|
|
|
Register now: www.regonline.com/bos10
Challenges with Structured and Unstructured Data
This session will focus on the technology and procedures to discover, classify and monitor for inappropriate movement of structured and unstructured data in your environment. Less
Use Cases for DLP
DLP technology has been commoditized. What are some of the ways your peers are using the technologies in ways that perhaps weren't in the marketing manual? This session involves sharing use cases for DLP and the lessons learned. Less
Moving Beyond DLP: What's Next?
You've made a classification scheme, reduced the scope of your data inventory, and used DLP technologies to 'lock down' broad areas of your information. Now what? This session will discuss advanced DLP tips and tricks. Less
|
Proactive Threat Management
More targeted threats and zero-day attacks are causing organizations to rethink their threat mitigation strategy. Better assessments and patch/config processes are a priority, but not enough. This session will focus on strategies, processes and technology to turn the tables and become more proactive. Less
Use Cases for SIEM
Solutions for SIEM have matured over the past two years, yet the use cases are often unclear which lead to dissatisfaction. This session involves participants sharing their experiences with SIEM, the specific use case, and the benefits gained from their deployment. Less
Best Practices in Response
Incident response has become a critical infosec function in the wake of mass data breaches and increasing attack vectors. This session will focus on sharing best practices to structure a team, develop processes and arm staff with tools to get the job done. Less
|
How Security Changes with Clouds
This session will expand upon the practical elements of virtualization and how they extend to Cloud Computing. We'll explore how security manifests for/within/via various types of clouds. Mapping elements to a catalog of compensating controls and compliance initiatives will focus our efforts on the most relevant approaches to assessing security in Cloud Computing environments and how to approach evaluating your options. Less
Mobility's InfoSec Future
Understanding how the evolving mobile threat landscape can impact your organization's overall information security program. Key discussion points will focus on how current infosec controls can be leveraged for mobile and what new controls your organization may need to evaluate to better manage mobile-related risks. Less
Putting It All Together: Re-Perimeterization
This session will take the information from the first two sessions and introduce the concept of de/re-perimeterization with a discussion of the Cloud Security Alliance and Jericho Forum's models and how they relate to security architectures and managing risk in a virtualized and Cloud-driven environment. Less
|
Think Risk
Business leaders understand and talk in terms of risk, not security. However, risk can have a language of its own whether you're addressing enterprise risk or IT risk. This session will focus on risk management strategies, frameworks and best practices to transition from a security group to a risk-based business advisor. Less
Regulation 2.0: New Administration, New Rules
The financial sector meltdown and a new Administration would cause enterprises to believe regulatory changes are inevitable. This session's discussion will focus on the Obama administration's agenda and what's being proposed in D.C. and elsewhere that could affect your organization. Less
Information Security and Contracts: What You Need to Know for 2010
More and more frequently, legal departments call on security practitioners for input on contractual and licensing matters. This session will discussion common terms, allocation of liability, and tricks to keep in mind when negotiating security-related provisions. Less
|
Seeking the APT
Advanced persistent threat (APT) is the marketing buzzword of 2010. Are the threats anything net new in the industry or just more top of mind? Almost every penetration aims to be "persistent" and is - by definition - more advanced than the defenses it eluded. The real problem, however, is detecting when APTs are attempting to or have already compromised your IT environment. This session will offer some approaches on how to detect them. Less
Real-time Enterprise Intelligence
In the risk influencer ecosystem, organizations expend a significant amount of energy focusing on geopolitical, financial, operational, and market risks. Since information has more avenues than ever to leave the organization, employee risk should be high on the operational risk list. From background checks to Twitter posts - how are you monitoring your organization's exposure to risk from your employees' activities? Less
Are You Rugged?
Software security is a strategic focus for many organizations as the threats have migrated up the stack to the application layer. Security must be a core competency in the SDLC and developers must be taught and live the principles of secure coding. This session will introduce a new way of thinking in this important area. Less
Risk and Rewards from Social Media
In the " always connected " realm, corporations are evaluating and using social media for a plethora of business cases. From crowd sourcing new product and service ideas to brand promotion and image control to extended customer service, organizations are looking for creative ways to maximize the benefits of social media. This session will explore the rewards and, more importantly, the risks to social media's presence in the organization. Less |
IANS Faculty
IANS Research
The Steering Committee is a consortium of the region’s top senior information security executives from Fortune 1000 companies, large government agencies, and academic institutions. These executives guide and shape the Forum Curriculum and Agenda, ensuring the event is relevant and exciting for participants
 |
Vice President, Risk Management
Chief Security Officer
|
Dennis Brixius serves as vice president and chief security officer of The McGraw-Hill Companies, overseeing the development and implementation of enterprise-wide security and risk management policies. His responsibilities also include technology-based security solutions to protect the Companies’ intellectual property, business continuity, and the privacy of employee, business partner, and customer data.
Prior to joining The McGraw-Hill Companies in January 2004, Dennis was the director of enterprise architecture and chief information security officer at Praxair, Inc. He has also held senior-level positions at TRW, Realogic, BP, and Ford, and has extensive expertise in the information technology, media/telecommunications, automotive, energy, and aerospace industries.
Dennis earned a BA in mathematics from Gettysburg College and an MBA from the University of Delaware, and is a member of the Information Systems Security Association (ISSA). In 2007 he won the Information Security Executive Tri-State People’s Choice Award and was named CSO of the Year by SC Magazine. |
| |
Vice President of IT Assurance
|
Chief Information Security Officer & Sr. Director of Networks
|
Information Security Officer
|
SVP, Architect, Search, IT Security
|
Vice President & Chief Information Security Officer
|
Information Security Officer
|
|
|