2016 FS-ISAC Annual Summit brochure

www.fsisac-summit.comwww.fsisac.com

2 • www.fsisac-summit.com

On behalf of FS-ISAC and the 2016 Spring Summit Planning Committee, I am very pleased to welcome you to the 2016 FS-ISAC Annual Summit.

At the end of every year, I reflect that the many challenges facing our sector continue to be daunting and 2015 was no exception. The boundaries and the perimeter that were once ours seemed to have evaporated with more business and IT processes moving to the cloud. We are now faced with the internet of things as well as petabytes of “big data’ that our business partners want to leverage, our legal team wants to defensibly delete and our security teams are tasked with protecting.

The threat landscape, technology innovation and the continued focus on cyber security as primary and secondary threats continue to be at the core of our concerns as security professionals. Having the latest information on threats, sharing of best practices and trends across our sector has become more important than ever. FS-ISAC plays a vital role in making that happen. Because there is “strength in sharing”, FS-ISAC continues to push the envelope when it comes to gathering reliable and timely information from financial services providers, commercial security firms, federal/national, state and local government agencies, and other trusted resources and disseminating that information globally. They have set a high standard for themselves when it comes to the quality of the information they share, the access to trusted partners they provide and the content they deliver through their annual conference.

If you have joined us at previous events, you already know that the FS-ISAC conferences offer excellent content from industry leaders as well as amazing venues with ample networking. This year’s Annual Summit, to be held at the Loews Miami Beach Hotel, once again aims to exceed your expectations with content covering Governance, Data Protection, Threat Intelligence and cyber attacks. The FS-ISAC is also delighted to have as keynote Presidential Historian and Pulitzer Prize-winning Author Doris Kearns Goodwin.

Whether you are representing a global bank, community institution, large or small insurance company or any company in the financial services sector, we all have a common goal and that is to protect our company brand and the data that has been entrusted to us. Come join us as there is “strength in sharing”.

I look forward to personally welcoming you in Miami, Florida, May 2016.

Lynda FleuryChief Information Security OfficeUnumConference Chair2016 FS-ISAC Annual Summit

FS-ISAC Mission Statement

The Financial Services Information Sharing and Analysis Center

(FS-ISAC) is a non-profit corporation that was established in 1999 and is funded by its member firms. The

FS-ISAC is a member-driven organization

whose mission is to help assure the resilience

and continuity of the global financial

services infrastructure and individual firms

against acts that could significantly impact

the sector’s ability to provide services critical to the orderly function

of the global economy. The FS-ISAC shares

threat and vulnerability information, conducts

coordinated contingency planning exercises,

manages rapid response communications for

both cyber and physical events, conducts

education and training programs, and fosters

collaborations with and among other key

sectors and government agencies.

Learn more atwww.fsisac.com

FS-ISAC Spring Summit 2015 | Loews Miami Beach Hotel

www.fsisac-summit.com • 3

Who Should Attend?• CEO/Bank Owners, CISO, CSO, CIO, CTO, and CRO

• Head of Threat Intelligence

• EVP, SVP, VP, and Director of these areas:

- Security Operations

- Fraud

- Investigations

- Physical Security

- Business Continuity

- Audit & Compliance

- Payment Risk Management

- Payment Operations

• Payment Line of Business Managers including:

- Online Banking

- Online Treasury Management

Why You Should Attend• Presentations by over three dozen Senior

Executive FS-ISAC members

• Concrete take-aways including case studies and best practices

• Interactive sessions that allow for strategic and solution-oriented discussion

• Actionable information & sharing designed specifically for financial services institutions

• Complimentary attendance for Premier and above members

- All meals and events during the conference are included

Attendance RestrictionsThe FS-ISAC Annual Summit restricts attendance to regulated financial services firms, relevant public sector entities, and country-level banking associations and payments associations. Examiners and those responsible for informing public policy are not eligible to attend. If you have questions regarding eligibility contact [email protected].

FS-ISAC Affiliation Early Bird (ends 4/1) Standard Registration (after 4/1)

Platinum/Gold/Premier Member COMPLIMENTARY COMPLIMENTARY

Standard Member $795 $1,250

Basic/Core Member $895 $1,500

CNOP (Critical Notification Only Participant) $895 $1,750

Eligible Partner ISAC/ISAO Member $895 $1,750

Government $895 $895

Non-Member (eligible FI only) $895 $1,750

Guest* $895 $895

*Guest registration may include spouse, family members, significant others, etc. but does not apply to colleagues or other practitioners in the financial services community. Guests do not attend sessions, but only meals and networking events.

Conference Registration CancellationCancellations received prior to April 25 will not be subject to a cancellation fee. Cancellations received on or after April 25 will be subject to a $200 cancellation fee. This applies to all Members at all tiers as well as Non-Member, Guest, Government, CNOP, and BITS member registration regardless of registration fee paid. Any member/non-member cancellations must be received via email to [email protected]. Registrations are transferable within an organization without penalty.

Online Registrationwww.fsisac-summit.com/attendee-registration2reg

istr

atio

n


Loews Miami Beach Hotel1601 Collins AvenueMiami Beach, Florida, 33139Phone: (305) 604-1601

Reservations

Phone: (877) 563-9762www.fsisac-summit.com/spring-hotel-travel

When making your reservation, be sure to mention that you are attending the FS-ISAC Annual Summit so that you receive FS-ISAC’s discounted group rate of $259 per night. This rate is available until April 15 or once the block is full, so be sure to make your reservation early to avoid disappointment.

Airport and Transportation

Miami International Airport (MIA) - 12.8 mi from hotelFort Lauderdale Airport (FLL) - 33.4 mi from hotel

Parking

On-site overnight parking fee: $40.00 USD dailyGarage across street parking fee: $16.00 USD dailylo

catio

n

Doris Kearns GoodwinWorld-renowned Presidential Historian | Pulitzer Prize-winning Author

Goodwin is the author of six critically acclaimed and New York Times best-selling books, including her most recent, The Bully Pulpit: Theodore Roosevelt, William Howard Taft, and the Golden Age of Journalism (November, 2013). Winner of the Carnegie Medal, The Bully Pulpit is a dynamic history of the first decade of the Progressive era, that tumultuous time when the nation was coming unseamed and reform was in the air. Steven Spielberg’s DreamWorks Studios has acquired the film rights to the book.

Well known for her appearances and commentary on television, Goodwin is seen frequently on television networks NBC, MSNBC, CBS, ABC, FOX, CNN, as well as The Charlie Rose Show and Meet the Press. Other appearances have included The Daily Show with Jon Stewart, The Colbert Report, The Late Late Show with Craig Ferguson, The Oprah Winfrey Show, The Tonight Show with Jay Leno, and many more. Goodwin has served as a consultant and has been interviewed extensively for PBS and the History Channel’s documentaries on President Lyndon B. Johnson, the Kennedy family, Franklin Roosevelt, Abraham and Mary Lincoln, and Ken Burns’ The History of Baseball and most recently Burns’ The Roosevelts: An Intimate History.

Among her many honors and awards, Goodwin was awarded the Charles Frankel Prize, given by the National Endowment for the Humanities, the Sarah Josepha Hale Medal, the New England Book Award, and most recently the Carl Sandburg Literary Award and the Ohioana Book Award.keyn

ote


What our members are saying about the Annual Summit...

”Great variety of topics… excellent venues…

keep up the good work...”


Amazon Web ServicesBrandProtectCarbon BlackCitrixCrowdStrikeCyberArk

CybereasonDB NetworksEasy SolutionsEndgameFourV SystemsFox-IT

Intel SecurityIntersetKnowBe4LemonFishNuData Security Inc.Phantom Cyber

Prelert, Inc.PrevotyShape SecuritySynackTITUSWaratek

platinum

gold

silver

TM


A Case Study of Targeted Destructive Malware

When destructive malware is successful, it can have immediate and long-term impacts. This session will discuss a recent targeted attack in which hundreds of systems were wiped across multiple sites of an organization. The attack harnessed the administration infrastructure and then utilized interesting techniques to possibly thwart investigators. The presentation will cover the attack details, how the wiper worked, and show the messages left behind; as well as identify areas of weakness to form lessons learned.

An Inside-Out Approach to Security

Based on our analysis, when employees leak sensitive information outside of an organization, 90% of the time they are legitimate users who innocently send out data for business purposes. In this presentation, we will discuss how organizations need to take an inside-out approach to security. This can be achieved by continuously monitoring, analyzing and building profiles on insiders within organizations, including employees and third party vendors. This can identify out of the norm behaviors and those abusing privilege access.

Assessing Community Bank Risks Using the FFIEC Self-Assessment Tool

In this panel discussion, learn how community institution members are using the automated FFIEC Cyber-Security Self-Assessment tool to identify their inherent risks and gauge the maturity of their cyber-security programs.

Beyond Eye Candy: Data Visualization In The SOC

Traditional SOC displays have been a source of tension among competent cybersecurity professionals. While having the flashiest “pew-pew” graphics may provide eye candy for senior management and outside regulators, few visualizations stand the test of intelligent questioning around their value to security operations and the CISO. We will explore several new ideas that strike a balance between visual pop and actionable, useful information while discussing how analysts can effectively interact with a centralized display environment.

Big Data, Banking, and Blockchain: Plotting Your Digital Course to Competitive Advantage

Blockchain technology has seen rapid adoption from multiple consumer facing businesses looking to support their global digital customer base. With increased focus from financial institutions delivering payment and commerce tools leveraging this underlying capability, Blockchain is set to transform and disrupt business throughout the coming decade.

For upstarts and mature businesses, Blockchain frameworks will spawn new lines of business that deliver the ultimate in secure and anonymous transactions for users and payment processors. In the undercurrent of this transformation, Blockchain technologies present new implications on consumer acquisition and retention, Big Data strategy, business policy, and security protocols.

Leveraging a panel of industry experts, the moderator will unpack the most critical issues that financial services and insurance industry executives must know for 2016 and beyond.

Breaches and Boardrooms

Cybersecurity is a topic that has now breached boardrooms. Everyone from the CEO to board members want to know that the organization they are running is safe from cyber threats. Not properly addressing a cybersecurity risk could prove costly-- in money, time, reputation, legal and potential lost customers.

This session will discuss proper security posture in which includes; what information, stats, and reports are important as well as go over what metrics you should care about.

Building a Data Processing Platform to Streamline Threat Intelligence

This session will describe how IT analysts can utilize automation to reduce the amount of time spent monitoring and searching for relevant information, while improving the overall awareness and security sess

ion

des

crip

tions


posture of their organization. It is easier to build an open-source based platform tailored to your organization’s specific intelligence priorities; one that can ingest massive amounts of any data type or source, which can be enriched, correlated and contextualized; with little budget and staff.

Citi Cyber Security Fusion Center- One Year Later

Cyber Security Fusion Centers have grown in popularity. Citigroup was one of the first FIs to have a Cyber Security Fusion Center. With that being said, Citi’s Cyber Security Fusion Center has passed its one year mark. We recently presented to the Fall Summit 2014 during our grand opening. For this upcoming Summit we will present on the lessons learned after one year.

Cognitive Security - How to Deal with Polymorphic Cyber Attacks

Hear and see the latest in applying Cognitive Computing to Security, more commonly known as ‘machine learning’ to see how machine-based learning is used to model access and behavior patterns by mining network and application data for detection of anomalous, likely-threatening malicious patterns. See how Cognitive Security is being applied in the Financial Services Sector, including use cases for cognitive security deployed to address the most sophisticated cyber attacks and how it can be used to detect and protect organizations from cyber threats today and tomorrow.

Collaborational Threat Intelligence, Beyond Automation and Sharing

Following last year’s “Sharing is Only the Beginning,” we will walk through use cases and tools deployed to leverage shared information and produce intelligence out of sharing initiatives. This session discusses the automation efforts to support integration, enrichment and exploitation of technical intelligence, and the evaluation of sharing initiatives as a source of information.

We will explain the different (non-)technical challenges around collaborational production of threat intelligence in the context of the CSSA association in Germany.

Community Sized Institutions, Trials and Tribulations of Information & Cyber Security

This will be an interactive panel with the audience to discuss current issues and the creative ways we need to address them with limited staff and budgets.

Controlling APT Threats Through Cyber Deception

In this session, we will describe the concept and implementation of Cyber Deception, an upcoming trend predicted by Gartner to be used by 10% of all organizations by 2018. This session will explore the ‘Observe, Orient, Decide, Act’ methodology, a strategy that limits threat actors’ situational awareness, effectively controlling where they go once inside your environment as well as how deception technology can affect other areas in finsec such as anti-fraud.



Correlating Threats Using Internet Snapshots

Imagine you had a snapshot of the Internet when performing analysis. The presenting company crawls millions of digital assets everyday, producing hundreds of data points for analyst to use when researching threats. This session will highlight on non-traditional datasets like SSL certificates, SSH keys, and page content as correlation points. Attendees will leave with a deeper understanding of threat infrastructure analysis and how less well known datasets could be used to surface connections where WHOIS and passive DNS fail.

