T.E.N. Knowledge Base

ISE® Northeast 2015

Adobe Security and Privacy Certifications  > Download Whitepaper
At Adobe, we take the security of your data and digital experience seriously. To protect from the software layer down, we use the Adobe Secure Product Lifecycle—a rigorous set of several hundred specific security activities spanning software development practices, processes, and tools, integrated into multiple stages of the product lifecycle. To protect from the physical layer up, we are implementing a foundational framework of security processes and controls to protect our infrastructure, applications and services and help us comply with a number of industry accepted best practices, standards and certifications.

How to Evaluate DDoS Mitigation Providers: Four Critical Criteria  > Download Whitepaper
Distributed Denial of Service (DDoS) attacks continue to make global headlines with ever-growing attack sizes and new attack methods. This dynamic and constantly changing threatscape has sparked an increased demand for mitigation services and with that an influx of service providers are entering the marketplace. However, because many of these services reside in the cloud it is often difficult for providers to assess, evaluate and differentiate DDoS mitigation service providers. How can you be sure that the DDoS mitigation services provider you bring on board can deliver on the promise to stop the Internet’s largest and most sophisticated attacks? This white paper explores four critical criteria on which to evaluate DDoS mitigation providers before signing on the dotted line. Akamai has developed key questions related to each to help you evaluate a provider’s threat intelligence, experience, mitigation capabilities and capacity. Our guidance is based onAkamai’s practical experience in proven mitigation approaches for different DDoS attack scenarios, as well as on our keen insight into the minds and strategies of cybercriminals and DDoS attackers.

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization  > Download Whitepaper
Big Data Analytics is a very hot topic in IT Security circles lately, specifically regarding how it can potentially be applied to derive seemingly magical results like it has in so many other applications from the Siri service on i-devices, to understanding epidemics, to predictive marketing, to scientific and engineering applications and many more. However Big Data by itself is not the panacea for all security ills that most believe it to be. This paper outlines how automated machine learning analytics with contextualization leads to better results and quickly identifies and repels attacks over approaches focused on Big Data.

Moving Forward - How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach  > Download Whitepaper
In June 2015, the United States Office of Personnel Management revealed that a persistent adversary overcame their meager cyber-defenses and pilfered the personal identifiable information (PII) of the 1-in-15 United States citizens who either work for the Federal Government, have applied for or possessed a security clearance since the year 2000, or are an immediate relative or known associate of a cleared individual. Public outcry and outrage ensued in the following weeks. The White House issued statements defending the OPM administration and recently discussing measured retaliation against China, the alleged state sponsor behind the breach. Federal investigations and Congressional hearings investigated the details of the breaches, the faults of OPM, and the faults of its administration. The media sensationalized the event as the personal fault of individual members of OPM’s administration and as an act of war from China or other nation states. For its part, OPM notified the 4.2 million victims of the first breach, OPM offered 3 years of credit monitoring to victims, and OPM issued some online guides about steps against identity theft. The 19.5 million victims who applied for a security clearance, possessed a security clearance, or are related to a cleared individual, are still awaiting their notification letters from OPM detailing steps to mitigate adversarial use of the granular personal information on the 127-page SF-86 form that was exfiltrated from the OPM database.

A False Sense of Cybersecurity Three Pitfalls to Avoid  > Download Whitepaper
Breaches disclosed in the media foster conversations within organizations on how to protect critical assets. Loss of intellectual property, financial data and consumer confidence have produced tangible evidence of an evolving threat landscape that, in turn, has elevated cybersecurity conversations to the board room. Security executives tasked with preventing their organization from being the next news soundbite are getting more support and more budget than ever before.

Today’s Risks Require Tomorrow’s Authentication  > Download Whitepaper
As businesses, other types of organizations, and their customers increasingly interact and transact through their laptops and mobile devices, the need to protect their resources and information dramatically increases. Both the number and the seriousness of breaches continue to rise at a steady pace, most of which involve compromised or vulnerable authentication. This white paper discusses the changing landscape and business drivers behind the need for multi-factor solutions.

Making a Great Application Security Program – That Scales  > Download Whitepaper
What do Nasdaq, JetBlue, and JCPenney all have in common? Each company suffered the same unsuspected and undetected hack which was able to swipe the information of over 160 million credit cards over a period of seven years. These cyber-attacks referenced were finally tackled in 2012, and yet in only three short years, the tactics used to uncover and expose “protected” information have become even more sophisticated—and the problem is only expected to get worse.

Businesses in the financial industry have borne the brunt of these relentless cyber-attacks. They are scrambling to pinpoint any system vulnerabilities and flaws before cybercriminals do. Not only are they obligated to their customers to maintain proper security measures, but many finance companies are required to stay up-to-date with a multitude of compliance regulations and under the constant pressure to remain innovative in their space, resulting in unknown security risks. Avoiding these risks is the responsibility not only of the security teams of these businesses, but also of the CEOs, the CFOs and the Board of Directors – virtually anyone linked to the success and stability of the business.

Yet, in arranging, anticipating, and covering all possible attacks and situations, there are several problems that financial institutions continually find themselves bumping up against: a lack of time, skills, and resources to properly address and fulfill these provisions.

The Cyber-Resilient Enterprise: Harnessing Your Security Intelligence  > Download Whitepaper
This paper details to IT leadership the importance of cyber resilience in the face of evolving cyber threats. It defines the state of cyber resilience and the importance of security intelligence in achieving it. Finally, it paints a picture of the future of security.

John Schramm

John Schramm
Vice President of Global Information Risk Management and CIRO
Manulife/John Hancock

Information Risk in the Boardroom: How to get comfortable outside your comfort zone - Download Presentation
As the profile of information risks such as cyber security, access management and business resiliency increase at companies so does the organizational profile of the CISO role in corporate governance. This constant and rapid evolution of the role has stretched the capabilities of many CISO’s as the role continues to grow and expand into the boardroom. I’ll share my views on where we have come from, the challenges we currently face in being effective with our boards and where we may be going in the future.

Joseph Zingalis

Joseph Zingalis
International Information Security – Canada & LatAm
Wells Fargo & Company

Securing Your Data across Channels: Strategies for Outpacing Zero Day Threats and Sophisticated Hackers > Summary
Mobile, social and cloud technologies enable an organization’s efficiency and productivity, and can often provide competitive and brand differentiation. However, the widespread adoption of these services often results in an environment where free-flowing data quickly outpaces an organization’s ability to proactively defend against imminent and emerging security threats. All companies with valuable IP should assume both zero day threats and sophisticated hackers are targeting them. Mobile, social and cloud technologies drive productivity. But they also open the door to data theft and advanced attacks that can slip right by anti-virus, URL filtering and firewall defenses. A continued focus on siloed controls is insufficient for today’s threats as attacks are highly advanced, well-funded and persistently targeting enterprise environments.

Larry Wilson

Larry Wilson
Chief Information Security Officer
University of Massachusetts

Security vs Risk vs Privacy: Who Leads the Charge? > Summary
As the field of security has evolved, so has the role of the Chief Information Security Officer, but debates are heated regarding exactly what responsibilities this title-bearer should assume. Although the classic model calls for a CISO with a strong technical background to manage enterprise level security efforts, many global organizations have shifted from a focus on information security programs to a holistic risk management approach, which calls for a more business savvy CISO. Others have found combining their privacy and security teams under single leadership can help to manage risk. Others still see security, risk and privacy as vital roles that merit their own c-suite members. What’s the best model? Join our conversation to debate the merits for the CISO as a risk and privacy officer and share your insight about the evolution of the CISO role.

Mike Towers

Mike Towers
Executive Information Security Officer
Actavis, Inc.

Defending Against Advanced Threats in an Ever-evolving Threat Landscape > Summary
The cyberspace environment is extremely dynamic and unfortunately, new vulnerabilities and threats emerge on a daily basis. Security leaders must develop and employ various offensive and defensive strategies to defend the enterprise and minimize risks at an acceptable cost. Join our discussion to learn how your peers are addressing advanced threats from internal, external and global sources, and share your own insights on protecting your enterprise in the evolving threat landscape.

Todd Bearman

Todd Bearman
Chief Information Security Officer
Tower Watson

The Growing Complexity of IT Security: How Do We Manage? > Summary
IT Security is undoubtedly a cat and mouse game. As technology threats grow in complexity, security leaders work tirelessly to develop new methods for identifying and thwarting attacks. But the fact remains— there is no such thing as absolute security. In the future, IT-dependent societies must be capable of withstanding an attack, or surviving an attack and recovering, without the descent into chaos. Join us to take a deep dive into the concept of developing and maintaining resilience as a central focus for your contemporary security strategy.