Tag Archives: cyber threat

Edgar Perez, Cybersecurity Boardroom Workshop 2015, on China, Russia, U.S. and North Korea’s Hacking

Edgar Perez, author of Knightmare on Wall Street and The Speed Traders, brings Cybersecurity Boardroom Workshop 2015, seminars in New York City, London, Dubai, Bangkok, Jakarta, Sydney, Taipei, Seoul and Tokyo that are targeted at board members and senior executives looking for new ways to gain and maintain competitive business advantage in one of the most critical subjects for corporations and governments worldwide.

New York City, NY, USA (September 16, 2015) — Amid the massive Sony Pictures hacking crisis by the end of 2014, Russia offered support to North Korea in a sign that proved relations between the two nations were growing tighter. According to the Russians, the United States failed to offer any form of proof to back its claims against North Korea in the Sony Pictures hacking scandal.

What was China’s take on the situation? “Any civilized world will oppose hacker attacks or terror threats,” said China in a Global Times editorial. “But a movie like The Interview, which makes fun of the leader of an enemy of the U.S., is nothing to be proud of for Hollywood and U.S. society. Americans always believe they can jab at other countries’ leaders just because they are free to criticize or make fun of their own state leaders. Actually, the countries targeted in Hollywood movies are very selective, such as the Cold War era’s Soviet Union, North Korea and Iran.”

Mr. Edgar Perez, a published author, business consultant for private equity and hedge funds and Council Member at the Gerson Lehrman Group, is set to discuss at Cybersecurity Boardroom Workshop 2015 what these four super cyber powers, China, Russia, United States and North Korea, have in common. Mr. Perez is a subject matter expert in cybersecurity, investing, trading, financial regulation (Dodd-Frank Act) and market structure.

Mr. Perez has presented at a number of global conferences, including Cyber Security World Conference 2014 (New York), MIT Sloan Investment Management Conference (Cambridge), Inside Market Data 2013 (Chicago), Institutional Investor’s Global Growth Markets Forum (London), Technical Analysis Society (Singapore), TradeTech Asia (Singapore), Emerging Markets Investments Summit 2013 (Warsaw), CME Group’s Global Financial Leadership Conference 2012 (Naples Beach, FL), Harvard Business School’s Venture Capital & Private Equity Conference (Boston0 High-Frequency Trading Leaders Forum (New York, Chicago), FIXGlobal Face2Face (Seoul) and Private Equity Convention Russia, CIS & Eurasia (London).

Additionally, Mr. Perez has been engaged to present to the Council on Foreign Relations, Vadym Hetman Kyiv National Economic University (Kiev), U.S. Securities and Exchange Commission (Washington DC), Quant Investment & HFT Summit APAC 2012 (Shanghai), CFA Singapore, Hong Kong Securities Institute, Courant Institute of Mathematical Sciences at New York University, University of International Business and Economics (Beijing), Hult International Business School (Shanghai) and Pace University (New York), among other public and private institutions. Mr. Perez’s participation at these forums has been praised by both organizers and attendees:

“It was such a pleasure to have you participate in our conference. The feedback was great and the information you shared with the audience was invaluable. Once again, thank you for your contribution in making the event a success.”

“I would like to show my appreciation on your willingness to share your insights about cybersecurity. We would certainly have you in mind as we move forward to deal with this very important issue.”

ABOUT CYBERSECURITY BOARDROOM WORKSHOP 2015

As cyber attacks become more common, companies are increasingly investing in cyber security protections. But even with the best systems in place, hackers can still easily break into a company’s network if workers aren’t also being diligent about security. Cyber criminals have gotten much better at disguising malicious email to make it look more legitimate. So employees need to be vigilant and ask questions about all of the email they receive that raises even the slightest suspicion, which is most likely not what happened at some of the high-profile cyber security breaches that have been in the headlines recently: Adobe, ADP, E*Trade, Fidelity, Home Depot, JPMorgan Chase, Nasdaq, Neiman Marcus, Sony, Target and Wal-mart.

Cybersecurity Boardroom Workshop 2015 (http://www.cybersecurityboardroomworkshop.com), How Boards of Directors and CXOs Can Build the Proper Foundation to Address Today’s Information Security Challenges, is a must-attend forum for board members, CEOs, CFOs, COOs and executive managers in New York City, London, Dubai, Bangkok, Jakarta, Sydney, Taipei, Seoul and Tokyo who need to become more educated about cyber security in order to ask questions that are strategic yet granular enough to address company specifics. Cybersecurity Boardroom Workshop 2015 is targeted at corporate decision-makers for whom cybersecurity readiness is a relatively new yet critically important area to be intelligently conversant about:

• Understand enterprise cybersecurity and the impact on shareholder value in the short and long term
• Learn how to identify current and future challenges to better enable management to focus on threat reduction and operational reliability
• Identify immediate security needs for the organization with actionable steps for senior management
• Get up to speed on international and domestic approaches and frameworks for effective cybersecurity practices corporate wide

DAY 1: UNDERSTANDING THE CYBER WORLD

Understanding Cybersecurity
• The trillion dollar global cyber risk environment
• The impact of cybersecurity attacks on shareholder value
• The enterprise-wide challenge of protecting the organization’s assets
• Identity theft and the legal implications of data breaches

Social Engineering: The “Weakest Human Link” in Cybersecurity
• The responsibility for cybersecurity in the organization
• Evaluating shortcomings in meeting cybersecurity workforce standards
• Assessing the quality of the cybersecurity workforce
• Assessing the effectiveness of current professionalization tools

Understanding the Cybersecurity Testing Method
• Reconnaissance: How to use tools to find vulnerable systems and devices
• Port scanning: How port information is exposed on computer systems
• Packet sniffing: How to gather information from computer systems
• Password policy and cracking: What to consider when developing password policy
• Vulnerability: How to reduce attacks by enforcing proactive compliance policies

Basics of Security Architecture for Board Members and CXOs
• How architecture defines the structure of a system and makes it explicit
• How the current computer network infrastructure was not designed originally to be secure
• The fundamentals of layered architecture: presentation, business, data, and service layers
• Embedding architecting security into systems from inception

DAY 2: RESPONDING TO THE CYBERSECURITY CHALLENGE

Introduction to NIST’s Cybersecurity Framework
• Identifying and prioritizing opportunities for improvement
• Assessing and accelerating progress toward the target state
• Describing the enterprise’s current and target cybersecurity posture
• Communicating with internal and external stakeholders about cybersecurity risk

The Five Core Functions of NIST’s Cybersecurity Framework
• Identify: Organizational understanding to manage cybersecurity risk
• Detect: How to identify the occurrence of a cybersecurity event
• Protect: Safeguards to ensure delivery of critical infrastructure services
• Respond: Taking action regarding a detected cybersecurity event
• Recover: Maintaining plans for resilience and to restore any impaired capabilities

Introduction to Intelligence-driven Cyber Network Defenses
• How investigations are based upon the scientific method: observing, hypothesis, evaluation, prediction and validation
• How to continuously improve the enterprise process for defending IT assets
• How to leverage cutting edge technology, vigilant people and innovative processes
• How to empower people to resolve the problem with guidance and mentoring

Establishing or Improving a Cybersecurity Program
• Prioritize and scope: Identifying business/mission objectives and high-level priorities
• Create a current profile: Developing a profile by indicating current degree of preparedness
• Conduct a risk assessment: Analyzing the operational environment in order to discern the likelihood of an attack
• Orient: Identifying related systems and assets, regulatory requirements, and risk approach
• Create a target profile: Describing the organization’s desired cybersecurity outcomes
• Determine, analyze, and prioritize gaps: Determining gaps between current and target profiles
• Implement action plan: Deciding which actions to take in regards to identified gaps

Cybersecurity Boardroom Workshop 2015 is specifically designed for boards of directors and CEOs of public and private firms looking for new ways to gain and maintain their competitive advantages. Business executives with responsibility for IT, finance, compliance, risk management and procurement as well as entrepreneurs and innovators are welcome to add their points of view to the debate.

Media Contact:
Julia Petrova
Media Relations Coordinator
The Speed Traders
+1-414-FORUMS0
jpetrova@thespeedtraders.com

HOME

Cyber Security World Conference 2014 to Build on Obama’s Cyber Threat Information Sharing Framework Against Global Hacker Attacks

Building off of the momentum of past successful conferences, Golden Networking presents Cyber Security World Conference 2014 New York City (www.CyberSecurityWorldConference.com), forum that will bring the latest thinking from security experts to hundreds of senior executives focused on protecting enterprises and government’s information assets.

New York City, NY, USA (November 1, 2014) — According to The Hill, the Obama administration’s recently issued cyber threat information sharing framework comes at a time when discussions are heating up in Congress on stalled legislation dealing with cyber security. Why lawmakers and law enforcement officials have been pounding the pavement in recent weeks, declaring that steps to ease the sharing of information about cyber threats are critical for the country’s defenses, will be discussed at Golden Networking’s Cyber Security World Conference 2014 New York City (http://www.CyberSecurityWorldConference.com), unique professional gathering where cybersecurity experts are set to illustrate business on protecting their information from cyber-attacks.

The document fills a gap in the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST)’s more general cybersecurity framework, released on February 12, 2014. The framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

The Department of Homeland Security’s Critical Infrastructure Cyber Community C³ Voluntary Program helps align critical infrastructure owners and operators with existing resources that will assist their efforts to adopt the Cybersecurity Framework and manage their cyber risks. NIST also issued a companion roadmap that discusses NIST’s next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.

Roadblocks to total implementation still remain though, as both industry and privacy groups have been hesitant to freely share information in the current legal landscape. One bill that would address the legal issues is the Cybersecurity Information Sharing Act (CISA), but it remains unclear whether the bill could see action in the lame-duck session after the elections, according to The Hill. Absent congressional action, businesses are concerned about whether they will be protected from liability when sharing information with the government. Conversely, privacy advocates are wary of what personal data industries might share with the government, given the surveillance activities that have been revealed at the National Security Agency (NSA).

About Cyber Security World Conference 2014

Cybersecurity is never again a term to ignore for individuals or corporations. The daily activities of all Americans, the country’s global economic prominence and worldwide security rely on a safe and resilient cyberspace. Unfortunately, the number of cyber-attacks has increased dramatically over the last years, exposing confidential personal and business data, disrupting critical operations, and imposing exorbitantly high costs on the economy overall.

Just recently, J.P. Morgan Chase, America’s largest commercial bank with $2.39 trillion in assets, announced that about 76 million households and 7 million of small-business customers had been affected by a cyberattack in one of the most sweeping known global breaches. The company said the unknown attackers stole customers’ contact information, which included names, email addresses, numbers and addresses, affected an amount equivalent to almost two-thirds of American households.

A brief walk down memory lane of some the biggest recent cyber-attacks now include Adobe Systems, Automated Data Processing, Citigroup, E*Trade Financial, Fidelity Investments, Home Depot, HSBC, Nasdaq OMX, Neiman Marcus, Target and Wal-mart. It is not unlikely to consider that the information of every American has already been compromised in any of these publicly disclosed attacks.

Renowned information security experts and innovative service providers will present at Cyber Security World Conference 2014 their latest thinking to hundreds of senior executives focused on protecting enterprises and governmental agencies. Topics that will be discussed include:

• Is Biometrics the Key to Personal and Corporate Security?
• Strengthening the Security of Industry-wide Technology Infrastructure
• Cyber Security Megatrends Security Professionals can’t Ignore Today
• Key Considerations about Security in the Internet of Things Age
• Cyber Security and its Role in the Overall Security of the United States
• How Hackers Really Operate to Obtain Financial Data
• Designing and Managing Effective Information Security Programs

Cyber Security World Conference 2014 is produced by Golden Networking, the premier networking community for business and technology executives, entrepreneurs and investors. Panelists, speakers and sponsors are invited to contact Golden Networking by sending an email to information@goldennetworking.com.

Media Contact:
Julia Petrova
Media Relations Coordinator
Golden Networking
+1-414-FORUMS0
jpetrova@goldennetworking.com
http://www.goldennetworking.com

threatTRANSFORM Open Source App Jumpstarts STIX-Based Threat Data Classification

The creators of threatTRANSFORM today announced the release of their open source application designed to streamline the creation, compiling, and publishing of STIX datasets.

San Jose, CA (USA), May 02, 2014 — The creators of threatTRANSFORM (http://www.threattransform.com) today announced the release of their open source application designed to streamline the creation, compiling, and publishing of STIX datasets. Anyone struggling to manage security event classification can utilize the free open source threatTRANSFORM application to improve their MSSP, SIEM, and other big data cyber threat intelligence, management and response programs with the industry standard framework – Structured Threat Information eXpression (STIX™).

STIX is designed for cyber defenders, cyber threat analysts, malware analysts, security vendors, and information security practitioners in defending their networks and systems against cyber threats. STIX provides a common language for describing cyber threat information so it can be shared, stored, and otherwise used in a consistent manner that facilitates automation. threatTRANSFORM allows organizations to begin classifying threat data in an industry-standard way for consistent reporting, analysis and sharing.

“We’ve been working with the open source version of threatTRANSFORM from the very beginning and totally support their commitment to opening it up to everyone – we’re using threatTRANSFORM to integrate our real-time cyber attack intelligence into threat platforms,” said Maurits Lucas, InTELL Business Director at FOX-IT. “For us it was more than the ground-breaking work in using STIX in web platforms and the excellent framework they provide; the threatTRANSFORM guys have provided great support and advice which has helped us to scale our own unique InTELL portal content across multiple continents.”

threatTRANSFORM was created in 2014 by Brad Lindow, Timothy Plocinski, and Demetrios Lazarikos (Laz). Based on the MIT Open Source License, threatTRANSFORM was created out of the need for streamlining the creation of STIX datasets. Everything from analyzing complex information to sifting through machine data, the threatTRANSFORM application provides a powerful template engine. threatTRANSFORM is open source, free and works in nearly any web server. It’s the quickest way to get going with STIX today.

“We’d previously been using a proprietary mechanism of data exchange,” said Rich Reybok, SVP of Engineering for Vorstack. “threatTRANSFORM has really helped us to quickly transition to a preferred STIX standards based method of describing cyber threat information between customers, aiding product adoption.”

threatTRANSFORM has been built from the ground up for ease-of-use, both for the end user and the developer extending the cyber intelligence application code. To begin integrating threatTRANSFORM and take control of your STIX data, please visit http://www.threattransform.com.

About STIX:
The Structured Threat Information eXpression (STIX™) is a language for describing cyber threat information in a standardized and structured manner. STIX characterizes an extensive set of cyber threat information, to include indicators of adversary activity (e.g., IP addresses and file hashes) as well as additional contextual information regarding threats (e.g., adversary Tactics, Techniques and Procedures [TTPs]; exploitation targets; Campaigns; and Courses of Action [COA]) that together more completely characterize the cyber adversary’s motivations, capabilities, and activities, and thus, how to best defend against them. For more information, please visit http://stix.mitre.org.

About Blue Lava Consulting and Blue Lava Labs:
Blue Lava Consulting, and Blue Lava Labs, are proud sponsors of the threatTRANSFORM open source project and application.

Blue Lava Consulting works in a strategic partnership with organizations to assess IT Security programs, IT risks, and build an efficient set of IT Security and Fraud solutions. Blue Lava experience in providing IT Security coaching, IT risk management, and research allows the company to tailor strategies in delivering superior results with the optimum balance of business resiliency and agility. Blue Lava is disciplined to work with organizations in providing a detailed and comprehensive knowledge transfer through engagements. For more information, please visit http://www.blue-lava.net.

threatTRANSFORM PR Contact:
Demetrios Lazarikos (Laz)
Email: press@threattransform.com
http://www.threattransform.com