T.E.N. Knowledge Base

ISE® Central 2017

Attivo Networks’ high- delity deception platform aims to fool attackers  > Download Whitepaper
Attivo Networks’ ThreatMatrix deception-based defense platform is designed to engage and fool attackers, thus providing security analysts with opportunities for real-time intelligence, as well as an automated means of shutting down an attack. Over the course of this year, Attivo and deception technologies have seen a signi cant bump up in market pro le, as organizations seek early and ef- cient means to detect advanced threats. Attivo’s platform, in particular, touches on several use-case categories, including detection, vulnerability management and analysis, controls and automation, and anti-malware.



RANSOMWARE: ATTACK TRENDS, PREVENTION, AND RESPONSE
 > Download Whitepaper
For the past decade, hackers motivated by financial gain – as opposed to those focused on stealing specific intellectual property or acting for political reasons – turned to banker Trojans as their primary approach. But, the tide has shifted. Banker Trojans have been eclipsed by ransomware as the preferred weapon of hackers everywhere, and in recent months, security incidents attributable to ransomware have been seen at an alarming rate in businesses and government organizations.



Ransomware Prevention Is Possible: Fighting Today’s Bountiful Cornucopia of Extortive Threats
 > Download Whitepaper
Australian cybersecurity headlines paint quite a frightening picture. Viruses are being called ‘unbreakable’ and Australia is being called the land of opportunity for attackers. Attack volumes are up over 100% each year and tens of millions of dollars are flowing to overseas bank accounts as ransomware victims try to buy their way out of security breaches.



Enterprise Phishing Susceptibility and Resiliency Report  > Download Whitepaper
Welcome to PhishMe’s 2016 Enterprise Phishing Susceptibility and Resiliency report. The report we published in 2015 focused solely on susceptibility, only telling half of the story. Now, with over 5 million active installations of PhishMe ReporterTM across the globe, we can publish statistically significant metrics about the rate and accuracy of humans reporting phishing emails. We are excited to share this data as it has been missing from phishing studies in the past. Armed with this new data, we hope that security organizations focus their attention on the ratio of Report-To-Click instead of dwelling on susceptibility metrics.



Mignona Cote

Mignona Cote
Chief Security Officer
NetApp
ISE® Central People's Choice Award Winner 2017
ISE® Central Executive Award Finalist 2017
ISE® North America Executive: Health Care Award Winner 2017

Biography

Jeannette Rosario

Jeannette Rosario
Director, Global Security
Aetna
Biography

Balancing the Security Scales: Managing Subsidiaries with Distinctively Different DNA  > Download Presentation
As daunting as securing a Fortune 50 company, adding 14 independently subsidiaries to the mix, stretches leadership and innovation. Resiliency to market demands, continuous change in threats and 14 completely different companies ranging from financial services, international markets and consumer healthcare forces the Global Security Officer to manage each security program uniquely while leveraging core Aetna techniques and solutions. At Aetna, a model was developed to identify risks, measure maturity and implement solutions maintaining the unique DNA of each company while assuring the security as they operate within the boutique styles required for competitive advantage and speed to market. Join our conversation to learn how the Aetna team developed a revolutionary way of measuring controls against one baseline that turns into 15 unique sets of operational security programs with integration into 14 security technologies.


Katie Kolon

Katie Kolon
Executive Assistant to the CISO
Cook County Department of Homeland Security and Emergency Management
Biography

Ricardo Lafosse

Ricardo Lafosse
Chief Information Security Officer
The Kraft Heinz Company
ISE® Central Executive of the Year Award Winner 2019
ISE® North America Executive: Financial Award Finalist 2019

Biography

Strengthening the Cybersecurity Landscape  > Download Presentation
The Cook County Department of Homeland Security and Emergency Management, Information Security Office set out to provide a mechanism for a stronger, collaborative front against malware, distributed denials of service, Ransomware and other cybercrime especially for municipalities and communities with limited resources. Additionally, the team needed to create an effective threat notification service that formats alerts that are actionable for security specialists yet are easily understandable for city and county analysts. The Cook County Cyber Threat Intelligence Grid (CCCTIG) integrates with existing infrastructure but allows for sharing with external entities in a secure manner and provides a security solution for smaller communities that cannot always afford the cost of other cybersecurity solutions. Join our conversation to learn how the CCCTIG was able to provide participating municipalities with access to a secure platform which shares a wealth of cyber-threat intelligence which includes bad actors, malicious campaigns and security incidents.


Marcia Peters

Marcia Peters
SVP, Information Security Governance, Risk, and Compliance
US Bank
Biography

Risk vs. Reward: Strengthening and Maturing Information Security Processes and Controls  > Download Presentation
U.S. Bank’s Process Alignment and Risk Management Enhancements (PARE) project sought to mature their information security program and create a more robust control set. The project started with a pilot of high risk information security processes in which the U.S. Bank team identified the need to be more granular at the process level and the need to work hand in hand with the oversight teams. The objective of the PARE project was to document information security processes, risks, and controls and align to the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF). Join our conversation to learn how the U.S. Bank Team was able to develop a method for tying controls to inherent risk, thereby achieving an acceptable level of residual risk which allows their peer organizations to generate cost savings, increase resource productivity and enhance information security processes and procedures.

Ajay Gupta

Ajay Gupta
SVP & Chief Information Security Officer
AmerisourceBergen
Biography

Social [Media] Security: The Impact of Social Media on Information Security  > Summary
Social media has become such an integral part of our day to day actions that we sometimes neglect to consider the greater impact it has at the business level. Cyber criminals run rampant across every social network today. While we see headlines about social marketing faux pas and account hacks, those are just the tip of the security risk iceberg. Companies’ poor social media security practices can put their brands, customers, executives, at serious risk. According to Cisco, Facebook scams were the most common form of malware distributed in 2015. The FBI said that social media-related events had quadrupled over the past five years and PricewaterhouseCoopers found that more than one in eight enterprises suffered a security breach due to a social media-related cyberattack. While adapting best practices for social media usage for employees is a decent start, there’s much more to be done. Security professionals must start treating social channels like the potential security threat they are and align strategies to effectively fend against the range of cyber techniques currently in use.


Yabing Wang

Yabing Wang
Deputy CISO
Carrier Corporation
Biography

Securing What You Share: Improving Third-Party Security  > Summary
When organizations start working with third-party vendors, they have to consider a variety of security concerns. These vendors often have access to valuable, sensitive corporate data, yet according to a 2016 study by the Ponemon Institute, more than one third of companies don’t believe these vendors would tell them if they had a data breach. Additionally, About 60% of respondents said they felt vulnerable because they were sharing sensitive data with third parties that might have weak security policies. While including data privacy and security procedures in third-party contracts to ensure vendors have appropriate measures in place to protect company data has become commonplace, it is difficult to evaluate how the vendor is protecting data from unauthorized access, use, and disclosure, and to know whether the vendor has appropriate contractual terms in place with downstream, who may also have access to your data. This disconnect creates a high-risk area for all industries as more and more data loss through third-party vendors results in a breakdown of trust and communication. To help prevent potential damages, organizations need to develop plans for working with third parties that involve data mapping vendors, contract specificity, and regular data audits.


Elliott Franklin

Elliott Franklin
Director of IT Governance & Security
Loews Hotels

Navigating Brexit and EU Data Protection Regulations  > Summary
European Union’s General Data Protection Regulation is still set to go into effect in 2018. The UK will also likely be committed to implementing the Cyber Directive – the Network & Information Security (NIS) Directive – along with other EU Member States, most likely by spring 2018. Even if the overlap between the UK's EU membership and the application of the GDPR in the UK were to be short lived, any UK business which trades in the EU will have to comply with the GDPR despite the result from Brexit. At a more international level, the GDPR and the current status of the UK opens up a whole potential complicated web of data protection and information exchange challenges for those wishing to do business with members of the EU or Great Britain. What kinds of changes can we expect to see from the EU and how they handle the exchange of information and what echoing effects will Brexit have on the GDPR and international data exchange in the years to come?


Mike Stewart
Executive Director in Information Security
USAA
Biography

Security from the Inside: Combating Insider Threats  > Summary
While the popular view of most security threats tends to be of outsiders, the last few years have also seen an increasing emphasis on threats to the enterprise from the inside. Insider threats can range from something as simple as a negligent employee who clicks on a bad email link to a disgruntled employee with privileged access to sensitive data and portions of the enterprise. A 2016 survey on insider threats by Bitglass revealed that one in three organizations interviewed had experienced insider attacks , with 56% saying they have gone up in the past year. Organizations are starting to see improvements in detecting insider threats however. In the same survey, 64% of the respondents said they can now detect breaches within a week, compared to the previous year where only 42% were able to do so. While there have been some improvements in dealing insider threats, there still remains a strong need for a more vigilant and proactive approach to identifying, isolating, and mitigating damage from these kinds of attacks.