End User Client Briefings

Join IANS' Faculty as they discuss the major IT security themes they see emerging for 2012 including:

- The State of Cloud Security Maturity
- Metrics Evolved- What Works & What People Are Using
- Targeted Attacks & Advanced Threat Management
- Compliance is Dead. Nah, Just Kidding

Join IANS Faculty Aaron Turner, Ed Moyle, and David Etue for a recap of 2011's information security major themes and events including:

• How the compromise of a security vendor creates risk for customers; if security vendors have a higher threat profile, should they be held to a higher standard; and what customers can do to better protect themselves.
• Mobile: How many organizations have mobile devices that have been infected/compromised in some way in the last year? Is ignorance bliss?
• Ideologically-motivated cyber activity changed the game in 2011: How the next generation hacker can defeat nearly any tool, and what can we do to counter it.

IANS end user clients Ed Bellis (HoneyApps), Brian Riley (Liberty Mutual), and Jasper Ossentjuk (HSBC) will lead discussion around:

A Post-AV World:
With anti-virus no longer a viable resource for avoiding breaches and mitigating attacks, we will discuss the alternative, and effective, resources available to infosec teams as they look to secure the data in their organizations.

How to Avoid the Media-Induced InfoSec Fire Drill:
Media is bringing attention – both good and bad – to information security. With high profile breaches like RSA, Sony, and Google, security professionals can expect that, at some point, a business leader or even board member will ask, “What are we doing to secure our company?” This segment will address information security preparedness as it relates to managing the expectations of those not in the security organization.

Next Generation Threat Management:
Security organizations are overhauling internal processes and starting to integrate the next generation of firewalls and network security analysis tools that can help detect sophisticated malware, counter social engineering attacks, and prevent client-side browser and software manipulation attacks, all critical tools in the arsenal of the persistent attacker. This segment will cover the area of next-generation threat management tools and practices that are being created and tested to address shortcomings of traditional products and processes.

What’s the secret of solid risk managers? Research shows that the most successful CISOs are the most collaborative and most likely to bring various teams to the table, so why do some organizations excel
at security operations while others continue to run around wildly, stamping out fires and never getting ahead?

In October's Enterprise Client Briefing, Michael A. Davis, IANS' Midwest Forum keynote speaker, will give a preview of his Forum talk and share what he has learned by speaking to CISOs about creating risk-based security organizations that consistently and effectively communicate risk to the business. Join this briefing to discuss your own experiences and learn what other security professionals are doing to tackle risk the right way.

The security problem has never been more obvious yet the investment in security start ups remains anemic. Venture Capital firms are in a corrective state as are many corporations driving them to cut costs
(i.e., security budgets), never mind the global economy's pervasive overhang. As such, the barriers to entry for any aspiring hacker are not being reinforced while the cost to break in is getting cheaper by the day. And we've yet to mention state-sponsored activities...

Join IANS Faulty Peter Kuper as he leads an open discussion on the start-up landscape, ways you can benefit from the change, and how to be ahead of the curve while the global economy wrestles with another "soft patch".

Adding information security elements to corporate contracts can be tricky and confusing, especially if you don’t have all the right constituencies involved. Join IANS Faculty Jeffrey Ritter as he presents
five key strategies for addressing security in your commercial contracts. Participants will learn best practices for improving team collaboration, receive a detailed strategic planning map, and learn more about how to achieve stronger governance of information security across vendor management programs.

Most organizations are actively implementing virtualization technologies ranging from desktop replacement to server virtualization. Many are also looking into the implementation of private clouds that
leverage virtualization technology, as well. Security is often an afterthought for IT Operations teams as these technologies are implemented, however, and information security teams need to understand what security options are available, as well as best practices in designing and implementing a secure virtualization or private cloud architecture. In this presentation, we'll cover the fundamentals of virtualization security design and configuration, and discuss the latest controls and security technologies that can help to protect data, systems, and applications within our virtualized datacenters.

Historically, hardware one-time password generators have dominated the two factor authentication marketplace. Recently, however, organizations are looking for alternatives. There are quite literally hundreds
of two-factor systems, though, and understanding how they all work - and how much they're all going to cost - can be quite daunting. This discussion will provide an overview of some of the economic factors organizations should consider in evaluating a two-factor purchase and that influence the cost of the system over the long term.

"It’s a national security imperative in a global economy that we have confidence in the supply chains of integrated systems and the integrity of the people, processes, and technology that comprise them."
- Hart Rossman

“In the digital age, sovereignty is demarcated not by territorial frontiers but by supply chains.”
– Dan Geer, CISO In-Q-Tel

Highlighting leading research from a recent study at the University of Maryland's Supply Chain Management Center, July's Enterprise Client Briefing will cover the state of the art in IT supply chain security with an emphasis on managing the risk that results from inter-relationships between system and product development lifecycles across the supply chain. Join Hart Rossman as he defines use and abuse cases, threats, and suggests solution sets that can be embraced by the IT supply chain ecosystem.

If you plan, build, operate, sell or buy anything that includes hardware, software, or online services, this ECB is for you!

Mobile computing has exploded over the past few years. Laptops are being augmented and in some cases replaced by smart devices and tablets running on 'Droid and iOS. This month's Enterprise Client Briefing
will address:

* Why protecting and managing data on mobile devices matters
* Building a business case for data protection on mobile devices
* Issues associated with allowing access from corporate or personally owned devices
* Which policies are needed to govern mobile device use

We will also take a look at which business and security requirements matter most when selecting a mobile device management (MDM) solution and share best practices for mobile data protection in the enterprise.