executive summit - december 8 - 10

CISO Best Practices: Identifying and Responding to Insider Threats

It’s much easier to notice the adversary beating at your door, but how are businesses supposed to handle less-obvious threats from the like of insiders, whether they’re being malicious or simply ignorant. Businesses are often reluctant to fund technology and processes that protect against less apparent threats and continue to want to fund perimeter security. On this panel, CISO experts discuss best practices for detecting and responding to insider threats, and how to change the conversation about funding for this kind of security.

presented by

John D. Johnson  &  Drew Bjerken &  Robert Jamieson &  Nick Graf

Cyber Insurance: Risks, Rewards, and Outcomes

It’s become one of the industry’s most hotly contested issues, and one that has captured the attention of CXOs in both IT and the business: cyber insurance. Executives are asking not only what exactly it is, but also what it actually covers, how much coverage to get, what risk level to insure, and whether it’s worth the paper it’s printed on. Our panel of the cyber insurance industry’s top experts will discuss the ramifications of being covered, and not being covered, by cyber insurance, as well as the impact of coverage on breaches. How well do cyber insurance policies cover damages, errors and omissions, reputational risk, etc. What makes the most sense for your company, and how quickly do you need to react, if at all?

presented by

Mark Weatherford &  Ben Beeson

Pivoting from Attribution to Retribution: The New Deterrence

The conventional wisdom in cybersecurity is that better defense is our only hope because attribution of attacks is too hard. Stewart Baker begs to differ. He thinks that there’s an attribution revolution under way, one that will change cybersecurity dramatically because good attribution opens the door to effective retribution, which is the key to both deterrence and raising the cost of network attacks. Stewart Baker’s keynote address will address all of these issues and also ask how a world where attribution is common will differ from today’s security environment.

presented by

Stewart Baker

Proactive Defense: Using CyberSecurity Value-at-Risk to Estimate Your Threat Situation

CyberVaR™, or cyber Value at Risk, is a risk estimation method that provides top management with a single risk number and a statistical probability to understand the overall cyber security risk of an enterprise. Its data can then be fed into an organization’s existing enterprise risk management framework. In this session, Rod Beckstrom provides the latest update of the CyberVaR™ metric and effectiveness, and explains how likely your business is to lose to cyber attacks over a given period of time. You’ll be able to answer such questions as “if we invest more in security, how much could we reduce our risk?

presented by

Rod Beckstrom

Red Team Planning and Best Practices

A Facilitated TTX, led by the DHS, in which their red team takes the attendees through an interactive scenario based on real-world events, followed by a facilitated conversation with the attendees about best practices and how to manage such a scenario in their own organizations.

Responding to Persistent Threats: Best Practices for Keeping the Nation States at Bay

One of the most pernicious threats to corporate enterprises are persistent attackers that launch long-term infiltration campaign against enterprises, who are often nation states seeking competitive advantage by stealing trade secrets or attempting to disrupt business and infrastructure. These threats require a different mindset and security approach to protect your most valuable data and be resilient in the face of the most advanced attacks. This panel of security specialists and practitioners will discuss the tradecraft that specific nation states are using, tried and true best practices for protecting your business, and how to respond to breaches when they do occur.

presented by

Dmitri Alperovitch  &  Pete Murphy

Rising to the Challenge of E.U. Data Protection Regulations

The European data protection regime is evolving in response to privacy, security, and governance concerns via the EU Data Protection Directive and its associated regulations. International business interests will face new requirements associated with how they protect data, govern its use, and maintain transparency while realizing value. This session outlines steps companies can take to adapt to these changes, such as designating a Data Protection Officer and designing for privacy throughout the product/service lifecycle. It also offers a balanced perspective from U.S. and EU leaders.

presented by

Steven F. Fox  &  Stefano Mele

Security and Privacy in the Age of Big Data and IoT

As we look ahead to a new era of data and information security, how will the massive explosion of Big Data and the information being transmitted by billions of devices in the Internet of Things impact our cybersecurity planning and strategy?

presented by

Theresa Payton

Security as a Core Business Value

Advocates of cyber-resilience have been supporting the notion that businesses should assume they have already been breached and develop their mitigation strategies based on this assumption. Now, more than 80% of customers are aware of recent cyber breaches, and 50% of them are ready to switch brands if they think their information is compromised. In this new context, security has become a key factor in retaining customers and maintaining trust. Recent customer surveys show that banks are some of the most trusted institutions, and customers' expectations towards these and other industries are also rising. In this session, we’ll address how businesses can retain customers and keep up with their expectations of ease, convenience, and security. Also, we’ll look at what role CISOs should play in making this vision a reality for customers, as well as in driving change within the organizations. We’ll discuss how businesses can be sure that security becomes part of DNA of every product offering.

presented by

Elena Kvochko

The FTC’s Secret Law: What You Need to Know About the Cybersecurity Watchdog’s Expectations and Strategy in Regulating You

While the FTC, FCC, and Homeland Security joust over who is going to regulate the internet, Michael J. Daugherty, CEO, LabMD, takes you through his real-world battle with the FTC over security disputes. This is an insider's look at how agencies can exploit their power and try to drain you dry before you can get to court. Secret law exposed that you need to know to best plan your defenses.

presented by

Michael Daugherty

This Mess We're In: Threats, Actors, and Capabilities

In a post-Snowden world, it seems everywhere you turn you are faced with nation-state hacking, global network adversaries, hardware interdiction, baseband exploits, firmware backdoors, network injection, and a plethora of other threats. Once the realm of the underground, the black market, and intelligence agencies, intrusion and implant capabilities are now sold at trade shows for dictator pocket change. This talk will discuss the nature of targeted and untargeted surveillance, exploitation and intelligence gathering contrasted with the dangers faced by high risk users. We'll examine the commercialization of offensive technologies and the targeting of journalists, human rights workers, and activists. Drawing on original research and first hand case studies, this talk will discuss attacks on real people by real adversaries while attempting to provide a useful framework to enable sane operational security planning.

presented by

Morgan Marquis-Boire