IT Security Summit

Download this Event to your Calendar

    IT Security Summit
    Thursday, August 9th, 2012

    Agenda

    7:30- 8:15 a.m.
    Registration /
    Breakfast


    8:15- 8:30 a.m. - IBAT
    Welcome / Opening
    Remarks

    8:30- 9:30 a.m. - Dell SecureWorks
    "Compliance and the CIO: Which one do banks really need
    to be secure?"


    Try as they may, regulatory agencies are
    not the panacea for information security. Numerous financial organizations,
    including Hartland Payment Systems, have been compliant and have been breached.

    Last year's FFIEC's supplement to the Authentication in an Internet
    Banking Environment
    guidance was updated to control the
    increasingly hostile online environment. Between new regulations and cloud
    computing, IT departments are sent scurrying to satisfy all the rules and
    regulations. Yet, organizations are still left with many holes in their
    security and a lack of focus on what risk really means to their business.

    We will explore a typical
    deployment of security solutions for a community bank and the ways these
    solutions help secure critical assets. We'll also address risks to community
    banks and ways compliance easily falls in line from there.


    9:35- 10:35 a.m. - Dell SecureWorks
    "APT, Phone Home:  The art of using advanced
    persistent threats in cyberspace war "

    APTs, advanced persistent threats, are targeted
    attacks made by a person or group that has all the cognitive abilities and
    resources at their disposal to obtain their objectives. These threat actors are
    determined to locate intellectual property, intelligence or personally
    identifiable information, which can be used to uniquely identify, contact or
    locate a single person. APT actors can and will adapt to any security posture
    until either they achieve their objectives or they can no longer do so because
    the cost of their operation outweighs the perceived value of their target.

    In this presentation, attendees will learn the
    following:

    The government agencies and industries APTs most
    target; the type of monitoring needed to catch APTs; internal policies needed
    to help block APTs; the best methods to identify APTs in your network; and the
    most common ways APTs attack.

    10:50 - 11:50 a.m. -

    Dell SecureWorks
    "Disaster recovery: planning ahead to prevent a disaster"

    If you like war games, get ready to
    rumble, because there is not a day in which a cyber storm isn't brewing. How do
    you perform a cybersecurity drill to test your response plan? What plans do you
    need in place to secure your critical infrastructure?  What would your
    players do when receiving attempted attacks launched by the enemy via email,
    phone or website? What kind of in-house policies and procedures do you need,
    and where can you store data to secure your assets? Whether it's cyberwar or a
    natural disaster, you'll learn what you need to do to ensure your critical
    systems are up and running as quickly as possible.

    1- 2 p.m. -

    Dell SecureWorks
    "Penetration Testing: What is a TRUE pen test?"

    You might not think of paying a service to try to hack into your company
    network, but it is one of the best ways to test your network security.

    Whereas a vulnerability scan looks for vulnerabilities in systems and reports
    potential exposures, a penetration test, or pen test, determines how well your
    key components protect your assets by trying to gain access to your network and
    information assets in the same way a hacker would.

    In this
    presentation you'll learn about the level of experience one needs to conduct a
    good test; the mix of automated and sophisticated tools needed to conduct a
    test; and the ways a "medium risk" in a vulnerability scan may prove to be a
    "critical risk" in a pen test. 

    2:05 - 3:05 p.m. -

    Dell SecureWorks
    A Day in the Life of a CTU TM
    Security Researcher

    If you've ever wondered what it's like to help
    federal law enforcement agencies catch hackers in the U.S. and abroad and to
    spar with underground cybercriminals, we'll tell you. Move over, "CSI
    Miami." 

    While hackers are spying on and stealing
    from organizations, the CTUsm research team is monitoring their every move through the virtual
    underground world. These highly trusted and vetted CTUsm  members
    not only work with businesses and government agencies that are being attacked,
    they pass information back and forth to law enforcement agencies and security
    experts around the world to stay ahead of criminals and prepare for the latest
    attacks they're concocting. These relationships,
    combined with specialized tracking and
    intelligence tools, give the CTUsm a birds-eye view of
    underground criminals and their plans for future attacks. 

    Hear what it takes to track
    hackers and know what threats are coming down the line. 

    3:10- 3:30 p.m. -

    Dell SecureWorks
    Final Remarks /
    Adjourn

    Speaker Bios

    Eric Browning, CISSP, CEH, CISA, PCI-QSA
    Security Engineer

    Eric Browning is a Security Engineer at
    Dell SecureWorks and was formerly a Senior Security Consultant with
    SecureWorks' Security and Risk Consulting group. Eric has in-depth technical
    expertise and a strong background in information security. Eric has performed
    hundreds of various security assessments and penetration tests as part of his
    efforts to improve overall client security.  Eric is an active member of
    the PCI Scoping Special Interest Group and, he was the practice lead for
    SecureWorks' PCI service line from 2007 to 2010. 

    Eric also has significant experience
    evaluating physical and personnel security controls through the use of social
    engineering techniques. Prior to joining Dell SecureWorks, Eric managed the IT
    assets of a mid-sized organization with approximately 250 employees spread
    across eight locations.  Eric has a Bachelor's degree in information
    management and holds many certifications, including PCI-QSA, CISSP, CISA, CEH,
    CCNA, MCSE, MCSA, Security+, Network+, and A+.

    Don Jackson, CISSP
    Director with the Counter Threat Unit (CTUsm)
    Research Team

    Don Jackson is an established subject matter expert (SME) on
    cyber security and intelligence for the government, law enforcement, trade
    organizations and the press.  He has twenty years of experience in
    information security, software development, and IT, with a focus on protecting
    national and corporate infrastructure from advanced threats.  Specialties
    include threat research, intelligence analysis, investigations, digital
    forensics, reverse engineering, and malware analysis. Formerly a senior
    security researcher, Mr. Jackson is the director of the Dell SecureWorks Threat
    Intelligence service and a charter member of the Dell SecureWorks Counter
    Threat Unit℠ (CTU) research group.

    Place: The Westin Galleria-Dallas
    Date:
    August 9, 2012

    Thank
    you to our sponsors:

    Dell SecureWorks