WELCOME / Summit Overview

ISMG’s annual Fraud & Breach Prevention Summit will address topics ranging from Authentication, New Account Fraud, Biometrics, Payments Fraud, Investigations, Phishing and Email Fraud, Employee Access, Blockchain Applications, Insider Fraud, Analytics Applications and much more.

All content will be driven by our global editorial team including executive editors from publications like DataBreachtoday, BankInfoSecurity, GovInfoSecurity and HealthcareInfoSecurity. These events will provide the opportunity to learn from industry influencers, earn CPE credits, and meet with leading technology providers.

Details

Dallas, TX

April 16th, 2019

$595

Registering For a Group?
Call + 1 (609)-356-1499

Event Gallery

Matthew Maglieri

CISO, Ruby (Parent of Ashley Madison)

David Houlding

Principal Healthcare Program Manager, Microsoft

Brett Johnson

Former Most Wanted, "The Original Internet Godfather"

Tom Field

SVP Editorial, ISMG Corp.

Shawn Tuma

Partner, Scheef & Stone LLP

Nick Holland

Director of Banking and Payments, ISMG

PAST SPEAKERS / Featured Speakers For Our Dallas Summit

Brett Johnson

Former Most Wanted and "The Original Internet Godfather"

Shamoun Siddiqui

CISO, Neiman Marcus

Matthew Maglieri

CISO, Ruby, parent company of Ashley Madison

Asif Effendi

Director of Security, GE Oil & Gas - Digital

Ian Schneller

SVP, Global Information Security, Bank of America

David Houlding

Principal Healthcare Program Manager, Microsoft

Shawn Tuma

Attorney, Spencer Fane LLP

Tom Field

Senior Vice President, Editorial, ISMG

Ronald Raether

Partner, Troutman Sanders

Parrish Gunnels

CISO, Kibo Commerce

Mark Loveless

Senior Security Researcher, Duo

Jim Apger

Sr Security Architect, Splunk

Brian Engle

Founder and CEO, Riskceptional Strategies

Richard Murray

Supervisory Special Agent, FBI Dallas Cyber Task Force

Brian Wrozek

Managing Executive Director, Office of the CISO, Optiv

Dan Mathews

Director of Sales Engineering, Lastline

Jay Johnson

Partner, Jones Day

Tara Brewer

Cyber Security Advisor Program, Office of Cybersecurity and Communications, US Department of Homeland Security

Jason Clark

Insider Threat Researcher, Carnegie Mellon University CERT Insider Threat Center

Katie O'Shea

Cloud Security Specialist, Check Point

Jon Phillips

VP Loss Prevention, Neiman Marcus Group

Mike Boose

Channel/Partner Sales Engineer, Arbor Networks

Call for Speakers is Now Open!

Interested in addressing ISMG’s global audience of cybersecurity, information security, fraud, risk and compliance professionals?

Click here to learn more!

Past Schedule / Session Date & Times

Tuesday, April 16^th

Hall A
Hall B
Hall C
Hall D

8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am - 9:00 am

Opening Remarks

9:00 am - 9:45 am

Ashley Madison: Cybersecurity in a World of Discretion

Speaker:
Matthew Maglieri, CISO, Ruby, parent company of Ashley Madison

What does a targeted attack really look like? How can you effectively defend your organization? What does it take to recover from a headline-grabbing breach and rebuild trust with your customers?

Join Matthew Maglieri, CISO of Ashley Madison's parent company Ruby Life Inc. and ex-Mandiant consultant, as he presents this unique look at what is really required to defend against an advanced targeted attack and prevent the scenario that keeps us all up at night. He will discuss:

Anatomy of a targeted attack;
How to recover from a high-profile breach;
"Offensive-driven" risk management and how to best ensure breach resilience.

9:50 am - 10:20 am

Cyber Metrics: Recognizing Contingent Liabilities from Cyber Incidents

Publicly listed companies are meant to recognize contingent liabilities, which are liabilities that may be incurred depending on the outcome of an uncertain future event, on their balance sheets. Cyber incidents are increasingly probable and known to impose costs and losses on businesses. Boards, regulators, insurers and investors are increasingly asking what these contingent liabilities might amount to following a series of high-profile cyber incidents in recent years (e.g., the Yahoo!/Verizon merger). Yet many companies still do not make contingent liability provisions for cyber incidents. This session will examine methods to estimate the financial impact of various classes of security incidents and introduce attendees to a framework for estimating the contingent liabilities that their companies might face in the future.

