Internet Safety topics:
1. Internet Safety for Children and Families. description
The Internet is a useful and important part of our daily lives. Many can't remember how we handled even the most mundane tasks without online assistance. How did we even survive when we were kids? :-) However, along with the good, there is bad. Children and teens (but not their parents!) are very well versed in using the Internet, including web pages, blogs, uploading and downloading information, music and photos, etc. They are also trusting. This presentation will give an overview of the Internet and the inherent dangers. Learn the realities and dangers of “virtual communities” websites your kids frequent like Xanga.com, MySpace.com and FaceBook.com. Learn about the persistence of information on the net and Google hacking. Learn the differences between a wiki, blog, Instant Messaging, text messaging, and chat. Learn the Internet slang, key warning signs, and tips for Parents and Kids. This talk is for anyone who has a child, who knows a child, or who ever was a child!
2. How
to be a Tech-Smart Parent - What Parents Need to Know about the Technology
Their Kids Use. description
1. Internet Safety for Children and Families. description
The Internet is a useful and important part of our daily lives. Many can't remember how we handled even the most mundane tasks without online assistance. How did we even survive when we were kids? :-) However, along with the good, there is bad. Children and teens (but not their parents!) are very well versed in using the Internet, including web pages, blogs, uploading and downloading information, music and photos, etc. They are also trusting. This presentation will give an overview of the Internet and the inherent dangers. Learn the realities and dangers of “virtual communities” websites your kids frequent like Xanga.com, MySpace.com and FaceBook.com. Learn about the persistence of information on the net and Google hacking. Learn the differences between a wiki, blog, Instant Messaging, text messaging, and chat. Learn the Internet slang, key warning signs, and tips for Parents and Kids. This talk is for anyone who has a child, who knows a child, or who ever was a child!
In many households it’s the kids who understand how all the technology works while the parents are trying to keep up. How can we keep up with the technology our children use such as social networking (like facebook and twitter), wireless, texting, blogs, chat, and digital cameras? Learn about what’s online and tools you can use to know what your kids are doing. We’ll talk about: your home computer, email, web surfing, social networks, cell phones and texting. This talk is for parents, or anyone who would like to learn more about these technologies!
It’s an online world. Most adults, and even teens, need to have online accounts for banking, shopping, communications, entertainment and social networks. Even many children have online lives. With all this online activity, how we keep ourselves and our families safe? How can we protect our private information? In this session we will discuss the advantages and dangers of our online lives. We will review practical tips for avoiding common mistakes. We will look at passwords, website safety, email and phishing, social networks and mobile devices. You can decrease the risks in our online world!
Cell phones, smart phones, tablets… FaceBook, Twitter, texting… the Internet and social networks are hardly new to our kids. New sites and features are being created all the time. New phones make these sites and services available to our kids anywhere, anytime. In this interactive talk we will discuss the basics of internet social networks, how our kids interact online, how they use mobile technology, and what we need to know to keep up.
The smartphone is here to stay (at least for now). According to Nielsen, 55% of people buying a new phone bought a smartphone, up from 34% a year ago. This means that many people are walking around with a hand-held computer containing their personal information and used to access online information including banks, healthcare and social media sites. But these phones suffer from the same security problems as computers including malware, phishing, and malicious links. And new apps coming out all the time! In this interactive discussion we will look at 10 tips to help keep our personal data safe when using a smartphone.
These days most laptop computers have wireless capability. Home wireless routers are inexpensive and work right out of the box. But is it safe to use home wireless? What about doing taxes over wireless? What about my personal files? What about connecting to DHS over my home wireless? We will answer these and other questions and provide information on how to set up security features in your home wireless.
Ten years ago, Identity Theft was not recognized as a mainstream crime. Today it continues to increase to epidemic proportions. This session will examine the elements of Identity Theft, teach avoidance and recognition techniques, and give specific steps to take if one suspects they are already a victim. Attendees will learn 1) what is Identity Theft and how does it happen – can ones Identity really be stolen?, 2) ways to decrease the threat of identify theft, and 3) specific steps to take if one is a victim.
Information Security topics:
1. The Dreaded Embedded descriptionHow do you make an inanimate object “smart”? You put a chip in it! And then you connect it to the global internet! These chips run what is typically called an embedded operating system – a Windows, unix or Linux variant, or something custom made. Because these chips are embedded in power grid equipment, medical equipment, appliances or even people, updates and patches are problematic. The Internet of Things (IoT) is growing at a rate 10-times that of standard computers. A typical hospital/clinic system may have 4-5 times as many smart connected medical devices as computers. The Dreaded Embedded refers to the proliferation of vulnerabilities associated with these devices. What are the security and privacy concerns of these devices? What about FDA and other regulatory compliance? And how do we deal with these devices as part of an information security program?
Most organizations have a CIO; many have a CISO. These key leadership positions often approach solutions differently and have different motivations. The CIO must deliver IT, automation, innovation and efficiency. The CISO is tasked with assuring adherence to security frameworks and regulatory standards, and protecting against, and responding to, vulnerabilities and incidents. These mandates can conflict. And often the CISO reports to the CIO. We will take a light-hearted look at questions including: What are the issues?; Are CISOs and CIOs from different planets?; Can we align to meet critical business needs, deliver value and protect the organization?
What’s the value of a stolen healthcare record? The healthcare sector has traditionally lagged behind other industry sectors in cybersecurity. HIPAA, the primary regulatory standard for healthcare, focuses on confidentiality of personal health information ﴾PHI﴿. Is that the right focus? In this talk we’ll cut through the hype to understand what’s happening in healthcare security. However, this is not just a story about healthcare… we can apply the same lessons to any industry sector.
- What are the issues that cause the Healthcare sector to lag other industry sectors in healthcare?
- What's wrong with HIPAA and what needs to be done?
- How can we use the NIST Cybersecurity Framework to build a comprehensive security program for healthcare?
Gartner estimates that over 50% of organizations will base their InfoSec program on the NIST Cybersecurity Framework ﴾CSF﴿ by 2020. In this talk we’ll discuss what it means to adopt a framework and how we can use the NIST CSF as a cornerstone of a comprehensive information security program.
- Why use a framework?
- How to move your program to align with the NIST CSF?
- How can you use the NIST CSF to measure the maturity of your security program?
With new and renewed attacks against our organizations, Incident Response and Management needs to be a core part of your Information Security program.
Doing only what’s worked in the past and focusing on “preventing” breaches in not a viable tactic. We need to focus broadly on proactive, detective and responsive measures. We need to provide leadership when things go wrong.
Incident Response and Management could be one of the most important parts of a security program because "when" it happens, how we respond to minimize the impact can make a huge different both for the patients/customers and the organization.
“Wearables” are all around us. From fitness trackers to smart watches, many people are using these devices to monitor their health. Of course, we’ve had other types of portable health devices for quite a while including automated insulin pumps and pacemakers. These devices use various communication methods… but do we know what personal data is being communicated and how it’s shared? We will look at the current state of health and fitness wearables and portables and discuss where things are going. Discuss the current state of health and fitness wearables. Review privacy and security considerations for wearables and fitness apps. Consider the implications and futures for health and fitness devices.
I recently became a new CISO. Well, the CISO position is new to the org, as am I, but I am not new to the CISO role. I came in with a plan and am executing on that plan. This talk is targeted at: new CISOs, organizations considering a CISO position, any security professional looking to get to the “next level”, or anyone considering remaking their security program.
Many CISOs come from more of a technical, rather than a business, background. However, we need to be able to communicate with Senior Management, business-area leaders and users who are usually not technologists. In this talk we will look at some of the common topics CISOs need to cover and discuss how to rephrase the messages to better reach a business-oriented audience. We will discuss: How to think about security risks in a way business personnel do; How to translate technical security topics into more business-friendly language, and; How to reach a broader audience with the information security message.
Passwords weakness has been in the news again lately. But we have known for some time that passwords alone are not a good authentication or access control mechanism. Strong and practical authentication is very challenging. There are “strong” schemes, but they often don’t work well for users. Security practitioners are familiar with the 3 factors of authentication: something you know; something you have, and; something you are. Each of these have fundamental flaws. I like to think of them as: something you forgot; something you lost, and; something you were!
We will take a look at the current state of authentication, examine weaknesses in authentication factors, introduce the fourth factor of authentication and consider some solutions.
Companies are increasingly encouraging employees to purchase their own devices such as smartphones, tablets and laptops to use at work according to a recent survey by CIO magazine. The acronyms BYOC and BYOD (like Bring Your Own Beer - Bring Your Own Computer/Device) have become mainstream technology terms. But what does BYOD mean for the enterprise? Can we mix personally owned devices and enterprise workstations/cellphones in our environment? How do we control configuration and data on personal devices? What about malware and other security concerns? What about improper disclosure of private data and intellectual property? And how will staff get work done when they are busy playing Angry Birds?
Is BYOD the flavor of the week or is the future of end-user hardware? Regardless of how security leaders may feel about the concept, we need to be prepared. We must understand what is driving BYOD, how it may, or may not, fit our environments, and have policy and tools ready.
In this interactive session we will discuss: What is IT Consumerization/BYOD? What are the benefits and concerns? Is there a cost savings? What are the Security concerns - BYOMalware? How do we protect data? And how can I start BYOD in my organization? And yes, you can Bring Your Own Devices to this session!
Consumerization and mobility in the enterprise – and our daily lives – is not only here to stay, but its footprint and influence is expanding. What does the broader consumerization and mobile environment look like? How do you assess the drivers for adoption and the cost/benefit of a mobile-enabled organization? Join us for this session to get an understanding of how a large state government agency took a proactive approach to enablement that ultimately set them ahead of the security challenges, rather than behind.
2011 may be the "year of the handheld". That is unless 2010 was! iPad sales exceeded all expectations in 2010. For the holiday season, many manufacturers came out with (and are coming out with) tablets. iPhones and Android devices can be seen everywhere... including the office. That means that people want to use these personal devices for work for a variety of reasons: they are more convenient; might be more powerful than company-issued gear; easy interfaces; they can carry less equipment, but, perhaps most importantly; these devices are finally like "real" computers. But use of these personally owned devices bring all kinds of security concerns including data leakage and vulnerabilities in these newer operating systems and apps.
We'll take a look at the convergence of mobile and desktop computing devices, security concerns and discuss some potential solutions.
Session Learning Objectives: 1. Define the convergence of mobile and desktop computing devices. 2. Discuss the tablet phenomenon. 3. Review security concerns with the use of these devices, particularly employee-owned. 4. Discuss possible solutions.
While insider threat is a reality, more problems are caused by mistakes. Workers are stressed and need to get the job done. These “accidental insiders” may be dealing with unclear process, security controls that aren’t well planned, or are just trying to get something done for the customer.
In this session we will discuss: How internal process, policy and technical environment can lead to mistakes; Appropriate levels of access control, and; What we can do proactively to prevent these kinds of problems.
Security Professionals often don’t like to think about Marketing concepts. However, we all understand critical concepts such as Senior Management support, Communication and Security Awareness. These are, in fact, Marketing! We will examine some Marketing ideas and techniques to help Security Professionals get the word out about Security.
There has been a great deal of media attention to the “Insider Threat”, the issue of someone internal to an organization harming or stealing data or assets. How does this happen and why? Shouldn’t we be more concerned with external threats like hackers and cyber-thieves? This talk will examine the issue of Insider Threat, discuss the various components, relate current research, and provide mitigation suggestions and good practices.
What is Risk Management and why should a security professional care? Can risk really be managed? What is the difference between Threats, Vulnerabilities and Risk? How does one incorporate Risk Management into an Information Security practice?
My slideshare site.
No comments:
Post a Comment