How well prepared are organizations to respond to a potentially devastating data breach - such as the likes that hit Anthem, OPM or even Ashley Madison? Are their security programs and controls truly as effective as security leaders believe them to be? These are among the questions answered by the results of the 2015...
Do you have a supply chain or just vendors? Do any or all of them present a breach potential? We apply massive resources to hardening perimeters and preventing infiltration of our information security systems, but what if our adversaries have a built-in presence and already have a foothold in the software, hardware,...
The absolute worst time to develop a breach response plan is directly after you have discovered a breach. The absolute best way to have your response team fail is to have them untrained on rarely practiced procedures while being overly reliant upon expensive, improperly configured technology. It is proven that humans...
Intelligence is critical in mounting an effective defense and, equally as important, is an effective offense. This session will look at intelligence gathering from both sides of the DMZ. There is a great deal of critical information available about your adversaries and a startling amount about you, your organization,...
Since the phrase "Advanced Persistent Threat" (APT) was coined nearly ten years ago, it has been the subject of extensive discussion and debate in the IT security community, attracting terabytes-worth of media buzz. The spotlight on APT's has been critical of bringing the reality of today's threats to light, but the...
Although APT's can vary significantly from breach to breach, they generally have many common phases and mechanisms. In this session, we will define and describe the APT attack and defend lifecycle, provide an overview of how the day is structured and what we aim to achieve, answering such questions as:
What is...
Even though many traditional defense mechanisms can be circumvented, it is essential that a proactive, layered, defensive security program be put in place and managed effectively. This will not prevent the well-organized targeted attacks, but will eliminate 99 percent of the background noise and most of the less...
What are the most common mechanisms used in the "Exploit" phase? Many attacks simply take advantage of known vulnerabilities or network weaknesses that have not been addressed, in which case the adversaries have no need to create custom malware. When they are employed, "zero-day" attacks are often very difficult to...
Malicious activity triggers measurable events at almost every stage of the attack. There are multiple sensory technologies available, but collecting this data from disparate sources can often just result in the creation of a very large pool of unrelated "facts," an impenetrable noise where no signal can be found. But...
The absolute worst time to develop a breach response plan is directly after you have discovered a breach. The absolute best way to have your team fail at responding is to not have them trained with well-practiced procedures and have them be overly reliant on expensive, improperly configured technology. Strike, strike,...
As we've seen, we can't just keep doing what we've been doing. The cost of not ensuring the confidentiality, integrity and availability of information is on an upward ramp and, at some stage - if not already, we will reach the tipping point where the cost of not having an effective security program will overtake the...
To date, the most common reaction to targeted attacks has been for organizations to just do what they have always been doing, but harder. That isn't going to work. We need to look at this problem differently and adopt a different set of thought processes. There is a great deal to be said for adopting a warlike...
Our law enforcement agencies are amassing a deep set of capabilities for investigating and prosecuting cybercrime.
These public-sector organizations, however, need to understand the driving forces, priorities and procedures within the organizations they help protect. Equally as important is that private-sector...
The absolute worst time to develop a breach response plan is directly after you have discovered a breach. The absolute best way to have your team fail at responding is to not have them trained with well-practiced procedures and have them be overly reliant on expensive, improperly configured technology. Strike, strike,...
Malicious activity triggers measurable events at almost every stage of the attack. There are multiple sensory technologies available, but collecting this data from disparate sources can often just result in the creation of a very large pool of unrelated "facts," an impenetrable noise where no signal can be found. But...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
