On demand editorial sessions - 2011 Spring Conference
Getting Ready for Cyberwar: Protecting the CNI – Opinions on whether we are currently at cyberwar, ready for cyberwar, or even aware of cyberwar, are incredibly varied, depending on who you speak to. Forget about what ‘could’ or ‘might’ happen, and let’s focus on what the situation is right now. Are we defending against political espionage? Which countries are firing ‘cyber’ shots? Are we ready for cyber attacks from foreign attackers? What is the US government doing about cyberwar? This session hopes to answer these big, and very important, questions.
Speaker 1: W. Hord Tipton, Executive Director, (ISC)2
Speaker 2: Edward Amoroso, Senior Vice President & Chief Security Officer, AT&T Services
Smart phones, apps, and crowd sourcing – Employees are increasingly expecting – and demanding – company smart phones, on which they can email and carry out other work-related tasks, such as salesforce.com. The complications, however, arise when they want to download applications and use their devices for non-work related means. Outsourcing the development of mobile applications (crowd sourcing) is part of the problem. This session will look at crowd sourcing, application security, and just what employees are – and should – be using their work smart phones for.
Speaker 1: Justin Clarke, President, London Chapter of OWASP and Executive Director/Co-Founder, Gotham Digital Science
Speaker 2: Chris Wysopal, Chief Technology Officer/Co-Founder, Veracode
How to educate your workforce – The importance of educating your workforce about information security has been acknowledged for some time now, as has the significance of awareness. However, organizations are still using old-fashioned video tapes (yes, video tapes!) and big, thick policies to ‘educate’ their employees. It is time to update awareness campaigns and make educational programs interesting, and dare we say it, enjoyable. This session will tell you how!
Speaker 1: Adrian Davis, Senior Security Researcher, ISF
Speaker 2: Martin Smith, CEO, The Security Company
Building Trust in the Cloud – Being able to trust that your data is safe in the cloud is crucial to the adoption of cloud services. Identity and access management is a key consideration in building this trust. Add to this transparency, compliance and data protection measures, and the result is a trusted cloud. This session will look at how to turn the concept of a trusted cloud into reality.
Speaker 1: Adrian Davis, Senior Security Researcher, ISF
Speaker 2: Keiron Northmore, Chief of Operations, First Base Technolgies
Malware: The Bad, the Ugly, and the Uglier – It has been predicted by industry experts for some time now that malware – botnet-type malware, in particular – will continue to become more sophisticated and more threatening. The word ‘stuxnet’ proves this to be true. In this session you will discover the anatomy of the virus and its attacks, and learn how to put defenses in place to stop a breach. This session will also take a look at what malware has in store for us in 2011.
Speaker 1: Rik Ferguson, Solutions Architect, Trend Micro
Speaker 2: Melih Abdulhayoglu, CEO, Comodo
Forensic Analysis in the Cloud – Compliance has always been a tricky balancing act, especially when dealing with regulations across jurisdictional boundaries. Now cloud computing has complicated the mix even further, with providers storing data around the globe. So how can you avoid the headache of jurisdictional roadblocks in the event of an alleged breach event that requires investigation? This session will examine the questions you need to ask, and the agreements that should be in place, before you hand your infrastructure, platforms, and/or data over to a cloud provider
Speaker 1: Professor John Walker FBCS CISM CITP MFSSoc A.IISP, Visiting Professor & CTO Secure-Bastion - a World Class Organisation
Speaker 2: Michael Panico, Vice President, Stroz Friedberg
Preventing Insider Data Leaks - WikiLeaks is certainly a word that will have featured quite heavily in the vocabulary of information security professionals over the past few months. Whatever your opinion on the WikiLeaks phenomenon however, you will recognize the crucial need to plug any holes which could lead to the accidental or malicious leak of internal data.
Gone are the days when ‘keeping the bad stuff out’ was the only mantra. These days, ‘keeping the good stuff in’ is every bit as important. This session will offer advice on how to plug those holes which could lead to the loss of company data.
Speaker 1: Paul Henry, Security and Forensic Analyst, Lumension
Speaker 2: Marc Spitler, Senior Risk Analyst, Verizon RISK Intelligence Team
The death of endpoint security? – The increasingly mobile workforce, coupled with the increased ‘consumerisation’ of devices in the enterprise space, has led many security professionals to call for a new approach to security. Rather than securing end points, some now advocate for a data-centric approach to security. This session will examine exactly what a data-centric approach to security entails, and what the future holds for end point device security.
Speaker 1: Chris Burchett, Chief Technology Officer/Co-Founder, Credant Technologies
Speaker 2: Paul Simmonds, Board Member/Co-Founder, Jericho Forum
Speaker 3: Paul Zimski, Vice President of Solution Strategy, Lumension
Security in the Age of *Any* Computing: Risks, Options and Automation for Mobile and Endpoint Controls - Users want access to information on any device, from anywhere, at anytime. Then there¹s the dynamics of virtualization and coping with new world threats. Whatever control you thought you had over the IT environment is gone. But what about data privacy, data leakage, unauthorized access, rogue WAPs and malware threats? This provocative session, lead by distinguished analyst Mike Rothman of Securosis, exposes issues, examines processes and weighs technical options that you can apply today to advance mobile, wireless and endpoint security. Explore data classification and network segmentation, policy development and enforcement, preempting access violations, and the means to automate respective security controls.
Speaker 1: Mike Rothman, Analyst and President, Securosis
Speaker 2: Scott Gordon, Vice President, ForeScout Technologies
CISSPs and SSCPs members can receive 1 CPE credit for attending each webinar. You can earn the credit by simply specifying your number on the registration form and correctly answering 3 multiple choice polling questions about the program at the end of the event.
Please note that all CPEs are subject to auditing and a proof of attendance will be required.