Security Café’s – New for 2009
The new Security Cafés are an educational forum for discussion with peers, catalysed by the facilitator rather than an address. Each café has a series of lectures with the focus on the café theme. Each day will be super structured in the same way – with a discussion first on the main theme for the café, and then a series of topic specific roundtables, repeated twice during the day.
It is intended that the Security Cafes will cover four themes:
Data Leakage Prevention Global Corporate Challenges Online Security Threats & Mitigation.
The content will be highly interactive, with leading industry expert-facilitation and expert panels for the sessions. With free tea/coffee on offer, why not drop in and take the weight off your feet, whilst sharing your views and learning with your peers?
> DLP
> Global Corporate Challenges
> Online Security
> Threats & Mitigation
DLP
| Tuesday 28th April | Wednesday 29th April | Thursday 30th April |
|
Session sponsored by
|
Session sponsored by
|
Session sponsored by
|
| Title: A Systems Approach To Protecting Information Throughout The Infrastructure With Microsoft & RSA |
Title: Data Protection And The Malicious Outsider Threat |
Title: Data Protection |
|
The business challenges that customers are facing related to the security of their data are becoming more pronounced. Data breaches are becoming more common, the cost of a data breach is growing and companies must also continue to comply with a wide range of corporate and industry regulations to protect sensitive data as the cost of remaining compliant grows. With that context, business information must still be accessible to authorised users when they need it, wherever they are. The need for information to be used across company boundaries is also growing. Information protection solutions must therefore strike the right balance between security and providing appropriate access to the right people. This session will look at how Microsoft and RSA are working together to establish a built-in “systems” approach that helps protect information throughout the infrastructure based on content, context and identity. |
Experts will agree that one of the major changes in today’s malware landscape, compared to the one we knew a few years ago, is the emergence of a new underground economy that focuses on data theft and fraud. Behind the scenes we find criminal organisations fuelled by the promise of easy money and low risk resulting in an explosion in the number of malware variants companies need to protect themselves against. Come and discover how attacks take place today and why valid malware security solutions need to be ‘in the cloud’. We’ll also cover why data in motion should be encrypted to minimise risks of this valuable asset ending up in the wrong hands.
|
This café will consider the following:
|
| Speaker: Ms. Rashmi Tarbutt, Senior Manager, Technical Marketing, RSA | Speaker: Mr. Fernando Rynne, General Manager, Encryption Group, Trend Micro (UK) Limited | Speaker: Mr. Bill Aubin, Vice President, Endpoint Security SBU, Lumension |
Sessions begin at 11:45 - 13:00 and are repeated in the afternoon at 15:15 - 16:30
|
Title: Six Best Practices For Preventing Enterprise Data Loss |
Title: Data Protection And The Malicious/Careless Insider Threat |
Title: Endpoint Protection |
| Enterprise data loss cost businesses $105 billions dollars in 2008
Enterprise data losses are growing, companies are continuing to collect even greater volumes of data in order to optimise business processes, improve customer service, and enhance partner relationships. Greater volumes of data translate to a wider distribution of that data across an increasing number of information systems throughout the enterprise. The result – an increased risk of compromising sensitive data. So, how can companies protect themselves from a data loss catastrophe? Attend this session to understand the six best practices to prevent enterprise data loss and how by following these best practices, companies can not only improve their ability to secure sensitive customer data, but also to protect revenue, ensure customer loyalty and meet government and industry regulations. |
The malicious insider is classed as the greatest security concern because they have relatively easy access to corporate assets. But companies are also faced with the careless insider threat due to the lack of knowledge employees may have with regards to the data they handle. Regardless of whether your company is guided by compliancy regulations or internal governance rules, loss of data can be damaging to your brand reputation and therefore needs to be prevented.
