The CyberWire Daily Briefing 11.19.15

Cyber Attacks, Threats, and Vulnerabilities

ISIL releases video threatening attack on New York City (USA Today) The Islamic State released a new propaganda video threatening attacks on New York City, city officials confirmed Thursday

French Intel Predicted Paris Attack, but Got the Timing Wrong (Haaretz) They thought ISIS would aim for UN Climate Change Conference in the French capital on November 30, when dozens of world leaders would be in town

'It's All Back in Snowden's Lap' (Politico) Former CIA Acting Director Michael Morell on how the NSA leaker's revelations might have led to the Paris attacks

Anonymous claims it has eliminated 5,500 ISIS Twitter accounts (The Hill) The hacking group Anonymous said Tuesday it has taken down 5,500 Twitter accounts tied to the Islamic State in Iraq and Syria (ISIS)

Hackers To Destroy ISIS By Unleashing Waves Of Cyber Attacks? [VIDEO] Islamic State Laughs Off 'Idiotic' Threats (Jobs & Hire) A war has officially begun in the cyber world realm as an international team of brave hackers known as Anonymous threatened to unleash series of cyber-attacks against the vicious terrorist group, ISIS

Islamic State goes cyber: OPSEC, app ratings and a 'Jihadi Help Desk' (Army Times) As attacks sponsored by the Islamic State group spread beyond its ill-defined borders, its members continue to communicate using the same types of messaging applications, forums and social media sites familiar to tech users worldwide

Security experts: ISIS' favorite messaging app is no match for feds (ZDNet) The app's cryptography is like "being stabbed in the eye with a fork," according to one leading cryptographer

How Anonymous really targets ISIS (CSO) With the ISIS attacks on Paris, Anonymous declared war on ISIS. The reality is that is more hype than fact, and misleading

Will Anonymous' plot against Islamic State make any difference? (+video) (Christian Science Monitor Passcode) Or are digital vigilantes just hindering government efforts to pursue and disrupt the militant group?

Britain hit by massive cyber-attack as Islamic State hackers launch assault against Anonymous (Mirror) Britain has come under sustained cyber-attack as Islamist hackers launch revenge attacks against Anonymous, the shadowy group which has vowed to wipe "ISIS off the internet"

Why Aren't Terrorists Committing More Cyberattacks? (Nextgov) The fear of terrorist organizations flexing their cyber muscles by launching a debilitating cyberattack is far greater than the actual reality of the situation, said Tricia Bacon, former counterterrorism official for the State Department at an event Tuesday

Hacktivists Threaten to Target Law Enforcement Personnel and Public Officials (US Federal Bureau of Investigation) Law enforcement personnel and public officials may be at increased risk of being targeted by hacktivists

Blackhole exploit kit makes a surprising encore appearance (IDG via CSO) Malwarebytes saw an attack that reused old exploits, probably limiting its effectiveness

Hacking group that hit South Korea may be at it again with new target (IDG via CSO) It appears the same malware was recently used against an organization based in Europe

Damballa discovers new toolset linked to Destover (Damballa: Day Before Zero) Attacker's arsenal helps them to broaden attack surface

Sakula Reloaded (Crowdstrike: the Adversary Manifesto) Often during the investigation of sophisticated threat actors, the demarcation between the different attackers and campaigns are blurry

Siri's Flaw: Apple's Personal Assistant Leaks Personal Data (TrendLabs Security Intelligence Blog) Siri for iOS devices has made everyday tasks easier; whether it is getting directions to the nearest gas station or staying in contact with growing social media networks

Trend Micro warns of Ashley Madison fallout and rise in data breaches (Inquirer) A range of problems, and a breach is more than one

Googlebot May Accidentally DDoS Your Spam-Infected Website (Softpedia) Webmasters that remove large-scale spam infections from their website may sometimes be DDoSed by Google's search engine crawling bot, a.k.a. Googlebot

Mixing ERP and production systems: Oil industry at risk, say infosec bods (Register) There will be pwnage

