The CyberWire Daily Briefing 06.09.15
Post mortems on the OPM breach continue, with many observers noting that OPM has had the reputation of being a "soft target" since at least 2007. (Even President Obama seems to agree, in a left-handed way, commenting on his Administration's determination to fix "known vulnerabilities.) Lack of network self-awareness, poor change management and configuration control, slack vulnerability scanning, lack of two-factor authentication, encryption failures, etc., combine to make the breach, as Threatpost puts it, "no shocker."
Some criminals or intelligence services (and everyone's looking at you, China) appear to be systematically collecting personally identifiable information on as many Americans (particularly but not exclusively in the Government) as possible. Most observers agree the US should be looking to "impose costs," as the FBI puts it. See Recorded Future for an interesting timeline of bulk PII hacks.
Elsewhere the Syrian Electronic Army defaces the US Army's principal public website with an unclear message apparently accusing the US of complicity with ISIS insurgency against Syria's Assad. The US Army takes the site down for repair. And Moroccan Islamist hacktivists hit Serbia's Washington embassy with cyber vandalism clarifying their essential commitment to peace.
Medical devices are now clearly hackable, greatly expanding healthcare organizations' already large attack surfaces.
Critical infrastructure — nuclear power, oil and gas, industrial control systems — gets a look at several cyber security conferences.
The OPM hack prompts much interesting discussion of story stocks.
Also interesting are recent R&D announcements: university researchers will map terror networks, and DARPA taps CyberPoint for space/time analysis.
Notes.
Today's issue includes events affecting Australia, China, Denmark, Finland, France, Germany, Ireland, Morocco, New Zealand, Norway, Russia, Serbia, Sweden, Syria, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Why the "biggest government hack ever" got past the feds (Ars Technica) Inertia, a lack of internal expertise, and a decade of neglect at OPM led to breach
Antiquated environment and bad security practices aided OPM hackers (Help Net Security) By now, you've all heard about the massive breach at the US Office of Personnel Management's (OPM), and that the attackers have accessed (and likely made off with) personal information of approximately 4 million US federal workers, 2.1 million of which are apparently current employees
OPM Warned About Governance Weaknesses, System Vulnerabilities Prior to Hack (Threatpost) It's hardly a surprise that the U.S. Office of Personnel Management (OPM) was targeted by nation-state hackers, given the sensitivity of the personal information the office stored
Why China wants as much data from US government servers as possible (Business Insider) China is building a massive database of Americans' personal information as part of an evolving cyber-espionage operation targeting US government agencies and health insurance companies
Recent Attacks Target US Government Employee Information (Recorded Future) [Timeline of bulk PII sweeps]
Cyber attack against OPM was 1 of 9 DHS recently discovered targeting 'bulk PII' (Federal News Radio) The cyber attack against the Office of Personnel Management is part of a year-long coordinated effort to steal federal employee and contractors' personal data
US Army website defaced by Syrian Electronic Army (Ars Technica) Hack appeared to exploit Army's commercial content delivery network provider
Website of Serbian Embassy in the United States Hacked (HackRead) The official website of Embassy of Serbia in the United States has been hacked and defaced by a group of Moroccan hackers
Memory scraping malware targets Oracle Micros point-of-sale customers (IDG via CSO) A new malware program designed to steal payment card details from point-of-sale (PoS) systems is targeting businesses using Oracle Micros products
POC Shows Mac OS X UEFI Attacks Are Possible; What Does This Mean for Mac Users? (TrendLabs Security Intelligence Blog) A critical Mac vulnerability was discovered by OS X security researcher Pedro Vilaca last week
Tinba: World's Smallest Malware Has Big Bag of Nasty Tricks (IBM Security Intelligence) IBM Security Trusteer researchers have recently discovered an infection campaign using a new variant of the banking Trojan Tinba that targets European banking customers
Matryoshka dolls: analysing a packer for CTB locker (DearBytes) We recently encountered a phishing campaign distributing CTB locker
Hospital Medical Devices Used As Weapons In Cyberattacks (Dark Reading) Security firm discovered malware-infected medical devices in three hospitals hit by data breaches
Security Alert: DD4BC targets companies with complex DDoS attacks (Heimdal) You're the CEO of a mid-sized or large company
French parking machines shock drivers with abusive messages (Naked Security) The parking ticket machines in the French town of Meaux, a town about 40km east-northeast of Paris, have staged a mini, machine-level French Revolution
'Cyber-attack' leaves Waterford IT students without exam results (UTV Ireland) Up to 6,000 students at Waterford Institute of technology have been experiencing problems accessing their exam results online
Raising the Bar — Anomaly Detection (Duo Security) At Duo Security we take the security we provide our customers very seriously. Our engineering teams spend significant time modeling threats and considering various attack scenarios where, even with the presence of two-factor authentication, an attacker may be successful
Researcher Finds CSRF Bug in Wind Turbine Software (Threatpost) Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet
7 Data Center Disasters You'll Never See Coming (InformationWeek) These are the kinds of random events that keep data center operators up at night. Is your disaster recovery plan prepared to handle these freak accidents?
