Taking a unified approach to vulnerability and risk management
KEYNOTE: Tony Sager, Chief of the Information Assurance Directorate's (IAD) Vulnerability Analysis and Operations (VAO) Group, National Security Agency (NSA)
In order to manage their risks, organizations must bring together many types of information, including the vulnerability of their overall operations, applications and infrastructure; the identification of critical threats; and information from incident logs and sensors. Sager will describe how security standards devised by the NSA will soon allow us to unify information from diverse sources like Red and Blue Team testing, enterprise management tools, product test results, security event sensors and cyber incident reports.
Data handling/security
Gene Fredriksen, Global Chief Information Security Officer, Tyco International
Data arguably is the most important asset that companies have these days. How does a company decide what data to secure and what not to, and which kinds of solutions and processes must be considered to keep it from being hacked? And how do companies engage their customers to help? Fredriksen discusses a holistic approach to protect today's corporate crown jewels.
Compliance & risk management planning
Scott Crawford, Research Director, Enterprise Management Associates (EMA)
Companies have a legion of regulatory mandates to which they must comply. Now more than ever before information security is a business imperative - an expectation of consumers, board members, executive leaders and, yes, regulators to operate a sound and reasonable corporation. To fully integrate security into daily business endeavors requires evolutionary thinking in the way of tying it to operations. Crawford provides some advice on how to achieve this end.
Locking down the network
Dan Lohrmann, Chief Information Security Officer, State of Michigan
As the network perimeter continues to erode, security pros are finding that they have a lot to worry about. From its database to endpoints outside the organization's LAN, there is a bevy of moving targets housing critical data that needs protecting. Lohrmann discusses the steps which must be taken to get this done.
Security awareness and training
Jeffrey Richard, Vice President, Corporate Information Security, State Street Corporation
One of the most critical undertakings a security practitioner can take to protect informational assets is to train corporate end-users on their roles protecting these assets. Yet some attempts at training and awareness programs can become a bit too rote. Richard identifies the more innovative approaches filled with rich learning experiences that organizations can take to encourage end-users to take part in overall information security programs.
Future threats and risky applications
Greg Bell, principal and national services leader of privacy and continuity, KPMG
Internet threats and attack methods abound, but which ones are the most risky for companies in the coming months? Are there some applications being used in companies that need special care and attention when it comes to IT security? What about vulnerabilities to these and other parts of the corporate network? Bell discusses the risk priorities and the day-to-day business activities that need safeguarding now.