IANS Information Security Forum. 2015 Curriculum



Similar documents
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

The SIEM Evaluator s Guide

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

The Benefits of an Integrated Approach to Security in the Cloud

Rashmi Knowles Chief Security Architect EMEA

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

A NEW APPROACH TO CYBER SECURITY

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Combating a new generation of cybercriminal with in-depth security monitoring

Defending against Cyber Attacks

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

Cyber Security Metrics Dashboards & Analytics

Security Services. 30 years of experience in IT business

Logging In: Auditing Cybersecurity in an Unsecure World

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Strategies for assessing cloud security

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Vulnerability Management

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

How To Get More Out Of The Cloud

Security and Privacy

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

I D C A N A L Y S T C O N N E C T I O N

Address C-level Cybersecurity issues to enable and secure Digital transformation

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Italy. EY s Global Information Security Survey 2013

How to Execute Your Next Generation of Mobile Initiatives. Ian Evans Vice President and Managing Director- EMEA, AirWatch by VMware

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

NE T GENERATION CLOUD SECURITY PLATFORM

After the Attack. The Transformation of EMC Security Operations

Developing Secure Software in the Age of Advanced Persistent Threats

SIEM 2.0: AN IANS INTERACTIVE PHONE CONFERENCE INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS SUMMARY OF FINDINGS

Detect, Contain and Control Cyberthreats

Breaking the Cyber Attack Lifecycle

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Critical Security Controls

HP Fortify Software Security Center

Agenda , Palo Alto Networks. Confidential and Proprietary.

Cybersecurity Enhancement Account. FY 2017 President s Budget

Top 10 Reasons Enterprises are Moving Security to the Cloud

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Optimizing Network Vulnerability

CYBER SECURITY TRAINING SAFE AND SECURE

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Information Security for the Rest of Us

State of Security Monitoring of Public Cloud

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Car Cybersecurity: What do the automakers really think? 2015 Survey of Automakers and Suppliers Conducted by Ponemon Institute

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Zak Khan Director, Advanced Cyber Defence

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

How To Protect Your Cloud From Attack

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Security Risk Management Strategy in a Mobile and Consumerised World

Managing the Unpredictable Human Element of Cybersecurity

1. Understanding Big Data

Bridging the gap between COTS tool alerting and raw data analysis

Cybersecurity: What CFO s Need to Know

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Five keys to a more secure data environment

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

OVERVIEW. Enterprise Security Solutions

Security Analytics for Smart Grid

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Evolution Of Cyber Threats & Defense Approaches

Cybersecurity Strategic Consulting

NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES

Transcription:

2015 IANS Information Security Forum 2015 Curriculum

IANS Forums: A Unique Experience This is not your typical industry or technology event. IANS Information Security Forums deliver a unique experience for security, risk management, audit and GRC professionals. Our goal is to help you make progress in aligning your organization s information security strategy with the goals of the business. The IANS Faculty, comprising of the world s foremost expert practitioners, provide actionable information that delegates can take back to their companies and immediately use. IANS Forums are free of commercial noise and hype, and are hallmarked by: Faculty-led information sessions IANS Faculty relate their work with clients regarding the tactical and strategic issues that your infosec team and company are dealing with every day Peer-to-peer networking and exchange Join information security professionals from your industry or other industries and learn from each other s experiences No vendor trade show or exhibit tables Solution providers are available via opt-in Technology Spotlight sessions that deliver real-world insights on the latest technologies and use cases No reporters or journalists IANS events are closed to the media. Information that is shared and exchanged is considered confidential. This enables delegates to share ideas, challenges and solutions within a discreet and private environment. IANS Faculty Independent Thought Leadership and Advice IANS Forums are led by our world-class Faculty of independent thought leaders who deliver expert insights and advice based on real-world experience. Dave Shackleford Alex Hutton Gunnar Peterson Marcus Ranum Kevin Johnson Diana Kelley John Strand Aaron Turner

Track 1: Perimeter-less Data Protection Track 1 Sessions Securing Data in the Cloud 2.0 As enterprises move more workloads to the cloud, they need to ensure their critical data is as secure as it was on premises. To that end, what are the best tactics, techniques and methods when it comes to cloud encryption, data privacy and access controls? How should you approach third-party reviews, data classification and identity management? Key Management: Turning a Headache into a Head Start Encryption is a key strategy for protecting corporate data wherever it resides, but in many cases, worries around key management become a stumbling block to leveraging new initiatives such as cloud and mobile. Who should own the keys and why? What are the major encryption use cases and what new key management solutions are coming to market to help? Application Security: Faster, Better, Smarter In an age of DevOps and other agile development initiatives, how can security provide value-add impact to the Software Development Lifecycle (SDLC)? This session will explore methods and practices to ensure that every app meets or exceeds security goals without slowing down the process. Getting the Most Bang for Your Data Loss Prevention (DLP) Buck In just a couple of years, data loss prevention (DLP) has moved from next-big-thing to barely-betterthan-av status in most organizations. But are we truly leveraging all that DLP brings? How can you get the most from your DLP investment? What strategies help (and hinder) the process? Making Identity Work in a Perimeter-less World As more corporate data resides outside the company in the cloud, at third-party service providers and more the need to implement comprehensive identity management processes becomes critical. Should you pursue federated ID? How do you securely extend provisioning beyond employees to customers, suppliers and partners?

Track 2: Fight Advanced Malware Track 2 Sessions Learning from Patient Zero: Dissecting Recent Data Breaches to Evolve Our Defenses High-profile breaches seem to happen every day, but are we learning anything from them? In this session, we review the ways in which Target, Community Health, Home Depot and other organizations were breached and deliver actionable methods to evolve our defenses and prevent similar compromises. Best Practices in Finding, Crippling and Eliminating Advanced Malware No one expects antivirus tools alone to stop today s rash of advanced malware threats. What else is required? What mix of strategies and tools can optimally meet the challenge of ever-evolving and ever-more-targeted malware? How can malware be neutralized before it causes damage? You re Probably Already Compromised: Now What? The latest Verizon Data Breach report finds most organizations go weeks, months and even years before discovering malware on their networks. In this session, we detail tried-and-true techniques to uncover bad actors on the network while showing how to apply Lockheed Martin s Cyber Kill Chain methodology to ensure your environment becomes and remains an unattractive target. The Latest in Agile Security: What Works and What Doesn t As threat actors evolve and become ever more agile and targeted in their attacks, information security must respond in kind. What are the key new tools and strategies leading-edge companies are adopting to ensure their networks are hard-to-hit targets? What are the most promising, cost-effective and practical strategies? Know Your Enemies: Developing a Company-Specific Threat Profile Who or what poses the greatest threat to your organization? Nation-states? Competitors? Organized crime? Hacktivists? Disgruntled employees? What digital assets are they after, and which will cause the worst damage if they are stolen? Having a clear understanding of your adversary and the assets that matter helps crystalize where to allocate your budget dollars and where to devote your efforts.

Track 3: Regain Control Track 3 Sessions BYOD: An Idea Whose Time Has Come and Gone? When BlackBerry fell out of favor, IT and security were blindsided by executives and employees alike rushing to buy their own Androids and iphones to leverage as key business tools. But with Apple and Google making real efforts to be business-friendly, is now the time to end BYOD and bring devices back in-house? What are the cost, technology, security and people ramifications of such a move, and what are the key steps to take? Architecting the Cloud for Security Success Many organizations have a Cloud First policy, and security professionals are tasked with identifying risks and protecting data. What are the proven cloud security reference architectures? What practical steps can you take to ensure you architect your cloud implementation in a secure, agile, risk-aware manner? Inserting Security Into the IT Supply Chain As more business units go around IT to source their apps and projects, security quickly falls by the wayside. What practical tactics and strategies can information security use to discover these initiatives and insert itself into the supply chain to ensure the business remains both agile and secure? Securing Virtualized Environments: What Works and What Doesn t Virtualization now underpins every data center, but security tools and strategies are struggling to catch up. What are best practices here? What security tools scale well in a virtualized environment and which ones don t? How can we ensure bulletproof security in hypervisor environments? Getting from MDM to Mobile Management: Time to Focus on Apps and Data As more employees access critical apps and data on the go, security must pivot from seeking to control mobile devices to securing access to corporate apps and data. What combination of device, app, data and other controls help mobile work best? What new tools support this change?

Track 4: Improve Visibility Track 4 Sessions The Promise of Security Automation: Emerging Tools and Tactics Information security needs to detect and respond to threats and mitigate vulnerabilities more rapidly than ever before. Leveraging automation tools like Puppet, Chef and scripting tools to secure both in-house and cloud-based assets holds a lot of promise. What tools and technologies are emerging to help automate repetitive tasks or processes? What are the pitfalls to avoid? No Pain, No Gain: Building an Internal Forensics Program that Works A forensics program is only as good as the people, processes and tools it has on hand. How can you ensure your forensics program is fast, comprehensive and skilled enough to help your organization learn and grow stronger from each security event it encounters? How Secure Are Your Business Partners? Reducing the Risk From Third Parties Is your HVAC provider leaving your network vulnerable? How can you manage your third-party relationships to ensure they aren t presenting undue risk to the business? What are best practices in terms of vetting third parties and conducting comprehensive risk assessments? Taking Vulnerability Management to the Next Level Vulnerability management encompasses scanning, configuration management, patch management and more. How are organizations adapting their vulnerability management programs to deal with more data? How does vulnerability management tie back to change and configuration management, and help improve patching programs? Moving from Log Management to Security Intelligence Existing network monitoring tools don t deliver a clear picture. What collection of new technologies (e.g., advanced SIEM), better collection of network data (e.g., scanner results and NetFlow data) and better processes will improve the security intelligence picture? How can data analytics help clarify the results?

Track 5: Think Business Track 5 Sessions From Techie to Risk Expert: Honing Skills for Security s Next Phase What skills (both hard and soft) are critical in today s security organizations, and what aren t? How can you ensure you evolve your skillset to serve the business and go beyond the tactical capabilities that are on your company s next-to-be-outsourced list? Security Awareness: Moving from Gotcha to Empowerment Security awareness programs tend to run off the rails when information security focuses on tricking users instead of instilling secure behaviors that benefit the company as a whole. How can security incent such behaviors? What tools, tactics and strategies help users feel knowledgeable and empowered enough to be true partners in protecting the business? Understanding the GRC Process Integrating security and true risk assessment into the fabric of the business is no easy feat. How can security master governance across the organization, from within IT, at the business unit level and out to audit and compliance? What egrc tools ease the process? Compliance Pitfalls: How to Spot Them, How to Avoid Them Compliance is never easy, but add mobile, cloud, social media and privacy initiatives into the mix, and it becomes nearly impossible. What are the most common compliance pitfalls today s organizations face and what are the best strategies for avoiding them? Creating Security Metrics that Matter to the Business How do you create (and present to management) operational metrics that both help information security be more productive and ensure the business makes informed, risk-aware decisions? What works best? What should you avoid? How are metrics best communicated?

2015 IANS is the leading provider of in-depth security insights and decision support delivered through research, community and consulting. Fueled by interactions among IANS Faculty and information security practitioners, IANS experience-driven advice helps IT security, risk management and compliance executives make better, faster technical and managerial decisions. IANS Research, Inc. 15 Court Square Suite 1100 Boston, MA. 02108 Telephone: 617.399.8100 Facsimile: 617.399.8101 Web: www.iansresearch.com Email: info@iansresearch.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information