is your world secure? OPENING KEYNOTE CISO, GE Capital Commercial Finance Social Networking and the Consumer Cloud Are You Ready? And More!

Size: px
Start display at page:

Download "is your world secure? OPENING KEYNOTE CISO, GE Capital Commercial Finance Social Networking and the Consumer Cloud Are You Ready? And More!"

Transcription

1 is your world secure? DALLAS Plano Convention Centre NOVEMBER 3-4, 2010 Inside SecureWorld: November 3, 2010 Featured Keynotes Industry Expert Panels Conference Sessions November 4, 2010 OPENING KEYNOTE INFRAGARD KEYNOTE William Hugh Murray James Beeson Executive Consultant, Information Assurance; Assoc. Professor, Naval Postgraduate School Essential Security Practices Case Studies CISO, GE Capital Commercial Finance Social Networking and the Consumer Cloud Are You Ready? And More!... LUNCHEON KEYNOTE Security demands are rapidly growing while security training budgets are not. SecureWorld delivers the most affordable, highest quality security education, training and networking right to your doorstep. LUNCHEON KEYNOTE L. Frank Kenney Security Sage VP of Global Strategy, Ipswitch File Transfer Division The Data Breaches You Don't See Hurt You The Most Selling Information Security secureworldexpo.com Check us out on the web at Gold Sponsors: This Event Hosted by: NORTH TEXAS & Ft. Worth Chapter INTEGRATION FORENSICS BOTNETS VIRTUALIZATION APPLICATION SECU UALIZATION APPLICATION SECURITYSYSTEMS ENCRYPTION VoIP DATA LEAKAGE COMPLIANCE WIRELESS BIOMETRICS ACCESS CONTROL RISK MANAGEMENT DATA LEAKAGE COMPLI

2 HIGHLIGHTS November 3, :30 am OPENING KEYNOTE William Hugh Murray Executive Consultant, Information Assurance; Assoc. Professor, Naval Postgraduate School Essential Security Practices 12:15 pm LUNCHEON KEYNOTE Security Sage Selling Information Security November 4, :30 am INFRAGARD KEYNOTE James Beeson CISO, GE Capital Commercial Finance Social Networking and the Consumer Cloud Are You Ready? 12:00 pm LUNCHEON KEYNOTE L. Frank Kenney VP of Global Strategy, Ipswitch File Transfer Division The Data Breaches You Don't See Hurt You The Most (Earn 16 CPE CREDITS) Assessing Your Current Security How good is your security program? Is there an effective way to measure the current state of your security program and compare it against some industry-accepted criteria? This session will present key methods to conduct just such an assessment using your current staff members. The session will begin with a brief discussion of what is meant by risk analysis, risk assessment, security assessment and vulnerability assessment, then analyze how these processes interact with one another. We will also examine how penetration testing and audits fit into the overall assessment methodologies. Defense Against Social Engineering Despite media reports, hackers are not always technological geniuses. Some can t even read the scripts they unleash against our networks. However, while computer crime grows increasingly organized, focused and specialized, even the greenest script kiddie can be an outstanding social engineer. This class details various psychological workings of social engineering and presents scenarios and role-playing excercises to help us fully comprehand the threat. We also give suggestions for constructing a realistic defense program, emphasizing effects on the business. Includes SWE Conference Pass: Conference Sessions, Keynotes, Exhibits, Open Sessions and Lunch Each Day This Event Hosted by: NORTH TEXAS & Ft. Worth Chapter

3 TWO DAY CONFERENCE - $265 Conference Sessions, Conference Keynotes, Exhibits, Open Sessions, Lunch and 12 CPE Certficate of Attendence. SECUREWORLD+ - $695 Extended Training Opportunities - Conference Sessions, Keynotes, Exhibits, Open Sessions, Lunch and a 16 CPE Certificate of Attendence EXHIBITS/OPEN SESSIONS - FREE Exhibits, Keynotes and Open Sessions INVITE ONLY 7:00am - 3:00pm Registration 8:00am - 9:15am Executive Steering Council Breakfast: (Invitation Only) II 8:00am - 9:30am SecureWorld+ Assessing Your Current Security (Part 1) SecureWorld+ Defense Against Social Engineering (Part 1) 8:30am - 9:15am Beyond Gotcha-Surviving Today s Audit Balancing Risk: IT Service Provider Risks Establishing a Digital Forensic and Incident Response Program Hello, Your People, Your Information & Your Technology Have Left the Building! Lavon Hillhaven I 9:00am - 3:00pm Exhibit Floor Open Collinwood I John G. O Leary Mignona Cote Dione McBride Shaun Drutar Jeffrey M. Camiel 9:30am - 10:15am Opening Keynote: Essential Security Practices Keynote Theater William Hugh Murray 10:15am - 11:30am Conference Break/Product Demonstrations - Exhibit Floor 11:15am - 12:15pm Executive Roundtable: Risk Management Concepts (Invitation Only) II 11:30am - 12:15pm 11:30am - 12:15pm Get Secure, Get Compliant Resolving the Conflict over Workplace Privacy and Employee Monitoring Implementing Mobile Device Encryption: A Case Study Alcatel-Lucent Presents - Securing the Virtualized Enterprise, a Blueprint for Enterprise Security I Presentation Theater 12:15pm - 1:15pm Executive Roundtable: Mobile Device Security (Invitation Only) II David Wallace Bridget Aman Cliff Grossner 12:15pm - 1:00pm Luncheon Keynote Selling Information Security Keynote Theater 1:15pm - 2:00pm 2:00pm - 3:00pm 3:00pm - 3:45pm Day 1 - November 3, 2010 TIME CONFERENCE ROOM # SPEAKER(S) Industry Expert Panel: Data Protection-Walking the Thin Line Between Employee Productivity and Security Industry Expert Panel: Network Security-Finding the Right Management Program Industry Expert Panel: Effective Compliance Management in Today s Workplace Conference Dessert Break/Product Demonstration - Exhibit Floor Which Part of the Prickly Pear is the End Point? Don t Fall Victim to Social Media Attacks The Importance of Training in Your Security Program Is Governance Part of Your Architecture? 3:00pm - 4:30pm SecureWorld+ Assessing Your Current Security Program (Part 2) SecureWorld+ Defense Against Social Engineering (Part 2) Keynote Theater Presentation Theater I Lavon Hillhaven 3:00pm-5:30pm Pub Crawl Foyer Jeff Debrosse Carl Timm Chris Hare Randy Guin John G. O Leary Check us out on the web: secureworldexpo.com

4 Day 1 - November 3, :00am - Registration Opens 8:00am - 9:15am - II Executive Steering Council Breakfast: (Invitation Only) 8:00am - 9:30am - Lavon Assessing Your Current Security (Part 1), Security Sage How good is your security program? Is there an effective way to measure the current state of your security program and compare it against some industry-accepted criteria? This session will present key methods to conduct just such an assessment using your current staff members. The session will begin with a brief discussion of what is meant by risk analysis, risk assessment, security assessment and vulnerability assessment, then analyze how these processes interact with one another. We will also examine how penetration testing and audits fit into the overall assessment methodologies. 8:00am - 9:30am - Hillhaven Defense Against Social Engineering (Part 1) John G. O Leary, President, O Leary Management Education Despite media reports, hackers are not always technological geniuses. Some can t even read the scripts they unleash against our networks. However, while computer crime grows increasingly organized, focused and specialized, even the greenest script kiddie can be an outstanding social engineer. 8:30am - 9:15am - Beyond Gotcha-Surviving Today s Audit Mignona Cote, Senior VP, Bank of America Auditors come in types: the gotcha, the apathetic and the true control partner. Recognizing the goal of the auditor coupled with security and control requirements, corporate audits can be survived. The gotcha can be turned to a report of strong confidence for the board and regulators. 8:30am - 9:15am - I Balancing Risk: IT Service Provider Risks Dione McBride, CISSP Laws and regulations like Massachusetts 201 CMR and PCI require due diligence on new outsourcers and contractors. Analysts and industry experts all insist that every company needs to complete due diligence on new outsourcers and contractors and to maintain a good understanding of how the company data is processed and protected. And, if you follow the breach statistics, you can see that in many cases these 3rd parties have been involved in about 40% of security breach. The only problem is - no one tells you how to do this. This session is an opportunity to share some insights into how to approach due diligence efforts, what you can and should include in your contract provisions, and how you demonstrate your approach is appropriate for your business. 8:30am - 9:15am - Establishing a Digital Forensic and Incident Response Program Shaun Drutar, CISSP, American Home Mortgage Servicing Inc. 8:30am - 9:15am - Hello, Your People, Your Information & Your Technology Have Left the Building! Jeffrey M. Camiel, CISSP, QSA Conference Details In this 45 minute breakout session, we will present what these new information system models look like, what new and old security risks CISO and CIOs should be aware of and present the current and possibly security effect of the iphone and ios on your enterprise. 9:00am - 3:00pm - Collinwood I Exhibit Floor Open 9:30am - 10:15am - Keynote Theater Opening Keynote - Essential Security Practices William Hugh Murray, Executive Consultant, Information Assurance; Assoc. Professor, Naval Postgraduate School This Keynote presentation will describe Essential Security Practices, those which anyone can do, with available resources. While individually these practices may be as little as 80% effective; collectively they can dramatically reduce risk at minimal cost. Essential Security Practices are too often dismissed by experts because they are less than perfect, when they should be preferred because they are efficient. 10:15am - 11:30am Conference Break/Exhibitor Product Demonstrations 11:15am - 12:15pm - II Executive Roundtable: Risk Management Concepts (Invitation Only) 11:30am - 12:15pm - Get Secure, Get Compliant David Wallace, Group Manager, Security Standards Compliance Chase Paymentech Solutions On its surface, compliance with the Payment Card Industry Data Security Standards appears to be an Information Technology challenge. As a result many merchants assign it to IT or Information Security and expect them to make it happen. This approach virtually guarantees compliance will take longer, cost more, and be more organizationally disruptive. It will also make maintaining compliance long term less likely. This presentation will explore the steps needed to engage key stakeholder, identify business process issues, and develop an Information Security program that will foster a culture of security. Such an approach will not only to ensure compliance with the PCI DSS but also position the enterprise for compliance with future compliance mandates. 11:30am - 12:15pm - I Resolving the Conflict over Workplace Privacy and Employee Monitoring, Security Sage Employers want to be sure their employees are doing a good job, but employees don t want their every move or message logged. That s the essential conflict of workplace monitoring. In this session we will examine what an employer can do and what they should do to make the workplace safe and the employees secure in the knowledge that there is really little expectation of privacy. Key considerations and capabilities you need to build into your Digital Forensic and Incident Response Program. How much will this functionality cost? Where does ediscovery fit into your program? What resources will you need? Why you need to do this.

5 TWO DAY CONFERENCE SECUREWORLD+ EXHIBITS/OPEN SESSIONS INVITE ONLY 11:30am - 12:15pm - Implementing Mobile Device Encryption: A Case Study Bridget Aman, CISSP, CISA, CPA, Information Privacy and Security Officer, Children s Medical Center Dallas In this session we will share the experiences of one company s implementation of mobile device encryption. We will talk about important lessons learned and strategies for the following: Selecting the right solution Important questions to ask vendors Implementation: the good, the bad and the ugly Impact to users: what to really expect Communication and training 11:30pm - 12:15pm - Presentation Theater Alcatel-Lucent Presents - Securing the Virtualized Enterprise, a Blueprint for Enterprise Security Clifford Grossner Ph.D, Director Strategic Marketing, Enterprise Security, Alcatel-Lucent Securing communications for voice, data, and video applications on a converged network is the key to supporting new business models and enabling a virtualized enterprise that competes effectively in today s business environment. The transformation to a converged network has been accompanied by an equally rapid multiplication in security threats, the growth of cybercrime, and the introduction of new security regulations. To take advantage of the latest business models and ensure they are still protected, enterprises must change how they view security to include a strategy for network embedded security capabilities. Learn about application converged networks and how they can be a security instrument delivering embedded security to protect your corporation. 12:15pm - 1:15pm - II Executive Roundtable: Mobile Device Security (Invitation Only) 12:15pm - 1:00pm - Keynote Theater Luncheon Keynote: Selling Information Security To have a successful information security program, you must first visualize the successful program. The first person you must sell the program to is - - you. This session will examine methods to be used to prepare your message. We will discuss establishing a short-term goal, achieving it, reviewing the results, and setting the next objective. We will then examine how to use short-term objectives to develop a long-term plan and how to adjust the plan after each incremental objective is met. Most importantly, we will examine how we can best reach management and employees with our message. 1:15pm - 2:00pm - Keynote Theater Industry Panel: Data Protection-Walking the Thin Line Between Employee Productivity and Security Managing and securing your data is becoming more complicated each day with the demands of today s fast-paced world. How can you adequately protect it and at the same time allow for your employees to access it for work related use? This panel will discuss possible data protection issues and steps to take to help you secure one of your most important company assets; your data. 1:15pm - 2:00pm - Presentation Theater Industry Panel: Network Security-Finding the Right Management Program With all of the recent threats and security breach scenarios, it is necessary to create a network that is secure and manageable. This panel discussion will examine the important steps and tools required for increased network security and manageability. 1:15pm - 2:00pm - Industry Panel: Effective Compliance Management in Today s Workplace PCI, SOX, HIPAA, GLBA; these acronyms can cause a lot of stress for today s IT professional. Join this panel for a look at the recent developments in compliance regulations and what you should be doing to ensure you are meeting them and have effective plans in place. 2:00pm - 3:00pm - Exhibit Hall Conference Dessert Break/Exhibitor Product Demonstrations 3:00pm - 3:45pm - Which Part of the Prickly Pear is the End Point? Jeff Debrosse, Senior Research Director ESET For the IT professional trying to secure the end point their job has become a game of catch with a prickly pear. The proper use of technology, policy, and education can be the defense you need to survive the game. 3:00pm - 3:45pm - I Don t Fall Victim to Social Media Attacks Carl Timm CISSP, PMP, CCIE #7149, Regional Director of Security, Savvis, Inc. Social media is everywhere. People use it almost on a daily basis and corporations use it for marketing and a magnitude of other reasons. However, do we really understand what is happening with our information and what we are vulnerable to? During this session we will explore our privacy and the latest vulnerabilities. We will also take a look at how to protect ourselves and the one s we love. Don t fall victim to blindly using social media. This is the time to educate yourself on the information the social media sites don t tell you about. 3:00pm - 3:45pm - The Importance of Training in Your Security Program Chris Hare, CISSP, CISA Security professionals know that people are the weakest link in a security program. Most often this is because they don t know what is expected of them. Training is an important method of conveying information to the employee population to improve their security related knowledge and drive changes in your security posture. This session examines the importance of learner-centric training to your security program. 3:00pm - 3:45pm - Is Governance Part of Your Architecture? Randy Guin, IT Security Officer, Dallas County Are solutions and technologies standardized? Does the current strategy change to include an in the cloud approach? Do you outsource an application for hosting and/or support? These are all approaches that can increase efficiency and decrease cost; exactly what upper management wants to hear! The issue becomes the architecture strategy is developed from an operational and budget perspective and may not or does not factor in Governance. In this presentation we will discuss the different elements of an IT Governance model and how it impacts IT Architecture. 3:00pm - 4:30pm - Lavon Assessing Your Current Security Program (Part 2), Security Sage 3:00pm - 4:30pm - Hillhaven Defense Against Social Engineering (Part 2) John G. O Leary, President, O Leary Management Education Check us out on the web: secureworldexpo.com

6 7:00am - 2:30pm Registration 8:00am - 9:15am InfraGard Chapter Meeting Keynote Theater 8:00 am - 9:30am SecureWorld+ Assessing Your Current Security Program (Part 3) SecureWorld+ Defense Against Social Engineering (Part 3) 8:30am - 9:15am Checking the box. What compliance doesn t mean. No More Chewy Centers: The Zero-Trust Model Of Information Security Inferring Private Information Using Social Network Data Risks, Liabilities, Strategies, Tactics, and Solutions Lavon Hillhaven I 9:00am - 3:00pm Exhibit Floor Open Collinwood I John G. O Leary George Genovezos John Kindervag Murat Kantarcioglu David Jesse Coker 9:30am - 10:15am InfraGard Keynote: Social Networking and the Consumer Cloud Are You Ready? Keynote Theater James Beeson 10:15am - 11:15am 10:45am - 11:45am 11:15am - 12:00pm Conference Break/ Product Demonstrations-Exhibit Floor Executive Roundtable: Cloud Security; Lessons Learned (Invitation Only) The Ups and Down s of DLP (Data Leakage Prevention) Privacy & Security Risks in Cloud Computing Hardware-based Cryptography for High Risk Applications Take Back the End Point II I 11:30am - 1:00pm ISSA Chapter Luncheon (Invitation Only) Windhaven 11:45am - 12:45pm Executive Roundtable: DLP; Reducing The Risk (Invitation Only) II James Beeson Robert J. Scott Ralph S. Poore Tom Fitzpatrick 12:00pm - 12:45pm Luncheon Keynote: The Data Breaches You Don t See Hurt You The Most Keynote Theater L. Frank Kenney 1:00pm - 1:45pm 1:45pm - 2:30pm 2:00pm - 2:30pm 2:30pm - 3:15pm Day 2 - November 4, 2010 TIME CONFERENCE ROOM # SPEAKER(S) Industry Panel: Protecting Your Endpoint Security Assets Industry Panel: Data Privacy- Keeping your Information out of the Wrong Hands Industry Panel: Directing Managed Services: Look Before you Leap Conference Dessert Break/Product Demonstration - Exhibits Floor SecureWorld Expo: Dash for Prizes Customer Service for the Information Security Professional An FBI Cyber Crime Briefing The Security of Equipment Tracking Connecting in Information Security Presentations: Getting past hearing to listening and connecting with your audience Keynote Theater Presentation Theater I John G. O Leary Chris Thompson Mike Kachline Andy Stokes 8:00am - 9:15am - Keynote Theater InfraGard Chapter Meeting 8:00am - 9:30am - Lavon Assessing Your Current Security Program (Part 3), Security Sage 8:00am - 9:30am - Hillhaven Defense Against Social Engineering (Part 3) John O Leary, President, O Leary Management Education 8:30am - 9:15am - Checking the box. What compliance doesn t mean. George Genovezos, Principal Information Security Analyst, Sabre-Holdings NIST, FIPS, HIPAA, PCI. Billions of dollars have been spent on compliance but does being compliant mean security? Has it ever? And why are we still not secure after a 30 years of NIST standards? Is there a solution? 8:30am - 9:15am - No More Chewy Centers: The Zero- Trust Model Of Information Security John Kindervag, Senior Analyst, Forrester The biggest issue facing information security professionals is that our traditional trust model is broken. Security devices have two interfaces: One interface is labeled trusted, and the other is labeled untrusted. In today s threat environment, which interface goes to the Internet? The zero-trust model is built on the idea that security must become ubiquitous throughout your infrastructure. 8:30am - 9:15am - Inferring Private Information Using Social Network Data Murat Kantarcioglu Asst. Professor Computer Science Dept., Director UTD Data Security and Privacy Lab University of Texas On-line social networks are increasingly utilized by many users.some of the information revealed inside these networks is private and it is possible that corporations could use learning algorithms on the released data to predict undisclosed private information. In this talk, we discuss how to launch inference attacks using released social networking data to predict undisclosed private information about individuals. 8:30am - 9:15am - I Risks, Liabilities, Strategies, Tactics, and Solutions David Jesse Coker, Attorney & Counselor at Law, Glaze & Coker, PLLC As businesses around the world face growing challenges to manage electronic access control, CCTV, burglar, and fire systems, it is important to understand the dynamics of these systems. The presentation will discuss the risks involved with this evolution, potential liabilities, enterprise-wide strategies, and proven solutions. 9:00am - 2:30pm - Collinwood I Exhibit Floor Open 10:45am - 11:45am - II Executive Roundtable: Cloud Computing; Lessons Learned (Invitation Only) 11:15am - 12:00pm - The Ups and Down s of DLP (Data Leakage Prevention) James Beeson, CISO, GE Capital - Commercial Finance This presentation is a review and discussion of best practices and challenges faced when implementing a global Data Leakage Prevention program.

