T.E.N. Knowledge Base

ISE® North America 2014

Adobe Creative Cloud for enterprise Security Overview > Download Whitepaper
Creative Cloud for enterprise includes the entire collection of Creative Cloud applications plus services and business features for organizations with large deployments that require centralized provisioning and customized deployment of apps and services. Enterprises also receive Enterprise Support and Expert Services. Learn more about the specific capabilities provided to secure data and the user experience for Creative Cloud for enterprise deployments.


Adobe Marketing Cloud Security > Download Whitepaper
At Adobe, the security of your digital experiences is our priority. From our rigorous integration of security into our internal software development process and tools to our cross-functional incident response teams, we strive to be proactive, nimble, and accurate in all aspects of security. What’s more, our collaborative work with partners, researchers, and other industry organizations helps us understand the latest security best practices and trends and continually build security into the products and services we offer. This white paper describes the proactive approach and procedures implemented by Adobe to increase the security of your Adobe Marketing Cloud experience and your data.


Adobe Digital Publishing Suite, Enterprise Edition Security Overview > Download Whitepaper
Learn about the security features like Secure Content that help increase the security of your Adobe Digital Publishing Suite experience and your data included in applications built with Digital Publishing Suite.


Adobe Experience Manager Cloud-Hosted Security Overview > Download Whitepaper
Find out about the array of measures targeted at securing instances of Adobe Experience Manager in four key areas: physical, network, data, and access security.


Adobe Connect Hosted Deployment Security Overview > Download Whitepaper
Explore how the set of security features built into Adobe Connect enable secure meetings, eLearning, and webinars on this secure web conferencing platform.


EMAIL TRUST INDEX > Download Whitepaper
As phishing attacks get more sophisticated and harder to distinguish, consumers should know who’s putting them at risk – where malicious email links are lurking that lead to the installation of malware that can record keystrokes and steal consumer information, from online credentials to actual money. That’s why we publish the Agari TrustIndex™, to show consumers and business alike where consumers are most protected or vulnerable to email attack across industry sectors including Financial Services, E-Commerce, Social Media, Travel, Logistics and Gaming.


Taking a Holistic View of the Total Cost of Data Helps CIOs Optimize IT and Business Gains  > Download Whitepaper
Data is the lifeblood of business. This means that CIOs can no longer treat data management as just a component of their IT strategy; instead, they need to develop strategies that account for data's core role in driving business-enabling and revenue-generating activities.



Comprehensive Advanced Threat Defense  > Download Whitepaper
The hot topic in the information security industry these days is “Advanced Threat Defense” (ATD). There are many definitions, and plenty of marketing hype and spin on the topic, but it’s the science – and the art – of defending yourself against sophisticated, persistent adversaries who can get past (or have already gotten past) your security defenses. We like to define advanced threat defense in terms of the adversary rather than the attack technique used to remind ourselves that what we are really up against is a person or, more likely, a group of people who are specifically targeting your organization, and will use whatever attack vectors and techniques necessary to achieve their objectives. This paper describes a comprehensive, network-­‐based approach to Advanced Threat Defense.


Get the most from the move to a next-generation firewall  > Download Whitepaper
If application controls and intrusion prevention systems (IPS) are table stakes in the next-generation firewall (NGFW) competition, what else do you put on your requirements list? This white paper will help network and cybersecurity teams understand the things they can and should demand from NGFWs.


The Cyber Resilience Blueprint: A New Perspective on Security  > Download Whitepaper
In this sophisticated threat environment, traditional security tactics are failing. Symantec encourages organizations to revisit their security posture to build a more cyber resilient enterprise. Resilience is not defined by a series of checklists, but through evaluations based on the current threat environment and the acceptable risk level for the organization. This whitepaper presents best practice-based approaches recommended for minimizing cyber risk. These are arranged across five pillars and provide specific actions for each pillar to be performed by identifiable IT jobs.



Continuous Monitoring for the New IT Landscape  > Download Whitepaper
Recent breaches have targeted a fatal flaw in the way organizations have approached security over the last two decades. While the focus has been on investing in multiple preventive security technologies—centralized authentication, desktop virus prevention, automated patching, next generation firewalls, sandboxes for zero-day malware, and security event management—adversaries have taken advantage of blind spots that have widened as the IT landscape has evolved. The recent breaches occurred not because of unknown weaknesses in the defensive technologies. They occurred because of gaps in coverage, due to the fact that the defensive technologies were not aligned with any security policy or business practices.



CISOs Misunderstood and Underappreciated by Their C-Level Peers  > Download Whitepaper
C-level executives regard the role of CISO primarily as a target for fingerpointing in the event of a data breach, and have little faith that individuals in the role could hold other leadership positions. Confusion about the role indicates that organizations must do a better job of understanding and elevating a position that is vital in the fight against cybercrime.


David Lenoe

David Lenoe
Director, Secure Software Engineering
Adobe
Biography

Measuring Security Success with the Right Metrics and Dashboards  > Download Presentation
A “good” security roadmap is going to come from an “ear to the ground” approach to security across all teams. It should also reflect current security industry trends. This is essential in creating a multi-faceted, balanced security roadmap that actually drives teams to “build security in” to everything they do. So, how do you build and keep a solid, adaptable security roadmap in place? By focusing on the right metrics to measure success against the roadmap and developing meaningful dashboards to communicate progress and success to management. This presentation will discuss how Adobe tackled this problem across its very large product, service, and I.T. Organization.


Kevin E. Greene

Kevin E. Greene
Software Assurance Program Manager
Department of Homeland Security, Science & Technology, Cyber Security Division

Bringing Industry Change via Software Security and Assurance  > Download Presentation
As more and more applications are being deployed in front of the corporate firewall, the typical network security solutions are being rendered helpless. These kinds of attacks have evolved from being a blunt weapon, using high volume attacks to bring down Web servers, to highly sophisticated application-level attacks designed to zero in on strategic business resources. Because these sophisticated application-level attacks cannot be detected and mitigated by traditional methods, the need to write secure applications, improve the state of the code and adhere to continuous software assurance best practices is more critical than ever. This presentation will share more about the Software Assurance Marketplace – the first non-biased, non-profit organization with both a physical facility and evangelistic capabilities – can solve these problems and bring actual change in the industry as a whole possible.


William Hugh Murray

William Hugh Murray, CISSP
Blog
ISE® Luminary Leadership Award Winner 2014

Security’s Dirty Little Secrets  > Download Presentation
This presentation will identify and expose things that we, that is, security executives, all know to be true, pretend that they are not. and consistently fail to address. These things represent flaws in the way we think. They are impediments to the way we act. They contribute to, may be the cause of, our current state of insecurity and its resistance to improvement. Hopefully, exposing these things will enable us to address them. It will empower us to make changes that otherwise seem impossible. The presentation will make suggestions and attempt to justify them.


Jim Routh

Jim Routh
Chief Information Security Officer
Aetna
ISE® Northeast Executive Award Winner 2007
ISE® Northeast Executive Award Finalist 2014

Raising the Bar: Becoming a Leader in Software Security > Download Presentation
In the face of ever-evolving threats and costly attacks, there has never been a more vital time for organizations to invest in software security. The software security team at Aetna demonstrated forward thinking an innovation by investing and implementing cutting-edge technologies and successfully applying them in practice ways to achieve results with high impact. In just 12 months, the Software Security Program formalized and advanced computer-based training within 500 application teams (an estimated 3,000 employees); defined repeatable processes and improved operational capability to detect and remediate potential software defects prior to production releases; on-boarded hundreds of development projects to the static analysis capability, covering more than 12 million lines of code; and revolutionized the organization’s view of penetration testing using threat intelligence to implement risk-based testing while improving test comprehensiveness. This presentation will share more about the program and how Aetna is now positioned to be the leader in software security in health care, setting the bar for the rest of the industry.


ISE Talent

Marci McCarthy

Marci McCarthy
CEO and President
T.E.N.
Biography

Darnell Frymire

S. Darnell Frymire
President
ISE® Talent, A T.E.N. Company
Biography

Pathways to Empowered Security Leadership > Download Presentation
Ongoing breaches and reports of cyber espionage have brought Information Security center stage with executive management and boards of directors. With IT Security now a board-level issue, the expectations of the business for CISOs has increased significantly. As CISOs assume a much more visible and expanded role within the organization, many are grappling with the one task that can make or break the success of the Information Security Program: Establishing the senior security leadership team and a creating a succession plan. Now expected to be a transformative leader, CISOs are recognizing that it’s imperative to surround themselves with equally great leaders who can advance the vision and execute on the strategic plan. Just as managing the complexity of the threat environment mandates a solution-based approach, so does the complexity of finding, hiring and empowering the right executive leadership team. Join us to gain insights into pathways to empowered security leadership as well as the solutions and resources available for building an empowered senior leadership team.

Jim Routh

Jim Routh
Chief Information Security Officer
Aetna
ISE® Northeast Executive Award Winner 2007
ISE® Northeast Executive Award Finalist 2014

agari

Secrets to Achieving End-to-End Email Security  > Read Summary
Securing your infrastructure is essential in protecting your customers, but malicious attacks can affect users without even entering your network. The Anti-Phishing Working Group reported 72,758 phishing attacks targeting more than 700 institutions worldwide during the first half of 2013 alone. As Verizon's Data Breach Report shows, 95% of all data breaches begin with a phishing email — evidence that comprehensive ecosystem visibility, email intelligence, and real-time alerting and reporting are imperative to thwarting these attacks. Join our conversation to take a deep dive into advanced email security methodology and learn best practices to achieving end-to-end email security in order to protect your customers and enable business.


Kevin McKenzie

Kevin McKenzie
Chief Information Security Officer
Clemson University
ISE® Southeast Executive Award Winner 2013
ISE® North America Academic Executive Award Winner 2013

Cyber Threat Intelligence: A Gold Mine of Value  > Read Summary
An intelligence capability empowers organizations to identify potential threats and vulnerabilities in order to minimize the ‘threat attack window‘ and limit the amount of time an adversary gains access to the network before they are discovered. Organizations that operate with an intelligence-led mindset understand that threat intelligence is the ‘mechanism’ that drives cyber security investment and operational risk management. The number of cyber threat intelligence providers continues to increase and the idea of threat intelligence is gaining widespread acceptance. While increased awareness of the cyber security threat is a positive trend, many organizations still need to put in place the fundamentals of intelligence management to gain real value from threat intelligence. This will be a crucial for instilling confidence in board members – and ensure that the organizations are equipped to leverage the gold mine of value that can be extracted from cyber threat intelligence.


Della Shea

Della Shea
Chief Privacy and Information Risk Officer
Symcor, Inc.
ISE® Canada Executive Award Winner 2013

Social Engineering: Can Organizations Win the Battle?  > Read Summary
Gone are days of mass emails with misspelled messages. Criminals today are doing more reconnaissance than ever before – aided by social networks -- to craft targeted emails that trick people into opening malware-rigged attachments or divulging passwords and sensitive information. The threat is highly targeted and sophisticated and intended to cause strategic harm, financial loss, reputation damage and technical breaches. And it’s proving costlier than ever. With recent breaches, the imperative to counter social engineering takes on a whole new level of urgency. While some organizations develop employee-awareness training or solicit pen testing, or use some combination of the two, these preventive tactics can only go so far. Adopting a "know thy data" approach -- in terms of what it is, how valuable it is and where it is -- and then focusing on securing it may be the key to surviving the onslaught of attacks.


David Cass

David Cass
SVP & Chief Information Security Officer
Elsevier
ISE® Northeast People's Choice Award Winner 2013

From Securities to Security: The SEC is Bringing IT Security to the Boardroom  > Read Summary
In response to breaches at major retailers and numerous reports of cyber espionage against financial institutions, the U.S. Securities and Exchange Commission has made strides to improve cybersecurity for the organizations it regulates. Security professionals have been calling for cyber security to move out of IT departments and into the purview of top-level executive and board members for some time. The recent moves by the SEC show some preliminary movement toward future regulation that could hold companies (and their boards) accountable for the cyber security performance of their organizations. Regardless of whether a company is subject to SEC oversight or not, the development is an important one for all businesses. The launch of the SEC cybersecurity initiative opens a new chapter in an increasing drive toward regulation of the private sector's information systems.


Jeff Trudeau

Jeff Trudeau
Information Security Officer
Sutter Health
ISE® North America Health Care Executive Award Winner 2013

The New CISO: Agent of Change  > Read Summary
Major information security initiatives can be costly. InfoSec executives too often find that their organization’s leadership may not see the initial financial investment in security as business critical…at least not until data or infrastructure is compromised. A CISO must lead efforts to build consensus for security as a priority in the enterprise by selling the board and c-suite on the benefits of a proactive approach. Join our conversation to learn how to build your business plan, engage the different stakeholders and influence key decision makers — who may not have a technology or security background — in order to gain support and approval for the investment and implementation of vital security initiatives.


Tim Callahan

Tim Callahan
Chief Information Security Officer
Aflac Incorporated
ISE® Northeast People's Choice Award Winner 2009, ISE® North America Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2007, ISE® Southeast People's Choice Award Winner 2006, ISE® Southeast Executive Award Finalist 2006

Real-Life War Games: Avoiding the High-Profile Mega Breach  > Read Summary
In 1983, the idea of hacking into a computer system was science fiction, but today it is a terrifying – almost daily – reality. Most organizations underestimate their risk and vulnerability to cyber attacks, yet hacker activity is intensifying. Almost 600 security breaches have been reported during 2014 alone, several of which have been high-profile, significant incidents compromising the private data of millions of people, costing millions of dollars, consuming excessive amounts of time to remediate and in some cases destroying careers. Now, large-scale breaches such as Target, P.F Chang’s, JPMorgan Chase and Home Depot are a weekly occurrence. With more incidents and more variation than ever before, the only question is – who will be next?


Paul Huesken

Paul Huesken
Chief Information Assurance Officer
The Coca-Cola Company
ISE® Southeast & North America Judge

Securing Your Data Across Channels: Strategies for Outpacing Zero Day Threats and Hackers  > Read Summary
Mobile, social and cloud technologies enable an organization’s efficiency and productivity, and can often provide competitive and brand differentiation. However, the widespread adoption of these services often results in an environment where free-flowing data quickly outpaces an organization’s ability to proactively defend against imminent and emerging security threats. All companies with valuable IP should assume both zero day threats and sophisticated hackers are targeting them. Mobile, social and cloud technologies drive productivity. But they also open the door to data theft and advanced attacks that can slip right by anti-virus, URL filtering and firewall defenses. A continued focus on siloed controls is insufficient for today’s threats as attacks are highly advanced, well-funded and persistently targeting enterprise environments.


Frank Aiello

Frank Aiello
Chief Information Security Officer
American Red Cross

Security vs. Privacy vs. Risk: Who Leads the Charge?  > Read Summary
As the field of security has evolved, so has the role of the Chief Information Security Officer, but debates are heated regarding exactly what responsibilities this title-bearer should assume. Many global organizations have shifted from focusing on the technical management of information security programs to a holistic risk-management approach, which calls for a more business savvy CISO. Others have found combining their privacy and security teams under single leadership can help to manage risk. Others still see Security, Risk and Privacy as vital roles that merit their own C-suite members. Now, industry analysts project that one-third of large enterprises will have a Digital Risk Officer by 2017, and that the role will emerge broadly by 2015.

In Europe, more than 50 global jurisdictions have signed omnibus privacy laws, providing greater protection for individuals in the workplace and signaling an increase in the number of privacy laws worldwide. In the US, the White House last year published a 62-page privacy whitepaper that includes a Consumer Privacy Bill of Rights with recommendations on handling individuals’ personal data pertaining to issues of control, transparency, respect for context, security, access and accuracy, limits on data collection and accountability.