Skip Navigation
(ISC)² Security Congress 2017
  • Information
    • Home
    • Location
    • (ISC)² General Session
    • Solutions Theater
    • 2016 Sponsors
    • Exhibitor Center
    • Student Registration
    • Session Highlights
    • Group Registration
    • Spouse Program
    • Security Congress Webinar Sessions
    • Speaker Resource Center
    • New Sessions
    • Panoply
    • 2016 Media Report
    • BrightTALK Channel
    • Instructor Summit
    • Team
    • 2017 Sponsor
    • Videos
    • Access Control 1-Day Training
    • CSA Summit
    • Experience Video
    • Track Survey
    • Dev Ops Training
    • Session Blog
    • Career Center
    • 2017 AM-ISLA Judges
    • Chapter Leadership Meeting
    • Chapter Awards
    • Social Contest
    • Americas ISLA Blog
    • Bookstore Signings
    • Chapter Volunteer Resource Center
    • Escape Room
    • Disaster Relief

(ISC)² Security Congress 2017

 
  • Home
  • Registration & Pricing
    • Pricing Info
    • Pre-Conference Training
    • Group Pricing
    • Student Pricing
    • CPE Opportunities
    • Justification Letter
  • Events & Sessions
    • Keynotes
    • Sessions
    • CSA Summit
    • Panoply
    • Agenda
    • Solutions Theater
    • Americas ISLA
    • Member Events
  • Hotel & Travel
    • Hotel & Travel Information
  • Exhibits & Sponsors
    • Sponsors
    • Exhibitor Floor
    • Become a Sponsor
  • Connect
    • Webinars
    • Videos
    • Blogs
    • Media
    • Meet the Team
    • About (ISC)2

2017 Solutions Theater Sessions

 

(ISC)² Solutions Theater is the opportunity to stay right on the show floor and conveniently participate in presentations featuring thought leadership in innovative infosecurity solutions and approaches to issues all practitioners face.  All attendees are welcome to learn about the latest security products and services featured in these 30 minute presentations. The Solutions Theater is located at booth 400, seats about 100 people and the schedule of presentations can be found in the mobile app and the pocket guide. 

  


Floor 3 -Expo Hall Booth 400 (Lone Star Ballroom D+E)


 

Monday, September 25th  

 

SecurityMetrics   

Time: 9:45am - 10:15am

Speaker: Joe Rivest, Senior Director of Enterprise Sales and Marketing Development
Security Metrics


Session Title: 5 Ways to Dominate a PCI Audit: Best Practices to Make Your Audit Go Smoothly and Quickly

Abstract:

PCI DSS audits are critical in helping businesses determine their path to data security and PCI compliance. However, between reviewing all the different requirements, being told what you're doing wrong, learning what needs to be fixed, and meeting audit and remediation deadlines, the auditing process can be difficult and exhausting.

There is hope, with proper preparation, your PCI DSS audit can go smoothly. This presentation gives 5 time saving tips to help you get the most out of your PCI audits. Some of these tips include:
 
•    Problems you can avoid by consulting with your auditor
•    Best practices to identify and reduce your PCI scope
•    How to best manage your PCI compliance implementation

You can use these tips to not only pass a PCI audit but also establish a better relationship with your auditor, who can help you become PCI compliant more efficiently.

 

exabeam  

 

Time: 10:30am - 11:00am

Speaker: Barry Shteiman, Director of Research & Innovation, Exabeam


Session Title: Automating Incident Response - Getting the SOC Back in Focus on What Matters


Abstract:

SOC (Security Operations Center) teams are constantly overwhelmed. Companies are struggling to staff their SOC team in an effort to deal with security event overflow. This results in improper classification, missed incidents and inconsistency.

Response and remediation processes are lacking as a result of hard-to-hire SOC positions. Many teams resort to hiring new and inexperienced analysts. The unfortunate outcome of these fresh hires is a lag time between incident and detection, and investigation to complete containment. Analysts are only able discover and respond to incidences they are familiar with, and response quality may vary depending on their knowledge and skill.

Exabeam believes that automating response for common incident triage and response helps the SOC automate the common tasks, while focusing on what really matters.


 

CYPHORT 

Time: 2:00pm - 2:30pm

Speaker: Franklyn Jones, VP, Cyphort


Session Title: The Seven Secret Sins of SIEMs


Abstract: 

OK, maybe you can’t say this title three times fast, but you don’t want to miss this session. We’ve just completed comprehensive research on what it’s really like to own and use a SIEM. Three in-depth research projects, including focus groups across the US. Nearly 1,000 security organizations involved. All SIEM users from companies with 1,000+ employees – and they weren’t shy about sharing their opinions. Ouch! The analysis is now complete, and we’re ready to share the Seven Secret Sins of SIEMs. Maybe you can relate these sins – or maybe not. Either way, we won’t just leave you hanging with the burden of seven sins. We’ll also share a solution strategy that will restore you and your security team to a state of heavenly bliss. Join us and discover the solution to the SIEM problem – the Anti-SIEM from Cyphort.


 




Time: 2:45pm – 3:15pm


Speaker: Lev Lesokhin, EVP Strategy and Analytics, CAST


Session Title: Measuring the Cybersecurity of Software

 

Abstract:

Recent security breaches such as the ones at SWIFT, Target, and Anthem are entering the realm of nine-digit defects, where damages can exceed $100 million. Today, security of business applications a top boardroom issue. Advances in software analysis technology enable IT to detect weaknesses in the source code that can be exploited to gain unauthorized entry. Both the Software Engineering Institute and CAST have recently found that weaknesses causing reliability problems can in many cases be exploited for unauthorized entry, indicating that poor quality code is also insecure code.

The Consortium for IT Software Quality (CISQ) is chartered by its industry sponsors to create automatable measures of software size and quality. CISQ measures include standards recently approved by the Object Management Group for Automated Function Points, Reliability, Security. Performance Efficiency, and Maintainability. The four quality measures are based on definitions of these attributes in ISO 25010 and provide source code level measures that supplement the largely behavioral measures in ISO 25023. In particular, the Security measure is based on measuring 22 of the top Common Weakness Enumerations (i.e., CWE/SANS Institute Top 25 most dangerous software errors, OWASP Top 10) that can be detected through static analysis. These weaknesses include well-known culprits such as SQL injection, buffer overflows, and cross-site scripting. This measure provides an accurate estimate of the likelihood that an attacker can find an exploitable weakness in an application.

The continuing flow of breaches exploiting SQL injection, a weakness known since the late 1990s, suggests that IT needs a major undertaking similar to the Y2K endeavor to rid source code of the most easily exploited weaknesses. Executives both in and outside IT need to assess the cybersecurity risk of their systems using measures such the CISQ standards and enforce remedial actions based on them.


 

Tuesday, September 26th 


  

 


Time: 10:15am – 10:45am


Speaker: Jordan Wright, Senior R&D Engineer, Duo Security


Session Title: Everything You Want To Know About Stopping Phishing Attacks

 

Abstract:

Phishing is easy, effective, and on the rise. In 2016 alone, the record for the number of unique phishing sites seen in a quarter was broken. Twice. Phishing is a perfect example of a problem that requires a defense-in-depth solution- there is no silver bullet. This talk is a rapid-fire deep dive into practical mitigations you can put in place to stop phishing emails before they reach the inbox, after they reach the inbox, and after an employee clicks the link. We will start with the basics and quickly move to advanced strategies you can take to mitigate attacks at every layer of your defenses. In addition to covering the defenses, this talk will also discuss the top phishing attacks seen in the wild, how they work, and will even give a demonstration of analyzing a live phishing kit. The goal of this talk is to equip you with practical tools and strategies you can use to stop phishing for your organization.


 


 
Time: 11:15am – 11:45am


Speaker: Levi Gundert, VP of Intelligence and Strategy, Recorded Future


Session Title: It’s Risky; How Threat Intelligence Delivers the INFOSEC Resources You Need

 

Abstract:

Threat Intelligence’s greatest value for business is in creating risk scores and associated projected loss amounts for specific threats.
Today, can you make a statement to senior executives and/or the Board of Directors such as the following?
“There is a 5% probability that our business will incur a loss of $1,408.90 in 2017 due to ransomware.”

“Based on our best estimates, there is a 10% probability that our business will incur a loss of over $48,000 in 2017 caused by damage to availability of information via distributed denial of service.”
Properly communicating risk from cyber threats enables decision makers to properly assign resources and security controls that may have been previously ignored.

 

 

 


 
Time: 2:45pm – 3:15pm

 

Speaker: Didier Lesteven, COO, Wallix


Session Title: It’s The Fast Route to Compliance: An Easy Guide to Navigate the Regulatory Landscape by Managing Privileged Users

 

Abstract:

Digitalization has touched on almost every part of the business, affecting companies’ employees, stakeholders, and operations across all sectors of activity. The major cybersecurity issues resulting from digitalization and new approaches to technology have led to the development of numerous national and international mandatory regulations, which keep evolving and increasing as does our relationship to technology. This growth in regulatory changes often overwhelms organizations who need to deploy their efforts and demonstrate adaptability to simultaneously comply with the different regulations there are subject to (HIPAA, PCI-DSS, SOX, NIST SP800-171, etc.). This session is specifically designed to offer an easy guide for organizations to navigate the complex regulatory landscape which they are in by managing privileged users and sensitive access to strategic resources. It discusses the pains and challenges posed by some of the most renowned regulations and proposes a compliance matrix to accompany businesses on their route to audit and compliance. As it resonates with their own challenges, this session helps companies prioritize their needs to quickly respond to the regulations they are subject to.



 

CheckPoint 


 
Time: 3:30pm – 4:00pm

 

Speaker: Eric Meadows, Cloud Security Sales Manager, Check Point


Session Title: Safe Journey to the Cloud

 

Abstract:

Companies are looking to modernize existing business applications to improve agility, performance, and sometimes recognize cost savings by moving workloads to the cloud. Experience shows that security is often neglected or viewed as an inhibitor as customers struggle with loss of control, consistency and compliance. In this presentation Eric Meadows, a Cloud Security Champion from Check Point, will provide insight into cloud adoption, provide four simple steps every company should be taking to secure “any” cloud and share the four shared characteristics he sees in successful cloud deployments with customers.

 

Wednesday, September 27th 

 

ThinAir


Time: 10:15am – 10:45am

Speaker: Rene Kolga, Head of Product, ThinAir


Session Title: Insider Threat: How Does Your Security Stack Measure Up?

 

Abstract:
Security technologists, practitioners and the media love to talk about the latest malware, and zero-day attacks that hackers and nation states direct against their targets. The reality is that a significant portion of security incidents and data breaches come from within an organization’s security perimeter. The insider threat is the unglamorous side of security, and one that most vendors and industry professionals tend to ignore. Which tools in your security stack truly address the insider threat problem? What percentage of your security budget is dedicated to this issue?

This presentation will explore the rise of the insider threat, and the five essential components of an effective approach to identifying and investigating breaches that result from the malicious or innocent actions of internal actors.


View All Sessions!

 

 

Outlook Outlook
iCal iCal
Google Google
Yahoo! Yahoo!
MSN MSN

Upcoming (ISC)² Security Congress

Hong Kong • July 3-4

APAC Security Congress

Sao Paulo, Brazil • June 29-30

LATAM Security Congress

Registration & Pricing

Registration Information

CPE Opportunities

Justification Letter

Events & Sessions

Sessions

Pre & Post-Conference Training

Agenda

Americas ISLA

Member Events

Safe and Secure Online

Hotel & Travel

Location

Hotels

International Travelers

Exhibits & Sponsors

Event Sponsors

Become a Sponsor

Downloads & Media

Videos

Blog

 

(ISC)²
Copyright © 2017. (ISC)², Inc. All Rights Reserved.

Top