Track Description  

Securing your organization’s data against direct threats continues to be a rapidly evolving challenge for many businesses. How do you mitigate security breaches and prevent compromising your systems and human infrastructures? The Information Assurance track will not only give you a better understanding of the issues associated with these dangers, it will explore emerging technologies and leading industry standards that will help your organization stay at the forefront of data security. Thank you to our track sponsor, EMC.

Track Sessions

Security Economics in a Recession

Pete Lindstrom, Research Director, Spire Security, Philadelphia

Security management is a double-edged sword in times of recession. On the one hand, inappropriate risk management did a lot to get us into this mess. On the other, security spending is up and there is little to show for it - after all, when security is working, nothing happens. When considering this problem, two questions always rise to the top. First, how do we ensure that we are being as effective as possible by minimizing risk with the resources we are given? And second, how do we conduct security operations most efficiently?

Social Networks and Information Security - Oxymoron or can you have both?

Ben Rothke, Senior Security Consultant, BT Global Services, New York City

Social networks simultaneously offer huge business benefits and unheard of security risks. How can enterprises effectively use social networks while not putting their security and data at risk? Social networks are an information security game changer, and enterprises and their management are struggling to understand and deal with the security risks of social networks. Traditional information security protected your corporate IT perimeter. But that won’t help in the web 2.0 era of social networks, as effective security for social networking require a security focus shift from infrastructure protection to data protection.

Building and Managing Information Security Frameworks - ISO 27001/27002

Evan Tegethoff, Director of Risk and Compliance Management, Accuvant, Chicago

This session will be an interactive, in-depth forum discussing how organizations are building and managing information security frameworks based upon standards such as ISO 27001/ 27002, to more effectively manage enterprise risk. Evan will lead a lively discussion around building a long-term, self-sustaining, pain-free compliance strategy that manages and mitigates enterprise risk. Agenda: § What common frameworks are being deployed to leading security organizations? § Overview of ISO 27001/27002 (17799) § Understanding common compliance requirements and mapping them to a security framework and control sets § Creating compliance metrics that measure the effectiveness and efficiency of an organization § Adapting automated and preventive controls § Strategies for intelligently assessing, monitoring, correlating, and reporting on all aspects of enterprise compliance and risk.

Five Steps to Replacing Trust with Process for Privileged Users

A long history of highly publicized data breaches from privileged users like IT administrators precedes us. Yet a recent report from the Government Accountability Office found that nearly all 24 major federal agencies still have inadequate security for privileged users. For government organizations, the integrity of private information about your constituents is of the utmost importance. In other cases, our nation’s very safety depends on the security of data in government networks. Historical and recent examples of data breaches offer us a lesson in how these crimes are perpetrated and what responses have worked best. This session will also cover anonymous case studies of organizations that have implemented processes to meet compliance regulations and prevent security breaches from the inside with a step-by-step guide to get your department or agency up to par with the some of the most secure networks in the world.

Nip it in the Vuln

Justin Kallhoff, CEO, Infogressive

If you’re not scared to surf the Internet, you should be. The information security landscape has changed drastically in the past five years. This presentation will identify myths and provide statistical ammunition to help manage risk effectively.  This frank discussion of security threats and best mitigation strategies is perfect for Managers, Directors and IT Staff who want to make better, more informed decisions.

CISO Panel - Inside the Security Story

Moderator: Ron Woerner, Security Analyst, HDR
Panelists: Mick Atteberry, CEO, Mick Atteberry and Associates
Steve Clauson, Senior Manager of Security Governance, TD Ameritrade
Scott E. Christiansen, Chief Security Officer, Leo A Daly

In today’s Information Age, it’s critical for IT professionals to understand how security and hackers operate.  This is accomplished by developing your security mindset. This interactive session will help you look at your world through a hacker’s lens, so you will better understand, prioritize, and mitigate your and your organization’s risks.  It’s more than just how to break security, but also how to determine its criticality and how to fix it.  Here you will learn from seasoned security professionals what it takes to develop your “inner-hacker” and develop your security mindset.

The Truths (and Myths) About Assessments, Planning and Implementing

Rick Shaw, CEO/President, Awareity, Lincoln

If you had to make a choice between a three-legged stool with three strong legs or a three-legged stool with one or two noticeably weaker legs, which would you choose? If you also knew that the ground beneath you was going to be constantly moving and shifting, which stool would you choose? Your organization is essentially sitting on a three-legged stool 1) Assessments 2) Planning/Developing 3) Implementing; and the ground (budgets, risks, threats, competition, etc.) is constantly moving and shifting. This session will help you improve the strength and stability of all three legs using actual stories and lessons learned that you can use with your organization. Who should attend? All managers. Why? Because most managers will not live long enough to make all their own mistakes, so managers need to learn from the mistakes of others and this is your opportunity to do just that. Rick will discuss real world examples of incidents and provide interactive case studies to share proven steps organizational leaders can use to implement lessons learned and improve management efforts across all appropriate departments, locations, entities and personnel.

Web Attacks and How to Stop Them

John M. Rogers, Senior Application Security Engineer, Lincoln Financial Group

This session will present examples of the latest web threats and attacks as well as methods of infection and the resulting issues. From this information, we will look at existing and emerging web security resources, techniques, and technologies, and will explain how they work and what they cover.  This session includes both technical and non-technical tools for assessing and addressing secure development needs.

Bypassing Memory Protection in Modern Windows Exploits

Jim O'Gorman, Consultant, Continuum Worldwide

Microsoft has gotten a lot better at preventing remote code execution on newer versions of Windows thanks to new and improvement protection mechanisms. However, in some cases these protections can still be bypassed. We will take a look at Data Execution Prevention, the protection that it provides, and how to bypass it. This will mean a lot of time spent in a debugger looking at registers, plenty of Hex, and playing with some assembly so be ready to get your hands dirty. All live demo, no slides.

Program is subject to change.

Track Leader 

Ron Woerner - HDR