ISE® CANADA 2013
To the Cloud! Software Security Evolution at Adobe > Watch the Video
For years software security at Adobe meant defending ubiquitous software on the desktop and in the browser. But with offerings like Creative Cloud Adobe is now in the hosted services game. The secure software engineering team had to retrench and retool to secure a new type of offering against a new set of threats. This talk describes the evolution of security at Adobe to meet this new challenge.
Taking PDF Security to a New Level with
Adobe Reader® and Adobe Acrobat® > Download Whitepaper
Adobe Reader X and Adobe Acrobat X take the security of PDF documents-and your data-to a whole
new level. Engineered with security in mind, Reader X and Acrobat X deliver better application security
thanks to Protected Mode and new capabilities that allow more granular controls, tighter integration
with the Microsoft® Windows® and Mac OS X operating system architectures, and improved deployment
and administration tools.
Adobe® Flash® Player and Adobe AIR® security > Download Whitepaper
Both Adobe Flash Platform runtimes-Flash Player and AIR-include built-in security and privacy features to provide strong protection for your data and privacy, whether you use these Adobe products on your desktop system or mobile device. Adobe constantly advances these protections to incorporate the latest developments in the industry and stay ahead of the continually evolving threat landscape.
Adobe Incident Response and Management > Download Whitepaper
The Adobe Secure Software Engineering Team (ASSET) team proactively focuses on preventing security
vulnerabilities in Adobe products before they ship, but Adobe knows that ensuring security doesn't end
when a product is released. If external security researchers, partners, or customers discover a
vulnerability after a product ships, the Adobe Product Security Incident Response Team (PSIRT) responds
to resolve the security issue quickly, effectively, and thoroughly. PSIRT is your first line of defense for
vulnerability resolution and threat mitigation. PSIRT coordinates with Adobe product engineering teams
to identify the appropriate response plan and keeps you informed on mitigation procedures and release
schedules.
Adobe Secure Product Lifecycle > Download Whitepaper
The Adobe Secure Product Lifecycle (SPLC) is a rigorous set of industry-leading best
practices, processes, and tools designed to keep customers safe and more secure in
the evolving threat landscape as they deploy and use Adobe software. The SPLC
touches all aspects of the product lifecycle-from providing essential security training
for software development teams and building security features into product design,
to developing quick incident response plans postship.
Manage Risk, Mitigate Threats > Download Whitepaper
To protect your organization against the most aggressive threat
environment in the history of IT, you need a strategy that unifies the
components of a complete security program. That’s HP Enterprise
Security—a risk-based, adversary-centric approach to threat protection.
Security and Compliance in the Cloud > Download Whitepaper
Cloud computing offers
flexibility and savings,
but as data, systems and
services move to the cloud,
organizations expose
themselves to serious security
and compliance challenges.
Automating the SANS 20 Critical Security Controls with QualysGuard > Download Whitepaper
The SANS 20 Critical Security
Controls
are
a
prioritized,
risk-based
approach
to
cyber
security.
They
are
the
result
of
a
consensus
process
that
involved
a
wide
variety
of
cyber
security
professionals
from
government
and
industry,
who
were
asked:
“In
practice,
what
works
and
where
do
you
start?”
The
Critical
Controls
have
become
a
blueprint
to
help
Chief
Information
Security
Officers
(CISOs)
and
Chief
Information
Officers
(CIOs)
to
deploy
the
most
effective
processes
and
tools
to
secure
all
their
computer
systems
according
to
risk.
Four
tenets
were
fundamental
defining
the
Critical
Controls:
1)
focus
on
continuous
monitoring
to
test
and
evaluate
remediation;
2)
automate
processes
to
address
security
with
efficiency,
reliability
and
scalability;
3)
provide
common
metrics
allowing
all
stakeholders
to
objectively
evaluate
and
adjust
security
measures;
and
4)
put
the
organization
in
charge
by
using
knowledge
of
actual
attacks
to
build
effective
defenses.
By
following
the
guidelines
of
Critical
Controls,
your
organization
can
ensure
the
confidentiality,
integrity
and
availability
of
its
information
technology
assets.
100 Tips for Implementing Network Security > Download Whitepaper
Insight from chief information security officers and those that support them.
State of the Data Center Survey > Download Whitepaper
IT executives have long had to grapple with challenges related to managing the data center, including providing robust logical and physical security, ensuring disaster recovery and high availability, handling server maintenance and accounting for data backup.
But with the emergence of overarching IT trends such as virtualization, cloud computing and the proliferation of mobile devices, data centers are being transformed. In many ways they’re becoming more complex, and as a result the challenges of managing these IT resources are changing.
To get the most value out of their organizations’ data centers, IT executives need to understand the new challenges and how to effectively address them. Otherwise, their investments in virtualization software, blade servers and other technologies designed to “modernize” the data center might be in vain.
Paras Shah
Enterprise Security Products Country Manager, Canada
Fortify ASC
The Vulnerability Landscape: What to know about Cyber Risk > Download Presentation
The 2012 HP Cyber Risk Report shows that although critical vulnerabilities are on the decline, they still pose a significant threat. Rapidly deployed new technology can have a significant impact on enterprise security; however, data show that seemingly mature technologies continue to introduce risk from new exploits. Additionally, the explosive adoption of mobile devices and the applications that drive them has resulted ina corresponding boom in mobile vulnerabilities — a 787 percent increase in the last five years. This discussion will explore how actionable security intelligence is necessary in accessing the vulnerability landscape and determining the most effective strategies for deploying resources to minimize cyber risk. Other key points will address how threat intelligence and security research can be leveraged to help understand, prepare for attacks and improve security offense.
Della Shea
Chief Privacy and Information Risk Officer
Symcor, Inc.
Establishing a Cost Effective PCI DSS Compliance Program by having a Can Do Attitude > Download Presentation
Achieving and maintaining PCI DSS Compliance can be complex and costly, and strong leadership is required to accomplish this business critical initiative. Symcor embraced the challenge head on, assembling a capable, talented team focused on “total cost of ownership,” and remained committed to finding the best solutions for the organization. During this presentation, learn the four guiding principles that are fundamental to your strategy for successfully achieving and maintaining this standard.
Ray Archer
Senior VP and Chief Information Security Officer
Scotiabank
Creating a Comprehensive IT Risk Framework that Aligns with Operational Risk > Download Presentation
The importance of security within the enterprise is growing as business leaders realize that IT-related events can have a dramatically negative impact on strategic goals and objectives. It is vital to craft an IT risk framework that establishes the processes, accountabilities, and tools to govern and manage the risks to data and systems. A solid framework is closely aligned with business objectives and will ultimately require the active support of all key business leaders within the enterprise, not just the IT organization, making it an integral part of daily routine and a fundamental process for continuous improvement. This presentation will identify the necessary elements to include in your core IT Risk Framework and strategy in order to enable the prioritization and communication of IT risks in a holistic way.
Kenneth Haertling
VP & Chief Security Officer
TELUS
Embedding Security throughout the Enterprise – From Products to the Infrastructure > Download Presentation
The field of security is evolving rapidly and it is more important than ever to ensure security is a priority at every level. As leaders within the organization, CISOs must be successful in uniting disparate areas of the company under a common strategy, working as partners rather than policemen and operating in transparency verses the black box security department of the past. This presentation will address best practices in embedding security throughout the enterprise and using a data-driven approach to drive continuous improvement in the areas of security, risk and compliance at every level of business.