7 Conference Details 11:15am - 12:00pm - I Privacy & Security Risks in Cloud Computing Robert J. Scott, Managing Partner, Scott & Scott, LLP Cloud computing is exploding. Gartner estimates the cloud market will reach $150 billion by There is growing concern over how to meet regulatory privacy and security requirements. Robert J. Scott, Managing Partner, Scott & Scott, LLP, a Dallas-based law firm with a privacy and security practice area, will share suggestions on how to mitigate or eliminate the privacy and security risks in cloud computing. 11:15am - 12:00pm - Hardware-based Cryptography for High Risk Applications Ralph Spencer Poore, CISSP, CFE, CISA, CHS-III, CTGA, QSA This session will describe the benefits of hardware-based cryptography especially as it applies to applications where a security failure would have extremely grave consequences to the organization or relying parties. No special technical cryptographic knowledge is assumed. The attendee should acquire an understanding of cryptographic principles and technical hardware design considerations for hardware-based cryptographic devices. 11:15am - 12:00pm - Take Back the End Point Tom Fitzpatrick, Director, Field Marketing, Kaspersky Lab, Americas As IT departments plan their security strategy, many overlook today s real target: The endpoint. Desktops, laptops, even smartphones and the servers that support them all are a wide open target for cybercriminals. From data breaches to banker Trojans and resulting massive financial losses, the endpoint is the new battleground for cybercrime. Think you are secure? Join this talk to find out about the growing malware threat, how cybercriminals are targeting the endpoint and how you can protect your endpoints from cybercrime. 11:30am - 1:00pm - Windhaven ISSA Chapter Luncheon: (Invitation Only) 11:45am - 12:45pm - II Executive Roundtable: DLP; Reducing The Risk (Invitation Only) 12:00pm - 12:45pm - Keynote Theater Luncheon Keynote: The Data Breaches You Don t See Hurt You The Most L. Frank Kenney, VP of Global Strategy, Ipswitch File Transfer Division Data loss is a growing risk, especially as prosumers bring more and more of their personal technology into the workplace. IT departments not only need to enable personto-server and system-to-system interactions, but also must create and enforce consistent policies and processes regarding how information is moved between people inside and outside a company. This session is meant for businesses and consumers at all levels to understand the current managed file transfer market and what comes next. 1:00pm - 1:45pm - Keynote Theater Industry Panel: Protecting Your Endpoint Security Assets The equipment that your employees rely on can be one of the most vulnerable points of attack and intrusion. What can you do to help protect them? What requirements and systems should you put in place to prevent a security disruption? This panel will take a look at some elements that should be implemented to create and maintain endpoint security. 1:00pm - 1:45pm - Industry Panel: Data Privacy- Keeping your Information out of the Wrong Hands Your customers and clients need to know their private data is safe with you and won t be shared. How do you ensure that this is the case? What recent legislation must you be aware of related to your data privacy plans? This panel will take a look at some of the elements needed to successfully keep your data private and in compliance with new regulations mandated. 1:00pm - 1:45pm - Presentation Theater Industry Panel: Directing Managed Services: Look Before you Leap There has been a lot of discussion surrounding the cloud and managed services. But do you have the facts? This panel will take a look at the components of managed services programs such as cloud computing, SaaS and Virtualization and highlight what you should be looking for and how to sift through and determine the best program for your needs. 2:30pm - 3:15pm - Customer Service for the Information Security Professional John O Leary, President, O Leary Management Education We ll analyze the situation on both the service provider (that s us) and customer sides from a security perspective, emphasizing the need to understand the viewpoints of those we must deal with. We will also analyze complications and particular difficulties inherent in doing anything that provokes as many potential conflicts as IT security. 2:30pm - 3:15pm - I An FBI Cyber Crime Briefing Chris Thompson, Special Agent, FBI Dallas Division Join us for a look at the latest trends in cyber crime and what you should be aware of. 2:30pm - 3:15pm - The Security of Equipment Tracking Mike Kachline, Director of Software Operations, Geoforce An emerging trend is the use of wireless devices to track and monitor key pieces of equipment. Discover how these technologies work and some of the security challenges being faced in this new world of asset visibility. 2:30pm - 3:15pm - Connecting in Information Security Presentations: Getting past hearing to listening and connecting with your audience Andy Stokes President Forth Worth Chapter ISSA John Maxwell says that everyone communicates, yet few connect. In this presentation, we will talk about connecting with everyone, from the conference room to the boardroom, to ensure your voice as the Information Security Professional is heard and even sought out. You will see examples of both good and bad communication styles and learn strategies that will get you invited back time after time. Check us out on the web: secureworldexpo.com

8 Extends Special Thanks to our 2010 Executive Steering Council: James Beeson GE Capital Richard Dorough Textron James Hynes Wells Fargo Jerry A. Knight Comerica Robert Myles UT Southwestern KC Condit Rent-A-Center, Inc. Randy Calhoun Nortel Randy Guin Dallas County Deborah Lohr BancTec, Inc. Robert Polvado Verizon Christopher Meinders World Marketing, Inc. Mike Pruden ADT Security Steve Weber CVS Caremark Corporation Bridget Aman Children's Medical Center in Dallas Chris Rapp Sovereign Bank George Genovezos Sabre Holdings Kim Morris PNM Resources Eric Hill Southern Methodist University Mark Natzic Northrup Grumman Mark Urbis Carlson Restaurants Mike Kachline Geoforce, Inc Sean Inman Pier 1 Imports Glynn Smith Dave & Buster's Shaun Drutar American Home Mortgage Servicing Inc Chester Helt City of Plano Dan Myers Cinemark, Inc. Jeff Stapleton Bank of America Rob Mears Beal Bank Kip Chevalier KnowledgeBase Marketing Michael R. Smith Parkland Health & Hospital System Guy Billingsley CHRISTUS Health Roger Martin Hunt Consolidated, Inc. Richard Stelluti Fossil, Inc. Gary Petroski National Weather Service Shamoun Siddiqui CVS Caremark Joe Pindell Bank of America Alex Nehlebaeff Harley-Davidson Financial Services Inc. George Turrentine Verizon Christopher Mears Fossil Jerry Davis Sabre Holdings Johnny Hernandez PrimeLending Dione McBride CISSP Rob West Texas Instruments Rick Baldree ISSA Fort Worth Chapter Steve Streiffert City of Fort Worth Imtiaz Haiyoom Central Dallas Ministries Ismael Alfaro Jr. GameStop, Inc. Travis Farral XTO Energy a subsidiary of Exxon Mobil Thanks to Our Sponsors ALIZATION ATA LEAKAGE APPLICATION SECURITY COMPLIANCE SYSTEMS INTEGRATION ENCRYPTION BIOMETRICS WIRELESS FORENSICS ACCESS CONTROL BOTNETS VIRTUALIZATION RISK MANAGEMENT DATA LEAKAGE APPLICATION SECU COMPLI

INFRAGARD KEYNOTE Dan Geer CISO In-Q-Tel. CyberSecurity and National Policy

INFRAGARD KEYNOTE Dan Geer CISO In-Q-Tel. CyberSecurity and National Policy SecureWorld Inside Featured Keynotes Industry Expert Panels Conference Sessions Case Studies SecureWorld+ Training And More!... Security demands are rapidly growing while security training budgets are

More information

About Our 2015 WTA Cyber Security Speakers and Sessions

About Our 2015 WTA Cyber Security Speakers and Sessions About Our 2015 WTA Cyber Security Speakers and Sessions The constant threat of cyber security attacks is the number one concern for most businesses today. Weaknesses in networks and data security can expose

More information

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.

More information

Is the PCI Data Security Standard Enough?

Is the PCI Data Security Standard Enough? Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard

More information

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly

More information

Network Segmentation

Network Segmentation Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or

More information

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

Achieving Security through Compliance

Achieving Security through Compliance White Paper Achieving Security through Compliance Policies, plans, and procedures Part I By Jeff Tucker, Principal Security Consultant McAfee Foundstone Professional Services Table of Contents Overview

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators

About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators Profile MicroSolved, Inc. is an Ohio corporation with a Dun and Bradstreet number of 022904119. Since 1992, MSI has

More information

Maximizing Configuration Management IT Security Benefits with Puppet

Maximizing Configuration Management IT Security Benefits with Puppet White Paper Maximizing Configuration Management IT Security Benefits with Puppet OVERVIEW No matter what industry your organization is in or whether your role is concerned with managing employee desktops

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars

More information

Data Privacy, Security, and Risk Management in the Cloud

Data Privacy, Security, and Risk Management in the Cloud Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,

More information

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda

More information

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud? East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

What s Lurking in Your Network & The Business Impact of Data Breaches. Colby Clark Director of Incident Management FishNet Security

What s Lurking in Your Network & The Business Impact of Data Breaches. Colby Clark Director of Incident Management FishNet Security What s Lurking in Your Network & The Business Impact of Data Breaches Colby Clark Director of Incident Management FishNet Security Who am I? Colby Clark is the Director of Incident Management at Fishnet

More information

PCI Compliance 2012 - The Road Ahead. October 2012 Hari Shah & Parthiv Sheth

PCI Compliance 2012 - The Road Ahead. October 2012 Hari Shah & Parthiv Sheth PCI Compliance 2012 - The Road Ahead October 2012 Hari Shah & Parthiv Sheth What s the latest? Point-to-Point Encryption (P2PE) Program Guide Updated Solution Requirements and Testing Procedures for hardware-based

More information

JOINT EVENT WITH IIBA-LA. Trends & Best Practices in. Cybersecurity for networks, cloud computing and mobile

JOINT EVENT WITH IIBA-LA. Trends & Best Practices in. Cybersecurity for networks, cloud computing and mobile JOINT EVENT WITH IIBA-LA Trends & Best Practices in Cybersecurity for networks, cloud computing and mobile April 23 rd, 2015 Hands-on Experts Share Current Strategies to Manage Cybersecurity Today s enterprise

More information

BIG SHIFT TO CLOUD-BASED SECURITY

BIG SHIFT TO CLOUD-BASED SECURITY GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

It All Starts with Log Management:

It All Starts with Log Management: : Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

How to Justify Your Security Assessment Budget

How to Justify Your Security Assessment Budget 2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice

More information

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe Agenda Who Is VendorSafe Technologies? It Won t Happen to Me! PCI DSS Overview The VendorSafe Solution Questions

More information

Cascading Risk. Tom Kellermann, CISM VP of Security Awareness. Core Security Technologies www.coresecurity.com

Cascading Risk. Tom Kellermann, CISM VP of Security Awareness. Core Security Technologies www.coresecurity.com Cascading Risk Tom Kellermann, CISM VP of Security Awareness Core Security Technologies www.coresecurity.com The Evolution of the Threat Syndicates and the business model Internet Arms Bizarre Online fraud

More information

The State of Cyber Security Today. Jeffrey Man

The State of Cyber Security Today. Jeffrey Man The State of Cyber Security Today Jeffrey Man Tenable provides Continuous Network Monitoring to identify vulnerabilities, reduce risk and ensure compliance. Tenable Product Portfolio Agenda My Background

More information

Tuesday, August 19th Prevent, Detect, Respond: A Framework for Effective Cyber Defense Dr. Eric Cole, Fellow, SANS Institute

Tuesday, August 19th Prevent, Detect, Respond: A Framework for Effective Cyber Defense Dr. Eric Cole, Fellow, SANS Institute Tuesday, August 19 th 9:00-9:45 am Keynote Address Prevent, Detect, Respond: A Framework for Effective Cyber Defense Security is now a mainstay of boardroom discussions. However, many organizations remain

More information

Cyber Security Risks for Banking Institutions.

Cyber Security Risks for Banking Institutions. Cyber Security Risks for Banking Institutions. September 8, 2014 1 Administrative CPE regulations require that online participants take part in online questions Must respond to a minimum of four questions

More information

Dallas, TX September 10. Chairman: Lance Spitzner

Dallas, TX September 10. Chairman: Lance Spitzner Dallas, TX September 10 Chairman: Lance Spitzner AGENDA All Summit Sessions will be held in the Vista Ballroom (unless noted). All approved presentations will be available online following the Summit

More information

ISOAG Meeting December 2, 2015

ISOAG Meeting December 2, 2015 ISOAG Meeting December 2, 2015 Welcome to CESC! www.vita.virginia.gov 1 1 www.vita.virginia.gov ISOAG December 2, 2015 Agenda I. Welcome & Opening Remarks Mike Watson, VITA II. The Fog of More Robert Shields,

More information

What is Management Responsible For?

What is Management Responsible For? What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right

More information

Plan of Attack 5 Step Plan

Plan of Attack 5 Step Plan Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days

More information

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and

More information

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should

More information

Bachelor of Information Technology (Network Security)

Bachelor of Information Technology (Network Security) Bachelor of Information Technology (Network Security) Course Structure Year 1: Level 100 Foundation knowledge subjects SEMESTER 1 SEMESTER 2 ITICT101A Fundamentals of Computer Organisation ITICT104A Internetworking

More information

7 th Annual Information Security Summit The Executive Forum. Information Security Management Overview

7 th Annual Information Security Summit The Executive Forum. Information Security Management Overview 7 th Annual Information Security Summit The Executive Forum Information Security Management Overview June 4, 2015 Copyright 2015. Citadel Information Group. All Rights Reserved. 2 Establishing Leadership.

More information

Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008

Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008 Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008 Matthew T. Davis SecureState, LLC mdavis@securestate.com SecureState Founded in 2001, Based on Cleveland Specialized

More information

North Texas ISSA CISO Roundtable

North Texas ISSA CISO Roundtable North Texas ISSA CISO Roundtable Roundtable Topic Threat Against Our Well Being The Most Effective Methods in Combating and Responding to the Cyber Attack Event Sponsor Moderator and Panelists David Stanton

More information

PCI Compliance in Multi-Site Retail Environments

PCI Compliance in Multi-Site Retail Environments TECHNICAL ASSESSMENT WHITE PAPER PCI Compliance in Multi-Site Retail Environments Executive Summary As an independent auditor, Coalfire seeks to be a trusted advisor to our clients. Our role is to help

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

SCAC Annual Conference. Cybersecurity Demystified

SCAC Annual Conference. Cybersecurity Demystified SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber

More information

PCI DSS 3.0 Changes & Challenges P R E S I D E N T/ C O - F O U N D E R F R S EC U R E

PCI DSS 3.0 Changes & Challenges P R E S I D E N T/ C O - F O U N D E R F R S EC U R E PCI DSS 3.0 Changes & Challenges EVAN FRANCEN, CISSP CISM P R E S I D E N T/ C O - F O U N D E R F R S EC U R E PCI DSS 3.0 Changes & Challenges Topics FRSecure, the company Introduction to PCI-DSS Recent

More information

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates HIPAA Myths WEDI Regional Affiliates Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the

More information

Cybersecurity Demystified: Information Technology Security Trends. Joe Oleksak, Plante Moran

Cybersecurity Demystified: Information Technology Security Trends. Joe Oleksak, Plante Moran Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims

More information

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012 2012 雲 端 資 安 報 告 黃 建 榮 資 深 顧 問 - Verizon Taiwan August 2012 1 It s All About Security Protecting assets from threats that could impact the business Protecting Assets... Stationary data Data in transit

More information

PCI DSS Top 10 Reports March 2011

PCI DSS Top 10 Reports March 2011 PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,

More information

Deployment Strategies for Effective Encryption

Deployment Strategies for Effective Encryption Deployment Strategies for Effective Encryption Ben Rothke, CISSP, CISA Information Security Wyndham Worldwide Corp. Session ID: DSP-W25B Session Classification: Intermediate Deployment Strategies for effective

More information

October 2014. Four Best Practices for Passing Privileged Account Audits

October 2014. Four Best Practices for Passing Privileged Account Audits Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Understanding Layered Security and Defense in Depth

Understanding Layered Security and Defense in Depth Understanding Layered Security and Defense in Depth Introduction Cybercriminals are becoming far more sophisticated as technology evolves. Well-publicized security breaches of major corporations are capturing

More information

CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link

CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link Peter Milla CASRO Technical Consultant/CIRQ Technical Advisor peter@petermilla.com Background CASRO and Standards CASRO takes

More information

I n f o r m a t i o n S e c u r i t y

I n f o r m a t i o n S e c u r i t y We help organizations protect INFORMATION The BorderHawk Team has significant experience assessing, analyzing, and designing information protection programs especially in Critical Infrastructure environments.

More information

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS Learn more about Symantec security here OVERVIEW Data and communication protection isn t a problem limited to large enterprises. Small and

More information

Hedge Funds & the Cloud: The Pros, Cons and Considerations

Hedge Funds & the Cloud: The Pros, Cons and Considerations Hedge Funds & the Cloud: The Pros, Cons and Considerations By Mary Beth Hamilton, Director of Marketing, Eze Castle Integration The increased use of cloud-based services is undeniable. Analyst firm Forrester

More information

Evolution from FTP to Secure File Transfer

Evolution from FTP to Secure File Transfer IPSWITCH FILE TRANSFER WHITE PAPER Evolution from FTP to Secure File Transfer www.ipswitchft.com Do you know where your organization s confidential and sensitive files were transferred today? Are you sure

More information

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015

CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015 12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman

More information

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security

More information

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown 1 Protected networks are continuously being successfully attacked

More information

PCI DSS Reporting WHITEPAPER

PCI DSS Reporting WHITEPAPER WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts

More information

Cyber Security Management

Cyber Security Management Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies

More information

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 A Wake-Up Call? Fight Back Against Cybercrime Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 1 Coalfire Background Leading Information Security Consulting Firm Offices: Atlanta,

More information

INFORMATION SECURITY FOR YOUR AGENCY

INFORMATION SECURITY FOR YOUR AGENCY INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection

More information

Surviving the Ever Changing Threat Landscape

Surviving the Ever Changing Threat Landscape Surviving the Ever Changing Threat Landscape Kevin Jordan Cyber Security Specialist Dell GLBA FFIEC NCUA PCI HIPAA NERC CIP FISMA 700+ Percentage of U.S. adults who Federal named online and banking state

More information

Report on CAP Cybersecurity November 5, 2015

Report on CAP Cybersecurity November 5, 2015 Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

InfoSec Academy Forensics Track

InfoSec Academy Forensics Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

Uncheck Yourself. by Karen Scarfone. Build a Security-First Approach to Avoid Checkbox Compliance. Principal Consultant Scarfone Cybersecurity

Uncheck Yourself. by Karen Scarfone. Build a Security-First Approach to Avoid Checkbox Compliance. Principal Consultant Scarfone Cybersecurity Uncheck Yourself Build a Security-First Approach to Avoid Checkbox Compliance by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800

More information

Executive Management of Information Security

Executive Management of Information Security WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without

More information

Designing & Building an Information Security Program. To protect our critical assets

Designing & Building an Information Security Program. To protect our critical assets Designing & Building an Information Security Program To protect our critical assets Larry Wilson Version 1.0 March, 2014 Instructor Biography Larry Wilson is responsible for developing, implementing and

More information

Click to edit Master title style

Click to edit Master title style EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity

More information

Data Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc.

Data Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Data Security So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Table of Contents: 1. Introduction 3 2. Cybersecurity: The loopholes in the system

More information

Cyber-Security. FAS Annual Conference September 12, 2014

Cyber-Security. FAS Annual Conference September 12, 2014 Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy

More information

FERPA: Data & Transport Security Best Practices

FERPA: Data & Transport Security Best Practices FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require

More information

Brown Smith Wallace, LLC

Brown Smith Wallace, LLC Brown Smith Wallace, LLC Successful Software Selection Whitepaper Series How to Adhere to Payment Card Industry Data Security Standards By Ron Schmittling, CPA/CITP, QSA, CISA, CIA To learn more about

More information

Think STRENGTH. Think Chubb. Cyber Insurance. Andrew Taylor. Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber

Think STRENGTH. Think Chubb. Cyber Insurance. Andrew Taylor. Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber Think STRENGTH. Think Chubb. Cyber Insurance Andrew Taylor Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber The World Has Changed Then Now 1992 first text message More txt s that the entire

More information

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007 Security Testing: The Easiest Part of PCI Certification Core Security Technologies September 6, 2007 Agenda Agenda The PCI Standard: Security Basics and Compliance Challenges Compliance + Validation =

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

The Evolution of Application Monitoring

The Evolution of Application Monitoring The Evolution of Application Monitoring Narayan Makaram, CISSP, Director, Solutions Marketing, HP Enterprise Security Business Unit, May 18 th, 2012 Rise of the cyber threat Enterprises and Governments

More information