Cybersecurity Boardroom Workshop 2015, How Boards of Directors and CXOs Can Build the Proper Foundation to Address Today's Information Security Challenges
Cloud Computing, Cyber Security, Data Breach, Education, IT Security, Technology

How Boards of Directors and CXOs Can Address Today’s Information Security Challenges at Cybersecurity Boardroom Workshop 2015

Cybersecurity Boardroom Workshop 2015, How Boards of Directors and CXOs Can Build the Proper Foundation to Address Today's Information Security Challenges

Cybersecurity Boardroom Workshop 2015

In the days prior to Thanksgiving 2013, malware designed to steal credit card data at Target was surreptitiously installed. According to Bloomberg BusinessWeek, the company had installed a malware detection tool. Target had specialists in Bangalore to monitor its computers around the clock. Two days after Thanksgiving, the malware was spotted. The team in India got an alert and flagged Target’s security managers. And then?

Nothing happened. Target’s alert system had worked effectively. But then, Target stood by as 40 million credit card numbers flowed out of its computers. Only a few months later, CEO Gregg Steinhafel and CIO Beth Jacob were both out of the company.

Cybersecurity has become widely recognized as a critical corporate challenge. Boards and senior managements are putting it on their agenda, categorizing cybersecurity not as a compartmentalized risk for the information technology team, but as strategic and enterprise-wide.

However, a security program is only as strong as its weakest link. While a survey by the Institute of Internal Auditors found 58% of board members felt they should be actively involved in cybersecurity preparedness, only 14% said they were actively involved. Unfortunately, 65% also said their perception of the risk their organizations faced had increased.

Board members and senior managers need to become more educated about the topic to be able to ask questions that are strategic yet granular enough to address company-specifics. To go further, it will be imperative to join Cybersecurity Boardroom Workshop 2015, the first seminar targeted at strategic and executive leaders for whom cybersecurity readiness is a relatively new yet critically important area to be intelligently conversant about.

Cybersecurity Boardroom Workshop 2015 is specifically designed for board members and senior executives of public and private firms looking for new ways to gain and maintain competitive business advantage. Business executives with responsibility for IT, finance, compliance, risk management and procurement as well as entrepreneurs and innovators are welcome.

By the end of Cybersecurity Boardroom Workshop 2015, to be held in Dubai, March 8-9, Hong Kong, March 12-13, Seoul, March 19-20, Singapore, March 26-27, London, 9-10 April, and New York City, April 16-17, participants will:

  • Understand enterprise cybersecurity and the impact on shareholder value in the short and long term
  • Identify immediate security needs for the organization with actionable steps for senior management
  • Learn how to identify current and future challenges to better enable management to focus on threat reduction and operational reliability
  • Get up to speed on international and domestic approaches and frameworks for effective cybersecurity practices corporate wide


Understanding Cybersecurity

  • The trillion dollar global cyber risk environment
  • The enterprise-wide challenge of protecting the organization’s assets
  • The impact of cybersecurity attacks on shareholder value
  • Identity theft and the legal implications of data breaches

Social Engineering: The “Weakest Human Link” in Cybersecurity

  • The responsibility for cybersecurity in the organization
  • Assessing the quality of the cybersecurity workforce
  • Evaluating shortcomings in meeting cybersecurity workforce standards
  • Assessing the effectiveness of current professionalization tools

Understanding the Cybersecurity Testing Method

  • Reconnaissance: How to use tools to find vulnerable systems and devices
  • Packet sniffing: How to gather information from computer systems
  • Port scanning: How port information is exposed on computer systems
  • Password policy and cracking: What to consider when developing password policy
  • Vulnerability: How to reduce attacks by enforcing proactive compliance policies

Basics of Security Architecture for Board Members and CXOs

  • How architecture defines the structure of a system and makes it explicit
  • The fundamentals of layered architecture: presentation, business, data, and service layers
  • How the current computer network infrastructure was not designed originally to be secure
  • Embedding architecting security into systems from inception


Introduction to NIST’s Cybersecurity Framework

  • Describing the enterprise’s current and target cybersecurity posture
  • Identifying and prioritizing opportunities for improvement
  • Assessing and accelerating progress toward the target state
  • Communicating with internal and external stakeholders about cybersecurity risk

The Five Core Functions of NIST’s Cybersecurity Framework

  • Identify: Organizational understanding to manage cybersecurity risk
  • Protect: Safeguards to ensure delivery of critical infrastructure services
  • Detect: How to identify the occurrence of a cybersecurity event
  • Respond: Taking action regarding a detected cybersecurity event
  • Recover: Maintaining plans for resilience and to restore any impaired capabilities

Introduction to Intelligence-driven Cyber Network Defenses

  • How investigations are based upon the scientific method: observing, hypothesis, evaluation, prediction and validation
  • How to leverage cutting edge technology, vigilant people and innovative processes
  • How to continuously improve the enterprise process for defending IT assets
  • How to empower people to resolve the problem with guidance and mentoring

Establishing or Improving a Cybersecurity Program

  • Prioritize and scope: Identifying business/mission objectives and high-level priorities
  • Orient: Identifying related systems and assets, regulatory requirements, and risk approach
  • Create a current profile: Developing a profile by indicating current degree of preparedness
  • Conduct a risk assessment: Analyzing the operational environment in order to discern the likelihood of an attack
  • Create a target profile: Describing the organization’s desired cybersecurity outcomes
  • Determine, analyze, and prioritize gaps: Determining gaps between current and target profiles
  • Implement action plan: Deciding which actions to take in regards to identified gaps

Cybersecurity Boardroom Workshop 2015 is produced by Golden Networking, the premier networking community for business and technology executives, entrepreneurs and investors. Panelists, speakers and sponsors are invited to contact Golden Networking by sending an email to

Cyber Security, Data Breach, Defense, IT Security, Security, Technology

Obama Cybersecurity Plan Seen Needing Company Incentives

President Barack Obama’s renewed push this week to protect U.S. computer networks from hacking was welcomed by industry leaders, though it lacks the financial incentives companies have been seeking.

Following corporate data breaches of companies including Sony Corp. (6758) and Target Corp., Obama today in a speech at the Federal Trade Commission outlined a cybersecurity and identity theft program he plans to highlight in his State of the Union address. The White House released a fact sheet today detailing the plans and saying most people in the U.S. think their personal data isn’t safe online.

“The notion that cybersecurity is going to be a prominent feature in the president’s State of the Union address is a big deal,” Larry Clinton, president of the Internet Security Alliance, which represents technology and manufacturing companies, said in a telephone interview today. “We think a lot more needs to be done.”

Read More

Cyber Security, Data Breach, IT Security, Technology

Obama’s Breach Notification Plan Lacks Specifics

President Obama’s call for enactment of a national data breach notification law has been widely welcomed by business groups and privacy advocates, but their endorsements come with a big proviso: What’s in it? The White House hasn’t provided details, yet.

President Obama discusses breach notification. (from White House video)

See Also: Threat Intelligence: Real-Time Breach Discovery

The groups largely agree that a national breach notification law makes sense because it would simplify the reporting of data breaches. As-is now, businesses must comply with 47 different state statutes. With a national law, there would be only one set of rules to follow. But as the old saw goes, the devil is in the details, and the White House has yet to give a timetable for when it will reveal those particulars.

Except for a requirement that businesses notify customers within 30 days of a data breach, no other details about Obama’s proposal have been made public by the White House, despite repeated requests to do so. And even the 30-day requirement is murky; exceptions to the time limit could delay notification.
Cyber Security, Data Breach, IT Security, Security, Technology

DHS is a mess of cybersecurity incompetence

Assessing DHS performance 12 years after its creation, a new Federal report called “A Review of the Department of Homeland Security’s Missions and Performance” contains a blistering summary on the state of DHS cybersecurity practices and programs.

DHS cybersecurity failure

The January 1 report reveals and concludes that DHS’s cybersecurity practices and programs are so bad, the DHS fails at even the basics of computer security and is “unlikely” able to protect both citizens and government from attacks.

The report’s section on cybersecurity is all bad news — especially for fans of Obama’s planned legislative cyberattack protections.

Read More

Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, E commerce, Finance, IT Security, Security, Technology

Agencies fall short of White House targets for cybersecurity

The White House continues to see an upward trend in new cybersecurity practices governmentwide, but the Obama administration is finding that not all agencies are living up to the cyber standards it set forth in last year’s cross-agency priority goals.

Published with the 2015 budget, the cross-agency priority (CAP) goals focus on longstanding and critical issues affecting agencies across the federal government. Cybersecurity — one of the first mentioned of the White House’s 15 CAP goals — is a mission-based goal to “[i]mprove awareness of security practices, vulnerabilities, and threats to the operating environment, by limiting access to only authorized users and implementing technologies and processes that reduce the risk from malicious activity,” according to a goal statement. It says the president views cybersecurity as “one of the most serious national security, public safety, and economic challenges we face as a nation.”

Read More

Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

Air Force evolves its cybersecurity as JIE comes into focus

The Air Force is moving beyond requiring airmen to use smart identification cards to log onto its computer network. The service now is making its network security even stronger.

Lt. Gen. Bill Bender, the Air Force’s chief of information dominance and chief information officer, said the use of role-based authentication should be “baked- into” its IT systems in the future.

Read More

The Speed Traders and Knightmare on Wall Street's Edgar Perez
Cyber Security, Cybersecurity, Data Breach, Finance, IT Security, Security, Technology

What Consumers and Investors can Learn from Morgan Stanley and Sony’s Data Breaches with The Speed Traders and Knightmare on Wall Street’s Edgar Perez at Golden Networking’s Cyber Security World Conference 2015 New York City

Morgan Stanley joined a growing list of prominent corporate brands to suffer a data breach, after it revealed one of his financial advisors stole the information of as many as 350,000 wealth management clients, and that some of the data was posted online for sale. The event reminds consumers and investors of the ever-evolving and ubiquitous threat of data breaches.

Many other large companies including Adobe Systems, Automated Data Processing, Citigroup, E*Trade Financial, Fidelity Investments, Home Depot, HSBC, JPMorgan Chase, Nasdaq OMX, Neiman Marcus, Sony, Target and Wal-mart had suffered high-profile cyber security breaches. It is not beyond the realm of possibilities to think that today the information of every American has already been compromised in any of these publicly disclosed attacks.

The Speed Traders and Knightmare on Wall Street's Edgar Perez

The Speed Traders and Knightmare on Wall Street’s Edgar Perez

Amidst these pressing challenges, Edgar Perez, author of Knightmare on Wall Street, will discuss what consumers and investors can learn from recent cybersecurity incidents in the United States at Cyber Security World Conference 2015 New York City. The forum will provide a platform for information security authorities and innovative service providers to distil their latest research for hundreds of senior executives focused on protecting enterprise and government valuable assets. Cyber security experts will discuss subjects such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks.

Mr. Perez has been engaged to present at the Council on Foreign Relations, Vadym Hetman Kyiv National Economic University (Kiev), U.S. Securities and Exchange Commission (Washington DC), Quant Investment & HFT Summit APAC 2012 (Shanghai), CFA Singapore, Hong Kong Securities Institute, Courant Institute of Mathematical Sciences at New York University, University of International Business and Economics (Beijing), Hult International Business School (London and Shanghai) and Pace University (New York), among other public and private institutions.

Mr. Perez is widely regarded as the preeminent global expert in technology and investing. He is the author of Knightmare on Wall Street and The Speed Traders and has been interviewed on CNN, CNBC, FOX BUSINESS, Bloomberg TV, CNN en Español, CCTV China, BNN,, Leaderonomics,, GPW Media, Channel NewsAsia’s Business Tonight and Cents & Sensibilities. Mr. Perez has been globally featured on FXFactor, Columbia Business, OpenMarkets, Sohu,, Yicai, eastmoney, Caijing,, 360doc, AH Radio,, CITICS Futures, Tongxin Securities,,, Caixin, Futures Daily, Xinhua, CBN Newswire, Chinese Financial News,, International Finance News,,,, The Korea Times, The Korea Herald, The Star, The Malaysian Insider, BMF 89.9, iMoney Hong Kong, CNBC, Bloomberg Hedge Fund Brief, The Wall Street Journal, The New York Times, Dallas Morning News, Valor Econômico, FIXGlobal Trading, TODAY Online, Oriental Daily News and Business Times.

Mr. Perez was a vice president at Citigroup, a senior consultant at IBM, and a strategy consultant at McKinsey & Company in New York City. Mr. Perez has an undergraduate degree from Universidad Nacional de Ingeniería in Lima, Peru (1994), a Master of Administration from Universidad ESAN in Lima, Peru (1997) and a Master of Business Administration from Columbia Business School in New York, with a dual major in Finance and Management (2002). He belongs to the Beta Gamma Sigma honor society. Mr. Perez resides in the New York City area and is an accomplished salsa and hustle dancer.

About Cyber Security World Conference 2015

Renowned information security experts and innovative service providers will present at Cyber Security World Conference 2015 their latest thinking to hundreds of senior executives focused on protecting enterprises and governmental agencies. Topics that Cyber Security World Conference 2015 will discuss include:

  • Cyber Security Megatrends Security Professionals can’t Ignore Today
  • Strengthening the Security of Industry-wide Technology Infrastructure
  • How Hackers Really Operate to Obtain Financial Data
  • Cyber Security and its Role in the Overall Security of the United States
  • Key Considerations about Security in the Internet of Things Age
  • Designing and Managing Effective Information Security Programs

Cyber Security World Conference 2015 is produced by Golden Networking, the premier networking community for business and technology executives, entrepreneurs and investors. Panelists, speakers and sponsors are invited to contact Golden Networking by sending an email to

Business, Cyber Security, Defense, IT Security, Security, Technology

FBI rejects alternate Sony hack theory

U.S. law enforcement officials say an alternate theory of the Sony hack doesn’t stand up.

After FBI agents were briefed yesterday, they concluded the security company offering the alternate theory did not have an accurate understanding of all the evidence, a U.S. official familiar with the matter told POLITICO today.

Story Continued Below

The exterior of the Sony Pictures Plaza building is pictured. | AP Photo

The three-hour meeting with FBI investigators yesterday by cyber intelligence firm Norse “did not improve the knowledge of the investigation,” according to the U.S. official.

Investigators are open to new information brought forth by researchers, the official said, but it became clear in the meeting yesterday that Norse’s evidence was “narrow” and not an accurate analysis of the information, the official said.

Read More

Cloud Computing, cyber security legislation, Security, Technology

The Sony Hack Question: If Not North Korea, Then Who?

Was the attack the work of a disgruntled ex-employee at Sony? Or were the attackers actually from a completely different country? Another plausible explanation is much more economic: attackers demanded a ransom; Sony refused to pay and suffered the consequences. This attack was most likely a “sophisticated ransom threat made for monetary gain,” Jeff Schilling, the CSO of Firehost and a retired U.S. Army colonel, told SecurityWeek.

Ransom attacks, where attackers unleash denial of service attacks or similar threats if the victim doesn’t pay, are on the rise, Schilling said. Ransomware, malware capable of locking up computers and destroying the data if the victim does not pay, is also gaining popularity. When considered against the case of Sony, the ransom was likely significant since the potential damage—to the network and the brand—would be in the “millions of dollars, if not billions,” he said. When Sony refused to pay—because they didn’t believe the threat or underestimated the extent of the damage—the attackers dumped the documents.

The leaked document and the resulting fallout also has a ripple effect that goes beyond Sony, warned Schilling. The next time a major corporation receives a ransom threat, it is more likely to comply with the demand in order to avoid Sony’s fate.

Read More

Business, Cloud Computing, Cyber Security, Cybersecurity, Defense, Finance, IT Security, Security, Technology

Some cyber security experts doubt N. Korea is guilty of Sony hack

ATLANTA (WXIA) — President Barack Obama signed an executive order Friday that hit North Korea with more sanctions. It was in response to what the US says is the rogue nation’s role in a cyber-attack on Sony Pictures Entertainment.

The White House says this is just the first part of the US response to the Sony incident. But one security expert in Atlanta is joining the chorus of those who say North Korea is not responsible for the attack.

“Everything pointed to an inside job,” said Gregory Evans. “Nothing pointed to North Korea.”

Evans is a hacker-turned-cyber-security expert. He says that from day one there was something about the Sony hack that smelled like an inside job.

Read More