Symposiums

Time Warner Cable
7800 Crescent Executive Drive
Charlotte, NC

Security teams need to strike a balance between usability and security when it comes to mobile technologies. Tablets and smartphones are very attractive to users - mobile apps are extremely easy for vendors to develop, and security organizations can no longer say “no” to their use. But when it comes to security, these devices introduce new risks that must be managed differently from laptops, desktops, and servers. Specifically challenging is the fact that most mobile devices run on networks that enterprises have never, and probably will never, gain visibility into (home and carrier networks). Further complicating the issue is the fact that mobile device management is still in the infancy stages and mobile platform developers and OEM's have zero motivation to develop enterprise-focused devices, thus leaving security teams scrambling to keep up with their users’ consumer-focused mobile devices.

At the IANS’ Mobile Technology Security Symposium, Aaron Turner will lead a discussion on managing mobile technology security. The goal of the event will be to address key questions such as:

Symposium attendees will also benefit from the lively discussion of attendees sharing experiences, debating best practices, and reveiwing successes and failures. Join us for what promises to be a dynamic and interactive event!

Symposium participation is by invitation only.

KPMG Offices
Two Financial Center
60 South Street
Boston, MA

At the InfoSec Talking Business Symposium, Dr. Amit S. Mukherjee, IANS’ newest Faculty Member, will present and lead attendees in a moderated roundtable discussion on translating security initiatives to a business context.

In his award-winning book, The Spider’s Strategy, Dr. Mukherjee wrote that IT and business professionals often resemble “an unhappily married couple that cannot figure out how to effect a divorce without one side slipping into poverty and the other side being saddled with burdens, particularly financial, that it cannot afford.”

This invite-only Symposium will address practical ways in which IT Security professionals can take practical, effective steps to bridge this debilitating gap.

Dr. Mukherjee will outline his own practical framework that ties technology initiatives to the basic needs of today’s global businesses. Drawing on this framework, and on a short online survey attendees will complete, he will facilitate a discussion among attendees about how they can better communicate the interests of large, complex IT Security initiatives in business terms.

InterContinental Buckhead Atlanta
3315 Peachtree Rd NE
Atlanta, Georgia 30326

The IANS Identity & Access Management Symposium will cover:

Authentication: Getting “Real” about Multi-Factor
Authentication hasn’t changed much technologically over the last two decades. But recent events are challenging existing solutions from a technical and economic standpoint. While executive-level interest in authentication strategies remains high due the RSA breach, we will explore what authentication strategies are working and what aren’t, where organizations have succeeded in making changes, and what the challenges have been in those deployments.

Identity and the Cloud
Cloud and virtualization present difficulty to existing identity strategies – both for provisioning new users and managing existing ones. Strategies that worked in the legacy environment don’t always cleanly transition once these new technologies are adopted. This session will explore how cloud models have changed the identity space, what strategies have worked for organizations that have gone through this change, and the lessons learned for those who are just starting down this road.

Privileged User Management
Managing administrative accounts and privileged users has always been a battle. As environments get more complex, the issue continues to compound and get less manageable. This session will focus on manual and automated strategies that organizations have used to address the challenges in this arena.

The Economics of Identity
Whether organizations realize it or not, identity is a huge expense. The soft costs associated with these tasks are often invisible since they may be spread throughout the organization. This session will focus on sharing experiences, challenges, and strategies for how to realistically understand and measure current spending levels, and how to control these costs.

The McGraw-Hill Conference Center
1221 Avenue of the Americas, 2nd floor
New York, NY 10020

Everyone's concerned about data leakage, but it's a hard problem to start tackling. Depending on how your organization is structured, data may be held in a wide variety of places by an unknown number of sub-groups with varying degrees of autonomy. The default in many organizations appears to be: A big share on a Microsoft platform with RWD set for all the files.

Where do we go from there?

In IANS’ DLP Symposium we will be discussing the pros and cons of various approaches to DLP (at the edge, in the core, in the cloud, in the server) and sharing experiences about what works. We'll also talk through strategies for beginning a DLP roll-out. What tools work, what policies make a difference, and how to identify and sort through data assets. Our emphasis will be on planning and implementing effective controls.

Turner Broadcasting Systems, Inc.
At the Atlanta SIEM Symposium, IANS Faculty member Dave Shackleford will lead attendees in discussions that cover a wide range of relevant topics that delve into the most pressing event management issues today. These include, but aren’t limited to, the following:

Effective Data Correlation
Implementation Tips & Tricks
Proven Data Breach Detection & Mitigation Methods

The Coca-Cola Company
Malware is a consistent issue for security professionals seeking to maintain a proactive stance in securing their organization's systems and information. With each breed of malware emerging more advanced than the defenses it eludes, an understanding of what comprises the new breed of threats in 2010 and beyond is critical.

Sears Tower
It is not uncommon for a sales manager to decide, "We are going to use SalesForce.com." Throughout the enterprise, business people are pushing for the cloud and information security should not resist this wave, but alternatively, embrace it with caution and education.

Information Assurance Technology Advisory Center
For organizations with critical intellectual property, advanced persistent threats (APTs) are among the most significant threats faced today. Once just a concern of the defense/industrial complex, APTs are now a major concern for private enterprise as well. These are complex, customized threats from very sophisticated and well-financed adversaries.

Depository Trust & Clearing Corp
As market demand for application security has grown, tools and services have evolved to meet enterprise requirements. An important shift is occurring in software security development form diagnosing problems after they occur to addressing both architectural design and flaws in the code.

Akamai Technologies
Outsourcing should be viewed as a strategic business decision that can add sustainable business value. However, businesses continue to wrestle with the issues of trusting their outsourced service providers with sensitive data and customer information.

Virtual Symposium
Consumer Packaged Goods (CPG) companies face many similar information security issues. These include the challenges of creating visibility and a business case for security; ensuring the security of third parties; securing sensitive data; and security manufacturing systems in plants. By sharing their challenges and solutions, information security professionals in CPG can identify approaches that can work in their company.

Reed Elsevier
Preventing the leakage of sensitive data remains an area of concern and a priority for information security professionals. A data leak is like an oil spill; it can be hard to clean up and can have disastrous consequences. The challenge is preventing the spill in the first place. This symposium had two sections. The first part focused on the problems associated with data leakage. The second part focused on solutions.

CVS Caremark
PCI remains a major priority for organizations that are subject to it. Most of the confusion and mystery associated with PCI has dissipated. There isn't a clear ROI for PCI; it is something that organizations simply must do. Now organizations face the hard, ongoing work of complying. This has become more difficult in the current economy as organizations have to "do more with less." As a result, organizations are focusing on using better processes, on automating, and on virtualizing aspects of PCI compliance (on isolated, segregated networks).

Nortel
Organizations are in different stages of implementing PCI. Regardless of stage, it is important to understand the basics of PCI. This includes knowing what level of merchant an organization is, what type of self assessment is required, what must be encrypted, and what can and can't be stored. It is also important to minimize the portion of the network (the scope) that must comply with PCI.

Lockheed Martin
Malware and spear phishing attacks against commercial enterprises, government agencies, and universities have become highly sophisticated and coordinated by international crime organizations and nation-states with high-level expertise and tremendous financial resources.

Motorola
Identifying insider threats against intellectual property theft.

Oracle
Assessing the impact of virtualization on security environments and identifying leading practices in this area.