January 24, 2012
eSymposium: Insiders with access

With the economy continuing to lag, ethical boundaries become less of a guiding light. Employees with privileged access, believing their actions on the enterprise network are undetectable, are more and more tempted by easy gain. Whether transferring customer credit card data to gray market operators, or in cahoots with nation-states to sell military or government secrets, the threat from insiders continues to escalate. However, there are solid defenses and strategies to combat this persistent threat. We take a look at the trends and problems and examine the best ways to deal with these.

December 8, 2011
eSymposium: Fending off attacks from all sides

The rate at which attackers of all types have breached corporate and government systems has risen rapidly. Whether spearheaded by organized cybercriminals, hacktivists, state-sponsored offenders or insiders, these assaults highlight the need to be much more proactive and adaptive. Having the most robust risk management programs in place - which include industry best practices, sound policies and deployment of the strongest technologies - is critical. In short, such programs must leverage people, processes and technologies to enable systems to be resilient - even in the face of the most sophisticated attackers. We learn from experts just what such planning entails.

November 15, 2011
Canada eSymposium: Keeping data secure and private

There have been a number of data exposures and breaches in Canadian provinces over the last two years. From the Sony PlayStation and Qriocity breach - which likely compromised the personal information of millions of Canadian customers - to the hack earlier this year of the government's Finance Department and Treasury Board, Canada is not immune to the ever-rising tide of cyberattacks. The question is: What does planning entail? We will discuss some of the challenges and solutions involved in protecting today's major attack vectors - including mobile devices, social media and cloud services - and review privacy and data security policies that should be in place

November 8, 2011
eSymposium: Vulnerability management

Cybercriminals frequently take advantage of vulnerabilities in web and other applications to gain entrance to wider corporate infrastructures. With breaches now happening on a regular basis using these methods, critical information of all kinds is being exposed. We learn from experts what companies can do to mitigate against these threats.

October 25, 2011
eSymposium: Advanced Persistent Threats

Some say APTs are a combo package of attack types complete with long-term information siphoning that can bring companies to their knees. Others, however, believe APT has become a hype-filled marketing term used by vendors to scare nervous or confused executives into buying their products, which may or may not provide the support they need. We take a deeper look at APTs and find out just how worrisome these threats are and, if so, the best ways organizations can protect their systems from being infiltrated by them.

October 18, 2011
eConference: PCI Security

Our second PCI security-related online event of the year, this eConference will provide some updated guidance and insight to attendees on how they can assure their organizations continue to remain compliant and keep all-important PII secure. Much anticipated guidance already has been released regarding mobile security and virtualization. Guest speakers explore this advice from the PCI Security Standards Council and more during this event.

September 20, 2011
eConference: Fraud - Implementing Fixes

Many leading CSOs at various conferences this year touted the need for organizations to have their security controls follow and protect their most important data assets, rather than the network. So, just how is this best achieved and what policies, plans and technologies can help? Also, how are data breach notification laws helping to drive the evolution of this philosophy among organizations of all sizes?.

September 8, 2011
eSymposium: Mobile Security

To safeguard mobile devices used by business executives, the data stored on them and the connectivity to corporate networks they enable is a constant trial - one that is infrequently satisfactorily remedied. This is leaving many security pros comparing themselves to Sisyphus rolling a giant boulder up a steep hill over and over. The difference: mobile security troubles only grow heavier. Not only are smartphones, tablets and other devices now ubiquitous, they're often brought from home. So, just how are companies supposed to secure these things - some private, some corporate-issued? How can such a heterogeneous environment be centrally managed and safeguarded? What about all those applications end-users keep downloading? What about the data they want to download on them? Any legal ramifications? How does the company stay compliant? We'll provide some answers.

August 25, 2011
eSymposium: Social Networking - Threats and solutions

Last year, a security consultant set up fake profiles on Facebook, Twitter and LinkedIn for a security analyst at the U.S. Navy's Network Warfare Command. Within a month, the profiles had garnered well over 300 'friends,' some of whom were security specialists, military personnel and staff at intelligence agencies and defense contractors. During that time, some of these practitioners revealed their various contacts' details, photos and, in one case, the security questions to gain access to a personal email account. Beyond the ability for cybercriminals to enlist social networking sites to cull pertinent details like these, such sites still are rife with malware and social engineering attacks. What can companies do to protect their end-users and their own critical data as staff access their profiles on social networking sites daily? We discuss best practices and other tactics and tools.
 

Enterprise end-users are becoming more reliant on cloud computing applications and virtualized environments, in general, to enable the quick sharing of information with one another more quickly. And while some companies are being cautious with their moves to the cloud, limiting the kinds of information stored and exchanged there, others are taking some risks. What can executives do to better plan and implement security best practices in the cloud?

 
July 14, 2011

IPv4 address space officially ran out earlier this year, but security problems abound with the new internet address protocol IPv6. And, though, many organizations aren't even thinking about the various security implications of IPv6, many industry experts contend that they need to be. As many of the newest operating systems and network devices stand at the ready for IPv6 -- given that most implement the latest protocol by default, gaping holes can easily be introduced to the network. As well, vulnerabilities to critical data crop up when network address translation (NAT) occurs between IPv4 and IPv6 technologies. For example, when an IPv4 address hits an IPv6 network, NAT takes over to allow the network to read the antiquated protocol. Problem is that as this translation is happening, the data in the exchange can be left wide open. On top of the various network security issues that are associated with IPv6, staggered adoption introduces still more issues. While some companies may opt to stick with IPv4 for as long as they can, other organizations -- such as those in Asia where networks are increasing at rapid rates - are going for IPv6. The everyday business happenings between such these networks may only amplify the security woes for some corporations. We explore all these challenges and more in this eSymposium.

June 21, 2011
eConference: Auditing and compliance

Auditing is a necessary part of ensuring that information and risk management plans are in line with compliance mandates. Indeed, such an exercise is a necessary component of Governance, Risk and Compliance (GRC) management. What are some of the issues to be mindful of to ensure you get through audits successfully, what types of technologies can support these efforts, and what can information security officers do to better work with their auditors to ensure their plans and practices are unrivaled?  

May 26, 2011
eSymposium: Perimeter security

Perimeter security still has a role in a company's security architecture, but just what is it? It has been described as the 'hard shell' on the outside of a network that protects the 'soft' inside, which has led to a promotion of a defense-in-depth security approach. But, say many experts, this is old news. With new attack vectors such as social media or mobile technology being used by cybercriminals, more must be done and, yes, a perimeter still must be established. However, what the perimeter is depends on how one's organization manages traffic flow. This event will explore these and other issues regarding perimeter security.

May 12, 2011
eSymposium: Financial services security 

It's no secret that cyberattackers are hitting financial services companies - especially smaller ones - more and more frequently these days. Online bank fraud, it seems, is rampant and shows no signs of letting up. However, there are ways to combat these problems. Indeed, a leading security practitioner recently told SC Magazine that a well-executed and consistently managed risk management plan can address these problems and more, also can helping organizations address the likes of new guidance soon to be released from the FFIEC and other regulatory mandates to which many financial services companies are beholden. This event will showcase experts who will discuss the types of attacks out there of which all financial organizations must be mindful, as well as review many of the compliance mandates to which financial services companies must conform - from SOX to FFIEC.

April 26, 2011
SC eSymposium: Cyberespionage

Those engaging in cyberespionage to steal various classified and/or proprietary documents from U.S. agencies and other organizations are riding high. One need look no further than the Aurora incident that saw both government agencies and private companies compromised by attackers reportedly backed by China. The theft of this critical information shows that attackers - state-sponsored or not - are enlisting whatever weaknesses in systems they can to thieve corporate and government data, often going unnoticed for months. Experts share background on the types of attacks to watch out for and what to do to thwart them.

March 22-23, 2011
SC eConference: PCI compliance that makes systems secure

Meeting the many demands noted in the PCI Data Security Standard is no small feat, as many information security pros well know. And while there are many who claim they're in line with these industry regulations, they find themselves still getting victimized by cybercriminals. Complying with PCI also can lead to strong security of critical data. However, companies must be vigilant and understand systems constantly change. Expert provide some pointers to how they are reaching a PCI-compliant state that also goes the distance in safeguarding the crown jewels.

February 24, 2011
eSymposium: Web application security

Web application vulnerabilities are so numerous that they prove an especially ripe conduit through which cybercriminals can tunnel to steal lucrative data. Given the ever-rising frequency of such breaches, one might assume web apps have been sewn up. This, however, isn't the case. So, why do these cracks in web apps still linger and what should security teams be doing better to plug them?

January 25, 2011
Esymposium: Insiders with access

A recent study found that IT administrators and information security professionals do use their power for evil by accessing confidential information that's not pertinent to their duties. Given that these pros typically oversee corporate systems, their abilities to access human resources data, for example, or the personally identifiable information of customers can be virtually unlimited. How should organizations ensure they're keeping in check even privileged users and what, overall, should they do to combat still persistent insider threats, generally? We take a look at the trends and problems and examine the best ways to deal with these.

December 9, 2010
eSymposium: APT- Valid threat or overhyped?

Are advanced persistent threats (APTs) becoming like the legend of Sasquatch given all their recent publicity? Some people swear they've seen Bigfoot roaming local forests, while others dismiss him as a giant myth (and the folks claiming to have caught a glimpse of him publicity hounds). In the cybercrime worlds, APTs have been touted as major attacks launched by bad guys - usually with state sponsors, with which CXOs must be concerned. Others say APTs are nothing new - the same complex attacks with staying power to siphon of critical data for profit or use that have been happening for quite some time now. So, which is it and just how worried should executive leaders be about APTs? More importantly, what do they do to safeguard their information assets from falling victim to these types of attacks?

November 30, 2010
eSymposium: New Vulnerabilites

Application vulnerabilities abound and the attacks taking advantage of them prove more and more successful. Given just how much software and how many systems and applications make up any company's infrastructure understanding which vulnerabilities to fix, when and how is a key component of any security plan, but plugging these holes can prove nightmarish to even the most seasoned security pro. We seek out tips on how to decide the most critical vulnerabilities to ensure you quickly remediate the holes that can lead to data breaches.

October 19, 2010
eConference: A review of PCI updates

The Payment Card Industry Standards Council, the body that manages PCI DSS and other standards, is due to release updates to its 12-step Payment Card Industry Data Security Standard (PCI DSS) this fall. And while these are rumored as being minimal, experts are discussing some of the expected modifications and debating what else could be done to further clarify rules and how to comply with them. Further, many industry practitioners wish to see the Council address newer applications and platforms being used by companies more and more these days, such as cloud-based services and virtualized systems. In addition, they'd still like to see more clarity and advice on just how they might not only comply with PCI standards but also keep their systems secure. During this event, leading industry experts share with us the plans they've implemented that have worked helped their organizations to meet compliance and security demands. Also, experts from the PCI Standards Council take attendees through the soon-to-be-announced updates to the rules and explain what other resources they offer to help organizations meet the standards.

KEY LINKS

 

Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws