The CyberWire Daily Briefing 01.25.16
Palo Alto Networks releases results of a long-running study of cyber reconnaissance against Tibetan and Uyghur dissident groups in China. Palo Alto calls the threat group involved "Scarlet Mimic" and offers no further attribution, but other observers think the target sets fits the interests of Chinese security services.
The US is reported to be actively targeting ISIS cyber operators with airstrikes. ISIS cyber operations continue to concentrate on inspiration, a fresh and lurid instance of which appeared over the weekend in the form of a 17-minute clip of the Paris terrorists engaged in pre-attack training and local atrocities in Syria.
Anonymous remains quiet on the anti-ISIS front, but elements of the collective hit the website of Japan's Narita International Airport to protest whaling.
Azerbaijani hackers make their expected riposte to Armenia cyber-rioters, defacing Armenian diplomatic websites with images Hack Read describes as "displaying Azerbaijan's military power."
Irish government websites sustain a distributed denial-of-service campaign.
Fortinet discovers an SSH backdoor affects its FortiSwitch, FortiAnalyzer and FortiCache products as well as FortGuard.
Business Insurance describes the "patchwork" quality of conventional cyber insurance coverage. Willis Towers Watson Wire lays out what policies cover and what they don't. Business Insurance announces its innovation awards. One goes to PivotPoint Risk Analytics for its estimation and quantification of cyber value-at-risk.
Litigation also contributes to development of standards of care. One closely watched case is Affinity Gaming's suit against Trustwave, likely to prove "disruptive."
The US and the EU are in final stages of Safe Harbor renegotiation.
Notes.
Today's issue includes events affecting Armenia, Australia, Azerbaijan, China, Czech Republic, European Union, Hungary, India, Indonesia, Iraq, Ireland, Israel, Italy, Japan, Malaysia, Pakistan, Syria, Turkey, United Arab Emirates, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Single group of hackers targets Uyghur, Tibetan activists (IDG via CSO) The information sought would be of most interest to a nation-state, Palo Alto said in a new report
Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists (Palo Alto Networks) Over the past seven months, Unit 42 has been investigating a series of attacks we attribute to a group we have code named "Scarlet Mimic"
Cyber, real world converge as U.S. targets ISIS hackers with bombs (Defense Systems) The notion of the cyber domain crossing over into the physical world is increasingly becoming more prolific, most famously exemplified by the Stuxnet virus that damaged part of Iran's nuclear processing ability. But the potential threat posed by ISIS is bringing new meaning to the convergence of these two domains, as the military is using air strikes against members of the group associated with hacking
Isis video threatening UK claims to show Paris attackers in Syria and Iraq (Guardian) If confirmed, video containing beheadings and target practice and showing prime minister David Cameron would establish coordination with group
The Country Club Jihad: A Study of North American Radicalization (Small Wars Journal) Using the University of Maryland National Consortium for the Study of Terrorism and Responses to Terrorism (START) Profiles of Islamist Radicals in North America (PIRaNA) dataset, this research paper examines a curious dynamic among Muslims who radicalize to the point of violence in North America
Cyber attack: Federal health ministry website hacked (Dunya News) Hackers while commiting cyber crime, hacked the website of federal health ministry and left message regarding Charsadda massacre
Azerbaijani Hackers Deface NATO-Armenia, Embassy Websites in 40 Countries (Hack Read) Azerbaijani Hackers have hacked NATO-Armenia and embassy websites in 40 countries giving a powerful reply to the Armenian hackers
Anonymous Shut Down Japanese Airport Website Against Dolphin Slaughter (Hack Read) Anonymous hackers shut down Japan's Narita International Airport website against Dolphin slaughter
Government websites targeted and shut down in cyber attack (Irish Examiner) Government departments and agencies were targeted by a cyber attack which shut down websites and has forced officials to review the protection of their internet systems
Unknown attackers are infecting home routers via dating sites (Help Net Security) Damballa researchers have spotted an active campaign aimed at infecting as many home routers possible with a worm
"66% of Android devices" vulnerable to Linux zero-day bug … or not (Naked Security) Earlier this month, a small cybersecurity company made big news after it publicly disclosed a zero-day bug in the Linux kernel
FortiGuard SSH backdoor found in more Fortinet security appliances (IDG via Computerworld) FortiSwitch, FortiAnalyzer and FortiCache were also affected
Put a password on your webcam or end up featured on Shodan's vulnerable cam feed (Network World) The IoT search engine Shodan added a new section featuring screenshots of vulnerable cams which lack password authentication and stream video
Has your sleeping baby been indexed by this search engine? (Naked Security) If you're interested in internet insecurity, you've probably heard of Shodan
AMX Harman Disputes Deliberately Hiding Backdoor In Its Products (Dark Reading) Control systems for AV, lighting, and other equipment used widely by the White House, Fortune 100, government, and defense agencies likely affected
LeChiffre Ransomware Hits Three Indian Banks, Causes Millions in Damages (Softpedia) An unknown hacker has breached the computer systems of three banks and a pharmaceutical company and infected most of their computers with crypto-ransomware
State confirms 'cyber attack' similar to one at Flint hospital (Michigan Live) The State of Michigan has confirmed it also was the victim of a "cyber attack" last weekend
RSA Conference disables Twitter password-collecting form (Naked Security) No, RSA Conference 2016 was not snarfing up attendee Twitter passwords during conference registration process, it insisted on Friday, though it sure did look that way, as tweeted images such as this one show
'Experts' at cyber-security conference willingly gave away their Twitter passwords (Telegraph) Dozens of attendees at the RSA security conference entered plain-text Twitter passwords stored on the event's website
Railroad Association Denies Smart Train Cyber Vulnerabilities (Fortune) Railroad industry representatives are disputing a recent claim that its network security practices are inadequate
Technology Derailed (Boston Review) How for-profit industry is risking railway safety
Sainsbury's Bank web pages stuck on crappy 20th century crypto (Register) 'Someone there should be beaten to a pulp with a keyboard'
House of Cards star fears Sony hack repeat (SC Magazine) Having recently taken on the studio boss role at Relativity Studios, House of Cards star Kevin Spacey fears a hack similar to that of Sony Pictures will occur again
Bulletin (SB16-025) Vulnerability Summary for the Week of January 18, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Skype finally hides your IP address, to protect against vengeful gamers (We Live Security) Over five years ago, in November 2010, security researchers found a serious privacy vulnerability in Skype that could allow hackers to surreptitiously scoop up sensitive information about users, including victims' IP addresses and revealing their city-level location
Cyber Trends
Breaches will continue until morale improves (CSO) Sitting in my office this morning I find myself in a reflective mood
Organizations are spending ineffectively to prevent data breaches (Help Net Security) A new report by 451 Research, which polled 1,100 senior IT security executives at large enterprises worldwide, details rates of data breach and compliance failures, perceptions of threats to data, data security stances and IT security spending plans
Why porn is harmful to your mobile phone (EJInsight) Porn sites are the No. 1 security threat to your mobile phone, a study shows
One-third of Irish Data Protection Officials Admit Breach in Past Year (Legaltech News) The Irish Computer Society survey found 71 percent said the breaches were caused inadvertently by staff members
Marketplace
Cybersecurity Sector Will See Huge Growth in 2016 (The Street) Some big names, including Donald Trump and Ashley Madison, fell victim to cybercrime in 2015, along with hundreds of millions of individuals and organizations
Israeli firms have record year in cyber, raise $540 mln -report (Reuters) Jan 24 Israeli cyber security companies raised a record $540 million in 2015, up 20 percent from a year earlier, providing a boost to the country as it looks to solidify its place as a global leader in the field
The RSA keynotes: a cautionary tale (Engdget) This year's speakers aren't hackers, but they play them on TV
Conventional insurance cover for cyber risks a patchwork affair (Business Insurance) The coverage provided for cyber risks by conventional classes of insurance can be patchy, according to research carried out by the International Underwriting Association and law firm Norton Rose Fulbright L.L.P., both based in London
Guide to Network Security and Cyber Coverage (Willis Towers Watson Wire) For years, network security professionals have been saying "either you have been data breached or you just do not know that you have been data breached"
PwC strengthens cyber security practice (BBC) Business adviser PwC has strengthened its cyber security practice by buying an Edinburgh-based consultancy. PwC did not disclose how much it paid for Praxism, which specialises in identity and access management (IDaM)
Consolidation paces quickens in cyber defense market (Defense Systems) Aiming to augment its virtualized platform for cyber defense with what it calls an "intelligence-led approach" to cyber security, FireEye Inc. said this week is has completed its acquisition of privately-held iSight Partners, a leading provider of cyber threat intelligence
Jack Dorsey Confirms Departures Of Several Twitter Execs (TechCrunch) Twitter CEO Jack Dorsey has confirmed the departures of Twitter execs, who oversaw the product, engineering, media and HR teams
Confirmed: Twitter execs fly the coop (Seeking Alpha) In the wee hours of Sunday night, Twitter's (NYSE:TWTR) Chief Executive Jack Dorsey made it official: Several top-level executives are leaving
Avast: Inside The Brain Of An Antivirus Machine (Forbes) Avast Software is so named because, of course, the word means "stop hauling!" (so, stop malware) in the Olde English sailor parlance
CloudPassage carves out space in historic SoMa wine warehouse (SFGate) There's a demon present in a historic building South of Marke
Products, Services, and Solutions
Emsisoft Emergency Kit 11: Free dual-engine cleanup — 100% portable! (Emsisoft Blog) We're proud to present Emsisoft Emergency Kit 11, the ultimate malware cleaning toolkit. Now with native 64 bit support, it's still free of charge for private use, and the tool of choice for obtaining a second opinion about any potential infections of your computer
Kaspersky Lab and WISeKey launch a secure mobile app (IT Pro Portal) Kaspersky Lab and WISeKey have announced a new app, during the World Economic Forum in Davos, which will keep people's data safe from cybercriminals and other intruders
New tool from Cloudmark is designed to defend against spear phishing (Network World) The nature of how cyber attacks start is changing. Today's malicious actors are not merely opportunistic, they know what information they want and who to target to get at it
Technologies, Techniques, and Standards
Industrial Control Systems Under Attack (Automation World) A new ICS-CERT report outlines seven strategies to keep cyber intruders away from critical infrastructure
Tyrie calls on banks to improve their IT controls (Financial Times) Andrew Tyrie has demanded action on the state of banks' IT systems, calling for regulators to look for ways to improve security and resilience following a string of system failures
DISA test-driving smartphone encryption (C4ISR & Networks) Top leaders at the Defense Information Systems Agency know they're chasing a moving target: Mobile technology is moving quickly, and constant connectivity is expected by any young recruit and most people today
Ignore the world's worst passwords, look at how they're created instead (CSO) SplashData's worst passwords list is irrelevant for the most part; the real lesson is what makes the passwords so bad in the first place
Assessing Remote Certificates with Powershell (Internet Storm Center) Building on our last conversation about HTTPS and Powershell, let's look at another common thing you'd do with HTTPS in a system administrator, or in a security assessment or penetration test — let's assess the HTTPS certificates themselves
4 essentials to creating a world-class threat intelligence program (Tech Republic) Threat intelligence is vital to assessing your company's risk. A former Secret Service agent reveals the requirements of a successful threat intelligence program
Will Information Sharing Improve Cybersecurity? (Cipher Brief) One of the key lessons of 2015 was that cybersecurity is more important than ever — a lesson that Sony and the Office of Personnel Management learned the hard way
Trying to stay out of trouble online? Trouble may still find you. (Team Cymru) There are many myths on the subject of staying safe online, for example
Plug in, unplug, and shake: a "magical" combination! (Anti-Virus4U) What would you name as the worst kind of computer threats?
Design and Innovation
Business Insurance reveals 2016 Innovation Awards winners (Business Insurance) Business Insurance on Friday announced 10 winners of the 2016 Innovation Awards, the publication's recognition program for products and services designed for use by professional risk managers
Research and Development
DARPA awards obfuscation contract (C4ISR & Networks) DARPA has awarded a $3.7 million contract to Vencore Labs to keep hostile powers from reverse engineering captured software
Academia
New Advanced Degree in Information Security Operations Offers Tuition Discount For Feds (GovExec) Federal employees now can pursue a master?s degree in information security operations at discounted tuition rates through a new online offering from Champlain College
Army Training Aims at Cybersecurity (Military Spot) In a continuing effort to better train U.S. Army engineers in all things cyber, the Army is offering a graduate-level certificate in the Fundamentals of Cybersecurity starting Feb. 10
Legislation, Policy, and Regulation
Malaysian PM Defends Strict Security Laws to Fight Terrorism (ABC News) Malaysia's leader on Monday defended the country's strict security laws, saying they are needed to fight terrorism as the Islamic State group warned of revenge over a crackdown on its members
Vice President Biden criticizes crackdown on dissent in Turkey (Washington Post) Vice President Biden urged "a change of attitude" by the Turkish government toward its domestic critics Friday, saying that the media and all others here must be free to "challenge orthodoxy," including political and religious beliefs, if Turkey is to thrive
US-EU Safe Harbor Data-Transfer Talks Enter Final Week (TechCrunch) As negotiations on a key transatlantic data-transfer agreement enter the final week, before the EU's end of January deadline, senior US and EU officials have been discussing the state of play at the Safe Harbor talks table
Study of EU's cybersecurity approach highlights need for sharing (FierceGovernmentIT) The increase in cyberthreats means the public and private sectors of European Union member states need to collaborate, but only a fraction of them have set up partnerships, working groups or forums, a new report found
What's Known About China's Shadowy New 'Combat' Force (Defense One) On the last day of 2015, China overhauled the way its military was structured, creating a new force that's received very little attention in the foreign press
Loretta Lynch: US Is Not Seeking Backdoor Access To Encrypted Communication But Wants Silicon Valley's Help (International Business Times) Top U.S. government and law enforcement officials are not trying to secure unfettered access to WhatsApp, Apple iMessage or any other major encrypted communication service, U.S. Attorney General Loretta Lynch said Friday. Lynch, speaking at the World Economic Forum in Davos, Switzerland, also said Silicon Valley is cooperating with the government in the privacy vs. surveillance debate, though she admitted both sides are "struggling with the issue"
NSA Takes Pro-Encryption Stance: Can It Spy On Your Encrypted Data? (TechTimes) The National Security Agency (NSA) is easing its stance on encrypted data. The agency's director Mike Rogers shared his thoughts on the ongoing debate surrounding encryption and revealed that the NSA is now in favor of encrypted data
ODNI Releases 2016 Signals Intelligence Reform Progress Report (IC on the Record) The Office of the Director of National Intelligence released today the 2016 Progress Report on Changes to Signals Intelligence Activities. The report acknowledges the second anniversary of Presidential Policy Directive 28 on Signals Intelligence Activities
