Agenda Day 2 - SC Magazine US

Mobile Version Subscribe Contact Us About Us Advertising Editorial SC UK SC Aus/NZ

RSS | Login | Register

Track 1: Policy / Management

Within organizations, security fits a business function. Tasks associated with business management and policy-related guidelines take up a significant amount of attention for CISOs. This track helps security professionals prioritize, better understand and provide guidance around important topics, such as PCI, DRM, security awareness and privacy. These timely topics will be of value to security personnel at all levels.

Track 2: Emerging Threats / Risk Planning

Emerging threats and risk planning go hand in hand, as you can't map out your business risk without a firm understanding of the wide variety of threats faced by your organization. Sessions in this track will focus on the risk planning and mitigation theme, as well as the latest emerging threats faced by organizations, and the best practices implemented to thwart them. Topics discussed will include secure coding, offshoring, vendor risk assessments, as well as dangerous attack vectors. This track is of value to all in the profession, but particularly to those needing to know more about what the bad guys are up to.

Track 3: Editor's Choice

Given the constant change in the environment, every security line of business needs to be flexible. The Editor's Choice track addresses that change with sessions focusing on extremely timely issues as seen through the eyes of SC Magazine's Editor-in-Chief Illena Armstrong. In addition, hear from a number of the latest innovators in the security industry discussing international cybercrime, breach PR best practices, and how to keep current with issues and the latest trends. This track is intended for all in the industry wanting to stay on top of the latest security issues faced by their organizations.

Track 4: Technical

This track offers a deeper dive for the more technical security and IT professionals at the conference. More emphasis will be given on technical aspects of threats and vulnerabilities, as well as relevant solutions, as opposed to the more executive focused content in the other three tracks.

Wednesday, December 10, 2008
	Track 1: Policy/Management
8:30am - 9:30am	PLENARY 4 (open to all) Consumer Data -- For Your Eyes Only -- Moderator: Dan Kaplan, Senior Reporter, SC Magazine -- Neil Warner, CISO, GoDaddy.com 2007 and 2008 saw a deluge of lost customer data from a number of sources -- TJX, universities and Hannaford, among them. Few see, control and need to secure as much data as one of the leading internet hosts. What are these types doing with our data? How are they keeping it as risk free as possible, and what can we expect going forward?
9:45am - 10:30am	Session 5
	HIPAA: Not Just Your Health Care Provider's Problem Anymore -- How does HIPPA affect your organization? -- Bobby Singh, director, information security, Smart Systems for Health Agency -- David Mortman, CSO in Residence, Echelon One HIPAA just doesn't effect healthcare related companies any longer. Organizations from other markets must do what is necessary to safeguard employee health care records. These experts will show you the way.
10:45am - 11:30am	Session 6
	Practical Security and Privacy -- Debunking the Myths and Making it Happen -- Moderator: Eric Green, Program Director, SC World Congress -- Warren Axelrod, chief privacy officer and business information security officer, US Trust -- Daniel Schutzer, executive director, Financial Services Technology Consortium -- Jennifer Bayuk, author and independant consultant Today's security professionals are being sent into battle with yesterday's weapons to fight tomorrow's wars. No wonder there is concern that we are losing the battles against the bad guys. The panelists will offer pragmatic advice, based on decades of experience, as to which items in our toolkit are effective and which are not, and what needs to be done to prepare for the future. The discussion will particularly focus on the FSSCC R&D Challenges and the IRC Hard Problems List as guides to the difficult areas that need to be addressed with urgency.
11:30am - 12:15pm	Exhibit Floor Break
12:30pm - 1:30pm	PLENARY 5 / Lunch Cybersecurity from the Eyes of an Executive -- Moderator: Chuck Miller, Online Editor, SC Magazine As a security professional the fight with executives for budget is inevitible. Here we get what is on their mind -- to help guide in your decision and plan making.
1:45pm - 2:30pm	Session 7
	An Eye on your Employees -- Policy and Ethics -- Moderator: Illena Armstrong, Editor-in-Chief, SC Magazine -- Dan Lohrmann, CSO, State of Michigan -- Joyce Brocaglia, CEO, Alta Associates New business tools -- from IM to social networking and Web 2.0 in general -- are changing how we do business, but it in turn effects our organizational security policy and moreover brings ethics and behavioral attributes into business decision-making.
2:45pm - 3:45pm	PLENARY 6 (open to all) International Response to Cyber Threats -- Moderator: Howard Schmidt, President & CEO , Information Security Forum, Ltd. -- Mohd Noor Amin, chairman, Management Board, IMPACT -- Shawn Henry, Assistant Director FBI Cyber Division -- Alexander Seger, Head of Economic Crime Division, Directorate General of Human Rights and Legal Affairs, Council of Europe Terrorism is without question a worldwide problem on any number of levels. But by the very nature of the medium, cyber terrorism is international and borderless by definition and needs to be treated in such a fashion for the security of all of us. This international panel faces this challenge daily and will discuss their respective experiences and insight.

	Track 2: Emerging Threats / Risk Planning
8:30am - 9:30am	PLENARY 4 -- See Track 1
9:45am - 10:30am	Session 5
	Data Loss Prevention -- A Road To Less Risky Business -- Jeff Debrosse, Research Director, North America, ESET, LLC -- Roger Fye, Vice President, Information Technology, Dial Global Some of the most valuable assets any company has are its customer data and intellectual property (IP). When the frequency and cost of data breaches outweigh other security concerns, it is time to reassess the risks. We'll discuss how data loss prevention focuses on protecting those assets, the bottom line and brand strength of companies.
10:45am - 11:30am	Breakout 6
	Web Security and Malware: Threats, Causes and Solutions -- Patrick Peterson, Cisco Fellow, IronPort Systems, a Cisco Business Unit -- Steve Wernikoff, staff attorney with the Federal Trade Commission in Chicago Over the past year we have seen an increase in both the volume and sophistication of security threats on the Internet. Malware, spyware and crimeware gangs have more sophisticated methods to generate and propagate more malicious code such as key loggers and system monitors and they have immense financial incentive. Learn how infections can occur, the potential risks of an attack and how you can prepare your organization to confront these threats with a combination of defense at the firewall and gateway.
11:30am - 12:15pm	Exhibit Floor Break
12:30pm - 1:30pm	PLENARY 5 / Lunch -- See Track 1
1:45pm - 2:30pm	Session 7
	Web 2.0 and Behavior Targetting -- Risk vs. Reward -- Craig Spiezle, Director, Security & Privacy Product Management, Internet Explorer, Microsoft -- Ari Schwartz, VP and COO, Center for Democracy and Technology (CDT) Discussion around evolutional web 2.0 mashups and the resulting security and privacy implications impacting both the enterprise and the consumer.
2:45pm - 3:45pm	PLENARY 6 -- See Track 1

	Track 3: Editor's Choice
8:30am - 9:30am	PLENARY 4 -- See Track 1
9:45am - 10:30am	Session 5
	The Latest Security Threats that go Bump in the Night -- Moderator: Illena Armstrong, Editor-in-Chief, SC Magazine -- Tony Sager, chief, Information Assurance Directorate's Vulnerability Analysis and Operations Group, National Security Agency -- Jon Gossels, President & CEO, System Experts -- Bob West, CEO, Echelon One -- Lysa Myers, Director of Research, West Coast Labs What are the next biggest threat vectors that corporate CSOs feel they may not be as well prepared for as they should be? Wireless LANs? Mobile computing? Virtualization or cloud computing? Web 2.0? We gather some leading information security practitioners to talk to us about what's threats are worrying them and what steps they're taking to address these?
10:45am - 11:30am	Session 6
	Offshoring -- Risk vs. Reward -- Moderator: Dan Kaplan, Senior Reporter, SC Magazine -- Jody R. Westby, Esq, CEO, Global Cyber Risk LLC Whether it's a strong Service Level Agreement (SLA) or stringent security checks and balances. Organizations need to know the risk facts before jumping into an offshoring relationship.
11:30am - 12:15pm	Exhibit Floor Break
12:30pm - 1:30pm	PLENARY 5 / Lunch -- See Track 1
1:45pm - 2:30pm	Session 7
	Breach PR -- Best Practices -- Moderator: Dan Kaplan, Senior Reporter, SC Magazine -- Maurice Hampton, Information Security Program Manager, GE -- Global Infrastructure Services -- Rich Baich, Principal, Deloitte and Touche -- Steve Collins, director, and security sector lead, Text 100 Public Relations It's all gone horribly wrong. Data was lost -- important customer data -- and worse yet, it's already in the news. We may point fingers at companies when it happens, but the reality is we are all at risk of being there. So when it happens to you, what do you do?
2:45pm - 3:45pm	PLENARY 6 -- See Track 1

Co-sponsored by:

	Track 4: Security, Compliance, Audit and Governance
8:30am - 9:30am	PLENARY 4 -- See Track 1
9:45am - 10:30am	Session 5
	Outsourcing Security Pros/Cons -- Tom Brennan, Global Board Member of OWASP Foundation/Security Evangelist, WhiteHat Security Security as a service, managed security services, security in the cloud, hosted security services -- are you baffled by the myriad ways security vendors are packaging their services? Would it be easier to simply keep security in-house? Possibly, but in an economic climate where outsourcing and offshoring are the norm and every security dollar is meticulously scrutinized, it pays to have a thorough grasp of these offerings before defining a security sourcing strategy. This session defines and analyzes the options available to better enable decision-makers to make the right choice for their organization.
10:45am - 11:30am	Breakout 6
	Security Aspects of Compliance -- Mark Lobel, principal, PricewaterhouseCoopers Information security and integrity are underlying tenets of every regulatory compliance act. Yet, many compliance efforts are driven in silos, leaving gaps or duplication of work and causing confusion for all involved. This session provides an overview of the security requirements of the more significant compliance acts and provide a guide for optimizing the value of IT security for your compliance requirements. You will hear ideas for how to create a global approach to security controls that could replace a piecemeal approach for each regulatory requirement.
11:30am - 12:15pm	Exhibit Floor Break
12:30pm - 1:30pm	PLENARY 5 / Lunch -- See Track 1
1:45pm - 2:30pm	Session 7
	Compliance Optimization -- Moderator: Gregory Albertyn, Partner, Riebeeck Associates -- Alexander Abramov, vice president in IT Risk Management, JPMorgan -- Yonesy F. Nuñez, manager, IT Governance, Security and Compliance, Pall Corporation -- Carlos Recalde, Senior Vice President, Lehman Brothers -- Robert Parham Jr, director Information Security Governance, Horizon Blue Cross Blue Shield of New Jersey Hear from several top practitioners, each in a different industry, on how they assure their organizations' compliance associated with multiple regulations -- without duplication of work or additional funding.
2:45pm - 3:45pm	PLENARY 6 -- See Track 1