"... As a result of our NitroSecurity implementation, we have not had a single [virus outbreak] and we virtually eliminated illegal file-sharing" — Director of Network Operations & Information Security Officer, Berry College
Patient privacy and information security can be separate, siloed responsibilities within healthcare providers, with distinct teams focused on their respective missions, challenges and tools. Privacy incidents, like electronic medical record snooping, clinical system compromise, and identity theft, can be early indicators of more pervasive behavior. This can impact compliance or worse, be the first clues of undiscovered cyber-attacks that can threaten all clinical, operational and administrative systems. Integrating privacy solutions and security information management systems (SIEM) can provide the real-time visibility and analysis needed by both privacy officers and security analysts to create a common platform for delivering more comprehensive early warning systems. Join Mel Shakir, CTO of NitroSecurity, and Kurt Long, CEO and Founder of FairWarning to understand system architectures and implementation approaches available today to reduce risk through effective privacy and SIEM integration
As more states adopt privacy laws to protect the personal information of their residents, the scope of these laws is evolving significantly. Preventative measures are starting to be added to core notification requirements, like in the case of the new Massachusetts Privacy Law. MA 201 CMR 17 is the first in the nation to require specific technologies when protecting personal information and became law on March 1, 2010. Learn about the states driving this evolution, the technology requirements and options and how to prepare your organization for success.
Join Mike Spinney, Senior Privacy Analyst at the Ponemon Institute and Michael Leland, CTO, NitroSecurity and learn about the states driving this evolution, the technology requirements and options and how to prepare your organization for success
As we come to the end of the first decade in the new millennium, the IT industry faces some of the greatest security challenges in its history. In fact, 2009 saw more breaches, more malware, and more zero-day exploits than any year before.
At that rate, what will security be like ten years from now? What threats and challenges will the new decade bring?
If questions like this make you feel like your head is about to explode, don't worry - there is a way to get some perspective on the future - by attending "IT Security: The Next Decade," a first-ever virtual event that combines the in-depth expertise of three of the industry's best-known security resources: Black Hat, InformationWeek, and Dark Reading
Advanced Persistent Threats (APT) are goal oriented attacks carried out against a defined target in a very structured manner without the restrictions of time. The underlying goal for an APT attacker is to go undetected for as long as possible, while stealing as much information as possible. APT attackers are typically highly sophisticated and organized groups that have traditionally focused on defense, research and financial organizations - and are looking for new targets. In many cases APT attacks are the exact same attacks used by opportunistic attackers and malicious application developers. The key differentiator is the persistence of an APT attacker. The goal for this presentation is to define what APTs are and explore methodologies that can aid in identifying, tracking, and differentiating APT style attacks.
The original Security Event Managers (SEM) started by supported IDS logs. Bringing in other third party logs grew the SEM into a Security Information Management (SIM), which then evolved further to incorporate contextual information from other sources such as VA and IAM tools, finally becoming what we refer to today as a "Security Information and Event Management" system, or SIEM. Each evolution increased the event load placed on the system, in how fast events or logs needed to be collected, how much storage was required to support data retention over time, and how quickly the data could be analyzed and accessed, in order to produce actionable information.
Driven by regulatory compliance and security event correlation, most large organizations have deployed a Security Information and Event Management (SIEM) system over the past few years. Does this mean that they are adequately protected? ESG does not believe so. Ominous security threats and a rash of publicly-disclosed data breaches certainly place an intense strain on many legacy security management tools and ESG believes this is just the tip of the iceberg
InformationWeek's Dark Reading and Black Hat come together for their first-ever virtual event, exploring the most dangerous threats of the next ten years - and what you can do today to protect your enterprise from them.
A roundtable discussion between panelists: Michael Leland of NitroSecurity; Mark Seward, LogLogic; and Reed Henry, ArcSight.