BIMCO Conference Hears There Is "Significant Potential For Cyber Disruption" And "Malicious Takeover" Of Systems Onboard Ships (Hellenic Shipping News) Attendees of BIMCO's Annual Conference in Hamburg will today hear the very latest findings on the potential vulnerabilities of ships to cyber attacks

Child Porn and Malware in Facebook Scam (Check & Secure) As reported on by Cybercrime Coordination Unit Switzerland (CYCO), ever more pictures are emerging on Facebook with worrying scenes of child pornography depicted. These are the result of hacked Facebook accounts

UC Health investigating possible data breach (WLWT 5) Officials: Email mishap affected more than 1,000 people

Security Patches, Mitigations, and Software Updates

Gmail: "Warning! That email was not sent through an encrypted connection." (Naked Security) Google has announced plans to tell Gmail users which emails have been sent through an encrypted connection and which have not

Cyber Trends

Security in 2016: The death of advanced persistent threats (ZDNet) Kaspersky predicts that APTs will cease to exist next year — but what will take their place?

Cyberattacks on vehicles to increase sharply in 2016, McAfee Labs predicts (Canadian Underwriter) Cyberattacks on automobiles will increase sharply in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles, suggests the McAfee Labs 2016 Threats Predictions report released earlier this week

PHI breaches not limited to healthcare organizations (FierceHealthIT) Verizon's Suzanne Widup: Many entities don't understand they have that kind of data

Marketplace

Cybersecurity driving federal IT markets (C4ISR & Networks) Cybersecurity in its many forms — safeguarding IT networks and data, establishing governance and policies, negotiating acquisition — continues to act as a major force behind a huge slice of the U.S. economy, the federal government

Army Requires Consortium Membership for Cyber Innovation Challenge Participants (ExecutiveBiz) The U.S. Army has announced that industry stakeholders should become a member of the Consortium for Command, Control, Communications and Computer Technologies in order to participate in the proposed Cyber Innovation Challenge

Cybersecurity for the insecure RIA (Investment News) Ways to prevent a bad outcome when examiners come to assess your cybersecurity efforts

Symantec: Moving ahead, by returning to its roots (ITWire) Symantec is seeking to dedicate the next 18 months to regaining its 'fighting weight' and becoming the new leader in enterprise security

Microsoft spending on security R&D rivals Symantec (ZDNet) Microsoft is spending more than $1 billion on security research and development. Will that funding mean enterprises will curtail spending with independent security vendors?

Microsoft Sheds Reputation as an Easy Mark for Hackers (New York Times) Microsoft was once the epitome of everything wrong with security in technology

Has Microsoft Really Rebuilt its Security Cred? (Fortune) Adding some of the security market's brightest minds and Satya Nadella certainly didn't hurt matters

Microsoft's Biggest Contribution to Security Is Free Windows Upgrades (Wall Street Journal) Microsoft Corp.MSFT +1.19% CEO Satya Nadella on Tuesday described his company's bold moves to protect Windows users from digital security threats. But the company has already made its most significant contribution to cyber security: free Windows 10 upgrades

BlackBerry believes in encryption backdoors — believes it's good for business (Bitdefender) BlackBerry, once the darling of corporations the world over, is trying to rebuild itself and seize marketshare back from the iPhone and Android smartphones that have so dramatically overtaken it in recent years

Akamai (AKAM) Looks Broken, But It's Not — UBS (Street Insider) UBS analyst, Steve Milunovich, published a research note describing a conversation with Akamai Technologies (NASDAQ: AKAM) management that highlights growth headwinds near term but upside opportunity through new products and Over The Top programming longer term

Israeli cyber start-up SAFE-T files for Tel Aviv IPO (Reuters) Nov 17 Israeli cyber security start-up SAFE-T plans to become the first tech company to go public on the Tel Aviv Stock Exchange in 2015 after it issued a prospectus to raise 22 million shekels ($5.6 million)

Cloud Cybersecurity Firm ProtectWise Raises $20M In Series B Funding (TechCrunch) When a company's security is breached a critical step of the recovery process is seeing exactly what happened, including where the vulnerability was exposed and what exactly the hackers had access to

This cyber-security start-up is trying to get corporations to open up about their issues (Washington Post) TruSTAR, a start-up headed by a former Bush Administration cyber-security advisor, announced Monday that it has raised $2 million from West Coast investors for a platform that allows companies to anonymously compare notes on cyber-threats

Darktrace says business must heed alert on cyber terror (Business Weekly) Cambridge cyber security specialist Darktrace was at GCHQ this morning as UK Chancellor George Osborne announced a £2 billion war chest to accelerate the fight against global terrorism

Cyber security mission takes Darktrace to Mexico (Cambridge News) Darktrace is one of five British companies to participate in the cyber security trade mission to Mexico City, which starts today, organised by the UK Trade and Investment's Defence and Security Organisation and the Home Office

Kordia bolsters cyber security clout with $10 million Wellington acquisition (Computerworld) "This acquisition equips Kordia to further advance our security strategy and meet the demands of our current and potential customer base"

SuperCom Completes Acquisition of Cyber Security Company — Prevision Ltd. (PRNewsire) Accretive and synergistic acquisition broadens solutions offering with complimentary cyber security capabilities

Hacking Drives Cybersecurity M&A (Payments Source) The recent uptick in cyberattacks, including the hack of extramarital dating site Ashley Madison, is making companies tighten their Web security and driving up demand for cybersecurity providers

MACH37 Cyber Accelerator accepting applications for Spring 2016 session (Augusta Free Press) The MACH37™ Cyber Accelerator has officially announced it will begin accepting applications from information security product startups and security entrepreneurs for its Spring 2016 (S16) Cohort that begins on March 14

Cyber security sector struggles to fill skills gap (Financial Times) Global demand for cyber security experts is forecast to outstrip supply by a third before the end of the decade, with companies struggling against what one senior industry figure has called the "largest human capital shortage in the world"

Can the 'CSI Effect' Help Tackle the Cyber Security Skills Gap? (Team Cymru) Much (virtual) ink has been spent describing the cyber security 'skills gap' — the lack of experienced candidates available to fill the ever expanding number of security related roles that organizations are attempting to recruit for

Closing the cybersecurity talent gap, one woman at a time (CIO) The severe shortage of cybersecurity talent is leaving the U.S. vulnerable to attacks. Women, in particular, are key to closing the security skills gap

Wedge Networks announces industry leader James Hamilton as CEO (PRNewswire) New CEO to accelerate global growth in cloud security sector

BrightPoint Security CEO Anne Bonaparte Wins Female Executive of the Year (TopTechNews) BrightPoint Security™, a leading Threat Intelligence Platform provider for automation, curation and sharing of threat intelligence Relevant Products/Services to fight cyber attacks, today announced that President and CEO Anne Bonaparte was named a Female Executive of the Year Silver Stevie® Award winner in the 12th annual Stevie Awards for Women in Business

Products, Services, and Solutions

New Cybrary Mobile App Provides Hacking Training to Developing Nations with Limited Web Access (KLTV) Cybrary, the world's first and only no-cost cyber security massive open online course (MOOC) provider, announced the availability of its Android-based mobile app that allows users with limited Web access — particularly in developing countries — to learn hacking, forensics and other cyber security skills on the go

CyberTech Unveils Azure-Powered Public Safety Incident Mgmt Platform; Vince Rosales Comments (ExecutiveBiz) CyberTech Systems and Software has rolled out a cloud-based public safety technology that works to help law enforcement agencies detect and investigate criminal activities

Cryptzone Announces Dynamic 'Segment of One' Solution for Cloud and Hybrid Environment Access Control, Reducing Attack Surfaces By Up To 95% (Cryptzone) New AppGate XDP release simplifies access security and ensures that all resources — private cloud, public cloud and on-premises — remain invisible until authorized

Want to stop apps from sharing your data? There's an app for that, too (Christian Science Monitor Passcode) Northeastern University researchers launched an app called ReCon to track and limit the personal information that's collected and shared by other smartphone apps

