Community: Webcasts


PCI & Encryption: Limiting Legal Exposure & Maintaining Compliance

The PCI standards require that we encrypt our data, but it fails to require that we do it securely. In this webcast we will consider how to correctly manage encryption within a PCI environment and discuss how proper implementation can limit your exposure by potentially eliminating the need to publicly report compromises to cardholders. In addition we will discuss full disk encryption and how it relates to PCI compliance. Go to Webcast

Virtualization and PCI: 5 Things to Know and Check

Virtualization and cloud computing can have a very positive impact on our ability to manage our IT environment. Some of the most common questions we receive are, "Can you use virtualization in a PCI environment?" and "Are there any special concerns for PCI that I need to be aware of?" In this webcast, David Hoelzer will answer these questions and provide you with a list of the top five configuration issues that you must address to ensure the security of your cardholder environment. Go to Webcast

A Revolution in Federal Cyber Security: Continuous Automated FISMA Reporting - What's Required By OMB? What Works?

Federal cyber security is undergoing the greatest changes since passage of GISRA and FISMA a decade ago. There will be new winners, new security heroes. This session presents the people who have helped shape the new OMB reporting and who have demonstrated how automated reporting can be done and how effective it is. Go to Webcast

Prioritizing an Audit Program Using the Consensus Audit Guidelines (CAG)

Most organizations are faced with the question today - which security controls really make a difference to the security of their data? Government agencies and industry experts can potentially recommend thousands of important controls to protect information. How do we know which controls will make the biggest impact, especially in light of threats such as the Advanced Persistent Threat (APT) and similar cyber-crime activities? How do audit groups know which controls make the biggest impact and should be the priorities of their assessments? A new initiative by leading US government and private sector groups was formed in 2009 to address these issues via what are known as the 20 Critical Controls or the Consensus Audit Guidelines. In this webcast, presented by James Tarala, co-author and instructor of the SANS course on the 20 Critical Controls, we will discuss the importance of these controls and how they can be used to drive an audit or defensive security program in an organization. Go to Webcast

Monitoring Administrators Activity in a Virtual Environment

RSA's Mike Foley will present use cases illustrating how application of RSA technology in security information event management, two-factor authentication and configuration management can be applied today to support best practices. Go to Webcast

Privileged User Monitoring: Automating Compliance & Managing Risk

This webcast will present the challenges related to privileged user monitoring and highly efficient ways to overcome them. Through real end-users sharing their stories and an expert panel discussion, you'll gain insight into how to detect and thwart rogue behavior. Go to Webcast

Automating Firewall Assessment and Audits- Keep Your Firewalls Secure and Compliant in a Fraction of the Time

In this thirty minute webcast, learn how to avoid common firewall issues such as misconfigurations, conflicting rules, and more. Joe Ford, VP of Professional Services and CTO of Patriot Technologies, explains how to automate the steps to assess, audit, and optimize your firewall deployment. Go to Webcast

SANS Sixth Annual Log Management Survey, Part I: More Log Data, More Uses

For the past six years, SANS has been monitoring the evolution of log management and log usage through its annual Log Management Surveys. In this webcast, we release the results of our sixth annual log management survey, written by SANS Analyst Jerry Shenk, who will reveal trends reported by respondents this year and compare to years past. (Teasers: Organizations want logs for network operations and other non-traditional uses, and they?re looking up the stack to gather logs from more applications). Go to Webcast

Database Monitoring - Beyond Compliance to Pro-active Information Protection

Database Activity Monitoring plays an important part in various regulatory compliance mandates, by monitoring and logging all database activity to ensure that sensitive data is being access appropriately, and by the right people. But DAM can also play a vital role in incident response processes. When tightly integrated within an enterprise security management platform, database monitoring provides valuable context that can be used to actively protect your network from data loss and fraud. Go to Webcast

SANS Sixth Annual Log Management Survey, Part II: Deriving More Value from More Data

