The CyberWire Daily Briefing 02.01.16

Cyber Attacks, Threats, and Vulnerabilities

ISIS threatens feds, military after theft of personal data (Washington Post) The federal workforce, already shaken by a massive cybertheft of personal data, now confronts another reality — ISIS has some of that same information

Hackers post private files of America's biggest police union (Guardian) Names and addresses of officers, forum posts critical of Barack Obama, and controversial contracts were posted online in the Fraternal Order of Police hack

Israeli Electricity Authority was hit by ransomware, power grid not affected (SC Magazine) Yuval Steinitz, Israel's energy minister reported Israel's Electricity Authority, the regulator of the actual Israeli power company, was hit by a 'severe' cyber-attack. The power grid itself not affected in any way

Armenian Hackers DDoS Azerbaijani Government Portals, Leak A Trove of Data (Hack Read) The cyber war between Armenians and Azerbaijani hackers seems never ending — Like this recent cyber attack in which the Armenian hackers from The Monte Melkonian Cyber Army (MMCA) hacked Azerbaijani government portals and stole sensitive data

The secrets of malware success in the Google Play Store (Naked Security) Regular readers of Naked Security will know that when it comes to Android malware, we have three primary tips

60+ Trojanized Android games lurking on Google Play (Help Net Security) Dr. Web researchers have discovered over 60 Trojanized game apps being offered on Google Play through more than 30 different game developer accounts

Elaborate iCloud Phish Used To Activate Stolen iPhones (Malwarbytes Unpacked) Update: Shortly after publishing this blog, we noticed that Safari was now showing the site as a phish

Britain's HSBC back online after cyber attack (Star Online) British bank HSBC said Jan 30 that its Internet and mobile banking services were fully up and running again after it was hit by a cyber-attack

HSBC online services hit by cyber attack (BBR) British banking and financial services company HSBC has been reportedly hit by a cyber attack that made online banking unavailable to its customers

Reactions to the HSBC DDoS attack (Help Net Security) Last week HSBC's online banking website was taken down by a DDoS attack, leaving thousands of customers unable to access its services

UK Sites Pummelled by DDoS Storm in Q4 (Infosecurity Magazine) UK websites suffered a sharp increase in DDoS attacks of over 20% quarter-on-quarter to become the second most targeted country in the world after the US, according to the latest stats from Imperva

Why Dark DDoS Cyber Security Threat Will Grow in 2016 (Hack Read) The Dark DDoS threat will not only increase in 2016 but it will also let the cyber criminals earn money in the shape of ransom

Linux-Based Botnets Accounted for More than Half of DDoS Attacks in Q4 2015 (Softpedia) The number of Linux DDoSing bots surpasses Windows for the first time ever, thanks to IoT devices and SOHO routers

Forget power stations — worry about toasters, cyber experts say (Bloomberg via Chicago Tribune) Hijacking "smart" toasters and refrigerators and hacking corporate ventilation systems are among the new threats envisioned by cybersecurity experts as an increasing array of items are connected to the Internet

Industrial control systems a growing target for cyber attack (ComputerWeekly) Attackers with increasing capabilities have strong financial motivation to go after critical infrastructure and manufacturing firms, says security industry expert

Outsourced tools have become a primary weapon in a lot of security based attacks: Michael Afergan, Akamai Technologies (DataQuest) Dataquest interacted with Michael Afergan, Senior Vice President and General Manager, Web Experience Division, Akamai Technologies on threat intelligence sharing and how it can help organizations

Compromised enterprise networks fuel 236 percent increase in viruses and worms (Help Net Security) Solutionary performed a broad analysis of the threat landscape, which uncovered several key findings

List of data breaches and cyber attacks in January — 57,740,000 records stolen (IT Governance) It's back! The list, which I'm never pleased to publish, is back for 2016, and while I'd love us to look back on January with a smile, it's rather difficult (in relation to data breaches, that is). I?ve estimated that the minimum number of data records stolen is 57,747,230

