SC World Congress by Chuck Miller

THE ONE IT SECURITY EVENT YOU NEED IS HERE

october 13-14, 2009 at the sheraton new York Hotel & Towers in new York City regIsTer BeFore aUgUsT 31 To saVe $500. go To sCWorLdCongress.CoM. Incomparable security education across four dedicated tracks Independent expert speakers with global perspectives a packed expo ďŹ&#x201A;oor showcasing the best information security tools opportunities to network with your peers and earn continuing education credits from (ISC)2 Free admission to exhibits, four riveting keynotes, and special sessions

Learn from leading experts and innovators including:

Robert Carr CEO, Heartland Payment Systems

Platinum sponsors

Gold sponsors

William kovacic commissioner, Federal Trade Commission

Silver sponsors

Howard Cox assistant deputy chief, U.S. Department of Justice

nancy Wilson senior director, enterprise information security, Time Warner Cable

Strategic partners

Sustaining media partners

LeTTer FroM THe edITor

sC WoRLD ConGRess

oct. 13-14, 2009 at the sheraton new York Hotel & Towers in new York

You won’t want to miss our event in October… Cybercriminals seem immune to the weak economic times that most organizations are grappling with today, lobbing their increasingly sophisticated and intense attacks at both private and public entities 24/7. Even as the economy limps on, it’s just not feasible to skimp on information security plans. You need cost-effective solutions and services to meet today’s cybersecurity challenges. You’ll get them at our second annual SC World Congress. When you join us this October, leading industry authorities will provide the guidance you need to hone your security processes, gain a better understanding of how the threat landscape is evolving and ensure you implement the most sound risk management plan possible. Over two days, not only will you cull the latest thinking from independent experts across four educational tracks, you’ll also participate in interactive keynote sessions, such as our first-ever mock jury trial, and learn about the newest solutions available in the market from young, up-and-coming vendors during our Security Innovators Throwdown competition. SC World Congress will equip you with the information you’ve been looking for to make a real difference to your business – even during the most trying economic climate. See you there.

editor-in-chief, SC Magazine

Final Version Pantone Colors

Supporting associations

ISSA

Questions? Email congressinfo@haymarketmedia.com or phone 877-418-4861. Outside the U.S., dial 410-418-4861.

Anish Bhimani

Dan Blum

managing director of risk and security management, JP Morgan Chase

senior vice president, principal analyst, The Burton Group

Bryan Cline

Dave Cullinane

Jerry Dixon

director of information services, risk management, Children’s Hospital of Philadelphia

CISO, eBay

director of analysis, Team Cymru

Stacey Halota

Will Jansen

Joe Jarzombek

vice president, information security and privacy, The Washington Post Co.

chief, systems and network analysis center, NSA

director software assurance, DHS

Paul Kurtz

Latif Ladid

Tom Meenan

James Nelms

executive director, SAFECode

founder and president, IPv6 Forum

vice president of IT risk and compliance, MetLife

CISO, The World Bank

Dr. Elizabeth Nichols

Steven Peltzman

Mark Pollitt

Kris Rowely

CTO, PlexLogic

CIO, The Museum of Modern Art

visiting professor, National Center for Forensic Science, University of Central Florida

CISO, state of Vermont

Marcus Sachs

Randolph Smith

Tim Stanley

Richard Steinnon

executive director for government affairs, national security policy, Verizon Communications

d’Information & des Réseaux

Observatoire de la Sécurité des Systèmes d’Information & des Réseaux

manager, information security, UPS

Dennis Brixius VP and CSO, The McGraw-Hill

CISO, Continental Airlines

Nancy Wilson

Amit Yoran

executive director, (ISC)2

senior director, enterprise information security, Time Warner Cable

CEO, NetWitness

Publications

Robert Carr CEO, Heartland Payment Systems

Companies

Hord Tipton

WITI PRIMARY LOGO-CMYK

des Systèmes

speakers

Stephen Fridakis chief, IT programs and quality assurance, UNICEF

William Kovacic commissioner, Federal Trade Commission

chief research analyst, IT-Harvest

Also speaking: Jerry Archer, Intuit; Ron Baklarz, Amtrak; Alan Boehme, ING; Jim Cupps, Liberty Mutual Investments; Robert Maley, Pennsylvania Office of Administration; Richard Marshall, NSA; Kimberly Kiefer Peretti, U.S. Dept. of Justice; and other experts.

agenda

DAY1

Track 1 Policy/management Within organizations, security fits a business function. Tasks associated with business management and policy-related guidelines take up a significant amount of attention for CISOs.

(For a full description for each session, visit www.scworldcongress.com. Schedule subject to change or revision.) Learning the language of your C-suite

Any CISO or security professional will tell you that open lines of communication with your organization’s senior executive team is critical.

8:30 a.m. – 9:20 a.m.

Security awareness debate

9:30 a.m. – 10:30 a.m.

Many say security awareness is a smart, inexpensive and effective way to educate general employees on safe computing. Others disagree.

10:30 a.m. – 10:45 a.m.

Coffee break

Compliance versus security

10:45 a.m. – 11:20 a.m.

A good security plan and vigilant security team means a compliant computing environment. But, compliance does not equal secure.

11:30 a.m. – 12:30 p.m.

Lunch

Keynote #1: The Heartland breach

12:40 p.m. – 1:40 p.m.

CEO Bob Carr will discuss what Heartland is doing to create a more secure method of processing electronic paymentsw.

1:45 p.m. – 3:15 p.m.

Innovation theater session commences and exhibition floor break Controlling mobile device use on the network

3:20 p.m. – 4:10 p.m. 1:45 p.m. – 7:00 p.m. Exhibition floor open

There is no organization that does not face mobile security challenges. The solution is a mixture of policy and technology.

Keynote #2: Your day in court

4:15 p.m. – 5:15 p.m.

You’ll get the facts and advice needed to find success in front of a judge and jury, with staff from the DoJ and other law enforcement.

5:15 p.m. – 7:00 p.m.

Exhibit floor: Opening day cocktail party

Publications (continued)

Portals

Questions? email congressinfo@haymarketmedia.com or phone 877-418-4861. outside the U.s., dial 410-418-4861.

Track 2 emerging threats/ risk planning Sessions in this track will focus on the risk planning and mitigation theme, as well as the latest emerging threats faced by organizations and the best practices implemented to thwart them.

supply chain security

Track 3 editor’s choice

Track 4 Technical

Sessions focus on extremely timely issues as seen through the eyes of Illena Armstrong, SC Magazine’s editor-in-chief. Hear from innovators in the security industry discussing cybercrime, breach PR best practices, and how to keep current.

A deeper dive for more technical security and IT professionals. Emphasis will be given on technical aspects of threats and vulnerabilities, as well as relevant solutions, as opposed to the more executive focused content in the other three tracks.

Data lifecycle management

pCi: A view from the Cio

From back doors on software coming out of From categorizing your content to destroying China to malware shipped on hardware, supply it, for security’s sake you need a plan. chain security continues to be a major issue.

global threat correlation and metrics

Reputational-based security and pre-zero-day threat awareness is a necessary tactic for all organizations.

agenda

Critical infrastructure protection

What are the key issues threatening our nation’s critical infrastructure and some of the tactics being used to thwart those threats?

What are the critical steps needed for your enterprise to be compliant and also secure?

know your enemy

Understand the lethal combinations of social engineering and hacking to look for.

security strategies in a down market economy

Forensics for court

ipv6: The next big bail-out.

What can the CISO do to more effectively manage their security programs?

How do you put very technical and important forensics findings in terms a judge and jury understand to assure the outcome you desire.

Monetization of a security risk plan

securing the cloud today and tomorrow

sCADA attack vectors revealed

Sometimes you need more than just a regular risk plan to convince your higher-ups of certain security mitigation needs.

T h e F i n a l Wo r d i n E n t e r p r i s e Computing and Networking

Cloud computing and the practice of using IT infrastructure as an on-demand service is transforming the internet and business itself.

This talk addresses the critical technology issues, benchmarking Europe versus Asia and the U.S. in terms of policy.

Hear from a group of pros helping protect our nation’s control systems in a variety of critical infrastructure categories.

agenda

DAY2

(For a full description for each session, visit www.scworldcongress.com. Schedule subject to change or revision.)

8:30 a.m. – 9:15 a.m.

Breakfast

9:15 a.m. – 10:00 a.m.

Innovation theater sessions commence

Web application security

While everyone focuses on the tech and budget items, many forget about the internal organizational buy-in issues.

10:00 a.m. – 10:35 a.m.

Keynote #3: Internet crime and the FTC

Internet-related crime continues to rise, but is being addressed by governing bodies like the FTC. Recent cases will be examined.

10:45 a.m. – 11:45 a.m.

Keeping secure in a down economy

12:00 p.m. – 1:00 p.m. 9:15 a.m. – 5:30 p.m. Exhibition floor open

1:00 p.m. – 2:30 p.m.

Profit and budgets are down, and much staff have been let go. But the good news is you can make it through with what you have.

Innovation theater sessions continue and exhibition floor break Building a trusted information supply chain

2:30 p.m. – 3:30 p.m.

3:40 p.m. – 4:15 p.m.

We have a critical need to invest in the technology and solutions that will best protect the systems and information on which we rely.

eDiscovery

Organizations need to decide what information to keep and for how long.

4:15 p.m. – 4:30 p.m.

Coffee break

4:30 p.m. – 5:30 p.m.

Keynote #4: Securing the pipes: What our ISPs are doing to protect us

Portals (continued) Professional Security Testers

Questions? Email congressinfo@haymarketmedia.com or phone 877-418-4861. Outside the U.S., dial 410-418-4861.

Track 2 Emerging threats/ risk planning

agenda

Track 3 Editor’s choice

Track 4 Technical

Sessions in this track will focus on the risk planning and mitigation theme, as well as the latest emerging threats faced by organizations and the best practices implemented to thwart them.

Latest threat

Software assurance

Tales from the front

Secure communications strategies in an always-on world

Endpoint virtualization

A well-known cyberwar correspondent reports on cyber preparedness in Europe post-Estonia.

From VoIP and wireless to 4G, communications represent a key to success.

The benefits, limitations, architectures and residual risks of the various virtualization approaches.

TBA

Future of health care information security TBA

There’s a new administration, and a new focus on health care – which, hopefully, means more useful regulation of the industry.

TBA

Inside the insider threat

Social media and your network

Beyond standardization

Always a high-level threat, the insider gone bad, or even the insider unknowingly doing wrong, is still a major concern.

Our concern for social networking focuses not only on your organization’s business plans, but what your people are doing with it.

By standardizing our IT response posture before trouble intrudes, we can decrease the time it takes to provide mitigation.

Newsletters

Registration

Join us

Register today for early bird rates. Two-day Conference Pass Before Aug. 31: $995 After Aug. 31: $1,495 One-day Conference Pass Before Aug. 31: $725 After Aug. 31: $1,099

Click on scworldcongress.com

Building on the success of last year’s inaugural event, SC World Congress 2009 will feature four timely keynote sessions, including a presentation by the CEO of a company that experienced the largest data breach on record; a mock trial of an electronic forensics-related computer crime case presented by the Department of Justice, Secret Service and others; identity theft, phishing and other very important issues that the FTC is focusing on; and talks by CISOs from four of the largest ISPs.

What’s new?

John F Kennedy Airport 50 minutes by taxi LaGuardia Airport 50 minutes by taxi Newark Airport 45 minutes by taxi Amtrak-Pennsylvania Station 8th Ave. and 31st Street

Newsletters (continued)

6t hA ve .

Br oa d

However you get there, get there

7t hA ve .

Our keynote session, “Your day in court: Turning legalize and security-ize into jury-ize,” will help attendees understand just how electronic evidence must be presented in court when they find their organizations marching off to trial. With the help of leading IT security experts from the Department of Justice and others, the session will arm delegates with the facts they need to find success in front of a judge and jury. Understanding the legalities of how critical data is accessed and what to do when it is illegally breached is crucial – especially when companies at some point are bound to see a day in court.

wa y

Mock jury trial

We are debuting the Security Innovators Throwdown competition to honor the brightest, recently launched information security companies. Competitors will get the chance to present their newly developed technologies or services before our expert judges. Judges will determine just which vendors have the best business plans and most robust tools that not only could garner interest from venture capitalists, but also possible investment from them. Those innovators ranked at the top will be featured in a special section of SC Magazine on the evolution of the information security market and their places in it.

8t hA ve .

Security Innovators Throwdown

54th St. 53rd St. 52nd St.

51st St. 50th St.

49th St.