T.E.N. Knowledge Base



To the Cloud! Software Security Evolution at Adobe > Watch the Video
For years software security at Adobe meant defending ubiquitous software on the desktop and in the browser. But with offerings like Creative Cloud Adobe is now in the hosted services game. The secure software engineering team had to retrench and retool to secure a new type of offering against a new set of threats. This talk describes the evolution of security at Adobe to meet this new challenge.

Taking PDF Security to a New Level with Adobe Reader® and Adobe Acrobat® > Download Whitepaper
Adobe Reader X and Adobe Acrobat X take the security of PDF documents-and your data-to a whole new level. Engineered with security in mind, Reader X and Acrobat X deliver better application security thanks to Protected Mode and new capabilities that allow more granular controls, tighter integration with the Microsoft® Windows® and Mac OS X operating system architectures, and improved deployment and administration tools.

Adobe® Flash® Player and Adobe AIR® security > Download Whitepaper
Both Adobe Flash Platform runtimes-Flash Player and AIR-include built-in security and privacy features to provide strong protection for your data and privacy, whether you use these Adobe products on your desktop system or mobile device. Adobe constantly advances these protections to incorporate the latest developments in the industry and stay ahead of the continually evolving threat landscape.

Adobe Incident Response and Management > Download Whitepaper
The Adobe Secure Software Engineering Team (ASSET) team proactively focuses on preventing security vulnerabilities in Adobe products before they ship, but Adobe knows that ensuring security doesn't end when a product is released. If external security researchers, partners, or customers discover a vulnerability after a product ships, the Adobe Product Security Incident Response Team (PSIRT) responds to resolve the security issue quickly, effectively, and thoroughly. PSIRT is your first line of defense for vulnerability resolution and threat mitigation. PSIRT coordinates with Adobe product engineering teams to identify the appropriate response plan and keeps you informed on mitigation procedures and release schedules.

Adobe Secure Product Lifecycle > Download Whitepaper
The Adobe Secure Product Lifecycle (SPLC) is a rigorous set of industry-leading best practices, processes, and tools designed to keep customers safe and more secure in the evolving threat landscape as they deploy and use Adobe software. The SPLC touches all aspects of the product lifecycle-from providing essential security training for software development teams and building security features into product design, to developing quick incident response plans postship.

Manage Risk, Mitigate Threats  > Download Whitepaper
To protect your organization against the most aggressive threat environment in the history of IT, you need a strategy that unifies the components of a complete security program. That’s HP Enterprise Security—a risk-based, adversary-centric approach to threat protection.

Security and Compliance in the Cloud  > Download Whitepaper
Cloud computing offers flexibility and savings, but as data, systems and services move to the cloud, organizations expose themselves to serious security and compliance challenges.

Automating the SANS 20 Critical Security Controls with QualysGuard  > Download Whitepaper
The SANS 20 Critical Security Controls are a prioritized, risk-based approach to cyber security. They are the result of a consensus process that involved a wide variety of cyber security professionals from government and industry, who were asked: “In practice, what works and where do you start?” The Critical Controls have become a blueprint to help Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) to deploy the most effective processes and tools to secure all their computer systems according to risk. Four tenets were fundamental defining the Critical Controls: 1) focus on continuous monitoring to test and evaluate remediation; 2) automate processes to address security with efficiency, reliability and scalability; 3) provide common metrics allowing all stakeholders to objectively evaluate and adjust security measures; and 4) put the organization in charge by using knowledge of actual attacks to build effective defenses. By following the guidelines of Critical Controls, your organization can ensure the confidentiality, integrity and availability of its information technology assets.

100 Tips for Implementing Network Security  > Download Whitepaper
Insight from chief information security officers and those that support them.

State of the Data Center Survey  > Download Whitepaper
IT executives have long had to grapple with challenges related to managing the data center, including providing robust logical and physical security, ensuring disaster recovery and high availability, handling server maintenance and accounting for data backup. But with the emergence of overarching IT trends such as virtualization, cloud computing and the proliferation of mobile devices, data centers are being transformed. In many ways they’re becoming more complex, and as a result the challenges of managing these IT resources are changing. To get the most value out of their organizations’ data centers, IT executives need to understand the new challenges and how to effectively address them. Otherwise, their investments in virtualization software, blade servers and other technologies designed to “modernize” the data center might be in vain.

Paras Shah

Paras Shah
Enterprise Security Products Country Manager, Canada
Fortify ASC

The Vulnerability Landscape: What to know about Cyber Risk > Download Presentation
The 2012 HP Cyber Risk Report shows that although critical vulnerabilities are on the decline, they still pose a significant threat. Rapidly deployed new technology can have a significant impact on enterprise security; however, data show that seemingly mature technologies continue to introduce risk from new exploits. Additionally, the explosive adoption of mobile devices and the applications that drive them has resulted ina corresponding boom in mobile vulnerabilities — a 787 percent increase in the last five years. This discussion will explore how actionable security intelligence is necessary in accessing the vulnerability landscape and determining the most effective strategies for deploying resources to minimize cyber risk. Other key points will address how threat intelligence and security research can be leveraged to help understand, prepare for attacks and improve security offense.

Della Shea

Della Shea
Chief Privacy and Information Risk Officer
Symcor, Inc.

Establishing a Cost Effective PCI DSS Compliance Program by having a Can Do Attitude > Download Presentation
Achieving and maintaining PCI DSS Compliance can be complex and costly, and strong leadership is required to accomplish this business critical initiative. Symcor embraced the challenge head on, assembling a capable, talented team focused on “total cost of ownership,” and remained committed to finding the best solutions for the organization. During this presentation, learn the four guiding principles that are fundamental to your strategy for successfully achieving and maintaining this standard.

Ray Archer

Ray Archer
Senior VP and Chief Information Security Officer

Creating a Comprehensive IT Risk Framework that Aligns with Operational Risk > Download Presentation
The importance of security within the enterprise is growing as business leaders realize that IT-related events can have a dramatically negative impact on strategic goals and objectives. It is vital to craft an IT risk framework that establishes the processes, accountabilities, and tools to govern and manage the risks to data and systems. A solid framework is closely aligned with business objectives and will ultimately require the active support of all key business leaders within the enterprise, not just the IT organization, making it an integral part of daily routine and a fundamental process for continuous improvement. This presentation will identify the necessary elements to include in your core IT Risk Framework and strategy in order to enable the prioritization and communication of IT risks in a holistic way.

Kenneth Haertling

Kenneth Haertling
VP & Chief Security Officer

Embedding Security throughout the Enterprise – From Products to the Infrastructure > Download Presentation
The field of security is evolving rapidly and it is more important than ever to ensure security is a priority at every level. As leaders within the organization, CISOs must be successful in uniting disparate areas of the company under a common strategy, working as partners rather than policemen and operating in transparency verses the black box security department of the past. This presentation will address best practices in embedding security throughout the enterprise and using a data-driven approach to drive continuous improvement in the areas of security, risk and compliance at every level of business.