Detroit SecureWorld

2014 Agenda
Exhibition Sessions
Conference Pass
SecureWorld Plus
Executive Track
View All

Day 1

  • 7:00am - 3:00pm9 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am9 Executive Advisory Board Breakfast: VIP / INVITE ONLY

    Executive Advisory Board Breakfast: VIP / INVITE ONLY

    3
  • 8:00am - 9:30am9 Secure World Plus: Planning and Designing a Corporate Information Security Program (SecureWorld Plus Registrants ONLY)

    This class is for SecureWorld Plus Registrants ONLY.
    This class will cover the essential elements for planning, designing, budgeting, implementing, maintaining and assessing a comprehensive information security program.
    A high-level course outline includes:
    1.Creating a Business Case
    2.Developing a Security Program
    •Step 1 - Establish program goals, objectives, critical success factors
    •Step 2 – Document security controls in controls books
    •Step 3 - Apply security controls to critical asset groups to create managed assets
    •Step 4 - Establish security program governance, budget, resources, operations, and implementation roadmap
    3.Documenting Security Controls in Controls Books
    4.Applying Controls to Protect Critical Assets
    5.Establishing a Program Governance Model and Security Operations Center
    6.Auditing / Assessing Security Program Deliverables
    7.Establishing an Information Security Exchange (ISX)

    The course is based on the University of Massachusetts Information Security Program, which was the ISE® North America Project Award Winner 2013 - Academic/Public Sector Category.

    An executive summary of the UMASS program: The University of Massachusetts Cyber-security initiative involves planning, designing, implementing and managing a University-wide technology-based program based on the SANS 20 Critical Security Controls (CSC). The main deliverables include IT asset management, software asset management, system and network configuration, malware defenses, vulnerability management, log management, security administration, data loss prevention, etc. The primary goal is to establish technology, implementation and security monitoring standards that are implemented and managed across all five campuses (Amherst, Boston, Dartmouth, Lowell, Worcester Medical School), UMASS On-line and the President’s Office. Successful implementation of this program ensures the University reduces the impact and exposure of a Cyber-security threat.

    2
    Larry Wilson
  • 8:00am - 9:30am9 SecureWorld Plus: Practical Application of Key Processes (SecureWorld Plus Registrants ONLY)

    Risk assessment, Business Impact Analysis (BIA) and Information Classification are the key processes that every organization needs to address. This 3-session class will quickly dispel the myth and that these need to be long and involved activities. The sessions will provide the attendees the tools required to complete a risk assessment, BIA and Information Classification using an industry-accepted standard process, in days not weeks.
    We will focus on ensuring that current laws and standards (CobiT, ITIL, NIST, OMB, FISCAM, FFIEC, ISO 27002, ISA (manufacturing) GLBA, HIPAA, SOX, PCI DSS) are being addressed and how to map them to the attendees’ specific organizational requirements.

    2
    Thomas R. Peltier
  • 8:00am - 9:30am9 SecureWorld Plus: Risk Management as a Second Language - Security Speak for the C-Suite (SecureWorld Plus Registrants ONLY)

    This class is for SecureWorld Plus Registrants ONLY.

    Ever wonder why your security initiatives seem to fall on deaf ears? Or why your CI(x)s eyes glaze over when talking about security? Join us in learning how to translate your security ideas into language that the C Suite will not only “get,” but will buy into. Learn the language they speak.

    2
    Brian O'Hara
  • 8:30am - 9:15am9 Balancing Performance & Security

    Demand for increased performance can make it hard to ensure your organization is protected. Learn how to navigate this balancing act.

    0
  • 8:30am - 9:15am9 Current Trends in Cyber Crime

    What to look for in 2014, including fraud and other socially engineered attacks.

    0
  • 8:30am - 9:15am9 We’re All in This Together: Turning Adversaries Into Allies

    How many people are on your Security team? The answer should be, “Everybody in the company!” With this session we will review some of the tools and techniques that allow you to engage the company at every level and turn them from adversaries into allies.

    1
    Robert Keefer
  • 9:00am - 3:00pm9 Exhibit Floor Open Please check back for presentation details.
    0
  • 9:30am - 10:15am9 OPENING KEYNOTE: The Evolving Cybersecurity Threat Matrix and Legal Landscape

    The Cybersecurity threats to US business continue to grow each day, the bad actors continue to attack, and the legal landscape is trying to keep pace. Ensuring that your company is not the victim of the next intrusion or data breach is now a critical part of your company’s business. Understanding the various Cybersecurity threats and trends from an information security, risk, legal and critical infrastructure perspective is crucial to successfully surmounting these challenges.

    0
    Christopher Pierson
  • 10:15am - 11:15am9 (ISC)2 Chapter Meeting

    This Meeting is open to (ISC)2 Members ONLY.

    0
  • 10:15am - 11:15am9 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm9 Executiive Roundtable: (INVITE ONLY)

    This Roundtable is Invite Only. 

    0
  • 11:15am - 12:00pm9 Effective Auditing

    Learn how to efficiently deal with security compliance and audit requirements.

    0
  • 11:15am - 12:00pm9 SecureWorld Expo IT Security Jeopardy

    Be a contestant and learn the facts that elude you! Challenge yourself against different security categories based upon America’s favorite quiz show. There is no grand prize trip, you won’t win money, but you will have a great time and gain knowledge during the presentation. The categories that will challenge you will range from encryption, regulatory guidelines, network security, cloud security, mobile security and much more.

    1
    Clark R. Crain
  • 11:15am - 12:00pm9 Selling Security to Management

    As trained and certified network and security professionals we are ready to implement solutions to solve the security problems of our organization. If only we could get management to listen to our advice.

    To begin becoming successful it will be important to understand what management really wants to accomplish. In this presentation we will examine the steps needed to ensure that you and the program you develop meet the expectations of management. To do this we will examine methods to be used to prepare to sell your message to management.

    1
    Thomas R. Peltier
  • 11:15am - 12:00pm9 Staying Secure Despite Limited Resources

    Does your company have limited resources dedicated to cyber security? In this session we will discuss best practices with a small security budget.

    0
  • 12:00pm - 1:15pm9 Executive Track - VIP / Invite Only

    Executive Track: Mobile Device Management; Mobile Devices in the Workplace - VIP / INVITE ONLY.

    3
  • 12:15pm - 1:00pm9 LUNCH KEYNOTE Please check back for presentation details.
    0
  • 1:15pm - 2:15pm9 Industry Expert Panel Please check back for presentation details.
    0
  • 1:15pm - 2:15pm9 Industry Expert Panel Please check back for presentation details.
    0
  • 2:15pm - 3:00pm9 Conference Dessert Break / Exhibitor Product Demonstrations Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm9 Are We Insane?

    The definition of insanity is doing the same thing over and over expecting different results. The information security industry has been doing the same thing (trying to keep bad guys out) over and over expecting different results. This session will explore why doing the same thing won’t work, and why we need a new paradigm to recover our sanity.

    1
    David Barton
  • 3:00pm - 3:45pm9 Roadmap for Success: 20 Critical Controls for Effective Cyber Defense

    Need to roadmap your security plan without a business impact analysis from 15 departments? Want to start on NIST 800-53 without first taking the full documentation plunge? Need to sort through the “fog of more” infosec solutions and tactics? This overview of the Controls and their implementation may be for you.

    1
    Ken Evans
  • 3:00pm - 4:30pm9 Secure World Plus: Planning and Designing a Corporate Information Security Program (SecureWorld Plus Registrants ONLY)

    This class is for SecureWorld Plus Registrants ONLY.
    This class will cover the essential elements for planning, designing, budgeting, implementing, maintaining and assessing a comprehensive information security program.
    A high-level course outline includes:
    1.Creating a Business Case
    2.Developing a Security Program
    •Step 1 - Establish program goals, objectives, critical success factors
    •Step 2 – Document security controls in controls books
    •Step 3 - Apply security controls to critical asset groups to create managed assets
    •Step 4 - Establish security program governance, budget, resources, operations, and implementation roadmap
    3.Documenting Security Controls in Controls Books
    4.Applying Controls to Protect Critical Assets
    5.Establishing a Program Governance Model and Security Operations Center
    6.Auditing / Assessing Security Program Deliverables
    7.Establishing an Information Security Exchange (ISX)

    The course is based on the University of Massachusetts Information Security Program, which was the ISE® North America Project Award Winner 2013 - Academic/Public Sector Category.

    An executive summary of the UMASS program: The University of Massachusetts Cyber-security initiative involves planning, designing, implementing and managing a University-wide technology-based program based on the SANS 20 Critical Security Controls (CSC). The main deliverables include IT asset management, software asset management, system and network configuration, malware defenses, vulnerability management, log management, security administration, data loss prevention, etc. The primary goal is to establish technology, implementation and security monitoring standards that are implemented and managed across all five campuses (Amherst, Boston, Dartmouth, Lowell, Worcester Medical School), UMASS On-line and the President’s Office. Successful implementation of this program ensures the University reduces the impact and exposure of a Cyber-security threat.

    2
    Larry Wilson
  • 3:00pm - 4:30pm9 SecureWorld Plus: Practical Application of Key Processes (SecureWorld Plus Registrants ONLY)

    Risk assessment, Business Impact Analysis (BIA) and Information Classification are the key processes that every organization needs to address. This 3-session class will quickly dispel the myth and that these need to be long and involved activities. The sessions will provide the attendees the tools required to complete a risk assessment, BIA and Information Classification using an industry-accepted standard process, in days not weeks.
    We will focus on ensuring that current laws and standards (CobiT, ITIL, NIST, OMB, FISCAM, FFIEC, ISO 27002, ISA (manufacturing) GLBA, HIPAA, SOX, PCI DSS) are being addressed and how to map them to the attendees’ specific organizational requirements.

    2
    Thomas R. Peltier
  • 3:00pm - 4:30pm9 SecureWorld Plus: Risk Management as a Second Language - Security Speak for the C-Suite (SecureWorld Plus Registrants ONLY)

    This class is for SecureWorld Plus Registrants ONLY.

    Ever wonder why your security initiatives seem to fall on deaf ears? Or why your CI(x)s eyes glaze over when talking about security? Join us in learning how to translate your security ideas into language that the C Suite will not only “get,” but will buy into. Learn the language they speak.

    2
    Brian O'Hara
  • 3:00pm - 3:45pm9 Securing Big Data

    Don’t let security be an afterthought for Big Data.

    0
  • 3:00pm - 3:45pm9 Security Challenges of the Internet of Things and Big Data

    The Internet of Things consists of a network of devices with embedded technology that communicates and interacts with other devices collecting massive amounts of data which makes up a large component of Big Data. This presentation will discuss the security challenges that the Internet of Things and Big Data presents.

    1
    Barbara L. Ciaramitaro
  • 3:00pm - 3:45pm9 Top 5 Threats to Your Company’s Online Security

    Review the top threats every business faces.

    0

Day 2

  • 7:00am - 3:00pm10 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am10 InfraGard Chapter Meeting

    This Meeting is for InfraGard members ONLY.

    0
  • 8:00am - 9:30am10 Secure World Plus: Planning and Designing a Corporate Information Security Program (SecureWorld Plus Registrants ONLY)

    This class is for SecureWorld Plus Registrants ONLY.
    This class will cover the essential elements for planning, designing, budgeting, implementing, maintaining and assessing a comprehensive information security program.
    A high-level course outline includes:
    1.Creating a Business Case
    2.Developing a Security Program
    •Step 1 - Establish program goals, objectives, critical success factors
    •Step 2 – Document security controls in controls books
    •Step 3 - Apply security controls to critical asset groups to create managed assets
    •Step 4 - Establish security program governance, budget, resources, operations, and implementation roadmap
    3.Documenting Security Controls in Controls Books
    4.Applying Controls to Protect Critical Assets
    5.Establishing a Program Governance Model and Security Operations Center
    6.Auditing / Assessing Security Program Deliverables
    7.Establishing an Information Security Exchange (ISX)

    The course is based on the University of Massachusetts Information Security Program, which was the ISE® North America Project Award Winner 2013 - Academic/Public Sector Category.

    An executive summary of the UMASS program: The University of Massachusetts Cyber-security initiative involves planning, designing, implementing and managing a University-wide technology-based program based on the SANS 20 Critical Security Controls (CSC). The main deliverables include IT asset management, software asset management, system and network configuration, malware defenses, vulnerability management, log management, security administration, data loss prevention, etc. The primary goal is to establish technology, implementation and security monitoring standards that are implemented and managed across all five campuses (Amherst, Boston, Dartmouth, Lowell, Worcester Medical School), UMASS On-line and the President’s Office. Successful implementation of this program ensures the University reduces the impact and exposure of a Cyber-security threat.

    2
    Larry Wilson
  • 8:00am - 9:30am10 SecureWorld Plus: Practical Application of Key Processes (SecureWorld Plus Registrants ONLY)

    Risk assessment, Business Impact Analysis (BIA) and Information Classification are the key processes that every organization needs to address. This 3-session class will quickly dispel the myth and that these need to be long and involved activities. The sessions will provide the attendees the tools required to complete a risk assessment, BIA and Information Classification using an industry-accepted standard process, in days not weeks.
    We will focus on ensuring that current laws and standards (CobiT, ITIL, NIST, OMB, FISCAM, FFIEC, ISO 27002, ISA (manufacturing) GLBA, HIPAA, SOX, PCI DSS) are being addressed and how to map them to the attendees’ specific organizational requirements.

