Credit Union Only Event

Current Cyber Security Threat Landscape for Credit Unions & 15 Practical Solutions for 2014

August 13th, 2013 | 11am to 3pm

Join us for some lunch and tech talk!

We’re going to go over 15 practical security solutions to help you avoid data leakage in the current cyber security threat landscape, as well as review strategies for remaining secure in 2014.

For your convenience, we have provided a brief summary of the event below:

• Who:  Credit Union CIO’s, VP’s of IT, Managers of IT, and Directors of IT
• What:  An IT Security Event focusing on the current cyber security threat landscape that credit unions face and how to be proactive moving forward into 2014.
• When:  Tuesday, August 13th, 2013 from 11am to 3pm
• Where:  Tower Federal Credit Union
• Why:  So that you can be abreast of the current security threats credit unions face and become better prepared for being proactive in hunting them out within your network.

**Please note that this is a closed event specific to those working in the IT departments of credit unions.

What to Expect

In this symposium learning event, Credit Union IT Chiefs and their Lieutenants will learn to go hunting for Malware & Crimeware in the current cyber threat landscape, as well as how to be proactive in 2014.

We will cover 15 major areas of an IT Security and Infrastructure Best Practices program.  Some highlights of the education session include:

• Learn about the current IT security landscape
• BYOD and mobility Security
• Centralized data and application delivery – learn how to reduce security complexity with on-premise, cloud, and co-management solutions
• Reduced security management complexity
• Learn how to develop a cloud risk profile
• Learn about the current threat landscape and the impact to members and the board
• Learn new strategies of securing  Member Facing Systems (MFS)

Who Should Attend?

IT Managers, Directors of IT, VP’s of IT, or CIO’s of credit unions, as well as their Chief Lieutenants, will find the information provided in this event particularly useful.

Event Agenda

1. Security Portfolio and Risk – Learn how to measure your security portfolio from an investment point of view, visually present IT risk and cost, and measure gaps and remediation as part of a 12-18 month road map. Change the rules of the game of how you communicate about Security when budgeting and asking for money. We will be showing a SAS application called Scoreboard that accomplishes this.
2. BYOD, MDM & Mobility Security Options – Learn concepts and framework tools used to control, deploy and manage data centrally so you can stop caring about devices and start caring about applications and data for BYOD and MDM. We will be reviewing the VMWare Horizon suite – Mirage is a game changer for BYOD and Mobile Device Mgmt.
3. Data Loss Prevention (DLP) – Where is the data that will put your company on the cover of the Washington Post? Data like – Confidential files, credit cards, PII, HIPPA, Social Security numbers, etc. Learn tools and methods of inspecting data at rest and data in motion.
4. SEIM (Security Event and Information Management) – Are you curious about how to leverage Big Data Security Analytics as a Service? What is the best way to deploy forensics tools? Should SEIM be done on premise or in the cloud? How do you train non-security engineers how to manage security devices using checklists. Review (a) audit, (b)change control, and (c)monitoring.
5. How to Go Hunting for APT Malware/Crimeware – Do you want to wait for an event to happen or swing the odds in your favor by making it even harder to breach your environment? We will review how you can go on the offensive (versus defensive) using various deployment scenarios.
6. Password Accountability – This is a must! Learn how to reign in your IT department passwords and service accounts with Roles Based Access Control (RBAC) to apps, servers & network devices. This was the rage with our clients in 2012. We will be reviewing Thycotic Software’s Secret Server as a component of gaining audit control back of passwords.
7. Configuration and Change Control – Learn how to stop being beholden to specialized Cisco talent. If the network is down, or not performing well, learn how your team can determine within minutes what was changed from the night before so the problem can be fixed. We will be reviewing a product called C3 that accomplishes this.
8. Prevent and Silence Outbound Hijackers – Learn how to use out-bound inspection tools to see if you have been compromised. We will review how to use Blue Coat protocol inspection and firewalls to do this.
9. IT Security Policies – Learn how to deploy security and IT policies without paper, manage who has and has not signed them, and develop and push out a comprehensive security education, training, and awareness program that supports your investment in top security.
10. Security Dashboards for a Medium business – Review how a resource constrained company can create actionable security checklists to enable security auditing dashboards.
11. File Permission Security Auditing – Learn how to find what file permissions people have access to. These drift over time and are probably not what you think!
12. AD Audit – How can you audit AD regularly and repeatedly without specialized talent and without impacting current projects? If AD is compromised it is GAME OVER.
13. Application Whitelisting – Enhance laptop and desktop security learning about Application Whitelisting.