Three Rivers Information Security Symposium will be held on Friday, October 28, 2016. In conjunction with Cyber Security Awareness Month, TRISS will be held at Robert Morris University from 8:00 am to 3:30 pm.
Morning KeynoteGetting a Security Program from 0-60 by Omar Khwaja, VP & CISO at Highmark Inc. The evolution of the security program at Highmark Health is unquestionably a long-term undertaking, but in the course of the past couple years, the security organization has managed to address compliance, awareness, metrics, organizational culture and much more. But Highmark CISO Omar Khawaja recognizes that the betterment of a security posture — and the work of a security leader — is never done. Join this session to learn about the risks and advantages of taking an agile approach to security, and the challenges and opportunities for Highmark that wait just down the road.
Morning Speaker 1Penetration test preparation that focuses your team to think like a hacker by David Kane, Managing Director and co-CEO at Ethical Intruder Ethical Intruder has been performing Ethical Hacking evaluations for seven years and typically we find that the same issues come up at almost every organization regardless of size or the maturity of their security program. The first impression you provide to a company performing a penetration test is very similar to the impression that a hacker would have when they are investigating if you are a good target for them to mount a deeper more sustained attack. So if a company can change that first impression, they may divert the attention of the pen tester or hacker and decrease their overall threatscape. The core issues we see at local charitable non-profits up to fortune 50 health care providers can be addressed fairly easily by following some basic guidelines and without having to buy new tools or spending extended amounts of time or money to achieve this more secure impression. The talk topic will cover several steps an organization can quickly change that first impression and make the hacker look maybe the other way. Stop focusing on the next tool or log when instead you can focus your teams’ perspective and behaviors to think like a hacker when they are protecting your core assets. The talk will cover a range of targets from external networks, web applications, internal networks, and physical corporate office spaces.
Morning Speaker 2Mobile Security Threats: How Safe Is Our Data? by John Weingartner, Sarah Pfabe & Brendan Adams at RMU Top Secret Colonials Mobile phones have become ubiquitous within our society, and many would now consider them a necessity rather than a convenience. We are living in a world where people are staying connected via mobile technology more than ever before. Technology which was once only found on desktop computers can now be carried in the palm of our hands. The number of mobile devices, at the end of 2015, exceeded 7.9 billion users. This noticeable constant connection to our mobile devices is bringing to the forefront an area of concern in regard to security. The majority of vulnerabilities are caused by the user error and lack of understanding and training of the implications associated with using a mobile device. In order to protect our mobile devices, it is imperative that end users and can answer the following questions among others. What security mechanisms do we have in place to deal with mobile security threats? What are the biggest risks associated with mobile devices? How secure are the mobile apps? In order to be able to address the risk factors associated with mobile malware, it is imperative to first understand the threats . Mobile devices are becoming a new target to gain user information, as mobile device security has not kept up with traditional computer security. Cyber criminals are beginning to attack mobile devices due to the lack of security measures in place. Such information includes email accounts, phone numbers, calendar information, network or login credentials, confidential notes or files, and contact lists to name a few. Mobile devices can be used on both secure and unsecure environments.
Afternoon KeynoteFifth Generation CyberDefenses: Can We Win an Unfair Fight? by Ray Watson, VP of Global Technology at Masergy Cyber security has evolved through four major generations, and the recent DNC and NSA hacks are indicative that a fifth generation is now emerging. This presentation will discuss some of the challenges, advantages and pitfalls of fifth generation cyber security, including:
- What is the history and evolution of the five generations of cyber defense and security?
- How can global enterprises possibly hope to defend themselves from Advanced Persistent Threats?
- What are some best practices for enterprises around security?
- How can CIO’s and CISO’s prepare their corporations to face the onslaught of new threats?
- What are four things that you can do right now to mitigate the damages potentially done to your organization?