DOCSLIB.ORG

Contents Years, a Majority of IT Security Pros the Judges

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Contents Years, a Majority of IT Security Pros the Judges 2013 SC Awards U.S. Optimistic despite threats When it comes to data protection and risk management planning, informa- tion security professionals are feeling more hopeful than ever. According to our annual “Guarding Against a Data Breach” survey, compared to previous Contents years, a majority of IT security pros The Judges .............................................................................. 54 say their organizations are taking ap- The Sponsors .......................................................................... 55 propriate steps to protect critical data. Word from the co-chair ........................................................... 56 As promising as this feedback is, one has to juxtapose it against the less Reader Trust Awards upbeat happenings of our collective Best Anti-Malware Gateway ................................................... 56 reality. For starters, advanced persistent threats (APTs) and Best Cloud Computing Security ............................................ 57 other more methodical and sophisticated cyber crime attacks Best Computer Forensic Tool ................................................. 57 Best Data Leakage Prevention (DLP) .................................... 58 are becoming the norm, according to most experts. Just look to Best Database Security Solution .......................................... 58 the recent attacks against The New York Times, Twitter or the Best Email Security Solution .................................................. 59 U.S. Department of Energy to get a sense of things to come. Best Enterprise Firewall .......................................................... 59 Internet-based thieves aren’t as easy to catch in the act or stop Best Fraud Prevention Solution.............................................. 60 altogether nowadays, which means organizations have to stop Best Identity Management Application ................................. 60 Best IDS/IPS Product ..............................................................61 relying on traditional network protections alone and step up Best IPsec/SSL VPN ................................................................61 their games with advanced monitoring techniques, application Best Managed Security Service ............................................. 62 and other endpoint controls, better security awareness training Best Mobile/Portable Device Security .................................. 62 and more. Because spear phising, custom malware and targeted Best Multifactor Product ........................................................ 63 attacks are happening at a rate never witnessed before, a data- Best NAC product ................................................................... 63 Best Policy Management Solution ......................................... 64 centric approach to security now is vital, say experts. Best SIEM Appliance............................................................... 64 And most security pros have to achieve this desired end Best UTM Security .................................................................. 65 with fl at budgets. I suppose, though, it’s telling that CISOs Best Vulnerability Management Tool ..................................... 65 generally are upbeat despite myriad problems. Improving risk Best Web Application Firewall ................................................ 66 management plans, bettering policies, strengthening training Best Web Content Management Product.............................. 66 and bolstering controls, along with constantly educating C-level Excellence Awards executives about data security being a necessary part of day-to- Best Customer Service ........................................................... 67 day activities, are all recurring duties. Yet, survey respondents – Best Emerging Technology ..................................................... 67 Best Enterprise Security Solution ..........................................68 SC Magazine readers – are at the ready to tackle these seemingly Best Regulatory Compliance Solution ...................................68 endless challenges with zeal. And, for a fortunate growing Best Security Company ..........................................................69 number, undertaking them deftly is paying off as more CEOs Best SME Security Solution ................................................... 69 Feb. 26, 2013 • San Francisco and other business leaders register understanding and embrace Rookie Security Company of the Year.................................... 70 IT security for what it is – a necessary pillar of good business. Professional Awards It’s that passion and commitment that drives us every year to Best Cyber Security Higher Education Program .................. 70 celebrate these industry leaders, their many achievements and Best Professional Certifi cation Program ................................ 71 the varied contributions they make without hesitation to help Best Professional Training Program ........................................71 advance this essential and vibrant industry. Congratulations to Best Security Team ..................................................................72 CSO of the Year ........................................................................72 you all. – Illena Armstrong, VP, editorial, SC Magazine Editor’s Choice Award ..............................................................73 EDITORIAL DESIGN AND PRODUCTION U.S. SALES SALES/EDITORIAL ASSISTANT Roo Howar (646) 638-6104 VP, EDITORIAL Illena Armstrong ART DIRECTOR Michael Strong VP, SALES ACCOUNT EXECUTIVE, LICENSING EXECUTIVE EDITOR Dan Kaplan VP AUDIENCE DEVELOPMENT & David Steifman (646) 638-6008 AND REPRINTS Elton Wong MANAGING EDITOR Greg Masters OPERATIONS John Crewe REGIONAL SALES DIRECTOR AUDIENCE DEVELOPMENT DIRECTOR PRODUCTION MANAGER Mike Shemesh (646) 638-6016 Sherry Oommen 2013 SC AWARDS U.S. Krassi Varbanov WEST COAST SALES DIRECTOR Matthew Allington (415) 346-6460 MANAGEMENT EVENTS DIRECTOR Natasha Mulla EVENT SALES DIRECTOR CEO OF HAYMARKET MEDIA EVENTS COORDINATOR Maggie Keller Mike Alessie (646) 638-6002 Lee Maniscalco SENIOR EVENTS COORDINATOR ACCOUNT MANAGERS EXECUTIVE VICE PRESIDENT Anthony Curry Dennis Koster, Samantha Amoroso Tony Keefe 2013 SC AWARDS U.S. 53 2013 SC Awards U.S. 2013 SC Awards U.S. The Judges The Sponsors SC Magazine would like to thank all of our sponsors for their generous support of the 2013 SC Awards U.S. Their involvement has made this event possible, which helps raise professional standards in the information security industry worldwide. Bradford Networks Imperva Bradford Networks enables secure Imperva provides a comprehensive Co-Chair Co-Chair Philip agcaoili rebecca Bace Jennifer Bayuk Bruce Bonsall Dennis Brixius network access for corporate-issued solution for monitoring and con- illena armstrong rich Baich CISO, Cox CEO, Infidel principal, Jennifer senior security VP and CSO, The and personal mobile devices. trolling all data usage and business VP, editorial, CISO, Communications L. Bayuk LLC strategist, BT US&C McGraw-Hill Cos. SC Magazine Wells Fargo transactions across the data center. Champlain College Qualys Champlain College has been provid- Qualys is a leading provider of Leahy Center for Digital Investigation at ing education in the fi eld of digital cloud security and compliance solu- forensics and cyber security for more tions with more than 6,000 custom- than six years. ers in more than 100 countries. CipherCloud Schwartz MSL CipherCloud provides cloud encryp- Schwartz MSL helps technology tion and tokenization gateways to companies leverage public relations Chris Camacho Jaime Chanaga rafael Diaz rick Doten Gene Fredriksen Stephen Fridakis Pamela Fusco enable organizations to securely to create visibility and tell their information security CEO, CSO, Department CISO, global CISO, senior IT officer, director/CISO, adopt cloud applications. innovative story. officer, The CSO Board of Central Manage- DMI Enterprise Tyco International FAO Apollo Group The World Bank ment Services, state Transformation of Illinois Entrust Solutionary Entrust secures governments, Solutionary reduces the information enterprises and fi nancial institutions security and compliance burden, in more than 5,000 organizations providing fl exible managed security spanning 85 countries. and compliance services. ForeScout Technologies Splunk ForeScout enables organizations to Splunk software collects, accelerate connectivity by allowing indexes and harnesses the machine- users to access network resources generated big data coming from the John Johnson Cedric Leighton Yonesy Nunez Jim reavis ariel Silverstone Ward Chenxi Wang without compromising security. devices that power business. senior security colonel, USAF SVP, Citi executive director, CISO, Spangenberg vice president, program manager, (Ret.); founder and Cloud Security self-employed director, information Forrester Research Halon Symantec John Deere president, Cedric Alliance security, pearl.com Halon Security is a prominent Symantec is a global leader in Leighton Associates technology leader of email security security, backup and availability and fi rewalls, protecting millions of solutions. users worldwide. HP Enterprise Security West Coast Labs HP Enterprise Security provides West Coast Labs is a leader in in- information security solutions to dependent testing, certifi cation and protect the hybrid enterprise. real-time performance validation for information security products. Larry Whiteside Spencer
Load more

Recommended publications
  • A Hypothesis-Based Approach to Digital Forensic Investigations (Brian D. Carrier)
    CERIAS Tech Report 2006-06 A HYPOTHESIS-BASED APPROACH TO DIGITAL FORENSIC INVESTIGATIONS by Brian D. Carrier Center for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, IN 47907-2086 A HYPOTHESIS-BASED APPROACH TO DIGITAL FORENSIC INVESTIGATIONS A Thesis Submitted to the Faculty of Purdue University by Brian D. Carrier In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy May 2006 Purdue University West Lafayette, Indiana ii To my parents, Gerry and Suzanne. iii ACKNOWLEDGMENTS I would first like to thank my advisor, Eugene Spafford (spaf). His advice and guidance helped to shape and direct this work. I would also like to thank my com- mittee for their helpful ideas and comments: Cristina Nita-Rotaru, Sunil Prabhakar, Marc Rogers, and Sujeet Shenoi (University of Tulsa). The Center for Education and Research in Information Assurance and Security (CERIAS) provided me with a great environment and the resources needed to complete this work and my appreciation goes to the faculty and staff. Thanks to the many people in the digital forensics community that have assisted me over the years. Special thanks to Dan Kalil, Chet Maciag, Gary Palmer, and others at the Air Force Research Labs for the creation of the annual Digital Foren- sic Research Workshop (DFRWS). This work is based on concepts from the initial DFRWS Research Roadmap and the framework discussions at DFRWS 2004 helped to direct this work. Simson Garfinkel provided many helpful comments during his review of this document. Lastly, thanks to my family. My parents have always supported my endeavors (and gently guided me towards a degree in engineering instead of one in music).
    [Show full text]
  • CERIAS Tech Report 2004-26 a CATEGORIZATION OF
    CERIAS Tech Report 2004-26 A CATEGORIZATION OF COMPUTER SECURITY MONITORING SYSTEMS AND THE IMPACT ON THE DESIGN OF AUDIT SOURCES by Benjamin A. Kuperman Center for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, IN 47907-2086 A CATEGORIZATION OF COMPUTER SECURITY MONITORING SYSTEMS AND THE IMPACT ON THE DESIGN OF AUDIT SOURCES A Thesis Submitted to the Faculty of Purdue University by Benjamin A. Kuperman In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy August 2004 ii ACKNOWLEDGMENTS There are a number of individuals and organizations that I would like to recognize for their assistance and support throughout the many years of my graduate career. First, I would like to note that portions of this work were supported by a gift from the Intel Corporations, Grant EIA-9903545 from the National Science Foundation, and the sponsors of the Purdue Center for Education and Research in Information Assurance and Security. I would like to personally thank the various sponsors of COAST and CERIAS for both their financial and intellectual support. Many of the opportunities I have had to research computer security would not have been possible without you. I would like to especially thank Hewlett-Packard Corporation including Mark Crosbie, John Trudeau, and Martin Sadler for a wonderful and productive internship and continuing relationship over the years. I would also like to thank my committee for all of their input, feedback, and support, especially my advisor Gene Spafford. Without his assistance and the op- portunities he has made available, I doubt I would be where I am today.
    [Show full text]
  • Session Learning and Teaching Methods, E-Learning + Educational Tools, and Related Issues
    Int'l Conf. e-Learning, e-Bus., EIS, and e-Gov. | EEE'14 | 1 SESSION LEARNING AND TEACHING METHODS, E-LEARNING + EDUCATIONAL TOOLS, AND RELATED ISSUES Chair(s) TBA Copyright © 2014 CSREA Press, ISBN: 1-60132-268-2; Printed in the United States of America 2 Int'l Conf. e-Learning, e-Bus., EIS, and e-Gov. | EEE'14 | Copyright © 2014 CSREA Press, ISBN: 1-60132-268-2; Printed in the United States of America Int'l Conf. e-Learning, e-Bus., EIS, and e-Gov. | EEE'14 | 3 Students’ Perception towards Soft CLIL in the Basque Secondary Schools Chiharu Nakanishi1 and Hodaka Nakanishi2 1Music Department, Kunitachi College of Music, Tachikawa, Tokyo, Japan 2Joint Program Center, Teikyo University, Itabashi-ku, Tokyo, Japan language. Each is interwoven, even if the emphasis is greater Abstract - The Basque Autonomous Community, which is a on one or the other in a given time (p.1) [1].” bilingual community of Basque and Spanish, has adopted As CLIL is an innovative approach, well-devised CLIL as a method to teach English as a foreign language materials are to be developed. In order to meet the needs for with on-line materials as well as written materials. The object teachers who want to implement CLIL in their classroom, of this study is to investigate how the students think about several materials are provided on-line such as E-CLIL by studying subjects in English, in the form of Soft CLIL European Resource Centre and EKI project in Basque whose (language-driven) in the Basque-medium school. The materials are used in the schools we observed.
    [Show full text]
  • 0201707195.Pdf
    Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and Addison-Wesley,Inc., was aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals. The authors and publisher have taken care in the preparation of this book, but make no expressed or implied waranty of any kind and assume no responsibility for errors or omis- sions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herin. Screen shots reprinted with permission from Microsoft. The publisher offers discounts on this book when ordered in quantity for special sales. For more information, please contact: Pearson Education Corporate Sales Division 201 W. 103rd Street Indianapolis, IN 46290 (800) 428-5331 [email protected] Visit AW on the Web: www.awl.com/cseng/ Library of Congress Cataloging-in-Publication Data Kruse, Warren G. Computer forensics : incident response essentials / Warren G. Kruse II, Jay G. Heiser. p. cm. Includes bibliographical references and index. ISBN 0-201-70719-5 1. Computer security. 2. Computer networks—Security measures. 3. Forensic sciences. I. Heiser, Jay G. II. Title QA76.9.A25 K78 2001 005.8—dc21 2001034106 Copyright © 2002 by Lucent Technologies All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher.
    [Show full text]
  • Chƣơng Trình Đào Tạo
    TRƢỜNG ĐẠI HỌC CÔNG NGHIỆP THỰC PHẨM TP.HCM KHOA CÔNG NGHỆ THÔNG TIN ---------------------------------------------------- CHƢƠNG TRÌNH ĐÀO TẠO Ngành đào tạo: An toàn thông tin Tên tiếng Anh: Information Security Trình độ đào tạo: Đại học Mã số: 52480299 Loại hình đào tạo: Chính quy TP. H Ch Minh th ng 04 n m 2017 MỤC LỤC 1. Mục tiêu đào tạo ............................................................................................................. 1 1.1. Mục tiêu chung ................................................................................................................... 1 1.2. Mục tiêu cụ thể ................................................................................................................... 1 2. Chuẩn đầu ra của chƣơng trình đào tạo ..................................................................... 2 3. Chi tiết chuẩn đầu ra và học phần ch nh tƣơng ứng ................................................. 3 4. Ma trận chƣơng trình đào tạo – chuẩn đầu ra của c c học phần ............................ 7 5. Vị tr làm việc sau khi tốt nghiệp ............................................................................... 11 6. Khả n ng học tập nâng cao trình độ sau khi ra trƣờng ......................................... 11 7. Thời gian đào tạo: 3 5 n m. ........................................................................................ 12 8. Khối lƣợng kiến thức toàn khóa ................................................................................. 12 9. Đối tƣợng tuyển sinh...................................................................................................
    [Show full text]
  • Intrusion and Intrusion Detection
    IJIS (2001) 1: 14–35 / Digital Object Identifier (DOI) 10.1007/s102070100001 Intrusion and intrusion detection John McHugh ∗ CERT Coordination Center , Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA 15213-3890, USA E-mail: [email protected] Published online: 27 July 2001 – Springer-Verlag 2001 Abstract. Assurance technologies for computer security panel that solutions to the problem will not occur have failed to have significant impacts in the marketplace, spontaneously, nor will they come from the various with the result that most of the computers connected to well-intentioned attempts to provide security as an the internet are vulnerable to attack. This paper looks at add-on to existing systems. the problem of malicious users from both a historical and practical standpoint. It traces the history of intrusion and Although these words could have been written today, intrusion detection from the early 1970s to the present they come from one of the seminal documents in com- day, beginning with a historical overview. The paper de- puter security, a report [3, Preface] prepared by James P. scribes the two primary intrusion detection techniques, Anderson & Co. for then Major Roger R. Schell of the anomaly detection and signature-based misuse detection, USAF in 1972. In the nearly 30years since the prepar- in some detail and describes a number of contemporary ation of the Anderson report, little has changed, except research and commercial intrusion detection systems. It that we are, perhaps, less sanguine about the solvabil- ends with a brief discussion of the problems associated ity of the problem. The line of research and development with evaluating intrusion detection systems and a dis- proposed in the report has produced a few fairly secure cussion of the difficulties associated with making further systems, but none that have achieved commercial success progress in the field.
    [Show full text]
  • Personal Computing in the Soviet Era
    Contents | Zoom in | Zoom out For navigation instructions please click here Search Issue | Next Page Volume 37 Number 1 January–March 2015 www.computer.org Red Clones: Personal Computing in the Soviet Era Contents | Zoom in | Zoom out For navigation instructions please click here Search Issue | Next Page qM qMqM Previous Page | Contents |Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM Qmags THE WORLD’S NEWSSTAND® IEEE Annals of the History of Computing Vol. 37, No. 1 Contentswww.computer.org/annals January–March 2015 From the Editor’s Desk 2 Nathan Ensmenger, Editor in Chief Red Clones: The Soviet Computer Hobby Movement 12 of the 1980s Zbigniew Stachniak History of Computing in India: 1955–2010 24 Vaidyeswaran Rajaraman Useful Instruction for Practical People: Early Printed 36 Discussions of the Slide Rule in the US Peggy Aldrich Kidwell The Production and Interpretation of ARPANET Maps 44 Bradley Fidler and Morgan Currie “There Is No Saturation Point in Education”: Inside IBM’s 56 Sales School, 1970s–1980s James W. Cortada For more information on computing topics, visit the Computer Society Digital Library at www.computer.org/csdl. Sergey Popov operating a Micro-80 computer at the Moscow Institute of Electronic Engineering in 1979. (Photograph courtesy of Sergey Popov.) Published by the IEEE Computer Society ISSN 1058-6180 qM qMqM Previous Page | Contents |Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM Qmags THE WORLD’S NEWSSTAND® qM qMqM Previous Page | Contents |Zoom in | Zoom out | Front Cover | Search Issue | Next Page qMqM Qmags THE WORLD’S NEWSSTAND® Departments Editor in Chief Nathan Ensmenger 4 Interviews Associate Editors Dag Spicer David Hemmendinger, Marie Hicks Interview with Gordon Bell Christian Sandstrom,€ Jeffrey R.
    [Show full text]
  • A Framework for Live Forensics
    c 2011 Ellick M. Chan A FRAMEWORK FOR LIVE FORENSICS BY ELLICK M. CHAN DISSERTATION Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate College of the University of Illinois at Urbana-Champaign, 2011 Urbana, Illinois Doctoral Committee: Professor Roy H. Campbell, Chair, Director of Research Professor Carl Gunter Professor Pierre Moulin Professor Samuel T. King Professor Alex Halderman, University of Michigan Abstract Current techniques used by forensic investigators during incident response and search and seizure operations generally involve pulling the power on suspect machines and performing traditional dead box post-mortem analysis on the persistent storage medium. These cyber- forensic techniques may cause significant disruption to the evidence gathering process by breaking active network connections and unmounting encrypted disks. In contrast, live forensic tools can collect evidence from a running system while preserving system state. In addition to collecting the standard set of evidence, these tools can collect evidence from live web browser sessions, VPN connections, IM and e-mail. Although newer live forensic analysis tools can preserve active state, they may taint evidence by leaving footprints in memory. Current uses of live forensics in corporate in- cident response efforts are limited because the tools used to analyze the system inherently taint the state of disks and memory. As a result, the courts have been reluctant to accept evidence collected from volatile memory and law enforcement has been reluctant to use these techniques broadly. To help address these concerns we present Forenscope, a framework that allows an in- vestigator to examine the state of an active system without inducing the effects of taint or forensic blurriness caused by analyzing a running system.
    [Show full text]
  • Unregisterd Version
    Ripped by AaLl86 Software Security: Building Security In By Gary McGraw ............................................... Publisher: Addison Wesley Professional Pub Date: January 23, 2006 Print ISBN-10: 0-321-35670-5 Print ISBN-13: 978-0-321-35670-3 Pages: 448 Table of Contents | Index "When it comes to software security, the devil is in the details. This book tackles the details." -- Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies "McGraw's book shows you how to make the 'culture of security' part of your development lifecycle." --Howard A. Schmidt, Former White House Cyber Security Advisor "McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall." --Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet Security Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing. Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work.
    [Show full text]