August 2016 - Monthly Meeting

2016 August Monthly Meeting

Topic I - Security Implications of Employee Account Compromise

Abstract:

Employee accounts are being constantly targeted by black hat teams. Owning the keys to the kingdom leads to large payoffs. Significant breaches in the last couple of years has provided credence to this fact. We will discuss challenges and strategies for combating employee account misuse. The discussion will focus on a deep dive into Privileged Access Management (PAM), its various facets and how to implement (vendor agnostic) effective controls and policies that bolster the security envelope. Additionally, we will show how various compliance regimes like FFIEC, HIPAA, SOC 2 and SOX can benefit from the strategies presented.

Speaker:

Dr. Anirban Banerjee is an entrepreneur (StopTheHacker, Onion ID) in the Internet security space. Anirban has a Ph.D. in Computer Science from the University of California at Riverside and specializes in computer security issues. With over 15 published scientific papers, 4 patents, 2 grants from the National Science Foundation, Dr. Banerjee is a sought-after speaker at industry conferences and is deeply connected in the technical world. Anirban is a recognized authority in using machine learning for web malware detection and anomaly identification.

_________________________________________________________________________

Topic 2: Taking control of data security: A paradigm shift.

Abstract:

We know the perimeter of the organization is no longer its network, "User" is the new perimeter. Organizations are allowing ther users to produce mission-critical data on the fly from any place, time and on/through any device. Data itself is becoming big and fat. The "V-force" of data (namely Volume, Value, Vagueness Variety, Velocity, Variability and Visualization) is pushing the limits of compuing, network and storage. Thus, the conventional controls for data integrity, confidentiality and availability need to be re-evaluated for their efficiency and effectiveness. At the same time, the users, who produce data must take more responsibility of their data and its security and privacy throughout its lifecycle.

Speakers:

Sanjay Mathur,CISA, CISM, CRISC, IIA, ISSA is IT Security MAnager @ KLA-Tencor.

Sanjay is a leader in Information risk mitigation and IT security, working with big accounting, consulting and Fortune 1000 Companies. An early IT pioneer from India to migrate and work in Asia, Australia, UK and USA, making Silicon Valley his final destination. Currently, he is managing IT security at KLA-Tencor. Prior to which, he was a business leader at Visa managing IT Audits and security architecture initiatives, and an information risk methodology professional with KPMG. He holds a post-graduate degree in Mathematics from (IIT) Delhi and a MBA from Lucknow University. Sanjay has been an evangelist, speaker and a regular contributor on various professional portals and forums.

Where

When