IT Security Summit
Thursday, August 9th, 2012
7:30- 8:15 a.m.
8:15- 8:30 a.m. - IBAT
Welcome / Opening
8:30- 9:30 a.m. - Dell SecureWorks
"Compliance and the CIO: Which one do banks really need
to be secure?"
Try as they may, regulatory agencies are
not the panacea for information security. Numerous financial organizations,
including Hartland Payment Systems, have been compliant and have been breached.
Last year's FFIEC's supplement to the Authentication in an Internet
Banking Environment guidance was updated to control the
increasingly hostile online environment. Between new regulations and cloud
computing, IT departments are sent scurrying to satisfy all the rules and
regulations. Yet, organizations are still left with many holes in their
security and a lack of focus on what risk really means to their business.
We will explore a typical
deployment of security solutions for a community bank and the ways these
solutions help secure critical assets. We'll also address risks to community
banks and ways compliance easily falls in line from there.
9:35- 10:35 a.m. - Dell SecureWorks
"APT, Phone Home: The art of using advanced
persistent threats in cyberspace war "
APTs, advanced persistent threats, are targeted
attacks made by a person or group that has all the cognitive abilities and
resources at their disposal to obtain their objectives. These threat actors are
determined to locate intellectual property, intelligence or personally
identifiable information, which can be used to uniquely identify, contact or
locate a single person. APT actors can and will adapt to any security posture
until either they achieve their objectives or they can no longer do so because
the cost of their operation outweighs the perceived value of their target.
In this presentation, attendees will learn the
The government agencies and industries APTs most
target; the type of monitoring needed to catch APTs; internal policies needed
to help block APTs; the best methods to identify APTs in your network; and the
most common ways APTs attack.
10:50 - 11:50 a.m. -
"Disaster recovery: planning ahead to prevent a disaster"
If you like war games, get ready to
rumble, because there is not a day in which a cyber storm isn't brewing. How do
you perform a cybersecurity drill to test your response plan? What plans do you
need in place to secure your critical infrastructure? What would your
players do when receiving attempted attacks launched by the enemy via email,
phone or website? What kind of in-house policies and procedures do you need,
and where can you store data to secure your assets? Whether it's cyberwar or a
natural disaster, you'll learn what you need to do to ensure your critical
systems are up and running as quickly as possible.
1- 2 p.m. -
"Penetration Testing: What is a TRUE pen test?"
You might not think of paying a service to try to hack into your company
network, but it is one of the best ways to test your network security.
Whereas a vulnerability scan looks for vulnerabilities in systems and reports
potential exposures, a penetration test, or pen test, determines how well your
key components protect your assets by trying to gain access to your network and
information assets in the same way a hacker would.
presentation you'll learn about the level of experience one needs to conduct a
good test; the mix of automated and sophisticated tools needed to conduct a
test; and the ways a "medium risk" in a vulnerability scan may prove to be a
"critical risk" in a pen test.
2:05 - 3:05 p.m. -
Dell SecureWorksA Day in the Life of a CTU TM
If you've ever wondered what it's like to help
federal law enforcement agencies catch hackers in the U.S. and abroad and to
spar with underground cybercriminals, we'll tell you. Move over, "CSI
While hackers are spying on and stealing
from organizations, the CTUsm research team is monitoring their every move through the virtual
underground world. These highly trusted and vetted CTUsm members
not only work with businesses and government agencies that are being attacked,
they pass information back and forth to law enforcement agencies and security
experts around the world to stay ahead of criminals and prepare for the latest
attacks they're concocting. These relationships,
combined with specialized tracking and
intelligence tools, give the CTUsm a birds-eye view of
underground criminals and their plans for future attacks.
Hear what it takes to track
hackers and know what threats are coming down the line.
3:10- 3:30 p.m. -
Final Remarks /
Eric Browning, CISSP, CEH, CISA, PCI-QSA
Eric Browning is a Security Engineer at
Dell SecureWorks and was formerly a Senior Security Consultant with
SecureWorks' Security and Risk Consulting group. Eric has in-depth technical
expertise and a strong background in information security. Eric has performed
hundreds of various security assessments and penetration tests as part of his
efforts to improve overall client security. Eric is an active member of
the PCI Scoping Special Interest Group and, he was the practice lead for
SecureWorks' PCI service line from 2007 to 2010.
Eric also has significant experience
evaluating physical and personnel security controls through the use of social
engineering techniques. Prior to joining Dell SecureWorks, Eric managed the IT
assets of a mid-sized organization with approximately 250 employees spread
across eight locations. Eric has a Bachelor's degree in information
management and holds many certifications, including PCI-QSA, CISSP, CISA, CEH,
CCNA, MCSE, MCSA, Security+, Network+, and A+.
Don Jackson, CISSP
Director with the Counter Threat Unit (CTUsm)
Don Jackson is an established subject matter expert (SME) on
cyber security and intelligence for the government, law enforcement, trade
organizations and the press. He has twenty years of experience in
information security, software development, and IT, with a focus on protecting
national and corporate infrastructure from advanced threats. Specialties
include threat research, intelligence analysis, investigations, digital
forensics, reverse engineering, and malware analysis. Formerly a senior
security researcher, Mr. Jackson is the director of the Dell SecureWorks Threat
Intelligence service and a charter member of the Dell SecureWorks Counter
Threat Unit℠ (CTU) research group.