 |
| Date & Locations |
March 16-17, 2010
JW Marriott
Washington, DC
|
|
|
Agenda Tracks
Information Assurance
Challenges with Structured and Unstructured Data
Use Cases for DLP
Moving Beyond DLP: What's Next?
Security Operations
Proactive Threat Management
Use Cases for SIEM
Best Practices in Response
Security Gamechangers
Disruptive Innovations: Virtualization and Cloud Computing
How Security Changes with Clouds
Putting It All Together: Re-Perimeterization
IATAC: Government Compliance
Securing Industrial Control Systems
Continuous Monitoring
Address the Human Element: Training and Awareness
Risk Management
Think Risk
Regulation 2.0: New Administration, New Rules
Information Security and Contracts: What You Need to Know for 2010
Security Leadership
"Data Breach Action Plan" - An IANS Case Study
Building and Managing a High-Performing Security Team
"The Trouble with Harry" - An IANS Case Study
Institute Focus Topics
Standing Up a Pen Testing Capability
Risk Management Challenges in Emerging Transactional Networks
Accreditation of Government Systems in Cloud Computing
New Developments in Cyberlaw: An Overview of Significant Recent Cases, Treaties, and Statutes
Secure SDLC Case Study
Information Assurance
Challenges with Structured and Unstructured Data
This session will focus on the technology and procedures to discover, classify and monitor for inappropriate movement of structured and unstructured data in your environment.
Use Cases for DLP
DLP technology has been commoditized. What are some of the ways your peers are using the technologies in ways that perhaps weren't in the marketing manual? This session involves sharing use cases for DLP and the lessons learned.
Moving Beyond DLP: What's Next?
You've made a classification scheme, reduced the scope of your data inventory, and used DLP technologies to 'lock down' broad areas of your information. Now what? This session will discuss advanced DLP tips and tricks.
Security Operations
Proactive Threat Management
More targeted threats and zero-day attacks are causing organizations to rethink their threat mitigation strategy. Better assessments and patch/config processes are a priority, but not enough. This session will focus on strategies, processes and technology to turn the tables and become more proactive.
Use Cases for SIEM
Solutions for SIEM have matured over the past two years, yet the use cases are often unclear which lead to dissatisfaction. This session involves participants sharing their experiences with SIEM, the specific use case, and the benefits gained from their deployment.
Best Practices in Response
Incident response has become a critical infosec function in the wake mass data breaches and increasing attack vectors. This session will focus on sharing best practices to structure a team, develop processes and arm staff with tools to get the job done.
Security Gamechangers
Disruptive Innovations: Virtualization and Cloud Computing
This session will focus on the fundamental elements of virtualization and cloud computing and act as a primer for the following roundtable sessions. Also, we will discuss how we view and define virtualization and cloud computing because it currently means different things to different people. By establishing a baseline and a framework for classifying Cloud services, this discussion sets the stage for our discussion on Cloud Computing.
How Security Changes with Clouds
This session will expand upon the practical elements of virtualization and how they extend to Cloud Computing. We'll explore how security manifests for/within/via various types of clouds. Mapping elements to a catalog of compensating controls and compliance initiatives will focus our efforts on the most relevant approaches to assessing security in Cloud Computing environments and how to approach evaluating your options.
Putting It All Together: Re-Perimeterization
This session will take the information from the first two sessions and introduce the concept of de/re-perimeterization with a discussion of the Cloud Security Alliance and Jericho Forum's models and how they relate to security architectures and managing risk in a virtualized and Cloud-driven environment.
IATAC: Government Compliance
Securing Industrial Control Systems
Depending on what physical processes/infrastructure the system controls, if ICS is compromised it could result in a safety catastrophe. ICS share more characteristics with safety-critical (including embedded) systems than with most IT systems. This can lead to conflicts between safety and security requirements. This session will debate the need for an explicit linkage between ICS need for survivability and survivability imperatives in other critical systems.
Continuous Monitoring
You have C&A all your systems, but the minute the tests were finished, documentation became obsolete. Implementing Continuous Monitoring supports risk management and requires organizations to possess capabilities to collect data, analyze it, and make decisions based on the data in near-real time. This session will tackle the hard questions of transitioning to Continuous Monitoring from tri-annual C&A, what and how to automate, and using obtained data to facilitate continual improvement and support decision making.
Address the Human Element: Training and Awareness
Major headlines over the past several years have exposed the security-related problems plaguing the public and private sector, from missing laptops to improper disposal of personnel records and exposure of financial data. These incidents were not caused by technology or IT systems failure but people failure --the failure of people to perform job duties skillfully and securely. Current workforce assurance initiatives underway at DoD and civil agencies provide insight into addressing the human element of security risk through security training and awareness programs.
Risk Management
Think Risk
Business leaders understand and talk in terms of risk, not security. However, risk can have a language of its own whether you're addressing enterprise risk or IT risk. This session will focus on risk management strategies, frameworks and best practices to transition from a security group to a risk-based business advisor.
Regulation 2.0: New Administration, New Rules
The financial sector meltdown and a new Administration would cause enterprises to believe regulatory changes are inevitable. This session's discussion will focus on the Obama administration's agenda and what's being proposed in D.C. and elsewhere that could affect your organization.
Information Security and Contracts: What You Need to Know for 2010?
More and more frequently, legal departments call on security practitioners for input on contractual and licensing matters. This session will discussion common terms, allocation of liability, and tricks to keep in mind when negotiating security-related provisions.
Security Leadership
"Data Breach Action Plan" - An IANS Case Study
Navigating a suspected data breach is no fun. Your organization immediately gets hit from all sides, and making the right decisions without full information is essential for the entire enterprise team from the CEO on down. IANS' newest case study explores how to prioritize your actions, and puts you in the shoes of senior management.
Building and Managing a High-Performing Security Team
Drawing from three years of IANS Forum discussions, this session will focus on the most promising operating models for information security, how feasible it is to manage information security like a business, and how to inject a sense of entrepreneurial spirit into the mix.
"The Trouble with Harry" - An IANS Case Study
Striking the right mix of technical speak and business speak is challenge for all IT groups. For IT security professionals, presenting the value of technical controls that don't slow down the business is particulary challenging. This case study will explore these issues.
Institute Focus Topics
Standing Up a Pen Testing Capability
Pen testing is increasingly becoming a standard arrow in the information security quiver. While pen testing is a powerful tool, it's very important to staff your team properly, and cover the important bases of legal authorization and audit trails. This year, the session includes new use cases, lessons learned from the past six forums, plus field experience.
Risk Management Challenges in Emerging Transactional Networks
Every call, text message, email and data transfer handled by your mobile device creates a transaction with your space-time coordinate, whether you have GPS or not. From mobile networks to smart grids, as non-traditional networks proliferate, the legal and technical capability to cope with the new forms of data often lags behind, creating significant obstacles for security professionals. This session will explore differing types of data generated by such devices and networks and the available security controls that can make it difficult for a user to control their data.
Accreditation of Government Systems in Cloud Computing
The fast paced, agile environment of cloud computing requires a customized C&A process that enables government organizations to quickly access and integrate cloud capabilities into existing operations, and also remain compliant with Federal and DoD IA policy and procedures. This session will discuss techniques used to streamline the C&A work flow for cloud computing environments such as delegating approval authority, enabling IA control inheritance, and implementing C&A automation tools.
New Developments in Cyberlaw: An Overview of Significant Recent Cases, Treaties, and Statutes
Cutting-edge legal developments in cyberspace will be presented in a “You Be the Judge” format to help attendees better understand the reasoning behind the important cases. The presentation will also highlight unsettled areas of the law and trends in the law to assist in identifying potential pitfalls and ways ahead.
Secure SDLC Case Study
Software security has risen in importance, but the challenge of getting security built into the SDLC should not be underestimated. This session highlights one organization's journey. The company has built a software security program over the last 18-24 months and will share their real life experiences standing up the program and the lessons they have learned along the way.
Are You Cutting-Edge? What You Read Can Make the Difference
This profession is changing fast, and your time is limited. What you read and who you listen to can have a significant impact on your success. This session will review the major research methods being applied in information security today.
Securing a Virtualized Environment
The world is going virtual! Maybe true, but more importantly what does this trend mean for the security professional? Join a lively discussion on the security implications of a virtualized environment.
Log Aggregation
We've all heard about SIM, but how is your organization currently back-hauling, retaining, and rotating your logs? Are you just handling servers, or are you dealing with desktops as well? And, what about netflows? In this session, we have more questions than answers, but we'll survey some tools and share common experiences!
Anti-Phishing Techniques
Phishing attacks have grown to become a billion dollar problem with over 10,000 new phishing sites appearing per month. In this session, you will learn what organizations at the frontlines of this challenge are doing to combat phishers and also what new techniques are being developed to address this risk.
Forum Schedule
|
|