The CyberWire Daily Briefing 06.26.15

Cyber Trends

Insider threats from privileged users cause anxiety, but contractors could prove to be worse (FierceITSecurity) The greatest cyberthreats to organizations might not be from outside the enterprise's castle walls, but from within. That's according to new research that shows cybersecurity professionals think the most pressing insider threat is the privileged user

Security should be enabling, says HP strategist Tim Grieveson (ComputerWeekly) Enterprises need to change the way they think about information security to see it as an opportunity for innovation, says HP's Tim Grieveson

The price of a data breach (Business Insider) Around $400 million were lost when 700 million private records from 70 organizations were exposed to hackers according to Verizon's 2015 Data Breach Investigations Report

Businesses know about POS security risks, but are they investing wisely? (Help Net Security) The majority of organizations have increased their POS security budgets during the last two years, but many of them are still using and investing in outdated technologies, such as antivirus

The Internet of Things and Legal Risks (Legaltech News) Legaltech West 2015 panel will discuss the growing prominence of wearables, the Internet of Things and how they're likely to affect the practice of law

Are the Hacks on Mr. Robot Real? (Avast! Blog) Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network. The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night

Legislation, Policy and Regulation

Carter: NATO must gird for cyber battlefield (Stars and Stripes) NATO needs to better prepare for unconventional hybrid threats, even as it heightens its military readiness, U.S. Defense Secretary Ash Carter said Thursday

China, U.S. Plan Cyber 'Code of Conduct' (BankInfoSecurity) Obama presses Chinese government to lower cyber tensions

There's no law to prevent intelligence agencies using private data. That has to change (Guardian) The intelligence commissioner's report suggests that agencies are being commendably responsible in how they handle bulk data. But that isn't enough

Oops! GCHQ accidentally spied on its own staff too much (Graham Cluley) The UK government has today published a report by Sir Mark Waller, the Intelligence Services Commissioner, into the activities of British intelligence agencies (including GCHQ)

US partners with Estonia on cybersecurity, digital services (FierceGovernmentIT) Speaking in Talinn, Estonia, Defense Department Secretary Ash Carter announced a new initiative to bolster NATO's cybersecurity efforts, while 18F employees met with Estonian technologists in Washington to learn from one another's digital services offerings

House votes to keep congressional control over domain name system transition (FierceGovernmentIT) The House approved a bill that would let Congress check over plans to shift control over the Internet's domain name system to an international organization

Privacy outcry over proposal to reveal website owners' identities (Naked Security) Privacy outcry over proposal to reveal website owners' identitiesPeople fighting for their privacy rights are deluging domain overseer ICANN with comments opposing a proposal that would strip the rights of commercial domains to use proxy services to shield registrants' true identities and addresses

DHS rushes to complete cyber defense programs for agencies (Federal News Radio) The Department of Homeland Security says it is ramping up its efforts to detect cyber threats against agencies both inside their networks and at the points at which they intersect with the public Internet. One key element of the government's threat detection strategy almost will be entirely in place by the end of September

Official: DHS has authority to order agencies to bolster network security, but no stick to enforce (FierceGovernmentIT) While updated legislation last year gave the Homeland Security Department power to order other federal agencies to strengthen cybersecurity, House lawmakers lamented when witnesses at a June 24 congressional hearing said there's no penalty if agencies don't comply

Coast Guard Unveils New Cyber Strategy (Military.com) The Coast Guard's leadership has outlined a new cyber strategy while renewing long-standing complaints that a lack of funding has hamstrung proven efforts to interdict drug trafficking

Cybersecurity: Believe it or not, the buck should stop at the U.S. Coast Guard (Urgent Communications) What ever happened to Harry Truman's famous slogan, "The buck stops here"? Testifying before the Senate this week, the director of the Office of Personnel Management (OPM) stated no one is responsible for the most massive cyber espionage theft in modern history

Dateline

SINET Innovation Summit 2015: "Connecting Wall Street, Silicon Valley and the Beltway" (SINET) SINET Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental cybersecurity challenges is critical to the advancement of innovation in the cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on cybersecurity research projects

SEC commissioner urges info sharing, quick action at SINET summit (SC Magazine) "Network security is only effective 24 percent of time," Luis Aguilar, commissioner at the Securities and Exchange Commission (SEC) told an audience of mostly financial industry pros, government officials and tech firms at the SINET Innovation Summit in New York on Thursday

Regulation Systems Compliance and Integrity (US Securities and Exchange Commission) The Securities and Exchange Commission ("Commission" is adopting new Regulation Systems Compliance and Integrity ("Regulation SCI") under the Securities Exchange Act of 1934 ("Exchange Act") and conforming amendments to Regulation ATS under the Exchange Act. Regulation SCI will apply to certain self-regulatory organizations (including registered clearing agencies), alternative trading systems ("ATSs"), plan processors, and exempt clearing agencies (collectively, "SCI entities"), and will require these SCI entities to comply with requirements with respect to the automated systems central to the performance of their regulated activities

SINET panel sees uptick in bad actors, expanding attack surface (SC Magazine) A panel at the SINET Innovation Summit agreed that while threats aren't more advanced they are persistent

Products, Services, and Solutions

Secure Critical Infrastructure and Industrial Internet of Things (Information Security Buzz) Intel Security Technologies to be included in Honeywell's Industrial Cyber Security Solutions for Process Control

Avast vs. Norton vs. AVG Comparison — The Best Antivirus Programs (Donklephant) After being attacked by hackers, the Internet has taught many users about the importance of securing their computers and mobile devices with anti-virus programs

Avast Free Antivirus Beta Update Adds Improved Windows 10 Support (Softpedia) New beta should flawlessly work on Windows 10 too

Invincea Tackles Endpoint Security With First Installment Of Monthly Threat Report (Homeland Security Today) New technology threats and dangerous trends spring up on a daily basis, including numerous incidents threatening endpoint security. Within the past week alone, there have been weaponized Word documents endpoints in Japan. And a recent trend has emerged where Facebook passwords are stolen, accounts infiltrated and malware spread via multiple pathways without detection

Dome9 Debuts Security Visualization for AWS CloudFormation Templates (PRNewswire) New console enhancement enables design-phase analysis and remediation of network security issues

Technologies, Techniques, and Standards

Serious Security: Understanding the 'P' in 'VPN' (Naked Security) A concerned Naked Security reader called Greg recently asked us to say a few words about Virtual Private Networks, or VPNs

Defensive and Offensive Security Domains (Dark Matters) Talk to most security consultants and the theme of their advice would be to park your goods in the middle of the road and then deploy sentries to defend against the incoming

Metrics for Success: Investing in Security's ROI (Security Info Watch) We hear a lot about the difficulty of documenting Security's return on investment. Well, take a look at this example

How do you recover from a hack? (WeLiveSecurity) Recent high-profile data breaches at the US Office of Personnel Management (OPM), Adult Friend Finder and the German Parliament illustrate criminals' insatiable appetite for data and financial reward

Breach Defense Playbook: Cybersecurity Governance (Dark Reading) Time to leave the island: Integrate cybersecurity into your risk management strategy

GPS celebrates its 20th anniversary (FierceGovernmentIT) The Global Positioning System — another technological tool most of us have come to unconsciously rely on every day — is turning 20

Marketplace

Rising Tide of Security Threats Disarms Conflicts between CFOs and CIOs (Hot for Security) Two thirds of CFOs make cybersecurity a high or very high priority, while 71% have increased involvement in IT in the last three years, according to a study by big four accountancy firm Ernst & Young

The State Of The Cyberthreat Intelligence Market (ComputerWorld) Follow the money but that isn't enough

The Fight for Cloud Security Supremacy (Channel Partners) If you thought the Internet of Things was set to take off, there might be an even bigger opportunity brewing for partners in cloud security

Palantir Technologies Intrigues Investors Despite Its Mysteries (New York Times) Palantir Technologies' mystery inflates its valuation. The firm, a private data analytics company backed and beloved by government intelligence, is raising $500 million in fresh cash, giving it a potential valuation of $20 billion and landing it fairly high on the list of so-called unicorns

Exclusive: SRA International seeks $2 billion sale or IPO (Reuters) SRA International Inc is exploring a sale or initial public offering that could value the U.S. defense information technology company at around $2 billion, including debt, people familiar with the matter said on Thursday

Security Firm Sophos To Raise $125M In UK IPO, Valuing It At $1.6B (TechCrunch) Sophos, the security company that makes antivirus software, firewall hardware and other products for networks, individual users and servers, is going public this morning on the London Stock Exchange, with Sophos Group plc to trade as "SOPH." In its initial public offering, the company will sell 34.8% of its shares at 225 pence each (or 156,521,740 shares). It plans to raise $125 million on a valuation of £1.013 billion ($1.6 billion) — making it the latest tech "unicorn" to come out of the UK

