Skip Navigation
(ISC)² Security Congress 2017
  • Information
    • Home
    • Location
    • (ISC)² General Session
    • Solutions Theater
    • 2016 Sponsors
    • Exhibitor Center
    • Student Registration
    • Session Highlights
    • Group Registration
    • Spouse Program
    • Security Congress Webinar Sessions
    • Speaker Resource Center
    • New Sessions
    • Panoply
    • 2016 Media Report
    • BrightTALK Channel
    • Instructor Summit
    • Team
    • 2017 Sponsor
    • Videos
    • Access Control 1-Day Training
    • CSA Summit
    • Experience Video
    • Track Survey
    • Dev Ops Training
    • Session Blog
    • Career Center
    • 2017 AM-ISLA Judges
    • Chapter Leadership Meeting
    • Chapter Awards
    • Social Contest
    • Americas ISLA Blog
    • Bookstore Signings
    • Chapter Volunteer Resource Center
    • Escape Room
    • Disaster Relief

(ISC)² Security Congress 2017

 
  • Home
  • Registration & Pricing
    • Pricing Info
    • Pre-Conference Training
    • Group Pricing
    • Student Pricing
    • CPE Opportunities
    • Justification Letter
  • Events & Sessions
    • Keynotes
    • Sessions
    • CSA Summit
    • Panoply
    • Agenda
    • Solutions Theater
    • Americas ISLA
    • Member Events
  • Hotel & Travel
    • Hotel & Travel Information
  • Exhibits & Sponsors
    • Sponsors
    • Exhibitor Floor
    • Become a Sponsor
  • Connect
    • Webinars
    • Videos
    • Blogs
    • Media
    • Meet the Team
    • About (ISC)2

New Sessions Just Added!

 

 

Session 2538 - Outpacing the Adversary: Detection and Containment at Speed/Scale


Date/Time: Monday, September 12, 2016: 3:15PM – 4:15PM

Room: W101B

Speaker - Eric (Egon) Rinderer, CISSP, Senior Director - Federal, Tanium

History has taught us some very bad habits when it comes to incident response in our enterprise. The vast majority of systems are based on the collection, aggregation and post-mortem analysis of data in order to coax out useful information. The reality is that this always keeps us in a following position relative to our adversary. Sufficient technology exists to allow us to outpace the adversary but requires us to re-think our methods, tactics, techniques and procedures since they are all based on assumed latency. A sample tools platform for such real-time response at any scale will demonstrate how the outcome changes when the adversary no longer holds the high ground.

 

 

Session 2330 -  Information Sharing within a Secure Cloud Environment


Date/time: Monday, September 12, 2016: 4:30 PM-5:30 PM

Room: W103AB
Speaker - Dr. David Bouvin, Professor, Capella University

Information sharing is critically important within a competitive business environment. The successful sharing of information requires the proper protection of data, management of information, and acquisition of knowledge. In a competitive business environment, effective managers will be able to acquire, access, leverage, and protect information on a continuous basis. Additionally, data analysis and information management steps will need to occur via a cloud environment throughout the entire global marketplace. The proper utilization and protection of data, information, and knowledge can improve managerial decision making and the overall competitiveness of an organization.

 

Session 3136 - Scanners Are Dead

 

Date/Time: Tuesday, September 13, 2016 11:00am - 12:00pm

Speaker - Nish Bhalla, CEO/Founder, Security Compass

 

Many application security teams scramble to pinpoint vulnerabilities and flaws during the testing and release stages while managing limited security resources, a multitude of compliance regulations and surprise feature requests. Although these teams are trying to follow the right application security practices, they're being left in the dark, over-worked and most importantly applications are being shipped with fragmented security. The common denominator we have experienced with our customers is reliance on dynamic and static testing tools during the final stages of the lifecycle, ignoring the benefits of building security in during the first stage of the software development lifecycle: Requirements.

 

Session 3438 -  Ransomware Doesn’t Mean Game Over

 

Date/Time: Tuesday, September 13, 2016 - 3:15pm - 4:15pm

Speaker - Adam Kujawa, CEH, MCTS, Linux+, CREA, GREM, Head of Malware Intelligence, Malwarebytes 

 

Many organizations believe that the incident response (IR) process begins when someone (or some tool) detects anomalous activity. At this point, teams spring into action to track down the intruder and remove them from the environment, at which point business as usual can resume. In reality, the first step of IR is incident planning. Knowing what will be done, by whom and in what time frame, as well as making the business-as-usual environment one where responders have access to the information they need in a timely manner, is crucial to any organization's successful response.

 


Session 3331 – NextGen Endpoint For Dummies – Tech Survey & Decision Guide


Date/Time: Tuesday, September 13, 2016: 3:15 PM-4:15 PM

Room: W105AB
Speaker - Atif Ghauri, CTO, Herjavec Group

 

From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs.

The following topics will be covered:

• What do i actually need?

• Real-world framework to categorize endpoint capabilities

• Map vendors into buckets within the framework

• Housekeeping, what's needed before you even start?

• Cheat sheet of probing questions to ask vendors

• Best practices of deploying best of breed solutions


 

2016-Congress-Buttons-Stack


Session 3532 – Anatomy of a Ransomware Attack

Date:/Time: Tuesday, September 13, 2016: 3:15 PM-4:15 PM

Room: W102A

Speaker - Barry Shteiman, Director of Threat Research, Exabeam

Ransomware is currently one of the most disruptive security challenges for enterprises. As it moves from an individual employee’s PC to the corporate network, the impact can be significant. Despite much research, most security firms and analysts don’t have a good idea of how a piece of ransomware actually operates, i.e. what is affected and when, what signals to look for, etc. Exabeam researchers have detonated nearly 100 strains of ransomware in the labs and produced a detailed analysis of how a ransomware attack actually unfolds, and how an organization might respond.

 

 

Session 3433 – Why Targeting is the Next Big Trend in Attacks


Date/Time:
Tuesday, September 13, 2016: 3:15 PM-4:15 PM

Room: W104AB

Speaker - Dr. Lance Cottrell, Chief Scientist, Ntrepid Corp.

While we will never see the end of generalized mass attacks, the real damage is being done through highly targeted attacks. In discussing why targeted attacks are so effective and economically advantageous to the attacker, we'll learn why that trend is likely to continue. Timely case studies of targeted and integrated attacks will contribute to understanding the trade-offs for the adversaries. Some suggestions for countermeasures against this strategy will be provided.

 

 

 

Session 3435 – Translating CyberRisk to Financial Risk: Quantifying Impact in Dollars


Date/Time: Tuesday, September 13, 2016: 3:15 PM-4:15 PM

Room: W108B

Speakers - Julian Waits, President & CEO, PivotPoint Risk Analytics: David Shearer, CEO, (ISC

Information security professionals need to be capable of speaking with colleagues, especially at the C and board levels, about security issues in business terms rather than technical terms. The need to change cyber security from a technical discussion to a business discussion has long been clear. Information Security professionals should be prepared to answer, “how much could our organization lose to cyber incidents over the next year and to what extent will proposed security investments reduce the risk of financial loss?” This session will demonstrate how by using Cyber Value-at-Risk modeling. Cyber Value-at-Risk modeling can be used to quantify your organization’s financial risk exposure to cyber-attacks in dollars and cents.



 

Session 3437 – Misuse Cases: Requirements with a Different View


Date/Time: Tuesday, September 13, 2016: 3:15 PM-4:15 PM

Room: W101A

Speaker - Greg Sternberg, CISSP, Enterprise Security Architect, Sungard Availability Services


Security requirements generally tend to be either too broad (product should be secure) or too specific (PII in NIST Special Publication 800-122 defines PII). But an even bigger concern is that security requirements often lack a connection with the business (all data must be encrypted) and may even be anti-business (increase password length to 16). Misuse cases put security requirements into a business context by communicating potential risks to the stakeholders. They help teams understand the rationale behind them and why they are needed. Utilizing misuse cases also helps integrate security into the project life cycle by starting at the requirements phase (or even earlier!) and enabling the development of cohesive test cases.



Session 4133 – Security Operations in a Multi-Cloud World


Date/Time: Wednesday, September 14, 2016: 11:00 AM-12:00 PM

Room: W104AB

Speaker - Jarret Raim, Director of Strategy, Rackspace

As the Cloud matures and organizations become more comfortable in using it, more and more companies are finding themselves in the business of using a variety of platforms to achieve business objectives. From dedicated environments through virtualization platforms like VMWare, Hyper-V and OpenStack to public cloud platforms like AWS and Azure, security organizations are being asked to manage these platforms with a single operation. As a managed service provider for the world’s leading cloud technologies, Rackspace helps customers manage this transition successfully. In this talk, we’ll investigate the type of security operation that can be successful in this mission.

 

 

Outlook Outlook
iCal iCal
Google Google
Yahoo! Yahoo!
MSN MSN

Upcoming (ISC)² Security Congress

Hong Kong • July 3-4

APAC Security Congress

Sao Paulo, Brazil • June 29-30

LATAM Security Congress

Registration & Pricing

Registration Information

CPE Opportunities

Justification Letter

Events & Sessions

Sessions

Pre & Post-Conference Training

Agenda

Americas ISLA

Member Events

Safe and Secure Online

Hotel & Travel

Location

Hotels

International Travelers

Exhibits & Sponsors

Event Sponsors

Become a Sponsor

Downloads & Media

Videos

Blog

 

(ISC)²
Copyright © 2017. (ISC)², Inc. All Rights Reserved.

Top