Mobile Apps Live On, Wreak Security Havoc (eSecurity Planet) While enterprise security teams fret about mobile malware, dead and stale apps on users' devices pose a far greater mobile security threat, finds an Appthority report
Most vulnerabilities on enterprise networks are two years old (Help Net Security) The NTT Innovation Institute and NTT Group security combined an analysis of over six billion attacks observed in 2014 with an interactive data review and ongoing daily global threat visualization
Why are software bundles an enterprise software security issue? (TechTarget) Third-party software bundling is not uncommon, but can present many issues to enterprise software security
Social media security is still a low priority (Help Net Security) 80 percent of IT professionals believe social media is an easy way for hackers to gain access to corporate networks because it is often neglected in terms of security, and furthermore 36 percent even admit that their company could be breached by a hacker through one of their employees' social media access at work
Cybercrime Can Give Attackers 1,425% Return on Investment (Dark Reading) Going rates on the black market show ransomware and carding attack campaign managers have plenty to gain
Security Patches, Mitigations, and Software Updates
Windows 10: More security with non-stop patching (Help Net Security) Microsoft is ready to abandon the longstanding patching schedule that saw patches and security updates being delivered on the second Tuesday of every month
Cyber Trends
Healthcare organizations face unique security challenges (CSO) Healthcare organizations today are facing a new and unique set of challenges
Is cybersecurity moving away from all the military language? (ZDNet) It seems like information security is swinging back to a more human-centred approach, using more human language. This can only be a good thing
Quantifying Shadow Data In The Cloud (Dark Reading) Report shows how much data users really are exposing on SaaS services
The Online Privacy Lie Is Unraveling (TechCrunch) A new report into U.S. consumers' attitude to the collection of personal data has highlighted the disconnect between commercial claims that web users are happy to trade privacy in exchange for 'benefits' like discounts
The Death And Life Of Truth In The Internet Age (TechCrunch) I'm a two-foot-five short gnome. That's a lie, but this supposed fact is now in the pool of information that is the internet (cesspool may be the more apt term)
$154 or 58 cents — what's the real cost of a breached data record? (CSO) Does a data breach cost an average of 58 cents a record — or $154?
Breach costs: 'Chump change' to bottom lines of big players (CSO) The direct costs of a data breach are barely a rounding error on the bottom line of the nation's biggest organizations. But experts say indirect costs can still be significant. And for the vast majority of smaller players, the damage can be catastrophic
ICS cyber security and the IAEA Cyber Security Conference (Control: Unfettered Blog) I participated in the first International Atomic Energy Agency (IAEA) nuclear plant cyber security conference in Vienna, Austria June 1-5, 2015. The first two and half days were primarily keynote sessions with very important people from various international organizations. It was phenomenal to see the interest in cyber security, specifically for nuclear plants
NatGas, Oil Industry in 'Crosshairs' of Malicious Cyber Attacks (Natural Gas Intelligence) The threat of cyber attacks is becoming increasingly likely within the energy industry, as organized "threat actors" aggressively attack operations and pilfer data from global businesses, according to a global survey by PwC
No IoT without cyber security — German-British civil security conference (Electronics Weekly) Both the threats and opportunities for the IoT and online business were spelled out at the German-British Civil Security Industry Conference held in London today, which highlighted the civil security industry as a multi-billion euro industry within Europe
Kaspersky: Hackers exploiting the 'internet of threats' (Business Spectator) Cyber security expert Eugene Kaspersky has warned of an impending wave of attacks on critical infrastructure, as the deluge of connected devices provides hackers with more opportunities to wreak physical damage
Marketplace
When a data breach hits, enterprises turn to outside firms to pick up the pieces (CSO) CIOs and CISOs are turning to specialized cybersecurity firms to help defend against a growing number of cyber attacks
Before doing business in big data, consider the shifting ethical landscape (Quartz) Imagine you are the product manager in Samsung or LG's appliance division and you have decided to sell refrigerators at a discount because "the real money will come later," by "monetizing" the stream of data that will be generated by all the new sensors included in the design
Apple's Latest Selling Point: How Little It Knows About You (Wired) Apple wants its devices to know everything about you. But more than ever, it wants you to know that Apple doesn?t know what those devices know
KEYW, CYBR, VDSI continue surging in wake of federal hack (Seeking Alpha) Though the Nasdaq is down 0.6%, security tech plays KEYW Holding (KEYW +10.6%), CyberArk (CYBR +6%), and Vasco (VDSI +4.3%) are emphatically adding to their Friday gains, which followed news of a major federal personnel records hack
My Pair Trade: Short Palo Alto Networks / Long VASCO Data Security International (Seeking Alpha) Though they operate in the same space, PANW and VDSI sport substantially different valuations. I believe that the difference is explained by PANW being a go-to "story" stock in the sector while VDSI is largely unknown
Is Proofpoint Still A Good Under-The-Radar Investment Opportunity In Cyber Security? (Seeking Alpha) Investors are starting to take notice of PFPT, and it has traded exceptionally well since I first called it a good investment opportunity. After its stock gains, there are still four things I really like about the company. But are the two negatives worth not owning the stock?