BitSight Raises $23M In Series B Funding For Security Ratings Technology (CRN) BitSight Technologies has raised $23 million in Series B funding for its security ratings technology, the Cambridge, Mass.-based startup revealed Thursday

Insight Venture invests $84 million in Israeli cyber firm Checkmarx (Reuters) Israeli cyber security company Checkmarx has raised $84 million in funding from New York-based venture capital firm Insight Venture Partners, which will help it accelerate growth and expand globally, it said on Thursday

Perception still the Achilles' heel for Huawei (Digital News Asia) Still attempting to crack the US market amidst mounting suspicion. Expected to grow globally, security concerns largely US phenomenon

Tanium moves into cyber forensics, hires executives to strenghten new focus (FierceFinanceIT) Enterprise security and systems management technology company Tanium is moving into cyber forensics, with two recent executive-level security hires helping to develop the new capabilities

AdaptiveMobile expands to become Ireland's #2 telecom software company (Realwire) Majority of North American subscribers, and 1 in 5 of all subscribers globally, now protected by AdaptiveMobile

How a cyber company is gaining more clients without naming its existing ones (Baltimore Business Journal) A new partnership with Reistertown's Raven Data Technologies will help Baltimore cyber security firm Light Point Security grow its client base by thousands of users

PFP Cybersecurity Named a 2015 Gartner 'Cool Vendor' in Managing OT in a Digital Business (PRNewswire) PFP Cybersecurity, a unique provider of anomaly-based cyber security threat detection technology using machine learning and data analytics, today announced it has been named a "Cool Vendor" in the recent report by Gartner, Inc

Fortinet Wins 'Network Security Vendor of the Year' Award at the 2015 Frost & Sullivan India ICT Awards (Financial Express) Fortinet was named 'Network Security Vendor of the Year' at the 2015 Frost & Sullivan India ICT Awards held on June 18th at Le Meridien in New Delhi

How to Land Yourself in A Dream Career in Cybersecurity (Cisco Blogs) Last week I had the wonderful honor of being a presenter in the Cisco Networking Academy Find Yourself in The Future Series. To date this series has attracted over 9000 live attendees, which is testament to the extremely high levels of interest in technology careers in this region as well as the extraordinary efforts of the APAC marketing team. One figure blew me away in particular: 70% of attendees are interested in pursuing careers in cybersecurity

NSA director praises Augusta's partnerships to grow cyber sector (Augusta Chronicle) The chief of the National Security Agency and U.S. Cyber Command praised Augusta's growing cyber sector and its initiative to support a military and civilian defense speciality that's increasingly important to national security

Becoming the "Capital of the Cyber Coast" (Pensacola Today) Turnout at cybersecurity job fair this week helps to boost Pensacola's reputation in field

Facebook just hired the executive who was steering Yahoo's security turnaround (Washington Post) Tech companies ask users to put a lot of faith in the security of their products — and Facebook just poached Yahoo's chief information security officer to help keep that faith

EY Entrepreneur of the Year winners revealed (Baltimore Business Journal) The buzz word was growth at this year's EY Entrepreneur of the Year awards on Thursday night in Baltimore as seven companies took home top honors in the annual competition that rewards innovation and financial performance

Research and Development

Quantum leap: Untangling Toshiba's 'unbreakable' encryption (SC Magazine) Claims Toshiba is developing secure quantum cryptography should be taken with a quantum of salt, a number of cyber-security experts say

Linux Foundation Funds Internet Security Advances (InformationWeek) The Linux Foundation's Core Infrastructure Initiative has selected three security-oriented projects to receive a total of $500,000 in funding

Security Patches, Mitigations, and Software Updates

Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA (Cisco Security Advisories) Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv) are affected by the following vulnerabilities

Stored XSS Flaw Patched in Thycotic Secret Server (Threatpost) Thycotic, a maker of access-control and other security products, has patched a stored cross-site scripting vulnerability in one of its products that could enable an attacker to steal a victim's stored passwords

Node.js Patches Against Logjam Attack (Softpedia) New OpenSSL version fixes flaw causing denial-of-service

