The average Chief Information Security Officer (CISO) could have up to 30 or 40 security vendors that they work with at one time to help secure any number of potential pathways into their operations. And yet, even with that, it will not fully prevent your company from being breached. Why? Because the bad guys are smart and motivated. So what can you do? Get prepared, understand what you need to do, and practice.
On August 31, 2016, we convened the local security community for a day of preparation and readiness. We walked through a simulated breach providing best practices at every escalation point. Following the simulation we took a deeper dive as our leaders discussed security from the inside looking out and the outside looking in.
Key take-a-ways included:
The cost of a breach on your bottom line
What steps to take at each level of escalation and who needs to be involved
How you balance your legal obligations with your overall marketing and brand efforts
What you need to know about securing 3rd parties in a connected world
Keynote: Dave Mahon, VP & Chief Security Officer, CenturyLink
Simulated Breach – In this unique session, we walked through a mock incident and discussed legal and technical challenges when responding to a cyber security incident at multiple escalation points. Discussion included important topics such as: Incident response plans, Legal disclosures, Communications, Cyber insurance, and Working with law enforcement. Speakers included: Debby Briggs, Chief Security Officer, NetScout; Sam Curry, Chief Technology and Security Officer, Arbor Networks; Chris Hart, Associate, Foley Hoag; and Special Agents from the FBI Boston.
Harnessing the 3rd Party Ecosystem – How do you secure what you don’t control? The migration towards a more connected world has created a greater opportunity to build partner ecosystems. While a huge benefit to companies, protecting against third party risk can seem like a colossal feat. However with the right steps taken and mechanisms in place, creating a comprehensive end-to-end third party risk management process is attainable and critical. Panel members walked through their processes, including: Identifying your assets and their worth; Developing consistency and compliance within regulated industries; Current industry models; Best practices for monitoring vendors and measuring and reporting risks. Facilitator: Edna Conway, Chief Security Officer, Global Value Chain, Cisco; Speakers: Stephen Boyer, CTO and Co-Founder, Bitsight; Jigar Kadakia, Chief Information Security and Privacy Officer, Partners Healthcare; Dr. Todd Wittbold, Senior Principal Security Engineer, MITRE
Building your incident response plan — It is almost a surety that if your organization has a digital footprint, it will be under attack at some point. Having a comprehensive plan in place will enable you to mitigate risk and costs when an almost inevitable breach does occur. Our panel members walked through: What to include in your IRP How often your IRP should be reviewed and updated;How your IRP is most effectively be executed. Speakers: Gant Redmon, VP Business Development and General Counsel, Resilient and IBM Company; Paul Sheedy, Asst Vice President, Enterprise Network Security Services Operations, Federal Reserve Boston.
User and entity behavior analytics – understanding your insider threats –Most organizations not emphasizing a security program as core to their operations focus primarily on external threats. However, by not focusing on the insider threats they are opening themselves up for a huge potential breach. Insiders can include a rogue employee, contractor, or hacker disguising themselves as a valid user. Our experts will help you understand how using and measuring user behaviors can deter insider threats. Facilitator: Karl Ackerman, Principal Product Manager, Sophos; Speakers: David Raissipour, SVP of Product & Engineering, CarboniteChris Poulin, Research Strategist, X-Force, IBM
Security Operations Analytics and Reporting – the next generation of metrics — With a recognized shortage in skilled security staff, coupled with an explosion in telemetry data, the infosec role is increasingly finding that they are being tasked to combine operational data collection with automation, autonomics, and analysis capabilities. Organizations sophisticated enough have begun to think more like a data scientist and apply machine learning to the massive amount of data that security tools collect, enabling a more efficient and effective response to potential threats. Facilitator: Paul Roberts, Founder and Editor-in-Chief, The Security Ledger and Security of Things Forum; Speakers: Harold Moss, Sr. Director Web Security/Enterprise Strategy, Akamai; Kevin O’Brien, CEO and Co-founder, Greathorn
Application Security – moving beyond the current framework – As security experts get more advanced in the products and processes they use to deter application infiltrations, so do those that are infiltrating. How do security teams work to stay ahead when new applications are being developed and adopted at such a rapid pace. How does your team keep up? What tools do they need to have in place and how do they continue to monitor the constant deluge of apps being used within your organization. Facilitator: Josh Bregman, Vice President, Conjur; Speakers: Marc French, CISO, Endurance; William Heinbockel, Lead Cyber Security Engineer, MITRE; Michael Tobin, VP, Technology Services and CISO, Mobiquity