T.E.N. Knowledge Base

Loading

ISE® SOUTHEAST 2013

To the Cloud! Software Security Evolution at Adobe > Watch the Video
For years software security at Adobe meant defending ubiquitous software on the desktop and in the browser. But with offerings like Creative Cloud Adobe is now in the hosted services game. The secure software engineering team had to retrench and retool to secure a new type of offering against a new set of threats. This talk describes the evolution of security at Adobe to meet this new challenge.


Taking PDF Security to a New Level with Adobe Reader® and Adobe Acrobat® > Download Whitepaper
Adobe Reader X and Adobe Acrobat X take the security of PDF documents-and your data-to a whole new level. Engineered with security in mind, Reader X and Acrobat X deliver better application security thanks to Protected Mode and new capabilities that allow more granular controls, tighter integration with the Microsoft® Windows® and Mac OS X operating system architectures, and improved deployment and administration tools.

Adobe® Flash® Player and Adobe AIR® security > Download Whitepaper
Both Adobe Flash Platform runtimes-Flash Player and AIR-include built-in security and privacy features to provide strong protection for your data and privacy, whether you use these Adobe products on your desktop system or mobile device. Adobe constantly advances these protections to incorporate the latest developments in the industry and stay ahead of the continually evolving threat landscape.

Adobe Incident Response and Management > Download Whitepaper
The Adobe Secure Software Engineering Team (ASSET) team proactively focuses on preventing security vulnerabilities in Adobe products before they ship, but Adobe knows that ensuring security doesn't end when a product is released. If external security researchers, partners, or customers discover a vulnerability after a product ships, the Adobe Product Security Incident Response Team (PSIRT) responds to resolve the security issue quickly, effectively, and thoroughly. PSIRT is your first line of defense for vulnerability resolution and threat mitigation. PSIRT coordinates with Adobe product engineering teams to identify the appropriate response plan and keeps you informed on mitigation procedures and release schedules.

Adobe Secure Product Lifecycle > Download Whitepaper
The Adobe Secure Product Lifecycle (SPLC) is a rigorous set of industry-leading best practices, processes, and tools designed to keep customers safe and more secure in the evolving threat landscape as they deploy and use Adobe software. The SPLC touches all aspects of the product lifecycle-from providing essential security training for software development teams and building security features into product design, to developing quick incident response plans postship.

IBM Security: Intelligence, Integration, Expertise  > Download Whitepaper
One of the broadest, most advanced and integrated enterprise security product and service portfolios. Utilize Security Intelligence to help detect, predict and remediate breaches that may not be detected by point products alone. "Plug the holes" of competitive point product approaches with an integrated solution from the recently formed IBM Security Systems division. Enable today’s cutting-edge technology platforms, from mobility to cloud to social.


Consolidate Network Securityto Reduce Cost and Maximise Enterprise Protection  > Download Whitepaper
An organisation's network security infrastructure has typically been built from discrete blocks of security technologies. Starting with the network firewall providing perimeter access control, today’s network security often comprises a complex, difficult-to-manage amalgam of anywhere between five and 50 different technologies. With advances in technology, you are presented with the opportunity to consolidate many of these security components into fewer platforms. This whitepaper explores the many benefits.


Security and Compliance in the Cloud  > Download Whitepaper
Cloud computing offers flexibility and savings, but as data, systems and services move to the cloud, organizations expose themselves to serious security and compliance challenges.


100 Tips for Implementing Network Security  > Download Whitepaper
Insight from chief information security officers and those that support them.


What's Yours is Mine: How Employees are Putting Your Intellectual Property at Risk  > Download Whitepaper
Companies today are losing valuable intellectual property (IP) on a regular basis. While many security initiatives focus on threats posed by cyber criminals and hackers, there is a less obvious player in the theft of corporate assets: employees. In most cases these trusted employees are moving, sharing, and exposing sensitive data in order to do their daily jobs. In other cases, they are deliberately taking confidential information to use at their next employer, some of them without realizing that it is wrong to do so. The three parties – the employee, the organization, and the new employer – are all putting themselves at risk, and there are no real winners in any of these situations. This whitepaper explores the mindset and motivation of employees involved in IP theft.


Matt Mosley

Matt Mosley
Sr. Solution Strategist
NetIQ
Biography

Security and Compliance in a Hybrid World > Download Presentation
As more and more enterprises adopt cloud computing services, security organizations are faced with an increased attack surface and less control over the platforms that handle critical data.  The cost benefits of elastic, just-in-time computing resources and pay-as-you-go software as a service can be so enticing that security and compliance become an afterthought.  The good news is that the existing controls and processes you have in place may apply equally well to a hybrid cloud environment; unfortunately, the best practices and technology to address cloud security are still emerging.  We’ll discuss some of the strengths and weaknesses of cloud security offerings that exist today, review some of the key best practices and regulatory guidance that has emerged in the last year, and explore some strategies that you can implement today to be ready for a cloudy future ahead.


>Charles McGann

Charles McGann
Corporate Information Security Officer
United States Postal Service
ISE® Southeast Executive Award Winner and People's Choice Award Winner 2012
ISE® North America Government Executive Award Winner 2012

The convergence of IT Governance & Information Security Programs > Download Presentation
Today, there is plenty of talk about Governance and Information Security programs – when there is a breach, each is looked at as a point of failure. Are they codependent or separate – should they be? What happened to just “doing the right thing”? While there are pros and cons of Governance and Security Programs, there are areas of convergence and divergence, should these areas be considered an ecosystem or can you be successful with just policy? What does Governance mean to Security Programs and to the business? Is either one a sure sign of protection in the digital world?


name

Jody Lee
Group Executive, Technical Services
TSYS Operations Division
Biography

TSYS Threat Management Center > Download Presentation
Jody Lee will share how the TSYS Threat Management Center project represents a significant advance in terms of maturity and sophistication over the company’s previous security operations center. By consolidating 20+ different technologies into a single “main channel” using the HP ArcSight SIEM solution, Jody and his team now have enabled TSYS with the ability to immediately identity and address events of interest, thereby protecting both critical customer data and the company’s brand and reputation.


McCree Lake

McCree Lake
Director, Business Solutions & Integration
Information Technology Services
Kennesaw State University

KSU Identity and Access Management Initiative > Download Presentation
Learn how the implementation of IBM Security Identity Manager and other systems that creates and manages a centralizes repository with key data elements about every person in the organization merged together from multiple sources that in turn fully automates the management and creation of accounts and services on multiple systems in the enterprise. KSU will share how their project substantially automated existing business processes which were previously not easily enforceable through workflows managed by defined and business-driven workflows. Additionally, the system creates a single sign-on environment across the entire enterprise by synchronizing passwords and users across systems and enforcing password standards for regulatory compliance.


Mark Gelhardt

Mark Gelhardt
Chief Information Security Officer
TravelClick
Atlanta, GA
Biography

Network Segmentation and InfoSec Vault Project > Download Presentation
Mark Gelhart will walk us through how TravelClick completely reconfigured its network topology to incorporate a new Information Security Vault area. This project looked at the configuration of the TravelClick network and how to change that network to be ready for the future global risks and specifically how to protect the valuable data that TravelClick maintained (i.e., Intellectual Property, Credit Card, etc.) Mark and his team set up a separate network segment (Information Security Vault) with increased security within the vault by encrypting and tokening specific data to make that date even more secure.