2018 Washington DC Breach Prevention Summit

Breach Aftermath: The Challenge of Complete Identity Impersonation

Al Pascual - Javelin Strategy and Research  •   • 

In the wake of Equifax and other major breaches, and armed with all of the personally identifiable information that they will ever need and a keen sense of the security controls that modern organizations use, sophisticated fraudsters are finding success as never before. At the center of it all is a new fraud trend:...

Breach Response: The Board's Role & PR Mistakes to Avoid

Mark Rasch - Rasch Technology and Cyber Law  •   • 

In the modern cybersecurity regime, it is no longer about whether or even if an entity will suffer a breach, but rather how it will respond. This session will focus on the roles and responsibilities of the Board of Directors and senior management in the prevention of and response to data security and privacy...

Cyber Insurance: A Rising Role in Mitigating Risk for CISOs

Richard Bortnick - Traub Lieberman Straus & Shrewsberry, LLP  •   • 

As malware, business email compromises, phishing and vishing scams, etc. continue to evolve and proliferate, the same is true with cyber insurance. In the past two years, the cyber insurance market has matured, as growing numbers of insurers, brokers and policyholders have gained a greater understanding of the...

Cyberwarfare - Hacking the Giants

Eddie Doyle - Check Point Software Technologies  •   • 

Nation States have unlimited resources to build cyberweapons. Coordinated Crime Syndicates steal those cyberweapons & use them or sell them, causing massive destruction. We need a cyber "red phone" dialogue available with other nations, but the internet is a nefarious nation's best friend. Come & hear how just a few...

Implementing a Zero Trust Security Model in an Untrusting World

General Gregory Touhill, Retired - Cyxtera Federal Group  •   • 

Snowden proved you can't trust on the inside. OPM proved you can't trust the outside. Who should you trust when it comes to your data? No one! In this provocative and informative presentation, retired Brigadier General Greg Touhill, the first Chief Information Security Officer of the U.S. government and current...

Protecting the Nation's Critical Assets: When Cyber Hygiene Is Not Enough

Ron Ross - National Institute of Standards and Technology (NIST)  •   • 

As we push computers to "the edge," building an increasingly complex world of interconnected information systems and devices, security and privacy continue to dominate the national dialogue. The Defense Science Board in its 2017 report, Task Force on Cyber Defense, provides a sobering assessment of the current...

Continuous Assurance Using Data Threat Modeling

Fouad Khalil - SecurityScorecard  •   • 

Enterprises are challenged to move the process of accounting for data in a structured, systematic way higher on the list of priorities. One option to accomplish this challenge is by applying application threat modeling principles to data (data threat modeling). Application threat modeling provides value by allowing...

Open Source Components - Vulnerabilities at Work: An Exponential Increase in Speed and Risk of Breach

Maria Loughlin - Veracode  •   • 

Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risk. Vulnerabilities in components are a hidden cost of free software. And their widespread use creates opportunities for attackers looking to exploit the most possible victims by...

Cybersecurity in the White House: A Talk with Jeremiah Osburn, Director of Cybersecurity at Executive Office of the President

Session In Development  • 

Jeremiah Osburn - Executive Office of the President  •   • 

Making his first appearance at an ISMG Summit, Jeremiah Osburn draws upon his nearly two decades of experience in the military, government and private sector to discuss a variety of topics, including: Mitigating the insider threat Staffing up in a post-breach environment How to address the cybersecurity staffing...

Fighting Cyber-Crime with Intelligence-driven Fraud Mitigation

Session In Development  • 

Jaclyn Blumenfeld - FirstData  •   • 

To combat cyber threats like the exposure of Personally Identifiable Information (PII), solutions need to keep pace with fraudsters through prevention and quick response when attacks happen. The application of intelligence-driven fraud mitigation has transformed security and fraud management strategies by...

Identity Deception and Social Engineering Attack Vectors - Email Makes It Easy!

Session In Development  • 

Andrew Coyle - Agari  •   • 

Despite the proliferation of social networks and messaging apps, email remains the primary means of communication today. Unfortunately, it also remains a persistent threat vector for cybersecurity abuse. We see these evil emails everywhere: at work, at home and in the news, attempting to sell something, or steal...

Blockchain and Fraud Prevention: Business and Technical Challenges to Make it Scale - Will We Ever Get There?

Session In Development  • 

Avivah Litan - Gartner Research  •   • 

Financial fraud can be notoriously hard to detect and easy to cover up. But does blockchain technology with its distributed digital ledger now offer a new tool to help organizations reduce risk and prevent fraud? Which key business and technical factors will help blockchain scale for the large enterprise? Attend this...

Introducing the New Common Risk Management Framework: The Financial Services Sector Cybersecurity Profile

Session In Development  • 

Denyette DePierro - American Bankers Association  •   • 

In October of this year, the banking industry unveiled its new Cybersecurity Profile to help financial institutions develop and maintain cyber risk management programs. This groundbreaking document - the culmination of two years' work - marries the NIST Cybersecurity Framework with the finance sector's highly complex...

Identity theft and ATO, CNP and IRS Fraud at scale: A Walk-through From the Founder of Shadowcrew.com on Profiting From the Underground for 20 Years

Session In Development  • 

Brett Johnson - "The Original Internet Godfather"  •   • 

Brett Johnson, referred to by the United States Secret Service as "The Original Internet Godfather" has been a central figure in the cybercrime world for almost 20 years. He founded and was the leader of Counterfeitlibrary.com and Shadowcrew.com. Working alongside the top cyber criminals of our time, he helped design,...

Finding Fraud Using Machine Data: It Works!

Session In Development  • 

Jim Apger - Splunk  •   • 

Security hygiene can be poor, and criminals know it. Fraudulent activity costs are in the billions worldwide across industries, and over 16 million consumers in the US were victims of identity theft or fraud in the past year. Learning to onboard new data at the speed of the business will ensure your fraud team can...