SC World Congress New Brochure by Chuck Miller

The one IT security event you need is here

October 13-14, 2009 at the Sheraton New York Hotel & Towers in New York City Register before Sept. 18 to save $500. Go to scworldcongress.com. Incomparable security education across four dedicated tracks Independent expert speakers with global perspectives A packed expo floor showcasing the best information security tools Opportunities to network with your peers and earn 15 continuing education credits from (ISC)2 Free admission to exhibits, four riveting keynotes, and special sessions

Learn from leading experts and innovators, including:

Robert Carr CEO, Heartland Payment Systems

Platinum sponsors

Gold sponsors

William Kovacic commissioner, Federal Trade Commission

Silver sponsors

Howard Cox assistant deputy chief, U.S. Dept. of Justice

Nancy Wilson senior director, enterprise information security, Time Warner Cable Strategic partners

Sustaining media partners

letter from the editor

SC World Congress

Oct. 13-14, 2009 at the Sheraton New York Hotel & Towers in New York

You won’t want to miss our event in October… Cybercriminals seem immune to the weak economic times that most organizations are grappling with today, lobbing their increasingly sophisticated and intense attacks at both private and public entities 24/7. Even as the economy limps on, it’s just not feasible to skimp on information security plans. You need cost-effective solutions and services to meet today’s cybersecurity challenges. You’ll get them at our second annual SC World Congress. When you join us this October, leading industry authorities will provide the guidance you need to hone your security processes, gain a better understanding of how the threat landscape is evolving and ensure you implement the most sound risk management plan possible. Over two days, not only will you cull the latest thinking from independent experts across four educational tracks, you’ll also participate in interactive keynote sessions, such as our first-ever mock jury trial, and learn about the newest solutions available in the market from young, up-and-coming vendors during our Security Innovators Throwdown competition. SC World Congress will equip you with the information you’ve been looking for to make a real difference to your business – even during the

editor-in-chief, SC Magazine

Final Version Pantone Colors

Supporting associations

ISSA

Questions? Email congressinfo@haymarketmedia.com or phone 877-418-4861. Outside the U.S., dial 410-418-4861.

Anish Bhimani

Dan Blum

managing director of risk and security management, JP Morgan Chase

senior vice president, principal analyst, The Burton Group

Dave Cullinane

Jerry Dixon

CISO, eBay

director of analysis, Team Cymru

d’Information & des Réseaux

VP and CSO, The McGraw-Hill Companies

Stephen Fridakis

Bryan Cline director of information services, risk management, Children’s Hospital of Philadelphia

Stacey Halota

chief, IT programs and quality assurance, UNICEF

vice president, information security and privacy, The Washington Post Co.

Kris Herrin

Will Jansen

Joe Jarzombek

assistant director, FBI Cyber Division

CSO, Heartland Payment Systems

chief, systems and network analysis center, NSA

director software assurance, DHS

Wolfgang Kandek

Paul Kurtz

Latif Ladid

James Nelms

CTO, Qualys

executive director, SAFECode

founder and president, IPv6 Forum

CISO, The World Bank

Dr. Elizabeth Nichols

Steven Peltzman

Kimberly Peretti

Mark Pollitt

CTO, PlexLogic

CIO, The Museum of Modern Art

senior counsel, computer crime and intellectual property section, U.S. Department of Justice

visiting professor, National Center for Forensic Science, Univ. of Central Florida

Kris Rowely

Marcus Sachs executive director for government affairs, national security policy, Verizon Communications

Randolph Smith

Tim Stanley

CISO, state of Vermont

Richard Steinnon

Hord Tipton

Amit Yoran

executive director, (ISC)2

CEO, NetWitness

WITI PRIMARY LOGO-CMYK

Observatoire de la Sécurité des Systèmes d’Information & des Réseaux

Dennis Brixius

Shawn Henry

chief research analyst, IT-Harvest

des Systèmes

speakers

Publications

manager, information security, UPS

CISO, Continental Airlines

Also speaking: Jerry Archer, Intuit; Ron Baklarz, Amtrak; Alan Boehme, ING; Jim Cupps, Liberty Mutual Investments; Robert Maley, Pennsylvania Office of Administration; Richard Marshall, NSA; and other experts.

agenda

DAY1

Track 1 Policy/management Within organizations, security fits a business function. This track helps security pros prioritize, better understand and provide guidance around important topics, such as PCI, DRM, security awareness and privacy.

(For a full description for each session, visit www.scworldcongress.com. Schedule subject to change or revision.) Learning the language of your C-suite

Communication is ever so important in business. Open lines of communication with your organization’s senior executive team is critical.

8:30 a.m. – 9:20 a.m.

Security awareness debate

9:30 a.m. – 10:20 a.m.

Security awareness is a smart, inexpensive and effective way to educate general employees on safe computing.

10:20 a.m. – 10:35 a.m.

Coffee break

Securing the consumer endpoints

10:35 a.m. – 11:25 a.m.

How have banks and ISPs in the Nordic countries changed their mentality in regards to securing the endpoints of their customers.

11:25 a.m. – 12:25 p.m.

Lunch

Keynote #1: The Heartland breach

12:35 p.m. – 1:35 p.m.

Chairman and CEO Bob Carr will discuss what Heartland is doing to create a more secure method of processing electronic payments.

1:35 p.m. – 2:50 p.m.

Innovation theater session commences and exhibition floor break Controlling mobile device usage on the network

2:50 p.m. – 3:40 p.m. 1:45 p.m. – 7:00 p.m. Exhibition floor open

There is no organization that does not face this challenge. The solution is a mixture of policy and technology.

Keynote #2: Your day in court

3:50 p.m. – 5:15 p.m.

What you need to find success in front of a judge. The audience will participate in a mock trial with real DoJ prosecutors and lawyers.

5:15 p.m. – 7:00 p.m.

Exhibit floor: Opening day cocktail party

Publications (continued)

Portals

Questions? Email congressinfo@haymarketmedia.com or phone 877-418-4861. Outside the U.S., dial +01.410.418.4861.

Track 2 Emerging threats/ risk planning

agenda

Track 3 Editor’s choice

Track 4 Technical

Emerging threats and risk planning go hand in hand, as you can’t map out your business risk without a firm understanding of the wide variety of threats faced by your organization.

Every security line of business needs to be flexible. The Editor’s Choice track addresses change with sessions focusing on extremely timely issues as seen through the eyes of SC Magazine’s Editor-in-Chief Illena Armstrong.

This track offers a deeper dive for the more technical of security and IT professionals at the conference. More emphasis will be given on technical aspects of threats and vulnerabilities, as well as relevant solutions.

Supply chain security

Data lifecycle management

PCI success: technology or culture challenge?

Global threat correlation and metrics

Public-private sector security partnership revisited New administration, new depart-

Technologies and strategies used to secure the U.S. Air Force A leading Air Force cyber-

Security strategies in down market economy

Forensics for court

IPv6: The next big bail-out

Monetization of a security risk plan

Securing the cloud today and tomorrow

SCADA attack vectors revealed

Supply chain security continues to be a major issue increasing risk for the enterprise. What are some best practices to mitigate this risk?

Reputational-based security and pre-zero-day threat awareness is a necessary tactic for all organizations.

What can CISOs do to effectively manage their security programs? How can security teams better leverage their resources?

Sometimes you need more then just a regular risk plan to convince your higher-ups of certain security mitigation needs.

T h e F i n a l Wo r d i n E n t e r p r i s e Computing and Networking

Organizations amass content related to their businesses. From categorizing your content to destroying it, you need a security plan.

ments, new leaders. How do we maximize the visibility cybersecurity is finally getting?

The jury and judge are not forensics experts. So how do you put important findings in their terms to assure the outcome you desire.

Cloud computing and the practice of using IT infrastructure as an on-demand service is transforming the internet and business itself.

What’s more difficult for many IT departments: Passing a test or raising awareness of PCI and getting the proper funding?

security pro discusses what technologies and techniques are used to protect USAF networks.

This talk addresses the critical technology issues, benchmarking Europe versus Asia and the United States in terms of policy.

Hear from a group of pros in the trenches helping protect our nation’s control systems in a variety of critical infrastructure categories.

agenda

DAY2

(For a full description for each session, visit www.scworldcongress.com. Schedule subject to change or revision.)

8:30 a.m. – 9:20 a.m.

Breakfast

9:20 a.m. – 10:00 a.m.

Exhibition floor open and Innovation theater sessions commence Web application security

While everyone focuses on the technology and budget items, many forget about the internal organizational buy-in issues.

10:00 a.m. – 10:50 a.m.

Keynote #3: Internet crime and the FTC

How internet-related crime is being addressed by governing bodies, such as the Federal Trade Commission – with recent examples.

10:55 a.m. – 11:55 a.m.

Keeping secure in a down economy

12:00 p.m. – 12:50 p.m. 9:20 a.m. – 4:00 p.m. Exhibition floor open

12:50 p.m. – 2:05 p.m.

Profit and budgets are down, and much staff have been let go. Hear some best practices in making it through with what you have.

Innovation theater sessions continue and exhibition floor break Building a trusted information supply chain

2:05 p.m. – 2:55 p.m.

The administration views cybersecurity as a priority, and the nation has a critical need to invest in technology and solutions.

Compliance versus security

3:00 p.m. – 3:50 p.m.

A good security plan and vigilant security team means a compliant computing environment. However the opposite is less then true.

3:50 p.m. – 4:00 p.m.

Coffee break

4:00 p.m. – 5:00 p.m.

Keynote #4: Securing the pipes

What our ISPs are doing to protect us.

Portals (continued) Professional Security Testers

Questions? Email congressinfo@haymarketmedia.com or phone 877-418-4861. Outside the U.S., dial +01.410.418.4861.

Track 2 Emerging threats/ risk planning

agenda

Track 3 Editor’s choice

Track 4 Technical

Emerging threats and risk planning go hand in hand, as you can’t map out your business risk without a firm understanding of the wide variety of threats faced by your organization.

Infrastructure control

Software assurance

Endpoint virtualization

Tales from the front

Critical infrastructure protection

Top 10 hacks

Dissecting PCI DSS

Future of health care information security

Latest threat trends and defenses

Inside the insider threat

Social media and your network

Beyond standardization

It’s vital to secure your heterogeneous networks with comprehensive NAC and enforce compliance on all your devices in real time.

Richard Stiennon offers his observations on U.S. cyber preparedness and contrasts it with the cyber defense agencies in Eastern Europe.

PCI DSS occupies a special place among the standards that security officers have to comply with nowadays.

The insider gone bad, or even the insider unknowingly doing wrong, is still a major concern amplified by the recession.

Members of the Software Assurance Forum discuss the relevance of software security assurance in reducing risk exposure.

The key issues threatening our nation’s critical infrastructure, the tactics used to thwart those threats, and how you can help the cause.

New administration, new focus on health care, and hopefully, new, more useful regulation – given the lack of success of HIPAA.

What are your employees doing with social networking on your networks and how can you deal with that.

This session will analyze the benefits, limitations and residual risks of the various presentation virtualization approaches.

The top 10 vulnerabilities, as well as some of the prevalent security issues emerging. Attendees will learn real-world solutions.

The most problematic, current cyber threats to enterprises, as well as advice and best practice strategies to defend against them.

By standardizing our IT response posture, we can decrease the time it takes to react, share information and provide mitigation.

Newsletters

Join us

Click on scworldcongress.com

Two-day Conference Pass Before Sept. 18: $995 After Sept. 18: $1,495 One-day Conference Pass Before Sept. 18: $725 After Sept. 18: $1,099

Whatâ&#x20AC;&#x2122;s new?

Security Innovators Throwdown

Mock jury trial

We are debuting this competition to honor the brightest, recently launched information security companies. Competitors will get the chance to present their newly developed technologies or services before our expert judges. Judges will determine just which vendors have the best business plans and most robust tools that not only could garner interest from venture capitalists, but also possible investment from them.

With the help of leading IT security experts from the Department of Justice and others, the keynote session, â&#x20AC;&#x153;Your day in court: Turning legalize and security-ize into jury-ize,â&#x20AC;? will arm delegates with the facts they need to find success in front of a judge and jury. Understanding the legalities of how critical data is accessed and what to do when it is illegally breached is crucial these days.

Newsletters (continued)