Declassified documents reveal scope of Defense Department's cyber strategy (Christian Science Monitor Passcode) The Pentagon has declassified several confidential documents that reveal a lack of authority in Cyber Command that experts say may hamper the nascent cyber force
Pentagon to take over control of background investigation information (Washington Post) The Defense Department will take over responsibility for storing sensitive information on millions of federal employees and others from the Office of Personnel Management and the government will create a new entity to oversee background investigations, Obama administration officials announced Friday
DHS defends biometrics effort as Congress calls for action (FierceGovernmentIT) A day after a Homeland Security Department report showed that most U.S. visitors do not overstay their visas, a Senate subcommittee said a biometric exit system is crucial
Power Wars: How Obama justified, expanded Bush-era surveillance (Ars Technica) Review: Veteran national security reporter has inside scoop on Obama White House
5 Things Congress Should Learn From New State Privacy Bills (Wired) When Congress feels the need to compromise Americans' privacy in the name of security — as in the case of the Patriot Act in 2001 or the Cybersecurity Information Sharing Act last month — it moves remarkably fast
Litigation, Investigation, and Law Enforcement
Cybersecurity Services Lawsuit Introduces New Liability Exposure for IT Firms (Legaltech News) Regardless of the outcome of the case, it's a wakeup call to service providers to ensure they can effectively deliver the services they promise
Hungarian government guilty of snooping on its citizens (SC Magazine) The European Court of Human Rights has found the Hungarian government guilty of violating article eight of the European Convention of Human rights: the right to privacy
FBI ran website sharing thousands of child porn images (USA Today) For nearly two weeks last year, the FBI operated what it described as one of the Internet's largest child pornography websites, allowing users to download thousands of illicit images and videos from a government site in the Washington suburbs
Cyber recommendations neglected at FBI, says report (FierceGovernmentIT) A handful of recommendations the Justice Department Inspector General offered to bolster cybersecurity at the FBI remained open about two months following a report on the FBI's Next Generation Cyber Initiative
Hillary's team copied intel off top-secret server to email (New York Post) The FBI is investigating whether members of Hillary Clinton's inner circle "cut and pasted" material from the government's classified network so that it could be sent to her private e-mail address, former State Department security officials say
Man held for hacking social media account (The National) Police arrested a man who allegedly hacked a girl's social media account, stole her photos and videos and used them for blackmail
Man accused of mocking the UAE and its martyrs online (The National) A man is on trial at the Federal Supreme Court for a poem he allegedly posted online that ridiculed the UAE and its martyrs
Italian police shut down fake Prada website (Reuters) Italian police said on Friday they had shut down a website selling fake products carrying the high-fashion Prada label
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
Upcoming Events
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
CyberTech 2016 (Tel Aviv, Israel, Jan 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction
Global Cybersecurity Innovation Summit (London, England, UK, Jan 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. Our objective is to advance innovation and the growth of the cybersecurity sector by providing a platform for cybersecurity businesses, particularly small and medium enterprises (SMEs), to connect with key UK, US, and international decision makers, system integrators, investors, government policy makers, academia and other influential business executives
Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, Jan 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products and services to IT, Communications, Cyber and Intelligence personnel
ESA 2016 Leadership Summit (Chandler, Arizona, USA, Jan 31 - Feb 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow
SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks
BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, Feb 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, Feb 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies, and anyone who assists organizations in preparing for and responding to cyber incidents should attend. Attendees will gain a comprehensive understanding of the legal and policy issues that they need to know when they represent clients, develop their organization's cyber strategy and policies, or respond to cyber incidents
National Cybersecurity Center of Excellence to Celebrate Opening of Newly Remodeled Facility (Rockville, Maryland, USA, Feb 8, 2016) The National Cybersecurity Center of Excellence is celebrating its dedication on February 8, 2016 at the center's newly remodeled facility at 9700 Great Seneca Highway
Insider Threat Program Development Training — California (Carlsbad, California, USA, Feb 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
Secure Rail (Orlando, Florida, USA, Feb 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas (Dallas, Texas, USA, Feb 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace
Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance
ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities
Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment
CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting
cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced
Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format
CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016