IANS - Forum Details

Midwest Information Security Forum 2010 Agenda

Tracks	Sessions
Information Assurance	Challenges with Structured and Unstructured Data This session will focus on the technology and procedures to discover, classify and monitor for inappropriate movement of structured and unstructured data in your environment. Less Use Cases for DLP DLP technology has been commoditized. What are some of the ways your peers are using the technologies in ways that perhaps weren't in the marketing manual? This session involves sharing use cases for DLP and the lessons learned. Less Moving Beyond DLP: What's Next? You've made a classification scheme, reduced the scope of your data inventory, and used DLP technologies to 'lock down' broad areas of your information. Now what? This session will discuss advanced DLP tips and tricks. Less
Security Operations	Proactive Threat Management More targeted threats and zero-day attacks are causing organizations to rethink their threat mitigation strategy. Better assessments and patch/config processes are a priority, but not enough. This session will focus on strategies, processes and technology to turn the tables and become more proactive. Less Use Cases for SIEM Solutions for SIEM have matured over the past two years, yet the use cases are often unclear which lead to dissatisfaction. This session involves participants sharing their experiences with SIEM, the specific use case, and the benefits gained from their deployment. Less Best Practices in Response Incident response has become a critical infosec function in the wake of mass data breaches and increasing attack vectors. This session will focus on sharing best practices to structure a team, develop processes and arm staff with tools to get the job done. Less
Security Gamechangers	How Security Changes with Clouds This session will expand upon the practical elements of virtualization and how they extend to Cloud Computing. We'll explore how security manifests for/within/via various types of clouds. Mapping elements to a catalog of compensating controls and compliance initiatives will focus our efforts on the most relevant approaches to assessing security in Cloud Computing environments and how to approach evaluating your options. Less Mobility's InfoSec Future Understanding how the evolving mobile threat landscape can impact your organization's overall information security program. Key discussion points will focus on how current infosec controls can be leveraged for mobile and what new controls your organization may need to evaluate to better manage mobile-related risks. Less Putting It All Together: Re-Perimeterization This session will take the information from the first two sessions and introduce the concept of de/re-perimeterization with a discussion of the Cloud Security Alliance and Jericho Forum's models and how they relate to security architectures and managing risk in a virtualized and Cloud-driven environment. Less
Risk Management	Think Risk Business leaders understand and talk in terms of risk, not security. However, risk can have a language of its own whether you're addressing enterprise risk or IT risk. This session will focus on risk management strategies, frameworks and best practices to transition from a security group to a risk-based business advisor. Less Regulation 2.0: New Administration, New Rules The financial sector meltdown and a new Administration would cause enterprises to believe regulatory changes are inevitable. This session's discussion will focus on the Obama administration's agenda and what's being proposed in D.C. and elsewhere that could affect your organization. Less Information Security and Contracts: What You Need to Know for 2010 More and more frequently, legal departments call on security practitioners for input on contractual and licensing matters. This session will discussion common terms, allocation of liability, and tricks to keep in mind when negotiating security-related provisions. Less
IANS Focus Topics	Seeking the APT Advanced persistent threat (APT) is the marketing buzzword of 2010. Are the threats anything net new in the industry or just more top of mind? Almost every penetration aims to be "persistent" and is - by definition - more advanced than the defenses it eluded. The real problem, however, is detecting when APTs are attempting to or have already compromised your IT environment. This session will offer some approaches on how to detect them. Less Real-time Enterprise Intelligence In the risk influencer ecosystem, organizations expend a significant amount of energy focusing on geopolitical, financial, operational, and market risks. Since information has more avenues than ever to leave the organization, employee risk should be high on the operational risk list. From background checks to Twitter posts - how are you monitoring your organization's exposure to risk from your employees' activities? Less Are You Rugged? Software security is a strategic focus for many organizations as the threats have migrated up the stack to the application layer. Security must be a core competency in the SDLC and developers must be taught and live the principles of secure coding. This session will introduce a new way of thinking in this important area. Less Risk and Rewards from Social Media In the " always connected " realm, corporations are evaluating and using social media for a plethora of business cases. From crowd sourcing new product and service ideas to brand promotion and image control to extended customer service, organizations are looking for creative ways to maximize the benefits of social media. This session will explore the rewards and, more importantly, the risks to social media's presence in the organization. Less

The Steering Committee is a consortium of the region’s top senior information security executives from Fortune 1000 companies, large government agencies, and academic institutions. These executives guide and shape the Forum Curriculum and Agenda, ensuring the event is relevant and exciting for participants

2010 Midwest Steering Committee

Anna Sherony Chief Privacy and Security Officer Sammons Enterprises	Bradley Schaufenbuel Chief Information Security Officer & Privacy Officer Midwest Banc Holdings	Jasper Ossentjuk Chief Information Security Officer HSBC Bank USA	Chandler Howell Senior Principal, Information Security Management WMS Gaming Inc.	Greg Bee Chief Information Security Officer Country Insurance & Financial Services
John Johnson Senior Security Project Manager Deere & Co.	Ray Biondo Vice President & Chief Information Security Officer Health Care Service Corporation	Richard Rushing Senior Director, Information Security Motorola	Scott Shepard Senior Director, Information Security Motorola	Erick Rudiak Chief Information Security Officer Hewitt Associates