THE ONE IT SECURITY EVENT YOU NEED IS HERE
october 13-14, 2009 at the sheraton new York Hotel & Towers in new York City regIsTer BeFore aUgUsT 31 To saVe $500. go To sCWorLdCongress.CoM. Incomparable security education across four dedicated tracks Independent expert speakers with global perspectives a packed expo oor showcasing the best information security tools opportunities to network with your peers and earn continuing education credits from (ISC)2 Free admission to exhibits, four riveting keynotes, and special sessions
Learn from leading experts and innovators including:
Robert Carr CEO, Heartland Payment Systems
Platinum sponsors
Gold sponsors
William kovacic commissioner, Federal Trade Commission
Silver sponsors
Howard Cox assistant deputy chief, U.S. Department of Justice
nancy Wilson senior director, enterprise information security, Time Warner Cable
Strategic partners
Sustaining media partners
LeTTer FroM THe edITor
Register now and save: go to www.scworldcongress.com
sC WoRLD ConGRess
oct. 13-14, 2009 at the sheraton new York Hotel & Towers in new York
You won’t want to miss our event in October… Cybercriminals seem immune to the weak economic times that most organizations are grappling with today, lobbing their increasingly sophisticated and intense attacks at both private and public entities 24/7. Even as the economy limps on, it’s just not feasible to skimp on information security plans. You need cost-effective solutions and services to meet today’s cybersecurity challenges. You’ll get them at our second annual SC World Congress. When you join us this October, leading industry authorities will provide the guidance you need to hone your security processes, gain a better understanding of how the threat landscape is evolving and ensure you implement the most sound risk management plan possible. Over two days, not only will you cull the latest thinking from independent experts across four educational tracks, you’ll also participate in interactive keynote sessions, such as our first-ever mock jury trial, and learn about the newest solutions available in the market from young, up-and-coming vendors during our Security Innovators Throwdown competition. SC World Congress will equip you with the information you’ve been looking for to make a real difference to your business – even during the most trying economic climate. See you there.
editor-in-chief, SC Magazine
Final Version Pantone Colors
Supporting associations
ISSA
Questions? Email congressinfo@haymarketmedia.com or phone 877-418-4861. Outside the U.S., dial 410-418-4861.
Anish Bhimani
Dan Blum
managing director of risk and security management, JP Morgan Chase
senior vice president, principal analyst, The Burton Group
Bryan Cline
Dave Cullinane
Jerry Dixon
director of information services, risk management, Children’s Hospital of Philadelphia
CISO, eBay
director of analysis, Team Cymru
Stacey Halota
Will Jansen
Joe Jarzombek
vice president, information security and privacy, The Washington Post Co.
chief, systems and network analysis center, NSA
director software assurance, DHS
Paul Kurtz
Latif Ladid
Tom Meenan
James Nelms
executive director, SAFECode
founder and president, IPv6 Forum
vice president of IT risk and compliance, MetLife
CISO, The World Bank
Dr. Elizabeth Nichols
Steven Peltzman
Mark Pollitt
Kris Rowely
CTO, PlexLogic
CIO, The Museum of Modern Art
visiting professor, National Center for Forensic Science, University of Central Florida
CISO, state of Vermont
Marcus Sachs
Randolph Smith
Tim Stanley
Richard Steinnon
executive director for government affairs, national security policy, Verizon Communications
d’Information & des Réseaux
Observatoire de la Sécurité des Systèmes d’Information & des Réseaux
manager, information security, UPS
Dennis Brixius VP and CSO, The McGraw-Hill
CISO, Continental Airlines
Nancy Wilson
Amit Yoran
executive director, (ISC)2
senior director, enterprise information security, Time Warner Cable
CEO, NetWitness
Publications
Robert Carr CEO, Heartland Payment Systems
Companies
Hord Tipton
WITI PRIMARY LOGO-CMYK
des Systèmes
speakers
Stephen Fridakis chief, IT programs and quality assurance, UNICEF
William Kovacic commissioner, Federal Trade Commission
chief research analyst, IT-Harvest
Also speaking: Jerry Archer, Intuit; Ron Baklarz, Amtrak; Alan Boehme, ING; Jim Cupps, Liberty Mutual Investments; Robert Maley, Pennsylvania Office of Administration; Richard Marshall, NSA; Kimberly Kiefer Peretti, U.S. Dept. of Justice; and other experts.
agenda
Register now and save: go to www.scworldcongress.com
DAY1
Track 1 Policy/management Within organizations, security fits a business function. Tasks associated with business management and policy-related guidelines take up a significant amount of attention for CISOs.
(For a full description for each session, visit www.scworldcongress.com. Schedule subject to change or revision.) Learning the language of your C-suite
Any CISO or security professional will tell you that open lines of communication with your organization’s senior executive team is critical.
8:30 a.m. – 9:20 a.m.
Security awareness debate
9:30 a.m. – 10:30 a.m.
Many say security awareness is a smart, inexpensive and effective way to educate general employees on safe computing. Others disagree.
10:30 a.m. – 10:45 a.m.
Coffee break
Compliance versus security
10:45 a.m. – 11:20 a.m.
A good security plan and vigilant security team means a compliant computing environment. But, compliance does not equal secure.
11:30 a.m. – 12:30 p.m.
Lunch
Keynote #1: The Heartland breach
12:40 p.m. – 1:40 p.m.
CEO Bob Carr will discuss what Heartland is doing to create a more secure method of processing electronic paymentsw.
1:45 p.m. – 3:15 p.m.
Innovation theater session commences and exhibition floor break Controlling mobile device use on the network
3:20 p.m. – 4:10 p.m. 1:45 p.m. – 7:00 p.m. Exhibition floor open
There is no organization that does not face mobile security challenges. The solution is a mixture of policy and technology.
Keynote #2: Your day in court
4:15 p.m. – 5:15 p.m.
You’ll get the facts and advice needed to find success in front of a judge and jury, with staff from the DoJ and other law enforcement.
5:15 p.m. – 7:00 p.m.
Exhibit floor: Opening day cocktail party
Publications (continued)
Portals
Questions? email congressinfo@haymarketmedia.com or phone 877-418-4861. outside the U.s., dial 410-418-4861.
Track 2 emerging threats/ risk planning Sessions in this track will focus on the risk planning and mitigation theme, as well as the latest emerging threats faced by organizations and the best practices implemented to thwart them.
supply chain security
Track 3 editor’s choice
Track 4 Technical
Sessions focus on extremely timely issues as seen through the eyes of Illena Armstrong, SC Magazine’s editor-in-chief. Hear from innovators in the security industry discussing cybercrime, breach PR best practices, and how to keep current.
A deeper dive for more technical security and IT professionals. Emphasis will be given on technical aspects of threats and vulnerabilities, as well as relevant solutions, as opposed to the more executive focused content in the other three tracks.
Data lifecycle management
pCi: A view from the Cio
From back doors on software coming out of From categorizing your content to destroying China to malware shipped on hardware, supply it, for security’s sake you need a plan. chain security continues to be a major issue.
global threat correlation and metrics
Reputational-based security and pre-zero-day threat awareness is a necessary tactic for all organizations.
agenda
Critical infrastructure protection
What are the key issues threatening our nation’s critical infrastructure and some of the tactics being used to thwart those threats?
What are the critical steps needed for your enterprise to be compliant and also secure?
know your enemy
Understand the lethal combinations of social engineering and hacking to look for.
security strategies in a down market economy
Forensics for court
ipv6: The next big bail-out.
What can the CISO do to more effectively manage their security programs?
How do you put very technical and important forensics findings in terms a judge and jury understand to assure the outcome you desire.
Monetization of a security risk plan
securing the cloud today and tomorrow
sCADA attack vectors revealed
Sometimes you need more than just a regular risk plan to convince your higher-ups of certain security mitigation needs.
T h e F i n a l Wo r d i n E n t e r p r i s e Computing and Networking
Cloud computing and the practice of using IT infrastructure as an on-demand service is transforming the internet and business itself.
This talk addresses the critical technology issues, benchmarking Europe versus Asia and the U.S. in terms of policy.
Hear from a group of pros helping protect our nation’s control systems in a variety of critical infrastructure categories.
agenda
Register now and save: go to www.scworldcongress.com
DAY2
Track 1 Policy/management Within organizations, security fits a business function. Tasks associated with business management and policy-related guidelines take up a significant amount of attention for CISOs.
(For a full description for each session, visit www.scworldcongress.com. Schedule subject to change or revision.)
8:30 a.m. – 9:15 a.m.
Breakfast
9:15 a.m. – 10:00 a.m.
Innovation theater sessions commence
Web application security
While everyone focuses on the tech and budget items, many forget about the internal organizational buy-in issues.
10:00 a.m. – 10:35 a.m.
Keynote #3: Internet crime and the FTC
Internet-related crime continues to rise, but is being addressed by governing bodies like the FTC. Recent cases will be examined.
10:45 a.m. – 11:45 a.m.
Keeping secure in a down economy
12:00 p.m. – 1:00 p.m. 9:15 a.m. – 5:30 p.m. Exhibition floor open
1:00 p.m. – 2:30 p.m.
Profit and budgets are down, and much staff have been let go. But the good news is you can make it through with what you have.
Innovation theater sessions continue and exhibition floor break Building a trusted information supply chain
2:30 p.m. – 3:30 p.m.
3:40 p.m. – 4:15 p.m.
We have a critical need to invest in the technology and solutions that will best protect the systems and information on which we rely.
eDiscovery
Organizations need to decide what information to keep and for how long.
4:15 p.m. – 4:30 p.m.
Coffee break
4:30 p.m. – 5:30 p.m.
Keynote #4: Securing the pipes: What our ISPs are doing to protect us
Portals (continued) Professional Security Testers
Questions? Email congressinfo@haymarketmedia.com or phone 877-418-4861. Outside the U.S., dial 410-418-4861.
Track 2 Emerging threats/ risk planning
agenda
Track 3 Editor’s choice
Track 4 Technical
Sessions in this track will focus on the risk planning and mitigation theme, as well as the latest emerging threats faced by organizations and the best practices implemented to thwart them.
Sessions focus on extremely timely issues as seen through the eyes of Illena Armstrong, SC Magazine’s editor-in-chief. Hear from innovators in the security industry discussing cybercrime, breach PR best practices, and how to keep cur
A deeper dive for more technical security and IT professionals. Emphasis will be given on technical aspects of threats and vulnerabilities, as well as relevant solutions, as opposed to the more executive focused content in the other three tracks.
Latest threat
Software assurance
Tales from the front
Secure communications strategies in an always-on world
Endpoint virtualization
A well-known cyberwar correspondent reports on cyber preparedness in Europe post-Estonia.
From VoIP and wireless to 4G, communications represent a key to success.
The benefits, limitations, architectures and residual risks of the various virtualization approaches.
TBA
Future of health care information security TBA
There’s a new administration, and a new focus on health care – which, hopefully, means more useful regulation of the industry.
TBA
Inside the insider threat
Social media and your network
Beyond standardization
Always a high-level threat, the insider gone bad, or even the insider unknowingly doing wrong, is still a major concern.
Our concern for social networking focuses not only on your organization’s business plans, but what your people are doing with it.
By standardizing our IT response posture before trouble intrudes, we can decrease the time it takes to provide mitigation.
Newsletters
Registration
Join us
Register today for early bird rates. Two-day Conference Pass Before Aug. 31: $995 After Aug. 31: $1,495 One-day Conference Pass Before Aug. 31: $725 After Aug. 31: $1,099
Click on scworldcongress.com
Building on the success of last year’s inaugural event, SC World Congress 2009 will feature four timely keynote sessions, including a presentation by the CEO of a company that experienced the largest data breach on record; a mock trial of an electronic forensics-related computer crime case presented by the Department of Justice, Secret Service and others; identity theft, phishing and other very important issues that the FTC is focusing on; and talks by CISOs from four of the largest ISPs.
What’s new?
John F Kennedy Airport 50 minutes by taxi LaGuardia Airport 50 minutes by taxi Newark Airport 45 minutes by taxi Amtrak-Pennsylvania Station 8th Ave. and 31st Street
Newsletters (continued)
B
6t hA ve .
Br oa d
However you get there, get there
7t hA ve .
Our keynote session, “Your day in court: Turning legalize and security-ize into jury-ize,” will help attendees understand just how electronic evidence must be presented in court when they find their organizations marching off to trial. With the help of leading IT security experts from the Department of Justice and others, the session will arm delegates with the facts they need to find success in front of a judge and jury. Understanding the legalities of how critical data is accessed and what to do when it is illegally breached is crucial – especially when companies at some point are bound to see a day in court.
wa y
Mock jury trial
We are debuting the Security Innovators Throwdown competition to honor the brightest, recently launched information security companies. Competitors will get the chance to present their newly developed technologies or services before our expert judges. Judges will determine just which vendors have the best business plans and most robust tools that not only could garner interest from venture capitalists, but also possible investment from them. Those innovators ranked at the top will be featured in a special section of SC Magazine on the evolution of the information security market and their places in it.
8t hA ve .
Security Innovators Throwdown
54th St. 53rd St. 52nd St.
51st St. 50th St.
49th St.