Detroit SecureWorld

2015 Agenda
Open Sessions
Conference Pass
SecureWorld Plus
VIP / Executive
View All

Day 1

  • 7:00am - 3:00pm16 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am16 Executive Advisory Board Breakfast: (VIP / INVITE ONLY)

    Executive Advisory Board Breakfast: VIP / INVITE ONLY

    3
  • 8:00am - 9:30am16 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    2
    Dan Lohrmann
  • 8:00am - 9:30am16 SecureWorld Plus: Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This 3-part course focuses on the essential requirements, design, implementation, operations, testing and management of a corporate cybersecurity program. The program is based on the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”), which was issued on February 12, 2014, as directed by President Obama in Executive Order 13636. The Executive Order calls for the development of a voluntary Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk.

    Lesson 1: The drivers, components and structure of a cybersecurity program
    Lesson 2: Designing a cybersecurity program
    Lesson 3: Building a cybersecurity program

    2
    Larry Wilson
  • 8:30am - 9:15am16 Scan Your Networks Safely & Automatically – For Free Please check back for presentation details.
    1
  • 8:30am - 9:15am16 The Problem with P@ssw0rd5: Improving Authentication Please check back for presentation details.
    1
  • 8:30am - 9:15am16 Understanding the Processes of Stolen Data Markets

    Data breaches have become commonplace, though research on the sale of data is in its infancy. This introductory, non-technical presentation will explore the economy and organizational composition of stolen data markets hosted on both the open web and Tor to aid CISOs, security directors and anyone interested in cybercrime markets.

    1
    Thomas J. Holt
  • 9:00am - 3:00pm16 Exhibit Floor Open

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    0
  • 9:30am - 10:15am16 OPENING KEYNOTE: Insanity – Cyberspace 3.0 is Coming Your Way

    Major disruption in cyberspace is happening at ridiculous speed and the bad actors are taking advantage of this. We must learn to act at market speed and think 10x innovation as work to develop solutions and approaches to mitigate risk in this dynamic, lightning speed environment. This discussion focuses on those disruptive changes, the challenges we face, and how we must shift our thinking and accelerate our pace.

    Room: Keynote Theater
    0
    James Beeson
  • 10:15am - 11:15am16 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm16 Executive Roundtable - (INVITE ONLY)

    VIP / INVITE ONLY

    3
  • 11:15am - 12:00pm16 Play IT Security Jeopardy Please check back for presentation details.
    1
  • 11:15am - 12:00pm16 Radware: War Stories from the Trenches – Information Security Survival

    Cyber-attacks are becoming increasingly complex and persistent, making it difficult for security professionals to protect their organizations as they head into the virtualized, IoT era. In this session, Radware will share real world experiences gathered by its Emergency Response Team and discuss how leading enterprises are using Radware’s integrated Attack Mitigation Systems to successfully defend against the latest generation of attacks.

    0
    Jeff Dolence
  • 11:15am - 12:00pm16 Selling Security to Management Please check back for presentation details.
    1
  • 12:00pm - 1:00pm16 Executive Roundtable - (VIP / Invite Only)

    Executive Track- VIP / INVITE ONLY
    Lunch Served at Noon

    3
  • 1:15pm - 2:15pm16 Industry Expert Panel: Security in a Mobile World

    There are a wide variety of mobile devices that employees carry to connect to networks around the city, the state, or even the world. Cyber security professionals need a proven way to enforce and extend enterprise data protection. Lack of security training and technology can now be your emergency. How do you safe guard your IT systems without impeding user productivity and efficiency? Ask our experts this question and more on this educational panel discussion.

     

    0
  • 1:15pm - 2:15pm16 Industry Expert Panel: The Emerging Threat Landscape

    The number of cyber security threats is growing every day forcing the need for thorough security assessment and analysis. Join industry leaders discussing emerging threats in the industry for the opportunity to learn what is next in the future of cyber security.

     

     

    0
  • 1:15pm - 2:00pm16 Stories of Malicious Code in Action Please check back for presentation details.
    0
  • 2:15pm - 3:00pm16 Conference Dessert Break / Exhibitor Product Demonstrations Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm16 20 Critical Controls for Effective Cyber Defense Please check back for presentation details.
    1
  • 3:00pm - 3:45pm16 Cyber Insurance: How to Investigate the Right Coverage for Your Company

    Practitioner’s view of how to evaluate your cyber insurance needs. How do you select an insurance broker? What to expect during the process of purchasing cyber insurance along with a set of questions to ask insurance brokers. Insight into the process of working with and meeting with an insurance broker.

    1
    Dr. Faith Heikkila
  • 3:00pm - 3:45pm16 Proactive Incident Management

    This presentation will introduce a framework to build a proactive incident management program that is supported by the four pillars of planning, preparing, practicing, and measuring. This framework has also been designed to be compliant with multiple standards, including PCI, ISO, NIST, NERC, and HIPPA.

    1
    Owen C. Creger
  • 3:00pm - 4:30pm16 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    2
    Dan Lohrmann
  • 3:00pm - 4:30pm16 SecureWorld Plus: Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This 3-part course focuses on the essential requirements, design, implementation, operations, testing and management of a corporate cybersecurity program. The program is based on the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”), which was issued on February 12, 2014, as directed by President Obama in Executive Order 13636. The Executive Order calls for the development of a voluntary Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk.

    Lesson 1: The drivers, components and structure of a cybersecurity program
    Lesson 2: Designing a cybersecurity program
    Lesson 3: Building a cybersecurity program

    2
    Larry Wilson
  • 3:00pm - 3:45pm16 Security Challenges of the Internet of Things and Big Data Please check back for presentation details.
    1
  • 3:00pm - 3:45pm16 That Contract Says What? Vendor Requirements, Contracting Pitfalls & Insurance

    Vendors play an ever increasing role in every organization. But, vendor mistakes can damage customer trust and increase litigation and enforcement risks for everyone. This session will discuss key components of technology contracts including privacy, security and other regulatory concerns, data ownership, risk shifting strategies, and purchasing data breach insurance.

    1
    Tatiana Melnik
  • 3:15pm - 6:00pm16 FishNet Security Happy Hour Please check back for presentation details.
    0

Day 2

  • 7:00am - 3:00pm17 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:30am17 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    2
    Dan Lohrmann
  • 8:00am - 9:30am17 SecureWorld Plus: Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This 3-part course focuses on the essential requirements, design, implementation, operations, testing and management of a corporate cybersecurity program. The program is based on the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”), which was issued on February 12, 2014, as directed by President Obama in Executive Order 13636. The Executive Order calls for the development of a voluntary Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk.

    Lesson 1: The drivers, components and structure of a cybersecurity program
    Lesson 2: Designing a cybersecurity program
    Lesson 3: Building a cybersecurity program

    2
    Larry Wilson
  • 8:30am - 9:15am17 Changing Culture: A Framework and Methodology

    Today’s security leaders are business leaders who manage culture. Culture separates security awareness from secure behaviors, and passive compliance from active engagement. In this session, we will discuss the Security Culture Framework (SCF) and present on its impact on awareness, vendor risk management, and Governance / Risk / Compliance (GRC).

    1
    J Wolfgang Goerlich
  • 8:30am - 9:15am17 Finding the Balance: Privacy, Security & Freedom in a Connected World Please check back for presentation details.
    1
  • 9:00am - 3:00pm17 Exhibit Floor Open Please check back for presentation details.
    0
  • 10:15am - 11:15am17 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm17 Executive Roundtable - (VIP / Invite Only)

    Executive Track - VIP/Invite Only

    3
  • 11:15am - 12:00pm17 Certes Network: Crypto Chaos - Why Hackers Love Fragmented Data Traffic Security

    Poor security of networked applications was a common issue in the wave of recent data breaches. A hodgepodge of VPNs, IPsec, VLANs, and SSL makes fully securing networked applications immensely complicated, forcing dangerous trade-offs between security and performance. But emerging best practices simplify data traffic security to reduce breach risks.

    0
    Satyam Tyagi
  • 11:15am - 12:00pm17 Cybersecurity Challenges and Practical Remedies in Healthcare Please check back for presentation details.
    1
  • 11:15am - 12:00pm17 Looking Ahead by Looking Back at Ten Years of Security Events Please check back for presentation details.
    1
  • 11:15am - 12:00pm17 NICE and the Critical Infrastructure Framework – What They Are and How They Work Together

    This session will present the basics of two important NIST Frameworks for cybersecurity, The NICE Workforce Framework (NICE) and the Critical Cybersecurity Infrastructure Framework (CSF). These two are meant to work together. What they are and how they can be used to create a secure organization will be presented and discussed.

    1
    Dan Shoemaker
  • 11:15am - 12:00pm17 Reinventing Cybersecurity Training Please check back for presentation details.
    1
  • 12:00pm - 1:00pm17 Executive Roundtable - (VIP / INVITE ONLY)

    Executive Track-VIP/Invite ONLY
    Lunch Served at Noon

    3
  • 1:15pm - 2:15pm17 Industry Expert Panel: Identifying Risk - Are You Vulnerable?

    Many security professionals are moving to a risk based approach to security. Companies must look at their current strategies and vulnerabilities to determine and prioritize the associated risks within the organization. Our panel will discuss best practices and give you some food for thought to help you identify risk within your company.

     

     

    0
  • 1:15pm - 2:15pm17 Industry Expert Panel: Incident Response-Are You Prepared?

    The current threat landscape is continually changing and security professionals are being tasked with keeping the company’s data safe. Inevitably it happens – someone lost their tablet or their smartphone was stolen at the local coffee shop, or the network was compromised. Organizations must move from the mindset of hoping the incident doesn’t happen to them to a mindset of what will our plan of action be when it does happen? The goal of an Incident Response program is to handle the issue in a way that limits the damage, reduces the recovery time and costs, and helps to mitigate the risk to their clients. Join our experts as they look at the challenges security teams are facing, tools and initiatives that are working for them, and guidance in creating a program that will work for your organization.

     

    0
  • 1:15pm - 2:00pm17 Intelligence Driven Security Please check back for presentation details.
    0
  • 2:15pm - 3:00pm17 Conference Dessert Break / Exhibitor Product Demonstrations

    Located on the SecureWorld Exhibit floor.

    0
  • 2:30pm - 2:45pm17 Dash for Prizes & CyberHunt

    Be sure to leave your business card* with any participating exhibitor. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm17 IOT – Challenges Within Automotive

    A new world of connected vehicles is on its way and its increasing reliance on interacting systems and connectivity is opening up new attack surfaces and a completely new area of consumer risk. The automotive industry faces increased challenges regarding safety, liability and privacy.

    1
    Martin Bally
  • 3:00pm - 3:45pm17 The National Framework for Cybersecurity Work Please check back for presentation details.
    1

Session Information

Description: