SEARCH ADVANCED
Home Why IANS Research Consulting Individual Membership Events E-Secure-IT About IANS Log In






Date & Location
June 24-25, 2009
Cityplace Conference Center
Dallas, TX





Earn 16 CPEs for attending the
2-day Forum


Keynote Speaker



Josh Corman


Faculty



Allan Carey



Josh Corman



Jack Phillips



Ron Ritchey



Nick Selby



Aaron Turner


Lone Star Information Security Forum

Agenda at a Glance

Wednesday, June 24
Registration & Continental Breakfast: 7:30-8:20am
Welcome & IANS Perspective: 8:20-9:40am
Roundtable Discussions: 9:50-11:05am
Solution Discussions: 11:20am-12:35pm
Lunch: 12:35-1:35pm
Roundtable Discussions: 1:40-2:55pm
Solution Discussions: 3:10-4:25pm
Institute Focus Topics: 4:30-5:00pm
Networking Reception: 5:00-6:00pm

Thursday, June 25
Registration & Continental Breakfast: 7:30-8:20am
Keynote Address: 8:20-9:00am
Roundtable Discussions: 9:15-10:30am
Solution Discussions: 10:45-11:15am
Lunch: 12:10-1:00pm
Solution Discussions: 1:15-2:30pm
Institute Focus Topics: 2:45-3:15pm
Steering Committee Panel: 3:30-4:00pm
Closing Session & Prizes: 4:00-4:30pm
Networking Reception: 4:30-5:30pm


Steering Committee
  • AmerisourceBergen: Richard Burk, Director, Network Security & Disaster Recovery
  • Brink's, Incorporated: Miguel Gutierrez, Director, Global Risk & Compliance
  • MetroPCS Wireless: Andy Goh, Director, Information Security & Technology Security
  • Rent-A-Center: KC Condit, Director, Information Security
  • Tenet Healthcare: Christy Rodgers, Senior Director, Information Security
  • Textron: Richard Dorough, CISO
  • Yum! Brands: Stacy Mill, Director, Global IT Security

    Agenda Tracks
    Information-Centric Protection
  • The Information Lifecycle & Protecting Structured Data
  • Protecting Non-Structured Data through Data Classification
  • Data Loss Prevention Technologies

    Application & Software Security
  • Security in the SDLC - Establish a Program
  • Get Ahead of Applications Before They Run Away
  • Web Apps are Your Front Door and More People are Trying to Pick the Lock

    Security Operations
  • Turn Log Data into Business Gold
  • Keep Up or Fall Behind: The Balance of Threat Management
  • Be Prepared to React

    Security Gamechangers
  • Setting the Foundation: Virtualization
  • Reaching for the Sky: Cloud Computing
  • Putting It All Together: Re-Perimeterization

    Security Leadership
  • Entrepreneurial Security
  • "The Blue Sky Paradox" - a Case Study
  • "Boss I think Someone Stole our Customer Data" Harvard Business Review Case Study

    Institute Focus Topics
  • Smartphone - Security Dummy?
  • Standing Up a Pen Testing Capability
  • Introduction to the Cyber Supply Chain Initiative
  • Disruptive Innovation and Information Security: No Better Time Than the Present
  • Security Content Automation Protocol and What it Means
  • Career Coaching: Moving Up in a Down Economy

    Information-Centric Protection
    The Information Lifecycle & Protecting Structured Data
    There is a new approach to information protection. Viewing data "at rest" and "in motion" is transforming to securing data at creation, in use, while archived and - most importantly - at destruction.

    Protecting Non-Structured Data through Data Classification
    Trying to make sense of the disparate data types that exist in an organization can be difficult. This session will illuminate data classification strategies to tackle the biggest problem facing information security professionals today.

    Data Loss Prevention Technologies
    Hear the latest from your peers about how to best leverage technology to serve as an information protection control - from simple logging and network monitoring to the high-end, purpose built DLP products on the market today.

    Application & Software Security
    Security in the SDLC - Establish a Program
    This session will focus on how to infuse secure coding programs and skills into enterprise software development projects. Before tools, processes and education are key program fundamentals which must be established.

    Get Ahead of Applications Before They Run Away
    New application projects can be generated from all areas of the business. Whether an application is created internally or or sourced externally, security must be involved at the requirements level. This session will focus on information security's role as an advisor on application procurement.

    Web Apps are Your Front Door and More People are Trying to Pick the Lock
    With the threat landscape more focused on penetrating web-facing applications, the statistics show increasing exploitation. Traditionally a separate function within organizations, this session will discuss the need for centralized control and security education among web developers.

    Security Operations
    Turn Log Data into Business Gold
    Connecting everything together is supposed to enable efficiencies, but how do you keep up with the flood of information. Best practices on how to approach the problems created from information overload and getting that data pared down to make real-world decisions that will help you make measurable improvements to network security.

    Keep Up or Fall Behind: The Balance of Threat Management
    Intelligence, asset inventory, and vulnerability analysis are key ingredients to efficient threat management and security operations. Prioritization, patching and accountability are challenges. This session will discuss strategies to keep up with the dynamic threat environment.

    Be Prepared to React
    Incident response has been more top of mind thanks to the increasing acknowledgement of insider threats and the damage associated with data breaches and IP theft. This session will explore best practices for an incident response program and its role in security operations.

    Security Gamechangers
    Setting the Foundation: Virtualization
    This session will focus on exploring the three main elements of security and virtualization: securing virtualization, virtualizing security and security through virtualization. We will focus on the things that all organizations must focus on when virtualizing their datacenters. This discussion sets the stage for our discussion on Cloud Computing.

    Reaching for the Sky: Cloud Computing
    This session will expand upon the practical elements of virtualization and how they extend to Cloud Computing. A framework for classifying Cloud services, mapping them to a catalog of compensating controls and in turn compliance initiatives will be discussed including the most relevant approaches to assessing security in Cloud Computing environments and how to approach evaluating your options.

    Putting It All Together: Re-Perimeterization
    This session will take the information from the first two sessions and introduce the concept of re-perimeterization with a discussion of the Cloud Security Alliance and Jericho Forum's models and how they relate to security architectures and managing risk in a virtualized and Cloud-driven environment.

    Security Leadership
    Entrepreneurial Security
    Relating security to the business requires creative, non-traditional thinking. Security is usually not intuitive to business owners. This session will explore leading techniques used by entrepreneurs to build successful businesses.

    "The Blue Sky Paradox" - a Case Study
    Communication and collaboration skills are essential to building concensus and gathering buy-in for new projects. Goals and expectations must also be properly set. This discussion will focus on leadership, negotiation and selling a project in tough economic conditions.

    "Boss I think Someone Stole our Customer Data" Harvard Business Review Case Study
    Are you ready to lead your organization through a data loss? Join in for a lively debate on how an organization should prepare for, and manage data theft.

    Smartphone - Security Dummy?
    Security controls exist to reduce the vulnerabilities introduced through the ever-more-powerful mobile devices that your employees are using. This session will focus on best practices for those solutions.

    Standing Up a Pen Testing Capability
    As part of any risk assessment, pen testing is a critical component to augment traditional vulnerability assessments. In order to be successful, it requires a level of commitment, resources, and skills. This session will discuss the foundational elements to a successful program.

    Introduction to the Cyber Supply Chain Initiative
    It's a national security imperative in a global economy that we have confidence in the supply chains of integrated systems and the integrity of the people, processes and technology that comprise them. This discussion will focus on what it takes to begin thinking strategically about the security of your IT supply chains, including key actors and their organizational and process-level interactions.

    Disruptive Innovation and Information Security: No Better Time Than the Present
    Innovation isn't a luxury and in fact it's exactly what companies should do in times like these, especially in regards to security where adding value is often seen at too high a cost. This session will discuss how security can embrace disruptive innovation and technology in a proactive way to reduce costs, increase efficiency and add value while balancing the need to get our day jobs done and introduce innovative thinking into our organizations.

    Security Content Automation Protocol and What it Means
    The Security Content Automation Protocol (SCAP) is a comprehensive suite of specifications developed through a diverse public/private partnership. This session will discuss SCAP's goals and how they could apply to your organization.

    Career Coaching: Moving Up in a Down Economy
    The current economic climate has everyone on edge. Whether you're a security leader trying to motivate your team, or a team member worried about job security, this session will explore some common techniques being used today to stay aware and upbeat.

    Securing a Virtualized Environment
    The world is going virtual! Maybe true, but more importantly what does this trend mean for the security professional? Join a lively discussion on the security implications of a virtualized environment.

    Log Aggregation
    We've all heard about SIM, but how is your organization currently back-hauling, retaining, and rotating your logs? Are you just handling servers, or are you dealing with desktops as well? And, what about netflows? In this session, we have more questions than answers, but we'll survey some tools and share common experiences!

    Anti-Phishing Techniques
    Phishing attacks have grown to become a billion dollar problem with over 10,000 new phishing sites appearing per month. In this session, you will learn what organizations at the frontlines of this challenge are doing to combat phishers and also what new techniques are being developed to address this risk.

    Forum Schedule


    • DISCLAIMER | PRIVACY POLICY | CONTACT US © 2009 COPYRIGHT IANS