Playing Cybersecurity: Long CyberArk, Short Proofpoint (Seeking Alpha) Investing in the cybersecurity in only one direction is volatile and risky. Pairs trading helps reduce volatility while still allowing sizeable returns. Going long CyberArk and short Proofpoint are the author's picks for playing this industry
NZ software firm Wynyard Group in $40m capital raising (Australian) New Zealand's Wynyard Group is tapping investors for $40m as the security software business seeks to fund an expansion drive
Vorstack Becomes BrightPoint Security, Refocuses on Threat Intelligence (The VAR Guy) Threat intelligence platform provider Vorstack has relaunched as BrightPoint Security with the goal of redefining threat intelligence sharing for the IT industry
Security Startup Illusive Networks Uses Deception To Catch Hackers (TechCrunch) Imagine you're a red-blooded hacker and you want to break into a corporate network. You find your way in, probably by stealing someone's credentials
How Cybersecurity Came to Dominate DC Tech (DCInno) From 2011 to 2014, Greater Washington, D.C. saw three major acquisitions of cybersecurity companies that totaled $4.1 billion — Reston, Va.-based NetWitness was acquired by the EMC Corporation, Columbia, Md.-based SourceFire was bought by Cisco and FireEye agreed to acquire Alexandria, Va.-based Mandiant. The deals have done more than just turn heads, however
Competition risk? BT faces rigorous frisking over £12.5bn EE takeover bid (Register) UK watchdog frets about threat to mobile market
Huawei's epic PR fail (Financial Review) Huawei has spent millions of dollars attempting to burnish its public image outside China in recent years
ThreatTrack Security Expanding its D.C. Operations, Adding New Products and Talent (Virtual Strategy Magazine) Cybersecurity firm doubles the size of its D.C. office, adds new sales, development and marketing resources, and is poised to launch its latest advanced threat defense product
Tanium Hires FireEye Executive Damato as Chief Security Officer (Re/code) Security and systems management startup Tanium has hired David Damato as its first chief security officer
Elastica names new VP and CFO (ARN) Former Qualys VP to lead worldwide field operations
Products, Services, and Solutions
Released: New version of REMnux Linux distro for malware analysis (Help Net Security) REMnux is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software
Entrust Datacard integrates with Citrix to enable secure anytime-anywhere productivity (Help Net Security) Entrust Datacard is debuting new integrations with XenMobile, an enterprise mobility management (EMM) solution developed by Citrix, to provide a trusted mobile identity to secure access to sensitive data
ManageEngine Unveils In-Depth Application Traffic Monitoring at Cisco Live, San Diego (BusinessWire) ManageEngine, the real-time IT management company, today announced deep packet inspection (DPI) for NetFlow Analyzer, the company's real-time bandwidth and security analysis software
General Dynamics Integrates Cyber Intelligence Expertise into Commercial Cyber Services Business (PRNewswire) Gartner Security Summit kicks-off today featuring General Dynamics Commercial Cyber Services' intelligence-based, enterprise-wide private sector cyber defense programs
Bugcrowd signs deal with electric car maker Tesla Motors (Startup Smart) Security testing marketplace Bugcrowd has inked a deal with Tesla Motors in order to help the electric car manufacturer improve its security systems
Panda Security Launches Adaptive Defense; Industry-First Solution for Endpoint Security Offering Automated Prevention, Detection and Remediation of Advanced Malware (BusinessWire) Representing major advancement over traditional protection, new solution categorizes all running processes on endpoints and reduces security teams' burden
Data Lakes Are More Manageable and Secure with Teradata Loom (MarketWatch) Teradata Loom enhances data lake security, speeds data access, and enables better integration with the customer's analytical ecosystem
Cisco Launches All-Purpose Security Server (Light Reading) Cisco announced a new security hardware server, the Firepower 9300, on Monday that's designed to provide a platform for multiple network security services
Kaspersky Endpoint Security for Business Expands Manageability Features (Zawya) Kaspersky Lab announces the release of Kaspersky Endpoint Security for Business Service Pack 1 (SP1), its flagship product for business
Avast Mobile Security and Antivirus: An in-depth look at this phenomenal Android antivirus (Ordoh) Today, there is an unprecedented increase in the number of malware programs that are infecting the Android Operating System
Ping Identity Connects Identity Control and Security (eWeek) The company announced its Identity Defined Security Platform. The new effort brings updated tools together to help tightly link identity with security
BT secures network with Check Point deployment (ITWire) UK telco and ICT services provider BT is to embed additional security capabilities into its global network, enabling customers to securely access cloud-based applications wherever they are hosted
