Conferences that solve current IT challenges

Threat and Vulnerability Management

Strategies to help determine the levels of security/patching, vulnerability management and compliance needed for your extended enterprise

March 26, 2009

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

   

Donald E. Stephens Convention Center  Rosemont (O'Hare) Illinois

Overview

The number of threats and vulnerabilities is growing. The timeframe between when a vulnerability is found and when it is exploited has shortened.  The urgency to mitigate network vulnerabilities has become more crucial than ever.

What You Will Learn

In this one day conference attendees will learn:

  • How to make the decision as to whether you should insource or outsource your IT security efforts and by what percentage
  • What areas should you be doing interally versus hiring expensive security consultants
  • How to leverage white listing technology
  • Strategies for handling regulations and data privacy Is it encrypted; is it decentralized?
  • How to handle work life balance - working from home/hotel poses increased security threats; how do you protect what’s going on in the laptop; ID badge-activating laptop – asset management
  • Strategies for security/vulnerability management – how do you keep all your products up to date
  • Application control – how many should have access and to which applications? i.e. Not everyone needs access to HRIS apps if they are not in HR
  • Strategies for configuration management – device control; thumbdrives; CDs
  • Data leakage/data protection – How to manage the movement of data

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

Thomas

9:00am-10:00am

2009 Cyber Security Landscape: Trends - Predictions - Long Range Security Disruptors

Ralph Thomas, iDefense Deputy Director and Manager of the Malicious Code (Malcode) Intelligence Team, VeriSign

The malicious actors targeting the modern enterprise are no longer just “script kiddies.” Today’s cyber criminals have formed groups, which iDefense refers to as “cyber security cartels” for their similarity in structure and operational plan to the American drug cartels of the 1980s. These “cyber cartels” have focused their combined efforts on building their own infrastructure and on attacking Internet infrastructure for profit. From using Fast-flux networks to defeat phishing takedown services, to hiding behind bulletproof hosting services, to establishing entire underground markets to sell iFrame attacks, the bad guys have even fooled home users into purchasing malicious Trojan programs that claim to provide security protection. This presentation will describe some of the evolutionary progression made by these cyber security cartels in 2008 and make some predictions about what we might expect to see in 2009. Finally, we will discuss some cyber security disruptors; technologies coming down the pipe that will fundamentally change how you defend your enterprise.

10:00am -10:30am - Refreshment Break

 

 

10:30am-11:30am

Strategies for Mitigating Increased Threats and Vulnerabilities in a Challenging Economy

Rich Linke, CSO, Global Security Management; Former Global Patch Management, Kraft Foods

The current economic environment is causing many organizations to spend more on security.  The primary driver, according to industry analysts, is protecting the information assets of the enterprise.  In the wake of current financial scandals controls and policies may play see increased role.  But where should you start?  How should you refine your ‘Threat and Vulnerability Management’ plan?

 

In this informative session, attendees will learn the following from a seasoned IT security professional:
  • What the new emerging threats are and the risks the pose
  • What new techniques and technologies you should be considering to mitigate threats and vulnerabilities
  • What other organizations are doing to reduce the impact of potential threats
  • What you can do today to better protect your enterprise
  • Where should you prioritize your spending?

Harris

11:30am-12:30pm

Business Rationale for Patching Computer Systems

Danny Harris, Manager of Information Security Policy and Awareness, The Aon Corporation

This session will focus on the rationale for patching computer systems, with an emphasis on improving security and reliability. We will discuss how the security threatscape has dramatically changed by examining a number of real-world attacks and the implications for business. In addition, other factors such as regulatory requirements, due care, and good business practices need to be considered among the criteria for patching systems.

12:30pm - 1:30pm Luncheon

Shepard

1:30pm-2:30pm

Preventing Leakage: How to Protect and Manage the Movement of Data

Scott Shepard, CISSP, CISM, Principal Consultant, Glasshouse Technologies, Inc.

Given the current economic climate and financial scandals, data leakage may become even more important in the coming year.  Companies know how to implement systems to protect outside threats, but what about those that originate inside the company walls? 

 

In this session attendees will learn how to effectively design and implement policies, frameworks and tools to protect the organization from the following:
  • Insiders sending confirmation information via e-mail
  • Accidentally spilling confidential information on the Internet from using Web 2.0 technology (blog, mashup)
  • Physical/IT security – a laptop being stolen out of a hotel room or from a trade show

2:30pm - 3:00pm - Refreshment Break

Hansen

3:00pm-4:00pm

Taking the Cost, Complexity, and Hassle Out of Endpoint Security 

James Hansen, Sr. Product Manager, BigFix, Inc.

Compliance Preparing for an audit is time consuming and costly. The consequences for failing an audit are even worse and cyber threats abound. But, worst of all is the on-going cost in time and money ensuring your systems stay in compliance AND you're still meeting existing IT security, availability, productivity, and cost reduction goals.

Unfortunately, shrinking IT budgets won¹t give organizations a free pass when it comes to compliance with information security regulations. Organizations must find ways to cut costs and still maintain  compliance with configuration requirements ­ for a variety of regulatory requirements and corporate governance programs while maintaining ongoing vulnerability assessments.    

Attend this session to learn about strategies for better guarding endpoint assets and status and how to achieve continuous compliance while keeping threats at bay.

Milroy

4:00pm-5:00pm

Implementing an Effective Threat and Vulnerability Management Program

Derek Milroy, MCSE, GSEC, CISSP, CISA, Security Architect, Large Midwestern Financial Services Company

This presentation will outline a framework for implementing a vulnerability management program. Topics covered will include items/issues to be aware of as you architect a vulnerability management framework specifically for your organization. This presentation will also cover reporting for all levels of your organization, including how to gather and report on meaningful metrics that can be used to track progress for remediation of vulnerabilities throughout your environment.


Conference price: $249 per person.


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

  


Share Your Expertise Keep in Touch The Conference Center
Submit your speaking proposal or call us at (312) 527-2800 Add yourself to the CAMP IT Conferences mailing list. Directions
Lodging Information
Village of Rosemont
Chicago O'Hare Airport