Report: Cyber, EW a threat to US military's space assets (FierceGovernmentIT) While the U.S. military relies heavily on space assets for its communications, positioning, reconnaissance and other functions, many view the U.S. space architecture as a point of weakness, said a new report from a Washington, D.C.-based think tank

'No data stolen' in Lincs council cyber attack (ITV) Lincolnshire County Council have confirmed that most of their systems should be back up and running by tomorrow, following a cyber attack which hit them last week

Lincolnshire County Council 'will not pay cyber ransom' (BBC) A council whose computer systems were closed down by a cyber attack has said it will not be paying out a ransom

How cyber thieves trade your birthday for profit in a part of the Internet you can’t find (Bangor Daily News) Our data are a valuable commodity that cyber thieves trade in the back rooms of the Internet — far beyond the reach of Google and other common search engines

Security Patches, Mitigations, and Software Updates

Enhanced Mitigation Experience Toolkit (EMET) 5.5 is now available for download (TWCN) Microsoft's Security tool, Enhanced Mitigation Experience Toolkit (EMET) 5.5 is now available for download. The tool until now has been running in Beta phase which Microsoft has made available since December 19th 2015. However, this 29th January, Microsoft officially unveiled the version 5.5 with new updates and functionality

Login form on your non-HTTPS webpage? Firefox will display a warning (Graham Cluley) Do you run a website that asks your users to login to their account? If so, do you request those login credentials over HTTP rather than HTTPS?

Cyber Trends

PwC Survey: 91% of Enterprises Adopt Cyber Frameworks to Detect Network Vulnerabilities (ExecutiveBiz) A new PwC survey says 91 percent of business organizations have implemented the National Institute of Standards and Technology?s Cybersecurity Framework and other risk-based security guidelines in an effort to detect and mitigate cyber threats

The Global State of Information Security® Survey 2016: Key themes (PWC) By now, the numbers have become numbing. Cybersecurity incidents are daily news, with reports of escalating impacts and costs that are sometimes measured in the billions. Take a look beyond the headlines, however, and you?ll find new reasons for optimism

Survey: Consumers reject companies that don't protect privacy (Christian Science Monitor Passcode) At Thursday's Data Privacy Day event in Washington, Passcode joined privacy and security experts to explore US consumers' evolving attitudes about digital privacy

Marketplace

Norse Corp disappears shortly [after] CEO is asked to step down (CSO) Ex-staffers and background investigation paint a dark picture for the media darling of the threat intelligence space

Sources: Security Firm Norse Corp. Imploding (KrebsOnSecurity) Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff

Is Norse Corp Dead or Just Temporarily Titsup? (Register) 'Imploding' says Brian Krebs

Sources: Security Firm Norse Corp. Imploding — Krebs on Security (Panda Whale) I've read this story so many times today, I've almost got it memorized. So many things are wrong, I barely know where to begin

No, Norse is Not a Bellwether of the Threat Intel Industry but Does Hold Lessons Learned (Robert M. Lee) Brian Krebs published an outstanding report today titled "Sources: Security Firm Norse Corp. Imploding" which has led to the emergence of a number of blogs and social media rumblings about what this means for the cyber threat intelligence community

JPMorgan Chase Atty: Bank Will Spend $500M on Cyber Security (Bloomberg BNA) It turns that even the largest organizations harbor reservations about the strength of their cyber defense

Managed Security Service Provider Mobile Apps Boon? (Channel Insider) The opportunity to deliver managed security services for mobile applications is emerging. While it's still early days, there's promise for the future

Palo Alto, CyberArk up big following Fortinet's earnings/guidance (Seeking Alpha) Palo Alto Networks (PANW +6.4%) and CyberArk (CYBR +7.4%) are posting big gains after security tech peer and Palo Alto rival Fortinet (up 6.6%) provided above-consensus 2016 sales guidance — Q4 sales were roughly in-line — and issued 2016 billings guidance (could be conservative, given Fortinet's history) that implies 23% Y/Y growth

Symantec closes Veritas sale, adds $2B to capital return program (Seeking Alpha) As expected, the sale of Symantec's (NASDAQ:SYMC) Veritas storage software unit to P-E firm Carlyle has closed today. The closing comes nine days after Symantec announced it had agreed to a deal revision that cuts its after-tax proceeds by $1B to $5.3B

Intel As A Premier Security Provider (Seeking Alpha) In a recent research report Forrester said that IoT security technologies are still in the creation phase

Israel's Cyber Sector Blooms in the Desert (AFP via SecurityWeek) A modern metropolis rising from Israel's Negev desert stands on the frontline of a global war against hacking and cyber crime, fulfilling an ambition of the country's founding father

Japan comes looking for Israeli cyber security startups (Geek Time) While Japan used to be hesitant to invest in conflict-ridden Israel, its substantial presence at CyberTech and support of Israeli startups in the last few years indicate a shifting of tides

Army Seeks Info on Consortium for Development of Vehicle Cyber Defense Tools (ExecuitveBiz) The U.S. Army Contracting Command has issued a request for information on a consortium with the capability to research and develop prototypes of cyber platforms designed to protect vehicles from cyber attacks

Employee Retention is Critical to Solving the Security Skills Shortage (Infosecurity Magazine) The skills shortage in IT security is a very real problem, even though companies have become more creative in how they attract talent

Help Wanted: 1,000 Cybersecurity Jobs At OPM, Post-Hack Hiring Approved By DHS (Forbes) There are one million cybersecurity job openings in 2016. Where are all of those jobs? This week we take a look at the cybersecurity job boom in the U.S. government sector

Damballa Appoints Dale Gonzalez as Chief Product Officer (BusinessWire) Veteran technology executive to lead product development for leading provider of network security monitoring solutions

Products, Services, and Solutions

DISA to Use OPSWAT Multi-Scanning Tool on DoD Network Security Architecture (ExecuitveBiz) The Defense Information Systems Agency has tasked OPSWAT to deploy the company?s Metascan multi-scanning tool in the Joint Regional Security Stack to bolster the security of Defense Department networks

Digging into the AirWatch and Intel collaboration (Brian Madden) Back in January, AirWatch announced that they are collaborating with Intel on security, and both companies became members of each other's security partner programs

Technologies, Techniques, and Standards

How local government can manage technology risk (GCN) Drawing from research and surveys of New Jersey local government technology practices and other government-related sources, the authors both inventory the common types of technology found in local government and outline the common categories of risk that come with them

Managing Technology Risks through Technological Proficiency: Guidance for Local Governments (Bloustein Local Government Research Center, Rutgers University) Only the smallest of organizations and an ever-shrinking number of individuals do not use contemporary digital technology in their daily activities. Today's technology permeates our personal and work environments

NSA Top Hacker: Here's How to Make My Life Hard (Fortune) When Rob Joyce, head of the National Security Agency's top hacking outfit, made an appearance at the brand new Usenix Enigma security conference in San Francisco this week, he didn't strike the casual onlooker as an alpha predator

The history of cyber attacks: From ancient to modern (Help Net Security) In the 1990s, your typical hacker's approach used to be "hit-and-run", and in many cases it was about fame and recognition

Security Training Lessons from Alexander the Great (ZeroFOX) Security training is important. I can?t think of a single person in our industry who would disagree. If you?re trying to address a recurring threat, shouldering the burden and relying on technology alone is a one-way ticket to breach-ville. But what exactly does security training look like? Is it a 30-page packet, phish testing, an annual module that every employee blows off as long as possible? Security training is hard

Basic error can reveal hidden dark web sites (Naked Security) Some dark web sites are unwittingly giving away their secret locations thanks to a basic configuration mistake that's been cropping up on regular websites for years

What is the Real Cost of "Good Enough" Security? (SecurityWeek) If you read my pieces regularly, you might have guessed that approaching security operations and incident response in a strategic, holistic, and analytical way is something I'm passionate about

New Ashley Madison User Map, Sad New Revelations (Forbes) An investigative reporter in Canada has mapped cell phone geolocation (GPS) data dumped in the Ashley Madison data hacks of last summer

Can you 'Spark Joy' with your security? (Naked Security) I like choice, in the same way that I like water. It's refreshing but I don't want to drown in it

Inside the Super Bowl cyber-ops headquarters (CNBC) At an undisclosed location in the San Francisco Bay Area, a team of public and private security experts is assembling a pop-up intelligence operations center for Super Bowl 50

Design and Innovation

Opinion: It's finally time to embrace Privacy by Design (Christian Science Monitor Passcode) On Data Privacy Day, it's sobering to remember how many people have been personally affected by devastating breaches. But many of those hacks could have been prevented if companies simply employed a more than 20-year-old principle known as Privacy by Design

DTCC's Palatnick on Blockchain: Too Many Groups Doing Their Own Thing, Not Working Together (Waters Technology) Rob Palatnick gives his thoughts on the DTCC's recently published white paper regarding the need for industry collaboration around blockchain

Research and Development

Harvard study refutes 'going dark' argument against encryption (CSO) Unencrypted data, which will be accessible to law enforcement, will continue to dominate the Internet

"Don't Panic:" Making Progress on the "Going Dark" Debate (Berkman Center for Internet and Society, Harvard University) This report from the Berkman Center's Berklett Cybersecurity Project offers a new perspective on the "going dark" debate from the discussion, debate, and analyses of an unprecedentedly diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community

Equation shows that large-scale conspiracies would quickly reveal themselves (Phys.org) If you're thinking of creating a massive conspiracy, you may be better scaling back your plans, according to an Oxford University researcher

Army cyber chief: Invest in Internet of Things research (FCW) Lt. Gen. Edward Cardon said the vast array of devices connected to the Internet are blurring the lines between vulnerabilities

Cyber Earns Its Sea Legs (SIGNAL) A NATO-based research center balances funding for competing needs

Legislation, Policy, and Regulation

Online Censorship Rears Its Ugly Head In Southeast Asia (TechCrunch) With a growing middle class rising up across its population of more than 600 million people, Southeast Asia is truly a growth market

How Great Britain Is Handing Its Post-Snowden "Intelligence Reform" (Overt Action) The very American origins of the Edward Snowden/NSA controversy often means the episode's impact outside the U.S. is often overlooked. Yet across Europe, "intelligence reform" is occurring, although the scope of those reforms is rather uneven. American observers should nonetheless monitor these debates more carefully, since tinkering with the global signals collection architecture could have real consequences for the U.S and its allies

Why China hacks the world (Christian Science Monitor) Can aggressive espionage fuel the innovation that Beijing needs to reinvent its global role?

Curing America's China Syndrome (Light Reading) I was at the CES show in Vegas earlier this month when a C-level executive from one of the largest Tier 1 service providers in the US sat down next to me and started talking about an issue that he feels is absolutely critical to today's communications industry

US and European Union fail to strike deal on new Safe Harbor pact (Ars Technica) EU's national privacy watchdogs to reach judgment on data transfers by Wednesday

How Europe Protects Your Online Data Differently Than the U.S. (New York Times) Your digital footprint can quickly extend far and wide and be used in multiple ways

What We Have Is a Failure to Communicate (SIGNAL) Merging electronic warfare, cyber warfare and electromagnetic spectrum disciplines is needed to safeguard the nation

Disruptive By Design: Fighting the Cyber War (SIGNAL) How to best equip cyber warfighters — both at home and abroad — is an ongoing debate complicated by persistently improved and interesting tools for cyber analysis, security and ethical hacking that makes picking the "best tool," or even "the right tool for the job," very much a matter of opinion and preference

Military Security in the Age of the Internet of Things (SIGNAL) Despite looming threats, trusted communications offer a glimmer of assurance

The Cyber Threat to Nuclear Deterrence (War on the Rocks) In late 2010, when the Stuxnet worm was reported to have targeted and disabled nuclear enrichment centrifuges in Iran, a proverbial line in the sand was crossed that linked the rising awareness of cyber threats with that of the existing nuclear world

Cybersecurity is the 21st century's real battlefield (Daily Dot) The United States is under attack. Every day cyber criminals, hacktivists, and state-sponsored cyber terrorists are attempting to gain access to the valuable and sensitive information of Americans, American companies, and the government

Cloud, cyber policy documents trickle out of DoD (C4ISR & Networks) In recent days Defense Department entities publicly released documents outlining strategies and policies related to cloud practices and cyber operations, months after they were issued internally to personnel

Encryption bills pose challenges for Congress (Computerworld via CSO) National discourse harkens back to 'crypto wars' of 1990s

GSA announces US Digital Registry to authenticate government presence on third-party platforms (FierceGovernmentIT) Social media policy experts at the General Services Administration are encouraging agencies to serve up government resources to citizens on the platforms they're already using — such as Facebook, Twitter and third-party sites — rather than limiting communications to the dot-gov domain

New York Bill Proposes Backdoor on Encrypted Phones (Legaltech News) If passed, the bill would require that all smartphones sold and leased in the state of New York as of Jan. 1, 2016 have the capability of being decrypted or unlocked by the manufacturer

Litigation, Investigation, and Law Enforcement

State Dept. Won't Release Clinton Emails Marked Top Secret (Foreign Policy) The State Department said Friday it will not release 22 emails from former Secretary of State Hillary Clinton's homebrew email system because they contain information classified as "top secret"

Congress to probe Juniper 'back door' exposure, possible U.S. involvement (Reuters) A U.S. congressional probe into the impact of a hack of Juniper Networks Inc software will examine the possibility that it was initially altered at the behest of the National Security Agency, a lawmaker said in an interview on Thursday

7 security backdoors that heped kill faith in security (Computerworld via CSO) Backdoors in computing equipment are the stuff of legend

Senator asks why Navy intel leaders have kept their jobs without access to secrets (Navy Times) The Navy's intelligence boss and his deputy have been without a security clearance for more than two years

Wendy's Could Become Test Case For New EMV Liability Rules (Dark Reading) The fast food giant confirms it is investigating fraudulent activity involving payment cards used at some of its 6,500 locations

Interpol garda defends use of personal data to fight crime (Irish Times) Comments come as State begins review of Gsoc access to journalists' phone records

FTC re-launches IdentityTheft.gov (FierceGovermentIT) The Federal Trade Commission on Thursday unveiled significant updates to IdentityTheft.gov, which the agency hopes will serve as a "one-stop" resource for identity theft victims

Computer expert gets no jail time in extensive spamming case (Phys.Org) A computer expert was sentenced Thursday to two years' probation for helping send millions of spam messages that allowed computer marketers to illegally harvest email addresses and phone numbers

Blackshades malware co-creator gets five years of probation (Reuters via Business Insurance) An Arizona man who co-created software distributed by an organization called Blackshades that was used to hack into a million computers worldwide was sentenced on Friday to five years of probation

Former Silk Road staffer and "victim" in murder-for-hire to serve no prison time (Ars Technica) Curtis Green was key in an investigation of corrupt federal agents looking into Silk Road

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

ESA 2016 Leadership Summit (Chandler, Arizona, USA, Jan 31 - Feb 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks

BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, Feb 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia

The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, Feb 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies, and anyone who assists organizations in preparing for and responding to cyber incidents should attend. Attendees will gain a comprehensive understanding of the legal and policy issues that they need to know when they represent clients, develop their organization's cyber strategy and policies, or respond to cyber incidents

National Cybersecurity Center of Excellence to Celebrate Opening of Newly Remodeled Facility (Rockville, Maryland, USA, Feb 8, 2016) The National Cybersecurity Center of Excellence is celebrating its dedication on February 8, 2016 at the center's newly remodeled facility at 9700 Great Seneca Highway

Insider Threat Program Development Training — California (Carlsbad, California, USA, Feb 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

OPSWAT Cyber Security Seminar (Washington, DC, Feb 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies

Secure Rail (Orlando, Florida, USA, Feb 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, Feb 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals

SecureWorld Charlotte (Charlotte, North Carolina, USA, Feb 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance

ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities

Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment

CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation

CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format

CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016