SEARCH ADVANCED
Home Why IANS Research Consulting Individual Membership Events E-Secure-IT About IANS Log In






Date & Location
June 23-24, 2010
Cityplace Conference Center
Dallas, TX




Earn 16 CPEs for attending the
2-day Forum


Faculty & Speakers



Mark Diamond



Chris Silva



Josh Corman



Adam Cardinal



Peter Kuper



Marcus Ranum



Ron Ritchey



Joel Scambray



Nick Selby



Rocky DeStefano





 
 
Keynote Addresses

It’s About Control: Strategies for Saving, Managing and Deleting Electronic Documents
Mark Diamond
Discovery is both a hot topic and source of confusion and disagreement for many organizations. Should we save or delete e-mails? What are the best policies? What really works? This presentation will discuss best practices for becoming litigation ready and present case studies that relate to what works and pitfalls to avoid in this new environment, as well as ensuring compliance with policies.
 

"Ostrich Defense No More" - How Google blew the lid off the status quo and what that means to IT Security going forward.
Peter Kuper
The Google hack has finally ripped away the thin veil of perceived security many still cling to. While the US Government struggles to publicly frame the issues as manageable, tougher enforcement of security-related legislation and standards is inevitable. The ramifications are purely economic as the willingness of all involved parties top look the other way is now exceeded by the amount of theft now visibly taking place. However, in a still tight economy, doing more with less will remain a key constraint on budgets forcing IT security professionals to be even more creative.

Agenda Tracks

Information Assurance

  • Challenges with Structured and Unstructured Data
  • Use Cases for DLP
  • Moving Beyond DLP: What's Next?

    Security Operations
  • Proactive Threat Management
  • Use Cases for SIEM
  • Best Practices in Response

    Security Gamechangers
  • How Security Changes with Clouds
  • Mobility's InfoSec Future
  • Putting It All Together: Re-Perimeterization

    Risk Management
  • Think Risk
  • Regulation 2.0: New Administration, New Rules
  • Information Security and Contracts: What You Need to Know for 2010

    Security Leadership
  • "Data Breach Action Plan" - An IANS Case Study
  • Building and Managing a High-Performing Security Team
  • "The Trouble with Harry" - An IANS Case Study

    IANS Focus Topics
  • Seeking the APT
  • Real-time Enterprise Intelligence
  • Are You Rugged?
  • Risk and Rewards from Social Media

    Information Assurance
    Challenges with Structured and Unstructured Data
    This session will focus on the technology and procedures to discover, classify and monitor for inappropriate movement of structured and unstructured data in your environment.

    Use Cases for DLP
    DLP technology has been commoditized. What are some of the ways your peers are using the technologies in ways that perhaps weren't in the marketing manual? This session involves sharing use cases for DLP and the lessons learned.

    Moving Beyond DLP: What's Next?
    You've made a classification scheme, reduced the scope of your data inventory, and used DLP technologies to 'lock down' broad areas of your information. Now what? This session will discuss advanced DLP tips and tricks.

    Security Operations
    Proactive Threat Management
    More targeted threats and zero-day attacks are causing organizations to rethink their threat mitigation strategy. Better assessments and patch/config processes are a priority, but not enough. This session will focus on strategies, processes and technology to turn the tables and become more proactive.

    Use Cases for SIEM
    Solutions for SIEM have matured over the past two years, yet the use cases are often unclear which lead to dissatisfaction. This session involves participants sharing their experiences with SIEM, the specific use case, and the benefits gained from their deployment.

    Best Practices in Response
    Incident response has become a critical infosec function in the wake of mass data breaches and increasing attack vectors. This session will focus on sharing best practices to structure a team, develop processes and arm staff with tools to get the job done.

    Security Gamechangers
    Disruptive Innovations: Virtualization, Mobility and Cloud Computing
    This session will focus on the forces changing the game for security professionals, namely: virtualization and the emergence of more and more complex mobile devices, and cloud computing in the enterprise. We'll define these change agents and why they matter to your organization as well as why now is the time to take note. By establishing a baseline and a framework for classifying the appropriate awareness and response to these forces this discussion will set the stage for our session on how these elements change security.

    How Security Changes with Virtualization and Clouds
    This session will expand upon the practical elements of virtualization and how they extend to Cloud Computing. We'll explore how security manifests for/within/via various types of clouds. Mapping elements to a catalog of compensating controls and compliance initiatives will focus our efforts on the most relevant approaches to assessing security in Cloud Computing environments and how to approach evaluating your options.

    Putting It All Together: Re-Perimeterization
    This session will take the information from the first two sessions and introduce the concept of de/re-perimeterization with a discussion of the Cloud Security Alliance and Jericho Forum's models and how they relate to security architectures and managing risk in a virtualized and Cloud-driven environment.

    Risk Management
    Think Risk
    Business leaders understand and talk in terms of risk, not security. However, risk can have a language of its own whether you're addressing enterprise risk or IT risk. This session will focus on risk management strategies, frameworks and best practices to transition from a security group to a risk-based business advisor.

    Regulation 2.0: New Administration, New Rules
    The financial sector meltdown and a new Administration would cause enterprises to believe regulatory changes are inevitable. This session's discussion will focus on the Obama administration's agenda and what's being proposed in D.C. and elsewhere that could affect your organization.

    Information Security and Contracts: What You Need to Know for 2010?
    More and more frequently, legal departments call on security practitioners for input on contractual and licensing matters. This session will discussion common terms, allocation of liability, and tricks to keep in mind when negotiating security-related provisions.

    Security Leadership
    "Data Breach Action Plan" - An IANS Case Study
    Navigating a suspected data breach is no fun. Your organization immediately gets hit from all sides, and making the right decisions without full information is essential for the entire enterprise team from the CEO on down. IANS' newest case study explores how to prioritize your actions, and puts you in the shoes of senior management.

    Building and Managing a High-Performing Security Team
    Drawing from three years of IANS Forum discussions, this session will focus on the most promising operating models for information security, how feasible it is to manage information security like a business, and how to inject a sense of entrepreneurial spirit into the mix.

    "The Trouble with Harry" - An IANS Case Study
    Striking the right mix of technical speak and business speak is challenge for all IT groups. For IT security professionals, presenting the value of technical controls that don't slow down the business is particulary challenging. This case study will explore these issues.

    IANS Focus Topics
    Seeking the APT
    Advanced persistent threat (APT) is the marketing buzzword of 2010. Are the threats anything net new in the industry or just more top of mind? Almost every penetration aims to be "persistent" and is - by definition - more advanced than the defenses it eluded. The real problem, however, is detecting when APTs are attempting to or have already compromised your IT environment. This session will offer some approaches on how to detect them.

    Real-time Enterprise Intelligence
    In the risk influencer ecosystem, organizations expend a significant amount of energy focusing on geopolitical, financial, operational, and market risks. Since information has more avenues than ever to leave the organization, employee risk should be high on the operational risk list. From background checks to Twitter posts - how are you monitoring your organization's exposure to risk from your employees' activities?

    Are You Rugged?
    Software security is a strategic focus for many organizations as the threats have migrated up the stack to the application layer. Security must be a core competency in the SDLC and developers must be taught and live the principles of secure coding. This session will introduce a new way of thinking in this important area.

    Risk and Rewards from Social Media
    In the "always connected" realm, corporations are evaluating and using social media for a plethora of business cases. From crowd sourcing new product and service ideas to brand promotion and image control to extended customer service, organizations are looking for creative ways to maximize the benefits of social media. This session will explore the rewards and, more importantly, the risks to social media's presence in the organization.

    Forum Schedule


    • DISCLAIMER | PRIVACY POLICY | CONTACT US © 2009 COPYRIGHT IANS