to succeed in today's increasingly cyber

Cyber security is everyone’s business. Gain the insights, tools and connections you need to succeed in today’s increasingly cyber-threatened world at CSX 2016 North America—brought to you by ISACA®’s Cybersecurity Nexus™ (CSX). #CSXNA

17 – 19 October | Las Vegas, Nevada, USA

EXCHANGE ideas and experiences

EXPLORE new connections with fellow professionals

EXCEL in your cybersecurity learning and career

Learn How to Protect and Defend Against Growing Global Cyber Security Threats

Cyber threats affect every enterprise in every industry—no one is too big or too small. Threats don’t take holidays and they are becoming more intrusive and potentially more devastating every day. To help you stay ahead of the most critical issues and find effective solutions, ISACA’s Cybersecurity Nexus (CSX) is hosting the acclaimed CSX 2016 North America Conference.

CSX 2016 brings together thought leaders, experts and professionals at all levels of cyber security as well as the next generation of cyber defenders. Here you can find new connections, innovations and resources to build your cyber security profile and help defend your enterprise from the ever growing cyber security threat.

* When purchasing pre-conference workshop and main conference sessions.

Earn 32+ CPE hours*

at North America’s

leading International

Cyber Security Month

cyber event.

What They Are Saying (and Why You Should Care)

After his entire home network was overrun by a hacking group in 2001—and the Lion Worm locked him out of his system, twice—Brian Krebs developed a passion for computer security. This has become an obsession that benefits readers of his globally renowned blog, Krebs on Security, and all who are vulnerable to cyber incidents. He will share unique insights

gained from his years of research and writing, as well as his unprecedented access to some of the smartest, most innovative cyber minds on the planet. He shares how it is important to take risks, make mistakes and learn from them. After the presentation, Brian will autograph copies of his book Spam Nation, a New York Times best seller.

OPENING KEYNOTE SPEAKERMONDAY, 17 OCTOBER 2016

8:30 a.m. – 9:30 a.m.

BRIAN KREBSInvestigative Journalist,

Founder of Krebs on Security blog, Former Washington Post Reporter

Be Part of the Future—Learn while Listening to Leaders on Cyber Security’s Frontlines

What We Will Be Saying

Pablos looks at the world differently than most. His quest is to solve the world’s problems through the innovation of technology. Through his current endeavors at the Intellectual Ventures Lab, he has developed a brain surgery tool, a machine to suppress hurricanes, a self-sterilizing elevator button, cancer treatments, a gun that shoots laser beams at malaria-carrying mosquitos, 3D food printers. He also has contributed to visions for the future of urban transportation, entertainment, education, health care, food delivery,

sensor networks, payment systems and cloud computing. A respected and dynamic speaker, he has informed and entertained audiences at world- renowned technology summits at the United Nations, the World Economic Forum at Davos, the CIA, TEDx and DEFCON speaking about invention, innovation, cyber security and the future of technology. Pablos will use his unique ability to articulate practical visions for the future of cyber security and technology to provide us thoughts for future challenges and opportunities.

CLOSING KEYNOTE SPEAKERWEDNESDAY, 19 OCTOBER 2016

11:00 a.m. — 12:00 p.m.

PABLOS HOLMANNotorious Hacker, Inventor,

Entrepreneur and Technology Futurist

CSX 2016 NORTH AMERICA CONFERENCE | KEYNOTE SPEAKERS

Register and pay by 10 August and save US $200—www.isaca.org/csx2016 | #CSXNA


CSI: to CSX

As the creator of the global television phenomenon CSI, Anthony Zuiker is one of the most creative and multifaceted storytellers today. Since its debut more than 13 years ago, multi-award-winning CSI is still one of the most watched TV shows in the world. Bridging the gap between Silicon Valley and Hollywood, Anthony helps entertain and educate

global audiences on the threat of cyber crime through a major online brand storytelling experience, Cybergeddon. He also creates multiplatform “digi-novels” through his New York Times best-selling books Level 26 and has written the autobiography Mr. CSI. He will sign books after his presentation.

MONDAY, 17 OCTOBER 2016 1:30 p.m. – 2:30 p.m.

