CSI SX Main Themes
There are a few driving forces that are radically changing security this year. We are focusing SX in these areas that can't be ignored, offering multi-speaker "summit" sessions that will explore risk vs benefit, security cost vs business value. Learn from the wisdom of others, and share your own.
Virtualization:
While virtualization's greatest security benefit is how it enables resource isolation (i.e. putting each egg in its own basket), virtualization's greatest security risk is how it enables resource consolidation (i.e. putting too many eggs in one basket). And while virtualization saves money on hardware and operational costs, a virtual environment could cost more to secure. How do you decide on whether or not virtualization is right for your organization?
Web 2.0:
Adopting Web 2.0 as the new, user-centric, service-oriented platform offers both irresistible business opportunities and undeniable security threats. The security management challenges posed by Web 2.0 applications, such as social networking sites and microblogs, are numerous, as are the security vulnerabilities inherent in the underlying Internet infrastructure and scripting languages. How do you balance the benefits against the risks?
The Web 2.0 Summit will show you how to embrace Web 2.0 now as securely as is currently possible, and how to effectively work with Web developers now to head off the security problems of the future.
Compliance:
IT, legal, human resources and accounting departments all have different standards and regulations to comply with, with different auditing processes and different reports to generate. Even infrequent changes to FISMA, PCI, SOX, HIPAA, GLBA, HSPD-12, FDCC, SAS 70 or BASEL II can make compliance seem impossible.
You'll come away knowing how to use security metrics, operational controls and a unified compliance framework to reduce certification and accreditation complexities, streamline compliance efforts and provide auditors and executives with the information they need.
Security Management:
Until the United States and the global economy recover from the current recession, business and risk models must account for frequent and rapid change. Security product vendors may be hit by economic uncertainty as well, affecting your organization. An unprecedented economy brings a host of new security concerns-now is the time to learn how to address them. In addition, our new government may bring about some changes that you should be prepared for.
The sessions in the Management Tools track will help security professionals manage change in this uncertain economy.
Cloud Taming:
Cloud computing has some exceptionally attractive qualities: Users can access cloud resources from anywhere; organizations can slim down data centers because servers and infrastructure are owned and maintained by someone else; endpoints don't need application software updates; and scaling issues melt away.
But despite its many benefits, the fact is that cloud computing is a shotgun wedding between virtualization and Web 2.0-neither of which come without significant security challenges. It's unclear whether users of cloud-based resources can still prove compliance with security and privacy regulations-cloud users cannot be sure what server they're accessing or who else can access it. Additionally, cloud resources are owned by a third party-a third party who may not share their log files with either you, auditors or forensic investigators.
Starting with the Virtualization Summit on Sunday, continuing with numerous sessions on Web 2.0, right through to the General Sessions on Tuesday, CSI SX will show you how organizations can (or cannot) prove that their cloud-based data and resources are compliant, and, bottom line, whether the business benefits outweigh the security costs. Take this opportunity to learn-before the rain comes.
