TRACK 1: Provide Perimeter-less Data Protection
NEW for 2015! - Updated Key Management: Turning a Headache into a Head Start
Encryption is a key strategy for protecting corporate data wherever it resides, but in many cases, worries around key management become a stumbling block to leveraging new initiatives such as cloud and mobile. Who should own the keys and why? What are the major encryption use cases and what new key management solutions are coming to market to help?
UPDATED for 2015 - Securing Data in the Cloud 2.0
As enterprises move more workloads to the cloud, they need to ensure their critical data is as secure as it was on premises. To that end, what are the best tactics, tools and methods when it comes to cloud encryption, data privacy and access controls? How should you approach third-party reviews, data classification and identity management?
UPDATED for 2015 - Application Security: Faster, Better, Smarter
In an age of DevOps and other agile development initiatives, how can security provide value-add im- pact to the Software Development Lifecycle (SDLC)? This session will explore methods and practices to ensure that every app meets or exceeds security goals without slowing down the process.
UPDATED for 2015 - Getting the Most Bang for Your Data Loss Prevention (DLP) Buck
In just a couple of years, DLP has moved from ‘next-big-thing’ to ‘barely-better-than-AV status’ in most organizations. But are we truly leveraging all that DLP brings? How can you get the most from your DLP investment? What strategies help (and hinder) the process?
Making Identity Work in a Perimeter-less World
As more corporate data resides outside the company—in the cloud, at third-party service providers and more—the need to implement comprehensive identity management processes becomes critical. Should you pursue federated ID? How do you securely extend provisioning beyond employees to customers, suppliers and partners?
TRACK 2: Fight Advanced Malware
New for 2015!- Learning from Patient Zero: Dissecting Recent Data Breaches to Evolve Our Defenses
High-profile breaches seem to happen every day, but are we learning anything from them? In this ses- sion, we review the ways in which Target, Community Health, Home Depot and other organizations were breached and deliver actionable methods to evolve our defenses and prevent similar compromises.
Updated for 2015 - Best Practices in Finding, Crippling and Eliminating Advanced Malware
No one expects antivirus tools to stop today’s rash of advanced malware threats. What else is required? What mix of strategies and tools can optimally meet the challenge of ever-evolving and ever-more-targeted malware? How can malware be neutralized before it causes damage?
Updated for 2015 - You’re Probably Already Compromised: Now What?
The latest Verizon Data Breach report finds most organizations go weeks, months and even years before discovering malware on their networks. In this session, we detail tried-and-true techniques to uncover bad actors on the network while showing how to apply Lockheed Martin’s Cyber Kill Chain® methodology to ensure your environment becomes and remains an unattractive target.
Updated for 2015 - The Latest in Agile Security: What Works and What Doesn’t
As threat actors evolve and become ever more agile and targeted in their attacks, information security must respond in kind. What are the key new tools and strategies leading-edge companies are adopt- ing to ensure their networks are hard-to-hit targets? What are the most promising, cost-effective and practical strategies?
Updated for 2015 - Know Your Enemies: Developing a Company-Specific Threat Profile
Who or what poses the greatest threat to your organization? Nation-states? Competitors? Organized crime? Hacktivists? Disgruntled employees? What digital assets are they after, and which will cause the worst damage if they are stolen? Having a clear understanding of your adversary and the assets that matter helps crystalize where to allocate your budget dollars and where to devote your efforts.
TRACK 3: Regain Control
New for 2015! - BYOD: An Idea Whose Time Has Come – and Gone?
When BlackBerry fell out of favor, IT and security were blindsided by executives and employees alike rushing to buy their own Androids and iPhones to leverage as key business tools. But with Apple and Google making real efforts to be business-friendly, is now the time to end BYOD and bring devices back in-house? What are the cost, technology, security and people ramifications of such a move, and what are the key steps to take?
New for 2015! - Architecting the Cloud for Security Success
Many organizations have a “Cloud First” policy, and security professionals are tasked with identi- fying risks and protecting data. What are the proven cloud security reference architectures? What practical steps can you take to ensure you architect your cloud implementation in a secure, agile, risk-aware manner?
New for 2015! - Inserting Security Into the IT Supply Chain
As more business units go around IT to source their apps and projects, security quickly falls by the wayside. What practical tactics and strategies can information security use to discover these initia- tives and insert itself into the supply chain to ensure the business remains both agile and secure?
Updated for 2015 - Securing Virtualized Environments: What Works and What Doesn’t
Virtualization now underpins every data center, but security tools and strategies are struggling to catch up. What are best practices here? What security tools scale well in a virtualized environment— and which ones don’t? How can we ensure bulletproof security in hypervisor environments?
Updated for 2015 - Getting from MDM to Mobile Management: Time to Focus on Apps and Data
As more employees access critical apps and data on the go, security must pivot from seeking to control mobile devices to securing access to corporate apps and data. What combination of device, app, data and other controls help mobile work best? What new tools support this change?
TRACK 4: Improve Visibility
New for 2015! - The Promise of Security Automation: Emerging Tools and Tactics?
Information security needs to detect and respond to threats and mitigate vulnerabilities more rapidly than ever before. Leveraging automation tools like Puppet, Chef and scripting tools to secure both in-house and cloud-based assets holds a lot of promise. What tools and technologies are emerging to help with automating repetitive processes? What are the pitfalls to avoid?
New for 2015! - No Pain, No Gain: Building an Internal Forensics Program that Works
A forensics program is only as good as the people, processes and tools it has on hand. How can you ensure your forensics program is fast, comprehensive and skilled enough to ensure your organization learns and grows stronger from each security event it encounters?
New for 2015! - How Secure Are Your Business Partners? Reducing the Risk From Third Parties
Is your HVAC vendor accessing your network? How can you manage your third-party relationships to ensure they aren’t presenting undue risk to the business? What are best practices in terms of vetting third parties and conducting comprehensive risk assessments?
Updated for 2015 - Taking Vulnerability Management to the Next Level
Vulnerability management encompasses scanning, configuration management, patch management and more. How are organizations adapting their vulnerability management programs to deal with more data? How does vulnerability management tie back to change and configuration management, and help improve patching programs?
Updated for 2015 - Moving from Log Management to Security Intelligence
Existing networking monitoring tools don’t deliver a clear picture. What collection of new technologies (e.g., advanced SIEM), better collection of network data (e.g., scanner results and NetFlow data) and better pro- cesses will improve the security intelligence picture? How can data analytics help clarify the results?
TRACK 5: Think Business
New for 2015! - From Techie to Risk Expert: Honing Skills for Security’s Next Phase
What skills (both hard and soft) are critical in today’s security organizations, and what aren’t? How can you ensure you evolve your skillset to serve the business and go beyond the tactical capabilities that are on your company’s next-to-be-outsourced list?
New for 2015! - Security Awareness: Moving from ‘Gotcha’ to Empowerment
Security awareness programs tend to run off the rails when information security focuses on tricking users instead of instilling secure behaviors that benefit the company as a whole. How can security incent such behaviors? What tools, tactics and strategies help users feel knowledgeable and empow- ered enough to be true partners in protecting the business?
New for 2015! - Understanding the Risk Governance Process
Integrating security and true risk assessment into the fabric of the business is no easy feat. How can security master governance across the organization, from within IT, at the business unit level and out to audit and compliance? What eGRC tools ease the process?
New for 2015! - Compliance Pitfalls: How to Spot Them, How to Avoid Them
Compliance is never easy, but add mobile, cloud, social media and privacy initiatives into the mix, and it becomes nearly impossible. What are the most common compliance pitfalls today’s organizations face and what are the best strategies for avoiding them?
Updated for 2015 - Creating Security Metrics that Matter to the Business
How do you create (and present to management) operational metrics that both help information secu- rity be more productive and ensure the business makes informed, risk-aware decisions? What works best? What should you avoid? How are metrics best communicated?