IT Security Virtual Conferences | SC Media

Virtual Conferences

FEATURED VIRTUAL CONFERENCE

In the Spotlight

ID management

This virtual conference looks at how these Islands of Identity can form and how you can overcome the challenges of managing incompatible IAM platforms.

Keynote Speaker: Keith Wilson, CISO, W.R. Berkley Corporation

Register for ID management
ID management

When all of the corporate data was stored on-site, specific responsibilities were more clear — here’s your bank of servers and here’s what you need to do to keep them physically and logically secure.

Let’s say your company is using Single Sign-on through the corporate Active Directory system, but another division has its own, customized identity and access management implementation to protect highly confidential material. All of a sudden, you look around and you have either incompatible IAM applications or at least separate databases, rules and management applications that are wreaking havoc with the company’s GRC team and auditors.

We’ve seen this story before. In the 1990s we called them Islands of Automation, each with its own rules, technology and standards. Today we’ve overcome those issues but new ones are arising — Islands of Identity.

This virtual conference looks at how these Islands of Identity can form and how you can overcome the challenges of managing incompatible IAM platforms.

KEYNOTE SPEAKER: Keith Wilson, CISO, W.R. Berkley Corporation

UPCOMING VIRTUAL CONFERENCES

SIEM City

This virtual conference looks at how threat intelligence can be transformed from nice-to-know to must-have actionable data with the requisite context that takes your intelligence to the next level. 

Register for SIEM City
SIEM City

The greatest value of threat intelligence is getting unique, actionable data that can identify a potential new attack profile. Marrying threat intelligence with output from your SIEM can be a powerful and obvious tool from a reactive perspective to identify a potential new breach. But using a SIEM to make threat intelligence proactive makes your vulnerability window smaller by identifying a potential attack before it actually enters your network. Having intelligence is a good thing, but unless you make it actionable for detection purposes, it won’t do you much good.

This virtual conference looks at how threat intelligence can be transformed from nice-to-know to must-have actionable data with the requisite context that takes your intelligence to the next level.

Mobile device management

This virtual conference explores the management, technical and policy requirements that should be implemented and diligently maintained.

Register for Mobile device management
Mobile device management

Since most companies have fully embraced BYOD, mobile device management is more critical than ever.

Even if employees are leveraging their own devices for work, organizations’ security teams and executives must ensure integrity and security of the corporate infrastructure is maintained. But, how best to do this?

This virtual conference explores the management, technical and policy requirements that should be implemented and diligently maintained.

Malware, phishing and ransomware

This virtual conference gives insight from top industry experts on how you can prevent yourself from falling victim even when your inbox fills with phishing emails and malware/ransomware-packed notes.

Register for Malware, phishing and ransomware
Malware, phishing and ransomware

From faux invitations or lame ads to more legitimate-looking updates from what one might think is a co-worker, socially engineered emails come at us all like a plague and too often can result in crippling attacks on our larger organizations.

End-user training can help, as can various behavioral analytics technologies to support this training and overall corporate employee policies. So, what are your choices and how do you prioritize and leverage these to implement the most effective holistic plans to safeguard your organizations’ critical assets, reputations and bottom lines?

This virtual conference gives insight from top industry experts on how you can prevent yourself from falling victim even when your inbox fills with phishing emails and malware/ransomware-packed notes.

Compliance mandates: GDPR and PCI

This virtual conference looks at how to avoid the duplication of compliance efforts, how to employ the right supportive technologies and what plans should include to keep data safe and exorbitant fines at bay.

Register for Compliance mandates: GDPR and PCI
Compliance mandates: GDPR and PCI

Organizations looking to ensure that their cybersecurity controls are sound, their policies are effective and both their tactical and strategic resilience plans are covering all their assets, also need to ensure these various initiatives are compliant with the likes of GDPR, PCI and other regulatory and data breach mandates.

Doing so is no small feat and certainly is an ever-engaging activity filled with needs to modify and update plans and technologies as needed. Add to this the need to be ever-mindful of an evolving threat landscape and the newest technologies on which our executives rely, and the problem of compliance becomes more entrenched.

This virtual conference looks at all of these challenges, sussing out how to avoid the duplication of efforts, how to employ the right supportive technologies and what plans should include to keep data safe and exorbitant fines at bay.

Identity and access management

This virtual conference looks at the challenges companies face with IAM and explores other approaches.

Register for Identity and access management
Identity and access management

Rules-based Identity and Access Management (IAM) offerings whereby companies have been able to control access rights, define roles and identities, stay in compliance with various mandates and more have been around for some time.

However, organizations still face challenges in managing access rights and roles given their reliance on cloud services, an extremely mobile workforce and business initiatives that may result in layoffs, mergers or acquisitions. Add to this a desire to more holistically oversee these virtual access rights alongside physical ones and the problem can become a bit more complex.

This virtual conference looks at the challenges companies face with IAM and explores other approaches.

ON DEMAND VIRTUAL CONFERENCES

Virtual Conference

Cloud-based data security

This virtual event looks at layered cloud security applications and shares guidance for security teams looking to shore up protections of data residing on servers they no longer directly control.

Register for Cloud-based data security
Cloud-based data security

When all of the corporate data was stored on-site, specific responsibilities were more clear — here’s your bank of servers and here’s what you need to do to keep them physically and logically secure.

Now that a vast majority of companies have embraced the cloud, companies are exploring and refining how they manage systems they can no longer physically access, protect data assets entrusted to these systems, perform penetration tests on live servers, ensure they’re maintaining compliancy with a legion of regulations, and more.

This virtual event looks at layered cloud security applications and shares guidance for security teams looking to shore up protections of data residing on servers they no longer directly control.

Virtual Conference

Behavioral Analytics & Insider Threats

This virtual conference looks at the technologies and over-arching plans needed to handle insider attacks, in addition to providing some ideas for training up staff to support these initiatives.

Keynote Speaker: Ronald E Plesco, Principal, Cyber Response Services, KPMG

Register for Behavioral Analytics & Insider Threats
Behavioral Analytics & Insider Threats

More than a few cyberattacks are being launched by insiders and with these employees, contractors and partners already having access to the network, perimeter security becomes essentially worthless against these onslaughts.

Recognizing an insider whose behavior is abnormal or simply identifying an internal user who is acting in a matter that goes against normal behavior — perhaps a legitimate user’s credentials have been compromised and that user now actually is an outside attacker — can help the security team identify potential threats early on.

In addition to identifying anomalous behavior in your network, teams can also establish response plans that might involve other professionals — from HR to external entities, such as law enforcement, to help determine both tactical responses and the implementation of future strategies.

A recent Ponemon Institute report pegs the average cost of an insider threat for an organization at $8 million annually. Can your company survive insider attacks?

Today’s virtual conference looks at the technologies and over-arching plans needed to handle insider attacks, in addition to providing some ideas for training up staff to support these initiatives.

Keynote Speaker: Ronald E Plesco, Principal, Cyber Response Services, KPMG

Virtual Conference

Incident Response Monitoring and Forensics

This virtual conference will address everything from who should get the first phone calls to bringing in the forensics team to what should be included in the incident analysis following the breach.

Keynote Speaker: Mary Chaney, CISSP, The Law Offices of Mary N. Chaney, P.L.L.C. 

Register for Incident Response Monitoring and Forensics
Incident Response Monitoring and Forensics

Your security team just identified a breach. Time to hit the fire alarm. Are you prepared with the basics of forensics/incident response — what to do and what not to do?

A data breach of Air Canada’s web app in August was identified and stopped within just a few days with only 1% of its 1.7 million app users impacted. Could your incident response team do the same?

Today’s virtual conference will address everything from who should get the first phone calls to bringing in the forensics team to what should be included in the incident analysis following the breach.

Keynote Speaker: Mary Chaney, CISSP, The Law Offices of Mary N. Chaney, P.L.L.C. 

Virtual Conference

Threat Intelligence

This virtual event will help you understand the threat intelligence landscape

Register for Threat Intelligence
Threat Intelligence

Threat intelligence is getting a lot of press these days as a panacea for stopping ransomware and other attacks. But the reality is that data alone is not sufficient. There are a lot of threat feeds available, many with duplicate information.

This virtual event will help you understand the threat intelligence landscape, what you need to know about the quantity and quality of various threat feeds, what you can do to address staffing needs when normalizing and then putting the data to use, and how the experience of others in your industry can help through ISACs, ISAOs, Fusion Centers and other industry groups.

Virtual Conference

Identity, credential and access management

This virtual conference will address what controls are needed and how to put those controls in place to protect your company’s most valuable information.

Register for Identity, credential and access management
Identity, credential and access management

Protecting data today is all about access and privilege. If you know – really know – who has access to your resources and where all of your important data resides, you are in a better position to protect it. Equally important is ensuring that those who have the privileges to access the data not only have the need to access it but also the credentials to do so. Not all managers or vice presidents need access to the same data, nor do they necessarily have the skills to manage or manipulate that data. That’s where credential management comes in. This virtual conference will address what controls are needed and how to put those controls in place to protect your company’s most valuable information.

Virtual Conference

Ransomware

This virtual conference will address techniques you can use to defend your company and your network from a ransomware attack.

Register for Ransomware
Ransomware

It’s the kind of thing that keeps CFOs and risk managers up at night. Perhaps tomorrow, or maybe the day after, someone in the company will click on a link and download malware that will lock up the servers with a demand for tens of thousands of dollars in Bitcoin or some other cybercurrency. Ransomware is ubiquitous and difficult to stop. But it doesn’t have to be a nightmare. Today’s virtual conference will address techniques you can use to defend your company and your network from a ransomware attack.

Virtual Conference

Protecting your network from mobile and IoT devices

This virtual conference will address access and privilege controls on mobile devices and how the disappearing perimeter can be defended.

Register for Protecting your network from mobile and IoT devices
Protecting your network from mobile and IoT devices

Protecting your mobile devices, Internet of Things (IoT), laptops and other internet-connected computing devices – the traditional endpoint – is all about access and privileges. If you can control access and privilege on mobile devices, as well as when these devices try to access enterprise data, you take a huge step to protecting the ever-expanding perimeter. This virtual conference will address access and privilege controls on mobile devices and how the disappearing perimeter can be defended.

Virtual Conference

Data Protection

This virtual conference looks at trends in data protection and best practices for ensuring that data is safe.

Register for Data Protection
Data Protection

Protecting data at rest, in transit and in memory is Job 1 of any IT security team. How you protect the data is what changes over time. The use of encryption, containers and other technologies work together. This virtual conference looks at trends in data protection and best practices for ensuring that data is safe, even when the systems on which the data resides have been compromised.

Virtual Conference

Application Security

Keynote: Robert Martin, Senior Secure Software & Technology Principal Engineer

Register for Application Security
Application Security

The application layer is quickly becoming the most under-protected attack vector within the enterprise for data security. While wrangling with the explosion of resident and web-based applications, organizations are balancing the need for greater security in their applications. This session looks at the current state of application security and why treating the application as the “new data security perimeter” makes sense.

Virtual Conference

SIEM

This virtual event looks at trends in the SIEM market as it related to the Zero Trust Model and what we should expect to see in the coming year.

Register for SIEM
SIEM

The stories about major breaches never end. It might be an insider attack, a phishing ploy such as the phony Netflix membership emails, or a targeted onslaught leveraging the likes of the alleged NSA-leaked EternalBlue and DoublePulsar exploits that spread the Wanna Cry ransomware. The infosec trust model that is based on a strong perimeter is no longer viable. A Zero Trust model where all data packets are suspect and must be inspected is gaining followers, and traditional technologies, such as access management and SIEMs, are important components of this approach. In fact, analyzing log files and event management data has gained in significance since the Target breach. This virtual event looks at trends in the SIEM market as it related to the Zero Trust Model and what we should expect to see in the coming year.

Virtual Conference

Incident Response

Are you prepared if you’re hit by a cyberattack?

Register for Incident Response
Incident Response

Are you prepared if you’re hit by a cyberattack?

Getting ready for a cyberattack is not a one-and-done project. It takes planning, buy-in from senior management, product integration, testing, training and analysis. After all that, you reevaluate, retest and reanalyze. This virtual conference will cover some of the basics of creating an incident response plan, selecting and training an incident response team, and testing your plans. We also will look at what should be done internally and when you should employ a third-party service provider, such as a forensics team and penetration testers.

Virtual Conference

ID Management

This virtual conference looks at the current state of identity, credentials and access management and what can be done to further lock down the most basic aspects of user identification.

