 DefCon 19: I'm Not a Doctor, but I Play One on Your Network |
By: Tim Elrod & Stefan Morris, Security Consultants, Security Assessments Team
11.29.2011 |
| Have you ever been to the doctor and wondered where all the information they gather from you gets stored or who they share that data with? Earlier this year Tim Elrod and Stefan Morris of Fishnet Security’s Security Assessments Team spoke at the Defcon security conference in Las Vegas NV on this very subject. In this talk Tim and Stefan discuss common healthcare protocols as well as ways to discover vulnerabilities in these protocols and what that might mean to a healthcare environment. They also discuss vulnerabilities they have discovered in products from personal health record systems to prescription drug dispensing cabinets used by hospitals. You can view their presentation on Youtube, additionally you can download the presentation here. |
 |
|
|
|
|
|
|
|
|
| Security Awareness for the Mobile Workforce |
By: Joey Peloquin, Director, Enterprise Mobility
11.08.2011 |
| Smartphones, tablets, laptops, and more… today's mobile worker has more opportunities to get themselves into trouble, security-wise, than ever before. This presentation provides a high-level assessment of some of the threats facing mobile workers, and what they can do to protect themselves. Although many Enterprises already mitigate many of these, some risks remain. Furthermore, the lessons shared in this presentation are just as effective for personal assets, and can also be shared with family members. This is by no means a comprehensive list, but the education and security awareness elements herein provide a significant head-start for users, security practitioners, or risk professionals looking to expand their awareness when utilizing mobile devices |
|
|
|
|
|
|
|
| Anatomy of a Successful Exploit |
By: Benjamin Stephan, Director, Incident Management
10.4.2011 |
| The security product landscape can be a very confusing place. With so many vendors touting products that would appear to be the ultimate security solution, it’s a wonder that we even need to worry about security at all anymore. Yet, our information systems are still compromised, sometimes seemingly at will – and this is happening every day. Why? Are product capabilities that overstated or are people just undertrained in how to use them? Maybe the truth lies somewhere in between. What this track seeks to illustrate is the anatomy of an exploit, from initial contact to successful compromise, detailing the most likely security systems it will encounter along the way – what their policies looked like, and how they were defeated or perhaps were irrelevant to the problem. The purpose is to give the viewer a comprehensive end-to-end picture of how some malware compromises happen, and provide information around some ways these systems, or the people in charge of them, can be made better able to stop them. |
|
|
|
|
|
|
|
| HIPAA Compliance... It's Not Just for Healthcare Organizations Anymore |
By: Bill Carver, Director, Governance, Risk and Compliance
8.30.2011 |
With recent legislation, HIPAA compliance is now a challenge facing not only Health Care organizations, but also their Business Associates. Many different types of organizations who handle Protected Health Information (PHI), not just Covered Entities, will now need to comply with the HIPAA Security Rule and HITECH. Since the passing of HITECH (The Health Information Technology for Economic and Clinical Health Act) the requirements of HIPAA now extend to Business Associates; which could include nearly any business vertical (law firms, marketing companies and service providers). The challenge for many is understanding their responsibilities as designated in the Business Associate Agreements, discovering how compliant their organization is currently, and prioritizing and executing remediation efforts where necessary.
Whether you are a Health Care organization, or a Business Associate, this presentation will help provide you with the information you need to know about new requirements and the changing landscape of HIPAA compliance. |
|
|
|
|
|
|
|
| Mobile Forensics Tools: To Buy, or Not to Buy |
By: Joey Peloquin, Director, Mobile Security &
John Riding, Senior Security Consultant
5.26.2011 |
| When analyzing mobile devices for personal data leakage and other information disclosure risks, do commercial tools produce more findings, or can open source tools and hacker techniques find more (potentially) sensitive information? Should we make an investment in potentially tens of thousands of dollars worth of commercial software, and the hardware to support it? We'll explore these questions, and others, as we test the resolve of expensive commercial forensics tools against FOSS and the techniques potential attackers could use against your lost or stolen corporate devices. |
|
|
|
|
|
|
|
Securing the Mobile Workforce
formerly Enterprise Mobility Defined
|
By: Joey Peloquin, Director, Mobile Security &
Dan Thormodsgaard, Vice President, Solutions Architecture
5.26.2011 |
| Employees are now maximizing efficiency by working via iPhones, iPads, Android phones and other mobile computing devices, many of which are their own devices, consumer devices, along with personal applications and data. We call this “The Consumerization of IT”. In this session, we’ll explore the threats facing mobile devices and applications, and attendees will learn how support and secure the evolving mobile workforce. |
|
|
|
|
|
|
|