2015 FS-ISAC FALL Summit - Professional Development Group
Transcription
2015 FS-ISAC FALL Summit - Professional Development Group
www.fsisac-summit.com www.fsisac.com 2015 FS-ISAC FALL Summit Intelligence into Action San Diego, California Hotel del Coronado October 25-28 We live in unparalleled times in regards to technology innovation, the rapid speed of information, and an unprecedented focus on cyber security. As practitioners, you know the importance of having the latest information on threats, the ability to quickly identify the latest trends relevant to you, and to “be connected” to keep pace with a chaotic world - having a “circle of trust” is now more important than ever. Since 1999, the FS-ISAC has been pushing the envelope on information sharing and is considered by many to be the gold standard on demonstrating public/private sector partnerships. One way we create “circles of trust” is through the delivery of premium content and access to trusted partners at our annual conferences. If you’ve joined us at previous events, you already know the FS-ISAC conferences offer excellent content, marquee venues, prominent industry leaders, and guest speakers just to name a few. This year’s Fall Conference - to be held at the beautiful beach front Victorian Hotel del Coronado - aims to surpass your expectations with content in applicable topics such as cyber intelligence, threats & attacks, and governance. The FS-ISAC is also elated to have as keynote the Honorable Mike Rogers, the former U.S. House of Representatives luminary on cybersecurity, counter-terrorism and national security policy issues. Whether you’re representing a global bank, community institution, broker dealer, or any company in the financial sector, we all represent the security leaders of our industry and are only as strong as the weakest link. Come join us and be part of our “circle of trust.” On behalf of the Planning and Content Committee of the 2015 FSISAC Fall Conference, I look forward to personally welcoming you in San Diego, California in October, 2015. Greg Temm Conference Chair, 2015 FS-ISAC Fall Conference Vice President, Cyber Intelligence & Public Private Partnership MasterCard FS-ISAC Mission Statement The Financial Services Information Sharing and Analysis Center (FS-ISAC) is a non-profit corporation that was established in 1999 and is funded by its member firms. The FS-ISAC is a memberdriven organization whose mission is to help assure the resilience and continuity of the global financial services infrastructure and individual firms against acts that could significantly impact the sector’s ability to provide services critical to the orderly function of the global economy. The FSISAC shares threat and vulnerability information, conducts coordinated contingency planning exercises, manages rapid response communications for both cyber and physical events, conducts education and training programs, and fosters collaborations with and among other key sectors and government agencies. Learn more at www.fsisac.com Who Should Attend? Why Should You Attend? • CISO, CSO, CIO, CTO, and CRO • Presentations by over three dozen Senior Executive FS-ISAC members • Head of Threat Intelligence • EVP, SVP, VP, and Director of these areas: - Security Operations Fraud Investigations Physical Security Business Continuity Audit & Compliance Payment Risk Management Payment Operations • Payment Line of Business Managers including: - Online Banking - Online Treasury Management • Concrete take-aways including case studies and best practices • Interactive sessions that allow for strategic and solution-oriented discussion • Actionable information & sharing designed specifically for financial services institutions • Complimentary attendance for Premier and above members - All meals and events during the conference are included Mike Rogers Former Member of US Congress, Member of the US Army, and FBI Special Agent As a former member of the U.S. Congress representing Michigan’s Eighth Congressional District, a member of the U.S. Army and FBI special agent, Mike Rogers is in a unique position to shape the national debate on a wide variety of issues. Rogers uses his insider perspective gained from traveling the globe—from the Middle East to South America—to host “Something to Think About,” with Mike Rogers on Westwood One. From his time in the U.S. House of Representatives, where he chaired the powerful House Intelligence Committee and was a member of the Energy and Commerce panel, Rogers built a legacy as a tireless and effective leader on cybersecurity, counter-terrorism and national security policy. Washington Post columnist, David Ignatius, remarked, Rogers was “a rare example of bipartisanship.” Rogers has worked with two presidents, Congressional leadership and countless foreign leaders, diplomats and intelligence professionals to ensure the brave men and women who fight for our nation are equipped with the resources necessary to get the job done. Rogers is a CNN national security contributor and also appears in the major print outlets such as The New York Times, The Washington Post, The Wall Street Journal and the Associated Press. He is a staple on radio and had more Sunday show appearances than any other elected official in 2013 and 2014. Rogers graduated from Adrian College in 1985, was a commissioned officer in the U.S. Army through the University of Michigan, and served as an FBI special agent. He is married with two children—a daughter and a son. Hotel del Coronado 1500 Orange Avenue; Coronado, CA 92118 Phone: (619) 435-6611 Reservations Toll-Free: 1-800-468-3533 www.fsisac-summit.com/fall-hotel-travel When making your reservation, be sure to mention that you are attending the FS-ISAC Fall Summit so that you can receive FS-ISAC’s discounted group rate of $270 per night. This rate is available until October 9 or once the block is full, so be sure to make your reservation early to avoid disappointment. Airport and Transportation San Diego International Airport (SAN) - 9 mi from hotel - approx. $35 taxi one way Attendance Restrictions The FS-ISAC Fall Summit restricts attendance to regulated financial services firms, relevant public sector entities, and country-level banking associations and payments associations. Examiners and those responsible for informing public policy are not eligible to attend. If you have questions regarding eligibility contact [email protected]. FS-ISAC Affiliation Premier/Platinum/Gold Member Early Bird (ends 9/25) Standard Registration (after 9/25) COMPLIMENTARY COMPLIMENTARY Non-Member/CNOP Member $895 $1,750 Basic/Core Member $895 $1,500 Standard Member $795 $1,250 Government $895 $895 Guest* $895 $895 *Guest registration may include spouse, family members, significant others, etc. but does not apply to colleagues or other practitioners in the financial services community. Guests do not attend sessions, but only meals and networking events. Conference Registration Cancellation Cancellations are subject to a $50 administrative fee. NO REFUNDS will be made for cancellations received after September 7. Email [email protected] for more information or to cancel. Online Registration www.fsisac-summit.com/Fall-Attendee-Reg Agari Akamai Arxan Technologies Bit 9 + Carbon Black BrandProtect BrightPoint Security Checkmarx CyberArk Cyphort DB Networks Dell SecureWorks Easy Solutions Guardian Analytics Invotas Malwarebytes Menlo Security NetSPI Prelert Proofpoint Rapid7 Security Compass SecurityScorecard Synack Tripwire Waratek A Case Study in Building an AppSec Program: 0-60 in 12 Months This case study will detail the implementation of an enterprise application security program at a financial software provider. Day 1, the organization had no application security program. Day 365, they had a comprehensive program with controls throughout the SDLC, feedback loops and effective metrics. This case will highlight the controls implemented, resistance encountered and lessons learned. Actionable Intelligence to Combat the Latest Malware Threats and Cybercrime Tactics Impacting Financial Institutions Financial services firms are highly targeted by cybercriminals, making it imperative to address cyber security deficiencies. The presenter will share the latest malware evasion and defensein-depth strategies, along with new ways to deliver actionable intelligence to prevent attacks within the enterprise and anonymously share information that benefits the entire industry. Actor Profiling: Methods for Actor Attribution There are several frameworks for making an actor attribution. Some of them begin with a general idea of characteristics of people/organizations who might wish to target a given institution and identify matching persons/organizations while others track suspicious persons/ groups and extrapolate characteristics of interest to determine who the adversaries are. The session will draw on the experience and recommended best practices of experienced panelists with expertise in actor attribution. Analyzing Advanced Threat: A View from the Inside Banks are under attack. What threats do the largest financial services firms in the world face and how do they mitigate advanced cyber-attacks? One best practice is threat isolation, which prevents breaches and enables complete analysis of the attack. Join the presenters for a discussion of this best practice and analysis of some of the advanced threats facing financial services firms. Applied Security Analytics - Case Studies and Use Cases From the Battlefields Join the speakers along with CSOs from companies like GE Capital, ITG, Rockwell Automation and others as they share how applying advanced security analytics models can address sophisticated use cases, and promote rapid detection of advanced attacks and threats in their environments. Learn how the latest innovations in security analytics transformed the way organizations approach security. A Walk Through Your Corporate Airspace: Understanding the IoT This interactive session will explore the known, unknown and ‘ghost’ devices found on a walk through your corporate airspace from DC to 10Ghz. The convergence of the Internet of Things devices, the absence of visibility in the network, and the future impact on the enterprise will be presented comprehensively. Attendees will leave with an awareness of the infiltration of devices in the network, as well as techniques for discovery and defense. Behavior-based Cybersecurity Analytics Technologies have evolved that enable us to create, store, and share digital information. As result a new security landscape has emerged. Cybersecurity threats are increasingly sophisticated and adversaries are finding ways to exploit an organization’s vulnerabilities. New developments in big data technologies and behavioral analytics will support the transformation of the next generation of cybersecurity capabilities. In this session, the presenters will outline technology trends and innovations that will impact behavior modeling and improved cybersecurity. Block Chain – The Next Big Disruption to Global Payments Block chaining technology is the basis for crypto-based currency like Bitcoin. But did you know that the same technology is being used by innovators to potentially disrupt the entire payments ecosystem? In this panel, industry experts will talk about the implications of rapidly evolving block chaining technologies. Case Study: Security Insights In conjunction with an FS-ISAC member, the speaker will present this intriguing case study. The case study for a security data lake, delivering: - Security Insights - management decision support for the CISO across Controls, Vulnerabilities. - Security Analytics - anomaly detection for Insider / APT. Operationalizing Threat Intelligence. Presentation will include the lessons learned in creating a multiuse case Security Insights facility. The talk covers 6 suggested presentation topics. Change the Game - Fight Those Who Fight You Over the years, attackers of all affiliations have broken into corporations and stolen documents, pilfered bank accounts, or attempted to social engineer our employees. Many forget that the attackers are human too, and are susceptible to the same techniques they are using. In this session, the presenter will give several use cases and ideas that will make life more difficult for the attackers you are facing. Cryptocurrency and the Dark Web: Exploring the New Criminal Underground Two years after the invention and the release of the Bitcoin, the world’s most popular cryptocurrency, cyber criminals managed to exploit the technology for a multitude of crimes. In this session, the presenters will explore the creation of the Silk Road beginning in 2011 to its fall in 2013. They will explore the criminal underground since the Silk Road’s demise and see how criminals buy and sell illegal goods and trade stolen credentials, laundering millions of dollars. Cyber Resiliency The Executive Management team should recognize its leadership role in setting the proper tone and structure for enabling cyber resiliency throughout the organization. They should also recognize the importance of mitigating cyber risks as an essential task in maintaining the on-going success of their institution. Cyber resilient organizations are better positioned to keep pace with evolving threats, thereby helping them to avoid financial damage, negative publicity, and loss of customers’ trust. Effective Exploitation of Shared Threat Data Threat Intelligence sharing often emphasizes more and faster intelligence as the solution for effective countermeasures despite lower value and less context. LM-CIRT has developed a system to automatically assess shared threat data within the context of pre-evaluated intelligence to reliably and rapidly apply the high-value intelligence to defenses with low false positive rates. The presenters will share some of the tools and processes they’ve developed to manage this life-cycle and some threat data sharing metrics. ELK All the Things This session will focus on how USAA is leveraging an open-source log management solution – Elasticsearch, Logstash, Kibana (ELK) to improve analyst response time, provide dramatically improved analytical and visualization capabilities and make data fun. The presenters will highlight lessons learned as they built their ELK environment and a couple of key dashboards and visualizations used by analysts in production today. Enterprise Cyber Risk Management – Why It’s a Game-Changer for Your Company Historically, there has been a dichotomy between business, technology, and risk at a global enterprise. This results in a siloed view of risk and weakens risk management controls and governance. To address these challenges, BNY Mellon implemented a Corporate Senior Information Risk Officer (CSIRO) program. CSIROs are placed within individual businesses to provide targeted risk expertise. This session provides an inside look at the CSIRO program at BNY Mellon and its structure and progress. Evolving Your Threat Intelligence Capabilities: Strategic and Proactive Cyber Defense This session will introduce a new way to approach the concept of “threat intelligence” The idea of threat-driven intelligence operations is fairly new, and the presenters want to recommend a further iteration that encompasses strategic and future-focused intelligence capabilities -- this holistic approach, they believe, will prepare enterprises for the evolving threat landscape rather than constrain us all into reaction-mode in perpetuity. FFIEC Cybersecurity Assessment Tool This summer, the FFIEC released a Cybersecurity Assessment Tool (Assessment). The presenter will describe the features and benefits of the Assessment that was developed by the regulators for banks and credit unions to identify their inherent risk profile and measure their cybersecurity preparedness. Financial Services for Technical Security Professionals Several Financial institutions hire information security professionals from other sectors. In order for information security professionals to properly prioritize threats, incidents, and the implementation of security controls, it is imperative that they understand the business of financial services and the environment in which that business operates. Each line of business in financial services has a unique threat landscape distinct from the others. Business leaders can offer their perspective on what is most important to them. FS-ISAC 101 This session is an interactive workshop on FS-ISAC services. This will be offered as an early bird on the first day and targets new members. It provides an overview of FS-ISAC, how to use the portal, filter alerts, and participate in appropriate special interest groups. Hot Off the Press: Cloud and Security Finally Become Friends Financial services firms are embracing public cloud services and meeting their numerous security and compliance requirements. Sound too good to be true? Come hear from two industry luminaries as they share strategies to extend critical on-premise application security capabilities to SaaS, PaaS and IaaS environments. The presenters will discuss common use cases and architectures that go beyond conventional approaches to cloud application security. Implementing an Action-Oriented Insider Risk Management Program An increasing number of Global 1000 organizations are establishing insider risk management programs, as security executives see the risks that malicious, compromised and negligent insiders have on organizations. This session explores the following elements of an insider risk management program: (1) stakeholder roles and responsibilities; (2) workflows among stakeholder groups; and (3) technical enablers for improving a broad multi-stakeholder insider risk management program. Additionally, the presenters will focus on real-world scenarios from Blackstone’s insider risk management program. Implementing .bank: Experiences and Opportunities The .bank top level domain has been operational since May 2015, providing a more secure, identifiable space for banks and bank customers to transact business online. This panel will focus on the experience of bankers in implementing the domain to take advantage of this opportunity. Improving Financial Services Response in a National Cyber Crisis The financial services sector must be prepared for involvement in a national-level cyber crisis. This session describes how the industry conducts sector-level crisis response, coordinates with the government, and conducts readiness activities to include drills and exercises. Discussion focuses on areas for future improvement. Inside Apple Pay: Authentication and Fraud Prevention in the Evolving Payments Landscape Apple Pay represents the tip of the iceberg of the evolving payments landscape, and it is already a hotbed for fraud. In this presentation, the presenters will lead a live demonstration of realworld hacks that criminals are using to manipulate Apple Pay to avoid complex authentication paths. They will then evaluate the authentication and security measures used by several credit card issuers to deter these attacks, comparing their effectiveness in preventing the use of stolen accounts. Key Concerns for CEOs and Board of Directors This is a CEO and Board of Director level session that will explore key concerns of CEOs and the Board as it relates to cybersecurity and resiliency issues and effective strategies for communicating risks and asking for appropriate resources to mitigate the risk. Key Concerns for How Technology Firms are Enhancing Security Controls A panel of technology firms will discuss their efforts in building security into the foundation of their products. Key Outcomes from the Public/Private Initiatives Government Efforts to Improve Cybersecurity Before this session, review the key outcomes from the “Hamilton” exercises, including the Request for Technical Assistance and Destructive Malware Task Force. A panel of public and private participants will discuss the work they are doing to enhance cybersecurity. Lessons Learned From A Cloud Data Breach Several financial service organizations are reluctant to adopt cloud services due to fears related to overstated risks on cloud application usage. To help facilitate informed decision-making, the speaker will present the only documented demonstration of a cloud-based attack and explain how when using advanced detection and heuristic capabilities, organizations adopting cloud technologies can protect themselves from attacks while addressing financial services security compliance requirements. Let the Mentoring Begin!!!! FS-ISAC has just begun a Mentoring program which matches security practitioners in large FI’s with security and IT professionals in smaller organizations. This panel will explore the current program, what topics are being mentored, and discuss success stories while giving the attendee a chance to ask questions and even possibly get matched up. Leveraging Cyber Threat & Intelligence in Proactive Fraud Analytics and Investigations Cyber security and fraud organizations have traditionally been distinct organizations within financial institutions. The increasing sophistication of fraudsters and the focus on cyber-attack vectors to facilitate fraudulent activity, demonstrates the need for cyber security and fraud organizations to work together. This proposed session provides a framework and series of case studies for cyber threat & intelligence support to proactive fraud monitoring and fraud investigations along with examples that illustrate monetary impact of cooperation. Leveraging the Threat Intelligence Maturity Model to Build an Intel-Driven Security Program Implementing a comprehensive intelligence driven security program is a multi-faceted effort. In this session, the presenters will present TIMM -- Threat Intelligence Maturity Model. This in depth model will enable attendees to assess their cyber security program’s current state, measure gaps against a desired future maturity level and understand the steps required to get there. More than an ISO: Cyber Risk Management The proliferation of cyber risks (attacks, SOC reports, client audits, regulatory exams, internal audits, vendor reviews, incidents, resiliency events, etc.) are driving organizations to establish a technology risk management program that goes beyond the role of the Information Security Officer (ISO). This session will examine some of the emerging risks and requirements for technology risk management, discuss how in practice it differs from information security, and share best practices for identifying and controlling cyber risks. Neighborhood Watch – Collaborate and Educate to Keep Cybercriminals Off of Our Networks In this presentation, the speakers will detail the evolution of cybercriminal tactics within the financial sector, focusing on how criminals are maintaining a footprint within our networks through sophisticated evasion techniques. Understand how the Eastern European hacker community has been especially effective at evading current controls and its effect on the industry. Finally, two recent case studies will exemplify how you can decrease cybercriminal time on your network and more accurately predict future attacks. Offense, Defense and Special Teams – What are We Learning and Sharing Across Functions? The presenters will look at current threats, financial malware trends, and real behind the scenes use cases to derive meaningful security intelligence during such a rapid pace of change. While working with leading financial institutions and exploring big data and analytics, they will review key lessons learned from operationalizing such programs and see how firms can optimize security information sharing and deliver the capabilities needed to proactively stop threats, protect critical assets, and firm and client data. Presenting Cyber Risk to your Board of Directors (BOD) The Board of Directors are more engaged on Cyber Security issues than ever before. Attend this session to learn about tools, techniques and languages that translate cyber security issues into broader enterprise risk matters and get the attention of your organization’s executives and board members. Attendees will take away three tools that they can apply in their next board presentation. Punching Miscreants with PCRE/ERE/BRE/RegEx This is an audience-interactive and audience-inclusive workshop on patterning and string matching using PCRE (Perl Compatible Regular Expressions) as a weapon for defeating exploit kits, string tokenization, and moving beyond traditional wildcard string globbing approaches. If you’ve ever wanted to learn or try Regular Expressions in an informal atmosphere, this is the session for you. Quality Over Quantity; Separating Quality Cyberthreat Data from the Rest With the rise of cyberthreat intelligence, the term “quality data” is being used an awful lot. But how do you identify quality data and separate it from “noise?” IID and the Ponemon Institute will reveal for the first time results of a survey of hundreds of businesses and U.S. government agencies around cyberthreat data. They’ll address what the key characteristics of quality data are, how “bad” data has negatively impacted their organization and much more. Quantifying Cloud Risk for Your Firms’ Leadership Your firm is adopting the cloud in a big way. Beyond people using their favorite productivity apps, your leaders are using the cloud for critical business processes across virtually every function. Whether those cloud services are sanctioned or shadowed, your fellow executives are asking questions like “Is our cloud usage safe and compliant?” and “Are there files containing PCI or PII in the cloud?” Learn key trends and data about quantifying enterprise cloud risks through this presentation. Real-Time Community Intelligence Collaboration with STIX The next step for machine-to-machine collaboration with STIX goes further than just sharing indicators of compromise. Sightings can provide industry context around a specific IOC, which can be leveraged for better decision-making. Join this session to see how Soltra Edge helps communities communicate Sightings that can help turn intelligence data into mitigating actions. Report from the Trenches: How are Cybercriminals Bypassing our Controls? The security industry produces a wide range of products to protect networks, yet cybercriminals are constantly innovating and identifying new methods to bypass these controls. This session will show some of these innovative attacks used by cybercriminals in the wild and analyze how they bypass security solutions. As defenders, we need to understand the limitations of the tools we use and innovate as our enemy does to protect from the new attacks. Risk Driven from the Front Line: Using Incident Responders and Threat Assessments to Inform Risk Decisions This presentation will review State Farm’s adoption of the FAIR (Factor Analysis of Information Risk) methodology, and how that adoption allowed for the creation of a tactical Threat Assessment process. The presentation will review the assessment deliverable, the aspects of FAIR used to derive the threat values used to calculate risk, and the role the Incident Responders play in completing a threat assessment with a focus on the operational (quick use) tools in use today. Securing Security: Architecture Considerations for Financial Services Security Systems Distinguishing an ambitious employee from a malicious impostor in time to prevent damage and loss requires scalable data, compute, and connectivity resources. This presentation presents an architecture that provides this scalability, and addresses the security considerations necessary for implementation and portability across multiple cloud deployment options. The session’s presenter will discuss how organizations can maintain data security by anonymizing customer identifiers, protecting data at rest through encryption, controlling data retention and destruction, and quickly recovering infrastructure during compromise. Security Awareness: How I Learned I am Terrible at It and Stopped Worrying Security Awareness is failing and always has. It’s considered largely ineffective by management, useless to employees, and laughable to attackers. Security pros know security but not human behavior. Despite all the best-practices and, even with a budget, most awareness programs are basically a “security theatre.” Instead of taking pages out of the security handbook, this session will focus on other disciplines such as behavioral science, risk communication, even gamification principles. It will also highlight on the Awareness as a Layer 8 problem. State of the Cyber Security Workforce and What To Do About It The information and cyber security workforce shortfall is growing year after year, and the primary reason is less about money and more about the insufficient pool of suitable candidates. However, this projected workforce shortfall does not mean hiring will stop. In this panel, the presenters will discuss the results of the 2015 (ISC)2 Global Information Security Workforce study and what approaches companies can take to face rising security workforce shortages. STIX for Beginners If you’ve recently heard of STIX and are new to machine-to-machine intelligence communication, this session is for you. Topics will include: the basics of the cyber intelligence standards STIX & TAXII, and a brief introduction on the current state and use of the standards in the industry today. The Future of Cyber Crime: More Targeted and Elusive Attacks, Less Collateral Damage Attacks against individuals have proven to be effective for stealing personal and financial information. With that being said, no method is more dangerous than malicious digital advertising (malvertising). Using the ad ecosystem, a threat actor can infect millions with a single ad on any device, from any website, with little collateral damage. This presentation will look into the malvertising ecosystem and offer best practices that financial services firms can use to lower the risks these attacks pose to their customers. Third-Party Governance Done Right This session will feature a mature 3rd party security governance process implemented for Aetna that adds risk-based security controls to a robust compliance program that address the risks of third parties hosting member health information and providing web portal access or mobile access. The Global Information Security Director for the 3rd Party Security Governance program has implemented five security specific controls across hundreds of third parties that address things like software security maturity and risks, authentication of users, encryption of data in transit and at rest, using frameworks from the financial services industry. They lead a vendor ISAC community to share cyber security intelligence and best practices with the vendors to improve their cyber resiliency. Threat Intelligence Comes of Age: Market Dynamics, Use Cases and New Technologies for Financial Services Threat intelligence helps Financial CISOs use their security, spend more efficiently, and combat adversaries more effectively. However, the market remains nascent and fragmented and most of the integration burden still rests with the SOC. With that being said, TI services from different vendors are not easily compared. In this session, the presenters will map out the TI marketplace, including all the top vendors and major classes of offerings, to help CISOs understand the ecosystem and determine which providers fit their needs. Understanding the Eurasian Cyber Threat A panel of experts from the government and the industry with experience in combating cybercrime and the nation state threats emanating from Eurasia, will discuss their view of the threat from each of their distinct perspectives. User Behavior Analytics - Fraud, Insider Threat & Access Misuse PayPal leverages User Behavior Analytics (UBA) to address cases of fraud, access misuse, and insider threats. This is geared specifically towards fraud. Behavior analytics are a key component for account security and detecting customer account takeover. Predictive analysis based on identity enhances PayPal defense to proactively protect customers. Identity and access intelligence is also leveraged to detect misuse for identity’s and their access. From an internal perspective, the third use case looks for insider threats and employee account takeovers. Using Classified Information to Secure Your Company’s Systems Who in your company needs a clearance? How will they get classified information? How will they use it without going to jail? We’ve been working with the government to identify ways to improve how we receive classified information and how we use it within our organizations. This panel will discuss lessons learned, products and coming deliverables from the working group. Vendor Risk Assurance, Data Breach and Business Impact The vendor community is critical to business operations and success. Organizations issue vendor user accounts and access to key organizational resources. However, recent data breaches can be attributed to their untethered access. Comcast Cable, a global leader in media/technology, manages thousands of vendor accounts with internal access to a broad range of critical information. Learn how Comcast tackles this challenge with an innovative vendor risk assurance program that combats data breaches and effectively manages business/ security risks. Venezuela and Cuba Latin America’s Security Challenges Venezuela has made several efforts to increase its cyber capabilities. These efforts include a proactive effort for cyber network exploitation and attack capabilities. This session explores resources, frameworks and contemporary cyber risks in response to this trend as well as the cyber relationships being built in Latin America. What impact will this have on the financial services community for Latin America? What cyber risks are implied and can be tracked? What CISOs Need to Know about Cyber Insurance CISOs are told to expect that their company will be attacked and compromised. Cyber insurance is poised to help financially bail them out if an attacker is successful. In this session, a former financial CISO, now Global Operations Leader over Incident Response services, will share what he has learned in the trenches that could make your policy better and your premium lower. What do you really need to focus on to get great Cyber Insurance? * We apologize to all Affiliate Members, Affiliate Board Advisors, and Sponsors who are not permitted to attend members only and technical forum sessions, which will be announced at a future date. Join us for complimentary snacks and refreshments, and a technology showcase where the latest technical innovations in cyber-awareness, proactive security and defense will be on display. In this relaxed setting, attendees get to select up to three solutions they’d like to see. These information-packed 15 minute sessions will be presented by technology experts from our vendor sponsors, will be use-case driven and will be tailored to the unique needs of FS-ISAC members. Advanced Malware Remediation and Protection Strategies Malwarebytes Akamai Security Solutions: Protecting Banks Worldwide Akamai Checkmarx PCI-DSS Compliance Without the Hassle Checkmarx Combine SAST+RASP to Find and Fix Application Flaws Automatically Waratek Learn How Multi-Vector Detection and Asset Context Provide Insight to Threat Defense and Remediation Cyphort Does Your CISO Know Where the SSH Keys are Hidden? CyberArk Eliminating Malware from Web and Email via Isolation Menlo Security Hiding in Plain Site: Protect Against Bad Hashes Tripwire How to Automatically Incorporate Application Security Requirements to Reduce Risk and Scale Your Security Team Security Compass How to Hack a Mobile Banking App Arxan Technologies Improve Situational Awareness to Counter the Risk Posed by Advanced and Evasive Threats Dell SecureWorks Insights into the Database Infrastructure DB Networks New Integrated View of Cross-Channel Client Activity to Intelligently Assess Fraud Risk Guardian Analytics New Outside Cyber Threats Expand Your Attack Surface – What You Need To Know BrandProtect Orchestration Changes Everything Invotas Proactive Security: The Optimal Pairing of Man & Machine Synack Security’s Biggest Blind Spot: Third Party Risk SecurityScorecard Speedy Detection of DNS-based Data Exfiltration Prelert Strong Security for Your Weak Link: Implementing People-Centric Security in FSIs Proofpoint Techniques for Mitigating Security Risks Rapid7 The Need for Speed: Sharing Threat Intel in Real Time Helps Prevent Breaches BrightPoint Security Understand Your Fraud Landscape Easy Solutions Vulnerability Triage at Broadridge Financial with NetSPI’s CorrelatedVM NetSPI Why 6 of the Top Global Banks Use Agari to Secure their Email Agari Why Application Whitelisting Makes Sense in Financial Services Bit 9 + Carbon Black Agenda is subject to change. For an up-to-date agenda, visit www.fsisac-summit.com/fall-agenda Sunday, October 25 All Day 4:00 - 6:00 pm 6:00 - 7:00 pm 7:00 - 9:00 pm Monday, October 26 8:00 am - 9:00 pm 8:00 - 9:00 am 8:30 - 10:00 am 9:00 am - 12:00 pm 12:00 - 1:00 pm 1:00 - 4:30 pm 3:00 - 6:00 pm 5:00 - 6:00 pm 6:00 - 7:00 pm 7:00 - 11:00 pm Tuesday, October 27 7:00 am - 7:00 pm 7:00 - 8:00 am 8:00 - 8:15 am 8:15 - 9:00 am 9:00 - 9:30 am 9:30 - 10:15 am 10:15 - 11:15 am 11:30 am - 12:30 pm 12:30 - 1:45 pm 1:45 - 2:45 pm 3:00 - 4:00 pm 4:15 - 5:15 pm 5:15 - 6:15 pm 6:15 - 9:00 pm 9:00 - 11:00 pm Wednesday, October 28 7:00 am - 6:00 pm 7:00 - 8:00 am 8:00 - 8:15 am 8:15 - 8:45 am 8:45 - 9:15 am 9:30 - 10:30 am 10:30 - 11:00 am 11:00 am - 12:00 pm 12:00 - 1:00 pm 1:00 - 2:00 pm 2:15 - 3:15 pm 3:30 - 4:30 pm 4:30 - 6:30 pm 1:00 - 7:00 pm 7:00 - 9:00 pm Sponsored Excursions* (Pool Cabanas, Wave Runners, or Sailing) Early Registration Opening Welcome Reception Sponsored Member Dinners* Registration Board and Member Breakfast* Board Meeting* Members Only Technical Forum* Members Only Lunch* Members Only Meeting* Sponsor Registration and Sponsor Hall Set-up Solutions Showcase General Session* Networking Reception in Sponsor Hall Midway Dinner Event Registration Breakfast Opening Remarks Keynote Session General Session Networking Break Concurrent Breakouts Concurrent Breakouts Birds of a Feather Lunch Concurrent Breakouts Concurrent Breakouts Solutions Showcase General Session* Networking Reception in Sponsor Hall Sponsor Dine Around Sponsored Beach After Hours Hospitality Suite Registration Breakfast Opening Remarks General Session General Session Concurrent Breakouts Networking Break Concurrent Breakouts Luncheon in Sponsor Hall Solutions Showcase General Session* Concurrent Breakouts Concurrent Breakouts Conference Close ‘Jeoparty’ Reception Sponsor Hall Teardown Sponsored Member Dinners (closed to all non platinum sponsors) *closed to Sponsor Attendees with the exception of companies approved for sponsoring the event GOLD SPONSORS www.fsisac.com | www.fsisac-summit.com Follow us on twitter! @FSISACUS San Diego, California Hotel del Coronado October 25-28 into Action Intelligence 2015 FS-ISAC Fall Summit 12020 Sunrise Valley Dr Suite 230 Reston, VA 20191 RETURN SERVICE REQUESTED PRSRT STD U.S. POSTAGE PAID BLOOMINGTON, IN PERMIT NO. 3
Similar documents
New On-Site Cyber Threat Intelligence Training Newsletter Contents Course 15-19 December, 2014
More information
2016 FS-ISAC Annual Summit brochure
On behalf of FS-ISAC and the 2016 Spring Summit Planning Committee, I am very pleased to welcome you to the 2016 FS-ISAC Annual Summit. At the end of every year, I reflect that the many challenges...
More information