Agenda Day 1 - SC Magazine US

Mobile Version Subscribe Contact Us About Us Advertising Editorial SC UK SC Aus/NZ

RSS | Login | Register

Track 1: Policy / Management

Within organizations, security fits a business function. Tasks associated with business management and policy-related guidelines take up a significant amount of attention for CISOs. This track helps security professionals prioritize, better understand and provide guidance around important topics, such as PCI, DRM, security awareness and privacy. These timely topics will be of value to security personnel at all levels.

Track 2: Emerging Threats / Risk Planning

Emerging threats and risk planning go hand in hand, as you can't map out your business risk without a firm understanding of the wide variety of threats faced by your organization. Sessions in this track will focus on the risk planning and mitigation theme, as well as the latest emerging threats faced by organizations, and the best practices implemented to thwart them. Topics discussed will include secure coding, offshoring, vendor risk assessments, as well as dangerous attack vectors. This track is of value to all in the profession, but particularly to those needing to know more about what the bad guys are up to.

Track 3: Editor's Choice

Given the constant change in the environment, every security line of business needs to be flexible. The Editor's Choice track addresses that change with sessions focusing on extremely timely issues as seen through the eyes of SC Magazine's Editor-in-Chief Illena Armstrong. In addition, hear from a number of the latest innovators in the security industry discussing international cybercrime, breach PR best practices, and how to keep current with issues and the latest trends. This track is intended for all in the industry wanting to stay on top of the latest security issues faced by their organizations.

Track 4: Technical

This track offers a deeper dive for the more technical security and IT professionals at the conference. More emphasis will be given on technical aspects of threats and vulnerabilities, as well as relevant solutions, as opposed to the more executive focused content in the other three tracks.

Tuesday, December 9, 2008
	Track 1: Policy / Management
8.30 - 9.30am	PLENARY 1 (Open to all) A View From The Top -- Karen Evans, administrator of E-Government and Information Technology, U.S. Office of Management and Budget Moderator: Illena Armstrong, Editor-in-Chief, SC Magazine The growing wave of data theft, advanced internet crime and cyberterrorism is crashing over legitimate businesses and governments on a global basis. From organized criminals turning massive profits by selling stolen data to aggressive political nationals and organizations waging war on their enemies through the internet, today's cybercriminals are fast-becoming as unbridled as yesterday's lawless gunfighters -- but with much more sophistication and better resources. How can legitimate businesses and government agencies better police and combat these modern-day malefactors to protect our society?
9:45am - 10:30am	Session 1
	PCI: More Data = More Regulation...Finally -- Bob Russo, General Manager, PCI Security Standards Council -- Troy Leach, Technical Director, PCI Security Standards Council The payment card industry has worked hard, with the help of government, to standardize practices and secure the credit card transactions that take place in North America. See what the future holds for this industry which effects each and every one of us.
10:45am - 11:30am	Session 2
	Securing your mobile blind spot — 24/7 Laptop Security -- Dor Skuler, General Manager, Mobile Security Solutions, Alcatel-Lucent -- TBD Laptops that leave the enterprise fall into a "mobile blind spot," outside the reach of IT's protective measures. Is there an alternative to leaving security in the hands of end-users? Recent studies show encryption may not be enough to satisfy on-going concerns. Discover new technologies to manage and secure mobile laptops and the data they contain 24x7, regardless of whether the laptop is on or off.
11:30am - 12:15pm	Exhibit Floor Break
12:30pm - 1:30pm	PLENARY 2 (open to all) Keynote: Global data threats -- Louis Freeh, Former Director, FBI -- Moderator: Dan Kaplan, Senior Reporter, SC Magazine Louis Freeh will speak about present issues associated with data security and outsourcing. In addition, he will touch on software piracy, intellectual property and copyright.
1:45pm - 2:30pm	Session 3
	Managing Information in Organizations with no Geographical Borders: The essential cookbook ingredients -- Moderator: Eric Green, Program Director, SC World Congress -- Paul Simmonds, Board of Management, Jericho Forum; global IS integrated assurance director, AstraZeneca Plc. Secure DRM, information classification, information asset management -- they're all essential ingredients in everyone's cookbook of how to manage information -- securely. One recipe does not fit all, but the ingredients and the tools to blend them in the right ways to produce the right solutions for your business are (nearly) all available.
2:45pm - 3:30pm	Session 4
	MS-SAAS: Managed Security-Software as a Service -- Moderator: Susan Lutz CEO of ETSec Inc. -- Curtis Blount, Chief Data Security Officer, Cowen & Co. -- Dr. Pamela Fusco, CISSP, CISM, CHS-III -- Kenneth Woodruff, Director, Lexmark International Inc. Delivery of dynamic security policy management using a patented approach to service-oriented architecture (SOA), enabling automatic distribution of enterprise-level security services, including real-time monitoring and delivery of patches and updates, to a client's constituent base over the internet. .
3:30pm - 4:30pm	Exhibit Floor Break
4:30pm - 5:30pm	PLENARY 3 (open to all) The Commission on Cybersecurity for the 44th Presidency -- Rep. Jim Langevin (D-R.I.) -- Rep. Michael McCaul (Rep.-TX) -- Lieutenant General Harry D. Raduege Jr. (USAF, Ret), chairman of the Center for Network Innovation at Deloitte & Touche LLP -- Marcus Sachs, executive director for government affairs, national security policy, Verizon Communications This will be your first opportunity to hear the finalized plan released in December that this commission will be using to advise the next president of the United States on the most critical cybersecurity issues facing the nation.

	Track 2: Emerging Threats / Risk Planning
8.30 - 9.30am	PLENARY 1 (See Track 1)
9:45am - 10:30am	Session 1
	Vendor Risk Assessment: Time = Money -- Moderator: Dan Kaplan, Senior Reporter, SC Magazine -- Royal Hansen, Vice President Information Risk, Goldman Sachs -- M. Eric Johnson, Professor, Tuck School of Business at Dartmouth College -- Charlie Miller, Consultant, The Santa Fe Group / BITS Shared Assessments Program All organizations have some sort of analysis which must be completed before working with external vendors. At best it's a bit tedious and mind numbing, at worst it's a highly time consuming and expensive process. What are some best practices in this area, success stories and pitfalls to be avoided?
10:45am - 11:30am	Session 2
	Risk Comes in all Sizes: From SMBs to Multinationals -- similarities and differences in risk mitigation -- Moderator: Illena Armstrong, Editor-in-Chief, SC Magazine -- Dave Cullinane, CISO, eBay -- Renee Guttmann, Vice President, Information Security & Privacy Officer, Time Warner Inc. -- Steven Peltzman, CIO, The Museum of Modern Art Everyone thinks their industry, their company, their division is different, but risk has more commonalities than most people believe. In this session, explore best practices in mapping risk, regardless of your company or business division size, global footprint or revenue.
11:30am - 12:15pm	Exhibit Floor Break
12:30pm - 1:30pm	PLENARY 2 (See Track 1)
1:45pm - 2:30pm	Session 3
	The Key to Secure Coding: Secure Code -- Moderator: Dan Kaplan, Senior Reporter, SC Magazine -- Mano Paul, Software Assurance Advisor, (ISC)²-- Paul Kurtz, Executive Director, Software Assurance Forum for Excellence in Code (SAFECode) -- Joe Jarzombek, Director Software Assurance, DHS Whether it is a rush to market, insufficient training or just plain sloppiness, our software- coding processes all continue to need improvement and monitoring. Who do we hold accountable and how? What can end the cycle of vulnerabilities due to coding errors?
2:45pm - 3:30pm	Session 4
	State of the State on Security Current Threats, Trends and Future Insight -- Moderator: Rob Pate, Former Director, Strategic Operations, NCSD, DHS -- Kimberly Kiefer Peretti, Senior Counsel, Computer Crime and Intellectual Property Section, U.S, Department of Justice - Jerry Dixon, Director of Analysis, Team Cymru & Former Director, NCSD, DHS Hear about what some of the most widespread and proliferating threats are, the trends behind how they spread and get into our companies and agency systems and what the future might have in store for us. Latest threats, malware attacks and general cybersecurity are things that should keep you up at night. We examine methods to avoid stepping into them.
3:30pm - 4:30pm	Exhibit Floor Break
4:30pm - 5:30pm	PLENARY 3 (See Track 1)

	Track 3: Editor's Choice
8:30am - 9:30am	PLENARY 1 -- See Track 1
9:45am - 10:30am	Session 1
	Secure Business Collaboration: Do It Now -- Moderator: Chuck Miller, Online Editor, SC Magazine -- Adrian Seccombe, CISO and Senior Enterprise Information Architect, Eli Lilly and Company & Jericho Forum Board Member Whether your organization is internationally focused or domestic, forward-thinking organizations are moving toward greater business collaboration with their business partners, from all constituencies (partners, suppliers, customers, outworkers). Of course, they want this with greater flexibility, at lower cost and with more security. And they want it today. So why should it be a best-kept secret that they can do a lot of it immediately Collaboration-oriented architectures are the key. More than 80 percent of the technology is already available. It's adopting the right mindset that's the hardest part.
10:45am - 11:30am	Session 2
	International Cybercrime -- Who you Gonna Call? -- Moderator: Phyllis A. Schneck, Ph.D., founding chairman and chairman emeritus, InfraGard National Members Alliance; vice president, Cyber Intelligence and Critical Infrastructure Protection, McAfee, Inc. -- John Iannarelli, Supervisory Special Agent, FBI -- Harper Boucher, INTERPOL Special Representative to the United Nations -- Kevin Hyland, Detective Inspector, Metropolitan Police ACC -- Ed Lowery, Assistant Special Agent in Charge, U.S. Secret Service Your company network has been breached, information stolen -- who you going to call first? One of your company laptops was stolen at an international location and information vital to your financial institution or retail IP is now being used to blackmail you and your board. A worker has been blackmailed by enemy combatants of the United States and is feeding information vital to national critical infrastructure to a perceived terrorist group -- with all of this who can help and how? And in the end, how do they all work together?
11:30am - 12:15pm	Exhibit Floor Break
12:30pm - 1:30pm	PLENARY 2 / Lunch -- See Track 1
1:45pm - 2:30pm	Session 3
	The Financial Impact of Cyber Security -- Moderator: Chuck Miller, Online Editor, SC Magazine -- Ty Sagalow, President, Product Development, General Insurance, AIG This session will show you how to bring the multiple stakeholders in cyber security together and give them, in the form of strategic questions to be asked by the company's chief financial officer or chief executive officer, a roadmap for developing a multi-disciplinary risk management approach to analyze, manage, and mitigate the financial risks of cyber security.
2:45pm - 3:30pm	Session 4
	Data and HIPAA -- Robert Israel, vice president and chief information officer, John C. Linoln Health Network -- Stan Waddell, assistant vice president and CISO, UT Southwestern Medical Center -- Larry Whiteside Jr., CISO, Visiting Nurse Service of New York In health care more than any other regulated or unregulated industry, security is more challenging due to the longevity with which data needs to be retained. These experts who deal with this very issue on a daily basis are here to shed light on this challenge.
2:45pm - 3:45pm	PLENARY 3 -- See Track 1

Co-sponsored by:

	Track 4: Security, Compliance, Audit and Governance
8.30 - 9.30am	PLENARY 1 (See Track 1)
9:45am - 10:30am	Session 1
	IT Security Governance -- Carlos Recalde, senior vice president, Lehman Brothers -- Ted Jestin, CISO, senior vice-president, Lehman Brothers Information security governance is a subset discipline of corporate governance. There are many players involved in managing information security, but ultimate accountability lies with the board of directors. Success lies in establishing well-understood policies, guidelines and procedures with all key stakeholders, including: information technology architecture and management; corporate risk management; global and regional human resources; legal and compliance requirements; corporate (physical) security; finance; and business unit leaders. Learn to leverage existing frameworks to negotiate information security into the fabric of an organization.
10:45am - 11:30am	Session 2
	IT Risk Management -- John Pironti, chief information risk strategist, CompuCom Systems, Inc. Knowing your information assets and understanding their risks is a key for designing an effective IT risk management program. Regulatory, operational and legal requirements change as information assets move through their lifecycle. Learn how IT risk management activities -- assessments, control design, verification and reporting -- are shaped and prioritized by the asset classification and evolving requirements.
11:30am - 12:15pm	Exhibit Floor Break
12:30pm - 1:30pm	PLENARY 2 (See Track 1)
1:45pm - 2:30pm	Session 3
	IT Security Audit -- Yonesy F. Nuñez, Global Manager of IT Governance, Security and Compliance, Pall Corporation -- Greg Kyrytschenko, Director Information Security, People's United Bank Audit brings value to the business by providing unbiased opinion about the design and operational effectiveness of controls. The asurance of security controls provides the crucial ingredient of business sustainability. What is the role of IT security audit and how can it bring better value above and beyond just providing assurance to the board. Representatives from media and the financial sector will discuss their unique regulatory and business environments and the impact it has on internal audit.
2:45pm - 3:30pm	Session 4
	Your Auditor is Your Friend -- Really! -- Moderator: Felix Ramirez, Partner, Riebeeck Associates -- Alexander Abramov, Vice President in IT Risk Management, JPMorgan -- Robert A. Levine, Robert A. Levine & Associates Auditors wearing a white glove and checking for dust on the mainframes are a myth. Keeping in mind they are checking for things you should be doing anyway, here are ways to have them help you with management and other business units to achieve your security plans.
3:30pm - 4:30pm	Exhibit Floor Break
4:30pm - 5:30pm	PLENARY 3 (See Track 1)