Security Management
An unprecedented economy brings a host of new security concerns-now is the time to learn how to address them. In addition, our new government may bring about some changes that you should be prepared for.
The sessions in the Security Management track will help security professionals manage change in this uncertain economy, and focus on questions such as:
- In the event of a merger or acquisition, will your organization inherit new compliance complications?
- If the provider of your perfect security solution goes out of business, are you prepared with Plan B?
- How may the new government affect your organization and its security?
- How do you stay safe during this period of uncertainty?
Session Descriptions
Sunday, May 17
1:30 pm - 2:30 pm
Social Engineering and Vulnerabilities in the Equities Markets
Dave Marcus
Director of Security Research and Communications, Avert Labs, McAfee
In this sensitive economy, stock prices are naturally prone to vacillation, but in tough times, stocks are also in particular danger of intentional manipulation by cybercriminals. Learn how criminals can manipulate stock prices by exploiting the equities and derivatives markets' vulnerabilities and predictable patterns-like Microsoft stock's predictable fluctuations on and around Patch Tuesday. Discover how criminals can disguise their profiteering by purchasing stock in forms like put-out options. Hear real examples of stock exploitation and learn how to protect your company's stock from the same dangers.
Sunday, May 17
2:45 pm - 3:45 pm
Vendor Consolidation: Are You Winning or Losing?
John Murphy
Principal, DataForesight
A growing trend of acquisitions is narrowing the security vendor market to a small number of monolithic security providers. The integration and ease of administration with such a provider can be seen positively, yet the applications your organization is forced to implement may not be consistent with your organization's goals or needs. Which do you choose-a single vendor or the best of breed? This discussion will explore all aspects of this challenging decision, including how an organization of any size can use vendor consolidation to its advantage and what criteria to use in deciding whether or not to buck the consolidation trend.
Sunday, May 17
4:00 pm - 5:00 pm
The Risk Assessment Toolkit
Tom Hasman
Information Assurance Analyst, SRA International, Inc.
Daniel VanBelleghem
VP, Information Assurance, NCI Information Systems
You know that risk assessments can be leveraged to make your security program more efficient and effective-but do you have the tools to conduct an efficient and effective risk assessment? Get familiar with the best tools and techniques, including automated tools for vulnerability assessments and analytical techniques for facilitating interviews and measuring management and operational controls. Attendees will take away an understanding of: NIST security controls, a comprehensive risk assessment process, techniques for interpreting and documenting assessment results, and best practices for the presentation of results.
Monday, May 18
1:30 pm - 2:30 pm
Slaying the Red Dragon-Countering the Advanced Persistent Threat
Wendi Rafferty
Director, Federal Services, Mandiant
A knowledgeable attacker, with extensive resources at their disposal, is crafting an attack aimed directly at your organization. Learn what specific threat vectors APT attackers typically use, the attackers' methods for moving laterally throughout a network once they have compromised as little as one machine and how attacks are escalated once the victim's incident response capabilities have been observed. A real-life VPN subversion attack, and the appropriate tactical and strategic countermeasures, will be examined in detail. Leave with strategies you can immediately employ to fight targeted attackers within your own organization.
Monday, May 18
2:45 pm - 3:45 pm
Balancing Act-Empowering Technical Workers Without Increasing Security Risks
Cheryl Traverse
President and CEO, Xceedium
Your employees are your greatest asset, but they also represent an increasing threat to your business reputation, continuity and proprietary information, as do contractors, consultants, vendor partners and others who require access to critical IT infrastructure. Additionally, many companies struggle with the cost and complexity of automating compliance for high-risk users. Security awareness, policies and education provide a critical first line of defense. This session will give you further tips and best practices to balance IT security with operational efficiency, and demonstrate ways to enable-even empower-high-risk internal and external users without exposing the organization to unnecessary risk.
Monday, May 18
4:00 pm - 5:00 pm
Beyond Tools: Making Progress Towards Holistic SDLC Security
Ramon Krikken
Analyst, Burton Group
For many organizations the term "software security" simply means the use of bug testers; but while these tools are important, they may require overwhelming effort for underwhelming results. Implementing people, process, and technology controls in the software development lifecycle ensures that the highest levels of assurance can be achieved. Starting at the concept phase, having the right people perform the right tasks in the right way creates a holistic approach with the broadest possible coverage. By creating combinations of controls, overall effectiveness and efficiency increase, and you ensure that your organization puts scarce resources to the best use.
Other Tracks:
