Posts Tagged With ‘Global CISO Forum’


Global CISO Forum Announced in Wake of LinkedIn Breach

EC-Council is launching the Global CISO Forum to address the increasing demands faced by top-level information security executives. The IS landscape has never been so fraught with attacks as evidenced by the recent LinkedIn password fiasco or by Google sending warnings of state-sponsored attacks to gmail account holders. The Forum, which will take place in conjunction with EC-Council’s premier IS conference, Hacker Halted, will focus on bringing together CISOs from around the world to discuss how the constantly changing security challenges affect the day-to-day lives of CISOs from the largest and most prestigious organizations. A few of the topics to be discussed will include integrating wargames into security strategies, recruiting, training, and managing superior security teams; data loss prevention; as well as internally branding and integrating a security program while aligning it with business objectives.

The diversity of topics that will be covered hint at the breadth of issues with which an average CISO must contend in order to succeed at keeping their organizations’ data safe. “The cybersecurity war is becoming more complicated by the day.” says Jay Bavisi, President of EC-Council. Mr. Bavisi went on to say, “EC-Council’s Global CISO Forum is an event that aims to bring together the world’s best and brightest CISOs to unite against the hackers and share information.”

One reason for continued breaches, according to the recent Wisegate report, could be the changing role CISOs are playing within their organizations. The report documents how CISOs are now more than ever being charged with an ever-expanding suite of responsibilities ranging from managing the conflicts that arise from the differing goals of IS and business development, to developing privacy policies and disaster recovery plans. The Global CISO Forum aims to address these challenges, partly through formal panel-based discussions, but also by bringing together the top minds in the CISO world and encouraging an atmosphere of best practice sharing.

One aspect of the fight for information security that’s long been observed in the industry is the tendency for “the bad guys” to do a better job of information sharing than the guardians of the world’s information. According to Dave Cullinane, CISO at eBay, “Continuous process improvement is happening on the dark side. Our adversary is sharing information quite effectively. We are not. We must begin immediately to do so – and do it far more effectively than ever before. We need to shift the balance of power back to the Good Guys.”

For more information and inclusion in the Forum, interested CISOs can apply to attend here: http://www.eccouncil.org/resources/ciso-executive-summit.aspx.

Read the full story at http://www.prweb.com/releases/2012/7/prweb9675634.htm

To read more please click HERE


CISOs To Huddle In Wake Of LinkedIn Breach, Gmail Warnings

The EC-Council invites security chiefs to get together before Halloween and decide how to bedevil their adversaries.

The EC-Council, the body behind the Certified Ethical Hacker certification, will convene a Global CISO Forum in Miami on Oct. 29 and 30, open only to a limited number of senior information security executives, to discuss a security landscape that is increasing in complexity and alarming Internet users. Apparently, when attackers start ripping off and decrypting large caches of LinkedIn’s hash-encrypted passwords and state-sponsored attacks are a big enough threat to Gmail users that Google has to issue warnings, it’s time for the world’s CISOs to huddle.

The summit, scheduled in conjunction with the EC-Council’s IS conference, Hacker Halted, will gather CISOs from the world’s “largest and most prestigious” enterprises to talk about how these types of extreme events affect their companies and what to do about it.

But what can a forum like this do to prevent data breaches? For one thing, it provides a venue for the exchange of ideas and information. For a long time, attackers have been well-organized and shared information freely. “But due to proprietary, governmental and other borders, we guardians of information do not share information as well as they do,” says Amber Williams, manager of strategic initiatives at the EC-Council. “This forum is designed to promote exchange of ideas and discussion, with six to seven experts per panel topic who will elicit a lot of responses from the audience as they go along.”

That’s all well and good, but, according to Danny Lieberman, CTO of Software Associates, most CISOs and infosec professionals already know what needs to be done for appropriate security countermeasures. For example, encryption is a cornerstone of securing data at rest, and our latest InformationWeek Strategic Security Survey recommendation list includes better vetting of service providers.

The problem is getting the CEO to agree.

While the EC-Council’s Hacker Halted events see increasing attendance year on year, says Williams, the council is capping attendance for the Global CISO Forum at 200. The goal is to make high-level executives feel free to talk about not just best practices but the struggles they have had without fear of hurting their brands, she says.

You know the EC-Council is getting serious when it talks about “integrating war games into security strategies.” Other topics of discussion planned for the summit include recruiting, training, and managing superior security teams; data loss prevention; and internally branding and integrating a security program while aligning it with business objectives. In fact, the EC-Council says one reason for continued breaches is the conflicts that arise from the differing goals of security and business development teams. The forum intends to address this issue and others not only through panels but also by encouraging an atmosphere of best-practice sharing.

It’s great that the EC-Council and CISOs are on fire about this. But it’s also clear that without approval from the CEO, anything with a price tag that doesn’t have demonstrated business value will go nowhere. That is why CISOs should pay special attention to the part about aligning with business objectives.

What CISOs should really be asking at this forum, says Lieberman, is how their peers develop a real business case to present to the CEO. How do I put together a threat model and evaluate the risk? How do I get the CFO on board before I go to the CEO?

Lieberman illustrates a sample exchange, where the CISO is prepared to say to the CEO, “There is X percent chance someone will steal our company’s intellectual property. I have put together a team to evaluate the risk, and that is its finding. It will cost $20 million if this IP theft occurs. I need a couple more employees and $1 million to buy hardware and software to protect that $20 million worth of IP.”

Better yet, have the CFO on the team that helped put together this analysis, something the EC-Council plans to address. “Because we are inviting mostly C-levels, they will report to a board or another C-level executive,” says Williams. “Part of what we want to share is how to brand a security program internally and sell it to the board, C-level executives, and the whole company. And in the case of governments, sell it to the many layers of government workers.”

Another concern for many security chiefs, says Alan Shimel, managing partner at The CISO Group, is the changing nature of the threat. Many CISOs at work today came into that role during a time when financial fraud and cybercrime were the motives for attacks, says Shimel. “Now we have hacktivists and people who are financially motivated, but instead of looking for personally identifiable information, they’re looking for intellectual property,” he says. “Due to these different motives, hackers use different attack vectors.”

Announced speakers for the event include Eddie Schwartz, CISO for RSA; Joe Albaugh, CISO at the Federal Aviation Administration; Ron Baklarz, CISO at Amtrak; and Richard T. Rushing, CISO for Motorola Mobility.

To read more please click HERE


EC-Council’s CISO Executive Summit 2011 Features a Unique Format that Encourages Knowledge Sharing Among the Diverse Range of Participants

The CISO Executive Summit included over 40 prominent speakers from across industries in the government, private and public sectors who were surprised and pleased by the interactive format of the event.

December 14, 2011 Albuquerque, NM- EC-Council hosted the 1st in its Global CISO (Chief Information Security Officer) Executive Summit Series in Las Vegas, NV December 5-6th at the M Resort.

The CISO Executive Summit 2011 was the first of its kind to be fully comprised of panel-based discussions. Panel chairs and speakers consisted of the world’s most successful thought leaders in the Information Security (IS) industry, including executive representation from top corporations and agencies such as IBM, Motorola, Transunion, Abu Dhabi Securities Exchange (ADX), Sallie Mae, Blue Cross Blue Shield, Deloitte & Touche, SecureNet Payment Systems, U.S. Department of Treasury, U.S. Army Reserve and Department of Defense.

The mission of the CISO Executive Summit was to unite the top information security leaders across the world in the fight against cyber crime and information security threats. Today’s rapidly evolving threat landscape is posing new risks to security professionals and the organizations they protect. The panel discussions were centered on the topics most relevant to high-level Information Security leaders including managing insider threats, cloud compliancy, and structuring and managing an infosec workforce. Some of the questions addressed were:

The CISO Executive Summit 2011 successfully accomplished its mission by providing a unique platform of 13 interactive panel discussions. This setup provoked in depth and intimate discussions about issues that are of global concern to high-level Information Security leaders. Panel speakers from the private, public, and government sectors brought an element of diversity and variety to the discussions. To view the full list of speakers, panel discussion topics and abstracts, please visit: http://www.eccouncil.org/cisosummit.

Jay Bavisi, President and Co-Founder of EC-Council, stated “The success of the CISO Summit is evident from the fact that so many senior executives from a vast array of organizations travelled to the EC-Council CISO Summit in the first week of December in Las Vegas. The intense industry representation and their engagement in active dialogue over today’s most pressing issues was beneficial to the industry. It was wonderful to witness the commitment shown by these individuals in seeking continuous learning and sharing.”

Tony Meholic, Chief Information Security Officer at Republic Bank, added, “The extensive knowledge and experience the speakers and audience displayed in the Information Security space was superb. I found the format to be informative and very lively. The opportunity to network with peers from various industries, government and academia was also very welcomed. These connections will provide valuable resources for discussions, questions and recommendations on current and future topics.”

 

 

“It was great to be a part of the 1st series of Global CISO Summit. I enjoyed the great panel discussions, fellowship and networking. I look forward to attending and speaking at future summits.” Said Jeffrey Vinson, CISO at SecureNet LLC., of the networking and knowledge sharing opportunities presented at the CISO Executive Summit.

EC-Council will host the 2nd in the Global CISO Executive Summit Series in May 2012, the location is to be determined. A Global CISO Summit is to proceed on October 25, 2012 in Miami, FL. For upcoming EC-Council CISO Executives Summits, please go to: http://www.eccouncil.org/cisosummit.

Contact:
Marissa Easter – Marketing Communications Specialist (marissa.easter@eccouncil.org)

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and information security skills. It is the owner and creator of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (C|CISO) as well as many other programs that are offered in over 80 countries through a global training network of more than 450 training partners. For more information on CISO certification, visit http://www.eccouncil.org/ciso.