SEARCH ADVANCED
Home Why IANS Research Consulting Individual Membership Events E-Secure-IT About IANS Log In






Date & Locations
March 16-17, 2009
JW Marriott
Washington, D.C.





Earn 16 CPEs for attending the
2-day Forum


Faculty & Speakers



Richard Aldrich



Allan Carey



Rocky DeStefano



Chris Hoff



Peter Kuper



Angela Orebaugh



Jack Phillips



Marcus Ranum



Ron Ritchey



Randy Sabett



Joel Scambray



Glen Sharlun



Greg Shipley



Aaron Turner


Mid-Atlantic Information Security Forum

Agenda Tracks

Information-Centric Protection
  • The Information Lifecycle & Protecting Structured Data
  • Protecting Non-Structured Data through Data Classification
  • Data Loss Prevention Technologies

    Application & Software Security
  • Security in the SDLC - Establish a Program
  • Get Ahead of Applications Before They Run Away
  • Web Apps are Your Front Door and More People are Trying to Pick the Lock

    Security Operations
  • Turn Log Data into Business Gold
  • Keep Up or Fall Behind: The Balance of Threat Management
  • Be Prepared to React

    IATAC: Government Compliance
  • Security Content Automation Protocol and What it Means to Information Assurance
  • IA Metrics: How to make them work for you
  • New Developments in Cyberlaw: An Overview of Significant Recent Cases, Treaties & Statutes

    Risk Management
  • Make the Move Toward Risk Adjusted Security
  • Evaluating Outsourcing Risks
  • eDiscovery: Speed Bump or Sink Hole?

    Security Leadership
  • Entrepreneurial Security
  • "The Blue Sky Paradox" - a Case Study
  • "Boss I think Someone Stole our Customer Data" Harvard Business Review Case Study

    Institute Focus Topics
  • Smartphone - Security Dummy?
  • Execution Control
  • Virtually Impossible: Understand the True Risk
  • The Reality of Vulnerability Assessment Technology
  • Cloud Computing Security - Pros & Cons
  • Are You Cutting-Edge? What You Read Can Make the Difference

    Information-Centric Protection
    The Information Lifecycle & Protecting Structured Data
    There is a new approach to information protection. Viewing data "at rest" and "in motion" is transforming to securing data at creation, in use, while archived and - most importantly - at destruction.

    Protecting Non-Structured Data through Data Classification
    Trying to make sense of the disparate data types that exist in an organization can be difficult. This session will illuminate data classification strategies to tackle the biggest problem facing information security professionals today.

    Data Loss Prevention Technologies
    Hear the latest from your peers about how to best leverage technology to serve as an information protection control - from simple logging and network monitoring to the high-end, purpose built DLP products on the market today.

    Application & Software Security
    Security in the SDLC - Establish a Program
    This session will focus on how to infuse secure coding programs and skills into enterprise software development projects. Before tools, processes and education are key program fundamentals which must be established.

    Get Ahead of Applications Before They Run Away
    New application projects can be generated from all areas of the business. Whether an application is created internally or or sourced externally, security must be involved at the requirements level. This session will focus on information security's role as an advisor on application procurement.

    Web Apps are Your Front Door and More People are Trying to Pick the Lock
    With the threat landscape more focused on penetrating web-facing applications, the statistics show increasing exploitation. Traditionally a separate function within organizations, this session will discuss the need for centralized control and security education among web developers.

    Security Operations
    Turn Log Data into Business Gold
    Connecting everything together is supposed to enable efficiencies, but how do you keep up with the flood of information. Best practices on how to approach the problems created from information overload and getting that data pared down to make real-world decisions that will help you make measurable improvements to network security.

    Keep Up or Fall Behind: The Balance of Threat Management
    Intelligence, asset inventory, and vulnerability analysis are key ingredients to efficient threat management and security operations. Prioritization, patching and accountability are challenges. This session will discuss strategies to keep up with the dynamic threat environment.

    Be Prepared to React
    Incident response has been more top of mind thanks to the increasing acknowledgement of insider threats and the damage associated with data breaches and IP theft. This session will explore best practices for an incident response program and its role in security operations.

    IATAC: Government Compliance
    Security Content Automation Protocol and What it Means to Information Assurance
    The Security Content Automation Protocol (SCAP) is a comprehensive suite of specifications developed through a diverse public/private partnership. By standardizing the representation and sharing of security information such as vulnerabilities and configurations, SCAP aims to reduce the dependency on proprietary data and significantly improve the security of federal government and private sector systems.

    IA Metrics: How to make them work for you
    The presentation will discuss IA metrics and the challenges associated with implementing and using them, including success factors, what goes wrong, and how to get things right. The participants will have an opportunity to learn about emerging industry trends in this arena and to discuss examples of metrics covering information assurance and software assurance.

    New Developments in Cyberlaw: An Overview of Significant Recent Cases, Treaties and Statutes
    Cutting-edge legal developments in cyberspace will be presented in a “You Be the Judge” format to help attendees better understand the reasoning behind the important cases. The presentation will also highlight unsettled areas of the law and trends in the law to assist in identifying potential pitfalls and ways ahead.

    Risk Management
    Make the Move Toward Risk Adjusted Security
    Forward-thinking enterprises are embracing a risk-based approach to security. By integrating risk analysis into their governance and compliance efforts, organizations move from reactive to pragmatic security. This session will focus on risk management approaches and considerations that can work within organizations.

    Evaluating Outsourcing Risks
    Opening up network connections to service providers and business partners creates unknown risks unless the organization has done its due diligence and performed a risk assessment. This session will focus on the components of a third-party assurance program and best practices to enforce the program.

    eDiscovery: Speed Bump or Sink Hole?
    Security professionals are increasingly involved with eDiscovery. Much of the activity requires forensic gathering and analysis of data to present as evidence. This session will explore how organizations prepare for and execute eDiscovery requests in a cost-effective way that minimizes business impact.

    Security Leadership
    Entrepreneurial Security
    Relating security to the business requires creative, non-traditional thinking. Security is usually not intuitive to business owners. This session will explore leading techniques used by entrepreneurs to build successful businesses.

    "The Blue Sky Paradox" - a Case Study
    Communication and collaboration skills are essential to building concensus and gathering buy-in for new projects. Goals and expectations must also be properly set. This discussion will focus on leadership, negotiation and selling a project in tough economic conditions.

    "Boss I think Someone Stole our Customer Data" Harvard Business Review Case Study
    Are you ready to lead your organization through a data loss? Join in for a lively debate on how an organization should prepare for, and manage data theft.

    Smartphone - Security Dummy?
    Security controls exist to reduce the vulnerabilities introduced through the ever-more-powerful mobile devices that your employees are using. This session will focus on best practices for those solutions.

    Execution Control
    White listing, black listing or whatever you want to call it, execution control is on the future roadmap for security. While the underlying idea is very old, we're seeing a renewed interest and commercial implementations for enterprises and desktops. In this IFT, we'll compare notes about how it works and what's out there today.

    Virtually Impossible: Understand the True Risk
    The promise of virtualization has been realized in many cases ,but at what security costs? This session will focus on the challenges that can be addressed today and put off until tomorrow.

    The Reality of Vulnerability Assessment Technology
    Vulnerability scanning solutions are a key component of any security program. The question is... how dependent are you on their accuracy and results? This session will reveal - using quantifiable findings - both the capabilities and failures of current assessment technology based on some recent research by Neohapsis and discuss the broader implications of the results.

    Cloud Computing Security - Pros & Cons
    Cloud computing is a topic that has quickly emerged as a hot trend in information technology. It promises low-cost, on-demand computing in a convenient, resilient package. One of the key issues that will need to be addressed prior to fully embracing cloud computing is security. This session will discuss the security pros and cons of this new model.

    Are You Cutting-Edge? What You Read Can Make the Difference
    This profession is changing fast, and your time is limited. What you read and who you listen to can have a significant impact on your success. This session will review the major research methods being applied in information security today.

    Securing a Virtualized Environment
    The world is going virtual! Maybe true, but more importantly what does this trend mean for the security professional? Join a lively discussion on the security implications of a virtualized environment.

    Log Aggregation
    We've all heard about SIM, but how is your organization currently back-hauling, retaining, and rotating your logs? Are you just handling servers, or are you dealing with desktops as well? And, what about netflows? In this session, we have more questions than answers, but we'll survey some tools and share common experiences!

    Anti-Phishing Techniques
    Phishing attacks have grown to become a billion dollar problem with over 10,000 new phishing sites appearing per month. In this session, you will learn what organizations at the frontlines of this challenge are doing to combat phishers and also what new techniques are being developed to address this risk.

    Forum Schedule


    • DISCLAIMER | PRIVACY POLICY | CONTACT US © 2009 COPYRIGHT IANS