The time has begun. You have already heard about these warnings from the news and from your security intelligence infrastructure.
The FBI had warned that hackers are or will be targeting your healthcare organization. 2014 was a rough year for data security in the healthcare industry. About 43 percent of breaches came from healthcare per the Ponemon Institute. 2015 has been a trickier and rougher year with one of the largest healthcare breaches reported to date. This talk highlights and walks you through the top four healthcare breaches.
It plans to dive in to the role as a security investigator (using public information), review how/why the breach happened, when it was discovered, how many people were impacted, whom had discovered it and what the organization(s) did to assist and help with the breach. Additionally, the open talk hopes to provide recommendations on how to help prevent the breaches and get comments and feedback from the audience. All references and sources will be provided from the research that has been done. “Time is inevitable, but knowledge and pro-activeness is on your side. “
How can you effectively leverage a third party provider in your incident response program? In this talk the speakers will provide an inside look at how incident response programs can succeed, drawing from years of experience and real-world scenarios to share what works when you’re evaluating a vendor – as well as what doesn’t, and the steps you can take to ensure an effective third-party partnership, including how to classify assets, users and data and the importance of practicing response scenarios.
Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach?
This talk will borrow concepts from epidemeology, repeated game theory, classical and causal probability theory in order to demonstrate some inventive metrics for evaluating vulnerability management stategies. Not all vulnerabilities are at risk of being breached. Not all people are at risk for catching the flu. By analogy, we are trying to be effective at catching the "disease" of vulenrabilities which are succeseptible to breaches, and not all are. How do we determine what is truly critical? How do we determine if we are effective at remediating what is truly critical? Because the incidence of disease is unknown, the absolute risk can not be calculated. This talk will introduce some concepts from other fields for dealing with infosec uncertainty.