In this webcast, senior SANS Analyst Jerry Shenk releases survey data indicating that organizations have overcome initial problems with collecting the data they want. Now that they're collecting so much log data, they're issue is getting meaningful reporting and analysis out of that data. (Teaser: Our survey indicates that larger organizations are deriving better reporting and analysis results by using different vendor solutions for these purposes.) Go to Webcast

SIEM and DLP - Strength in Integration

This one-hour webcast explores how using DLP in combination with SIEM solutions can enhance your overall security posture. Learn how the content-aware information discovery of the RSA(r) Data Loss Prevention Suite can complement the powerful analysis and correlation features of RSA enVision(r) to simplify security operations and streamline the process of understanding security risk. Go to Webcast

IT Audit for the Virtual Environment

Organizations are now overcoming their security fears and diving into server virtualization to serve a variety of purposes. But what does the PCI DSS auditor know about virtualization? This panel discusses how to help auditors locate and ensure secure processes around sensitive data in all stages of development while bringing the auditor to the next level in which virtualization is used to enhance the audit experience? Go to Webcast

What's New For Security In Windows 7 and Server 2008-R2

SANS presents a quick overview of the larger security changes in Windows 7 and Windows Server 2008-R2. Receive an executive summary of the security enhancements in Windows 7/2008-R2 to help IT engineers and managers make more-informed decisions about deployment, the relative value of Windows 7 over XP/Vista, and to help guide further independent research. This talk will not be pro-Microsoft propaganda or a sales pitch. The author and speaker, Mr. Jason Fossen, does not work for Microsoft, though he does specialize in Windows (in)security as a consultant and is an instructor for SANS Institute. Go to Webcast

The Future of SIM and Log Management - Becoming a Part of the Mainstream

What is IT service management and how will it affect the security practitioner? How does the current state of SIM and logging utilities address the SOC/NOC/ITSM convergence? What are the operational and control blindspots that affect service delivery, incident response, acceptable use and compliance adherence? How will service-oriented management empower the security organization, processes and measurements? What will the next generation SIEM look like and what can it do for you and your organization? Go to Webcast

Three Keys To Understanding and Implementing the Twenty Critical Controls for Improved Security in Federal Agencies

  • Alan Paller - Update on the 20 Critical Controls
  • James Tarala - Example of 20 Critical Controls Driving an Audit Program
  • Eric Cole - Example of 20 Critical Controls Stopping an Attack
  • Question & Answer Time
Go to Webcast

Mid-Market PCI Survival Guide: Strategies for Securing Your Web Applications

PCI compliance and web application security are major concerns for mid-sized businesses. With looming compliance deadlines and IT budgets being scrutinized, the challenge for the middle-market is how to effectively mitigate web application vulnerabilities while avoiding costly fines and excess impact on security operations. It is important to know that PCI offers a couple of solutions to ensure compliance, and that these tools act as a starting point for identifying vulnerabilities in web applications. In this webcast, Kevin Johnson and Justin Searle will be exploring the w3af open-source tool that can help test your web applications. The presenters will also reveal best practices for preventing attackers from exploiting application vulnerabilities as well as discussing proven solutions such as Web Application Firewalls (WAFs) that can be used to significantly mitigate these threats. Go to Webcast

Meeting PCI Data Security Standards: It's more than log collection

It's no secret that the frequency and intensity of credit card and identity theft is on the rise. A quick glance at the major headlines these days reveals that there are major blind spots in the security infrastructures of retailers, merchants, and banks. These blind spots are now resulting in compromised customer and consumer data. Visibility, alerting and reporting are three key disciplines that a monitoring platform must bring to any regulated environment. Learn about the key monitoring requirements and best practices that should be included in your approach to meeting the PCI standard and its requirements. Go to Webcast

Making Your Web Applications PCI Compliant

Featuring: Dennis Hurst & David Rice. Go to Webcast