We all want a perfect environment to operate securely. In a perfect world, we would have all the resources we need to successfully defend our networks. Reality though paints a much more complex picture. We beg the desktop support team to deploy our endpoint security agents. There is a Windows 2000 server hosting a critical business application stuffed in an old cabinet which no one will take responsibility for upgrading but cannot be removed. Matthew Aubert, a Manager on the Cisco Talos Incident Response team will present a short, but informative talk on what immediate actions should be taken when there is an active adversary on a network. How do you protect your critical resources, contain the adversary, and deal with a possible worse-case-scenario?
The amount of data being generated on a daily basis has been growing rapidly over the last few years. For most organizations, this data is both indispensable and invaluable.
The problem is two-fold: (1) regulations are changing all the time and (2) methods for data management and governance range from manual records to privacy tools with all the bells and whistles. This program will bring together the observations and experiences of two perspectives, one legal-centric and one tech-centric, on how to assess and evaluate this problem. The goal is to create a discussion that will leave the participant with a high-level overview of state-by-state privacy requirements while arming them with a framework for determining the best methods to achieve defensible compliance.
A former CIA intelligence officer with over two decades of experience breaching the security of his targets overseas identifies the threat actors behind today's data breaches along with their motivations and objectives. He reveals human hacking methodologies that increasingly incorporate OSINT, especially social media platforms, to identify, assess and manipulate key insiders to facilitate the breach.
This presentation will demonstrate several advanced social engineering techniques going far beyond commonly known phishing attacks. It also identifies and promotes a two-pronged risk mitigation strategy incorporating organizational and personal information control along with a "verify, then trust" discipline when confronted by potential human hacking attempts.