Information Security Philippines

presents

The Past, Present, and Future of Risk Assessments (Webinar)

Live broadcast: June 24, 2008 @ 10 AM (PST); 1 PM (EST); 6 PM (BST)
Duration: 60 minutes

Moderator: John Sterlicchi, Infosecurity Magazine
Panelist: Michael Gregg, Villanova University
Panelist: Svetlana Hristozova, Marketing Manager, Villanova University Online

Description:
Join noted author and security expert Michael Gregg on June 24th to learn more about how risk assessments are changing to meet evolving security needs.

You’ll travel through time with Mr. Gregg to explore the progression of IS Security problems. For example, in the not too distant past, risk assessments were performed to counter attacks that were designed for glory and fame (Nimda, Code Red and SQL Slammer). These early attacks required massive amounts of time for cleanup and repair and relied on defensive technologies.

In today’s information age, attack vectors have changed. More recent incidents are financial in nature. Yesterday’s virus is today’s custom malware; while denial of service attacks have been
replaced with botnets.

Learn how this evolving threat has forced organizations to view risk assessments differently and develop new techniques. Get the essential solutions every IS and IT professional needs to counter current and future threats.

Who should attend:
Any IT or business professional interested in IS Security and assessing risk to an organization.

This Webinar will:

• Teach you more about how risk assessments are changing to meet evolving security needs. You’ll also discover the latest security solutions to safeguard your company’s ever-changing needs.
• Give you insight into the progression of IS Security issues. Plus, you’ll learn how this evolving threat has forced organizations to view risk assessments differently and develop new techniques.
• Provide you with the essential solutions every IS and IT professional needs to counter current and future threats.

This webinar is free to attend, but space is limited

Register Now

CISSPs and SSCPs can receive 1 CPE credit for attending this webinar. You can earn the credit by simply specifying your number on the registration form and correctly answering 3 multiple choice polling questions about the program at the end of the event.

presents

Malcode Analysis and Response: Proficiency vs. Complexity

by Matt Allen and Russ McRee

Thursday, March 20, 2008 at 1:00 PM EDT (1700 UTC/GMT)

The threat landscape changes constantly, driven in part by the “bot economy” and changing malcode techniques. In response, incident handler techniques must keep pace. This presentation will cover the use of RAPIER, a security tool built to facilitate first response procedures for incident handling. It is designed to acquire commonly requested information and samples during an information security event, incident, or investigation. RAPIER automates the entire process of data collection and delivers the results directly to the hands of a skilled security analyst. From detection and discovery, capture and containment, count on a useful discussion meant to further your incident response practices.

The second part of this webcast will discuss how malicious code authors are persistently introducing new hurdles to complicate reverse engineering. At Norman, we combine observations from our labs with feedback from SandBox customers to identify complexities responsible for wearing down efficient analysis of new threats. The impact of new SandBox capabilities for addressing these complexities will be introduced, followed by a short discussion of top priorities in the SandBox product roadmap.

Matt Allen: With backgrounds in computer and information sciences as well as business, Matt Allen has worked in a number of different roles at Norman over the past 5 years, varying from incident response to web and software development. Matt is currently working with the SandBox team on various projects ranging from development to marketing.

Russ McRee: Russ McRee, GCIH, GCFA, CISSP is a security analyst working in the Seattle area. He’s the author of ISSA Journal’s monthly column Toolsmith, and has written for Information Security, Linux Pro, SysAdmin and others, including an OWASP whitepaper. Prior speaking engagements include SecureWorld Expo, ISSA Northwest Regional, WSA SIG, RAID 2005, and Linuxfest Northwest. Russ has been a board member of ISSA Puget Sound, and is a member of PACCISO, InfraGard and CCSA. Russ maintains holisticinfosec.org.

Register for this free webseminar.

presents

Security Insights with Dr. Eric Cole

Wednesday, March 19, 2008 at 1:00 PM EDT (1700 UTC/GMT)

Most people think that encryption protects attackers from accessing sensitive information, but it is important to remember that encryption stops anyone from reading information. Therefore if it is not properly deployed, encryption can actually decrease security if it blinds critical security components from analyzing traffic. In addition, many companies are deploying full disk encryption but if it is not configured correctly, it might be providing a false sense of security.

Based on first-hand experience, this talk will look at areas where encryption should be used and how to avoid common mistakes. Dr. Cole will also identify areas where encryption should not be deployed. Overall, this talk will provide expert knowledge of the landscape of encryption, proper uses and common pitfalls.

Dr. Eric Cole is an industry recognized security expert, with over 15 year’s hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker. Eric is also a senior scientist with Lockheed Martin Information Technology (LMIT) and Lockheed Martin (LM) fellow. Dr. Cole is actively involved with The SANS Technology Institute (STI) and SANS actively working with students, teaching, maintaining and developing courseware.

Register now for this free webcast!

presents

What Works: PaulDotCom’s Penetration Testing Dojo: Core IMPACT Style

by Alan Paller and Paul Asadoorian

Tuesday, March 18 at 1:00 PM EDT (1700 UTC/GMT)

When beginning a security process at a consortium of non-profits, senior network security engineer, Paul Asadoorian of Pauldotcom began looking for a penetration testing tool that did network, web application and social engineering tests. The tool he purchased is low on manpower use, mostly self-maintaining and reliably proves the existence of network vulnerabilities. Please attend this webcast to find out why Paul selected CORE IMPACT and learn how it can help you safely perform network, web application and end-user penetration testing.

About the Speakers:

Alan Paller:

Alan is the Director of Research for the SANS Institute, responsible for overseeing all research projects ranging from the SANS Step-by-Step guides to the SANS digests to the Top Twenty Internet Security Threats. He the founder of the CIO Institute, and earned his degrees in Computer Science and Engineering from Cornell and MIT. Alan is the author of the EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life. In 2001 the President named Alan as one of the original members of the National Infrastructure Advisory Council. The Federal CIO Council chose him as its 2005 Azimuth Award winner recognizing his vision and outstanding service to federal information technology.In 2007, CIO Decisions, eWeek , and Baseline magazines jointly selected Alan as one of the 100 most influential people in the Information technology field.

Paul Asadoorian:

Paul Asadoorian GCIA, GCIH, Founder & Chief Executive Officer Paul Asadoorian has over 5 years experience working in the information security field. His work experience covers both major corporations and academic institutions. He currently holds two GIAC (Global Information Assurance Certification) certifications in intrusion detection (GCIA, GIAC Certified Intrusion Analyst) and incident response (GCIH, GIAC Certified Incident Handler). Paul also sits on the GCIA advisory board, has spent one year as a GCIA authorized grader, and continues to stay involved in the SANS (SysAdmin, Audit, Network, Security) Institute. His research has appeared in the book Network Intrusion Detection, 3rd edition, and also in the SANS Reading Room web site. Paul has presented for numerous organizations and conferences, including MIT Security Camp, and ISACA (Information Systems Audit and Control Association). Paul graduated from Bryant College with a bachelor of science in Computer Information Systems.

Sign-up to attend the free webcast.

Anatomy of a Breach Webcast

June 13 , 2007- 12 p.m. EDT

You harbor vast amounts of confidential information ranging from credit cards to health information to corporate plans. That proprietary data is today’s “new money” and someone is willing to pay for it. Unfortunately, the miscreants who want it may know more about technology—and your IT environment—than your own staff. The stakes are enormous: for your customers, your company, and you.

In this webcast, we examine the fundamental shift of IT risk to the insider threat and the inability of legacy protection mechanisms to stop it. We itemize and quantify the impact from containment to notification. Most importantly, we discuss eradication of the breach risk. New, targeted, caustic threats require new responses that strictly secure your critical information assets, while proving it with 100 percent surety.

