 |
| Date & Location |
December 8-9, 2009
JW Marriott
San Francisco, CA
|
|
|
Agenda at a Glance
Tuesday, December 8
Registration & Continental Breakfast: 7:30-8:20am
Welcome & IANS Perspective: 8:20-9:45am
Roundtable Discussions: 9:55-11:10am
Solution Discussions: 11:20am-12:30pm
Lunch: 12:30-1:30pm
Roundtable Discussions: 1:35-2:50pm
Solution Discussions: 3:00-4:10pm
Institute Focus Topics: 4:20-5:00pm
Networking Reception: 5:00-6:00pm
Wednesday, December 9
Registration & Continental Breakfast: 7:30-8:20am
Keynote Address David Rice - Extra Chunky Cybersecurity: A Fresh Look at Risk Appetites: 8:20-9:10am
Roundtable Discussions: 9:20-10:35am
Solution Discussions: 10:45-11:55am
Lunch & Peter Kuper Keynote - Technology Sourcing Strategies: 12:00-1:00pm
Solution Discussions: 1:10-2:20pm
Institute Focus Topics: 2:30-3:10pm
Steering Committee Panel: 3:20-3:50pm
Closing Session & Prizes: 3:50-4:05pm
Networking Reception: 4:05-5:05pm
Agenda Tracks
Information-Centric Protection
The Information Lifecycle & Protecting Structured Data
Protecting Non-Structured Data through Data Classification
Data Loss Prevention Technologies
Application & Software Security
Security in the SDLC - Establish a Program
AppSec Standard of Care
Bring Web Apps Under Control
Security Operations
Turn Log Data into Business Gold
Keep Up or Fall Behind: The Balance of Threat Management
Virtualization and Cloud: Many Security Parallels
Risk Management
Make the Move Toward Risk Adjusted Security
Evaluating Outsourcing Risks
Regulation 2.0: New Administration, New Rules
Security Leadership
Entrepreneurial Security
"The Blue Sky Paradox" - a Case Study
"The Trouble with Harry" - Harvard Business Review Case Study
Institute Focus Topics
Standing Up a Pen Testing Capability
Introduction to the Cyber Supply Chain Initiative
Embrace with Caution: Social Networking
Career Coaching: Moving Up in a Down Economy
Information-Centric Protection
The Information Lifecycle & Protecting Structured Data
There is a new approach to information protection. Viewing data "at rest" and "in motion" is transforming to securing data at creation, in use, while archived and - most importantly - at destruction.
Protecting Non-Structured Data through Data Classification
Trying to make sense of the disparate data types that exist in an organization can be difficult. This session will illuminate data classification strategies to tackle the biggest problem facing information security professionals today.
Data Loss Prevention Technologies
Hear the latest from your peers about how to best leverage technology to serve as an information protection control - from simple logging and network monitoring to the high-end, purpose built DLP products on the market today.
Application & Software Security
Security in the SDLC - Establish a Program
This session will focus on how to infuse secure coding programs and skills into enterprise software development projects. Before tools, processes and education are key program fundamentals which must be established.
AppSec Standard of Care
As an industry, we struggle to find a benchmark that enables us to measure our progress and effectiveness in the area of application security. This session will explore key tactical and strategic considerations for building your own benchmark.
Bring Web Apps Under Control
With the threat landscape more focused on penetrating web-facing applications, the statistics show increasing exploitation. Traditionally a separate function within organizations, this session will discuss the need for centralized control and security education among web developers.
Security Operations
Turn Log Data into Business Gold
Connecting everything together is supposed to enable efficiencies, but how do you keep up with the flood of information. Best practices on how to approach the problems created from information overload and getting that data pared down to make real-world decisions that will help you make measurable improvements to network security.
Keep Up or Fall Behind: The Balance of Threat Management
Intelligence, asset inventory, and vulnerability analysis are key ingredients to efficient threat management and security operations. Prioritization, patching and accountability are challenges. This session will discuss strategies to keep up with the dynamic threat environment.
Virtualization and Cloud: Many Security Parallels
This session will focus on the things that all organizations must focus on when virtualizing their datacenters. In addition, we will build off of virtualization and discuss the most relevant approaches to assessing security in Cloud Computing environments.
Risk Management
Make the Move Toward Risk Adjusted Security
Forward-thinking enterprises are embracing a risk-based approach to security. By integrating risk analysis into their governance and compliance efforts, organizations move from reactive to pragmatic security. This session will focus on risk management approaches and considerations that can work within organizations.
Evaluating Outsourcing Risks
Opening up network connections to service providers and business partners creates unknown risks unless the organization has done its due diligence and performed a risk assessment. This session will focus on the components of a third-party assurance program and best practices to enforce the program.
Regulation 2.0: New Administration, New Rules
The financial sector meltdown and a new Administration would cause enterprises to believe regulatory changes are inevitable. This session's discussion will focus on the Obama administration's agenda and what's being proposed in D.C. and elsewhere that could affect your organization.
Security Leadership
Entrepreneurial Security
Relating security to the business requires creative, non-traditional thinking. Security is usually not intuitive to business owners. This session will explore leading techniques used by entrepreneurs to build successful businesses.
"The Blue Sky Paradox" - a Case Study
Communication and collaboration skills are essential to building consensus and gathering buy-in for new projects. Goals and expectations must also be properly set. This discussion will focus on leadership, negotiation and selling a project in tough economic conditions.
"The Trouble with Harry" Harvard Business Review Case Study
Striking the right mix of technical speak and business speak is challenge for all IT groups. For IT security professionals, presenting the value of technical controls that don't slow down the business is particulary challenging. This case study will explore these issues.
Institute Focus Topics
Standing Up a Pen Testing Capability
As part of any risk assessment, pen testing is a critical component to augment traditional vulnerability assessments. In order to be successful, it requires a level of commitment, resources, and skills. This session will discuss the foundational elements to a successful program.
Introduction to the Cyber Supply Chain Initiative
It's a national security imperative in a global economy that we have confidence in the supply chains of integrated systems and the integrity of the people, processes and technology that comprise them. This discussion will focus on what it takes to begin thinking strategically about the security of your IT supply chains, including key actors and their organizational and process-level interactions.
Embrace with Caution: Social Networking
An increasing desire and drive to use social networking in the enterprise is becoming a prickly pain point for information security teams. This session will discuss the results of an IANS survey and explore how organizations are approaching this challenge.
Career Coaching: Moving Up in a Down Economy
The current economic climate has everyone on edge. Whether you're a security leader trying to motivate your team, or a team member worried about job security, this session will explore some common techniques being used today to stay aware and upbeat.
Faculty & Speakers subject to change prior to the event
Forum Schedule
|
|