Skip Navigation
(ISC)² Security Congress 2018

(ISC)² Security Congress 2018

 

 

CSA-Summit-Congress-1324x548 

 

Second Annual CSA Summit at (ISC)² Security Congress

 

Navigating Through the Seas of Disruption

For today’s enterprise, cloud adoption has moved beyond the early adopters to encompass a wide range of mission critical business functions. Financial services, government and other industries with regulatory mandates have made significant steps into the cloud over the past year. Making this leap has required a transformation in both the technology of security and the mindset of security professionals.

This year’s 2018 Cloud Security Alliance Summit welcomes world leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations and best practices in order to help organizations navigate through the seas of disruption.

 

When: October 7 from 9:00am -5:00pm

 

Where: New Orleans Marriott


Start time

Session Title

Speaker & Title

Session Abstract

9:00-9:15am

Welcome Address

Jim Reavis, CEO, Cloud Security Alliance &David Shearer, CEO, (ISC)²

9:15-9:45am

Keynote Session

Thomas Braun, Chief, Global Security & Architecture Section, United Nations

The United Nations Secretariat has been following a well-established application security framework that includes a risk-based process for the selection of security controls, based mainly on the sensitivity of data that is stored, transmitted and processed by an application, as well as protocols for the validation and certification of applications. As part of its foray into cloud computing, these processes, as well as the pre-defined controls had to be adjusted and amended to reflect the “shared responsibility” approach, and to define specific controls for different service delivery models. The presentation will describe the general methodology that was applied to develop this new model, and include examples for IaaS, PaaS and SaaS projects.

9:45-10:15am

Change is Simply an Act of Survival

Bill Harmer, Americas CISO, Zscaler

 This presentation will review the history and development of the corporate network and its interaction with the Internet. How the adoption of SaaS and PaaS base solutions have rendered the network irrelevant from a security perspective. We will explore the developments in malware, how threat actors have taken on a business approach to creation, distribution, and management of their attack campaigns. We will then take a few steps into the future and explore some possibilities that have the potential to greatly affect corporations and how they protect themselves. Finally, we will explore some of the potential strategies that can be started now to lay time groundwork to ensure a more secure architecture in the future.

10:15-10:45am

Go Ahead, Indulge in Cloud, and Stay Healthy!Keynote Session

 Gurdeep Kaur, Director, Information Security, Horizon Blue Cross Blue Shield of New Jersey

10:45-11:00am

Break

11:00-11:45am

Panel Discussion: AI and Automation: What Does it Mean for Cybersecurity?

Moderator: John Yeoh, Research Director, Cloud Security Alliance

Panelist: Coalfire, Adam Kerns, Managing Principal, Cyber Risk Advisory

Panelist: McAfee, Srini Gurrapu, Chief Cloud Evangelist, McAfee Cloud Business Unit

Panelist: Tenable

11:45am-12:15pm

Building a More Secure Cloud Architecture

Jerry Archer, Founding Board Member of the Cloud Security Alliance, CSO Sallie Mae Bank

 More and more organizations are recognizing the opportunities that exist in transitioning to the public cloud. But all too often the specter of weak security and security failures cause significant concerns from various stakeholders. But, that does not have to be the case. Inherently, most substantial cloud providers have recognized the need for strong security and have built security capabilities in from the beginning. With a focus on secure architecture; the application of cloud-specific security tools; and leveraging built-in cloud security capabilities the public cloud can provide the level of assurance for security that can satisfy even the most stringent security and control requirements.

12:15-1:15pm

Lunch

1:15-1:45pm

Blockchain Evolution

Jeffrey Westcott, CFO, Cloud Security Alliance

The Blockchain is a platform built originally for the Bitcoin crypto-currency utilizing a decentralized (i.e., peer-to-peer) network. This creates a transparent public hyperledger – an immutable record of data that enables a layer of trust that has traditionally been centralized, costly and inefficient. Due to its unique features, the blockchain has spawned interest in many industries, including financial services, healthcare, legal, governmental, recording/arts and supply chain manufacturing. There is tremendous interest in start-ups and corporations to harness its potential and numerous consortiums have been established to create a framework of uniform protocols to promote adoption and standardization across the many industries it will serve.

1:45-2:15pm

Keynote Session

2:15-2:45pm

Artificial Intelligence in Cybersecurity – Staying Ahead of Threats

Subra Kumaraswamy, VP Cybersecurity Architecture & Engineering, Visa Inc.

2:45-3:00pm

Break

3:00-3:15pm

Caterpillar in the Cloud
 Joseph Zacharias, Deputy CISO, Information Security at Caterpillar Inc. Caterpillar is aggressively embracing cloud services, both from an internal consumer to providing robust web applications, IoT, and Connected Solutions to our dealers and customers. These include mission critical business functions, and expansion of new services to support global services to our customers. This session explores Caterpillar’s Information Security Team’s engagement in securing these external and internal services over the last several years, and the processes necessary to support the speed to market that the business has demanded.

3:30-4:00pm

Effective Methods for Security Information Sharing

Paul Kurtz, Co-Founder and CEO, TruSTAR Technology

 Security teams once wished for more threat intelligence data, but now those same teams are drowning in noisy, unactionable alerts. Security teams are collecting more threat intelligence from a variety of commercial and other sources than they are able to manage and operationalize. The concept of threat intelligence has now become a question of knowledge management and collaboration. Despite the wide selection of commercial and government feeds, enterprises are finding that the highest-fidelity source of threat intelligence often comes from sharing and exchange, whether that is through a formal sharing organization like an ISAC or ISAO, or an informal working group. In this presentation, TruSTAR Co-Founder and CEO Paul Kurtz will outline best practices for threat intelligence exchange based on a case study developed through the Cloud Security Alliance. In addition, Paul will address how independent research analysts are having an impact threat intelligence enrichment and sharing organizations.

4:00-4:30pm

Today’s Cloud is Raining New Technology

John Yeoh, Research Director at Cloud Security Alliance

The cloud represents the central IT system by which organizations are transforming themselves into digital enterprises. Building security and trust in the cloud hasn’t been easy. We have been overcoming barriers in this new supply chain model for the past decade. As benefits of agility, scalability, and security continue to be realized through the cloud, new technology trends such as the Internet of Things (IoT), Blockchain, and Artificial Intelligence extend the benefits but also create complexity and possible new attack vectors for ambitious and resourceful adversaries.

From its inception, the Cloud Security Alliance (CSA) has explored the horizon, identifying the trends and risks of tomorrow and gathering leading security experts from across the industry to propose solutions today. In this presentation, Yeoh will share his vision for the direction of CSA Research discussing recent threats in the IoT, improvements in security for IoT device manufacturers, a new IoT security controls framework for the Enterprise, and other topics currently being worked on by the community of research volunteers with a roadmap for when these best practices will be released to the industry. Awareness and preparation for the next disruptive IT trends are imminent to surviving the security challenges that tomorrow’s cloud brings. Leveraging these techniques will help raise security standards for enterprises, cloud service providers, and manufacturers on the secure implementation of IoT and cloud in the oil and gas industry, among other industries.


 
CSA Summit Highlight - 2017 RSA Conference

 


 

 

Outlook Outlook
iCal iCal
Google Google
Yahoo! Yahoo!
MSN MSN
Already Registered?

Upcoming (ISC)² Security Congress

Hong Kong • July 9-10

APAC Security Congress

Santiago, Chile • July 25-26

LATAM Security Congress

Exhibits & Sponsors

Event Sponsors

Become a Sponsor

Downloads & Media

Videos

Blog

 
(ISC)²
Copyright © 2018. (ISC)², Inc. All Rights Reserved.

Top