CSI Summit Sessions

Summit Sessions are moderated sets of sessions within the conference, focused on the topics and challenges most critical to your success today. You'll get in-depth discussion from a variety of experts, and a variety of perspectives. Attend the entire Summit track, or just the sessions of your choice.

You'll come away with a fuller understanding of the issues and how they affect your organization, allowing you to draw your own conclusions and action plan.

Summit Session Schedule

Cloud Security Summit

Tuesday, 9:45am - 5:00pm
Moderator: Jahan Moreh, Michigan Group

Cloud combines virtualization with Web services—both of which are known for their significant unsolved security challenges. Additionally, cloud users are faced with new compliance complications, being that they may not have access to logs and may not know the geographical location of the servers on which their data resides. On the other hand, the cloud's superior load-balancing capabilities can be great protection against denials of service, and the cloud can provide not only on-demand access to business applications, but also to security applications and data.

Learn how the cloud works, what the cloud service landscape looks like, how to address the myriad compliance challenges and why the service agreement you make with the cloud service provider is paramount.

Session Breakouts:

1. Intro to the cloud and the cloud services landscape
2. Compliance challenges in the cloud
3. Identity management and other technical challenges in the cloud
4. Using the cloud for better security

Mobility Summit

Monday, 2:00pm - 5:00pm
Moderator: Amber Schroader, CEO, Paraben

Mobility is now a mission-critical component of many organizations. The need for mobility, agility and constant access is leading a push to on-demand Web services, wireless LANs, corporate-issued smartphones and media storage devices. Laptop computers and USB storage devices go missing. Smartphones introduce a staggering amount of complexity to your environment; and users have different expectations about smartphone use than they do of other business computing devices.

Whether your organization is an international enterprise with a large mobile sales force or an armed forces unit transmitting classified data to remote locations during rapid military deployments, you need remote access solutions that really work. Learn how to create a full secure remote access architecture—product selection, remote authentication, anti-malware protection, encryption, configuration control, wireless security protocols, regulatory compliance and more.

Session Breakouts:

1. Mobile storage devices
2. Smartphones
3. Remote access solutions that work

Risk Management Summit

Monday, 2:00pm - 5:30pm
Moderator: Ron Woerner, Security Compliance Manager, TD Ameritrade

Many organizations are moving away from traditional information security programs and instead adopting an information risk management approach to security. Easier said than done. How do you balance the fluidity of risk and the rigidity of compliance? Which of the many risk management schema and methodologies is best for your organization? Learn about the differences and the common themes—like classifying your organization's information assets and serving the business—and learn how to build a risk management program from scratch.

Session Breakouts:

1. Why risk management
2. Laying the groundwork: classifying assets and identifying stakeholders
3. Choosing a risk management methodology

Virtualization Summit

Tuesday, 9:45am - 5:00pm
Moderators: Steve Orrin, Director of Security Solutions, Intel; Nancy Lim, Senior Security Engineer and Program Manager, Acuity, Inc., currently contracted to U.S. Department of State

Virtualization both adds a layer of complexity to a computing environment and swaps out hardware for software. So it should come as no surprise that virtualization technology introduces new technological threats-including vulnerabilities within the virtualization software itself, virtualization-based malware, and exploits of legitimate but poorly secured virtualization features. Yet the security challenges of managing a virtualized environment are as great a threat. The ease with which virtual machines can be copied and moved may cause virtual machine sprawl, which ups the difficulty of keeping an accurate inventory, managing patching and proving compliance with regulations that aren't entirely ready to address virtualization. Still, virtualization's not all bad. Its superior powers of resource isolation can be leveraged to improve security.

Learn about the technical, management and compliance challenges of running a virtualized environment, find solutions for those problems and see how virtualization could itself be used as a security tool.

Session Breakouts:

1. Technical and management challenges of virtualization
2. Compliance challenges of virtualization
3. Virtualization security solutions
4. Using virtualization for better security

Web 2.0 Summit

Monday, 2:00pm - 5:30pm
Moderator: Judy Baltensperger, IT Security Architect, Wareonearth Communications Inc.

Morphing more business functions into Web 2.0 applications offers both irresistible business opportunities and undeniable security threats. Criminals are using the Web as an attack vector and crafting more sophisticated, exceptionally targeted attacks. Yet who needs to exploit vulnerabilities when there are plenty of malicious ways to use legitimate applications, like social networking sites and microblogs. And what about the browser? A browser is in a position to both protect the local device from Web-borne threats and thwart attacks that take place solely within the Web—but are current browsers proactively shouldering their security responsibilities?

Learn how to both secure your organization's own Web site and protect your sensitive data from attacks launched from other vulnerable Web sites. Get to know the Web-based threats of today and tomorrow, and explore what next-generation security tools could live up to the promise of revolutionizing Internet security.

Session Breakouts:

1. Web application vulnerabilities and attacks
2. Browser attacks
3. Mitigating Web security threats and next-gen solutions