Big 4 Information Security Forum



Similar documents
Getting real about cyber threats: where are you headed?

SECURITY CONSIDERATIONS FOR LAW FIRMS

Cybersecurity and internal audit. August 15, 2014

Introduction to Cybersecurity Overview. October 2014

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Zak Khan Director, Advanced Cyber Defence

Oil & Gas Cybersecurity

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

PCI Solution for Retail: Addressing Compliance and Security Best Practices

CyberArk Privileged Threat Analytics. Solution Brief

Cybersecurity: Protecting Your Business. March 11, 2015

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

Application Security in the Software Development Lifecycle

Are you prepared to be next? Invensys Cyber Security

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Executive Cyber Security Training. One Day Training Course

North Texas ISSA CISO Roundtable

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Addressing Cyber Risk Building robust cyber governance

Professional Services Overview

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Advanced Threat Protection with Dell SecureWorks Security Services

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Key Cyber Risks at the ERP Level

Into the cybersecurity breach

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Cybersecurity The role of Internal Audit

Cyber Security Evolved

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

ISO27032 Guidelines for Cyber Security

PCI DSS Overview and Solutions. Anwar McEntee

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

Privilege Gone Wild: The State of Privileged Account Management in 2015

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

A COMPLETE APPROACH TO SECURITY

Application Security 101. A primer on Application Security best practices

WHITE PAPER Mapping Organizational Roles & Responsibilities for Social Media Risk. A Hootsuite & Nexgate White Paper

Covert Operations: Kill Chain Actions using Security Analytics

Cybersecurity Awareness. Part 1

The enemies ashore Vulnerabilities & hackers: A relationship that works

RETHINKING CYBER SECURITY Changing the Business Conversation

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

KEY TRENDS AND DRIVERS OF SECURITY

September 20, 2013 Senior IT Examiner Gene Lilienthal

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Information Security and Risk Management

Practical Steps To Securing Process Control Networks

Welcome Back Roberto Casetta, Snr. Vice President International. The Story Behind The Crystal Pete Daw, Cities Urban Developer Siemens Plc

Middle Class Economics: Cybersecurity Updated August 7, 2015

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

Developing Secure Software in the Age of Advanced Persistent Threats

PCI DSS READINESS AND RESPONSE

PENETRATION TESTING GUIDE. 1

Continuous Network Monitoring

Course Bachelor of Information Technology majoring in Network Security or Data Infrastructure Engineering

Securing Your Business with DNS Servers That Protect Themselves

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle

Statement of Qualifications Cybercrime & data breach

October 24, Mitigating Legal and Business Risks of Cyber Breaches

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Internet Reputation Management Guidelines Building a Roadmap for Continued Success

CYBER SECURITY TRAINING SAFE AND SECURE

Cyber crime risk management protecting your business 4 November 2015

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Presented by Frederick J. Santarsiere

Cyber-Security. FAS Annual Conference September 12, 2014

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

Cybersecurity and Privacy Hot Topics 2015

Internet Reputation Management Guide. Building a Roadmap for Continued Success

Italy. EY s Global Information Security Survey 2013

REPORT. Next steps in cyber security

Security Risk Management Strategy in a Mobile and Consumerised World

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

ITAR Compliance Best Practices Guide

Transcription:

San Francisco ISACA Chapter Proudly Presents: Big 4 Information Security Forum A Day-Long, Multi-Session Event, being held in San Francisco @ the Sir Francis Drake Hotel! *** PLEASE NOTE THIS EVENT WILL NOT BE AT THE HOTEL NIKKO *** Where: Sir Francis Drake Hotel - 450 Powell Street San Francisco, CA 94102 (415) 392-7755 When: Thursday, May 20 th, 2010 Registration: 8:30 a.m. 9:15 a.m. Session: 9:15 a.m. 4:30 p.m. - Breakfast / Lunch / Afternoon Refreshments provided Speakers: See below for Sessions Agenda, Speaker Information, and Schedule CPE Hours: 6.0 Cost: $79.00 ISACA Members $89.00 Non-Members $59.00 Students $79 for members = 6 CPEs + Meals 4x the CPE units of our regular monthly luncheon sessions for less than 2x the cost = more than 50% savings for our valued members!!!

Sessions Agenda and Speaker Information: 2010 Security Trends Vijay Jajoo, Director KPMG Session Synopsis: Over the past 20 years, the information security landscape has significantly evolved from focus on firewalls, operating systems, web applications to edge devices and data protection. This evolution has been driven by consumer behavior, and the platforms leveraged to manage the business and deliver services. With every new technology, there lies the business benefits, as well as certain risks. This session will focus on discussing the 2010 trends that we see in the industry, and how to be prepared as a security professional, to minimize the risks, create business value, and gain efficiencies. Speaker Bio: Vijay Jajoo is a Director in KPMG s IT Advisory practice with over 15 years of experience assisting clients with IT Strategy, Security Transformation, Enterprise Governance Risk & Compliance (GRC), Security Incident Response programs, and enabling their business processes using emerging technologies to meet their strategic objectives and mitigate business and compliance risks. His technical and functional security expertise includes a wide range of platforms, networks and applications, and his primary focus has been on servicing Fortune 100 companies in the Financial Services and Internet Services industries. Vijay has presented at various IT and Security industry events on key security challenges, trends and remediation strategies like data breach and identity theft, IT transformation, and CIO/CISO agenda, Enterprise GRC roadmap and implementation. Vijay was a steering committee member with IDSP (Identity Theft Prevention & Identity Management Standards Panel), coordinated by ANSI and the BBB institute, to help develop a practical standards framework to minimize identity theft and fraud across various industries. He also assisted the primary authors in writing and editing the book Cloud Security and Privacy (O'Reilly Media). He earned his MBA with an emphasis in Telecommunications and International Finance from the University of San Francisco, CA. He s a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified LiveWire Investigator (CLI) and Cisco Certified Network Associate (CCNA).

Cyber Intelligence / Warfare Ali Golshan, Manager PricewaterhouseCoopers Session Synopsis: Concerns over Advanced Cyber Threats is growing by day, and it has been well documented that certain organized groups and governments have taken an active approach to creating cyber attack capabilities. Today s security solutions are falling short due to their approach & architecture. Furthermore, the rise of espionage groups such as the Shadow Network, using sophisticated methodologies to hack military and civilian networks, as well as governments employing Cyber Warfare as part of military offensive such as Russia's well documented attacks on the Georgian Cyber infrastructure during the 2008 conflict. We have reached a point where a new threat landscape has been created, through weaponizing of malware, and networks such as RBN (Russian Business Network) created for the distribution of these types of attacks. As a result there is an urgent need in a paradigm shift to combat these highly sophisticated and targeted attacks. Speaker Bio: Ali Golshan is focused on the security of information technology, with a focus on technical assessments related to malware, targeted attacks, and cyber warfare, has been involved in the security industry for over 9 years, with the last 5 years focused on the changing threat landscape, and the paradigm shift required in the security industry to combat organized, and sophisticated attacks. Ali is a leading subject matter specialist in IT Security, consulting, development, and operational processes, with extensive experience in R&D towards mapping and building advanced threat vectors.

Owning Corporations: Abusing (and Leveraging) Subliminal Intelligence form Open Source Channels Nitesh Dhanjani, Senior Manager Ernst and Young Session Synopsis: Take a look at your corporation's security project portfolio and you are likely to find the following initiatives: application security, platform security, identity and access management, data security, network security. By investing in these projects, your corporation is probably spending millions every year to protect its intellectual property. Unfortunately, the traditional channels many security projects aim to protect are increasingly becoming outmoded and of little interest to the new generation of malicious and persistent actors. In this presentation, we will take a detailed look at how malicious attackers can leverage subliminal intelligence, which is continuously being leaked into the public domain by staff and executives alike, to ascertain confidential information and to steal intellectual property from the largest corporations. Here are the topics we will cover: How vulnerabilities in social media platforms can be abused to uncloak identities and discover the underlying business hierarchies. Reconnaissance and pillage of confidential corporate information via behavioral analysis of social networks. Inside-out intelligence gathering from public channels - specifically location aware social channels. Influence analysis of social network graphs to discover and steal corporate information. Hacking the Psyche: How to build psychological and emotional dashboards of targeted individuals for social engineering by way of manipulation. The goal of this presentation is to raise consciousness on how open source mechanisms can and are being abused by malicious actors to infiltrate their way into corporations by abusing channels that leak subliminal intelligence. Speaker Bio: Nitesh Dhanjani is a well known information security researcher and speaker. Dhanjani is the author of "Hacking: The Next Generation" (O'Reilly), "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly), and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network Security" (Osborne McGraw-Hill). At Ernst & Young, Dhanjani is Senior Manager in the Advisory practice, responsible for helping some of the largest corporations establish enterprise wide information security programs and solutions. Dhanjani is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as social media, cloud computing, and virtualization. Prior to E&Y, Dhanjani was Senior Director of Application Security and Assessments at Equifax where he spearheaded security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & threat modeling, and managed the attack & penetration team. Before Equifax, Dhanjani was Senior Advisor at Foundstone's Professional Services group where, in addition to performing security assessments, he contributed to and taught Foundstone's Ultimate Hacking security courses. Dhanjani holds both a Bachelor's and Master's degree in Computer Science from Purdue University.

Cloud Security Arun Perinkolam, Manager Deloitte & Touche Session Synopsis: Cloud computing promises significant cost savings, rapid deployment opportunities, dynamic scalability and flexibility. With these purported benefits, however, come various security and privacy risks and challenges which are widely cited as the top barrier to adoption for cloud services. Whether operating in a public, private, or hybrid cloud model, developing an effective security and privacy program for the cloud will be an imperative to managing risk and protecting key IP and data assets from unauthorized access and disclosure. We will provide participants with an overview of the various cloud business models, discuss the broad security and privacy concerns facing enterprises today, and highlight some of the key differences and challenges addressing security and privacy risk in the cloud versus more traditional IT deployment models (e.g. hosting). Speaker Bio: Arun is a Manager with the Security & Privacy practice at Deloitte & Touche LLP, serving clients in the Technology and Consumer Business (Retail) industry sectors. As an Information Technology and Security Solutions consultant, Arun has served both national and global clients on engagements ranging from information security strategy development to detailed design & deployment of enterprise security solutions for over 9 years in both technical and management leadership roles. Arun specializes in the domains of Information Security and Technology Risk Management Strategy, Identity and Access Management, Data Protection and Compliance (including PCI), System Vulnerability Assessment and related methodologies. More recently Arun has been focused on serving clients in the areas of Ecommerce Security and Fraud Management. Arun holds a Masters degree in Computer Science from the University of Southern California and also holds the CISSP and CSSLP certifications.

Tentative Session Schedule Session Start End Registration / Breakfast 8:30 9:15 Session 1 9:15 10:30 Break 10:30 10:35 Session 2 10:35 11:50 Networking Lunch 11:50 12:50 Session 3 12:55 2:10 Break 2:10 2:15 Session 4 2:15 3:30 Afternoon Networking Break w/ Refreshments 3:30 4:00 *** TENTATIVE: Open Q&A session with the presenters 4:00 4:30

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information