Register for ID Management
ID Management

Nearly all data breaches have one thing in common: Someone had their login credentials compromised and provided the attacker with a foothold, however slight. Locking down ID management with multiple levels of authentication, multiple factors of authentication and least privileges policies can significantly limit the effectiveness of an attack, but is that enough? This virtual conference looks at the current state of identity, credentials and access management and what can be done to further lock down the most basic aspects of user identification.

Virtual Conference

Threat intelligence

This virtual conference looks at the breadth and depth of threat intelligence data and how companies can incorporate it to enhance their data security.

Register for Threat intelligence
Threat intelligence

As threat intelligence gains a foothold in enterprise networks, CISOs are seeing their security and network environments evolve. Point security products are being integrated in larger and more encompassing threat intelligence offerings. Traditional standalone offerings – such as SIEM, data loss prevention, vulnerability management, network threat detection, firewalls and other point products – are being incorporated under the umbrella of threat intelligence. Add to this the public and private threat intelligence data feeds, access to industry-specific attacks from ISACs, and threat data from government agencies through Fusion Centers, and the world of threat intelligence is expanding at a fast rate.

This virtual conference looks at the breadth and depth of threat intelligence data and how companies can incorporate it to enhance their data security.

Virtual Conference

Network Security

Attend this event and learn how to make more informed decisions and network with your industry peers – all right from your desktop.

Register for Network Security

Sponsored by: Forcepoint

Network Security

With threats like WannaCry and Petya combining different techniques to penetrate networks and spread throughout organizations, network security systems are putting a new emphasis on providing multiple levels of defenses. Today’s attackers use advanced evasion techniques to hide exploits of vulnerabilities that enable malware to be injected target systems.

 

It is no longer enough to just focus on access control or have simple anti-virus scanning. Edge security systems (whether deployed at a perimeter or between internal segments) are combatting new multi-pronged attacks at each of these stages. Attend this event and learn how to make more informed decisions and network with your industry peers – all right from your desktop.

Virtual Conference

Ransomware

Today's virtual conference on ransomware looks at how WannaCry was able to infect so many so quickly and why we are still not safe from this attack and its offspring.

Register for Ransomware
Ransomware

The ransomware war has just begun
It came out of the blue, impacted more than 100,000 organizations worldwide, and disappeared because a malware researcher played a hunch and got lucky. WannaCry potentially could have wrecked havoc for months or years; instead, companies dodged a bullet. But experts tell us that WannaCry and its variations could return more dangerous than ever. Today’s virtual conference on ransomware looks at how WannaCry was able to infect so many so quickly and why we are still not safe from this attack and its offspring. We also will address what you need to do today to start preparing for the next major ransomware attack.

Virtual Conference

Mobile security

This event will look at best practices for mobile security, including recommendations for CISOs on how to address the BYOD/mobile app conundrum.

Register for Mobile security
Mobile security

We’ve all heard that many of the apps in the Apple App Store and Google’s Android Play Store have malware packages. Apple and Google tell users only to use vetted applications, while IT departments tell users only to have corporate-approved applications on their mobile devices. This can be a challenge in a BYOD environment. This event will look at best practices for mobile security, including recommendations for CISOs on how to address the BYOD/mobile app conundrum. 

Virtual Conference

Tackling Insider Threat: From Detection to Remediation

Best practices you’ll need to protect your organization from initial threat detection through incidence remediation.

Register for Tackling Insider Threat: From Detection to Remediation
Tackling Insider Threat: From Detection to Remediation

The next big data breach or cyber incident is more likely to be executed from the inside and more damaging than the last. As a result, Security Analysts must be constantly on the watch for and prepared to quickly act against malicious insiders out for personal gain, negligent insiders that unwittingly putting the organization at risk, and compromised insiders that have lost control of their accounts. Compounding the challenge, today’s analysts are typically overwhelmed by a tsunami of alerts that lack the necessary context to enable them to effectively prioritize, triage, and respond proactively. In response, top security organizations are developing Insider Threat Programs guided by the NIST Cyber Security Framework — aiding in development of primary threat scenarios, underlying analytical risk models and IT controls that will safeguard both sensitive data and employees — and adopting next generation capture, analytic, and response technologies. 

Attend this virtual symposium to learn the essential steps and technologies needed, see real life security scenarios, and get the best practices you’ll need to protect your organization from initial threat detection through incidence remediation.

Virtual Conference

ID Management

NOW AVAILABLE ON DEMAND

Register for ID Management
ID Management

Multifactor authentication is becoming a standard security component for corporations but, in some cases, companies need to take authentication a step further. For example, one approach to defeat a potential insider attack (or perhaps an outsider who has obtained an employee’s credentials) is to require two executives to approve a transfer of money. Most banks support this technology, but if it was included in the original agreement between the bank and company, chances are companies might not be taking advantage of it. This virtual conference will address various approaches companies can employ to reduce security vulnerabilities by making better use of ID management techniques and technology. 

Virtual Conference

Auditing and Compliance

This eConference will address the challenges of how companies can remain compliant in the cloud.

Register for Auditing and Compliance
Auditing and Compliance

There are five key questions that must be addressed in order to meet most compliance requirements:
            1. What information is stored on a system?
            2. Where is the information stored?
            3. Who can access the system?
            4. What can they access?
            5. Is the access appropriate?
While this might seem obvious, it can be difficult to answer when data is stored in the cloud, especially when cloud service providers sometimes do not offer users the ability to place their own security controls on the servers in order to protect their data. This eConference will address the challenges of how companies can remain compliant in the cloud.

Virtual Conference

Monitoring and Forensics

Here's how a forensics investigation works and why the "obvious" attacker isn't necessarily the culprit.

Register for Monitoring and Forensics
Monitoring and Forensics

A corporate network has been hacked – apparently by an insider. The user’s login and computer have both been identified as causing the breach. The only problem: the user has an air-tight alibi because he was out of the country when the breach occurred. The company calls in a forensic investigator to determine what really happened. 

Here’s how a forensics investigation works and why the “obvious” attacker isn’t necessarily the culprit.

Virtual Conference

Tackling Vulnerabilities

This session will address how to make those decisions about prioritizing vulnerabilities and how to ensure delayed maintenance doesn't become ignored maintenance.

Register for Tackling Vulnerabilities
Tackling Vulnerabilities

Managing vulnerabilities generally falls to the chief risk officer. Do you tackle the lack of security updates for your legacy hardware and software or do you spend that same money on adding more layers of security around your corporate crown jewels? Understanding risk and making the decision on which vulnerabilities you should tackle first and which can be part of your delayed maintenance isn’t a one-size-fits-all answer. It depends entirely on your individual circumstance. This session will address how to make those decisions about prioritizing vulnerabilities and how to ensure delayed maintenance doesn’t become ignored maintenance. 

Virtual Conference

Data Security

Today's eConference will address how a company can go about developing a risk profile from which a data security plan can be designed.

Register for Data Security
Data Security

Developing “best practices” for data security is a bit like developing best practices for personal health. Everyone and every network is different, so one size fits none. Today’s eConference will address how a company can go about developing a risk profile from which a data security plan can be designed. We will look at the key questions that need to be asked in order to build a profile of the corporate data and what kinds of security might be required based on the answers to those questions. 

Virtual Conference

Insider Threat

How do you stop employees – who think they're doing their job correctly – from putting the corporate network at risk? Here are some options.

Register for Insider Threat
Insider Threat

IT security departments are becoming more adept at building barriers to limit network attacks, but often the attack comes from within, not without. An employee might download confidential files to make them easier to access or perhaps save data to an insecure location. Not all attacks are malicious. So what do you do when your biggest threat comes from users with all the right credentials and access rights? How do you stop employees – who think they’re doing their job correctly – from putting the corporate network at risk? Here are some options. 

Virtual Conference

PCI

So you think you know PCI? Are you certain?

Register for PCI
PCI

So you think you know PCI? Are you certain? PCI is a lot more than just a checklist. Today’s session addresses not only the goals for PCI, but also what you need to know about potential repercussions you might face if your company accepts payment cards and is breached. There is a standing joke that says that companies are PCI compliant – until they’re not. It doesn’t take much to fall out of compliance. Here’s what you need to know about becoming compliant, staying compliant, and what happens when you’re not compliant. 

Virtual Conference

Advanced persistent threats

What's occurring on the network while the IT team is trying to recover from a malware breach? Chances are, that malware breach is just a clever diversion.

Register for Advanced persistent threats
Advanced persistent threats

The media today is filled with news of two kinds of attacks: ransomware attacks, where there is no doubt what the incursion is all about and what the cyberthief wants, and the low-and-slow advanced persistent threat. These seem like opposite ends of the spectrum, but might ransomware attacks actually be covering the tracks of an APT? What’s occurring on the network while the IT team is trying to recover from a malware breach? Chances are, that malware breach is just a clever diversion. 

Virtual Conference

Leveraging threat intelligence

Here's how a forensics investigation works and why the "obvious" attacker isn't necessarily the culprit.

Register for Leveraging threat intelligence
Leveraging threat intelligence

A corporate network has been hacked – apparently by an insider. The user’s login and computer have both been identified as causing the breach. The only problem: the user has an air-tight alibi because he was out of the country when the breach occurred. The company calls in a forensic investigator to determine what really happened. Here’s how a forensics investigation works and why the “obvious” attacker isn’t necessarily the culprit. 

Virtual Conference

Web application security

This eConference looks at best practices for protecting web applications – from the development cycle to implementation to maintenance.

Register for Web application security
Web application security

Web application vulnerabilities expose companies to the greatest risks today. This SC Virtual Conference looks at best practices for protecting web applications – from the development cycle to implementation to maintenance.

Virtual Conference

SIEM

This virtual event will look at the current state of SIEM and address some of the evolutions the application has seen over the past few years, as well as exploring why it might be time to re-evaluate your network's security design.

Register for SIEM
SIEM

SIEM, it seems, is becoming ubiquitous. Even SMBs are recognizing the value of a comprehensive event management monitor and reporting tool. But today’s SIEM isn’t the same application that you might have evaluated 3 to 5 years ago. New capabilities, new threats, new intelligence feeds, new vulnerabilities. All of these factors are changing the SIEM landscape. This virtual event will look at the current state of SIEM and address some of the evolutions the application has seen over the past few years, as well as exploring why it might be time to re-evaluate your network’s security design. 

Virtual Conference

Insiders with Access

This discussion will look at some options for building in additional layers of security for insiders.

Register for Insiders with Access
Insiders with Access

No one wants to assume that insiders are attacking a network, but all too often successful attacks use the login credentials of an actual employee. Sometimes, credentials are stolen via phishing scams. Other times the user’s credentials might be compromised due to a weak password being guessed or because the user has been socially engineered to disclose the information. Certainly, security awareness training is important, but building in layers of security to challenge users who try to access certain types of data also can bolster security without necessarily bogging down the network or making access unacceptably difficult. This discussion will look at some options for building in additional layers of security for insiders. 

Virtual Conference

Cloud Security

Best practices for building layered security into a company's diverse environment.

Register for Cloud Security
Cloud Security

Securing data in the cloud isn’t the same as securing it within your data center. Without having physical access to the servers, the IT security team needs to take a more creative approach to layered security. This is especially true when “cloud storage” isn’t just provided by a single vendor, but multiple cloud-based service providers. Here are some best practices for building layered security into a company’s diverse environment. 

Virtual Conference

Ransomware

Keynote: Liviu Groza, Director of IT Security and New Technology, Cape Cod Healthcare

Register for Ransomware
Ransomware

We hear horror stories about users clicking on some malware-enabled payload and all of a sudden the network locks up and a cartoon character in a hoodie demands $100,000 in Bitcoins. Ransomware is indeed real, but is it the cyber-Armageddon that some claim it is? This virtual event focuses on the reality of ransomware, not the hyperbole, and will give you some actionable advice on how to defend against it.

 

Virtual Conference

Security Analytics

Keynote: John Galda, Director of Enterprise Risk and Security, Charles River Development
Sponsor: Rapid7

Register for Security Analytics
Security Analytics

Breach detection is one of the most important considerations for security buyers. The field of security technologies claiming to find breaches or detect advanced attacks is deafening. Being able to visualize network activity and recognizing breaches and vulnerabilies in real time is fast becoming one of the keys to security analytics. This SC Virtual Conference will look at advances in the tools used for security analytics and address what still needs to be done to make this growing market more effective in delivering actionable intelligence.

Next hm-webcast