Dark Reading Cyber Security Crash Course

May 15-16, 2017

Every day, your IT organization is abuzz with news of new hacks, breaches, and cybersecurity vulnerabilities and it's up to your IT organization to prevent them from affecting your business. In practice, however, many IT departments work in silos. You might know a great deal about IT, but do you really know everything you should about the current cybersecurity environment and emerging threats?

In this two-day Interop ITX Summit program, the Dark Reading editorial team and some of the industry’s top cybersecurity experts will offer a crash course in what you need to know about data security and the dangers faced by your organization. You’ll get “speed reads” on each key area of security, providing you with the essential elements your organization should know about cyber defense, as well as an overview of the latest exploits. You'll get insight on how to detect a compromise of your IT environment, and recommendations on how to respond. Best of all, you’ll have an opportunity to ask the experts the key questions you must answer in your environment – in a supportive, collegial setting where there are no dumb questions.

Who Should Attend

  • IT professionals who want to know more about security
  • CIOs/CTOs
  • Security professionals who want a fast, comprehensive update on the latest threats
  • Operations professionals who must answer questions about security posture
  • Business and IT people who want to contribute to the security conversation
  • Teams of IT professionals who are looking for ways to develop cross-system security strategy

Opening Address: The State of the Enterprise Security Department

Thanks to a plethora of major – and very public – data breaches, security has become one of the most critical issues in IT. What are the chief threats that security departments face, and what are they doing about them? What are today's top priorities for security professionals? This session will include data from two recent surveys of IT and security executives.

Securing Your Enterprise Infrastructure

As the traditional IT infrastructure evolves to add new networking capabilities, SDN, and virtualized server environments, the risks they face are changing as well. In this informative session, a top expert on infrastructure security will discuss the latest threats to your corporate IT environment -- and how your organization can mitigate them.

Protecting Your Data In the Cloud

Cloud computing services and technology offer a level of efficiency and cost savings that most enterprises simply can’t pass up. But does the growing use of cloud technology create a growing threat to enterprise data? How can IT organizations track and secure data as it travels through the cloud? Do you need on-premises security tools to help secure an increasing number of cloud applications and service providers? In this session, a cloud security expert will discuss the key danger points in cloud computing and the latest technologies and practices for cloud security.

Securing End User Identities

Not so long ago, the notion of “endpoint security” focused on the management of desktop devices. But today’s end user employs a wide variety of devices in a wide variety of locations – many of which don’t belong to your organization. How can enterprises build a security strategy that identifies the end user and applies the appropriate security – no matter what their location or device? This session provides new insights.

Lunch

The Real Risks of Mobile Technology In the Enterprise

Most companies today have embraced a bring-your-own-device policy that enables end users to use their own tools to access corporate data. But how can you enforce security in such a flexible technology environment? And what are the real threats faced by today’s wireless devices? In this session, a top expert will debunk some of the myths about mobile security while raising some threats and vulnerabilities that may not be on your radar.

Insider Threats and Data Leaks: What You Don’t Know CAN Hurt You

Major data leaks such as Edward Snowden’s release of NSA data and the dump of military data on WikiLeaks are only the tip of the insider threat iceberg. Every day, enterprises face the threat of losing valuable insider information – not only through malicious leaks but through unintentional, accidental violations of security rules that lead to exposure of critical information. How can organizations spot the signs of a data leak and stop it before it goes too far? How can IT help prevent accidental leaks of sensitive data? A top expert offers some essential advice on stopping data loss from within.

Finding and Fixing Application Security Vulnerabilities

Customer databases, enterprise applications, Big Data – the keys to your enterprise’s kingdom lie in its applications. But application security is often overlooked, both by software manufacturers and by internal app development teams. What steps can your organization take to find and repair application vulnerabilities – before your attackers discover them? A top applications security expert discusses key practices for scanning and securing applications, as well as offering some insight on how to improve security in your software development organization.

Security For the Internet of Things: A Practical Approach

Today’s IT environment increasingly employs a variety of devices that are intelligent and Internet-connected – but are not computers or phones. What’s the best strategy for securing these devices as they are added to your corporate computing environment? What can you do during the deployment phase to ensure that attackers don't use these devices as a means to compromise your corporate data? A top IoT security expert offers some insight.

Day 2: You've Been Breached!

The Impact of a Data Breach

To understand the cyber risk your organization faces, you need to understand the likelihood of a breach – and its potential cost. In this session, a top expert discusses the many – and sometimes hidden – costs of a data breach, including its impact on customers and end users. You'll also get insight on the frequency of data breaches and a better understanding of how likely it is to happen to your organization.

Who Are the Bad Guys? Cyber Criminals and Their Motivations

Today's cyber attackers range from financially motivated criminals to politically motivated hacktivists to state-sponsored hacker units. What are the motives and methods of these disparate adversaries? This session offers a look at the different types of cyber attackers and offers advice about how you can build a cyber defense strategy that extends across a wide variety of threats.

Developing and Testing an Effective Incident Response Program

If your organization doesn't have a plan for handling a major data breach, you're already in trouble. In order to swiftly and effectively respond to a cyber compromise, you must develop a program for first response in the data center as well as downstream response in the business units and in the public eye. This session offers some guidance on how to build an incident response plan that can identify and repair compromises as quickly as possible -- and how to test and practice that plan so that you're ready for the real thing.

Detecting and Mitigating Ransomware and Other Sophisticated Attacks

In the past, most cyber attack campaigns were primarily random, and they simply exploited the most vulnerable systems they could find. Today, however, there is an increasing number of sophisticated attacks – in particular, ransomware -- that target specific companies, data, or even employees. These attacks are often extremely well disguised and may escape the security tools that most enterprises use to screen out more random attacks. What tools and defenses are there to prevent targeted attacks on your organization? In this session, you will hear about the latest types of targeted attacks and what your enterprise can do to stop them.

Lunch

Collecting and Using Threat Intelligence Data

The good news in IT security is that there is a growing list of resources and services that can inform you on the latest threats in cyber space and the criticality of each. The bad news is that with so many sources and so much data, using threat intelligence to improve your cyber defenses can be a bewildering process. This session will look at some of the different types and sources of threat intelligence data and provide advice on how to choose the right ones and use them to improve your defenses.

Finding and Fixing Security Issues In Your Electronic Supply Chain

As organizations such as Target have discovered, cyber attackers sometimes attack indirectly, through suppliers, contractors, and customers that have access to corporate systems. How can you ensure that third parties are keeping their own systems secure – and are not providing an avenue of compromise for your data? How should you work with your partners in the event of a security incident? In this session, our speaker discusses the methods you can use to vet your suppliers’ security -- and how to work with your partners if a compromise is found.

How to Talk to Management About Cybersecurity and Risk

As an IT professional, you’ve developed some ideas on how cyber attackers might compromise your enterprise data and how you can defend against them. Now you have another challenge: presenting those threats and strategies to business managers who know nothing about IT security technology. How can you convey the current state of your IT security posture to top management and make a business case for investing in additional IT security resources?  In this informative session, you’ll get advice and recommendations on how to present security issues to your management in language they can understand.

Understanding the Legal Side of Cybersecurity

A major data breach may not only present technical problems and interrupt your business, it may land you in court. What are your organization’s legal responsibilities when it comes to cybersecurity, and what can you do to minimize legal risks?  A top legal expert will discuss some of the issues and liabilities associated with cybersecurity, including the strengths and weaknesses of cyber insurance policies – and the hidden costs that they may not cover.