Who Should Watch:
Executives responsible for audits, compliance and mitigating data breach risks and security professionals responsible for protecting critical assets on their networks
About the speakers:
William Malik
Consultant, Identity and Information Security
Malik Consulting

Bill Malik has been well-known in information security since the early 1990s when he was a founding member of Gartner’s Information Security Strategies service. He began his IT career in Boston as an applications programmer with the John Hancock Insurance Company following undergraduate work at MIT. He joined IBM’s MVS team and worked in development, testing, business planning, and strategic planning for a dozen years. He moved to Gartner in 1990 and held a series of roles as an analyst and manager through 2002. As CTO of Waveset, a start-up in identity management, he helped the firm grow through its acquisition by Sun, where Bill became Director of Marketing for Security. In 2004 Bill established his independent consulting firm, where he helps clients develop their identity management and information security programs.

Robert Ciampa
Vice President, Marketing and Business Strategy
Trusted Network Technologies

Rob Ciampa has more than 20 years of experience in IT risk management, networking and security. Rob has worked with companies around the world designing and implementing secure infrastructures. An early OS engineer for HP and a former switch and router designer for 3Com, he co-founded one of world’s largest network and security integration firms. Rob then went on to Access360, where he was instrumental in its acquisition by IBM, where he subsequently ran IBM’s worldwide channel for security and identity management. In additional to television commentary on IT and computer security issues, Rob is frequently a featured speaker at major IT venues and events internationally. He has a B.S. in computer science and an M.S. in computer engineering from the University of Massachusetts, as well as an M.B.A. from Boston University. He holds two patents in information technology management. His blog is www.knowidentity.com.

Join the Anatomy of a Breach Webcast

Imagine a world without hackers.

For the past decade, corporations around the world have been hemorrhaging data to online criminal syndicates. These organized hackers no longer attack for fun, but now exploit vulnerabilities for financial gain. This Web seminar discusses 5 key gaps in cyber security that hackers are able to consistently and repeatedly exploit and shows you how to prepare your company to defend against evolving cyber threats.

Attend this Web seminar and join Tom Kellermann, former head of cyber intelligence and policy management within the World Bank Treasury Security team, as he discusses five key gaps in cyber security, how you can better manage cyber security risks and how the world has changed in the face of emerging threats.

Download the Web seminar now!

During this on-demand webcast, you will learn:

• Lessons learned by the authors while writing the book
• How hackers exploit web application vulnerabilities and how to protect your apps
• New hacking methods not in the book
• Examples of real Web application hacks

WEBCAST: “Hacking Exposed Web Applications” https://download.spidynamics.com/Registration/hackingexp_web.asp

Where does sensitive data exist in your organization? Where is it hiding, how does it flow through your systems, and who really has access? If you think you know the answers, think again.

In most companies, recognized data represents just the tip of the iceberg, while undiscovered sensitive data lurks below—posing a serious but preventable compliance risk.

Join this one-hour Webinar to explore what you can do to prevent costly and embarrassing data breaches.

Topics that will be covered:

• How unintended data exposure happens, including case examples
• Risk concepts every technie should be able to discuss with business users
• Specific compliance requirements including PCI, Gramm-Leach-Bliley, and HIPAA
• Checks and balances even small organizations must have in place to protect sensitive data
• Capital costs and risks stemming from sensitive data exposure
• Best practices for data relationship discovery and de-identification

(more…)

Security Solutions Virtual Tradeshow
Balancing the Need for Heightened Security and Increased Access

Wednesday, September 13 & Thursday September 14, 2006 Today’s CIOs and IT managers face a daunting task: protect their network from viruses, spyware and the latest threat du jour—phishing and keyloggers to ransomware and cyberextortion. They must also ensure that their IT spending helps their company comply with legislation, maintain internal and perimeter security, and protect information assets and personal data. But, it doesn’t end there–IT executives must contend with an increased reliance on wireless networks, smart phones, instant messenger, P2P and VoIP.  That is the mandate and there is no way getting around it.

New tools and technologies provide widespread access to enterprise users, but they also demand improved security strategies and policies. As IT managers develop more sophisticated security strategies, more complex and damaging threats will be unleashed that drain time and resources. It’s an uphill battle and it’s all in a day’s work for an already overtaxed IT department.

(more…)