ANTHONY E. ZUIKERCreator of the Popular TV Show CSI: Crime Scene Investigation

Achieving Better Efficiency in Security

The information security industry is fragmented and is experiencing a serious efficacy dilemma. With the volume and sophistication of attacks on the rise, organizations must adapt their approach for detecting and containing breaches before damages occur.

Join Brett Kelsey, as he reveals how the industry is under duress and is being forced to adapt. He’ll provide compelling data on the current threat landscape, the extreme talent shortage, evidence of security inefficiency across the board, and will emphasize the importance of having an adaptive and collaborative, connected security infrastructure.

TUESDAY, 18 OCTOBER 20168:30 a.m. – 9:30 a.m.

BRETT KELSEY, CISA, CISSPVice President & Chief Technology Officer

for the Americas, Intel Security



Mind The Gap: Analyzing Cyber Security Controls that few Organizations are Implementing, and Why

An information technology and security executive with technical background in software security, risk management, information security governance, and identity management, Justine spent more than 15 years working in the private sector for financial, news and information security companies, plus several years serving the intelligence community.

At last year’s CSX North America, the “dance” of cyber security was discussed.

Justine, a former dancer with the Royal New Zealand Ballet Company, will continue that discussion, relaying research she and her team are conducting around firmware integrity and security, how that maps to various standards and compliance/ control frameworks—and the attention professionals are and aren’t giving to firmware security within their audit and security programs. Make sure to have your note-taking devices ready for this highly informative and valuable presentation!

TUESDAY, 18 OCTOBER 2016 1:30 p.m. – 2:30 p.m.

JUSTINE BONE, CISOExecutive Director and CIO, Luxury consumer products;

CISO, leading newspaper and financial institution;

Security researcher and entrepreneur.

Elevate Your Cyber Expertise at CSX— The Learning Begins 15 October 2016

Get ahead of the threats and the action in the fast-moving cyber security field. Join innovative and experienced cyber leaders, and embrace the latest practical knowledge that you can apply immediately to your role. CSX 2016 features inspiring keynote presenters and dynamic workshops and sessions that offer invaluable new tools and perspectives on cyber security. This is an especially challenging and exciting time to be involved in cyber, and at CSX 2016 you can view case studies of what has worked and what needs work in the real world. Customize your conference to your specific needs: select from among 70 high-impact sessions in 2 levels— “Essential” and “Advanced”—which are built around several timely cyber tracks:

IDENTIFY PROTECT DETECT RESPOND RECOVER

...and two more focus areas to help you achieve greater career success:

DEFEND EXPLORE

Plus the all-new:

EARN UP TO 32 CPE HOURS!

CSX 2016 NORTH AMERICA CONFERENCE | SESSIONS


IDENTIFY TRACKBetter manage strategies and tools to identify cyber security risks to systems, assets, data and capabilities. Learn how to navigate current and impending industry regulatory changes. Know the key questions to ask, measures to employ and how to best communicate with stake holders. Sessions include:

111 Art of Performing Risk Assessments

121 Breach Your Own Castle: Suit Up and Play Offense for Better Security

131 Everything has an IP Address... HELP!

141 A Scorecard for Cyber Resilience

211 Securing the Internet of Things

221 CISO Success Strategies

231 How to Gain Board and Executive Support for Your Cyber Program

241 Cybersecurity in Industrial Control Systems

311 Useful Risk Assessments

321 Security for the Millennial Age

PROTECT TRACKProtect critical services by deploying effective processes and procedures. Improve your understanding of the evolving threats to the security of sensitive data in IT networks of all sizes and in all industries. Learn solutions that better protect the privacy of customers and employees. Sessions include:

112 A Capability Maturity Model-Sustainable DLP

122 DevSecOps and the Future of Enterprise Security

132 Containerization Security: What Security Pros Need to Know.

142 Measuring Security: How Do I Know What a Valid Metric Looks Like?

212 PKI to Secure the Cloud

222 Encryption. Encryption. Encryption!

232 Cloud Security in a De-Centralized World

242 Biometric Authentication and How it can be Used to Combat Crime

312 Will Biometrics Kill the Password?

322 Modeling the Adversary to Engineer Security


RESPOND TRACKRespond effectively with appropriate cybersecurity protocols and procedures pre-disseminated and hardwired into your enterprise ahead of a cyberattack or hack. Gain expert insights on effective communication that can prepare stakeholders and enterprise leaders for a wide range of cyber security issues and scenarios. Be ready to act and mitigate the damage when the inevitable strikes. Sessions include:

114 The ABCs of Incident Response Management

124 First 12 Hours Post-Breach

134 Handling Breaches in 2016—Lessons Learned

144 Privacy in the IoT Era

214 + 224 Cyber Security Incident Response Hands-on Lab

234 Malware’s Threat to Critical Infrastructure

244 Practical First Response to CyberSecurity Incidents

314 Why it Happened, and what Should have Been Done

324 Using Guerrilla Warfare Tactics to Secure Vulnerable Systems

DETECT TRACKDetect anomalies and cyber security events as quickly as possible. Gain insights into who your enemies are and what they want from you ahead of an incident. Recognize and manage risks in a business and technology environment increasingly impacted by the cloud, mobile devices and other emerging innovations. Sessions include:

113 + 123 Network Forensics with Wireshark

133 Enhancing Your Security Operations with Active Defense

143 Building a World Class Threat Intel Program

213 Web Shell Detection and Mitigation

223 Curing Detection Deficit Disorder

233 + 243 Putting Intelligence Back into Threat Intel

313 Hacker Culture Shock

323 Bug Bounties

EARN 32+ CPE HOURS!ISACA is registered as a sponsor of continuing professional education on the National Registry of CPE sponsors.



RECOVER TRACKDowntime is not acceptable in most industries. Learn strategies to recover services and capabilities swiftly. Gain the knowledge and tools to get your enterprise back to business and reduce the likelihood of that type of cyber attack occurring again. Sessions include:

115 + 125 Fighting Blindfolded—Malware Containment and Mitigation with Incomplete Knowledge

135 Don’t Panic! Incident Response and Recovery

145 Recovering and Learning From a Data Incident

215 The Data Breach Lifecycle

225 Cybersecurity and Business Law

235 + 245 Data Exploitation and the Cloud: When Cloud Computing Providers Serve As A Modern Day Chopshop For Enterprise Data Exploitation

315 Planning for an Insider Incident

325 Plan, Do, Check, Act—How does your Cyber Security Incident Response Plan Measure up? EXPLORE TRACK

Leverage thought leadership and proven experience on processes, technologies and techniques that are newly emerging as solutions for cybersecurity and information systems professionals around the world. Visit the CSX Cybersecurity Nexus website and mobile app for the latest content and updates!

DEFEND TRACKGo from spectator to hands-on innovator in sessions and activities that range from witnessing the CSX Cyber Challenge to getting in on the action of data protection and recovery. Sessions include:

117 Hacking IoT

127 Implementing an IT Risk Program with NIST CSF

137 Handling Human Aspects of a Data Breach

147 Bringing Order to Data Security Chaos

217 Conducting a Phishing Awareness Program

227 Measuring and Reporting IT Security Risk

237 Applying CSF to end Security Whack-a-Mole

247 Beyond the Ones and Zeros

317 SAP Cybersecurity in the Digital World

327 Learning from Failure

CSX-tra Curricular Activities

Test your skills or learn new ones when you participate in the CSX Cyber Challenge Bring your favorite weapon (or laptop) of choice to participate in a timed, Network Security Competition while attending CSX! Conducted by the CIAS, the founders of the National Collegiate Cyber Defense Competition, the CSX Cyber Challenge is a network assessment and network defense competition combined into a single event. Registered Cyber Challenge participants will be able to compete for control of common resources and the critical services on those resources. You will be able to accumulate points for controlling and operating critical services such as SMTP, DNS, HTTP, HTTPS, SSH, and so on.

Don’t miss this great opportunity to learn important hands-on skills by competing—all while earning CPEs! Register for either the morning or afternoon session when submitting your full conference registration!

Don’t miss signing up for this special hands-on CSX North America Conference competition event! 1-50 person morning session for essential skill level competitors and, 1-50 person afternoon session for those with advanced skills. Register for one or both at no additional charge!

CSX 2016 NORTH AMERICA CONFERENCE | CSX-TRA CURRICULAR ACTIVITIES

Engage. Empower. Elevate.We believe in the empowerment of women within the global technology workforce and that female leadership is critical to the sustainment of the profession. Through its new pilot program — Connecting Women Leaders in Technology — ISACA will be offering various forms of education, events and other activities to engage, empower and elevate women within the technology landscape.

Connecting Women Leaders In Technology reception Tuesday, 18 October from 6:15 – 7:30 pm.

Make sure to get the most up-to-date session information by downloading the CSX Mobile App from iTunes or Google Play store!

Connecting Women Leaders in Technology

ENGAGE. EMPOWER. ELEVATE.

Take advantage of this opportunity to interact with peers and to build a professional network.

Get a head start on learning new techniques and making connections with fellow attendees at a dynamic pre-conference workshop. You can gain valuable tools and knowledge in a small-class, hands-on environment. Cyber security skills are in high demand—make great strides in the Cybersecurity Fundamentals or CSX Practitioner Lab Bonanza workshops, or take a deep dive into Developer’s Zero, Python, COBIT 5® for NIST, or Penetration Testing. Invest in yourself and attain in-demand knowledge that can immediately benefit your enterprise and your career.

Take advantage of these exciting opportunities to build your expertise. These two information-packed days can give you a jump start on protecting your enterprise and preparing for the next phase of your career.

Workshops designed to enhance your CSX experience and expertise.

EARN UP TOAN ADDITIONAL

14 CPE HOURS!

CSX 2016 NORTH AMERICA CONFERENCE | PRE-CONFERENCE WORKSHOPS


Workshop 1 Cybersecurity Fundamentals

Cyber security is rapidly evolving and spreading to impact every sector of global commerce and technology. As a result, it is more and more crucial that professionals involved in almost all areas of information systems understand the central concepts that frame and define this increasingly pervasive field. This workshop is ideal for information systems professionals wishing to advance their knowledge in or transfer to cyber security, and for recent college/university graduates looking to start a career in this in-demand, fiercely competitive field.

The Cybersecurity Fundamentals Workshop is designed to enhance the knowledge of beginning learners and prepare those who wish to obtain a globally recognized credential for the Cybersecurity Fundamentals Certificate Exam which can be taken online at a later date.

This workshop will cover four key areas: 1. Cybersecurity architecture principles2. Security of networks, systems, applications and data3. Incident response4. The security implications of the adoption of emerging technologies

PRESENTED BYDR. CHASE CUNNINGHAM

Threat Intelligence Lead Firehost

(2-day Workshop) Saturday, 15 October – Sunday, 16 October

9:00 a.m. – 5:00 p.m.


Workshop 2 CSX Practitioner Lab Bonanza

The CSX Practitioner Lab Bonanza offers students the opportunity to experience all of the labs, typically presented in the one week Bootcamp, in two, action-packed days. An instructor will guide them through the labs, dissecting typical problem spots, and provide students with detailed insight, ensuring student comprehension. Students will be immersed into the CSX P process and will develop a robust background, prepping them for the certification course.

Target Audience:Anyone looking to get a leg up in the CSX Practitioner certification process.

Learning Objectives:Provide students a complete hands on laboratory experience to prepare for the certification course.

PRESENTED BYTHERESA VERITY

Senior Cyber InstructorComtechTCS


9:00 a.m. – 5:00 p.m.

All attendees to provide their own laptop computer with IE11 or higher

or Google Chrome 18 or higher installed as the browser.



Workshop 3 Dev Zero Art of Exploitation: Developer’s Zero (Intro to Programming in C) is an intense introduction to programming C and C++ in a Windows environment. The 2-day version of the original 5-day Art of Exploitation course attempts to teach students the basics of problem solving and computer programming in C. Students begin with a practical introduction to variables, data types, functions and Boolean logic as it applies to conditionals in programming. By the end of the 2-day Bootcamp, students will be able to understand basic programs written in C and write simple algorithms to solve small, non-complex problems.

Target Audience:Information technology professionals with zero to limited programming experience who want a strong introduction to programming, logical problem solving and writing basic programs in C.

Learning Objectives:The course introduces students tothe C/C++ language through livelydemonstrations, simple yet practicalcoding exercises, and the pseudocodemethod where they will learn to rideproverbial “C” bike with training wheels.

The objective is to give students knowledge and experience to get started in programming and to inspire further interest in C and C++ coding.

PRESENTED BYJASON YORTY, CISSP, GXPN, GWAPT,

GPEN, GCIH, CEH Senior Cyber Instructor

ComtechTCS


9:00 a.m. – 5:00 p.m.




Workshop 4 Python for Network Security Administrators

Art of Exploitation®: Python for Network Security Administrators Edition, is an introductory Python course aimed toward security and networking topics. The course will expose students to common Python types, data manipulation, networking, command-line scripting, and parallel processing. In addition, this course covers information related to common exploits involved in Windows server systems and common virus exploits. Students will learn how to recognize exploit traffic, and the difference between attacks and poor network configuration.

Target Audience:This is a bootcamp-style introduction. Everything a student needs to succeed in the course is covered beyond a basic understanding of computers. The pace is well-suited to students who may not have any programming background, but will build sufficiently quickly to satisfy a novice or experienced programmer who may not have a strong Python background.

Learning Objectives:Provide an introduction to programming with Python. Upon completion, students will be able to script common security and networking functions.

PRESENTED BYPHIL STONER

Senior Cyber InstructorComtechTCS


9:00 a.m. – 5:00 p.m.

Class is approximately 60% hands-on, instructor facilitated training and

40% lecture-based training. Students will code in Windows 7x64 and Debian

computers using the Eclipse IDE.





Workshop 5 COBIT 5® for NIST

As part of the knowledge, tools and guidance provided through our Cybersecurity Nexus (CSX)™ program, ISACA has developed a guide and course: Implementing NIST Cybersecurity Framework Using COBIT 5®. This new course is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps and the ability to apply this information. The course and exam are for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for their enterprises.

After completing this workshop, you will be able to:

• Understand the goals of the Cybersecurity Framework (CSF)

• Know and discuss the content of the CSF and what it means to align to it

• Understand each of the seven CSF implementation steps

• Be able to apply and evaluate the implementation steps using COBIT 5

Pre-requisites:

• Basic knowledge of COBIT

• Basic knowledge of security concepts

PRESENTED BYMARK THOMAS, CGEIT, CRISC

PresidentEscoute


9:00 a.m. – 5:00 p.m.


Workshop 6 Penetration Testing and Exploitation

Art of Exploitation®: Penetration Testing and Exploitation exposes students to all manner of reconnaissance, scanning, enumeration, exploitation and pillaging for 802.3 networks. The lab topics also expose students to other important topics such as discovery, covering your tracks and persistence.

This workshop is approximately 75% hands on training and 25% instruction based training. A virtual lab environment is provided for students.

Target Audience:Penetration testers looking to broaden their overall penetration testing skill set, network engineers, system administrators, developers.

Learning Objectives:Provide in-depth exposure and hands-on practice with all facets of 802.3 hacking, vulnerability research, pivoting, exploitation, password/hash cracking, post-exploitation pillaging and methods of setting up persistence on a victim’s network.

PRESENTED BYADAM NIELSON

Cyber Instructor, Cyber SolutionsComtechTCS


9:00 a.m. – 5:00 p.m.



The Cosmopolitan of Las Vegas3708 Las Vegas Boulevard Las Vegas, Nevada 89109

+1.702.698.7575

After a day of intensive hands-on learning, you can enjoy the amenities of a hotel specially selected for CSX 2016 attendees with “just the right amount of wrong”! Take advantage of ISACA’s discounted room rate at one of the most chic hotels in Las Vegas—guest rooms and this special rate are limited, so please register soon. Be sure to mention that you are attending “ISACA’s CSX 2016 Conference” if you prefer to call in your reservation.

Conference-Only Discount Guest Room Cut Off Date:US $234/night including resort fee 23 September 2016

Guest room reservation deadline for discounted rates is Friday 23 September 2016, subject to availability. Reservation requests received after the cut-off date will be honored on a space-available and first-request basis at time of reservation. Special hotel rates are available three days prior to and three days following the main conference dates, subject to availability at time of reservation. Room reservations are guaranteed by deposit of one night’s guest room charges plus tax. The per night resort fee of US $25 includes high-speed Internet access (in-room and public areas), access to the 24-hour Fitness Center, and unlimited local, toll free and domestic long distance telephone calls (50 states). Cancellations with full refund will be allowed up until 72 hours prior to arrival date.