Creating a Large-Scale Threat Intelligence Database

With the shear volume of malware and feeds, it’s hard for responders to keep up. This session will cover creating your own threat intelligence database of not only current threats, but past threats making it possible to correlate attacks backwards to months...even years. Using open-source tools and specific techniques, it becomes possible to mine indicators to respond to threats quicker. Adversarial counterintelligence techniques to this tracking will also be discussed.

Creating and Maintaning a Cyber Threat Management Organization

This presentation will focus on both of the speakers’ experience as the leads for their companies, and how they create and maintain this group, that consist of the following teams: Cyber Threat Intelligence, Security Operations Center and Countermeasures.

CryptoWall v3

CryptoWall is one of the most lucrative and broad reaching ransomware campaigns on the Internet today. Ransomware encrypts a victim’s files and demands payment in return for the key that can decrypt said files. Ransomware will target files that may contain financial data, business records, databases, family photos and movies. This presentation will provide an in-depth look at the inner workings of one of the most lucrative malware schemes in operation today.

Cyber Fraud and Bitcoin Exchange

Bitcoin exchanges have become the commodity of rapid exchange for a number of physical and cyber venues. This affects many parts of the business cycle and process from the ransom funds for executives, key data, and bandwidth to extortion and blackmail. This presentation will explore the Internet of Bitcoins as it pertains to cyber actors and operations to maintain an anonymous currency.

Cyber Risk Insurance: A Buyer’s Guide

The presenter will discuss the important elements to be aware of in cyber insurance from a buyer’s perspective, based on an initiative from the FSSCC.

Cybersecurity Governance CEO Panel

The panelists will discuss:

• Top cyber security concerns of CEOs and boards of directors;

• Changes that CEOs and their leadership teams have made in response to cyber risks (and future plans if this is something that the CEOs are comfortable discussing);

• Successful (or unsuccessful) tactics CISOs and CIOs use to secure additional resources from CEOs;

• Top regulatory compliance challenges and concerns; and

• Actions that individual firms, key players in the financial sector, key players in other sectors, and U.S. foreign government agencies must take to mitigate cyber risks.

Cybersecurity Risk and Resilience: How the Hunted Become the Hunters

Information stored by Financial Services companies are ‘big game’ to cybercriminals, but what happens when the hunters become the hunted? This session will provide strategies and tactics for developing an sess

ion

des

crip

tions


advanced persistent response to gain greater cyber situational awareness and manage the actions of cyber intruders in real-time. Attendees will also learn steps for developing a cyber resilience program (CRP), combining advanced threat protection, detection techniques, and training to more effectively protect against sophisticated attacks.

Cybersecurity: Why Are We Failing?

The threats are continually evolving! Despite the increased investments in technology, we continue to see high-impact breaches. Clearly, something’s amiss!

This presentation will look at evidence from real breaches, and understand why technology-only approaches to protecting our key assets are failing us. We can learn a lot from the military’s approach to effective intelligence gathering, human conditioning, and how to operationalize them. This talk will endeavor to translate these lessons to the realm of cybersecurity.

Designing a Cyber Playbook that Works

In this presentation, the presenters will discuss Synchrony Financial’s process, judged during a recent meeting of underwriters at Lloyd’s of London that was “best in class,” for discovering, mitigating and responding to data incidents. The presentation will describe how Synchrony’s cyber and physical security response teams are integrated into an enterprise-wide playbook, and how the playbook is regularly refreshed to ensure ongoing relevance in a swiftly changing operating environment.

Developing Effective Encryption Strategies (Case Study & Lessons Learned)

Data protection is at the center of a mature organizational information security strategy - and encryption plays an important role in that strategy. Encryption can effectively protect data, even after other control factors. By using this methodology, organizations can work through the complicating factors of deciding when, where and how to deploy encryption to protect data. This presentation will walk through a real world engagement that was conducted by former Big4 cyber security consultants.

Everyone has a Plan - Until They Get Punched in the Mouth

Effective incident response requires good planning, and a solid response plan to follow. But incidents are unpredictable in how they unfold, and any incident response planning efforts need to take into account the need for executive decision making to handle the unexpected. The panel will discuss how best to achieve the balance between the need to plan and the need to give executives the freedom to respond to unanticipated events during an incident.

Evolving Social Engineering Trends, Tactics and Techniques

Today, most Financial Institutions and organizations that conduct business online have either a vendor or an internal security team to monitor, detect, and respond to online cyber attacks. (Phishing/Malware) The response time to these types of attacks has decreased dramatically reducing their effectiveness. This has resulted in Cyber Criminals developing new Social Engineering techniques that are more clever and advanced.