Questions Arise About Microsoft's BitLocker Security (Virtualization Review) One journalist calls it "the best of several bad options for Windows users"
Technologies, Techniques, and Standards
NIST updates ICS security guide (Help Net Security) The National Institute of Standards and Technology (NIST) has issued the second revision to its Guide to Industrial Control Systems (ICS) Security
NIST Special Publication 800-82 Revision 2: Guide to Industrial Control Systems (ICS) Security (National Institute of Standards and Technology (NIST)) This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirement
Most infosec pros forget to change keys after a breach (CSO) Most security professionals don't know how to respond if the keys are compromised during a breach
6 steps to achieve cyber resilience (CSO) It is nearly impossible to stop attacks, but the key is how quickly can you keep that attack from spreading throughout your network
7 Critical Criteria for Data Encryption In The Cloud (Dark Reading) Encrypting the huge number of data files stored in a public cloud today is like bubble-wrapping an entire house. Better to focus on the fragile items that matter
Shared Responsibility A Key To Effective Cloud Security (Dark Reading) Former Walmart security architect talks shared responsibility in the cloud and the reason security architecture needs to change in cloud environments
Connected Threat Defense: Why Integration is Key to Effective Security (Trend Micro: Simply Security) Today's CISOs are fighting fires on several fronts to keep their organizations safe
Design and Innovation
Apple Is Open-Sourcing Swift, Its New Programming Language (TechCrunch) Apple senior vice president Craig Federighi just announced that the company is open-sourcing Swift, the programming language it debuted at its Worldwide Developer Conference last year
A CSO explains how to reduce risk by improving user experience (CSO) Peter Hesse shares how techniques used during development reveal a pathway to reduce risk while improving experience
Research and Development
DARPA Awards CyberPoint New $6M Research Contract (Virtual Strategy Magazine) Pentagon research agency taps CyberPoint Labs for revolutionary Space/Time Analysis for Cybersecurity (STAC) research program
Academic researchers will map nexus between organized crime and terrorism with DoD funding (FierceHomelandSecurity) Researchers at two universities have been awarded more than $950,000 from the Defense Department to examine the connections between organized crime and terrorism in Central Asia, South Caucasus and Russia
Academia
China Using Surveillance Drones to Prevent Cheating in College Exam (HackRead) We have always heard about negative use of drones or most of the times drones for surveillance purposes. But now two testing centers in Luoyang city of China will use surveillance drones to monitor college entrance exams to prevent students from cheating and smuggling electronic devices inside the center
Legislation, Policy, and Regulation
China is building the most extensive global commercial-military empire in history (Quartz) In the 18th and 19th centuries, the sun famously never set on the British empire
Obama Vows to Address 'Significant Vulnerabilities' After Latest Cyberattack (ABC News) President Obama acknowledged the U.S. government needs to address "significant vulnerabilities" in its technology systems, commenting for the first time on the recent cyberattack that compromised the personal information of 4 million current and former government employees
Rep. Scalise reacts to White House slamming Congress over cyber attack (Fox News) MARIA BARTIROMO, HOST: Good morning. A massive hack on federal government servers, leaving many wondering just how vulnerable we are to another attack
Strike Back At Chinese For OPM Hack; Build A Cyber Strategy (Breaking Defense) Chinese government-backed hackers continue to penetrate and steal information from large US personnel data repositories. Our government gnashes its teeth and may issue a statement
How Congress learned to stop bowing to President Obama on national security (The Week) For a brief period of time last week, the post-9/11 National Security Agency telephone surveillance program was no longer fully in force
NSA surveillance debate gives rise to bipartisan civil liberties coalition (Christian Science Monitor Passcode) Behind the scenes, the battle to curb National Security Agency call records surveillance catalyzed an unlikely coalition that bridged far-left and far-right political divides
The NSA Debate We Should Be Having (Slate) The spy agency is neither reformed nor toothless. But there is something that we should be talking about
Don't expect major changes to NSA surveillance from Congress (IDG via CSO) After the U.S. Congress approved what critics have called modest limits on the National Security Agency's collection of domestic telephone records, many lawmakers may be reluctant to further change the government's surveillance programs
Two Years After Snowden, Are We Better Off? (Defense One) The NSA's mass surveillance authority has been scaled back, but answers to other digital issues are still being contentiously debated
NSA targeting of foreign hackers does not infringe on anyone's privacy (Washington Post) What better way to celebrate the two-year anniversary of Edward Snowden's first leak about the National Security Agency's operations than to have the latest story from his cache of stolen government documents create another misleading public understanding of an NSA program, this one aimed at catching foreign hackers
Alberto Gonzales: More privacy can't keep us safe (USA Today) Balancing liberty and security is tough. We're about to find out whether we struck the right balance
Internet policy expert warns that proposal to improve ICANN accountability may backfire (FierceGovernmentIT) While a working group's proposal would enhance the Internet Corporation for Assigned Names and Numbers's accountability to a global multistakeholder community, a Syracuse University professor writes that some of the group's chartering members are also trying to make themselves more powerful within the Internet oversight body
Q&A: Naomi Lefkovitz explains what NIST's privacy risk framework means for agencies, NSTIC pilots (FierceGovernmentIT) The National Institute of Standards and Technology recently issued a draft interagency report that provides a risk management framework that will help agencies mitigate the exposure of personal information on federal information technology systems
Cybersecurity and Acquisition Practices: New Initiatives to Protect Federal Information of Civilian Agencies (Bloomberg Law) Government and private sector functions depend substantially upon information and communication technology
Bug Bounties in Crosshairs of Proposed US Wassenaar Rules (Threatpost) Bug bounties have gone from novelty to necessity, not only for enterprises looking to take advantage of the skills of an organized pool of vulnerability hunters, but also for a slew of independent researchers who make a living contributing to various vendor and independent bounty and reward programs
Litigation, Investigation, and Law Enforcement
Firms Could Be Forced to Disgorge Profits from Tax Refund Fraud (KrebsOnSecurity) Last week, KrebsOnSecurity ran an interview with Julie Magee, Alabama's chief tax administrator, to examine what the states are doing in tandem with the IRS and others to make it harder for ID thieves to commit tax refund fraud
Feds Want to ID Web Trolls Who 'Threatened' Silk Road Judge (Wired) On Dark Web sites like the Silk Road black market and its discussion forums, anonymous visitors could write even the most extreme libertarian and anarchist statements without fear
Attorney General Kamala D. Harris Announces Three-Year Sentence for Cyber Exploitation Website Operator (Highland Community News) Attorney General Kamala D. Harris announced today that Casey E. Meyering, the operator of a cyber exploitation website which posted intimate images of unsuspecting victims without their consent, was sentenced to three years in jail
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
ShowMeCon (St. Louis, Missouri, USA, Jun 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business
Cloud Identity Summit 2015 (La Jolla, California, USA, Jun 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user
NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, Jun 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor
Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, Jun 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle's Java. Many organizations are still running Windows XP which no longer receives security updates as of April 2014. This presentation discusses a free exploit mitigation toolkit called EMET that can be installed on all currently supported versions of Windows to significantly raise the bar for attackers by offering new and novel exploit mitigation techniques that have been pioneered by the Microsoft Trustworthy Computing division and independent security researchers from around the world. Presented by: Robert Hensing of Microsoft
Fraud Summit Boston (Boston, Massachusetts, USA, Jun 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange
CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, Jun 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics
19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, Jun 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education
Information Management Conference 2015 (Nashville, Tennessee, USA, Jun 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy
Cornerstones of Trust 2015 (San Mateo, California, USA, Jun 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, Jun 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways
Portland Secure World (Portland, Oregon, USA, Jun 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome
Suits and Spooks All Stars 2015 (New York, New York, USA, Jun 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers
REcon 2015 (Montréal, Québec, Canada, Jun 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days
Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?
Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution
Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, Jun 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole