Topic: Information Security

Seminar Topics

[1 CPE] Deploying DLP for All of the Wrong Reasons

  Presented by Proofpoint

Data Loss Prevention is a misnamed and misapplied technology – not all data is in scope, you will never cover every loss scenario, and while protecting data sounds like a great idea in theory, in practice data protection isn’t always the optimal goal. Many organizations are required to deploy DLP technology to comply with a regulatory compliance requirement or to protect specific intellectual property. Most DLP projects end up in a much different state than their original design and intent.

This session will cover a brief history of DLP, how you should go about taking a people-centric approach to designing your information protection program, and using metrics for success that matter, as well as how to communicate your program to a non-technical audience.

Speaker Bio:

Brian Reed is the Director of Cybersecurity Strategy at Proofpoint. He has 20+ years of information technology experience. Before Proofpoint, Brian was a senior director analyst at Gartner. Since 2015, he published over 50 research notes at Gartner, covering a wide range of cybersecurity and risk management topics.

Before Gartner, he spent many years in a variety of business development, product management, sales, and system engineering roles. Brian also serves as an advisory board member and holds a Bachelor of Arts degree in History from The University of Georgia and a Master’s in Business Administration from Kennesaw State University.

[1 CPE] Fast and Furious Attacks: Using AI to Surgically Respond

  Presented by Darktrace

Fast-moving cyber-attacks can strike at any time, and security teams are often unable to react quickly enough. Join Brianna Leddy, Director of Analysis, to learn how Autonomous Response takes targeted action to stop in-progress attacks, without disrupting your business. Explore today’s threats and challenges and learn how advances in AI have been leveraged to allow for very surgical actions to be taken autonomously – where humans can no longer react fast enough. Includes real-world threat finds, case studies and attack scenarios.

[1 CPE] Immutable Storage: Level-Up Ransomware Readiness

  Presented by Arcserve

IDC advises that a 3-2-1-1 strategy is the new best practice for effectively protecting customers against ransomware. The last 1 is the important piece of the puzzle, where a copy is also stored on immutable storage. The growing risk of compromise to your customers’ data – specifically via ransomware DEMANDS the most up to date and complete solutions arsenal.

[1 CPE] Sky Lakes Case Study: Real-life Ransomware Recovery

  Presented by Cohesity

Backup is often the last line of defense against ransomware attacks, which have exponentially increased over the last year. Hear how Sky Lakes Medical Center chose a joint solution from strategic partners Cisco and Cohesity for a modern, efficient data management system to replace an aging backup solution while beating an unexpected ransomware attack. During this session, we’ll give you a brief overview of Cohesity for context and then roll into a 40-minute interview with the Sky Lakes Medical Center Team.

[1 CPE] Thinking Upstream: Avoid the Fallout of the next Log4Shell

  Presented by Tidelift

News of a zero-day vulnerability in the popular open-source project Log4j broke in December, leading many organizations scrambling to figure out the impact on their applications. Nearly every organization developing applications was impacted, and the fallout was so broad that the FTC issued guidance.

Log4Shell comes on the heels of the U.S. White House cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world.

Recent high-profile breaches like Log4Shell, the Colonial Pipeline ransomware attack, or the SolarWinds software supply chain attack have shown that our cybersecurity defenses are woefully inadequate. This executive order forces a higher standard of cybersecurity for any organization selling software to the federal government, which in turn makes it the de facto global standard for all software in the future.

Tidelift CEO and co-founder Donald Fischer shares his perspective on how the Log4Shell vulnerability and the cybersecurity executive order impact software supply chain security. He’ll brief attendees on the key issues addressed by the executive order, including software bill of materials (SBOM), supply chain security, and provenance requirements. He’ll outline the gaps that most organizations will need to close to stay in compliance. And he’ll share a proactive approach to addressing open-source software supply chain health and security upstream.

If you want to ensure your organization is fully prepared for the coming changes, you won’t want to miss this session.

[1 CPE] Chain Reaction: CISA Task Force & the Cyber Supply Chain

  Presented by Chad Kliewer • Information Security Officer, Pioneer Telephone Cooperative

We’ve all heard of “supply chain” by now. How do we go about actually doing something about it? Chad Kliewer will introduce the CISA Task Force that has been digging into supply chain issues for several years and share some resources – even some specifically designed for small and medium businesses – to adopt sound cyber supply chain practices.

Chad Kliewer is the Information Security Officer overseeing the cybersecurity and privacy programs for Pioneer Telephone Cooperative in Kingfisher, OK. He has over 20 years of experience in Information Technology and Security from PC Tech to CIO, including PCI, HIPAA, and SOX compliance. During his career, Chad has worked in healthcare, banking, and telecommunications, and has been outsourced, insourced, and resourced working with companies from 50 employees to more than 50,000 employees giving insight to companies large, small, and between. He holds a master’s degree in Cybersecurity and Information Assurance from Western Governors University, is currently serving on the board for InfraGard Oklahoma, and maintains the CISSP and several other certifications.

[1 CPE] Immutable Storage: Level-Up Ransomware Readiness

  Presented by Arcserve

IDC advises that a 3-2-1-1 strategy is the new best practice for effectively protecting customers against ransomware. The last 1 is the important piece of the puzzle, where a copy is also stored on immutable storage. The growing risk of compromise to your customers’ data – specifically via ransomware DEMANDS the most up to date and complete solutions arsenal.

[1 CPE] The Insider Threat You Don’t See Coming

  Presented by INTERFACE Advisory Council

IT leaders spend countless hours focusing on security awareness training and safeguarding systems. End-users of all types have been thoroughly educated on what not to do and taught how to identify threats. Now with so many employees working remotely, this has only added to the challenges of good cyber hygiene.

In recent months, we have seen the “great resignation” as employees are quitting jobs at record numbers. Some of this is through job dissatisfaction while some are leaving to spend more time with family. The question to ask now is, have IT departments armed employees to be a new insider threat? Could a disgruntled employee now intentionally allow a threat to get through your systems? How can you tell malicious intent by an end-user vs. an innocent mistake?

Join the INTERFACE Advisory Council for a discussion about this threat. These challenges are nothing new but have quickly become more complex and common.

Panelists:

  • Aaron Baillio • Chief Information Security Officer, University of Oklahoma
  • Jonathan Kimmitt • Chief Information Security Officer, University of Tulsa
  • Daisha Pennie • Manager, IT Compliance, Oklahoma State University

[1 CPE] Ten Easy Things You Can Do Today to Secure Your Online Presence

  Presented by Pedro Serrano • Chief Information Security Officer, Grand River Dam Authority

In this presentation, Pedro Serrano will take a quick look at the most important security issues that every company should be educating its users on.

  1. You are the Target
    • Why you are the target – it’s all about Money!
    • How much data are you sharing?
  2. Social Media
    • You should check your settings, regularly!
  3. Protect your PC
    • Pedro’s 5 rules for home PC
  4. Passwords Sharing Devices
    • With so many passwords, let’s learn how to manage
    • Best password managers available today
  5. Protect your home network with a simple change in your router
    • OpenDNS – free and it works!
  6. Two Factor Authentication
    • Easy ways to implement it (This is now the new normal)
  7. Online purchases – we all do!
    • How to protect yourself – Debit vs. Credit card
  8. Backup your data (Work – Home – Phone)
    • Can you verify that it’s there?
  9. Microphones are always on! – Who is listening?
    • You carry and have them in your home
    • Your car is listening, and I know where you are
  10. Credit Freeze – It’s really easy now!

The main theme of this session could be summarized like this:

The Human element: I can add all the technical controls that I can get my hands on but if my employees (internal users) behave in a matter that is not safe (like clicking on a link that is malicious) the technical controls will not be able to stop an attack. Therefore, you are the first and last line of defense, you can make the difference!

[1 CPE] Cyber Attack Responder Viewpoints

  Presented by Jeremy Wilson • Deputy CISO, State of Texas

This session will cover lessons learned from the State of Texas’ Cybersecurity Program. We will focus on how to prepare for and respond to a cybersecurity attack. There are plenty of low and no-cost options and activities that can help your organization prepare. We will provide additional information and services specifically for governmental entities in the State of Texas, but other organizations will still find value in our approach and how we deal with different types of attacks from Nation-State Advanced Persistent Threat (APT) actors to opportunistic hacktivists.