected to protect their assets and users from existing vulnerabilities and from the thousands of new ones disclosed every year. Unfortunately, when it comes to vulnerability remediation many organizations face an excess of cyber-threats and a shortage of InfoSec professionals. IT departments must prioritize remediation, so that they can promptly fix the vulnerabilities that represent the greatest risk to their organization at any given point in time. We will discuss a year-long study of exploit kits, attacks and vulnerability attributes and learn how to use them for prioritization while sharing best practices for improving remediation and reducing risk in the age of vulnerability disclosure overload.

After completing this session, you will be able to:

  • Understand how attacks happen in real world
  • Understand Exploits and Vulnerabilities
  • Understand how to prioritize remediation
  • Reduce overall risk

326–Biometric Authentication - Combat Crime

Tapiwa Zvandasara, CISA, CISM, CRISC
IT GRC Specialist
Trans-Caledon Tunnel Authority (TCTA)

You cannot leave your home without your biometric! Biometric authentication can be used together with other authentication methods to effectively combat crime. Although there have been issues in the implementation of certain biometric technologies (legal and social), an individual’s biometric characteristics can be used to correctly identify them with a high level of accuracy for authentication in high value applications. There have been many successful implementations of biometric authentications to date and research in biometric technology has identified even more biometrics that can be used to accurately identify individuals. Biometric authentication is the password of the future.

After completing this session, you will be able to:

  • Describe what biometrics are and their applications
  • Describe the generic biometric authentication model
  • Identify leading biometric technologies, their characteristics and future biometric technologies
  • Identify successful case studies of biometric implementations


Return to Event Page >>

 

Workshops

WS1–Cybersecurity Fundamentals

John Tannahill, CISM, CGEIT, CRISC
Management Consultant
J. Tannahill & Associates

Cyber security is rapidly evolving and spreading to impact every sector of global commerce and technology. As a result, it is more and more crucial that professionals involved in almost all areas of information systems understand the central concepts that frame and define this increasingly pervasive field. The Cybersecurity Fundamentals Workshop is ideal for information systems professionals wishing to advance their knowledge in or transfer to cyber security, and for recent college/university graduates looking to start a career in this in-demand, fiercely competitive field.

The Cybersecurity Fundamentals Workshop is designed to enhance the knowledge of beginning learners and prepare those who wish to obtain a globally recognized credential for the Cybersecurity Fundamentals Certificate Exam which can be taken online at a later date.

This workshop will cover four key areas of cyber security:

  1. Cyber security architecture principles
  2. Security of networks, systems, applications and data
  3. Incident response
  4. The security implications of the adoption of emerging technologies.

After completing this workshop, you will be able to:

  • Understand basic cyber security concepts and definitions
  • Define network security architecture concepts
  • Recognise malware analysis concepts and methodology
  • Identify computer network defense (CND) and vulnerability assessment tools, including open source tools and their capabilities
  • Explain network systems management principles, models, methods, and tools
  • Distinguish system and application security threats and vulnerabilities
  • Classify types of incidents (categories, responses, and timelines for responses)
  • Outline disaster recovery and business continuity planning
  • Comprehend incident response and handling methodologies
  • Understand security event correlation tools, and how different file types can be used for atypical behavior
  • Be aware of the basic concepts, practices, tools, tactics, techniques, and procedures for processing digital forensic data
  • Recognise new and emerging information technology and information security technologies

WS2–COBIT 5 for NIST

Mark Thomas, CGEIT, CRISC
President
Escoute

Preview Mark Thomas Here

 

 

As part of the knowledge, tools and guidance provided through the globally respected Cybersecurity Nexus (CSX) program, ISACA has developed a guide and course: Implementing NIST Cybersecurity Framework Using COBIT 5.

This course presents deep insights on the Cybersecurity Framework (CSF), its goals, implementation steps and the ability to apply this information. The course is well-suited for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cyber security program for their enterprises.

Students will learn to understand the goals of the CSF and what it means to align to it, understand the seven CSF implementation steps, and apply and evaluate the steps using COBIT 5.


WS3–Know Thy Enemy

Ted Harrington
Executive Partner
Independent Security Evaluators

In his seminal work The Art of War, Sun Tzu advocated that we must “know thy enemy” in order to defeat that enemy. Utilizing a mixture of presentation and group exercise modules, this workshop leverages that mantra, adopting the attacker’s viewpoint in order to understand how to defend. Presented by the elite group of security researchers and consultants widely known as the first company to hack the iPhone, this session examines secure design principles, attack anatomies, and real world case studies from a variety of industries. Notably, this session extracts lessons from recently published security research by the presenters, including the seminal whitepaper Hacking Hospitals, in which it was investigated how hackers could cause patient harm or fatality. Attendees can expect to be challenged to consider a new defense paradigm, and will leave with actionable guidance that can be immediately implemented at their organizations.

After completing this workshop, you will be able to:

  • Identify the different adversary categories, and the characteristics that define them, including motivation, skill level, and access to resources (financial, computational, time)
  • Understand different defense techniques to be used against different adversary types
  • Define asset value
  • Explore the differences between external adversaries and the internal threat
  • Learn what a threat model is, why it is important, and how to build one
  • Analyze the financial implications of varying approaches to security assessment
  • Dissect the anatomies of different breaches in order to extract lessons that can be applied to your own organization
  • Empower executives and other leaders to articulate risk and build effective security programs

WS4–CSX Practitioner Lab Bonanza

T. Frank Downs
Senior Manager Cyber/Information Security
ISACA

 
 

Dustin Brewer
Cybersecurity Platform Engineer
ISACA

The CSX Practitioner Lab Bonanza offers students the opportunity to experience all of the labs presented in the one week Bootcamp in two intensive, action-packed days!

ISACA staff instructors and program developers will guide students through these hands-on labs, dissecting typical problem spots, and provide students with detailed insight to ensure student comprehension so they are better equipped to overcome threats and create competitive advantages for your career and your organization.

Students attending this workshop will find that by being immersed into the CSX P process they will develop a more robust background and be better prepared to sit for the demands of the CSXP certification program.

After completing this workshop, you will be able to:

  • Continue to prepare for the certification course

*** Please note, while this course is intended to help provide insights into the rigors of the CSX P Exam, students will still need to prepare for the exam independently following this workshop. Students will have access to the labs for 6 months following the workshop to facilitate exam preparation.

Please note: Attendees of this workshop are required to bring a laptop with an Internet accessible browser in order to fully participate in this workshop. 


WS5–Building a World Class Threat Intel Program

Dr. Chase Cunningham
Director of Cyber Operations
A10 Networks

 

 

After completing this workshop, you will be able to:

  • Identify and communicate business needs for in-house threat intelligence platforms
  • Identify existing repositories of threat intelligence information
  • Understand capabilities and methodologies available to help you create a holistic view of your environment
  • Operationalize data sources for specific business needs

WS6–IoT + DDoS = Disruptive (Business + Cyber) Risk!

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), Security+, CCSFP, Member of InfraGard (FBI)
CEO
ecfirst

Gartner estimates about 6.4 billion Internet of Things (IoT) devices today, such as DVRs, surveillance cameras, and many others, all connected to the Web and all with Internet (IP) addresses. By 2020, it is expected that the number of Web-connected devices will increase to 20.8 billion.

So, why are these numbers relevant to cyber-security? An IoT fact is that these devices were not designed or developed with security at their core. Further, these devices are typically not configured securely.

As IoT becomes pervasive across industries, including healthcare, financial, and government; organizations, must be prepared for this rising, and disruptive threat. Further, the risk from IoT increases the challenge for addressing compliance mandates associated with sensitive and confidential information.

After completing this workshop, you will be able to:

  • Examine why IoT = Internet of Threats
  • Step through how botnets and DDoS can be disruptive to sites and Web applications
  • Walk thru an IoT Security Policy that addresses key compliance requirements
  • Develop a strategy for addressing such emerging threats in the context of your enterprise cyber security plan

WS7–Career Crossroad: Practice or Manage Cyber

Jonathan Brandt, CISM, CISSP, CSA+, PMP
Senior Manager of Cybersecurity Exams
ISACA

The demand for competent information security managers is overwhelming as are most roles in cybersecurity. ISACA’s CISM certification has long been one of the most valuable credentials in the market but is not the only managerial credential in the market. This workshop is not intended to prepare learners for the CISM certification exam but rather provide essential managerial information so that attendees can make informed career decisions.

After completing this workshop, you will be able to:

  • Discuss security manager responsibilities
  • Learn the components and management of an information security program
  • Discuss methods to gain stakeholder support for information security strategies
  • Identify whether or not to pursue an information security management role

 

Events

Washington after Dark

Monday, 2 October – departure 7:15PM from Hotel (sunset 6:48PM)!

Aboard your luxury motor coach, your licensed tour guide will share fascinating facts on Washington DC’s beautifully illuminated monuments and landmarks.

In this all-encompassing night tour of Washington, you will pass such sights as the White House, the U.S. Capitol Building, the Old Post Office Building, the Washington Monument, the World War II and Jefferson Memorial, the Smithsonian Museums, and the Tidal Basin. You will circle the Iwo Jima Memorial and then make a stop at the Lincoln Memorial where you can enjoy the stunning views of the National Mall and Potomac River – and take a great photo to memorialize the occasion with friends you’ve already made on this tour! You will also be able to visit the Vietnam and Korean War Memorials which are just a short walk from the Lincoln Memorial. Grab a beverage or snack before you leave the Hotel – make sure your phone or camera has a full charge and your memory card is empty – and let’s go see these stunning sights!

Cost is $50/person based on a minimum of 40 guests confirmed prior to Monday, 25 September. Tour will occur rain or moonlight, provided minimum attendance is secured by this date. Check back soon to make your reservation!


Return to Event Page >>