Privacy Engineering is an emerging discipline and this presentation will talk about privacy engineering in the context of emerging standards and best practices for consent, consent management, and permissioned data. The Kantara Initiative released a standard for User Managed Access (based on OATH 2), Consent Receipts, and has a working group on Consent Management practices. […]
Read moreThe 2017 M.E. Docs cyber-attack that crippled hundreds of companies crafted the blueprints for hijacking a vendor to attack clients through their trusted vendors. These attacks herald a new generation of supply-chain based attacks that pit vendor and client against each other as they struggle to navigate co-managed risk mitigation and the resulting consumer, regulatory […]
Read moreWhat does a targeted attack really look like? How can you effectively defend your organization? What does it take to recover from a headline-grabbing breach and rebuild trust with your customers? Join Matthew Maglieri, CISO of Ashley Madison’s parent company Ruby Life Inc. and ex-Mandiant consultant, as he presents this unique look at what is […]
Read moreSimple lessons to teach you how you can fill the knowledge gap within your staff…today! Few industries are expanding faster or evolving more rapidly than IT security. There is no shortage of bad actors trying to outsmart you and get to your data. The bad guys are relentless in their never-ending pursuit to find a […]
Read moreIn Philip K. Dick’s 1956 “The Minority Report,” murder ceased to occur due to the work of the “Pre-Crime Division,” which anticipated and prevented violent killings before they happened. Today, we are only beginning to see the impact of predictive analytics upon cybersecurity—especially for insider threat detection and prevention. Based on user interaction with data, […]
Read moreAs the extraction of value from data becomes more critical to a company’s success, organizations are trying to stay ahead of the data deluge. Unfortunately, data technologies often have security bolted on, not baked into the DNA, leaving far too many doors open to compromise. This session will cover the challenges of big data and […]
Read moreA lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation becomes strained. This silo-filled, tension-laced situation, coupled with short deadlines and […]
Read moreIdentity innovations like zero-trust networks, zero login, and one identity initiatives are transforming today’s most successful organizations from within. Trust boundaries are changing. Find out the technical details behind these innovations and take home a game plan to start transforming your organization today, this week, and in the long run.
Read moreISO 27001 & The GDPR: A Research-Based Approach to Identifying Overlap and Streamlining Efforts Together, security and privacy teams share a common goal: Protect the organization from reputational damage, lawsuits, and regulatory trouble. ISO 27001 focuses on the assessment of risks and protection of the organization while GDPR aims to assess and protect the rights […]
Read moreFew things have ever transformed the practice and technology of information technology than the dual impacts of cloud computing and DevOps. In this executive session we will detail specific strategies and tactics for transforming your security organization without orphaning your historical investments. This won’t be generic policy mumbo-jumbo; comes learn the hard-earned lessons from dozens […]
Read moreThe General Data Protection Regulation (GDPR) comes in to force on May 25th 2018 and many Canadian organisations are unsure if they even have to comply, let alone how. During this session, Bruce will take you through not only what the GDPR is and how it may impact you, but common questions and scenarios Canadian […]
Read moreContainers such as Docker and CoreOS Rkt deliver incredible capabilities to developers and operators and are powering the DevOps revolution in application development and deployment. Docker in particular has taken industry by storm, resulting in over 8 billion downloads and 500,000+ containerized applications in this open source platform. With all this new-found power comes significant […]
Read moreThe June 2016 revelations of the DNC breach by two Russia-based advanced persistent threat groups was only the beginning of a series of strategic leaks and conflicting attribution claims. In this presentation we’ll demonstrate techniques used to identify additional malicious infrastructure, evaluate the validity of “faketivists” like the Guccifer 2.0 persona, and strengths and gaps […]
Read moreAs cyber criminals grow more aggressive, organizations are installing new security tools to protect themselves against threats. In fact, the average enterprise runs 508 applications and allows 89 different vendors to access their network each week. (Source Bomgar.com and Forbes.com) You likely manage dozens of security tools across your organization– from firewalls to authentication software. […]
Read more“Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the […]
Read moreThis presentation examines the journey taken to establish the CSIRT team for the Rio 2016 Olympic Games. This large project was executed in a short period of time and posed a lot challenges. Rocha will explain the strategy in getting his team ready for the games, the CSIRT timeline, their preparation using wargames exercise, the […]
Read moreDave Millier has created a novel new approach that leverages well known information security frameworks and Chubb’s Cyber COPE®, a well-established property insurance measurement methodology that has been adapted to cyber risks. In this talk, Dave will present his methodology, including various ways of gathering the information and reporting on the results, providing the audience […]
Read moreSecurity’s goal of minimizing risk can seem at odds with development’s need for rapid change. There is a middle path that allows development to deliver secure code at DevOps speed, but it requires security to adopt principles that have proven successful for DevOps. This session will discuss organizational, process and technology innovations that enable security […]
Read moreThis session will detail the evolution of ransomware, its methods of infection, and ways an organization can help protect itself and avoid having to pay a ransom. Hear from a Trustwave SpiderLabs forensic expert analyze a ransomware infection and its actions on a compromised system. Ransomware requires that we reassess our access control, intrusion detection, […]
Read moreWe surveyed 654 IT and IT security practitioners in Canada to answer the following questions: Do organizations feel more or less prepared to deal with attacks than last year? How have cyber attacks targeting Canadian organizations changed in the past year? What is the average cost of cyber attacks for Canadian organizations? What cyber security […]
Read moreThe main government approach to cybersecurity has been to think of it through the lens of the military and intelligence community. After all that is where the most expertise lies today. This lens is problematic going forward. We should instead be looking to the way the government thinks of safety: for transportation, disease, consumer products, […]
Read moreBank heists make great stories. This year, we’ve got some really good stories to tell courtesy of a trusted network known as SWIFT, and some banks that believed they were inherently protected by virtue of being connected – except they weren’t. Hundreds of millions of dollars have revealed some ugly truths and dangerous assumptions. In […]
Read morePenetration tests rarely improve a client’s security. We know this because last year’s test feels horribly close to this year’s. In terms of value to the business, they fall flat in most ways – they are misunderstood from the start, during the test, and at the report. We want to dispel the confusion and tie […]
Read moreThis talk is focused on some of the biggest problems associated with computer security defenses. Main topics include: Misaligned defenses Lack of focus on root-causes Lack of focus on local current and historical exploits Lack of data in driving computer security defense decisions Roger will discuss how things got this way and how to fix […]
Read moreDo you need a GRC tool but can’t afford the cost of one? Let’s use a batteries included automation first framework to rapidly assemble our own tools that work in the way you want. We won’t create anything with a web interface but we will be able to manage large amounts of information using existing […]
Read moreAre you tired of knowing everything, having people ignore “the security person” because “reasons,” and then having “I told you so” as your only comfort? Sick of the hostile relationship between security and development, security and operations, security and HR, and/or security and everyone not wearing a black t-shirt? There’s a better way. Faced with […]
Read moreQuantum computers will break currently deployed public-key cryptography (RSA, ECC, Diffie-Hellman, etc.) which is one of the pillars of modern-day cybersecurity. Thus we need to migrate our systems and practices to ones that cannot be broken by quantum computers before large-scale quantum computers are built. There are viable options for quantum-proofing our cryptographic infrastructure, but […]
Read more