Come and discover how other companies have tackled this threat using Trend Micro’s award winning Data Protection Leakage (DLP) solutions, share your own experience and learn from the audience how to implement such solutions in your own. |
Endpoint Protection defines and enforces a trusted computing environment by utilising application whitelisting to deny all unauthorised and malicious code from executing on corporate endpoints. Endpoint Protection prevents unauthorised applications without relying on signature updates and provides lower user support and administrative overhead. |
| Speaker: Ms. Rashmi Tarbutt, Senior Manager, Technical Marketing, RSA | Speaker: Mr. Rik Ferguson, Senior Security Advisor, Trend Micro (UK) Limited | Speaker: Mr. Bill Aubin, Vice President, Endpoint Security SBU, Lumension |
Online Security
| Tuesday 28th April | Wednesday 29th April | Thursday 30th April |
| Session sponsored by
|
Session sponsored by
|
Session sponsored by |
| Title: Online Security For The Individual - Where Are We & Where Are We Heading? | Title: Web Apps: The Window To Your World | Title: e-Crime In The Current On Line World ? |
| This session will provide participants with the opportunity to consider from their personal perspective the challenges in the form of threats and vulnerabilities they face from the “Martini” society (Anytime, Any place, Anyone, Anywhere, Any Device (personal or business, on the move or at a fixed location), Any Application). Participants will be encouraged to put aside their feelings and consider the facts. | Highly sensitive data is increasingly being accessed via Web browsers as, paradoxically; many of the features that make browsers so convenient also make them incredibly insecure, so the applications themselves become complicit to malicious penetration of corporate systems. The resulting identity and data theft has become a major concern to corporations and consumers alike. Many of the most dangerous security holes in corporate IT infrastructure are based not on worms or viruses, but on vulnerabilities in the applications themselves. These vulnerabilities - unique to each application - leave Web infrastructures exposed to attacks such as cross-site scripting, SQL injections, and cookie poisoning. This session summarises the threat and what to do about it. |
As malware continues to evolve, e-Crime increases and sophisticated attacks target individuals as well as organisations - to what degree is effective security realistically achievable? These sessions will examine some of the latest threats and techniques used by e-criminals. It will disclose some of the current challenges and create an opportunity for attendees to share and discuss their experiences. From each session, the best contributors will be given one year’s complementary membership of the ISSA and be invited to take part in future ISSA Expert Panel workshops.
|
| Speaker: Mr. Roger Southgate, Immediate Past President Of The London Chapter Of ISACA | Speaker: Mr. Owen Cole, Technical Director, F5 Networks | Speakers: Mr. Geoff Harris, President, ISSA-UK Mr. David Lacey, Director of Research, ISSA-UK |
Sessions begin at 11:45 - 13:00 and are repeated in the afternoon at 15:15 - 16:30
| Title: Online Security For Organisations -Reality Check |
Title: PCI – The Clampdown |
Title: Who Do You Think You Are? – The Big Online Identity Questions |
|
This session will provide participants with the opportunity to: a) Take a step back and consider where we currently are, and b) Look into the future and consider whether the situation is improving or getting worse and what can be done about it. |
You could be forgiven for thinking that the noise around, and pressure to implement, the PCI DSS guidelines reached a peak in 2007, we moved on, and now it can be safely ignored. Evidence, both anecdotal and documented, suggests that this is not the case. The payment card brands have started to stamp down financially on non-compliant merchants as opposed to relying on peer pressure generated by media coverage to achieve their aims. Endorsed by the PCI Security Standards Council, VISA’s Payment Application Best Practices (PABP), introduced last year, is aimed squarely at making people develop secure applications. This session takes you through the PABP requirements and demonstrates the technology available to make your company compliant…and avoid being fined. |
Identity assurance is important to us all. Government, employers, retailers and individuals all need assurance that our identities are real. This briefing will outline the latest plans for the government’s Interception Modernisation Programme and allow attendees to debate the above questions further. From each session, the best contributors will be given one year’s complementary membership of the ISSA and be invited to take part in future ISSA Expert Panel workshops. |
| Speaker: Mr. Roger Southgate, Immediate Past President Of The London Chapter Of ISACA | Speaker: Mr. Owen Cole, Technical Director, F5 Networks | Speakers: Mr. Geoff Harris, President, ISSA-UK Mr. David Lacey, Director of Research, ISSA-UK |
Global Corporate Challenges
| Tuesday 28th April | Wednesday 29th April | Thursday 30 April |
Session sponsored by |
Session sponsored by |
Session sponsored by  |
| Title: Mobile Security Headaches - Balancing Security With Usability | Executive Briefing | Title: Cloud Computing |
| Corporations should not underestimate the significance of securing mobile handsets, particularly as more and more business and personal information is now being accessed on one device. However, when it comes to securing devices, usability should not be compromised. With examples from enterprise mobile deployments, this session will explore how companies can confidently secure its workforce’s mobile devices, without hindering the user experience and reducing productivity. |
Private invitation only | Join the ISF Research and Services Team for a highly interactive workshop session. Together we will identify the risks and threats from using cloud computing in our organisations, examine the suitability of using traditional approaches to securing our information, and finally identify new ways to support the business in their use of these exciting new technologies. |
| Speaker: Mr. Michael K Brown, Director, Product Management For BlackBerry Security At Research In Motion (RIM) | Speaker: Mr. Adrian Davis, Senior Research Consultant, Information Security Forum (ISF) Mr Grega Vrhovec, Research Assistant, Information Security Forum (ISF) |
Sessions begin at 11:45 - 13:00 and are repeated in the afternoon at 15:15 - 16:30
As smartphones increase their features and capabilities, they are continuing to be compared with personal computers. However like PCs, they are also becoming more of a target for the creators of malicious software (malware). With the industry having talked about the threat of mobile malware for several years, the threat of malware’s potential impact on corporate assets and data gets ever closer. This session will look at the precautions organisations, large and small, can take to protect themselves from future attacks to ensure they stay full operational and secure. Join the ISF Research and Services Team for a highly interactive workshop Speaker: Mr. Mike K Brown, Director, Product Management for BlackBerry Security at Research In Motion (RIM)
Title: Protecting Against Mobile Malware Mayhem
Title: Cloud Computing
Title: Where Does Information Security Fit In The 21C Organisation?
session. Together we will identify the risks and threats from using cloud
computing in our organisations, examine the suitability of using
traditional approaches to securing our information, and finally identify
new ways to support the business in their use of these exciting new
technologies.
This session will focus on value generation and risk management and will link information security to risk management through a holistic approach to internal control.
Speaker: Mr. Adrian Davis, Senior Research Consultant, Information Security Forum (ISF)
Mr Grega Vrhovec, Research Assistant, Information Security Forum (ISF)Speaker: Mr. Adrian Davis, Senior Research Consultant, Information Security Forum (ISF)
Mr Grega Vrhovec, Research Assistant, Information Security Forum (ISF)
Threats and Mitigation
| Tuesday 28th April | Wednesday 29th April | Thursday 30th April |
| Session sponsored by
|
Session sponsored by
|
Session sponsored by
|
| Title: Vulnerability Management | Title: Delivering Risk-Based Evaluation & Enabling Real-Time Blocking Of Fraudulent Access Requests Whilst Increasing Organisational Functionality, Flexibility & Performance | Title: Laptop Security - Understanding The Threats & Countermeasures |
|
Vulnerability Management Solutions (VMS) integrates network vulnerability assessment with agent-based assessment and remediation in a single management console. Attend this café and identify how using VMS, you can effectively minimise your security risks by way of proactive discovery of IT assets and remediation of software and configuration vulnerabilities. |
Tackling identity is not an end in itself; it has a direct impact on an organisation’s risk profile and vulnerability. BT has established a specific concept of what identity means to the organisation and how it relates to their key security threats. Using a specific IAM strategy has addressed and created enhancements in fraud detection and reduction. This session will highlight what delivering risk-based evaluation, enabling real-time blocking of fraudulent access requests means, while increasing functionality, flexibility and performance across the organisation & how Oracle is helping to take BT to New Service Levels |
Laptops are lost and stolen all the time, often with disastrous repercussions in the press and for organisational reputation. This session will explore not only the right and wrong ways to protect data on laptops, but also how criminals can use stolen laptops to break into corporate networks. |
| Speaker: Mr. Alan Bentley, Vice President, Vulnerability Management, SBU, Lumension |
Speakers: Mr. Des Powley, Technology Director, Security & Identity Management, Oracle UK, Ireland and Israel |
Speaker: Mr. Peter Wood, Chair, white-hats.co.uk |
Sessions begin at 11:45 - 13:00 and are repeated in the afternoon at 15:00 - 16:00
|
Title: Risk & Compliance Management |
Title: Managing Identity To Create Trustworthy Government Services By Finding A Balance Between Service Delivery & Identity Protection | Title: Wireless Security - The Real State Of Play |
| You can ensure your security posture by proactively reporting against your policy and compliance management through continual audit readiness and patch and remediation. Gaps in compliance are quickly and easily identified while keeping the flexibility to manage large, heterogeneous environments with new and legacy systems. This café will help you identify and address these challenges. |
In today’s world, there is an ever-growing need for Government to drive forward collaborative services whilst enhancing communication with citizens, commercial organisations and institutions; thereby increasing the need to share identity data across commercial and national boundaries. However, this is at a time when peoples' trust in how the Government and public authorities handle their personal information is under intense scrutiny. We will explore preconceptions about how the Government develops trusted identity services, and considers the other options available to help minimise risk to both public authorities and private individuals. |
Despite the well-publicised weaknesses in wireless encryption, most home wireless networks still remain unprotected. Many organisations depend on their staff using home wireless connections for remote working without investigating the risks and potential impact on the business. This session will explore how criminals can exploit home wireless to attack businesses. |
| Speaker: Mr. Alan Bentley, Vice President, Vulnerability Management, SBU, Lumension, Mr Brandon Dunlap, IT-GRC Specialist, Brightfly | Speakers: Mr. Des Powley, Technology Director, Security & Identity Management, Oracle UK, Ireland and Israel Mr. Robert Temple, Director & Chief Architect, BT’s Security Platform |
Speaker: Mr. Peter Wood, Chair, white-hats.co.uk |
