2016 September Training Session - FULL DAY
When: September 7, 2016 - 0800-1630
Where: RTP HQ
ISACA-RTC Members - $50 (Log in to register)
Affiliated Organizations (IIA, ISSA, Othe ISACA Chapters) - $75
All Others: $100
CPEs: Upto 8
Handouts: When Available
Securing the Internet of Things
Today's enterprise networks are supporting devices that were never meant to have Internet or wireless connections. Printers, entertainment units, HVAC and building alarms, medical instruments (some of those implanted in humans), power control systems, refrigeration units, even cars--all are getting smarter with embedded chips and Internet or wireless connections. The Internet of Things includes software, firmware, or hardware used to control, manage, or monitor the performance of these and other connected Things. The effectiveness and efficiency of these systems is being greatly multiplied by both client/server and peer-to peer-connectivity, enabled by advances in new forms of connectivity, inexpensive controllers, and Internet-standard protocols.
Advanced Persistent Threat (APT)
In addition to protecting their intellectual property and secrets, many government agencies are entrusted with gathering, processing, and protecting sensitive information about citizens, patients, and business. This information along with the people and systems that process it, are increasingly becoming targets for exploitation through the emerging class of threat known as Advanced Persistent Threat (APT).
Why do attackers target federal systems? They seek intelligence, advantage, and political gain. The possibilities are endless: intelligence about an opponent’s military capabilities, movements of high-value individuals, or national economic strategies; advantage by disabling or crippling sensors and systems or pre-launching a cyber attack as a prelude to kinetic warfare; and political gain by embarrassing a rival, manipulating public perception prior to a key election, or suppressing suspected dissident citizen groups.
Dealing With the Insider Threat
Statistically, insiders represent a tiny fraction of the potential overall threat, yet the damage done by insiders routinely eclipses that done by outsiders. Why? Because they already have access. We'll look at US Secret Service statistics and findings on the impact of insider threat damages, examine the role of compliance, and examine a framework for success: the Critical Security Controls (CSC). We'll then map the CSC to the insider threat, show how insiders circumvent security, and offer recommendations on how to control admin privileges to reduce this threat vector.
Battle in the Clouds: Cyberwar Goes Virtual
As more businesses and even government agencies move into "The Cloud," we are faced with the challenge of defending a territory that we do not control. Although cloud computing offers numerous financial and performance advantages for many, it comes at a price -- an increase in the attack surface. Attackers, too, have taken advantage of cloud computing and are using it for a launch point, aggregation of stolen or compromised information, and "bouncing" attacks off the cloud to mask their actual point of origin. Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) represent lucrative business models for cloud providers, and can offer great efficiency and savings to customers -- IF security is done right. We'll look at the extra protection required by a cloud computing environment, and the impact it may have on our policies and even our contracts. We'll conclude with some expectations for the future of cloud computing, and how new defenses may or may not succeed in the long run.
Cyber Leadership: How to Win the Battle AND the War
This presentation will examine the threat landscape, and evaluate how well we are doing at fighting back. It will examine resources, strategies, and constraints as applied to cyber war, and look at proposed legislative changes and whether or not they will make much of a difference. The answer lies in going back to basics -- understanding the importance of confidentiality, integrity, and availability (the "C-I-A Triad"), and how to achieve those goals using traditional and non-traditional approaches and technologies. Threat intelligence is a popular buzzword; we'll look at the value of that in how we can shift the advantage to the defenders, and how humans have now entered the targeting of attackers through Ransomware and other social-engineering oriented attacks. We'll offer some recommended next steps so that we can not only win the battle at hand, but be victorious in the long-run.
Defense Strategies for Upping your Network Security Game
In spite of our best efforts, we seem to be losing ground to attackers in our networks. This presentation will examine the basics of network defense (prevent, detect, deny, respond), examine the principles of vulnerability management, identify one of the most frequent vectors of network compromise, and offer five defense strategies to "up your game" in the defense of our networks.
Speaker: G. Mark Hardy, President, National Security Corporation
Cyber Security Expert and experienced visionary business and military leader with demonstrated success in area such as Cyber security and privacy, Banking and financial security and Credit Card fraud prevention.