Imperva CounterBreach Uses Machine Learning to Protect Against Insider Threats (Nasdaq) New solution designed to protect global organizations from rising tide of data theft and loss due to compromised, malicious and careless users

Here's a Spy Firm's Price List for Secret Hacker Techniques (Wired) The trade in the secret hacker techniques known as "zero day exploits" has long taken place in the dark, hidden from the companies whose software those exploits target, and from the privacy advocates who revile the practice. But one zero-day broker is taking the market for these hacking techniques into the open, complete with a full price list

Massive & Widespread Java Zero-Day Exploit Makes Heartbleed Look Tame (PRNewswire) Contrast Security offers free, automated remediation, available now

Observable Networks' Dynamic Endpoint Modeling Solution Now Available On AWS Marketplace (PRNewswire) Observable Networks Inc., an emerging leader of advanced threat detection services, today announced the availability of its Dynamic Endpoint Modeling solution on the Amazon Web Services (AWS) Marketplace

Thales Launches Data Security Platform (ExecutiveBiz) Thales has introduced a new security platform for commercial and government customers to protect data in transit

Singapore Adopts Gemalto Authentication Tech for E-Gov Services (ExecutiveBiz) Digital security company Gemalto has provided its two-factor authentication and password encryption technologies to support Singapore's government e-services system

How to crowdsource your way to better security (CIO via CSO) Synack, a company founded by former NSA analysts, attempts to leverage the best of man and machine approaches to provide enterprise cybersecurity protection

AVG launches a Tor- and VPN-enabled router that you can only get on Indiegogo (International Business Times) Software security provider AVG Technologies is trying its hand at something new

SentinelOne adds feature to restore files hit by ransomware (Computerworld) If the worst-case scenario happens, files can be restored

ESET's latest app allows parents to manage child's online mobile experience (PRNewswire) ESET®, a global pioneer in proactive digital protection for more than two decades, today announced the launch of the ESET Parental Control for Android app, which helps parents ensure their children enjoy their mobile devices safely and appropriately

Technologies, Techniques, and Standards

Lessons For Security Sector From The Paris Attacks: The Value Of Sharing Data And Vigilant Guarding (Source Security) Let's say it up front: The physical security sector has limited solutions to address events like those in Paris on the 13th November

Report: Everyone Should Get a Security Freeze (KrebsOnSecurity) This author has frequently urged readers to place a security freeze on their credit files as a means of proactively preventing identity theft

How to deal with the blind spots in your security created by SSL encrypted traffic (Network World) SSL/TLS encryption is widely used to secure communications to internal and external servers, but can blind security mechanisms by preventing inspection of network traffic, increasing risk

Protecting Microsoft Edge against binary injection (Windows Blog) In May, we announced that Microsoft Edge was saying goodbye to binary extensibility models such as ActiveX and Browser Helper Objects

How to enable two-factor authentication on your Amazon account (Hot for Security) One of the internet's biggest online stores, Amazon, appears to have finally started giving its users an additional way to protect their accounts

Inside the largely unexplored world of mainframe security (Help Net Security) The security of mainframe computers — the so-called "big iron", which is mainly used by large organizations for critical applications, bulk data and transaction processing — is not a topic that has garnered much interest from the public

Guidelines for smart city technology adoption (Help Net Security) Securing Smart Cities, the not-for-profit global initiative addressing the cyber security challenges of smart cities, released guidelines jointly developed by Securing Smart Cities and the Cloud Security Alliance (CSA) for the adoption of smart city technology

Insider Threats: 10 Ways To Protect Your Data (InformationWeek) While IT focuses on outside threats, danger lurks from within — your employees. Whether intentional or unintentional, data breaches resulting from workers mishandling data can be prevented. Here's a look at 10 ways it can be done effectively

Don't Just Turn It On (Alert Logic Blog) Most businesses do a pretty thorough job of planning and researching their security purchases

10 dumb security mistakes sys admins make (InfoWorld via CSO) Do as I say, not as I do: Admin mistakes often surpass the severity of those made by users. Here are 10 of the most common — and their remedies

5 tips for winning a bigger cybersecurity budget (HealthCareITNews) Hint: Getting breached, while far from ideal, will almost always work

