Information Security Philippines

presents

The Past, Present, and Future of Risk Assessments (Webinar)

Live broadcast: June 24, 2008 @ 10 AM (PST); 1 PM (EST); 6 PM (BST)
Duration: 60 minutes

Moderator: John Sterlicchi, Infosecurity Magazine
Panelist: Michael Gregg, Villanova University
Panelist: Svetlana Hristozova, Marketing Manager, Villanova University Online

Description:
Join noted author and security expert Michael Gregg on June 24th to learn more about how risk assessments are changing to meet evolving security needs.

You’ll travel through time with Mr. Gregg to explore the progression of IS Security problems. For example, in the not too distant past, risk assessments were performed to counter attacks that were designed for glory and fame (Nimda, Code Red and SQL Slammer). These early attacks required massive amounts of time for cleanup and repair and relied on defensive technologies.

In today’s information age, attack vectors have changed. More recent incidents are financial in nature. Yesterday’s virus is today’s custom malware; while denial of service attacks have been
replaced with botnets.

Learn how this evolving threat has forced organizations to view risk assessments differently and develop new techniques. Get the essential solutions every IS and IT professional needs to counter current and future threats.

Who should attend:
Any IT or business professional interested in IS Security and assessing risk to an organization.

This Webinar will:

• Teach you more about how risk assessments are changing to meet evolving security needs. You’ll also discover the latest security solutions to safeguard your company’s ever-changing needs.
• Give you insight into the progression of IS Security issues. Plus, you’ll learn how this evolving threat has forced organizations to view risk assessments differently and develop new techniques.
• Provide you with the essential solutions every IS and IT professional needs to counter current and future threats.

This webinar is free to attend, but space is limited

Register Now

CISSPs and SSCPs can receive 1 CPE credit for attending this webinar. You can earn the credit by simply specifying your number on the registration form and correctly answering 3 multiple choice polling questions about the program at the end of the event.

The threat vectors that target today’s software applications are constantly evolving. While commercial software security features are improving, vulnerabilities still exist.

Customized and proprietary software – those that power much of today’s business operations – are even more vulnerable, as hackers increasingly target applications that range from e-commerce platforms to legacy accounting systems.

As the number of companies deploying proprietary software on or near public networks continues to spike, concerns about application security are more acute than ever.

What steps can you take to protect your company?

An effective, proactive defense against today’s attacks and tomorrow’s threats requires the right combination of technology and expertise.

Making sure you have the right team in place, typically a blend of internal and external experts, is the first step. Methodically identifying and addressing your company’s vulnerabilities, and establishing a plan for ongoing defensive measures is the next.

This FREE whitepaper from Neophasis will help you better understand the threats your company is facing, and the immediate steps you can take to confidently secure your applications.

Download Neophasis’ Proactive Strategies for Securing Your Applications FREE Whitepaper

Hackers are developing increasingly stealthy techniques to evade detection.  The attacks place malicious code on web sites, then keep track of the IP addresses that have visited infected sites; if the same IP address attempts to view the malicious site again, benign content is offered in its stead.

The attacks are also capable of identifying “the IP addresses of web crawlers used by URL filtering, reputation services and search engines,” and serve legitimate content to avoid being identified as malicious.

Recent findings reveal that hackers have created a new class of highly evasive attacks which represent a quantum leap in terms of technological sophistication, going far beyond drive-by downloads and code obfuscation.

The combination of these evasive attacks with code obfuscation techniques significantly enhances the capability of sophisticated hackers to go undetected.

A follow-up study conducted by Finjan’s Malicious Code Research Centre warns of the growing presence of malicious code in online advertising.

More info at: VNUNet

The Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:

- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports

Download from Microsoft

The National Security Agency (NSA) has published version 2 of its security guidelines for Mac OS X. The security documents are available in PDF format on their OS Guides page  for Mac OS X.

These documents for Mac OS X and Mac OS X Server represent best practices for securing the OS and are widely used by the industry as internal standards for configuring Mac OS X. The document is actually written by experts at Apple and endorsed by the NSA which says on its Website,” It is our belief that these guides establish the latest best practices for securing the products and recommend that traditional customers of our security recommendations use the Apple guides when securing Macintosh OS X 10.4.x and Macintosh OS X Server 10.4.x.”

Practices such as setting up admin accounts, generating passwords, the proper way to remove Classic, which can be a serious security problem for Mac OS X, managing the root account, and the use of Access Control Lists (ACLs) is covered.

Out of the box, Mac OS X is fairly secure, especially with respect to closed ports. However, for those in the enterprise who want to take advantage of every feature of Mac OS X to lock down and secure the OS against not only network but local intrusions, this is a must read.

http://www.nsa.gov/snac/downloads_macOSX10_4Server.cfm?MenuID=scg10.3.1.1

Dan Swanson’s latest white paper is now available at ITCI.
The IT Audit Checklist for Risk Management offers:

• 80 specific checklist items to help assess your audit-readiness
• Clarification on what auditors want to see
• Tips on how to effectively communicate with an auditor
• Pointers on audit preparation, testing, and reporting

You can grab a copy @
http://www.itcinstitute.com/display.aspx?id=2499

Note: A brief registration is required to download the “free” paper.