IBM Security 2017 Lunch and Learn Series
2 likes999 views
This document provides information on the 2017 Lunch & Learn Series hosted by IBM on various information security topics. The sessions will be delivered live and onsite, customized for the audience and with time for discussion. Lunch will be provided. Contact information is provided for Jeff Miller to learn more. A list of potential session topics is given covering areas like risk management controls, securing mobile and cloud environments, identity and access management, cyber resilience practices, and using cognitive systems for security.
IBM Security 2017 Lunch and Learn Series
- 1. 2017 Lunch & Learn Series Education and thought-leadership for information security professionals and stakeholders • Sessions are designed to be delivered live and onsite, customized to the audience, and adapted to time requirements. • Lunch will be provided by IBM and/or supporting business partner. JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM
- 2. 2 IBM Security SUMMARY: LUNCH & LEARN SERIES Top 14 IT Risk Management Controls Securing the Mobile Enterprise; How IBM Keeps IBM Safe While Going Mobile IBM’s 10 Essential Security Practices Five Steps to Securing Your Companies “Crown Jewels” Cyber Resilience; Leading Incident Response Practices Security Considerations for the Cloud – SaaS, PaaS, IaaS Identity and Access Management; Challenges, Trends, and Solutions Big Data Requires Big Protection – Leading Practices Next Generation Cybersecurity – Cognitive Systems and IBM Watson for Cybersecurity Securing System Z (z/OS) Implications of the EU’s General Data Protection Regulation (GDPR) JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM
- 3. 3 IBM Security TOPIC AGENDA & DISCUSSION POINTS Top 14 IT Risk Management Controls • Serves as a Security Program overview, includes findings from IBM's annual CISO survey on the most adopted and invested IT Risk Management controls • Represents a blend of popular frameworks, e.g. NIST, SANS, and COBIT • Discusses top controls within the context of tiered maturity, e.g. Basic, Proficient, and Optimized Securing System Z • Top Mainframe Security Risks • z/OS security challenges – policies & execution • Leading practices—data, application, identity, access, security intelligence, audit, compliance • Introduction to zSecure • Assessment programs & workshops Application Security: Leading Practices • Why Application Security Matters—threat landscape (Ponemon, Verizon DBIR, and OWASP) • Understanding the Business Case—value drivers, metrics, and ROI • Controls—Dynamic (DAST), Static (SAST), Interactive (IAST), Open Source (OSS), Pen Testing • Emerging innovation—IBM Watson for Application Security • Leading practices—Risk-based approach, securing the SDLC, integrating with DevOps practices JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM
- 4. 4 IBM Security TOPIC AGENDA & DISCUSSION POINTS Cyber Resilience: Incident Response Leading Practices • Cyber Resiliency Trends—2016 Ponemon Research Study • Proactive Response—leading IR practices in knowledge management, orchestration, and workflow • Breach Notification—managing privacy, compliance, regulatory requirements • Day in the Life—an introduction to the Resilient IR platform Identity and Access Management (IAM): Trends, Challenges & Solutions • Digital transformation implications and identity as the new perimeter • Aligning capabilities to business requirements, assessing maturity, and defining priorities • Apply Design Thinking Principles to your IAM program • Leading practices—business centric terminology, roles vs entitlements, recertification, multi-factor, privileged identity, self-service, risk-based and context-aware access mgmt, bring your-own-ID, biometrics, on-time passwords, separation-of-duties (SoD) • Architecture considerations—cloud apps & platforms, mobile, micro-services, APIs, open standards, cross-site authentication, and integrating legacy apps • Intelligent governance and monitoring JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM
- 5. 5 IBM Security TOPIC AGENDA & DISCUSSION POINTS Next Generation Cybersecurity – Cognitive Systems and IBM Watson for Cybersecurity • Research Findings—Cybersecurity in the Cognitive Era • Watson for Cybersecurity—how it works • Current Use Cases and Results—Security Intelligence and Application Security Implications of the EU’s General Data Protection Regulation (GDPR) • Overview & key terminology • Stakeholders – Data Subjects, Controllers and Processors • Accountability & enforcement • Practical implications & preparation • How IBM can help Five Steps to Securing Your Companies ‘Crown Jewels’ • Data Security & Exfiltration – Trends, Targets, and Business Impact • Data Types – Understanding & Prioritizing Critical Data • Protecting Critical Data – IBM’s 5 Step Methodology & Tools • Leading Practices – the Crawl, Walk, Run Approach Introduction, IBM’s 10 Essential Security Practices • IBM’s 10 Essential Practices is a strategic security assessment methodology that creates the foundation for all our security program recommendations and improvements • It can incorporate input from other recognized standards, such as the NIST Cybersecurity Framework, ISO 27001 / ISO 27002 standards PCI-DSS 3.2, and the OWASP Top 10 risks JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM
- 6. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU