Stream 3:

13:30
State of the Phish™ 2018: – What Your Peers are Doing to Reduce Successful Phishing Attacks

Paul Down

Wombat Security Technologies’ EMEA Area Director, Paul Down, discusses key findings from the 2018 State of the Phish™ Report:

  • Aggregation and analysis of data from tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period
  • Reponses from quarterly surveys of Wombat’s, as well as data from an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors
  • Insights into current vulnerabilities, industry-specific phishing metrics, and emerging threats
13:30
How to Tackle the GDPR: A Typical Privacy & Security Roadmap

Ian Evans

As a new era of privacy regulations approaches, security and compliance professionals need to make GDPR a top priority. It is essential to build a roadmap with both privacy and security in mind. In this session, we’ll discuss the importance of privacy management within the context of your existing security and compliance ecosystem –– how it fits into the larger puzzle, why it has been precariously overlooked in the past, and how it can be seamlessly integrated as a function among the information security, information technology, risk management, audit and compliance, as well as legal areas in your organization. We’ll address the importance of demonstrating on-going compliance with privacy regulations like GDPR, and how privacy management software can support security and GRC teams.

13:30
Security in the Age of Open Source

Damian Saunders

Open source software is being embraced by individual developers, enterprises, and the federal government. Everyone knows that open source is "free" to acquire, but beyond that exists strong opinions and few facts. How much open source is really being used in the applications you buy? Does the "many eyes theory" make open source more secure? Does my security testing address vulnerabilities in open source? Can static and dynamic analysis help secure the open source used by organizations?

This session will provide insight from real world data abstracted from 2 independent research projects; The Future of Open Source and Open Source Security in Commercial Applications to compare what organizations believe they should do against empirical data from hundreds of code audits performed by Black Duck on Demand. The data will show:

The composition of open source v. proprietary code in the average code base, and how that has changed over the past 5 years
The gap between the number of open source components used vs. what was known by the organization
The number, severity, and age of security vulnerabilities in the open source components
An understanding of which components have underactive support communities
The value of traditional testing tools like static and dynamic analysis, and where they best fit in the Secure Development Lifecycle
Controls development and security professionals can deploy to select, detect, manage and monitor open source for existing and newly disclosed vulnerabilities