ICT Security-Sécurité PC et Internet

Quick Facts

Date : 29-30 Novembre
Location: Leuven (Belgium)
Price : Free
Places : Limited (First registered, First serve)

Agenda
The agenda is a sound mix between Application Security, Forensics, Risk Management and represents the current security landscape at large rather well: Building security into Applications in Enterprises, Managing Application Level Vulnerabilities, Source code review on a large scale. It also has 2 innovative talks on exploit mitigation and sandboxing javascript.

 

- Browser Security - John Wilander

- Sandboxing Javascript - Lieven Desmet

- Body Armor for Binaries - Asia Slowinska

- Forensics - Marc Hullegie and Kees Mastwijk

- Streamlining Application Vulnerability Management: Communication Between Development and Security Teams - Dan Cornell

- Code review for Large Companies - Ruediger Bachmann

- Making Security Invisible by Becoming the Developer’s Best Friends - Dinis Cruz

- OWASP Top 10 vs Drupal - Erwin Geirnaert

- Panel Discussion about the legal aspects of penetration testing

 

Learn more:

http://blog.zoller.lu/2012/11/owasp-benelux-2012-invitation.html

 

Organizations are failing to respond to the culture of employees using their own mobile devices for work and are opening up their systems to security risks.

These are the preliminary findings of a survey by PwC and Infosecurity Europe.

82% of large organisations reported security breaches caused by staff, including 47% who lost or leaked confidential information.

Only 39% of large organisations encrypt data downloaded to smart phones and tablets
54% of small businesses (38% of large organisations) don’t have a security awareness programme
While 52% of small businesses say social networking sites are important to their business, only 8% monitor what their staff post on those sites.

 

Some 75% of large organisations (and 61% of small businesses) allow staff to use smart phones and tablets to connect to their corporate systems and yet only 39% (24% of small businesses) apply data encryption on the devices.

 

Read more...

As online file sharing becomes increasingly common as a business practice, SMBs are more at risk than ever before, according to Symantec.

 

A new survey revealed that SMB employees are increasingly adopting unmanaged, personal-use online file sharing solutions without permission from IT, part of the broader trend of the consumerization of IT in which the adoption of online services for use on personal mobile devices blurs the lines between work and play.

 

These early-adopter behaviors – like those driving the use of file sharing technology – are making organizations vulnerable to security threats and potential data loss.

 

Read more:

http://www.net-security.org/secworld.php?id=13133

 

Prevent and Mitigate Security Breaches
Encrypt data on all computers and storage devices, including removable storage devices and drives.

Use the Microsoft Security Assessment Tool (MSAT) to help identify risks in your IT security environment and build a plan to successfully manage the risk.

The Windows Security Compliance Toolkit contains step-by-step guidance for deploying BitLocker Drive Encryption and the Encrypting File System (EFS) in enterprise environments.

Use the Data Encryption Toolkit for Mobile PCs to effectively implement BitLocker and EFS for mobile PCs.
Be aware of the details of breach notification laws in all regions in which you conduct business. Work closely with your general counsel to follow the proper procedure in the event of a security breach. National and local laws vary considerably.
Consider using Object access auditing for items associated with the administrator accounts so that actions can be monitored.
Enforce the use of strong passwords throughout your organization.