Apple tweaks iOS 9 to stop advertisers getting our app data (Naked Security) iOS 9 tweak to stop advertisers from snooping into app download listsThere's a handy little application programming interface (API) in iOS called "canopenURL"

Java updater to stop pushing Ask Toolbar, will foist Yahoo search on you instead (Naked Security) Oracle's Java, infamous in the past for bundling the Ask Toolbar as part of its install and update processes, is ditching Ask in favour of Yahoo's search engine

Cyber Attacks, Threats, and Vulnerabilities

The Iranian-Saudi Conflict and Its Cyber Outlet (Recorded Future) Cyber warfare is an increasingly prominent aspect of the Iranian-Saudi hegemonic rivalry in the Middle East. Cyber attacks offer new revenge (e.g., 2012 attack on Saudi Aramco) and propaganda opportunities in this long running "cold war" type conflict

The new Cold War: how Russia and China are hacking British companies and spying on their employees (Telegraph) There are now three certainties in life: death, taxes, and cyber-attacks by foreign agents intent on industrial espionage

China Is the Leading Suspect in OPM Hack, US Says (Defense One) The intelligence community thinks they know who stole the data. That doesn't change much

GEOINT 2015: Intel chief wants decisive cyber response (C4ISR & Networks) The recent data breach at the Office of Personnel Management underscores a much bigger problem facing federal cybersecurity, according to the head of U.S. intelligence

US benefiting from accusing China of doing cyber attacks: Analyst (Press TV) Washington's claims that China has conducted cyber attacks against the US are used to pump billions of dollars into the American cyber command, says an analyst

McCain Lays Into OPM Director Over Data Breaches (National Journal) The head of the Office of Personnel Management faced a third consecutive day of intense questioning over her handling of a series of data breaches last year

How Cyber Attack on US Personnel Office Erodes Public Confidence (Daily Signal) Americans will become even more reluctant to entrust themselves to the government's electronic records because of the widening scandal of successful cyber attacks on the federal personnel agency, an expert in digital customer satisfaction says

No, Virginia, the FBI was not hacked by China. Newsweek got it wrong. (CSO) Newsweek "exclusive" takes FUD to a new level

New Report Raises More Questions about U.S. Government's Commitment to Cybersecurity (Legaltech News) 'The report is important as it identifies the scope of possible leaked government credentials floating around on the web'

Stolen logins for US government agencies found all over the web (Naked Security) CIA and Google Ventures-backed private company Recorded Future says stolen government login credentials have been spotted all over the web, leading to the possible exposure of logins for 47 US government agencies spread across 89 unique domains

Default SSH Key Found in Many Cisco Security Appliances (Threatpost) Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said that all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability

Banking-Trojaner Dridex nutzt Windows-Schwachstelle (Pressebox) G DATA gibt Tipps zum Öffnen von Anhängen in E-Mails

Why a Dyre infection leads to more than just stolen banking credentials (Help Net Security) The Dyre/Dyreza information-stealer has without a doubt filled the vacuum generated by the 2014 and 2015 law enforcement takedowns of botnet infrastructure of several prominent financial Trojan groups: Gameover Zeus, Shylock, and Ramnit

Can you trust Tor's exit nodes? (Naked Security) Tor is the encrypted, anonymous way to browse the web that keeps you safe from prying eyes, right?

Sony Should Have Seen the Hack Coming: Report (Variety) Fortune magazine, in a detailed examination of the cyber-hack that crippled Sony Pictures, is asserting that the studio was poorly prepared for the attack and should have seen it coming

How Fortune got inside the Sony hack (Fortune) What Peter Elkind found in his six-month investigation of the cybercrime of the century should terrify corporate America

Expedia users targeted by phisher who gained access to their info (Help Net Security) An unknown number of Expedia customers have been getting emails from the company, warning them about fraudulent emails or SMSes they might receive or might have already received, asking them to share personal or credit card data

Nigerian scammers are stealing millions from businesses (Help Net Security) When someone mentions advanced fee or romance scams most people immediately associate them with Nigerian scammers. But there is another type of scam that these fraudsters actively engage in: the so-called "change of supplier" scam

Q2 2015 State of Infections Report Highlights 'Click-Fraud' as Entry Route for High Risk Ransomware (Damballa) Damballa, the experts in advanced threat protection and containment, today released its Q2 2015 State of Infections Report, highlighting how a device hi-jacked for the purpose of conducting 'click-fraud' can become a conduit for more serious malware such as ransomware. The study cited an example of how a compromised device, originally exploited for the seemingly innocuous purpose of click fraud — a scam to defraud 'pay-per-click' advertisers — became part of a chain of infections, which led within two hours to the introduction of the toxic ransomware CryptoWall — the cyber equivalent of a 'wolf in sheep's clothing'

Over One Third of Firms Hit by Ransomware Blitz (Infosecurity Magazine) More than one third of corporates have been hit by ransomware attacks or know a company that has, according to new research from security vendor ESET

Darknets in the Deep Web, the home of assassins and pedophiles (Security Affairs) Security experts at Trend Micro published a report on the Deep Web and related illegal activities that exploit the darknets it contains

Protests or profiteering? Whether it's Anonymous, the Cyber Caliphate or Cyber Berkut, the hack remains the same (Computing) "Hacktivism" has been around since the Cult of the Dead Cow in the 1980s; only the names have changed. Where we once heard about Chaos Computer Club and the Legion of Doom, we now have high-profile examples like Anonymous, Anti-Sec and Lulzsec

Academia

Desperately seeking STEM: Ministry works to promote cyber-education (Times of Israel) Israel signs second agreement with tech firm Lockheed-Martin to encourage more kids to study science and tech

Students learn about cybersecurity at Cyber Sciences Summer Academy (Augusta Chronicle) Rackley Wren said one of the most striking things he learned at Georgia Regents University's Cyber Sciences Summer Academy was that he "cannot tell a lie at all"

Litigation, Investigation, and Enforcement

FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang (Dark Reading) Security vendor's report from last year had warned about group targeting insider data from illegal trading

European cybercrime group dismantled (Prague Post) Group based in Ukraine was using Zeus and SpyEye malware to get bank details

France may offer Edward Snowden, Julian Assange asylum (Stuff) France's Justice Minister has canvassed possible asylum for WikiLeaks founder Julian Assange and former US intelligence contractor Edward Snowden as WikiLeaks and French newspapers promise further revelations of US espionage against the French government and private companies

Are 'Private' Communications Really Privileged? (Legaltech News) It's more difficult than ever to determine what falls beneath the veil of privileged communication

When Hackers Steal Your Intellectual Property, it Can Have a Long Term Impact (Tripwire: the State of Security) What's the worst thing your hackers could steal from your organisation?

Turkish cyber attack suspect appears in New York court (AFP via the Hurriyet Daily News) A 33-year-old Turkish man extradited to New York appeared in court on June 24 on charges that he organized three cyber attacks costing the global financial system $55 million, prosecutors said

FBI Rounding Up Islamic State Suspects (BloombergView) The FBI has been rounding up more potential "lone wolf" terrorists, Congressional leaders and the Justice Department say, in response to the perception of a mounting threat of domestic attacks inspired by the Islamic State

Design and Innovation

Real-Time Cyber Attacks worldwide (Capital Technologies) A new website demonstrates in a fascinating way the cyber attacks in real time. The result is taken as a computer game or a science from Terminator

Nasdaq partners with Chain on blockchain-based share transfers for private companies (FierceFinanceIT) Nasdaq has tapped blockchain infrastructure provider Chain for Nasdaq's previously announced initiative to use blockchain technology to boost the efficiency of Nasdaq Private Market

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape: Cyber Security, High Frequency, Bitcoin and digital currency, Data analytics, Regulation, New buy-side technologies, The role of the CDO, Risk management. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum. Designed for and driven by end users from top buy-side firms across the US, the one day Buy-Side Technology North American Summit provides an unrivalled opportunity to network with peers while hearing from leading industry executives

upcoming Events

Cyber Security for Defense (Augusta, Georgia, USA, June 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution

Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, June 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions

NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented

US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, June 29 - July 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow

Information Assurance Symposium (Washington, DC, USA, June 29 - July 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia

Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, June 29 - July 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework

Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, June 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole

National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, July 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered preventative tools ineffective. The ultimate goal — disrupting and stopping attacks — has continued to elude security experts. The next stage in the industry's evolution is to move to a stance of "dynamic defense," which combines the ability to detect an attack and fully understand its scope and potential impact on the business, and then use the information to disrupt the attack before adversaries can accomplish their goals

TakeDownCon Rocket City (Huntsville, Alabama, USA, July 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks

CyberMontgomery 2015 (Rockville, Maryland, USA, July 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders