Home
Cornerstones of Trust 2012
Register Now!
Attendees can also elect to be entered into the drawings where many great prizes will be given away, including a free ticket to the San Francisco SANS Conference Cloud Security Fundamentals ($1800 value ).
Track Details
Edify Your Mind – Learn how to educate your users, the “force multiplier” in your information security program. Sharpen the skills that will mean the most for your career. Learn about the education, certification, and professional involvement opportunities to maximize your value as a security professional.
Harness Mind-bending Technologies – Understand the impact of key trends and issues in the technology landscape. Build a technology strategy based on business strategy, develop a technology roadmap, and choose, source and implement solutions for lasting value.
Corralling Mobile and Cloud Chaos – Mobility and cloud computing offer the potential to transform the enterprise. Shape the future and bring clarity to the opportunities, risks, and strategic issues for enabling business from anywhere to anywhere at any time.
Set the Business Free – Focus your security program to enable your business at acceptable risk. Move beyond compliance to strategic advantage. Make “metrics that matter” your guideposts toward business goals.
SANS Track Details
Twenty Critical Security Controls - The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through. These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer. No development in security is having a more profound and far reaching impact.
The commercialization of IT and the pervasive migration to virtualization, mobility and big data has resulted in a shift in cyber Advanced Persistent Threat (APT) techniques and tactics whereby the modalities for attack weaponization has expanded far beyond conventional “kill chain” staging and exploitation. The Internet, predicated on interconnectivity, has enabled global innovation, social, economic and technology growth exposing many of our Nation’s critical infrastructures, individuals, public, private and commercial enterprises to an unfamiliar and unsafe communication “chain”. In this new Cyber Kill Chain, the challenge to effective risk exposure mitigation is to focus on three main areas: (1) assess Breach Exposure Time (BET) whereby an APT target has either been a victim and/or made a weapon as a catalyst for a given attack; (2) determine over time and visualize distinct attack surface artifacts within Cyber Kill Chain curves (chaining) and; (3) calculate and identify the optimal points of inflection where a given enterprise’s ability to actively detect, deny and demobilize is realized.
Research methodologies included an analysis of previous research and reporting, forensic analysis, interviews with security practitioners, users and officials with expertise within critical infrastructure control systems, manufacturing, defense/aerospace, financial and biomedical industries. Results revealed that several factors contributed to the shifts in APT attack methodologies and the Cyber Kill Chain: (1) adoption of standardized technologies with known vulnerabilities; (2) increasing interconnectivity and dependencies among public, academic and commercial domains; (3) manufacturing and supply chain vulnerabilities and; (4) widespread availability of open source targeting information. The perception that securing enterprises will be economically unfeasible coupled with conflicting priorities within organizations is only contributing to the greater challenge. Increased collaboration and a new mindset are necessary to understanding and framing innovative approaches to intelligently interacting within the new Cyber Kill Chain.
