T.E.N. Knowledge Base


ISE® Central 2012

Taking PDF Security to a New Level with Adobe Reader® and Adobe Acrobat® > Download Whitepaper
Adobe Reader X and Adobe Acrobat X take the security of PDF documents-and your data-to a whole new level. Engineered with security in mind, Reader X and Acrobat X deliver better application security thanks to Protected Mode and new capabilities that allow more granular controls, tighter integration with the Microsoft® Windows® and Mac OS X operating system architectures, and improved deployment and administration tools.

Adobe® Flash® Player and Adobe AIR® security > Download Whitepaper
Both Adobe Flash Platform runtimes-Flash Player and AIR-include built-in security and privacy features to provide strong protection for your data and privacy, whether you use these Adobe products on your desktop system or mobile device. Adobe constantly advances these protections to incorporate the latest developments in the industry and stay ahead of the continually evolving threat landscape.

Adobe Incident Response and Management > Download Whitepaper
The Adobe Secure Software Engineering Team (ASSET) team proactively focuses on preventing security vulnerabilities in Adobe products before they ship, but Adobe knows that ensuring security doesn't end when a product is released. If external security researchers, partners, or customers discover a vulnerability after a product ships, the Adobe Product Security Incident Response Team (PSIRT) responds to resolve the security issue quickly, effectively, and thoroughly. PSIRT is your first line of defense for vulnerability resolution and threat mitigation. PSIRT coordinates with Adobe product engineering teams to identify the appropriate response plan and keeps you informed on mitigation procedures and release schedules.

Adobe Secure Product Lifecycle > Download Whitepaper
The Adobe Secure Product Lifecycle (SPLC) is a rigorous set of industry-leading best practices, processes, and tools designed to keep customers safe and more secure in the evolving threat landscape as they deploy and use Adobe software. The SPLC touches all aspects of the product lifecycle-from providing essential security training for software development teams and building security features into product design, to developing quick incident response plans postship.

Killing Data  > Download Whitepaper
As cybercriminals have become more skillful and sophisticated, they have eroded the effectiveness of our traditional perimeter-based security controls. The constantly mutating threat landscape requires new defensive measures, one of which is the pervasive use of data encryption technologies. In the future, you will encrypt data - both in motion and at rest - by default. This data-centric approach to security is a much more effective way to keep up with determined cybercriminals. By encrypting, and thereby devaluing, your sensitive data, you can make cybercriminals bypass your networks and look for less robustly protected targets.

Establishing a Data-Centric Approach to Encryption  > Download Whitepaper
This paper will provide an overview of the evolving approaches hackers use to steal private data and describe the key requirements for protecting corporate data assets with a data-centric encryption strategy.

Executive Viewpoint  > Download Whitepaper
Sathvik Krishnamurthy, President and CEO of Voltage discusses Data-Centric Security Against Tomorrow's Threats.


Application Security Trends Report  > Download Whitepaper
Featuring: Mobile Apps


a2cloud Solution for Secured Authentication and Access to Cloud  > Download Whitepaper
Combining Modern Authentication Needs with Identity and Access Management.


Study of Software Related Cybersecurity Risks in Public Companies  > Download Whitepaper
Feature Supplement of Veracode's State of Software Security Report.

A 3-STEP PLAN FOR MOBILE SECURITY  > Download Whitepaper
This paper identifies specific countermeasures and management controls that you can use to establish a mobile security strategy that encompasses both corporate and personal devices. It also covers the threat scenarios, risks, complications, and solutions that IT security professionals should use to guide their decisions in this critical area of enterprise vulnerability.

Core SEcurity

Core Security Overview  > Download Presentation

Pete Lindstrom

Pete Lindstrom
Principal Analyst
Spire Security

Measure the Immeasurable: Translating Risk to Executives  > Download Presentation
What does "we stopped 24,476 malware attacks today" mean to an executive? Not much without context. The challenge with reporting metrics is that executive don't always understand "why" they should care, as most measurements only speak to what can be measured vs. what should be measured. As security executives we need to talk less about the bits and bytes and more about what is critical to the business. If you do, you'll find the path to true partnership with the C-suite is not as difficult as exploiting an OpenSSL De-allocation vulnerability. In this session you will learn concrete strategies that will help your organization "get there" and contextualize security - for executives and the business alike. Learn how to create a repeatable, successful strategy to communicate IT risk-to-business risk to build an open line of communication, prioritize issues, and possibly gain more resources to fix the problem right.

John R. South

John R. South
Chief Security Officer
Heartland Payment Systems
ISE® Central Executive Award Winner 2011
ISE® of the Decade Central Award Winner 2012
ISE® North America Executive Award Finalist 2011

T.E.N. Success Story

Merchant Fraud - Advances in 21st Century Robbery  > Download Presentation
Merchant fraud is today’s digital analogy to crimes that once required a physical presence to commit. It is a dimension of business that needs as much attention to policy, process and enforcement as the more traditional information security functions. Fraud can financially devastate businesses and merchants with repercussions that may last for years, if they are ever resolved. Although no one may be physically injured, the crime can still be a traumatic experience for both merchants and employees. Efforts are underway to mitigate fraudsters' capabilities to commit malicious digital merchant fraud acts, but, as we will explore in this presentation, more needs to be done. 

Lee Parrish
Vice President & Chief Security Officer
Parsons Corp.
ISE® North America People's Choice Award Winner 2011

Cracking the CEO Barrier and Making Security a Top Corporate Priority  > Download Presentation
In this presentation we will learn how Lee transformed the security program and security culture at Parsons in the past 12 months. Arriving into his new role with only two employees on the existing team, Lee immediately began to assess the high risk areas and communicate those to risks, as well as investment strategies to the CEO and to the Board of Directors. In one year, Lee has met one on one with the CEO no less than twelve times and presented to the Board of Directors on four occasions. This risk based approach, coupled with effective marketing of security to the highest level of the corporation, resulted in growing his team from 2 to 20 security professionals, tripling his operating budget, and the creation of a state of the art security operations center all in the past year.

Brian Brush Brian Brush
Director of Corporate Security
Sallie Mae

Sallie Mae's Enterprise-wide Continuous Monitoring Program and Vulnerability Scanning Process Evolution  >
Download Presentation

In 2011, Sallie Mae's information security team realized the need to replace its vulnerability scanning process as a way to better secure its expanding computing infrastructure within an increasingly constrained budgetary environment. Brian will share how after evaluating the potential impact on its systems, the team initiated this complex task knowing that significant reengineering of the company's processes would be required. Committed to the end result, the team moved from periodic, compliance-oriented scanning to full implementation of a new enterprise-wide continuous monitoring program in record time, more than doubling scanning coverage while realizing an annual cost savings of 31% over the next 5 years.

Doug Jacoby

Doug Jacoby
Chief Information Security Officer
Baker Hughes
ISE® Central People's Choice Award Winner 2011

Practical Security Management: Getting Back to Basics  > Read Roundtable Discussion Summary
With the media continuing to report on the latest security incidents and malware du jour, it’s tempting to view the constant stream of high-profile data breaches as proof of the advanced capability of the faceless adversary. Driven by the seemingly endless stream of news-making exploits, organizations increasingly are relying on the latest technology as a silver bullet in defending against attacks.

Vickie Miller

Vickie Miller
Director of Information Security
ISE® Central People's Choice Award Winner 2010

Building Trust in the Cloud: Managing the Risk  > Read Roundtable Discussion Summary
Cloud computing has accelerated the rapid adoption of digital business models and given rise to a breed of sophisticated business user who can choose which services to use and combine them at will. Cloud computing clearly delivers value in terms of flexibility, scalability, cost savings and the ability to focus on the core business. But in exchange for speed and efficiencies, organizations are increasing their dependency on third parties and making business trade-offs that may be risky due to a lack of expertise by the person making the outsourcing decisions. Further, as organizations become locked in to a cloud provider, they face compliance, contracting, legal and integration risks.

Julie Talbot-Hubbard

Julie Talbot-Hubbard
Chief Information Security Officer
Ohio State University
ISE® Central Executive Award Winner 2010

Threat Intelligence: Knowledge is Power  > Read Roundtable Discussion Summary
Today’s cyber threat actors are unwaveringly focused on the theft of intellectual property, mission-critical details, and other sensitive information, continually evolving their methods and routinely defeating traditional approaches to defense. As organizations work to thwart the attackers, they find themselves in an escalating arms race with unseen attackers. To combat the advanced, persistent and constantly morphing threats, organizations need the very best security intelligence delivered immediately. However, conventional security technologies typically lack the innate intelligence to deal with rapidly emerging threats and web innovation. As a result, current approaches to threat management often fail due to limited threat intelligence, a lack of event context and gaps associated with this lack of visibility. Further, conducting threat intelligence is tedious and time-consuming. Most security teams are already overburdened with other initiatives. Without ongoing threat vigilance, most organizations stand to find themselves in a constant, reactive state, trying to limit damage after outbreaks occur.

Lee Parrish
Vice President & Chief Security Officer
Parsons Corp.
ISE® North America People's Choice Award Winner 2011

Mobile Device Management: Balancing Business Agility and its Risk  > Read Roundtable Discussion Summary
With the astonishing influx of smartphones, mobile devices and tablets into enterprises, mobile data has become a foundation of the daily operations of businesses around the world. Not only has data itself become more mobile, but the users holding that data have as well. It is the job of the IT organization to make this ‘mobile user experience’ no different than if the user was inside the office and connected to the network, and just as secure. While employees relish the anywhere, anytime power of smartphones and tablets, IT executives shudder at the security risks associated with the advent of free-roaming, employee-owned devices that have direct access to the corporate data. With inadequate mobile security solutions and a lack of understanding or disregard of company security policies by employees, mobile users routinely put sensitive data at risk and are often completely unaware of the inherent risks.