SEARCH ADVANCED
Home Why IANS Research Consulting Individual Membership Events E-Secure-IT About IANS Log In






Date & Location
September 30-October 1, 2009
Boston Marriott Copley Place
Boston, MA





Earn 16 CPEs for attending the
2-day Forum


Keynote Speakers



Josh Corman



Peter Kuper


Faculty



Allan Carey



Josh Corman



Chris Hoff



Jack Phillips



Ron Ritchey



Hart Rossman



Randy Sabett



Joel Scambray



Nick Selby



Aaron Turner


New Engand Information Security Forum

Agenda at a Glance

Wednesday, September 30
Registration & Continental Breakfast: 7:30-8:20am
Welcome & IANS Perspective: 8:20-9:45am
Roundtable Discussions: 9:55-11:10am
Solution Discussions: 11:20am-12:30pm
Lunch: 12:30-1:30pm
Roundtable Discussions: 1:35-2:50pm
Solution Discussions: 3:00-4:10pm
Institute Focus Topics: 4:20-5:00pm
Networking Reception: 5:00-6:00pm

Thursday, October 1
Registration & Continental Breakfast: 7:30-8:20am
Keynote Address - Josh Corman, Unsafe at Any Speed: 7 Dirty Secrets of the Security Industry: 8:20-9:10am
Roundtable Discussions: 9:20-10:35am
Solution Discussions: 10:45-11:55am
Lunch & Peter Kuper Keynote - Technology Sourcing Strategies: 12:00-1:00pm
Solution Discussions: 1:10-2:20pm
Institute Focus Topics: 2:30-3:10pm
Steering Committee Panel: 3:20-3:50pm
Closing Session & Prizes: 3:50-4:05pm
Networking Reception: 4:05-5:05pm


Agenda Tracks
Information-Centric Protection
  • The Information Lifecycle & Protecting Structured Data
  • Protecting Non-Structured Data through Data Classification
  • Data Loss Prevention Technologies

    Application & Software Security
  • Security in the SDLC - Establish a Program
  • Get Ahead of Applications Before They Run Away
  • Web Apps are Your Front Door and More People are Trying to Pick the Lock

    Security Operations
  • Turn Log Data into Business Gold
  • Keep Up or Fall Behind: The Balance of Threat Management
  • Be Prepared to React

    Security Gamechangers
  • Setting the Foundation: Virtualization
  • Reaching for the Sky: Cloud Computing
  • Putting It All Together: Re-Perimeterization

    Risk Management
  • Make the Move Toward Risk Adjusted Security
  • Evaluating Outsourcing Risks
  • eDiscovery: Speed Bump or Sink Hole?

    Security Leadership
  • Entrepreneurial Security
  • "The Blue Sky Paradox" - a Case Study
  • "Boss I think Someone Stole our Customer Data" Harvard Business Review Case Study

    Institute Focus Topics
  • Smartphone - Security Dummy?
  • Standing Up a Pen Testing Capability
  • Introduction to the Cyber Supply Chain Initiative
  • Disruptive Innovation and Information Security: No Better Time Than the Present
  • Security Content Automation Protocol and What it Means
  • Are You Cutting-Edge? What You Read Can Make the Difference

    Information-Centric Protection
    The Information Lifecycle & Protecting Structured Data
    There is a new approach to information protection. Viewing data "at rest" and "in motion" is transforming to securing data at creation, in use, while archived and - most importantly - at destruction.

    Protecting Non-Structured Data through Data Classification
    Trying to make sense of the disparate data types that exist in an organization can be difficult. This session will illuminate data classification strategies to tackle the biggest problem facing information security professionals today.

    Data Loss Prevention Technologies
    Hear the latest from your peers about how to best leverage technology to serve as an information protection control - from simple logging and network monitoring to the high-end, purpose built DLP products on the market today.

    Application & Software Security
    Security in the SDLC - Establish a Program
    This session will focus on how to infuse secure coding programs and skills into enterprise software development projects. Before tools, processes and education are key program fundamentals which must be established.

    Get Ahead of Applications Before They Run Away
    New application projects can be generated from all areas of the business. Whether an application is created internally or or sourced externally, security must be involved at the requirements level. This session will focus on information security's role as an advisor on application procurement.

    Web Apps are Your Front Door and More People are Trying to Pick the Lock
    With the threat landscape more focused on penetrating web-facing applications, the statistics show increasing exploitation. Traditionally a separate function within organizations, this session will discuss the need for centralized control and security education among web developers.

    Security Operations
    Turn Log Data into Business Gold
    Connecting everything together is supposed to enable efficiencies, but how do you keep up with the flood of information. Best practices on how to approach the problems created from information overload and getting that data pared down to make real-world decisions that will help you make measurable improvements to network security.

    Keep Up or Fall Behind: The Balance of Threat Management
    Intelligence, asset inventory, and vulnerability analysis are key ingredients to efficient threat management and security operations. Prioritization, patching and accountability are challenges. This session will discuss strategies to keep up with the dynamic threat environment.

    Be Prepared to React
    Incident response has been more top of mind thanks to the increasing acknowledgement of insider threats and the damage associated with data breaches and IP theft. This session will explore best practices for an incident response program and its role in security operations.

    Security Gamechangers
    Setting the Foundation: Virtualization
    This session will focus on exploring the three main elements of security and virtualization: securing virtualization, virtualizing security and security through virtualization. We will focus on the things that all organizations must focus on when virtualizing their datacenters. This discussion sets the stage for our discussion on Cloud Computing.

    Reaching for the Sky: Cloud Computing
    This session will expand upon the practical elements of virtualization and how they extend to Cloud Computing. A framework for classifying Cloud services, mapping them to a catalog of compensating controls and in turn compliance initiatives will be discussed including the most relevant approaches to assessing security in Cloud Computing environments and how to approach evaluating your options.

    Putting It All Together: Re-Perimeterization
    This session will take the information from the first two sessions and introduce the concept of re-perimeterization with a discussion of the Cloud Security Alliance and Jericho Forum's models and how they relate to security architectures and managing risk in a virtualized and Cloud-driven environment.

    Risk Management
    Make the Move Toward Risk Adjusted Security
    Forward-thinking enterprises are embracing a risk-based approach to security. By integrating risk analysis into their governance and compliance efforts, organizations move from reactive to pragmatic security. This session will focus on risk management approaches and considerations that can work within organizations.

    Evaluating Outsourcing Risks
    Opening up network connections to service providers and business partners creates unknown risks unless the organization has done its due diligence and performed a risk assessment. This session will focus on the components of a third-party assurance program and best practices to enforce the program.

    eDiscovery: Speed Bump or Sink Hole?
    Security professionals are increasingly involved with eDiscovery. Much of the activity requires forensic gathering and analysis of data to present as evidence. This session will explore how organizations prepare for and execute eDiscovery requests in a cost-effective way that minimizes business impact.

    Security Leadership
    Entrepreneurial Security
    Relating security to the business requires creative, non-traditional thinking. Security is usually not intuitive to business owners. This session will explore leading techniques used by entrepreneurs to build successful businesses.

    "The Blue Sky Paradox" - a Case Study
    Communication and collaboration skills are essential to building consensus and gathering buy-in for new projects. Goals and expectations must also be properly set. This discussion will focus on leadership, negotiation and selling a project in tough economic conditions.

    "Boss I think Someone Stole our Customer Data" Harvard Business Review Case Study
    Are you ready to lead your organization through a data loss? Join in for a lively debate on how an organization should prepare for, and manage data theft.

    Smartphone - Security Dummy?
    Security controls exist to reduce the vulnerabilities introduced through the ever-more-powerful mobile devices that your employees are using. This session will focus on best practices for those solutions.

    Standing Up a Pen Testing Capability
    As part of any risk assessment, pen testing is a critical component to augment traditional vulnerability assessments. In order to be successful, it requires a level of commitment, resources, and skills. This session will discuss the foundational elements to a successful program.

    Introduction to the Cyber Supply Chain Initiative
    It's a national security imperative in a global economy that we have confidence in the supply chains of integrated systems and the integrity of the people, processes and technology that comprise them. This discussion will focus on what it takes to begin thinking strategically about the security of your IT supply chains, including key actors and their organizational and process-level interactions.

    Disruptive Innovation and Information Security: No Better Time Than the Present
    Innovation isn't a luxury and in fact it's exactly what companies should do in times like these, especially in regards to security where adding value is often seen at too high a cost. This session will discuss how security can embrace disruptive innovation and technology in a proactive way to reduce costs, increase efficiency and add value while balancing the need to get our day jobs done and introduce innovative thinking into our organizations.

    Security Content Automation Protocol and What it Means
    The Security Content Automation Protocol (SCAP) is a comprehensive suite of specifications developed through a diverse public/private partnership. This session will discuss SCAP's goals and how they could apply to your organization.

    Are You Cutting-Edge? What You Read Can Make the Difference
    This profession is changing fast, and your time is limited. What you read and who you listen to can have a significant impact on your success. This session will review the major research methods being applied in information security today.

    Securing a Virtualized Environment
    The world is going virtual! Maybe true, but more importantly what does this trend mean for the security professional? Join a lively discussion on the security implications of a virtualized environment.

    Log Aggregation
    We've all heard about SIM, but how is your organization currently back-hauling, retaining, and rotating your logs? Are you just handling servers, or are you dealing with desktops as well? And, what about netflows? In this session, we have more questions than answers, but we'll survey some tools and share common experiences!

    Anti-Phishing Techniques
    Phishing attacks have grown to become a billion dollar problem with over 10,000 new phishing sites appearing per month. In this session, you will learn what organizations at the frontlines of this challenge are doing to combat phishers and also what new techniques are being developed to address this risk.

    Forum Schedule


    • DISCLAIMER | PRIVACY POLICY | CONTACT US © 2009 COPYRIGHT IANS