FS-ISAC 2012 Fall Summit Descriptions

SESSIONS WILL BE FORMATTED TO HAVE A BRIEF PRESENTATION ON A TOPIC FOLLOWED BY FACILITATED DISCUSSION ON SOLUTIONS, RECOMMENDATIONS AND FUTURE ACTIONS. EACH SESSION WILL BE DESIGNED TO BE INTERACTIVE.

Liespotting: Proven Techniques to Detect Deception
Pamela Meyer’s mission is to help people become more accurate at getting to the truth. She is known for her riveting presentations which combine hilarious video examples of deception indicators,  easy-to-learn methodology for lie detection and sophisticated communication tips. After a session with Meyer, you’ll be armed with tools for identifying insider threats, better buying, protecting, interviewing, and incident response. The lie-detection skills Meyer teaches reveal the deception epidemic plaguing our society. Studies reveal that you encounter an average of 10-200 lies per day. Meyer is a certified fraud examiner and earned an MBA from Harvard and a master’s degree in public policy from Claremont Graduate School.

Intelligence-Driven Security: The new Model
Does anyone believe that perimeter defenses are enough to protect organizations today? With massive amounts of digital information, Bring Your Own Device, Cloud, Big Data and more, our perimeter is more porous and harder to defend. It’s imperative to rethink security in a more balanced way, devoting additional resources to detection and response. RSA will discuss how an Intelligence-Driven Security model that evaluates risk, security spend allocation, and skills of the security team can enable financial institutions to get ahead of advanced threats.

Automating GRC: Innovation to Effectuate Controls and Operations
Compliance should not be the driver, it should be the outcome. Given de-perimeterization, pervasive mobility, BYOD demands and modern threat dynamics, IT organizations need to re-think how to adopt innovative security technologies that yield responsive defenses and operational savings. ForeScout will share their experience in providing customers real-time visibility and automated control with regards to network asset intelligence, endpoint compliance and mobile security.

DNS Firewalls-a New, Effective Weapon for Fighting The Next Generation of Cyber Attacks 
As recent breaches of payment processors and large enterprises have shown, typical security approaches like "traditional" firewalls are no longer sufficient to thwart targeted malware drops, block botnetoperations, protect against APT attacks, and more. Because over 80% of malware uses DNS to communicate, a new option of a DNS Firewall powered by collective intelligence is a potent and essential protective.

How to gain insight of cybercrime with extended visability via web session technology
As the use of web-based and mobile applications expands and industry regulations evolve, visibility into cybercrime and the attacks facing financial institutions today is critical. This session will explain how to revolutionize the way your organization approaches cybersecurity at the navigation layer of your website. Web session intelligence is a vital component of any cybersecurity program, and as security becomes a business priority within your enterprise, real-time visibility into risks and attacks will be imperative.

Dual Factor Authentication – What is Working and What is Not
This session will explore the nuances of dual factor authentication – recent regulatory drivers, attacks against various authentication methods, and new techniques that are succeeding against a variety of challenges

Insider threat trends 
CERT and US Secret Service will review the results of a recent study on Insider threats conducted by USSS and US Treasury 

Attacking The Weakest Link: How Cybercriminals Target the Enterprise  
Increased workforce mobility and Bring-Your-Own-Device (BYOD) initiatives have dramatically expanded the risk of advanced cyber-threats to enterprise assets. Using a variety of techniques, advanced malware is targeting employee devices to ultimately gain access to the corporate network and cloud-based corporate applications.  Protecting the endpoint is now as important as protecting the traditional network perimeter.  This session will discuss the three phases of the cyber-attack lifecycle and how they are carried out.

Data Leakage Protection for Mobile
Corporate data has moved to the mobile device. Mobile IT professionals need to mitigate the risk of data loss by extending data loss prevention programs, compensating controls, and employee education initiatives to include mobile devices. Even the well-intentioned insider still needs to be educated and continually reminded of his or her responsibility to protect company data, regardless of how it is stored or accessed. This session covers best practices for securing mobile data on iPhones and iPads without damaging user experience, and outlines twelve controls to implement.

Innovations in Mobile Security
As business services evolve and increasingly leverage mobile technology, creative solutions to manage risk are needed. Layered defenses, application and data protection will be discussed by the panel.

Advances in Email Governance and Controls
Attacks continue to use messaging as a primary vector to infect companies. The panelists will discuss the latest threats and solutions on private and cloud based messaging technologies

Moving to a Trusted, Standardized Cyber Intelligence Sharing Architecture
 In order to reliably integrate with cyber intelligence data, we need to agree on a standards based approach. STIX is a cyber-intelligence standards architecture that allows for trusted sharing of cyber intelligence indicators. The expressive and in-depth capabilities of the STIX architecture have led the FS-ISAC Security Automation Working Group (SAWG) to adopt it as the method for cyber intelligence sharing. Please join DHS as we discuss this architecture and its future role within the FS-ISAC and the Financial Sector.

“So just what do you mean by critical financial infrastructure?”
As laws and regulations are created to address risks in the “critical infrastructure”, the actual definition of what comprises it varies. The private and public sector panel participants will provide their views on the topic

Brand and User Protection in the new GTLD World
The non-profit organization that co-ordinates the Internet Domain Name System, ICANN, is currently running a competition to expand the generic Top Level Domains (gTLD) from the familiar 21 (.com, .net, .gov, .info) to possibly over 1400 names.  Names under consideration include those run by official FI organizations, such as the BITS Forum’s application for .bank, applications for closed domains such as Fidelity’s .ira, and hundreds of generic terms that might end up in the hands of the highest bidder.

CISO Panel: Re-Inventing Information Security
If absolute security is a myth, how are CISOs defining their reality? This diverse panel of industry leaders will share their strategies for defining what’s most valuable to their organization, making a differential investment to protect that information and building board-level support for the security program required to meet today’s threats. Discussion topics will include the value of proactive threat management, how re-invented programs are aligning to new business strategies, how to streamline global security operations, the consequences of cost control measures, what it takes to make identity and access management projects succeed and a common sense approach to data classification.

Maximize Data Loss Prevention Through a Secure Corporate Container
Data Loss Prevention is a primary concern for financial institutions due to the proliferation of free cloud file sharing services being used for business. Companies need to develop a content management strategy with strict security policies and access control to protect sensitive corporate content on mobile devices, whether those devices are corporate or employee-owned. This session delves into the challenges businesses face with corporate data on mobile devices and the importance of utilizing secure corporate containers where data is completely protected.

2012 Year of the DDOS-Trends, Motivations and Techniques
The session participants will share their experiences and insights on DDoS attacks, their sources and trends that affect the financial services industry

Predictive Security Intelligence – Driving a Productive Partnership Between Risk, Audit and Security 
Facing sophisticated advanced persistent threats and targeted custom attacks, financial services institutions are compelled to be at the forefront of IT security. Most large and mature organizations have responded with investment in layered security controls across their infrastructure.  The problem?  Lack of coordination and correlation at all levels – organizational, data and technology. A Predictive Security Intelligence approach is designed to help organizations develop effective risk frameworks, gain deeper insight from ‘big data’ generated by layered security controls and ultimately communicate that risk in the context of critical assets and financial services processes. 

Cyber Intelligence Automation Opportunities
Processing of cyber intelligence is a manual process that is error prone, costly, and time consuming. For cyber intelligence to be effective, it must be cheaper and faster to process intelligence than it is for the threat to invalidate the intelligence by changing tactics, techniques, and procedures of the attack. This panel will answer questions on existing and future methods of automated sharing and processing of cyber threat intelligence data.

Emerging Threat Landscape 
The degree of stealth and cleverness of attacks are a constant source of concern for security teams. The panel will discuss the latest threats and provide insight on them to the audience.

Security Analytics
This session will explore the challenges, opportunities for security analytics. We will also discuss some potential solutions of moving to more scientific and reliable approaches. A combination of security practitioners and solution providers will explore this evolving topic.

Mobile, Phone and Online Fraud Detection and Prevention
The explosive popularity of mobile devices has drawn an equally steep growth in mobile, phone and online fraud.  The panel will discuss the latest in detection and prevention techniques, as well as cross channel fraud schemes.

NationState Threats to the Financial Services Sector
There has been a great deal of press on the topic of nation / state sponsored attacks. DHS will provide their insights on trends and attack origination, as well as advice on how to protect our industry

Register here!