|
Conference Sessions
 Virtual Reality: Understanding the Security and Compliance Implications of Server VirtualizationTuesday, November 30 - 4:00 pm–4:00 pm Server virtualization is hot! Whether your executives think Green or simply want to save some Green, everyone is deploying virtualization - the benefits are undeniable. As we embrace Virtualization, we must strategically approach Security and Compliance from the start. Virtualization introduces new attack surfaces and a swath of new availability risks. This brave new world also impacts how we approach Compliance, Governance, and Risk Management. Corman will explore best practices and real world successes in assuring virtualization benefits while mitigating new risks. Are you virtually secure? Or are you securely virtual? Speaker - Joshua Corman, Principal Security Strategist, IBM Internet Security Systems
Preventing Data Leaks: How to Identify, Protect and Sustain Sensitive Data Concept: Data Leak PreventionTuesday, November 30 - 4:00 pm–4:00 pm For security programs to be successful in 2008, executives must be able to consistently evaluate their organization's security performance, determine the highest "at risk" areas within the organization, and ensure that their most sensitive data remains protected. This includes: evaluating sensitive information, writing enforceable policies, implementing appropriate security mechanisms, educating employees on policies and compliance, and assessing and monitoring the security program once in place. Businesses who can find a way to securely share information and protect it from exploitation while complying with strictly enforced governmental regulations will emerge as leaders. This session will discuss the value of protecting sensitive content within an organization and study the steps required to plan, implement, deploy and sustain a solution to secure it. Speaker - Todd Graham, Chief Scientist, RSA, The Security Division of EMC
Building Security into Your Software Development LifecycleTuesday, November 30 - 4:00 pm–4:00 pm In the beginning, software vendors thought that they could handle security vulnerabilities as they handle software bugs using their regular support process. Unfortunately, it's not so easy. Software security vulnerabilities are not like other software defects; they have a timeline and they are not simply triggered by random user events. Once attackers know how to exploit a vulnerability, they will actively attack until it is patched. This "window of vulnerability" has gotten smaller with auto-update and patch management solutions, but having a window of vulnerability at all is a problem. If you are not doing anything to reduce security flaws during your development cycle, you certainly have them in your software. In this presentation, Chris Wysopal will explain the steps that reduce security defects and how they will be beneficial to securing your code. Speaker - Chris Wysopal, Co-Founder and CTO, Veracode
Fixing the Security Blind Spot: New Strategies to Monitor and Stop Insider ThreatsTuesday, November 30 - 4:00 pm–4:00 pm According to a survey from the Computer Security Institute, 2007 marked the first year that insider threats topped external attacks as the most pressing security issue. Despite efforts to prevent these breaches, businesses remain shockingly vulnerable. Internal blind spots leave companies open to fraud, policy violations and theft of intellectual property. Security managers lack the real-time monitoring and policy enforcement tools to effectively see and manage end-user activity. What can security teams do? This session will discuss existing approaches and current constraints to preventing insider threats. Attendees will learn new strategies and techniques for minimizing their risks. Speaker - Paul Smith, CEO, Packet Motion
Anatomy of a Malware AttackTuesday, November 30 - 4:00 pm–4:00 pm Today the threat has changed. Hackers are no longer kids trying to create a name for themselves; they're professionals with a vast network and are capable of increasingly sophisticated and highly targeted attacks. In fact, many of today's attacks are so stealthy that the victims may not even realize their systems have been compromised for days, weeks or even months. So how do organizations address malware attacks as part of their overall risk management program? What steps can you take to ensure that your organization is not the next TJX or Ameritrade. This session will provide an overview of the attacks targeting the enterprise today and an insider's look into how a malware attack is executed and what tools are needed to respond effectively. The presentation will provide recent statistics on malware from the Kaspersky Anti-Virus Research Lab in Moscow and the specific business risks they represent. Key components of the presentation will include: risk analysis, virus dissection, and recommended mitigation frameworks. Speaker - Tom Bowers, Evangelist, Kaspersky Lab
What About the Endpoint? A Discussion of Endpoint Security Concepts and TrendsTuesday, November 30 - 4:00 pm–4:00 pm The attack community has begun to shift gears and focus more on the endpoint and less on the network and supporting infrastructure that the endpoint relies upon. This new level of attention has already resulted in numerous attacks using spyware tools, Trojan horse applications, keystroke loggers, and other malicious software that is being installed without the knowledge of the users and under the radar screen of current endpoint protection techniques. This session will discuss the key concepts that need to be considered when choosing an endpoint security solution and highlight some of the capabilities that exist in the market today for endpoint security solutions. Moderator - John Pironti, Chief Information Risk Strategist, Getronics John P. Pironti is the Chief Information Risk Strategist at Getronics. He has designed and implemented enterprise wide electronic business solutions, information security programs, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, government, hospitality, aerospace and information technology. Mr. Pironti has a number of industry certifications including Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and a Information Systems Security Management Professional (ISSMP). He is also a published author and writer, and a frequent speaker on electronic business and security topics at domestic and international industry conferences.
NAC, NAC, What's There?Tuesday, November 30 - 4:00 pm–4:00 pm Network access control has been offered as the Swiss army knife of IT security solutions. It has promised to provide authentication, policy enforcement, identity and access management, ongoing security for the life of a connection, seamless usage in any network that is NAC enabled, and many other capabilities. If NAC is the answer then what is the right question to ask? This session will provide a realistic perspective on what NAC can and cannot provide in regards to information security. Concepts that will be discussed will include an update on vendor interoperability and standards, case studies of successful and not so successful implementations, an overview of what NAC truly can and cannot provide, discussion of requirements (both network and application), and what the future holds for NAC. |