Financial Data Manipulation - The Next Cyber Battleground?

Today, everyone makes purchases online, from shopping carts to connected banking and emerging FinTech companies. What actually happens when a consumer clicks “pay” and a bad guy manipulates the system to their advantage? Today, it’s not just hackers - it’s people with industry expertise and financial know-hows that are helping hackers to steal, delete and increasingly manipulate data to capitalize on it. Emails with insider information can be used to manipulate stock markets and mess with data, altering it before it gets processed, and changing it back when the transaction is complete.

With the rise of criminal groups attacking financial systems, stealing passwords for financial gain, and increasing actual manipulating data - whether it’s financial or health - has everyone from the CTO, to the CEO and the Board are looking for insight on how to use offensive tactics as opposed to relying on traditional cyber defenses. The speaker will be discussing how the rise in digital connectivity and digital banking is becoming a hackers playground for cyber manipulation and the steps necessary for financial services to react and become offensive players against the next cyber battleground – Data manipulation.


Fraud & Cybersecurity Controls from Scratch

The Fraud and Security teams will demonstrate how they went about building bank level controls, alerting, and processes in Splunk that exceeded several of the vendor controls we could have used. We will showcase the control types and methodology as well as how to join the cybersecurity analysts and fraud analysts together to create proactive and reactive alerting to fraud.

How New York Life is Making Cloud a Strategic Advantage, Safely

New York Life, one of the world’s most venerable institutions, is making the cloud a strategic advantage. With a board-level mandate to migrate key functions to the cloud, the organization is enabling some of the most innovative SaaS tools for the business. NYL has a lot to gain, but also a lot to lose if the initiative is not executed safely. Join the speakers for an interactive discussion about NYL’s best practices for safely onboarding and standardizing on SaaS.

How to Get Control of Third Party Risk

Vendor risk management (VRM) is no longer emerging; it is here. Bank of the West, part of BNP Paribas, has a robust vendor risk management program with best practices to share. Join the speakers to learn how to deal with the evolving regulatory challenges, identify and address vendor risk management gaps, and see where the financial services VRM landscape is heading.

In the Heart of a Breach: Lessons from Financial Services Cyber Attacks

Despite being early adopters of cyber security technology and investing millions on digital security, breaches in the financial sector continue to occur at an alarming pace. This panel will deliberate how the industry can better prepare for inevitable breaches, reduce costly mistakes and institute stronger security measures across the enterprise. Panelists will share their expertise on reducing the attack surface, assessing and managing risks from third-party vendors and improving cyber security literacy in the C-suite.

Intelligence Collection Management in a Commercial Setting

Demo our collection management system that selects and evaluates intelligence vendors for use within PNC. This session will also allow you to demo the collection matrix that informs our senior leadership on intelligence collection coverage, gaps, and efforts to fill those shortfalls. This matrix is also used to evaluate and align intelligence support to the specific defensive needs of the presenting company. We will showcase this construct as an achievable model that all FIs can quickly implement to effectively track their intelligence operations.

Introducing the FS-ISAC Threat Actor Wiki

Representatives from the FS-ISAC as well as other companies will present on the FS-ISAC Threat Actor Wiki. The primary objectives of this Wiki are to: 1) Present information contained within the portal regarding specific cyber threat actors in an easy-to-digest and consistent manner; 2) Provide members the opportunity to contribute their knowledge and information to this Wiki for the benefit of the sector; 3) Raise the membership’s awareness/understanding of the threats to the financial sector.

Leveraging Threat Intelligence to Strengthen the Third Party Risk Management Process

Estimates for 2015 cite 888 data breaches world-wide with 63% of them related to third party providers being exploited by threat actors. This presentation will discuss how this member is leveraging intelligence to strengthen the third party risk assessment program by preparing auditors with actionable intelligence to help identify any potential gaps in the third party questionnaire process.

Living on the Edge of 3.0

Soltra has been leading the open standards effort for security consumers everywhere. Come and join us to look into the future of cyber intelligence automation as Soltra takes you to the Edge with Edge 3.sess

ion

des

crip

tions


Managing the Threat Within: How Firms are Establishing Effective Insider Threat Programs

In today’s environment, firms need to effectively manage the risks that a malicious insider may pose. While once considered bleeding edge, insider threat programs are now being established at firms of all sizes and, in the not to distant future, will become the norm. Hear from a panel of experts who overcame the challenges of establishing a program within their firm and what steps should be taken to establish and run one within your firm.

Managing Third Party Risk: Building a Vendor Risk Management and Optimization Strategy Considering Risk, Architectural Synergies and Business Logic

More than half of all security breaches originate from a third-party breach. With that being said, how can you extend your internal security practices to your vendors and help reduce your organization’s risk? This session will detail a proven, scalable five-step process that any organization can use to effectively manage vendor risk. Attendees will hear case study examples and learn what does and doesn’t work in the real world.

Maturity Models in the Cyber Intelligence Space

As the field of Cybersecurity continues to grow and expand, maturity models are being examined as a means of measuring against a standard. A number of them have been developed, some overlaping one another, some examining different dimensions of our business, and sometimes crossing sectors. This panel discussion will compare and contrast some of these models as presented by those that have worked with or developed them.

Measuring and Managing our Security Posture using the Cyber Defense Matrix

Last year, we unveiled the Cyber Defense Matrix (see the “Understanding the Security Vendor Landscape” briefing from May 2015). This year, we’ll showcase several more use cases of the Cyber Defense Matrix, including how we track our controls, new initiatives, emerging threats and requirements, audit issues, design patterns, and the overall technology portfolio.

No Operating System Found: Lessons from Actual Destructive Malware Attacks

A panel of three senior individuals in which include one each from Sony Pictures Entertainment (DM attack in 2014), The Las Vegas Sands Casino (DM attack in 2014), and Saudi Aramco (DM attack in 2012) will discuss what a destructive malware attack really looks like and the challenges associated with working through it.

PCRE Workshop

Interactive workshop for developing PCREs.

Revealing the Top 10 Most Wanted FI Phone Scammers

Every day your customers are being targeted by phone scammers and impersonating financial institutions to steal identities. New research from the presenting company shows that more than 50 percent of these fraudulent robocalls come from just a few criminals. In this session, attendees will learn what we know about the top 10 most prolific scammers, including audio recordings, phone numbers and techniques, and how FIs can work with law to enforcement protect their customers and reputations.

Staying Ahead of Fraud: Using Analytics to Identify Emerging Fraudulent Schemes and Limit Losses

The diversity of payment types available has led to an increasing interest on behalf of cybercriminals to evolve how they exploit payment systems for financial gain. Building on a presentation given at the Fall 2015 summit, this session will explore how intelligence gleaned from the Darkweb can be combined with big data analytics to identify new methods of fraud and develop the appropriate controls before significant losses are realized.

Success Stories from Intelligence-Driven Big Data Analytics for Cyber Security

DTCC has been leveraging machine learning (ML) driven Big Data analytics (BDA) as a potential complement to the existing Cyber Security measures to combat cyber security threats. This presentation will discuss the lessons learned from DTCC’s critical initiatives in operationalizing its BDA. It will include an overview of some successful


use-case solutions and a detailed case study describing the application of ML algorithms to detect network anomalies – where existing measures are incapable of detecting such anomalies.

The Co-Dependency Theory - Harmonized Approach to Security and Fraud

Security and fraud issues are often handled in silos. This results in conflicting priorities among business, IT, security, fraud and compliance teams and missed opportunities. This presentation, through the use of case studies, will make the case for a harmonized approach that will bring all the different stakeholders together to address a common problem.

The Cyber Threat Landscape: How Financial Services Firms can Better Integrate Cybersecurity with Fraud, ABAC, AML and Sanctions

Current landscape: financial crime is a top agenda item for the White House, regulators, and both the boards and CEOs of major financial institutions. The future of cybersecurity, with cyberattacks on the rise, is expected by experts to increase in security across industries.

Operational efficiency and regulations: how can organizations better integrate cybersecurity with the financial crime pillars of fraud, anti-money laundering, sanctions and anti-bribery/anti-corruption?

The Quality of Your Security is No Secret

You can measure the information security quality of any company just by looking at it with no hacking, no insider information, and no laws broken. The art is in knowing where to look and how to read what you see. We’ll discuss how this is done and we’ll use the techniques to tour five big companies and read about their security.

Third Party Economics

The cost of third party questionnaires, assessments, and follow ups impact all sectors when making sure those who handle data have the appropriate control standards in place. This presentation will share how to mature from process to risk profiling and provide a clear understanding on what risk mitigation is necessary to mitigate vulnerabilities impacting industry landscapes.

Threat Hunting 101

Cyber attacks are becoming increasingly frequent as well as sophisticated and the traditional, reactive, security monitoring approach has failed to keep up with them. There is a need for a change, a proactive approach that allows cyber defense teams to engage and hunt for attackers hiding in the network. In this session, the speaker will share experiences on implementing a cyber threat hunting program and also recommendations on how to implement one.

Threats and Attacks: New Techniques for Detection and Mitigation (How Does it Work?)

Endpoint threat detection and monitoring:

1. Before (historical opportunities and challenges, geography, distributed sites)

2. During (mid deployment benefits, challenges, experiences, immediate benefits gained)

3. After (post-deployment organizational improvements, visibility enhancements, forensic capabilities, infections over time, software blocking, hunting skills)

4. Lessons learned (design, implementation, operations, forensics, IR and overall visibility to reduce risk, what surprises did we encounter?, what would we do differently?)

Training Like You Fight: How to Take an Adversary-Driven Approach to Testing the Business

Conventional technology asset security assessment methodologies and technologies have been utilized during much of the past decade. They have been and remain dependent on technologies and principles which fail to innovate at the pace of the adversary and do not contemplate the value of technology as a business asset, or the nature of the business itself. While automated tools exist, common place sess

ion

des

crip

tions


assessment methodologies play an important part of the vulnerability assessment cycle, more controversial asset-risk and intelligence-driven security assessments are better at hitting home at the real business consequences of technical deficiencies and must play a key role in today’s financial services organizations.

This session will discuss the fundamental framework for such a methodology and the role that adversary intelligence plays in not just identification of threats within a SOC environment, but the identification of potentially previously unforeseen, highly consequential threats to business. Further, the presenters will discuss experiences implementing such methodologies within complex financial services organizations.

“Trust But Verify” - Building an Effective Internal Pen-Testing Function

Many organizations have built internal red-teams focused on performing penetration testing and vulnerability assessments. However, by simply recreating the processes used by third party assessors, many miss out on the vast array of opportunities these teams can afford an organization. In this presentation, we will walk through some of the opportunities and approaches for building a results based, metrics-driven internal penetration testing team.

Using the FFIEC Cybersecurity Assessment Tool to Update Security Strategy

FS-ISAC Members will present a practical approach to using the FFIEC Cybersecurity Assessment tool to update and communicate security program needs to the Board. The session will focus on using the tool’s modern capability descriptions to assess needs, communicate maturity gaps and obtain support for improvements.

Why is Email Still the #1 Vector for Cyber-Criminals? It’s Time for a Holistic Approach to Securing Email

Despite the growing investment in cyber security technology, 2016 again promises to be the year of the email cyber-criminal. Phishing campaigns that targeted consumers cost financial institutions over $4.5B last year with no end in sight. Join the speakers as they share experiences and lessons learned in the ongoing battle for secured trust in the email channel, and explain how technology is evolving to allow a holistic approach to email security.

Why Your Current Data Protection Program Isn’t Sufficient

To maintain compliance with increasingly complex regulations (SOX, GLBA, PCI 3.0 and many more), organizations are adopting data protection solutions like Data Loss Prevention, Format Preserving Encryption, Data Classification, and Database Activity Monitoring. However these solutions have limited uses, require extensive resources to configure, deploy and operate, and fail to address the dynamic nature of data in which include:

• How to build a sustainable data protection program

• How to engage business leads

• What “analytics” really means

* We apologize to all Affiliate Members, Affiliate Board Advisors, and Sponsors who are not permittedto attend members only and technical forum sessions, which will be announced at a future date.



Join us for complimentary snacks and refreshments, and a technology showcase where the latest technical innovations in cyber-awareness, proactive security and defense will be on display. In this relaxed setting, attendees may select up to three solutions they’d like to see. These information-packed 15 minute sessions will be presented by technology experts from our solution providers, will be use-case driven and will be tailored to the unique needs of FS-ISAC members.

Advanced Malware Remediation and Protection Strategies | Malwarebytes

An Evolving Security Landscape – Security Patterns in the Cloud | Amazon Web Services

Banks vs. Bots: Deflecting Automated Attacks on Websites | Shape Security

BrandProtect: How Programmatic Cyber Threat Correlation Increases Cyber Security Effectiveness | BrandProtect

Compromised Credentials and Insider Threats in the Data Tier | DB Networks

Cyber Risk: Quantification, Analysis, and Reporting | FourV Systems

Don’t Just Stop Fraud: Improve Customer Experience with Behavioral Biometrics | NuData Security Inc.

Endpoint Security: Protecting Financial Institutions’ Crown Jewels | Carbon Black

Following Criminals Down the Fraud Funnel | Fox-IT

If Your DLP failed, Would You Know It? | LemonFish

Making the Best Use of Your Incident Responders | Cybereason

Mobility Predictions for 2016 and Beyond…And the Related Security Implications | Citrix

Modern, Scalable Fraud-centric Case Management | Easy Solutions

Next Generation Endpoint Security - The Next Security Frontier | CrowdStrike

Operationalizing Behavior Analytics in Financial Services for Cyberattack Detection and Prevention | Interset

Protect Your King: The Key to Maintaining Control of Your Business | CyberArk

Protecting Sensitive Data -- from Desktop to Mobile to Cloud | TITUS

Runtime Application Self Protection (RASP): Accurate and Effective Security with No Application Downtime | Waratek

Security Automation & Orchestration | Phantom Cyber

Speedy Detection of DNS-based Data Exfiltration Using Behavioral Analytics | Prelert, Inc.

The A,B,C’s of Runtime Language Security | Prevoty

“The Big Data Problem” – Dissecting the Anatomy of One of the World’s Largest Attacks on the FinServ Industry | Intel Security

The Hunt is On: Automating the Hunt for Committed Cyber Adversaries | Endgame

The Synack Approach: Where Security Meets Reality | Synack

Turning Employee Worst Cyber Security Practices into Best Practices | KnowBe4

solu

tions

sho

wca

ses

* The Silver Solution Showcase is closed to non-Silver Sponsors.


Agenda is subject to change. For an up-to-date agenda, visit www.fsisac-summit.com/spring-agenda

Sunday, May 112:00 - 5:00 pm Poolside Cabanas

4:00 - 6:00 pm Early Registration6:00 - 7:00 pm Opening Welcome Reception7:00 - 9:00 pm Sponsored Member Dinners*

Monday, May 28:00 am - 9:00 pm Member Registration

8:00 - 9:00 am Board and Member Breakfast*8:30 - 10:00 am Board Meeting*

9:00 am - 12:00 pm Members Only Technical Forum*12:00 - 1:00 pm Members Only Lunch*

1:00 - 4:30 pm Members Only Meeting*3:00 - 6:00 pm Sponsor Registration and Sponsor Hall Set-up5:00 - 6:00 pm Solutions Showcase*6:00 - 7:00 pm Networking Reception in Sponsor Hall7:00 - 9:00 pm Beach Blast Dinner

9:00 - 11:00 pm After Hours Dessert Hospitality SuiteTuesday, May 3

7:00 am - 7:00 pm Registration7:00 - 8:00 am Breakfast8:00 - 8:15 am Opening Remarks8:15 - 9:00 am Keynote Session9:00 - 9:30 am General Session

9:30 - 10:15 am Networking Break in Sponsor Hall10:15 - 11:15 am Concurrent Breakouts

11:30 am - 12:30 pm Concurrent Breakouts12:30 - 1:45 pm Birds of a Feather Lunch

1:45 - 2:45 pm Concurrent Breakouts3:00 - 4:00 pm Concurrent Breakouts4:15 - 5:15 pm Solutions Showcase*5:15 - 6:15 pm Networking Reception in Sponsor Hall6:15 - 9:00 pm Sponsor Dine Around

Wednesday, May 47:00 am - 5:30 pm Registration

7:00 - 8:00 am Breakfast8:00 - 8:15 am Opening Remarks8:15 - 8:45 am General Session8:45 - 9:15 am General Session

9:30 - 10:30 am Concurrent Breakouts10:30 - 11:00 am Networking Break in Sponsor Hall

11:00 am - 12:00 pm Concurrent Breakouts11:00 am - 5:00 pm Sponsor Hall Teardown

12:00 - 1:00 pm Luncheon1:00 - 2:00 pm Solutions Showcase*2:15 - 3:15 pm Concurrent Breakouts3:30 - 4:00 pm General Session4:00 - 5:30 pm Closing Jeopardy Reception7:00 - 9:00 pm Sponsored Member Dinners (closed to all non platinum sponsors)

*closed to Sponsor Attendees with the exception of companies approved for presenting at the eventagen

da

2016 FS-ISAC Annual Summit brochure

Documents

Transcript of 2016 FS-ISAC Annual Summit brochure