The CyberWire Daily Briefing 03.17.15
news from SINET ITSEF 2015
SINET's annual IT Security Enterprise Forum (ITSEF) begins this afternoon. The CyberWire will be live-tweeting from the workshops and general sessions today and tomorrow.
Recent ISIS-sympathizing hacks of North American government and business sites indeed prove to be low-skilled skidwork, but that really doesn't matter, Credit Union Times argues: the targets' defenses were low-skill, too. The defacements have been, functionally, information operations, whether centrally directed or not. Social media, of course, remain the principal platforms for ISIS information operations: the US Director of Central Intelligence laments their potential to "amplify terrorism."
December's cyber attacks against a South Korean nuclear power operator bore the marks of anti-nuclear hacktivism, but Seoul says no, it's determined they were the work of North Korea. (Pyongyang of course denounces this conclusion as "nonsense," "provocation," etc.)
KrebsOnSecurity outlines the predictable criminal response to increased paycard security measures: evasion tools like AntiDetect.
Microsoft warns of an "improperly issued" certificate for Windows Live. The certificate authority has pulled it, and Microsoft has updated its Certificate Trust List accordingly.
Analysts look at the grey market for vulnerabilities, and the growing black market for "laundered" data, stolen data rinsed to appear legitimately acquired.
As Microsoft and others complete the good work of Superfish cleanup, a Carnegie-Mellon CERT researcher draws lessons about the risks of SSL inspection.
OpenSSL will be patched Thursday for an as yet undisclosed (but "severe") vulnerability.
In industry news, Raytheon is said to be in talks to acquire Websense. Seeking Alpha thinks Vasco acquisition bait.
Privacy advocates give the US Senate Intelligence Committee's positive vote on a cyber information sharing bill decidedly mixed reviews. Senators Carper and Burr defend the measure.
Today's issue includes events affecting Canada, China, India, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Syria, and United States.
Cyber Attacks, Threats, and Vulnerabilities
ISIS Hack Exposes Vulnerabilities (Credit Union Times) The sad truth about the recent, so-called ISIS hack on numerous North American websites, including one belonging to a Montana credit union, is that they shared nothing in common except for a preventable vulnerability
CIA chief: social media 'greatly amplifies' terrorism (Reuters via Stuff) Social media and other modern technologies are making it increasingly difficult to combat militants, the head of the CIA claims
South Korea blames North Korea for December hack on nuclear operator (Reuters) South Korea on Tuesday blamed North Korea for cyberattacks against the country's nuclear reactor operator last December, based upon investigations into Internet addresses used in the hacking, but Pyongyang denied any involvement
'AntiDetect' Helps Thieves Hide Digital Fingerprints (KrebsOnSecurity) As a greater number of banks in the United States shift to issuing more secure credit and debit cards with embedded chip technology, fraudsters are going to direct more of their attacks against online merchants. No surprise, then, that thieves increasingly are turning to an emerging set of software tools to help them evade fraud detection schemes employed by many e-commerce companies
Microsoft warns of fake SSL certificate for Windows Live (ComputerWeekly) Microsoft has warned that an SSL certificate for the domain live.fi has been "improperly issued" and could be used to spoof content and perform phishing attacks or man in the middle attacks
One BEEEEEELLION sensitive records went AWOL in 2014 (Register) Vulns also soar; IBM blames 'apathetic developers'
Researchers find same RSA encryption key used 28,000 times (IDG via CSO) Another look at the impact of the FREAK flaw has turned up some surprising findings
Hacker vows cyber attack for dismissal of charges against Detroit policeman who killed 7-year-old (MLive) Wayne County Circuit Court Judge Cynthia Gray Hathaway dismissed a manslaughter charge against Detroit Police Officer Joseph Weekley in October for lack of evidence
House education chair blames Florida testing delays on cyber attack only (PolitiFact Florida) On day 1 of the new computerized standardized tests in Florida, students and administrators across the state couldn't log on to the tests, forcing some districts to postpone the assessments
CTO Insights: Vulnerabilities for Sale (TrendLabs Security Intelligence Blog) 2014 showed that vulnerabilities could be found in all applications — both Heartbleed and Shellshock caught system administrators off-guard by revealing that open-source server applications could have severe vulnerabilities as well
Cybercriminals boost sales through 'data laundering' (ZDNet) A security expert has warned that stolen data is being sold back into legitimate commercial channels
Beware the 'visual hack' (CSO via CIO) The most common form of human hacking is social engineering. But that doesn't mean there is no danger from old-fashioned physical spying in your office
The Risks of SSL Inspection (Carnegie-Mellon CERT Blog) Recently, SuperFish and PrivDog have received some attention because of the risks that they both introduced to customers because of implementation flaws. Looking closer into these types of applications with my trusty CERT Tapioca VM at hand, I've come to realize a few things
Microsoft and friends get Lenovo's Superfish scourge under control (PCWorld) Microsoft says the Superfish adware that potentially exposed thousands of Lenovo PCs to man-in-the-middle attacks is well under control
Complex, Legacy Code Creates Security Headaches for Microsoft Users (Wall Street Journal) Some of the biggest hacking episodes of the last few years, from Target Corp. to Home Depot Inc., share a common thread. Microsoft Corp. platforms were involved at some level
What pokes holes in virtual environments? (Help Net Security) While most companies believe virtualization technology is a strategic priority, there are clear risks that need to be addressed. Ixia surveyed more than 430 targeted respondents in South and North America (50 percent), APAC (26 percent) and EMEA (24 percent)
Bulletin (SB15-075) Vulnerability Summary for the Week of March 9, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information
Security Patches, Mitigations, and Software Updates
OpenSSL mystery patches due for release Thursday (IDG via CSO) No details are available yet, but one flaw is of 'high' severity
Malware and DDoS Were the Most Common Attack Types in 2014: IBM (SecurityWeek) IBM today released the 2015 IBM X-Force Threat Intelligence Quarterly, a report that details the security incidents, financial malware trends, risky Android apps, and vulnerability disclosures seen in 2014
CISOs: Threat Intelligence, Big Data Analytics and Encryption are Key Technologies (Infosec Island) The 2015 Global Megatrends in Cybersecurity report — which surveyed 1,006 chief information officers, chief information security officers (CISOs) and senior IT leaders — reveals that threat intelligence-based solution will be among the key technologies employed in enterprise networks in the next three years
IoT security is still a pipe dream (Security Affairs) A research conducted by experts at Symantec highlights disturbing security failures in the IoT devices present in today connected home
Native Hadoop Security Tools Not Enough to Protect Sensitive Data in Big Data Environments, According to Protegrity Survey (MarketWired) Organizations plan to increase spending on Hadoop projects and have more production deployments than in 2014
Security Appliance Market Sees Double-Digit Shipment Growth and 8.6% Revenue Growth in the Fourth Quarter of 2014, According to IDC (Legit Reviews) According to the International Data Corporation (IDC) Worldwide Quarterly Security Appliance Tracker, both factory revenue and unit shipments continued to grow in the fourth quarter of 2014 (4Q14). Worldwide vendor revenue grew 8.6% year over year to $2.6 billion in the fourth quarter, the 21st consecutive quarter of revenue growth. Shipments grew nearly twice as fast as revenue at 16.7% year over year to 635,933 units, making 4Q14 the fourth consecutive quarter of shipment growth. For the full year 2014, revenue and shipments improved 8.4% and 8.3% respectively to $9.4 billion and 2.1 million units
Raytheon Said to Be in Talks to Acquire Vista-Owned Websense (Bloomberg) Raytheon Co. is in talks to acquire Websense Inc., the network-security company owned by private-equity firm Vista Equity Partners LLC, according to people familiar with the matter
8 Reasons Why Vasco Data Security Is A Prime Takeover Target (Seeking Alpha) Vasco Data was rumored to be a target of SYMC last week. Bain Capital paid $2.4 billion for Blue Coat the next day. Vasco's exposure to banks, its leading position in multi-factor authorization, and its cheap valuation are among the reasons it may be next
MSPBanter: Kaspersky Lab on Cybersecurity, Antivirus and More (MSPMentor) Kaspersky Lab looks to raise the cost of cyber attacks for cybercriminals
Chuck Harrington: Parsons' New Virginia-Based Cyber Center to Offer IT Risk Mgmt Services (ExecutiveBiz) Parsons unveiled Friday a new cyber hub in Virginia that is intended to support commercial and government customers who aim to secure their operating environments
Lockheed Adds Radware to Cybersecurity Alliance (ExecutiveBiz) Lockheed Martin has partnered with Radware to share cybersecurity best practices and collaborate on cyber-related pilot programs and experiments as part of the Lockheed Martin Cyber Security Alliance
Safe-T Data Named in CIOReview's 20 Most Promising Enterprise Security Companies (PRNewswire) Safe-T Data, the provider of secure data exchange broker solutions designed to securely bridge the gap between the enterprise and the cloud, announced today that CIOReview Magazine has named it among its "20 Most Promising Enterprise Security Companies"
IT security solutions provider Quick Heal appoints Meera Raman as marketing head (Techcircle) Quick Heal Technologies Pvt Ltd, an IT security software solutions provider, has appointed Meera Raman as its head of marketing. In her new role, Meera will oversee marketing for all geographies of the Quick Heal business network
Products, Services, and Solutions
DataPath Launches New Cyber Security Solutions Tailored to Unique Needs of Remote Communications Networks (BusinessWire) DataPath, Inc. a leading provider of remote communications solutions to the aerospace, broadcast, government and infrastructure markets announced today the launch of new Cyber Security Solutions. The offerings include a variety of information assurance service packages designed to protect the communications networks of operations in remote and harsh environments
Privacy Matters: NeoNova teams with Virtru to simplify email encryption for Google Apps (PRNewswire) NeoNova customers on Google Apps for Work now able to secure and protect emails sent from desktop and mobile
Check Point introduces Threat Extraction (IT Online) Check Point Software Technologies, the largest pure-play security vendor globally, has introduced Check Point Threat Extraction, a new security approach that proactively ensures documents are delivered to a network with zero malware in zero seconds
OPSWAT Brings Multi-Anti-Malware Scanning to Exchange Server (PRWeb) OPSWAT adds Mail Agent to their Anti-Malware Multi-Scanner Metascan to provide advanced threat protection for email-borne threats
Sumo Logic unveils outlier detection, predictive analytics to augment machine learning (Fierce Big Data) Sumo Logic, a machine data analytics service, unveiled outlier detection and predictive analytics capabilities to augment its machine learning and anomaly detection engine. Both are available to Sumo Logic Enterprise Edition users at no cost
Kaspersky Labs Launches Phound! For Android Devices To Offer Essential Mobile Security Features (Android Headlines) Mobile security continues to ramp up, and according to leading name in security software, Kaspersky Labs, during their Kaspersky Lab Consumer Security survey, on average nearly one in twenty people lost their mobile devices due to theft or carelessness
This Black Box Can Brute Force Crack iPhone PIN Passcodes (Intego Mac Security Blog) If you don't have time to read this whole blog post, do one thing for me okay?
Technologies, Techniques, and Standards
Breach Best Practices: It's Time for Incident Response to Grow Up (Forensic Magazine) Forrester's 2015 "Planning for Failure" shows that breaches are as unavoidable as bad weather, but hits a sour note when it characterizes enterprise organizations as unprepared
Can software-based POS encryption improve PCI compliance? (CSO) Some vendors are urging the PCI Council to consider approving software-based point-to-point encryption
Don't Be a Data Breach Victim: Appoint a CISO Before It's Too Late (Trend Micro: Simply Security) No one knows what the future holds, but it's a pretty safe bet to say 2014 will become known as the "Year of the Data Breach." Yet amid the finger pointing, the executive culls and inevitable media coverage, there's another interesting trend: several of the firms compromised by hackers didn't have a functioning chief information security officer (CISO) at the time
Cyber Security Risks in Supply Chain Management — Part 2 (Infosec Institute) In Part 1 of this article series, I discussed various risks involved in supply chain management with the latest example of a malicious adware named "Superfish" installed by default in Lenovo notebooks. In this part, we will learn how we can control all the inherent cyber risks in supply chain management with the proper strategy
Design and Innovation
'Satoshi Was Not a Cryptographer,' Says Gavin Andresen (Cointelegraph) As a lead developer that has worked on Bitcoin for many years, Gavin Andresen has seen his share of mishaps and debates. In the early days of 2011, one faulty transaction created some billion bitcoins out of thin air — "which was bad," he said at DevCore Boston. The developer-minded talk dove into the early days of Bitcoin, including the thornier coding problems that they encountered. Andresen also shared some opinions about Bitcoin's mysterious creator Satoshi Nakamoto
Yahoo's simple — but not necessarily secure — new way to log in (Graham Cluley) Do you find it difficult to remember your Yahoo password?
Cardless ATMs will improve security of cash withdrawal (Security Affairs) A unit of Canada's Bank of Montreal will launch on Monday its network of cardless ATMs, a technological innovation to improve users' security
Research and Development
MIT, Raytheon and others partner to combat cyber threats (Boston Business Journal) MIT and companies including Waltham-based defense contractor Raytheon have teamed up to launch a cybersecurity initiative aimed at combating cyber threats on a broad scale
Information security innovation and research (Help Net Security) Sin-Yaw Wang is the Vice President of Engineering at WatchGuard Technologies. In this interview he talks about the the main challenges for delivering innovative information security technologies as well as long-term investments in security R&D
Pentagon seeking ways to protect personal data online (USA TODAY) The Pentagon wants to protect Americans' private personal data while still making that data accessible to companies, health care providers and the government to analyze, according to a documents for a new program created by the Pentagon's high-tech research agency
CTU Named a Nat'l Center of Academic Excellence in Info Assurance, Cyber Defense (GovConExecutive) Colorado Technical University has received designation as a National Center of Academic Excellence in Information Assurance and Cyber Defense from the National Security Agency and Department of Homeland Security
Paladion Networks partners with M S Ramaiah University (Business Standard) Launches MTech programme in cyber security, information assurance
Monty Tech cyber team wins national competition (Fitchburg Sentinel and Enterprise) They left Fitchburg as Junior RTOC members and returned as national champions
Legislation, Policy, and Regulation
Is China the Biggest Thief in Cyberspace? (The Diplomat) According to some former U.S. officials, the answer is yes; however some experts harbor doubts
An Update on the White House's CTIIC Proposal (Lawfare) In the wake of the White House announcement that it is going to create the Cyber Threat Intelligence Integration Center (CTIIC), I wrote an essay for Lawfare regarding lessons for CTIIC that might be drawn from the experience of the National Counterterrorism Center (NCTC). After I wrote the essay — but before it appeared on Lawfare — the White House released a memorandum and Fact Sheet concerning CTIIC. I write now to explain how these documents impact my analysis
Senate intel committee's draft cybersecurity legislation gets panned by privacy, security coalition (FierceGovernmentIT) Several dozen advocacy groups, security experts and academics sent a letter March 2 to the Senate Select Committee on Intelligence, opposing the most recent version of a controversial bill that would encourage companies to voluntarily share information about cyberattacks with the federal government
Sen. Carper Statement on the Cybersecurity Information Sharing Act (CISA) (Senator Carper) Today, Sen. Tom Carper (D-Del.), Ranking Member of the Homeland Security and Governmental Affairs Committee, released a statement following the Senate Select Committee on Intelligence approval of the Cybersecurity Information Sharing Act (CISA). In February, Sen. Carper introduced the Cyber Threat Sharing Act of 2015, which would take critical steps to provide liability protections to increase the sharing of cyber threat data between private industry and the federal government
Cybersecurity Bill Passes Intel Committee 14-1 (Senator Burr) The Senate Select Committee on Intelligence (SSCI) today voted the bill, "Cybersecurity Information Sharing Act of 2015," through committee on a vote of 14 to 1. This original legislation, which is co-sponsored by SSCI Chairman Richard Burr (R-NC) and Vice Chairman Dianne Feinstein (D-CA), creates additional incentives to increase sharing of cybersecurity threat information while protecting individual privacy and civil liberties interests and offering liability protection to the private sector
The Military's Cybersecurity Budget in 4 Charts (Nextgov via Defense One) The White House is pitching $5.5 billion in cyber spending for FY 16. Here's what that money looks like
Zabel: CIOs need mission role to meet cyber challenge (C4ISR & Networks) In order to meet the challenges of cybersecurity, the Air Force and other military branches have to get their CIOs more involved in the mission, rather than just building and maintaining the underlying infrastructure, according to Brig. Gen. Sarah Zabel, director of cyberspace strategy and policy in the Air Force Office of Information Dominance and CIO
The FBI’s Big Plan To Expand Its Hacking Powers (National Journal via Defense One) Technology giant Google has warned that a rule change represents a 'monumental' constitutional concern
Commerce task force seeks to start discussion on cybersecurity issues with many stakeholders (FierceGovernmentIT) A Commerce Department task force is seeking public comment on potential cybersecurity topics from botnets to the Internet of Things that could be addressed by a broad range of participants in an open process to build consensus
Litigation, Investigation, and Law Enforcement
IG takes issue with State Department email records management (FierceGovernmentIT) According to State Department policy, any email that includes information about the organization, functions, policies, decisions, procedures or operations should be preserved as an "email record," but employees at the department overwhelmingly lack the guidance and training to properly preserve email records. Oversight, not a lack of tools, is the primary culprit, finds the State Department Inspector General
Cyber attack at NRC kept secret from other departments (Ottawa Citizen) Federal cyber security officials kept a tight lid on who was aware of a serious cyber attack at the National Research Council last year, a move one security officer suggested may have robbed other departments of a fighting chance to protect their systems as well
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions on the threat horizon, and planned security strategy going forward
Decepticon 2015 (Cambridge, England, UK, Aug 24 - 26, 2015) Decepticon brings together researchers and practitioners in the detection and prevention of deception. Previously, deception research has been fragmented across conferences in many different disciplines, sub-disciplines and countries. To cover the great diversity of approaches to deception research, our scientific committee has members covering several domains
Insider Threat 2015 Summit (Monterey, California, USA, Mar 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure and overall operations. Our two-day summit will provide insights on the most unique and thought provoking active defenses currently available for physical and personnel security, as well as, cyber threats. By supplying intelligent focus through tailored solutions our presenters and sponsors will be contributing to a forum to discuss ways to mitigate the risk of insider threats. This event allows for a truly unique opportunity to hear from experts in the field talk about their current and future solutions, giving way to an optimal setting for networking
2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, Mar 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges in cyber security. The vast scope of modern cyber threats calls for active participation from individuals and organizations across the state
IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge
Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, Mar 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynote speakers will be Larry Ponemon (of the Ponemon Institute) and Christopher Pierson (General Counsel & Chief Security Officer, Viewpost)
2015 Cyber Security Summit (McLean, Virginia, USA, Mar 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China for exploitation and theft. This results in huge losses of valuable trade secrets and sensitive customer information. This rampant industrial espionage costs American jobs." Join us for our annual Cyber Summit where thought-leaders from across the public and private sectors who have real-world experience effectively managing large scale policies and programs will provide information and updates to the POC attendees
B-Sides Salt Lake City (Salt Lake City, Utah, USA, Mar 20 - 21, 2015) B-Sides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation
CarolinaCon-11 (Raleigh, North Carolina, USA, Mar 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal
Cyber Security Conference 2015 (Bolton, UK, Mar 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North West Cyber Security Conference. From large corporations to micro businesses the importance of protecting personal and commercial information has become much more important with the introduction of the smart phone and other portable device's. When it comes to Information Security Systems small businesses and large corporations believe they are doing all they need to secure themselves and their clients
Fraud Summit Altanta (Atlanta, Georgia, USA, Mar 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include presentations on the insider cyber threat, threat intelligence, fraud-as-a-service, POS security, fraud detection through big data, and mobile banking fraud
CyberTech Israel 2015 (Tel Aviv, Israel, Mar 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US
Global APT Defense Summit (Atlanta, Georgia, USA, Mar 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection, security analytics to how an appropriate, measured response capability can be established. Each of these defense phases are described in lock step with those of the attack. We will also provide detailed examples of the "Fail Chain," where we dissect a number of high-profile breaches and show where the opportunities to defeat them were missed. The market is currently awash with fragmented and contradictory messaging. This unique, intense day of sequential attack- and defend-based sessions will clarify both the problem and describe the end-to-end solution, delivering an actionable framework for attendees to integrate into their existing security strategies
2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges
28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, Mar 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals
Conference on Cyber Defence in Europe (Berlin, Germany, Mar 25 - 26, 2015) The conference aims to address these and other issues of cyber defense in a broad audience of policy-makers, senior officials and experts from EU institutions and Member States, representatives of industry and academia. Thus the conference aims at discussing EU cyber defence matters among an audience of approximately one hundred policy-makers, senior officials from EU entities and from EU Member States as well as other interested officials in four panels: Implications of the EU's Cyber Defence Policy Framework; the EU's Mutual Defence and Solidarity Clause in the Cyber Context; Cyber Defence in EU Military Operations; and Civil-Military Cooperation in Cyber Defence
CYBERWEST (Phoenix, Arizona, USA, Mar 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic, legal, regulatory and insurance impacts. Discuss cybersecurity issues and to focus on applied cybersecurity (i.e. implementing the NIST framework, R&D, legal and regulatory perspectives, state and local approaches). Present content that attendees can take back and use in their organizations
Fraud Summit Dubai (Dubai, United Arab Emirates, Mar 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include the threat of insider fraud, ATM security, mobile banking risks and their mitigation, the role of law enforcement agencies, digital forensics, and threat information exchange for actionable intelligence
Women in Cyber Security (Atlanta, Georgia, USA, Mar 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option
Automotive Cyber Security Summit (Detroit, Michigan, USA, Mar 30 - Apr 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions
Insider Threat Symposium & Expo (Laurel, Maryland, USA, Mar 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation
Kansas City Secure World (Kansas City, Missouri, USA, Apr 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. James Beeson (CISO, GE Capital Americas) will deliver the keynote
Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, Apr 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners and stakeholders in support of mission of execution. This event will be Coast Guard Intelligence's most significant and inclusive outreach event of the year.
Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, Apr 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks appropriate for evolving cyber threats. The Mission is to enable the safe use of sensitive and privacy data while servicing the healthcare needs of the nation. The format for this event will include briefings from government and industry. Our featured speaker is from the Interagency OPSEC Support Staff and will present on "TRASHINT: Dumpster Diving", a very popular topic which teaches attendees how one person's trash can be another person's treasure
10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, Apr 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are able to properly balance the risks and rewards, understand and communicate threats to security and privacy, and rapidly adapt any resulting approach to a changing adversarial environment. The 10th Annual Cyber and Information Security Research Conference at Oak Ridge National Laboratory in Oak Ridge, Tennessee will bring together cyber security researchers, program managers, decision makers, security vendors, and practitioners to discuss many challenging tasks and novel solutions pertaining to cyber security
Cyber Threats Masterclass (Turin, Italy, Apr 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge of specific issues such as cyber crimes and crimes against the environment. The courses are tailored to journalists and chief information officers, as well as those who want to specialize in this area, offering a unique opportunity to network with renowned international experts
InfoSec Southwest 2015 (Austin, Texas, USA, Apr 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter, InfoSec Southwest is intended to both provide a comprehensive and valuable forum to all participants as well as fill a gap for our local attendees left by the other few conferences held here in Texas which are all focused on a narrower scope of subject matter or a narrower slice of audience demographic
NIST IT Security Day (Gaithersburg, Maryland, USA, Apr 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.
Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, Apr 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored cyber-attacks and SCADA Security Assessment
Cyber Security Summit: Financial Services (Prague, Czech Republic, Apr 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them
INTERPOL World 2015 (Singapore, Apr 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions
Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, Apr 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current state of various information security topics. The cost is $150 per person, including breakfast and lunch; pre-registration is required in order to get onto the NIST campus
Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, Apr 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"
RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference (Canberra, Australia, Apr 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend
Security Forum 2015 (Hagenberg im Mühlkreis, Austria, Apr 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan