T.E.N. Knowledge Base

ISE® Central 2015

Identity and Access Intelligence: How Big Data and Risk Analytics Will Revolutionize IAM  > Download Whitepaper
In recent years Identity and Access Management (IAM) solutions have made great advances in helping enterprises increase the efficiency of user account provisioning and more effectively manage IT audits. Yet in too many cases these enterprises still discover orphan accounts, people with inappropriate or excessive access to confidential and sensitive data, “privileged users” with unnecessary permissions, employees with toxic combinations of entitlements (violating segregation/separation of duty rules), and individuals violating corporate policies.



The Problem with Privileged Users  > Download Whitepaper
Today’s users need easy “anytime, anywhere” access to information and services so they can do their jobs. The technologies needed to deliver that simplicity have become increasingly complex, and someone has to be there to keep it all running. These administrators (or super users) need “privileged” access to everything within the system in order to troubleshoot, resolve issues and maintain that immediate level of access. This privileged access is necessary, but it can pose some serious problems. Today’s increasingly complex environments require many administrators, from users with “root-level” access to key systems to Active Directory (AD) managers. And if you’re like most companies, you may have more of these privileged users than you think.



Continuous Monitoring for the New IT Landscape  > Download Whitepaper
Recent breaches have targeted a fatal flaw in the way organizations have approached security over the last two decades. While the focus has been on investing in multiple preventive security technologies—centralized authentication, desktop virus prevention, automated patching, next generation firewalls, sandboxes for zero-day malware, and security event management—adversaries have taken advantage of blind spots that have widened as the IT landscape has evolved. The recent breaches occurred not because of unknown weaknesses in the defensive technologies. They occurred because of gaps in coverage, due to the fact that the defensive technologies were not aligned with any security policy or business practices.



SPEAR PHISHING – AN ENTRY POINT FOR APTS  > Download Whitepaper
A number of industry and vendor studies support the fact that spear phishing is a primary means by which Advanced Persistent threat (APT) attackers infiltrate target networks. In fact, one such report found 91% of the attacks they analyzed involved spear-phishing emails. Being able to detect and block emails delivering malicious content though email file attachments and external web links is critical in the fight against targeted advanced attacks.


Brian Engle

Brian Engle
Executive Director
Retail Cyber Intelligence Sharing Center
ISE® Central Executive of the Year Award Winner 2014
ISE® North America Executive Award Winner 2014 - Academic/Public Sector Category

Biography

Cyber Intelligence Sharing and the Meshed Armor of Community  > Download Presentation
No individual organization is immune from attacks, and long lost are the days where relying on defensive measures alone is sufficient. We are in a world where identification, protection, detection, response and recovery are all required and essential elements of a capable security program, and capabilities exponentially increase through collaboration and community efforts to share intelligence. A gathering of the region’s most significant security leaders coming together is a perfect opportunity to consider how we can create the meshed armor of community through cyber intelligence sharing.


Helen Patton

Helen Patton
CISO
The Ohio State University
Biography

Strategies for Winning Enterprise-wide Support for Your Security Initiatives  > Download Presentation
When The Ohio State University’s security department launched the first phase of its information security framework project, the biggest challenge faced was engaging the university’s 129 independent business units. Because each had its own distributed IT department, budget and priorities, there was limited visibility into decisions impacting overall university information security. This compelled the project team to implement new process and governance in order to provide a common language for evaluating and prioritizing risk, establish accountability, expedite remediation and foster a risk-aware culture across all departments. The project generated a remarkable level of engagement with 127 departments participating voluntarily and within one year all objectives were achieved, including evidence of cultural change. Learn how the OSU team was able to gain institution-wide participation and support over such a short time period while working with a small budget, even smaller staff and a complex political environment.


Rick Swenson
Assistant Vice President - Financial Crimes
Operational Excellence & Strategic Initiatives
USAA
Biography

Biometric Logon: Changing the Game for Multi-factor Authentication  > Download Presentation
Watch the Video
A well-known innovator in the field of security, USAA has once again defied known limits by implementing biometric technology to support mobile application access for more than 145,000 users. The new technology provides a simple, secure and broad approach to multi-factor authentication that enables users to access their accounts and manage their finances directly from the USAA Mobile App without having to use static username and password. Biometric logon shifts the focus from what you know – usernames and passwords – to who you are and what you have, ultimately safeguarding personal information often harvested from data breaches and social engineering. Learn how USAA became the first financial institution to implement this game-changing experience for its diverse user base and discover why biometric technology is the next step into the future of security.


Pete Lindstrom

Pete Lindstrom
Research Director Security Products
IDC
Biography

IDC's State of the "C" in CISO Survey 2015  > Download Presentation
Pete Lindstrom shares the results of the 2015 IDC's State of the "C" in CISO Survey.

Scott Pettigrew

Scott Pettigrew
VP, Chief Security Officer
HMS
Irving, TX
ISE® Central Executive Award Finalist 2014
ISE® North America Executive Award Finalist 2014 - Health Care Category

Biography

Cyber Threat Intelligence: A Gold Mine of Value > Summary
An intelligence capability empowers organizations to identify potential threats and vulnerabilities in order to minimize the ‘threat attack window‘ and limit the amount of time an adversary gains access to the network before they are discovered. Organizations that operate with an intelligence-led mindset understand that threat intelligence is the ‘mechanism’ that drives cyber security investment and operational risk management. The number of cyber threat intelligence providers continues to increase and the idea of threat intelligence is gaining widespread acceptance. While increased awareness of the cyber security threat is a positive trend, many organizations still need to put in place the fundamentals of intelligence management to gain real value from threat intelligence. This will be a crucial for instilling confidence in board members – and ensure that the organizations are equipped to leverage the gold mine of value that can be extracted from cyber threat intelligence.


Jack Key

Jack Key
Chief Information Security Officer
Brinks
ISE® North America Executive Award Finalist 2010
ISE® Central Executive Award Finalist 2010

Biography

Securing Your Data across Channels: Strategies for Outpacing Zero Day Threats and Sophisticated Hackers > Summary
Mobile, social and cloud technologies enable an organization’s efficiency and productivity, and can often provide competitive and brand differentiation. However, the widespread adoption of these services often results in an environment where free-flowing data quickly outpaces an organization’s ability to proactively defend against imminent and emerging security threats. All companies with valuable IP should assume both zero day threats and sophisticated hackers are targeting them. Mobile, social and cloud technologies drive productivity. But they also open the door to data theft and advanced attacks that can slip right by anti-virus, URL filtering and firewall defenses. A continued focus on siloed controls is insufficient for today’s threats as attacks are highly advanced, well-funded and persistently targeting enterprise environments.


Eric Fisch

Eric Fisch
Senior Vice President, Information Security
Texas Capital Bank
ISE® West People's Choice Award Winner and Executive Finalist 2013
ISE® Central Celebrated Executive 2013
ISE® North America People’s Choice Award Winner 2013

Biography

The Era of Cyber War Games Has Arrived – Are You Prepared to Play? > Summary
When the movie War Games hit theaters back in 1983, the concept of computer hacking was little more than science fiction. Fast forwarding more than 30 years later, gripping sci-fi dilemmas featuring cyber-attacks have become real life nightmares for many organizations. The era of the modern cyber war games has arrived with nation states backing large scale cyber terrorist attacks, issuing demands, and bringing huge organizations to their knees for months on end. Private user data, sensitive employee credentials, and even unreleased products are being disclosed and used as ammunition against major corporations like Sony, Target, JP Morgan Chase, and Home Depot on this digital field of battle. These companies face not only financial losses in the millions, but also must cope with equally crippling brand disintegration due to public backlash and customer fallout. Now that fiction is reality, an important question remains – is your team prepared for these cyber war games?


Todd Fitzgerald

Todd Fitzgerald
Global Director of Information Security
Grant Thornton International, Ltd
2005 ISE® Central Finalist
2006 ISE® Central MC & Judge
2008 ISE® West MC
2012 ISE® North America MC
Security Author

Biography

Security & Compliance: What is the secret to success? > Summary
The compliance and technology landscape has changed dramatically in recent years with progressively strict regulations, especially in industries such as energy, oil and gas, health care, retail and financial services. Regulators are increasing scrutiny and fines, while internal policies and controls, particularly in relation to data, have posed debilitating for communication and collaboration needs. Additionally, it has become increasingly common for emerging threats to strike at points between the enterprise and third-party vendors, which further escalates the necessity for secure collaboration. How are your peers facing these challenges? Join this discussion to discover best practices for meeting industry requirements while ensuring secure collaboration in the complex marketplace.