.png){kind=logo}
NW ISSA Security Conference
a Special Event @ InnoTech
Sponsored by
Your registration for the NW ISSA Security Conference gives you access to:
- one full day of focused security presentations including lunch & Special Lunch Presentation
- all of the InnoTech Conference sessions & vendor seminars & InnoTech Exhibits
(All NW ISSA Security Conference sessions take place on Thursday, May 6, only in Meeting Room E141 unless otherwise noted)
Cost to attend this Special Event @ InnoTech:
$50.00 ISSA, ISACA & Institute of Internal Auditors Members $65.00 Non-Members
- one full day of focused security presentations including lunch & Special Lunch Presentation
- all of the InnoTech Conference sessions & vendor seminars & InnoTech Exhibits
(All NW ISSA Security Conference sessions take place on Thursday, May 6, only in Meeting Room E141 unless otherwise noted)
Cost to attend this Special Event @ InnoTech:
$50.00 ISSA, ISACA & Institute of Internal Auditors Members $65.00 Non-Members
Sessions Include:
8:00am - 8:50am
The Future of Software: An Opportunity To Deliver Increased Value
Robert McDowell, Vice President, Information Worker Business Value, Microsoft
The question of the economy and how best to position you and your firm remain incredibly important. Practical issues like, 'how do I help my customers save money?' and 'how can I work with Microsoft to gain share relative to my competition?' are still very much a part of the conversation. Join Bob McDowell, Vice President for Information Worker Business Value at Microsoft, as he shares with you his thoughts on these issues and offers a look at how Microsoft will continue to drive advances in innovation and productivity for the future. Bob will also discuss generational changes disrupting the computing industry and their impact on IT: and the software-plus-services discussion is clearly accelerating and continues to gain momentum.
9:00am - 9:50am
Managing Social Media Risk in the Workplace
Stephen Marsh, CEO & Founder, Smarsh, Inc.
Social networking websites, such as Twitter, LinkedIn and Facebook give businesses immediate, innovative and effective ways of marketing their products and services, connecting with clients, and providing valuable channels for feedback and support. The business potential and power of these unique messaging platforms are undeniable. Irresponsible use, however, will create undeniable business risk. Social networking content is subject to a wide range of potential liability and could subject your business to reputational or legal damage.
How can your company maximize the benefits of using social networking tools and minimize the risk at the same time?
10:00am - 10:50am
The Collision of Privacy and e-Discovery
Aaron J. Cronan, Esq., e-Discovery & Information Governance Consulting
The core interests of privacy and electronic discovery/disclosures are nearly mutually exclusive. Privacy interests mandate the protection of communications and stored information from unauthorized access or disclosure. In contrast, discovery often seeks the disclosure of the very same communications and information. Mix in employee monitoring and the "personal" use of work property or information systems and we develop a significant friction point, complete with both civil and criminal repercussion if handled improperly. This session will discuss case law and statutes covering monitoring, searching, or intercepting employee emails, text messages, IM, and stored files. We will explore the boundaries between employer provided services, personal systems and third party hosts.
OR
10:00am - 10:50am
Cloud Security Road Ahead
Ken Biery, Jr.,Professional Services Manager, Verizon Consulting Services, Verizon Business
(CSA) and its 2010 initiatives. The presentation will also discuss some of the most common cloud security threats.
This includes shared technology vulnerabilities, data leakage, and malicious insiders.
11:30am - 1:00pmLunch and Special Presentation
Where is IT Going Next & What is it Taking with it?
Jeffrey N. Reich, Director of Operations, Institute for Cyber Security, University of Texas-San Antonio
Along with budget pressures, many segment leaders within an enterprise have options available to them for handling their information needs in non-traditional ways. These could include outsourcing, cloud computing and use of open source applications, among others. Some leaders in the enterprise now have the capability of addressing their needs without needing any more IT infrastructure than a desktop machine and an internet connection. What does this mean to the traditional IT department? What does the next generation of CIOs look like and what do they do? With privacy and security being paramount for many organizations, how can we address these needs when most of the infrastructure and data may not be visible to those responsible for policies and enforcement? Jeff Reich will lead our discussion as we leap into this next generation of IT.
1:00pm - 1:50pm
Local is the New Organic: A Bottom-up Model for Information Sharing
Michael Hamilton CISO, City of Seattle
This session introduces a model for the automated collection of security event data from public and private entities across a metropolitan area. Events are correlated across the geography and information regarding the "attack surface" made broadly available. Incident alerts are delivered to participants, regional and national CSIRTs, and when the information has intelligence significance, to the regional Fusion Center. Information sharing is thus timely, relevant, and broadly distributed.
OR
1:00pm - 1:50pm
AJAX: The Truth Behind the Hype
Lars Ewe, Chief Technology Officer & VP of Engineering, Cenzic
AJAX (Asynchronous JavaScript and XML) was hyped as a miracle technology for the web but has the technology delivered on this promise?
Join Cenzic CTO, Lars Ewe to review how adding on an AJAX component can radically alter the design of a web application infrastructure and examine poor design choices and their associated vulnerabilities teaches important lessons for developing secure AJAX applications.
Before implementing an AJAX architecture it is vital to determine whether or not AJAX is the right technology to use, and then, to acknowledge the potential pitfalls of implementation methods. Careful attention to these issues in advance can minimize vulnerabilities in your application and also allow you to avoid the common mistakes that can result not only in security vulnerabilities but in an application that is more complex and costly to maintain than necessary.
2:00pm - 2:50pm
Software Initiatives: How Do You Get Management Buy-in?
John Dickson, CISSP, Principal, Denim Group, Ltd.
The vast majority of information that exists about software security either focuses on technical means to build more secure applications, or strategies to put controls in a software development process. Unfortunately, there is a dearth of information regarding how managers should push secure software initiatives forward, convincing executives that software security is critical to trusted business operations. What can security officers do to build consensus around security for applications?
OR
2:00pm - 2:50pm
Hack to the Future
Barb Frederiksen, Forensic Software Analyst and Sr. Managing Consultant, Johnson-Laird, Inc.
Lt. Andy Schroder, Director of the Northwest Regional Computer Forensics Lab
The speakers will review current developments in computer fraud, data theft, and destruction of intellectual property as seen from the forensic perspectives of both criminal and civil investigations. The presentation will focus on current and emerging issues as they relate to evidence preservation, production, and forensic analysis.
3:00pm - 3:50pm
FTC and Recent Privacy Enforcement Actions
The FTC monitors for the unfair or deceptive collection, use and security of consumer personal information under Section 5 of the FTC Act. This session will discuss recent FTC enforcement actions relating to the privacy and security of personal information and the lessons learned from those actions.