10:20 am - 10:50 am

Exhibiting & Networking Break

10:50 am - 11:25 am

Incident Response Plans: Avoiding Common Mistakes through a Table Top Exercise

Speaker:
Ronald Raether, Partner, Troutman Sanders

During this workshop, Troutman Sanders partner Ron Raether will discuss the benefits of table top exercises. He then will explain how to conduct an effective exercise walking through mock incidents and explaining the process. Participants will:

Walk through several common incident scenarios and observe lessons to be learned when discussed by an incident response team;
Learn key features in an incident response plan and how the table top exercise works to improves each component;
Hear of common mistakes made by companies when executing an incident response plan.

11:30 am - 12:00 pm

Blockchain as a Tool for Fraud Prevention

Financial fraud can be notoriously hard to detect and easy to cover up. But does blockchain technology with its distributed digital ledger now offer a new tool to help organizations reduce risk and prevent fraud?

This session describes:

More about blockchain and its uses beyond digital currencies;
The value of blockchain to reduce financial transaction time, risk and fraud among multiple parties with a trusted, decentralized digital ledger;
Lessons from organizations that already are using blockchain technology as a tool to prevent fraud.

12:00 pm - 1:00 pm

Lunch

1:00 pm - 1:45 pm

Post-EMV: The Present and Future of Retail Fraud

Speakers:
Jon Phillips, VP Loss Prevention, Neiman Marcus Group
Shamoun Siddiqui, CISO, Neiman Marcus

With the adoption of the EMV standard for payment cards, the associated card fraud has increasingly gone down. This has resulted in cyber criminals shifting focus to other forms of fraud such as gift card fraud and fraud related to online retail purchases which are processed as Card Not Present (CNP) transactions. This has opened up new avenues for cyber defense and mitigation techniques. This presentation takes a look at:

The evolving state of fraud in the retail industry
New cyber defense techniques being utilized, including bot protection, device fingerprinting and advanced machine learning to detect fraudulent transactions.

1:50 pm - 2:30 pm

How to Start up an Insider Threat Program

Speaker:
Jason Clark, Insider Threat Researcher, Carnegie Mellon University CERT Insider Threat Center

When it comes to fraud prevention, many organizations overlook the insider threat - both the malicious actor who intends to commit fraud, as well as the accidental insider who makes a mistake or is taken advantage of by an external entity? The CERT Insider Threat Center at Carnegie Mellon University is one of the world's leading authorities on detecting insider fraud, and in this session the center's researcher will offer:

The latest research on insider fraud;
The growing role of the accidental insider in fraud schemes;
How to stand up an insider fraud detection program within your organization.

2:35 pm - 3:05 pm

Applying Ecosystem Risk Management to Reduce Fraud

Most organizations today have a complex and huge supplier/partner eco-system. There are third parties, fourth parties – lots of different vendors supplying many different products and services. And yet most enterprise third-party security programs still rely on manual, point-in-time, largely subjective assessments to evaluate and manage the security risk of their third parties.

At a time when regulators are shining a bright light on third party programs – how do you prove you are doing enough?

In this session, our security expert will share:

Data on the state of cybersecurity in the financial industry;
How the IoT landscape has made risk management even more complex;
Insights on how shifting to an ecosystem risk model can enable more proactive risk management approach.

3:05 pm - 3:25 pm

Exhbiting & Networking Break

3:25 pm - 3:55 pm

Fighting the Next Generation of Targeted BEC Attacks

Business email compromise (BEC) attacks that impersonate executives and business partners to trick employees comprise the biggest cyberthreat organizations face today. This is not news. But what may come as a surprise is that the vast majority of BEC attacks are preventable. This session will review why email spoofing works, the role social media plays in social engineering, current BEC trends and attack methods, and advances in technology that are being used to identify and block BEC attacks before they hit the inbox.

4:00 pm - 4:45 pm

Panel: Know Your Attacker: Lessons Learned from Cybercrime Investigations

Speakers:
Matthew Maglieri, CISO, Ruby, parent company of Ashley Madison
Richard Murray, Supervisory Special Agent, FBI Dallas Cyber Task Force
Ronald Raether, Partner, Troutman Sanders

"Know your customer" is a familiar refrain in business circles. But as threat actors grow in number, sophistication and cross-channel schemes, it is increasingly important for organizations to also have a clear picture of their potential attackers - whether they are nation states, cybercrime gangs or lone actors. Join this panel of law enforcement officials and internal investigators for their insights on:

Today's most prevalent cybercrime schemes - and why they are successful;
Traits of the threat actors most commonly perpetrating these schemes;
Lessons learned from actual crime investigations - and how you can put these to work to improve your own defenses.