
The CyberWire Daily Briefing 02.10.16
Nation-state hacking continues to roil international relations. Kaspersky thinks, on the basis of an upswing in "Chinese-speaking APTs," that China's shifting its attention from US to Russian target sets. For his part, US DNI Clapper says Chinese cyber espionage against American targets continues unabated — he characterizes the data theft as a "hemorrhage."
Reports out of Israel again accuse Iran of cyber espionage: accounts of senior officers, scientists, and Gulf-area human rights activists are said to have been targeted in a now-shuttered campaign controlled from Tehran.
The Russian hackers behind a wave of ATM heists — probably the "Metel" gang — are said to have manipulated ruble-dollar exchange rates at a Russian regional bank last year by gaining illicit access to trading terminals.
Ransomware — especially CryptoWall — continues to plague businesses.
Law firms are being targeted by Skype malware (the T9000 backdoor described recently by Palo Alto Networks).
Yesterday was Patch Tuesday. Adobe, Google, and Microsoft all issued fixes. Microsoft published thirteen patches, six of them for critical remote-code execution vulnerabilities.
Investment analysts look at recently depressed share prices of cyber security firms, and many explain the drop as caused by general market nerves, some specific disappointing notes, and collateral damage from a pullback in related IT sectors. Encouraging signs continued strong VC interest in cyber startups.
In the US, Congressional appetite for restricting encryption appears to be waning.
The President's budget includes some big spending on cyber. The White House has also proposed a "National Cyber Security Action Plan," to generally favorable reviews.
Notes.
Today's issue includes events affecting China, Croatia, Indonesia, Iran, Iraq, Israel, New Zealand, Russia, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Iran said to hack former Israeli army chief-of-staff, access his entire computer (Times of Israel) TV report says cyber-attacker working for Tehran targeted 1,800 key people worldwide; hacker left behind his ID, prompting Iran to halt the assault
Hackers Get Employee Records at Justice and Homeland Security Depts. (New York Times) In the latest cyberattack targeting the federal government, an intruder gained access to information for thousands of employees at the Justice Department and the Department of Homeland Security, but officials said Monday that there was no indication that sensitive information had been stolen
Hacker says he's breached DHS and FBI, leaks claimed staff data (Naked Security) The big breach news of the day is that an unidentified hacker threatened to expose a large stash of employee data allegedly stolen from the US public service
Chinese Cyberspies Pivot To Russia In Wake Of Obama-Xi Pact (Dark Reading) Kaspersky Lab has identified a massive uptick in cyber espionage in Russia by 'Chinese-speaking' APTs
DNI: China Continues Cyber Espionage (Washington Free Beacon) Clapper calls Beijing cyber theft 'hemorrhage'
Russian hackers used malware to manipulate the Dollar/Ruble exchange rate (Help Net Security) Russian-language hackers have managed to break into Russian regional bank Energobank, infect its systems, and gain unsanctioned access to its trading system terminals, which allowed them to manipulate the Dollar/Ruble exchange rate
Russian ATM-popping gang used nation state cybercrook tactics (Register) Be very slow with the brute force, Igor. Three times a week, only on Saturdays
Adwind RAT Bought by 1,800 Criminals and Used Against 443,000 Victims (Softpedia) Shifty RAT takes five different names to avoid takedown
New Skype Malware Mimics E-Discovery on Unsuspecting Users (Legaltech News) A new report explores how a new virus is threatening one of the staple applications of the legal world — and how to best prevent it from getting near your system
Security Alert: Small Websites Compromised by the Thousands, Scatter Angler and CryptoWall (Heimdal Security) I think you'll agree with me when I say that the era of "I'm not important enough to get hacked" is long gone
How cybercrooks made $330K from ransomware without really trying (Register) Ker-ching!
10 Shocking New Facts About Ransomware (Dark Reading) Ransomware has taken over the cybercriminal world in the last few years and there's no end in sight
Hearthstone cheats and tools spiked with malware (CSO) Symantec researchers say some downloads hurt more than help
Hacking gold in Hearthstone? You're probably just hacking yourself (Guardian) Symantec warns of malware disguised as cheating tools for Blizzard's collectible card game
Virgin Media spoof email mystery: Customers take to Facebook (Register) ISP: There has been no breach, no idea what you mean
Southwest Airlines flight giveaway scams spread on Facebook (We Live Security) Once again Facebook users are being duped into liking and sharing pages, in the belief that they might be rewarded with first class flight tickets to a holiday destination
Microsoft issues a reminder that those unsolicited callers aren't from Microsoft (Digital Trends) Today is Safer Internet Day, and Microsoft wants you to know that it thinks security is a really good thing. That's most of what it has to say, really
New Scandal Involving Croatian Security Intelligence Agency (Total Croatia News) Another day, another scandal in the Croatian intelligence community. Jutarnji List has published an article about the results of an intelligence analysis about the disclosure of the identity of Security Intelligence Agency (SOA) agents to managers of foreign companies, as well as about the leak of information vital to national security
Cyber attack disrupts Oxford School District (Clarion-Ledger) A cyberattack by an unknown hacker has forced a school district to shut down all of its servers
Security Patches, Mitigations, and Software Updates
Vulnerability Response: A Tale of Two Vendors (CyberPoint SRT Blog) It was the best of timelines (the other was the worst of timelines…) Greg Linares of CyberPoint's SRT (Security Research Team) recently had one of the vulnerabilities he discovered patched by the vendor, Microsoft. Having worked directly with Microsoft (specifically with its MSRC unit) for almost a decade, we've seen Microsoft improve their responsiveness on behalf of their customers, and we've also seen them respond very positively towards vulnerabilities researchers who submit issues
Microsoft Security Bulletin Summary for February 2016 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for February 2016
Microsoft February 2016 Patch Tuesday Delivers Unlucky 13 Security Fixes (WindowsITPro) In addition to the two cumulative updates for Windows 10 rolling out now over Windows Update, Microsoft is also delivering 13 separate security fixes this month
Stable Channel Update (Chrome Releases) The stable channel has been updated to 48.0.2564.109 for Windows, Mac, and Linux
Adobe Releases Security Updates (US-CERT) Adobe has released security updates to address vulnerabilities in Connect, Experience Manager, Flash Player, and Photoshop CC and Bridge CC
Twitter announces Trust & Safety Council to deal with the harassment, cyber bullying (Australian Broadcasting Corporation) Twitter has announced it will set up what its calling a Trust & Safety Council to deal with the harassment and cyber bullying that occurs on its service
Cyber Trends
Why the Internet of Things is a can of worms and how to keep it sealed (Security News Desk) Security providers need to rethink basic security functions of IoT-enabled applications before they are put to market
The internet of military things: Logistics dream, security nightmare? (ZDNet) IoT is a natural for the military, not just on equipment but for health monitoring on soldiers. But oh, what an attack surface!
IoT security breaches a 'building' concern for industries (Business Vancouver) Internet of Things network increasing vulnerability of industrial sites to cyberattacks
Small businesses warned of cyber attack impact (PRW) New research out today from cross-government campaign Cyber Streetwise and professional service firm KPMG has claimed small businesses are underestimating the impact a cyber attack could have on their reputation
How Much Would You Pay to Prevent a Breach? (re/code) In a country divided by the upcoming election, President Obama garnered bipartisan support for a significant budget increase this week: $5 billion in additional cyber security spending
Most IT pros have seen potentially embarrassing information about their colleagues (Help Net Security) More than three-quarters of IT professionals have seen and kept secret potentially embarrassing information about their colleagues, according to new research conducted by AlienVault
Why Cybersecurity Isn't So Complicated (Fortune) Here's what it takes to protect our data, identities and money
Marketplace
Cyber market lacks expertise to cover physical damage (Insurance Insider) The cyber liability insurance market is not the proper home for property cover arising from cyber attacks, experts claimed during an industry conference today
Why Cyber Security Stocks Got Smacked on Monday (Motley Fool) The pain in the cyber-security space doesn't seem to be letting up
Why FireEye Inc. Plunged 32% in January (Motley Fool) The cybersecurity leader has failed to protect its investors in recent months
FireEye up 9% following pre-earnings BTIG upgrade (Seeking Alpha) Believing the company can turn cash-flow positive in 2016 as its reigns in spending growth, BTIG's Joel Fishbein has upgraded FireEye (NASDAQ:FEYE) to Buy ahead of tomorrow afternoon's Q4 report
Why Qualys, Inc. Shares Tanked (Motley Fool) Understanding the big pullback in Qualys' stock price on Tuesday
IT security specialist Sophos slides despite positive results (Guardian) Company hit by concerns about sector being overvalued
Subscribe with caution to Quick Heal IPO: Choice Broking (CNBC Money Control) Choice Broking has come out with its report on Quick heal technologies IPO. The research firm has recommended to "SUBSCRIBE" the IPO with Cautions in its research report as on Feburary 08, 2016
9-Figure Deals Lift Cybersecurity Investments To An All-Time High (In Homeland Security) Investments into cybersecurity startups and emerging players grew by 235% over the past five years, reaching an all-time high of $3.8 billion in 2015 — according to CB Insights. VCs and corporate investors moved the needle to nine-figures on some of the larger deals
Small Cyber Firm May Be Worth Billions To Northrop Grumman Or Another Top U.S. Defense Contractor (Forbes) A recent article on Nasdaq.com speculates merger and acquisition possibilities for Northrop Grumman, a top-five U.S. defense contractor. Popping up on the radar screen is Long Island, N.Y. based Code Dx, a small firm specializing in the fast growing cybersecurity market — which is expected to reach $170 billion by 2020
Hexadite Secures $8 Million Series A To Grow Cyber Security Company (TechCrunch) Hexadite, a company that analyzes cyber threats and helps determine whether they require action or are false alarms, announced an $8 million Series A round today
Fireglass Emerges From Stealth with a Military-Grade, Enterprise-Ready Threat Isolation Platform to Put an End to Security Challenges (PRNewswire) Israeli cybersecurity startup ignites interest from Fortune 500 companies for non-compromising, future-proof solution
Check Point co-founder backs cyber security start-up (Financial Times) Shlomo Kramer, co-founder of Check Point and Imperva, two of the country's biggest cyber security companies, has raised $20m for the new Tel Aviv-based start-up Cato Networks
In Nod to Cybersecurity Demand, Avalon Announces Merger with DIGITS (Legaltech News) The new merger will see Avalon bundle cybersecurity tools with its branded e-discovery and service products
CyberTech — The Golden Globes of information security (CSO) So many information security start-ups, so little time. Here's some of the most interesting firms I met with while at the CyberTech conference
With over 500 pc growth in bookings, Darktrace makes its mark in the cyber security space (Economic Times CIO) Company has reported over 750 installations of its Enterprise Immune System technology largely dominated by financial services industry followed by utilities, manufacturing and energy sectors
Wynyard signs $2.8m three-year deal with state policing agency (NBR) Wynyard Group [NZX: WYN], whose shareholders will vote next week on giving the board more freedom to issue shares, has signed a $2.8 million deal to provide its intelligence software services to a foreign state policing agency
INSIGHT: Growing hacker threats make cybersecurity a great career choice (Argus Leader) There are few jobs as cool and necessary as those in the cybersecurity realm
Solutionary Appoints Former Secret Service Assistant Special Agent in Charge Steven Bullitt as Vice President, Cyber Forensics and Investigations (CNN Money) Cyber security pioneer to lead client-facing threat response and forensic initiatives
Products, Services, and Solutions
BIOS Hack Detection Added To Dell Enterprise Security Suite (InformationWeek) With millions of machines potentially vulnerable to attacks on their BIOS firmware, Dell has introduced a verification tool designed for enterprise IT to monitor users' machines and intervene if an attack is detected
Indegy Introduces Industrial Cyber Security Platform for Protecting Critical Infrastructures (BusinessWire) Provides deep visibility into control-layer activity to ensure operational safety, reliability and security of industrial systems
Cato Networks Launches Network Security-As-A-Service Platform To Channel (CRN) Cato Networks, the newest startup from security investor Shlomo Kramer, is launching into the market Tuesday with a Network Security-as-a-Service platform that it says will shake up the perception that security has to be complicated
Pulse Secure Eliminates Security Silos for the Next Generation of Workers, Applications, Networks and Things (Broadway World) Pulse Secure, the leader in secure access solutions, today announced enhancements to its core product portfolio to help organizations secure access to applications in the data center and the cloud
Bitdefender Releases New LabTech® Integrated MSP Security Solution (BusinessWire) Integration to LabTech, ConnectWise's RMM Solution, strengthens Bitdefender's already impressive presence in MSP market
Technologies, Techniques, and Standards
Insider threat: It's not just about the malcontent anymore (FierceITSecurity) I sat down recently with Steve Durbin, managing director of the Information Security Forum (ISF), to discuss the threat that insiders pose to organizations and what can be done to stop them
Harnessing SSL Certificates Using Infrastructure Chaining (PassiveTotal Blog) Infrastructure chaining leverages the relationships between highly-connected datasets to build out an investigation
Stay safe with our Facebook cheat sheet (We Live Security) Once upon a time, it was possible to prevent personal data from getting into the hands of the wrong person by using a paper shredder and a bit of common sense
Design and Innovation
Android's inventor has creepy plans to suck up data from your dashcam (Graham Cluley) Andy Rubin is the guy behind the Android operating system. He co-founded Android Inc, the firm that Google bought in 2005 because it realised it needed a mobile operating system
Academia
CACI Becomes Anchor Partner in Cyber-Physical System Security Program With Virginia Tech Hume Center (BusinessWire) Partnership focused on the convergence of cyber security and UAVs
WGU Adds Master's in Cybersecurity & Information Assurance (PRNewswire) New online degree program offers new cybersecurity curriculum
Legislation, Policy, and Regulation
Intelligence Committee marks Gov's Snoopers' Charter: See me after class (Register) Needs more clarity, Theresa, but otherwise a very good effort
British Effort to Identify Potential Radicals Spurs Debate Over Profiling (New York Times) The boy's teachers were growing increasingly concerned
State Department: Kerry recognizes that calling ISIS 'apostates' was not 'the best choice' (Washington Post) The debate over what to call the Islamic State, the extremist organization that has created chaos in the Middle East over the past few years, is convoluted and controversial
New bipartisan bill would prevent states from weakening encryption (ZDNet) The bill, just three short pages in length, will prevent local legislatures from passing laws that ban encryption on a state level
A BILL To preempt State data security vulnerability mandates and decryption requirements (US House of Representatives) This Act may be cited as the "Ensuring National 5 Constitutional Rights for Your Private Telecommunications Act of 2016" or the "ENCRYPT Act of 2016"
Islamic State supporters share Edward Snowden video to explain need for encryption (Washington Times) Islamic State supporters are using Edward Snowden and his revelations about the U.S. government's surveillance capabilities to urge followers of the terror group to adopt digital security practices, including the use of strong encryption
Senator John McCain Weighs In On 'Going Dark' Debate — Insists That He Understands Cryptography Better Than Cryptographers (TechDirt) Who knew that Senator John McCain understood encryption better than actual cryptographers?
The President's Cybersecurity Plan Is More of the Same (And That's a Good Thing) (Council on Foreign Relations) Today, the Obama administration announced the Cybersecurity National Action Plan
Obama to seek dramatic boost in cyber funding (The Hill) President Obama on Tuesday is expected to request a dramatic boost in federal funding for cybersecurity, according to multiple Hill offices, industry representatives and digital privacy advocates
FACT SHEET: Cybersecurity National Action Plan (The White House) Taking bold actions to protect Americans in today's digital world
White House reveals plan to bolster American cybersecurity (Christian Science Monitor Passcode) The Cybersecurity National Action Plan, which will be announced Tuesday, comes as the government scrambles to improve its own cybersecurity in the wake of the massive breach on the Office of Personnel Management
Obama's cyber security plan puts spotlight on users (San Jose Mercury News) President Obama's new $19 billion information technology budget could be a boon to Silicon Valley security companies but also reflects the realization that the weakest point of many computer networks is the user
White House Strikes Right Chord on Privacy and Individual Security (Center for Democracy and Technology) Today, the White House announced a new federal initiative called the Cybersecurity National Action Plan (CNAP) encompassing a substantial new cybersecurity budget request and two new Executive Orders that would establish a Cybersecurity Commission and a cross-government Privacy Council
White House hiring its first ever chief information security officer (IT Governance) Apparently the White House doesn't already have a CISO
We're going to use your toothbrush to snoop on you, says US spy boss (Register) The Internet of Things is great for us, says James Clapper
NSA to shake up its defensive, offensive game (Christian Science Monitor Passcode) The NSA is shifting toward a fully integrated offensive and defensive operation, meaning its spies could be brushing shoulders with its cybersecurity agents
Pentagon looks to mature Cyber Command with FY17 budget (FCW) The Defense Department's fiscal 2017 base budget request for cyberspace operations is $6.7 billion, an approximately 16 percent increase from the fiscal 2016 enacted level
Pentagon budget targets futuristic capabilities (C4ISR & Networks) Seeking to strike a balance between current operations, fiscal uncertainty and next-generation weapons and systems, the Defense Department is aiming for a "healthy" science and technology program in its fiscal 2017 budget to develop future technologies
What Obama's Air Force Budget Request Says About the Future of Warfare (Defense One) The Defense Department budget request is full of high tech-items aimed at countering the capabilities of technologically advanced adversaries
Cyber training a key point in 2017 DoD budget (C4ISR & Networks) To take on changing types of enemies and evolving forms of warfare, Defense Department officials are moving ahead with at least three major joint training programs in the fiscal 2017 budget request as part of a broader redirection of resources to cyber
Enterprise IT, advanced tech top intel budget goals (C4ISR & Networks) The intelligence community's budget priorities look similar to those leading the funding wish lists across the Defense Department: cutting-edge technology to take on evolving enemies, investment in future capabilities and balancing sustainment with leaning forward
Spies ask for increase in 'black budget' (The Hill) The Obama administration asked for Congress to fund federal intelligence agencies $3 billion more in 2017 than it did last year
$50B homeland security budget focused on terrorism, critical infrastructure (Federal Times) President Barack Obama's $4.15 trillion budget request includes $50.4 billion for civilian agencies engaged in homeland security activities, most notably the Department of Homeland Security
President asks for $89.9B for IT in 2017 budget (Federal Times) The budget request released by President Barack Obama on Feb. 9 includes just shy of $90 billion for IT programs and operations, representing approximately 2.2 percent of the $4.15 trillion proposal
'We don't have the gear': How the Pentagon is struggling with electronic warfare (Washington Post) In the future, many of the most effective weapons used against the U.S. military are likely to be unseen: electromagnetic waves that disrupt radios or jam global positioning systems, paralyzing units
Senate health committee unanimously passes HIT bill (FierceHealthIT) The Improving Health Information Technology Act and six other bills cleared the Senate health committee with bipartisan support at a hearing on Tuesday
Give Up Your Data to Cure Disease (New York Times) How far would you go to protect your health records? Your privacy matters, of course, but consider this: Mass data can inform medicine like nothing else and save countless lives, including, perhaps, your own
Litigation, Investigation, and Law Enforcement
FBI Still Can't Unlock San Bernardino Shooter's Encrypted Cellphone (Time) "We are still working on it"
Indonesia imprisons seven Islamic State supporters (BBC) A court in Indonesia has sentenced seven men to between three and five years in jail for supporting the so-called Islamic State (IS) group
US Education CIO Admits To 'Unacceptable' Behavior (InformationWeek) US Department of Education CIO Danny Harris was grilled by lawmakers about possible ethics violations. Meanwhile the department, which has a lending budget the size of Citibank, was still said to be vulnerable to security threats
Clinton Asked Aide to Print 'Classified' Information, Emails Show (Washington Free Beacon) Hillary Clinton forwarded two emails that included "foreign government" information to a top State Department aide and asked for the messages to be printed out, according to correspondence obtained by the watchdog group Judicial Watch
Litigation Watch: Can a Third-Party Vendor Be Left Holding the Bag After a Breach? (JDSupra) Many organizations, particularly those outside of the technology sector, rely heavily on third-parties — including cyber security specialists, lawyers, and public relations firms — to help pick up the pieces after a data breach. But what happens when a third-party vendor doesn't fix the problem?
How "gag clauses" are used to squash negative reviews and punish reviewers (Naked Security) No one likes a bad review, especially businesses that can be harmed by negative word-of-mouth
Teen sues TV station for broadcasting sexting video along with his name (Naked Security) A Colorado TV station is being sued over allegedly broadcasting a mobile phone video of a 14-year-old's
Sexting and cyber-crime? Welcome to the teenage internet (Trusted Reviews) Today is Safer Internet Day, but do any of us actually know what Britain's youth are getting up to online?
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks
Insider Threat Program Development Training — California (Carlsbad, California, USA, Feb 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
Secure Rail (Orlando, Florida, USA, Feb 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas (Dallas, Texas, USA, Feb 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
SecureWorld Charlotte (Charlotte, North Carolina, USA, Feb 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace
Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance
National Insider Threat Special Interest Workding Group: Insider Threats From A Human Resources & Legal Perspective (Laurel, Maryland, USA, Feb 18, 2016) This meeting will be focused on "Insider Threats From A Human Resources & Legal Perspective." Mrs. Jordan C. Meadows, Security Program Analyst at Rolls-Royce North America will present from the Human Resources perspective. Super Lawyer Mark Zaid will present from a Legal perspective. There will also be a presentation from Securonix on using big data analytics to automatically and accurately detect the most advanced data security, insider threat and fraud attacks
ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities
Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment
CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting
cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced
Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format
CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016