Attacks & Vulnerabilities
Security is currently at a crossroads, but unfortunately one of the cross streets is a significant increase in the sophistication and determination of attackers. Antivirus is increasingly unable to detect malware; malware payloads create increasingly capable botnets; and new infrastructures based on cloud and virtualization create new vectors for attack. Sessions will cover some more technical concepts.
Application Security
The new basic unit of computing infrastructure is not the server, but the application. The more Web-facing these applications become, the more mobile access they provide, and the more they tap into existing back-office mainframe systems, the smarter we must become about developing, deploying, and administering applications.
Awareness Training & Education
Whether mandated by internal and external governance regulations, awareness programs need to be proactive, fresh, and current in order to be successful. Learn how to establish a security awareness program that is focused on the enterprise’s entire user population. Take your existing program farther in its effectiveness.
Cloud Security
Cloud strategies raise fundamental questions about security, not to mention compliance with existing compliance requirements. So we’ll bring together all the key stakeholders—cloud providers, end-user organizations, IT strategists and security gadflies—and hammer out practical approaches to cloud that don’t throw away fundamental security.
Compliance & Policy
IT, legal, human resources and accounting departments all have different standards and regulations to comply with, with different auditing process and different reports to generate. Even infrequent changes to FISMA, PCI, SOX, HIPAA, GLBA, HSPD-12, FDCC SAS 70 or BASEL II can make compliance seem impossible. This track aims to cover some of the most pressing and current policy and compliance issues facing our industry today.
Government
Government agencies—from Federal government to State and even local municipalities—have significant challenges in information security and privacy. Our expert speakers will provide guidance and education for those involved in securing government agencies. While the focus of the sessions should be at the Federal level, other proposals discussing foreign governments will be reviewed as well.
Identity & Access Management
As enterprises seek to improve their security by enhancing their identity management capabilities, they need practical information on how to implement and manage these new technologies and protocols.
Incident Response & Forensics
Incidents of computer crime are rising at an alarming rate. As a result, the burden of performing proper forensics on information systems is switching from law enforcement to include corporate IT and information security professionals. This track will demonstrate the techniques for recovering computer evidence after a system has been compromised. Sessions will include the latest in forensic tools and techniques as well as the technologies that assist in recovering evidence.
Mobile & Wireless Security
Mobility is now a mission-critical component of many organizations. The need for mobility, agility and constant access is leading a push to on-demand Web services, wireless LANs, corporate issued smartphones and media storage devices. The mobile and wireless security track is primarily focused on providing the most up-to-date security within these ever-changing technologies. As new standards arise and products emerge, a solid education in these principles is essential for any security professional in a decision-making role.
Risk Management & Metrics
Many organizations are moving away from the traditional information security programs and instead are adopting an information risk management approach to security. Security professionals face many issues in implementing an effective risk management process. Sessions is this tracks aim to provide risk analysis methods and offer practical examples to assist in real-world implementation.
Virtualization
Virtualization both adds a layer of complexity to a computing environment and swaps out hardware for software. So it comes as no surprise that virtualization technology introduces new technological threats. Yet the challenges of securely managing a virtualized environment are as great a threat. This track will address the technical, management and compliance challenges of running a virtualized environment, find solutions for those problems and see how virtualization could itself be used as a security tool.
Web 2.0
Morphing more business functions into Web 2.0 applications offers both irresistible business opportunities and undeniable security threats. Sessions in this track will look at security-related standards and protocols within the Web services arena, vulnerabilities discovered to date, strategies for penetration testing Web services applications and best practices for deploying secure Web services applications.