    2
    Thomas R. Peltier
  • 8:00am - 9:30am10 SecureWorld Plus: Risk Management as a Second Language - Security Speak for the C-Suite (SecureWorld Plus Registrants ONLY)

    This class is for SecureWorld Plus Registrants ONLY.

    Ever wonder why your security initiatives seem to fall on deaf ears? Or why your CI(x)s eyes glaze over when talking about security? Join us in learning how to translate your security ideas into language that the C Suite will not only “get,” but will buy into. Learn the language they speak.

    2
    Brian O'Hara
  • 8:30am - 9:15am10 Business Impact Analysis on the Corporate R.A.D.A.R.

    We are pleased to release the first open source BIA workflow that is actionable and repeatable. This workflow has been developed to empower IT to make more informed investment decisions in anticipation of a business interruption. It’s compatible with existing Co-OP frame works such as COBIT, ISO 27000, PCI, and others.

    1
    Steven Aiello
  • 8:30am - 9:15am10 Learning from the big Hacks of the Past

    Review the top hacks from history, and discuss what we can all learn from them.

    0
  • 9:00am - 3:00pm10 Exhibit Floor Open Please check back for presentation details.
    0
  • 9:30am - 10:15am10 OPENING KEYNOTE Please check back for presentation details.
    0
  • 10:15am - 11:15am10 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm10 Executive Track - VIP / Invite Only Please check back for presentation details.
    0
  • 11:15am - 12:00pm10 Bit9: New World, New Realities: Endpoint Threat Detection, Response & Prevention for DUMMIES

    Traditional, signature-based endpoint protection solutions are ineffective against today’s advanced threats, including zero-day and targeted attacks, which don’t have known malware signatures. Advanced attackers do everything they can to evade detection. To combat them, enterprises need endpoint threat detection, response and prevention tools that will enable them to see and understand the full attack lifecycle. During this presentation you’ll learn:
    • Who’s a target and Why
    • Why traditional endpoint security solutions are failing to protect your environment from advanced threats
    • The definition of Endpoint Threat Detection & Response and foundational capabilities
    • What you can do right now to assess your endpoint security posture and reduce your organizations attack surface

    0
  • 11:15am - 12:00pm10 Mobile Devices in the Workplace – Defining the Ground Rules

    Mobile device security in the office requires compliance from the whole team. Learn how to create the necessary “how-to” memo.

    0
  • 11:15am - 12:00pm10 Reinventing Cybersecurity Training

    Your end-user can be your greatest security asset, or your greatest liability. Meanwhile, your technical staff need hands-on advanced skills. Equally important, every family needs to understand their role in Internet safety. Let’s explore cyber awareness from a variety of perspectives – what you need to know and how to get your message across to different audiences. This case study will examine what works and what doesn’t, when it comes to security awareness training, Michigan’s advanced Cyber Range offerings, and outreach efforts that make Michigan a national model for security training. You’ll learn how to provide interactive, engaging training that makes your end-user into a true security partner and have fun in the process.

    1
    Dan Lohrmann
  • 12:00pm - 1:15pm10 Executive Track - VIP / INVITE ONLY Please check back for presentation details.
    3
  • 12:00pm - 1:00pm10 ISSA Chapter Meeting

    This Meeting is for ISSA Members ONLY.

    0
  • 12:15pm - 1:00pm10 Lunch Keynote: Radware Please check back for presentation details.
    0
    Carl Herberger
  • 1:15pm - 2:15pm10 Industry Expert Panel Please check back for presentation details.
    0
  • 1:15pm - 2:15pm10 Industry Expert Panel Please check back for presentation details.
    0
  • 2:15pm - 3:00pm10 Conference Dessert Break / Exhibitor Product Demonstrations

    Located on the SecureWorld Exhibit floor.

    0
  • 2:30pm - 2:45pm10 Dash for Prizes

    Be sure to leave your business card* with any participating exhibitor. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm10 2014 – Cyber Security Litigation

    Understand how to navigate the laws associated with security breaches and privacy litigation.

    0
  • 3:00pm - 3:45pm10 Framework: The Difference Between Winning and Losing

    After decades of information security strategy, method, tech, daily breach reports, political hactivism, organized cybercrime, nationally supported cyberwarfare, etc. – why do we still struggle to make the case for a solid enterprise information security program? It all has to do with the “F-word” of security: Framework.

    1
    David Hawley
  • 3:00pm - 3:45pm10 Public and Private Cloud Applications

    This session will provide information on new types of technologies for end user organizations to address cloud security.

    0

Session Information

Description: