Day 3 @ RSA Conference Asia Pacific & Japan 2016 （afternoon）

roger2001c

13.30 hrs Keynote    Security in the World-Sized Web
Bruce Schneier，Chief Technology Officer, Resilient, an IBM Company, and Security

Information technology permeates all aspects of our lives. The combination of mobile, cloud computing, the IoT, persistent computing and autonomy are resulting in a World-Sized Web with great benefits but is vulnerable to a host of new threats. This talk will look at attempts to secure these systems and at technologies, laws, regulations, economic incentives and social norms we need to secure them in the future.

attacker scared
fwe attackert can do more damage by tech
attacker are too powerful succed
more security survived attacker
how to design gov to solve those problems
push gov involvement
computer do physical things
debate on auto-driver


14.00 hrs Keynote    Business Defence -- Managing the Insider Threat with Security Analytics
Alex Taverner，Head of Cyber, Commercial Solutions - JAPAC, BAE Systems
The insider threat is becoming increasingly difficult to detect and manage, as traditional toolsets are rendered largely ineffective. Thinking must evolve from formulaic remediation to a proactive approach considering changes in peoples' behaviours. How can the convergence of Big Data, threat intelligence and analytics help organizations defend against the insider threat?
Insider:局内人，就是指内部人员




14.20 hrs Keynote    Maximize the Value of Your Threat Intelligence
Jason Rolleston， Vice President of Product Management for Security Analytics, Intel
Security issues and threats make you vigilant in your efforts to keep your company assets safe. This session will explore why gaining better visibility into threats and risks is key to effective protection, and will help you understand why an open, adaptive and integrated ecosystem is necessary and how threat intelligence shared in real-time underpins security efficiency and resilience.

architecture drivers  velocity （速度）
consolidation
orchestration 和谐




14.40 hrs Keynote    How to Build a World-Class Network Defence Organization
Chris Coryea，Cyber Intelligence Services Manager, Lockheed Martin

A Lockheed Martin cybersecurity expert shares practical, real-world tips on tackling the top three myths encountered while working with fortune 500 cyber-teams. Attendees will leave with clear direction on how to apply lessons learned from anecdotes shared.

outpace 超过
campaign heat map
enlightenment 启示
三个维度：Technology / framework / people
每个维度从三个方面进行分析：myth truth enlightenment




15:15 - 16:00 Tracks

Global Perspectives    A New World, New IT, New Security
Jackie Chen，Chief Product and Marketing Officer, Sangfor Technologies

New IT and business environments require new security architecture changes. New security is much more complex than just isolating the network with trusted and untrusted zones. Real-time security visibility through detection is the foundation for the new and proactive security. Fast response and adaption are needed when incidents happen, as well as automated and visualized provision and operation methods.







eFraud & Law Enforcement    Data and Surveillance
Bruce Schneier， Chief Technology Officer, Resilient, an IBM Company, and Security Technologist

Surveillance is one of the core technologies of the Internet. Corporations and governments use it for profit and control, and they share information with each other or lose it to cybercriminals in data breaches. We cooperate with corporate surveillance because it promises convenience and submit to government surveillance because it promises protection. The result is a mass surveillance society.


Cloud, Mobile, & IoT Security    Managing Security in Internet of Things Using API Management Platforms
Suhas Desai，Vice President - Digital Security, Aujas Networks Pvt Ltd

This session will cover security issues in connected devices (Internet of Things), security measures to consider during its integration with API management platforms and security issues with consumer applications and their cloud deployment.


Security Strategy & Data Security    Operationalizing the Three Principles of Advanced Threat Detection
Zulfikar Ramzan，Chief Technology Officer, RSA

The cybersecurity industry continues to migrate from a focus on prevention to a focus on faster detection and more comprehensive response. In this session, we will lay out the three principles of an effective threat detection program that organizations must understand and operationalize to achieve success in the new security paradigm.



Security Strategy & Data Security    Security Awareness Is Not Enough: Build Security Culture Using Science of Habits
Bikash Barai，Co-Founder, Cigital India

We know eating french fries is bad for our health, but we still do it. Awareness is not sufficient to change user behaviour or build the right security culture. This session will cover the recent research on behavioural psychology, 'habit cycle' and culture formation. Why is it so hard to change culture? How can you use the science of habits to change your IT security culture?



Threats & Threat Actors    Threat Intelligence Landscape in China
Feng Xue，Founder, ThreatBook

In this session, Feng Xue will talk about the landscape of cyberthreat intelligence in China through case studies and stories. Among others, he will explore the very recent case of XCodeGhost, a group of hackers who managed to compromise almost all the iPhones in China, totaling about 100 million, and DarkHotel Operation 8651, where enterprises in China were targeted by attackers through APTs.




16:30 - 17:15 Tracks
eFraud & Law Enforcement    Dark Web Globetrotters: Differences in Seven Underground Markets
Ryan Flores，Senior Manager, Forward Looking Threat Intelligence, Trend Micro

Worldwide underground markets are as unique as cultures around the planet. These markets are directed at individual nations or regions, all specifically targeting certain clientele. This talk will explore the many undergrounds that exist globally, what they sell and offer, and how they differ from each other.




Threats & Threat Actors    Exploit Zoo: The Evolution of Exploit Kits
Jordan Forssman，Director, Proofpoint, Inc.

Exploit kits (EKs) have evolved to become the most widely used arsenal in the attackers toolbox. This talk will look at a broad spectrum of EKs and their evolution, deconstructs the various components and delivery methods, and uncovers evasive techniques used to make these attacks so devastating. The session will also provide access to a knowledge base and open source tools to help stay ahead of the game.



Global Perspectives    Extending Your Security beyond Traditional Safe Borders with OpenDNS
Demetris Booth，Head of Security Product Marketing & Evangelism (APJC), Cisco

In today's cloud-connected world, the way we work has changed, but security has not. When over half of the PC's in today's organizations are mobile, you need to protect them everywhere, not just inside the office. This session will discuss how OpenDNS works with Cisco Advanced Malware Protection (AMP) to provide advanced intelligence to predict and thwart future threats.





Cloud, Mobile, & IoT Security    Eyes Everywhere: Monitoring Today's Borderless Landscape
Bill Shinn，Principal Security Solutions Architect, Amazon Web Services

Perimeter security is difficult when the perimeter is no longer clear. Today's IT landscapes often span on-premises data centers as well as public cloud, not to mention direct user interaction from mobile devices. In this session you will learn about monitoring techniques at unlimited scale and most importantly how to extract meaning from the data.



Global Perspectives    Govern Every Identity. Inspect Every Packet - Become the Department of Yes
It's time to stop saying No out of fear. It's time for a radically different point of view made possible by adaptive, risk-based security. With it, you can govern every identity and inspect every packet, achieving better outcomes faster and more securely. So start pushing beyond traditional boundaries, dive into the cloud, mobility and the Internet of Things. It's time to become the Department of Yes.



Security Strategy & Data Security    The Journey: From Right Objectives to a Measurable GRC System
Lenka Fibikova，Head of IT Governance, Risk and Compliance, Marina Bay Sands

We have heard plenty of times that we cannot manage what we cannot measure. But what to measure to manage effectively? How much to measure to manage efficiently? This session will introduce a step-by-step approach towards a measurable GRC system, from defining the right objectives to creating pragmatic metrics. The target: To deliver valuable numbers while keeping an eye on the big picture.




来自为知笔记(Wiz)