CSX 2016 NORTH AMERICA CONFERENCE | SPECTACULAR ACCOMMODATIONS AND VENUE


Get energized for learning in the internationally renowned resort city of Las Vegas.

CSX 2016 North America Registration Fees MEMBER NON-MEMBER

EARLY BIRD REGISTRATION US $1,550 US $1,750Register and pay by 10 August, midnight CDT (UTC-6)

REGULAR REGISTRATION US $1,750 US $1,950Register and pay by 12 October, midnight CDT (UTC-6)

ONSITE REGISTRATION US $1,950 US $2,150Register and pay after 12 October

PRE-CONFERENCE WORKSHOPSWS 1: Cybersecurity Fundamentals US $750 US $950

WS 2: CSX Practitioner Lab Bonanza US $1,150 US $1,350

WS 3: Dev O US $1,150 US $1,350

WS 4: Python for Network Security Administrators US $1,150 US $1,350

WS 5: COBIT 5® for NIST US $750 US $950

WS 6: Penetration Testing and Exploitation US $1,150 US $1,350

ENHANCED LEARNING PACKAGE US $425 US $425

Registration rate is based on the date ISACA receives payment. Entirety of registration fees must be received for your registration to be considered complete. Cancellation deadline: 16 September 2016. A cancellation charge of US $100 will be subtracted from conference refunds, and US $50 per workshop from workshop refunds. ISACA’s cancellation policy and other details are at www.isaca.org/csx2016.

CSX 2016 NORTH AMERICA CONFERENCE | REGISTRATION

CSX 2016 North America Conference and Workshop Fees Include Access to:

• Daily continental breakfast, lunch, morning and afternoon refreshment breaks

• Wireless internet in all meeting spaces

• Networking events

• The Exhibit Hall and Innovation Stage presentations

• Spotlight Education Sessions providing additional CPE credits

ELEVATE YOUR CONFERENCE EXPERIENCE.

Take your CSX 2016 North America Conference to the next level with an Enhanced Learning Package that adds convenience, comfort and optimized learning.

Learn more at www.isaca.org/csx2016

DISCOUNTS ARE AVAILABLE! Take advantage of one of the registration discounts, detailed below. All discounts apply to the main conference registration fee, and are not applicable toward pre-conference workshops. Discounts can be used in conjunction with any early bird discount available; no other discount combinations can be honored. Please contact the ISACA Conference department for more details at +1.847.660.5670 or [email protected].

GOVERNMENT DISCOUNTISACA offers a US $350 conference registration discount to government employees.

GROUP DISCOUNTISACA offers discounts to organizations sending 4 or more employees to a single conference.

ACADEMIC & STUDENT DISCOUNTSISACA offers a US $350 discount to academic institution employees and students. Please note that you must be an ISACA Student member to receive the student discount; additional membership and qualification details are at www.isaca.org/ Membership/Student-Membership/Pages/default.aspx

BECOME AN ISACA MEMBER AND SAVE!Join this vibrant, rapidly expanding community of 140,000+ professionals in more than 180 countries. These professionals have already started realizing the true value and power of connection, peer-to-peer exchange and education. Start enjoying your full benefits today by visiting www.isaca.org/membership! The cost difference between member and non-member conference rates can be applied toward your ISACA membership, which means you can become a member and save money on your Conference Registration. This offer expires 30 days following the conference. Don’t miss this opportunity to access all ISACA has to offer you—join today!

CSX 2016 NORTH AMERICA CONFERENCE | REGISTRATION


For Sponsorship Opportunities Please Contact: [email protected] or +1.847.660.5717

THANKS TO OUR PLATINUM SPONSORS!

17 – 19 October | Las Vegas, Nevada, USA

Save US $200 when you register and pay by 10 August 2016. www.isaca.org/csx2016

to succeed in today's increasingly cyber

Documents

Transcript of to succeed in today's increasingly cyber