Research and Development

U.S. may be financing encryption apps to stay ahead of terrorists (Computerworld via CSO) The U.S. government's financial support for the development of smartphone encryption apps doesn't surprise security experts

Legislation, Policy, and Regulation

Norms of cyberwar in peacetime (Brookings) Cyberattacks and the appropriate response are new territories in national security. While most attacks do little damage and their perpetrators are often unclear, the potential risk is growing

U.S. counterintelligence chief skeptical China has curbed spying on U.S. (Reuters) U.S. counterintelligence chief Bill Evanina said on Wednesday he was skeptical China had followed through on recent promises to curb spying on the United States

Russia says has stepped up all types of intelligence gathering in Middle East (Reuters) Russia has stepped up all types of intelligence gathering in the Middle East, including satellite reconnaissance, a senior representative of the Russian Army's General Staff said on Wednesday, Russian news agencies reported

Opinion: 5 strategies for hacking the Islamic State (MarketWatch) The terrorist group is digital-savvy, so that's where intelligence services can make inroads

Why it's better to fight terrorists than terrorism (Washington Post) People don't become terrorists because they're poor or uneducated

How the Islamic State makes its money (Washington Post) Weapons, vehicles, employee salaries, propaganda videos, international travel — all of these things cost money

Paris attacks stir global debate over online encryption (Christian Science Monitor Passcode) Intelligence sources say Islamic State attackers may have planned the Paris terrorist attacks using easily available encrypted communication tools

Could The Paris Attacks Have Been Prevented If Officials Read Encrypted Communications? (Legaltech News) Many lawyers and policy analysts are cautious about giving the government broad authority to read encrypted communications. But law enforcement officers say access is vital

Opinion: Poisoning the Internet won't stop more Paris attacks (Christian Science Monitor Passcode) While it's more expedient to advocate for backdoors into secure communications and online surveillance to spot terrorists, the real answer may be investing in more old fashioned police work

The danger of 'exceptional access' (CNN) In the wake of the horrific attacks in Paris on Friday, there have been renewed calls to find some way to allow the government to read encrypted communications

New York prosecutor seeks U.S. law to weaken smartphone encryption (Reuters) Manhattan District Attorney Cyrus Vance Jr. on Wednesday called for federal legislation requiring tech companies such as Google and Apple to design smartphone operating systems so law enforcement can unlock data stored on them

'Difficult conversation' on encryption needed in wake of Paris attack, says Hurd (FierceGovernmentIT) Security is one of the most critical hurdles for federal chief information officers who have yet to fully commit to the cloud, said Rep. Will Hurd (R-Texas)

DoD's buildings are vulnerable to cyber attacks (Federal News Radio) The Defense Department is lacking strategy, funding and skilled labor to protect its buildings and building systems from cyber attacks

Litigation, Investigation, and Law Enforcement

U.S. Investigators Struggle to Track Homegrown ISIS Suspects (New York Times) At least three dozen people in the United States suspected of ties to the Islamic State were under heavy electronic or physical surveillance even before the Paris attacks, senior American officials say

Canada quietly ramped up security: Expert (Ottawa Sun) A noted terrorism expert believes domestic security forces have quietly ramped up their efforts in the wake of the Paris attacks, despite terrorists making no specific threat against Canada

EFF seizes deceptive website used for high-level phishing attacks (SC Magazine) Electronic Frontier Foundation wins control of fake .org website which may have been under the control of the Russian APT28 group

University Responds to Accusations of FBI Funding for Tor Hack (SecurityWeek) Carnegie Mellon University released a statement on Wednesday in response to recent allegations that the organization was paid by the FBI for help in unmasking individuals suspected of using the Tor anonymity network for illegal activities

Is the FBI Using Zero-Days in Criminal Investigations? (Just Security) We have known for a while now that the FBI uses hacking techniques to conduct remote computer searches in criminal investigations — particularly those that involve the dark web

Shareholder Cybersecurity Lawsuits Expected to Increase in 2016 (Legaltech News) Almost 90 percent of 276 board members think companies should be held liable for security breaches in the event reasonable care is not taken to protect customer data

