FedCyber.com Cyber Security Summit – Confronting the Next Generation of Cyber Security Challenges and Opportunities
Announcing the Morning Keynote: Eric Rosenbach, Deputy Assistant Secretary of Defense, Cyber Policy
Mr. Rosenbach is charged with creating, integrating, and implementing cyber policy in the DoD. He has also been leading the DoD efforts on cyber workforce issues and his keynote presentation, Addressing Cyber Workforce Challenges for a New Domain of Conflict, will cover the problems he has encountered thus far.
Join them for the Second Annual FedCyber.com Cyber Security Summit, a venue for our nation’s most seasoned cyber security practitioners to come together to work issues of common concern. Matt Devost, President and CEO at FusionX, and Bob Gourley, Editor at CTOvision.com, will moderate panels along with top security experts Bob Bigman, formerly CIA; Bill Cheswick; Bob Flores, formerly CIA; Jason Healey, Atlantic Council; Roger Hockenberry, CIA; Nick Lantuh, Cyber Practitioner; Tom Parker, FusionX; Retired Lt. Gen. Harry Raduege, USAF; Gal Shpantzer, Energy Sector Security Consortium; Richard Stiennon, Industry Analyst; Bob Stratton, internet security pioneer and technology entrepreneur; Michael Tanji, Kyrus-Tech; and Joshua Work, Symantec.
Government and industry speakers will discuss how policy-makers can accurately characterize cyber adversaries and learn to appreciate the nature of the threat through fact-based assessments and threat briefings; the state of cross-organizational information sharing; and the impact of emerging technologies on the state of cyber security, including Big Data, Cloud Computing, mobility, wireless communications, and embedded computing. Afterwards, seven firms with promising technology selected by FedCyber subscribers will be asked to deliver fast-paced ignite-style presentations on their capabilities in the Ignite-Style Tech Review.
Space is limited, so register now to attend.
Working Agenda
| 07:30am – 08:00am | Registration and Breakfast |
| 08:00am – 08:10am | Welcome – Matt Devost and Bob Gourley |
| 08:10am – 09:00am | Addressing Cyber Workforce Challenges for a New Domain of Conflict |
| 09:00am – 09:45am | Threat Intelligence: Driving Action Through Fact-Based Assessments |
| 09:45am – 10:15am | Networking Break and Exhibits |
| 10:15am – 11:00pm | Accurately Characterizing Cyber Adversaries |
| 11:00am – 11:45am | Cyber Workforce Challenges: Recruiting and Retaining the Best |
| 11:45am – 12:30pm | Lunch and Networking |
| 12:30pm – 01:15pm | Lessons Learned from the History of Cyber Conflict: Jason Healey |
| 01:15pm – 01:30pm | Afternoon Break |
| 01:30pm – 03:00pm | Emerging Technologies and Their Impact on Cyber Security |
| 03:00pm – 04:00pm | Ignite-Style Tech Review |
| 04:00pm – 04:30pm | Closing Keynote – Retired Lt. Gen. Harry Raduege, USAF |
Registration is from 7:30am to 8:00am. Discussion will start promptly at 8:00am. Agenda subject to change.
We look forward to seeing you there!
Questions? Contact:
Steve Jacyna
Cyber Security Government at
Carahsoft Technology Corp.
703-871-8680 (Direct)
888-662-2724 (Toll-Free)
steve.jacyna@carahsoft.com
SANS Cyber Defense Initiative (CDI) 2012 is coming to Washington, DC
SANS Cyber Defense Initiative (CDI) 2012 will be back in DC on December 7 – 16. SANS is the one education organization known for developing those security skills now most in need. Every course, evening talk, and special event being offered at SANS CDI 2012 is geared to keep you on the cutting edge and to ensure that you have the knowledge and power required to fight against the actions of today’s cyber criminals. Please visit for more details or to register:
http://www.sans.org/info/113527
SANS CDI 2012 is powered by Netwars – Tournament Play. We’ll be running an exciting NetWars competition on the evenings of December 12-13. This is available FREE to CDI attendees taking a five or six day class, while seats last. To add extra excitement, SANS CDI 2012 will include our FIRST-EVER NetWars Tournament of Champions, where the best-of-the-best NetWars participants from the past eighteen months will face off to see who comes out on top. Whether you are a first-time NetWars participant looking to have fun and build your skills, or a seasoned champion, remember that seating is limited. Please make sure you sign up for NetWars when you register for a CDI long course. Register to play here: http://www.sans.org/info/113532
This event will feature more than 25 courses in IT security, security management, IT audit, software developer, and computer forensics, including short courses, which can be taken with a long course to enhance your training. Cutting edge courses include SEC575: Mobile Device Security and Ethical Hacking, SEC579: Virtualization and Private Cloud Security, SEC642: Advanced Web App Penetration Testing and Ethical Hacking, and FOR508: Advanced Computer Forensics Analysis and Incident Response.
***** Save $150 by using discount code: SecOrb_150 *****
Adobe Patches Flash Player in Masssive Security Update
Adobe Systems has fixed more than two dozen critical flaws in Flash Player for Windows, Macintosh, Linux and Android systems.
The update is rated “critical” by Adobe, and was given the highest deployment priority rating for Windows users. Adobe is not aware of any exploits targeting the vulnerabilities, which impact Adobe Flash Player 11.4.402.278 and earlier for Windows, version 11.4.402.265 and earlier for Macs and version 11.2.202.238 and earlier for Linux. The update also impacts Flash Player 11.1.115.17 and earlier on Android 4.x versions and 11.1.111.16 and earlier on Android 3.x and 2.x.
Read more at eWeek
Derbycon 2012 Videos
DerbyCon 2012 The Reunion was awesome, hope you enjoyed it as well. Here are the videos from Derbycon 2012. For the descriptions of the talks click a talk link below or go to the Derbycon page.
You can link or embed the talks, but the DerbyCon staff would appreciate it if you link back to the Derbycon and Irongeek.com sites.
See the bottom of the page for a download link.
[Goto DerbyCon 2012 Videos Here]
DerbyCon Presentation – Security Vulnerability Assessments Process and Best Practices
Conducting regular security assessments on the organizational network and computer systems has become a vital part of protecting information-computing assets. Security assessments are a proactive and offensive posture towards information security as compared to the traditional reactive and defensive stance normally implemented with the use of Access Control-Lists (ACLs) and firewalls.
Too effectively conduct a security assessment so it is beneficial to an organization, a proven methodology must be followed so the assessors and assesses are on the same page.
This presentation will evaluate the benefits of credential scanning, scanning in a virtual environment, distributed scanning as well as vulnerability management.
2012 National Cyber Security Awareness Month Kicks Off Today with Official Launch Event, Business Summit and Release of Online Safety Survey
WASHINGTON, Oct. 1, 2012 /PRNewswire-USNewswire/ — The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on cybersecurity awareness and education for all digital citizens, is officially kicking off the ninth annual National Cyber Security Awareness Month (NCSAM) today with a launch event and business summit at the University of Nebraska at Omaha Scott Conference Center on the importance of cybersecurity for Internet users and businesses.
(Logo: http://photos.prnewswire.com/prnh/20111007/DC82477LOGO)
(Logo: http://photos.prnewswire.com/prnh/20101004/DC76016LOGO)
(Logo: http://photos.prnewswire.com/prnh/20120911/DC71739LOGO)
National Cyber Security Awareness Month is a coordinated national effort focusing on the need for improved online safety and security for all Americans. Today’s events will feature remarks from federal, state and local officials, and cyber industry leaders from companies such as: ADP, VISA, Microsoft, PayPal, AT&T, Verizon, McAfee and Symantec. The program of events will be broadcast via Facebook Live today beginning at 10:00 a.m. ET at:
https://www.facebook.com/FacebookDC/app_105217732913495?ref=ts.
NCSA has also partnered with McAfee on a new survey to examine Americans’ online safety posture and the findings reveal a substantial disconnect between their respective online security perceptions and their actual practices while on the Internet. The online safety survey shows that we can all increase our efforts to make the Internet safer in light of such notable statistics:
- A Safe Internet is Crucial to U.S. Economy: Ninety-percent of Americans agree that a safe and secure Internet is crucial to our nation’s economic security.
- The Internet is Vital to American Jobs: Fifty-nine percent say their job is dependent on a safe and secure Internet and 78 percent say losing Internet access for 48 consecutive hours would be disruptive with 33 percent saying it would be extremely disruptive.
- Yet a Majority of Americans Do Not Feel Completely Safe Online: Ninety-percent say they do not feel completely safe from viruses, malware and hackers while on the Internet.
- A Quarter of Americans Were Notified That Their Personal Data was Exposed in Past Year: Over one in four (26 percent) received notification by a business, online service provider or organization that their personally identifiable information (e.g. password, credit card number, email address, etc.) was lost or compromised because of a data breach.
“We are thrilled to be kicking off the ninth National Cyber Security Awareness Month. The Internet is central to our daily lives and our economy and this new survey shows that the overwhelming majority of Americans believe keeping this system safe and secure is vital,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “The Internet is a shared resource for so many of our daily activities which is why protecting it is a shared responsibility. We advise every computer user to STOP. THINK. CONNECT. to stay safe online. Everyone should take security measures, understand the consequences of their actions and behaviors and enjoy the benefits of the Internet.”
NCSA Board President and Assistant Vice President for Public Policy at AT&T Services Inc., Chris Boyer added: “National Cyber Security Awareness Month is a time for us to all reflect on past measures we’ve taken to stay safe online and determine how we can improve upon them. We want all audiences to understand that protecting the Internet is increasingly becoming a matter of public safety. If we each do our part to stay safe online the Internet will continue to become a safer and more secure environment.”
“The threat to the safety of Americans online is growing every day and as the survey shows the fear of Americans has also grown to 90 percent,” said Gary Davis, vice president of global consumer marketing at McAfee. “It is our responsibility to make sure that consumers are aware of these growing threats so they can be best prepared to defend themselves against these hidden criminals. We are very excited to work with NCSA once again to bring these issues to the forefront and continue these efforts to educate the public on these very real threats to consumers’ privacy, identity and overall online safety.”
The survey of 1,000 adult Internet users found disparities between online safety perceptions and actual practices in important areas such as smartphone security and password protection measures. Key findings show:
- Smartphone Internet Use Continues to Grow, Yet Security Protections Lag:
- Nearly half of Americans (49 percent) use their smartphones to access the Internet, which is a six percent increase from the 2011 NCSA/McAfee Online Safety Survey that found 44 percent of adults accessed the Internet using a smartphone.
- Sixty-four percent feel their smartphones are safe from hackers yet – pointing to a strong disconnect – nearly the same amount (58 percent) of current smartphone users have never backed up their devices by storing the information or data elsewhere.
- Further underscoring this disconnect, over three-fifths (64 percent) of Americans have never installed security software or apps to protect against viruses or malware. Considering the rapid growth in smartphone users, it is imperative that they take extra measures to provide the highest level of protection possible to keep their devices safe.
- Age of Acceptance for Children to Own Tablet, Smartphones Growing Increasingly Younger:
- Forty-six percent of Americans say it is appropriate for children ages 10-16 to own a tablet and 53 percent to own a smartphone. This is an increase in findings from the 2011 NCSA/McAfee Online Safety Study, which found that 40 percent thought it was appropriate to own a tablet and 44 percent to own smartphones. As it becomes more acceptable for younger aged individuals to own and use Internet connected devices, it is vital they understand how to stay safe online.
- Inappropriate Content Most Concerning for Parents:
- Parents are most worried about children discovering adult sexual content/pornography (39 percent) followed by having contact with strangers when they are online (27 percent). Ten percent are worried about bullying or harassment from peers. Additionally, as youth identity theft is growing as an issue, nine percent of parents are concerned about their children’s identity being put at risk.
- Americans Believe Unsecured Wireless Networks Put Them Most at Risk for Cybercrime:
- Sixty-one percent of Americans feel safest accessing the Internet using a laptop or desktop with nine percent feeling safest using a smartphone and three percent using a tablet. (22 percent have only ever accessed the Internet using a desktop/laptop.)
- Many Americans think that connecting to an unsecured wireless network puts them most at risk to cybercrime or loss of personal information (30 percent), followed by not having any or enough security software (22 percent).
- “Bring Your Own Device” (BYOD) To Work is Popular Yet Formal Employer BYOD Policies Lacking:
- The survey also included a sub-sample of Americans’ cyber security practices and attitudes in the workplace. Roughly half (48 percent) are allowed to use a personal tablet, smartphone or laptop to perform job functions while 31 percent can connect to their work network using these personal devices.
- At the same time, 44 percent of respondents say their employers do not have formal BYOD policies. When employers fail to put proper policies in place to protect their data infrastructures, they not only put their information at risk but they also leave their networks susceptible to cyber threats.
- As Password Theft Increases, Many People Change Their Passwords:
- Twenty-three percent say they changed the password on a major online account without being prompted to do so by the service provider in the past six months (23 percent) and 14 percent in the last year, 13 percent in last week, and 23 percent in the past month. Seventeen percent have never changed their passwords.
- Forty-nine percent of social media users say they changed their passwords once or more this past year, with six percent changing passwords weekly. At the same time, 42 percent have never changed their social media passwords.
- Sixty-one percent of respondents changed their online banking account passwords at least once a year while 28 percent have never changed their passwords. Password identity theft is quickly becoming a top security threat. NCSA encourages everyone to change password information as frequently as possible.
- Americans Open to the Idea of being Notified if their Computers are Infected by Viruses and Malware:
- A majority of respondents (86 percent) say they want to be notified if a trusted third party (e.g. Internet service provider (ISP), financial institution, e-commerce site) knew that their computer was infected with a virus or malware with 66 percent strongly agreeing.
This data shows that Americans can improve their online safety practices in a number of areas, especially when it comes to accessing the Internet from their personal devices. We can all increase our online safety practices by starting with these simple ways to stay safe online:
- Keep a Clean Machine. Keep security software current: Having the latest security software, Web browser, and operating system are the best defenses against viruses, malware, and other online threats.
- Own your Online Presence. When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit who you share information with.
- Make Passwords Long, Strong and Unique. Combine capital and lowercase letters with numbers and symbols to create a more secure password. Have a different password for each account.
- Protect all Devices that Connect to the Internet. Along with computers, smartphones, gaming systems, and other Web-enabled devices also need protection from viruses and malware.
- Connect with Care. Get savvy about Wi-Fi hotspots and when banking and shopping, check to be sure the sites security is enabled.
JZ Analytics conducted the online safety survey. The survey firm, founded by John Zogby, surveyed 1,000 adults nationwide from August 31, 2012 to September 3, 2012. The margin of error is +/- 3.2 percentage points and margins of error are higher in sub-groups. The full study and a fact sheet are available at: http://www.staysafeonline.org/stay-safe-online/resources/.
The new National Cyber Security Awareness Month Web Portal is available at http://www.staysafeonline.org/ncsam/ and a calendar of NCSAM events can be found at http://staysafeonline.org/ncsam/events. NCSAM supporters can get the latest news and updates on Facebook at www.facebook.com/staysafeonline and on Twitter at @StaySafeOnline. The official Twitter hashtag of NCSAM is #ncsam. NCSA also welcomes organizations to show their support for NCSAM by becoming an official NCSAM Champion and submitting their registration at:
http://www.staysafeonline.org/ncsam/champions/.
About The National Cyber Security Alliance
The National Cyber Security Alliance is a non-profit organization. Through collaboration with the government, corporate, non-profit and academic sectors, the mission of the NCSA is to educate and empower a digital citizenry to use the Internet securely and safely protecting themselves and the technology they use and the digital assets we all share. NCSA board members include: ADP, AT&T, Bank of America, EMC Corporation, ESET, Facebook, Google, Intel, McAfee, Microsoft, PayPal, Science Applications International Corporation (SAIC), Symantec, Trend Micro, Verizon and Visa. Visit www.staysafeonline.org for more information and join us on Facebook at www.facebook.com/staysafeonline.
About STOP. THINK. CONNECT.
The campaign was developed by the STOP. THINK. CONNECT. Messaging Convention, a public-private partnership established in 2009 and led by The Anti-Phishing Working Group (APWG) and National Cyber Security Alliance (NCSA) to develop and support a national cybersecurity awareness campaign. The Department of Homeland Security provides the Federal Government’s leadership for the campaign. Industry, government, non-profits and education institutions participate in STOP. THINK. CONNECT. Learn how to get involved at the STOP. THINK. CONNECT. Facebook page at https://www.facebook.com/STOPTHINKCONNECT, on Twitter at @STOPTHNKCONNECT, and the campaign website at www.stopthinkconnect.org.
SOURCE National Cyber Security Alliance
