Detroit SecureWorld

2016 Agenda

June 1-2, 2016

October 27, 2016

March 29-30, 2016

February 11, 2016

September 8, 2016

September 27-28, 2016

October 5-6, 2016

September 14-15, 2016

May 11, 2016

May 4, 2016

April 20-21, 2016

June 9, 2016

November 9-10, 2016

October 18-19, 2016

Open Sessions
Conference Pass
SecureWorld Plus
VIP / Executive
View All

Day 1

  • 7:00am - 3:00pm14 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am14 Executive Advisory Board Breakfast: (VIP / INVITE ONLY)

    Executive Advisory Board Breakfast: VIP / INVITE ONLY

    3
  • 8:00am - 9:30am14 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    2
    Dan Lohrmann
  • 8:00am - 9:30am14 SecureWorld Plus: Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    2
    Larry Wilson
  • 8:30am - 9:15am14 10 Steps to Building an Effective Audit Program

    Every complete insider threat program contains these elements: policies, processes, technology controls, risk management and auditing/monitoring. If there’s a unifying message within all of the steps of an insider threat program, it’s that it is not about technology but rather about people and technology. 

    0
  • 8:30am - 9:15am14 Contracts: A Focus on Security & Related Clauses

    Security and privacy are major considerations when entering into technology agreements. Managing risks is key. IT Attorney Kathy Ossian will discuss security and related clauses in common technology agreements from both the tech provider and user perspectives.

     

    1
    Kathy Ossian
  • 8:30am - 9:15am14 Dude, Where's My Car?: The Increasing Hackability of the Vehicle

    As time passes, vehicles have become increasingly complex. This includes not only the mechanical apsects of the vehicles, but also the cyber/digital inter-relationships between the vehicular network, data flow, and endpoints. This presentation will explore the origins of this, present and projected future vulnerabilities, and issues with models.

    1
    Charles Parker, II
  • 8:30am - 9:15am14 Risk in the Age of the Empowered Consumer

    Consumer demands for increased control and visibility into how their information is used is challenging organizations with data-driven business models. This session outlines the steps companies can take to manage the risks emerging from this trend and realize the business opportunities of global commerce.

     

    1
    Steven F. Fox
  • 9:00am - 3:00pm14 Exhibit Floor Open

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    Room: SecureWorld Exhibit Floor
    0
  • 9:15am - 10:00am14 OPENING KEYNOTE: Please check back for presentation details.
    0
    Larry Ponemon
  • 10:15am - 11:15am14 Conference Break / Exhibitor Product Demonstration Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 11:00am - 12:00pm14 Executive Roundtable: (INVITE ONLY)

    VIP / INVITE ONLY

    Room: Executive Boardroom
    3
  • 11:15am - 12:00pm14 2016 Security Report and Moving to a Prevent Based Security Posture

    This presentation will cover typical cyber threats seen in commercial and government businesses today as well as provide tips and examples on how moving to a prevent based security posture can save your organization time and money.

    0
  • 11:15am - 12:00pm14 Establishing a Quality Vulnerability Management Program Without Wasting Time or Money

    This talk covers all the necessary pieces for creating a successful vulnerability management program. Selling the story to management, picking the best tool for your environment, evaluate the cost and advantages of in-house vs professional services, create a complete runbook, mistakes to avoid, do's and don'ts, tips, establish report templates and metrics. Running red team/blue team exercises to demonstrate efficiency.

    1
    Zee Abdelnabi
  • 11:15am - 12:00pm14 Protecting Payments with PCI

    Learn about new updates to the PCI Data Security Standard (PCI DSS),including SSL migration and how this impacts organizations’ security programs and planning. The presentation will also cover initiatives and resources from the PCI Council to protect emerging payment channels and growing risk areas, including e-commerce and mobile.

    1
    Troy Leach
  • 11:15am - 12:00pm14 Radware: Cyber War Chronicles Please check back for presentation details.
    0
    Ron Winward
  • 12:00pm - 1:00pm14 Executive Roundtable: (VIP / Invite Only)

    Executive Track- VIP / INVITE ONLY
    Lunch Served at Noon

    Room: Executive Boardroom
    3
  • 12:15pm - 1:00pm14 LUNCH KEYNOTE: Radware Please check back for presentation details.
    0
    Ben Desjardins
  • 1:15pm - 2:15pm14 Panel: Current Threatscape

    Cybersecurity threats change and evolve daily. In today’s world, knowing the latest tactics can make the difference in keeping your company safe. Join industry leaders as they discuss the latest threats, trends and ways to stay ahead of cyber-attacks.

    0
  • 1:15pm - 2:15pm14 Panel: Secure Your Data in Transit

    Data is the new gold, and it’s up to security professionals to protect our valuable information as it moves from data centers to employee devices and into third party networks. Join our experts to hear about the latest technology and policies that can help you manage these risks without affecting productivity. Bring your questions along for this educational panel discussion.

    Room: Keynote Theater
    0
  • 1:15pm - 2:00pm14 Your Bitcoins or Your Site

    The ongoing DDoS for Bitcoins (DD4BC) DDoS extortion campaign has targeted multiple organizations in North America, Europe, Australia and New Zealand. In this session, we will discuss the attack methodologies, evolution of the attack campaign, the nature of the attacker(s), and a discussion of DDoS mitigation techniques that have proven effective against these attacks.

    0
  • 2:15pm - 3:00pm14 Conference Dessert Break / Exhibitor Product Demonstrations Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm14 Cybersecurity: A New Paradigm

    The last few years we have seen a failure of traditional security techniques in preventing massive data breaches. What have we learned from these breaches and what can be done to improve the effectiveness of cybersecurity? This session will explore alternatives to current perimeter based security measures in order to reduce the new threats.

    1
    David Barton
  • 3:00pm - 3:45pm14 Panel: Locking Down the Endpoints

    In a bring-your-own-device (BYOD) world, our mobile workforce creates a whole new set of challenges when securing all access points. BYOD, while convenient, can make implementing and enforcing security policies next to impossible. Join our industry leaders as they discuss the latest technology, training and trends for securing all endpoints.

    0
  • 3:00pm - 4:30pm14 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    2
    Dan Lohrmann
  • 3:00pm - 4:30pm14 SecureWorld Plus: Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    2
    Larry Wilson
  • 3:00pm - 3:45pm14 You Don't Know Cyber Insurance

    It is a good time to be in cybersecurity and cyber liability. The insurance market is thriving with premiums expected to reach $7.5B over the next three years. The speaker will cover the evolving world of coverage and services being offered in today’s high risk business environment.

    1
    David Derigiotis
  • 3:00pm - 3:45pm14 You Want to Put What in the Cloud? Security Issues to Consider

    This presentation will provide the practitioner’s view of how to evaluate cloud security risks when your company wants to place data in the cloud, insight into the process of evaluating the cloud provider’s security posture, and insight into the process of working through the risks associated with placing Personally Identifiable Information (PII) in the cloud. We will also discuss the role of vendor reviews in managing cyber risk.

    1
    Dr. Faith Heikkila

Day 2

  • 7:00am - 3:00pm15 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am15 InfraGard Breakfast Meeting - Members Only

    InfraGard Chapter Meeting for members only
    Continental Breakfast Served

    3
  • 8:00am - 9:30am15 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    2
    Dan Lohrmann
  • 8:00am - 9:30am15 SecureWorld Plus: Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This course provides a detailed plan for designing and building a Cybersecurity Program based on the NIST Cybersecurity Framework and the 20 Critical Controls

    Lesson 1: Creating the Model (based on the NIST Cybersecurity Framework)
    A general review of today’s cyber-threat landscape, key business, technical, regulatory, workforce challenges, the overall risk environment, controls framework (NIST Cybersecurity Framework), controls standards and a recommended approach for designing and building a program based on a repeatable / open program concept (The Controls Factory Model).

    Lesson 2: Designing the Program (based on the 20 Critical Controls)
    A detailed review of the safeguards that organizations should use to mitigate advanced threats and protect their critical assets including an in depth analysis of the 20 critical controls. Each control will be discussed in detail including the control objective, control approach, consequences of not implementing the control, control system analysis (how the control works), control detailed design, control monitoring and testing requirements.

    Lesson 3: Building the Solution (based on Design, Build, Run and Test Guides)
    Technical solutions that can be used to protect a particular family of assets (endpoints, servers, networks, applications). Each technical solution will include a mapping to the critical controls and NIST Framework (design guide), a step by step approach for implementation (build guide), a set of operational capabilities for continuous monitoring and management (run guide) and a set of use cases that ensure that the controls are continually applied to the asset families (test guide).

    2
    Larry Wilson
  • 8:30am - 9:15am15 Governance, Risk and Compliance Technology

    Organizations have been making investments into Governance, Risk and Compliance (GRC) technology platforms to gain better efficiencies and better reporting of risks and controls. This session will discuss some of the more common problems associated with GRC technology platforms and address where the future of GRC may be heading.

    1
  • 8:30am - 9:15am15 Risk Management – What Went Wrong?

    The session will cover some practical examples of risk management and how to leverage risk management to help with cybersecurity risk and exploit schemes.

    1
  • 8:30am - 9:15am15 The Essential Elements of a Secure SDLC

    Data breaches are in the news daily. IT Auditors are asking questions the development team can't answer. The CIO is asking you for answers. What are you doing to educate your dev. teams, secure your applications and keep your company off the front page of tomorrow's Wall Street Journal? Join Cyber Security Specialist, Chris Sorensen, as he explores "The Essential Elements of a Secure SDLC."

    1
    Chris Sorensen
  • 9:00am - 3:00pm15 Exhibit Floor Open Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 10:15am - 11:15am15 Conference Break / Exhibitor Product Demonstration Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 11:00am - 12:00pm15 Executive Roundtable: (VIP / Invite Only)

    Executive Track - VIP/Invite Only

    Room: Executive Boardroom
    3
  • 11:15am - 12:00pm15 How to Implement the NIST Risk Management Framework in Your Organization

    The National Institute of Standards and Technology (NIST) Risk Management Framework is the key to establishing robust and reliable security control over an organization’s technology assets. This presentation will offer a step by step practical explanation of the framework and how to implement it in a conventional business.

    1
    Dan Shoemaker
  • 11:15am - 12:00pm15 Panel: Michigan's CyberPatriot Program

    "Homegrown Cyberwarriors-Panel" CyberPatriot a middle and high school cyber defense competition has been picked up by MCISSE. Since 2005, MCISSE has been promoting implementation of security courses in K-12, Community Colleges, Universities and governmental training across the Midwest. Our members are leading academic, governmental and industry researchers and practitioners that come together to share their ideas. Help us guarantee that we have a steady stream of young people entering the exciting field of Cyber Security!
    Panelists:
    • Gen. Michael Stone
    • Kristen Judge: Cybersecurity Education and Awareness, Program Management and Public Speaking
    • Marrci O'Conner: Henry Ford College
    Moderator: Tamara Shoemaker

    1
    Kristin Judge
  • 11:15am - 12:00pm15 Privacy and Security Law: Current Events

    A discussion on current events and case law that impact how we view data breach insurance and the potential damages for unauthorized disclosures of data.

    1
  • 11:15am - 12:00pm15 Why Hackers Love Fragmented Data Traffic Security

    Poor security of networked applications was a common issue in the wave of recent data breaches. A hodgepodge of VPNs, IPsec, VLANs, and SSL makes fully securing networked applications immensely complicated, forcing dangerous trade-offs between security and performance. But emerging best practices simplify data traffic security to reduce breach risks.

    0
  • 12:00pm - 1:00pm15 Executive Roundtable: (VIP / INVITE ONLY)

    Executive Track-VIP/Invite ONLY
    Lunch Served at Noon

    Room: Executive Boardroom
    3
  • 12:00pm - 1:00pm15 ISSA/(ISC)2 Chapter Meeting - Open to All Attendees

    Join the ISSA/(ISC)2 chapter meeting - Open to all attendees.

     

    0
  • 1:15pm - 2:15pm15 Panel: After the Hack

    According to a Duke University survey, more than 80% of U.S. companies have been successfully hacked. It’s more important than ever for companies to have an incident response program in place to reduce damages, recovery time and costs, in case of a security breach. Join our experts as they discuss challenges security teams face, tools and proven initiatives, and guidance in creating a program that will work for your organization.

    0
  • 1:15pm - 2:15pm15 Panel: You've Got Humans on Your Network

    By far, the biggest security threat facing companies is employees. Everything from weak expiration policies to zombie accounts can put your organization at risk. Education and awareness have never been more important. Join this panel of experts as they discuss the use of technology and smart policies to effectively educate and inform the humans.

    0
  • 2:15pm - 3:00pm15 Conference Dessert Break / Exhibitor Product Demonstrations

    Located on the SecureWorld Exhibit floor.

    Room: SecureWorld Exhibit Floor
    0
  • 2:30pm - 2:45pm15 Dash for Prizes & CyberHunt

    Be sure to leave your business card* with any participating exhibitor. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm15 Critical Security Controls and Business Context: Finding Your Way Through The Woods

    No matter which control set is used as a basis for your security program, choosing what to implement first can be overwhelming. This presentation explores the process of combining CIS Critical Security Controls and business context to optimize the organization’s time, effort, and budget while improving its security posture.

    1
    Jen Fox
  • 3:00pm - 3:45pm15 IOT – Challenges Within Automotive

    A new world of connected vehicles is on its way and its increasing reliance on interacting systems and connectivity is opening up new attack surfaces and a completely new area of consumer risk. The automotive industry faces increased challenges regarding safety, liability and privacy.

    1

Session Information

Description:
  • September 14-15, 2016