Data Security: How to Manage Security Around Your Critical Data
- What is Critical Data
- What is the lifecycle of Critical Data
- Where does Critical Data Live
- How to Identify Critical Data
- Risks to Critical Data
- Managing the Security of Critical Data
Presented by: Joe Marroquin, CISO, Encompass Digital Media
Prioritize and Execute: Creating an Industry Specific Focus for Risk Based Vulnerability Management
Vulnerability management is not glamorous, but it is one of the best ways to be proactive in securing your organization. The problem lies in the volume of vulnerabilities that come to light each year. In fact, Gartner estimates that in the past decade an average of 8,000 new vulnerabilities were disclosed each year. There is good news however. Of that number only a small percentage are exploited in the wild, and fewer still pose any level of risk to your organization – but how do you determine what is critical, and what can be ignored?
In this presentation, we will be:
- Walking through strategies to efficiently sort through mountains of data and determine which vulnerabilities pose actual risk to your organization.
- Create targeted returns to better highlight industry specific vulnerability risk.
- Demonstrate a data driven approach to better understand the tactics, techniques, and procedures of would-be attackers to enable teams to take proactive steps in their security programs.
Presented by: Nate Foster, Threat Intelligence Consultant, Recorded Future
Improve Your Security Strategy: Master the 3 Levels of Decision-making
Your security team manages risks that affect business units and functions across your entire organization. Security is threaded through every aspect of your business, and your decisions have never mattered more. On a daily basis, you make decisions that affect day-to-day operations, data and system security, executive-level strategy and direction and quite possibly, the future success of your organization. Security leaders straddle the lines of executive, strategic, and tactical decision making, and must be experts at navigating all three of these levels. We’re wearing many hats, often switching between them from meeting to meeting, and it’s imperative that we can effectively communicate and drive decisions that improve and mature our security efforts across the board.
This session will explore ways to enhance engagement with technical teams, business units and executives alike, while still maturing your security program to be more efficient and effective at managing and mitigating risk. Concepts and topics covered will include:
- The 3 levels of decision making you must navigate on a daily basis and how they impact the rest of the organization
- Applying meaningful metrics to demonstrate value to executives and mature program operations for optimal effectiveness
- Finding program gaps where remediation efforts or SLA compliance is lagging, and taking steps to help affected teams improve and succeed
- How Tenable helps to improve operational efficiency, address threats and vulnerabilities faster, and demonstrate tangible business value at all levels of the organization
Presented by: Nathan Wenzler, Chief Security Strategist, Tenable
Continuous Security Validation and You: A Tale as Old as Epoch Time
With Incident Response as the new normal, ensuring that our systems and processes support that effort and threat hunting are working as expected. We will discuss why and how to establish a Continuous Security Validation (CSV) program within your organization. Specifically, how such a program evolves beyond Breach and Attack Simulation (BAS) and provides teams a continuous feedback loop to understand their posture and identify gaps as they arise.
Presented by: Jose Barajas, Director of Global Sales Engineering, AttackIQ
How to Actually Protect Your Software Supply Chain from Attacks
- What is a software supply chain attack
- How hackers infiltrate development through open-source software
- What organizations can do to protect themselves
Organizations use open-source software to help their development teams be more innovative and the organization’s products be more competitive. But with software supply chain attacks on the rise, providing secure software development practices is more important than ever. This presentation shows the techniques used by hackers to infiltrate development teams and the types of tools available to protect software development programs.
Learn how to actually protect your organization from a software supply chain attack
Presented by: Keith Thomas, CISO, AT&T