Education Department CIO says FITARA Scorecard is bogus (FierceGovernmentIT) The Education and Energy departments were ranked the worst among federal agencies for their failure to execute the Federal Information Technology Acquisition Reform Act, or FITARA, in a scorecard issued by lawmakers earlier this month

Connolly, Chaffetz can't have it both ways on FITARA Scorecard (FierceGovernmentIT) Compliance and implementation are difficult things to measure in the world of federal information technology, so the government relies on inspectors general, the Government Accountability Office, Congress and others to ensure agencies are minding their Ps and Qs

Plymouth boy, 15, charged over global cyber-attacks (BBC) A 15-year-old British boy has been charged over cyber-attacks on international websites and bomb hoaxes against US airlines, police have said

California woman pleads guilty over Michaels retailer cards theft (Business Insurance) A California woman pleaded guilty on Tuesday to participating in a conspiracy to steal 94,000 credit and debit card numbers from Michaels Cos. Inc. customers in a massive nationwide breach at the U.S. arts and crafts retailer

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Internet-of-Things World Forum 2015 (London, England, UK, Nov 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, Nov 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15 years. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders

CyberPoint 2nd Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Nov 19, 2015) CyberPoint International announces its 2nd Annual Women in Cyber Security Reception to be held on November 19, 2015. Bringing together women from across the region and all different points on the career spectrum, this event is a great opportunity to get together and share what we are all passionate about — empowering women to succeed in the cyber security field

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, Nov 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment. Whether you are a penetration tester, a forensics specialist, or defender, the techniques covered at the Hackfest represent the latest and most powerful attacks every organization needs to thwart

Energy Tech 2015 (Cleveland, Ohio, USA, Nov 30 - Dec 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its strong systems and technology focus, this year's theme, "Securing Our Energy Future" will address broad policy issues and big picture topics related to Energy and Critical Infrastructure. Experts from Industry, Academia, and Government present a wide range of perspectives on these challenges

cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, Dec 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices like the Nest Thermostat. While those are worthwhile markets, the majority of the money will be involved with machine-to-machine communications in the Industrial Internet of Things (IIoT). What is the nature of the IIoT? How is it different from the consumer IoT? And, what makes it such a big target? In this session, Mike Anderson of The PTR Group will discuss the flow of data from the edge devices to the cloud and why the big industry players like Intel, IBM and others are so interested in this market

IoT Security Foundation Conference (London, England, UK, Dec 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of talks as we move from illustrating problems to exploring solutions

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, Dec 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government and industry leaders across Defense, Intelligence, Federal, Civilian, State and Local Government, Industry and the broader Cybersecurity Community

Enterprise Security and Risk Management (London, England, UK, Dec 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most pressing security risks of tomorrow. The event offers unrivalled networking opportunities and insights on how to design, implement and embed

Cargo Logistics America (San Diego, California, USA, Dec 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference will have a heavy cyber security component

NG Security Summit US (Austin, Texas, USA, Dec 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network and learn from industry peers through essential business conversation. Working in partnership with our network of senior executives we identify the key industry themes. These form the foundation of our summit and permeate every layer of the content-rich program. These three core themes represent the business critical challenges driving your conversations at the summit: (1) Governance, Risk and Compliance, (2) Processes and Technology, and (3) Identity and Access Management

Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, Dec 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, Dec 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches

Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, Dec 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address

2015 Cyber Security Exchange (Orlando, Florida, USA, Dec 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more

Disrupt London 2015 (London, England, UK, Dec 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt? We start each day with panels and one-on-one discussions featuring TechCrunch writers and editors, special guest speakers, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. Each afternoon, we host the Startup Battlefield competition which culminates in six finalists taking the stage at the end of the event for a shot at winning the Disrupt Cup

Passwords 2015 (University of Cambridge, England, UK, Dec 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations

ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, Dec 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era

NSA RCTCON (Fort Meade, Maryland, USA, Dec 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

cyberSecure (New York, New York, USA, Dec 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track