Detroit SecureWorld

2014 Agenda
Exhibition Sessions
Conference Pass
SecureWorld Plus
Executive Track
View All

Day 1

  • 7:00am - 3:00pm16 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am16 Executive Advisory Board Breakfast: VIP / INVITE ONLY.

    Executive Advisory Board Breakfast: VIP / INVITE ONLY.

    Room: Lookout
    3
  • 8:00am - 9:30am16 SecureWorld Plus: Completing Risk Assessments Quickly (days not weeks)

    Risk assessment is viewed by many organizations as a long and complicated process. This class will quickly dispel that myth and provide the attendees the tools required to complete a quality risk assessment, using an industry standard process, in days not weeks.

    We examine the components of the risk assessment process and how it can be used within each organization. We examine currently used threat list and how they can be used to speed up the process while still maintain quality results. We examine examples of threat lists and discuss how these can be altered to meet the attendee’s specific needs.

    We then examine various control lists that address the issues that are presented to the organization daily. We focus on current laws and standards (CobiT, ITIL, NIST, OMB, FISCAM, FFIEC, ISO 27002, ISA (manufacturing) GLBA, HIPAA, SOX, PCI DSS) and map them to the attendees’ organizational requirements.

    At the end of this session, the attendees will take with them an understanding of the risk assessment process, the tools they need to perform the task at their own organization, examples of threat lists, sample control lists, a management summary letter template and a completed risk assessment action plan.

    Course Completion

    Upon the completion of our Risk Assessment course, students will have:

    The knowledge to design, manage and oversee an organization’s risk management process

    Knowledge of the key elements to complete risk assessment projects in five days or less through the use of the Facilitated Risk Analysis and Assessment Process (FRAAP):

    • Risk Management basics
    • Project Impact Analysis: the due diligence portion of project management
    • Risk Assessment: Documentation of how management meets it’s fiduciary
    • Risk mitigation: Using key concepts to reduce identified risk to an acceptable level
    • Compliance checking and vulnerability assessment

    The required knowledge and ability to provide effective risk management and consulting for their organization

    Course Benefits

    The Risk Assessment course offers students outstanding benefits, including:

    • Demystification of the risk assessment process
    • Tools needed to complete risk assessments
    • A case study to test the process
    • Sample management summary reports

     

    Room: 106
    2
    Thomas R. Peltier
  • 8:30am - 9:15am16 A Process and Tool for Ensuring Security of the ICT Supply Chain

    This session reports a DoD project outcome to enhance supply chain risk management (SCRM). The presentation offers a defined process and tools for determining trustworthiness of suppliers in an information and communications technology supply chain. A customer can build trusted supplier chains of any degree of complexity using this approach.

    Room: Suite 3
    0
    Dan Shoemaker
  • 8:30am - 9:15am16 Compliance Convergence

    Technology and security providers along with other service organizations are being bombarded with compliance demands from all quarters, including PCI, HIPAA, Fedramp, ISO, and certainly by customers asking for SSAE 16 and/or SOC 2 audits. Given all the demands, how are smart companies coping? This session will provide some insight into how some innovative companies have been working with their audit and compliance firms to “normalize” the compliance process and reduce the impact of all these differing compliance standards. If you want to maximize your compliance and minimize your professional fees, you should attend this session.

    Room: 103
    1
    David Barton
  • 8:30am - 9:15am16 Roadmap to Success: 20 Critical Security Controls

    Overwhelmed by great information but confused on what your next steps should be? Struggling to climb the NIST 800-53 or ISO 27000 mountain? The 20 Critical Security Controls are driven by actual, not theoretical threats, drawn from the consensus experience of several government agencies and some of the top infosec companies.

    Room: 101
    1
    Ken Evans
  • 8:30am - 9:15am16 Vendor Oversight: How to Perform a Vendor Security Due Diligence Review

    Vendors are an important part of any business, but there are inherent risks to assess and mitigate.  How do you evaluate the viability, security, and disaster recovery capabilities of a vendor?  Effective due diligence practices that assess, mitigate, or accept the risks associated with third party vendors will be discussed.

    Room: Theater
    1
    Dr. Faith Heikkila
  • 8:30am - 9:15am16 Watchdox: How To Plug Data Leaks With Secure File Sharing

    76% of organizations send traffic via Dropbox, putting their business at risk. Many solutions have emerged recently purporting to facilitate secure access and sharing of data, but few live up to that promise. Join WatchDox as we review different approaches to securely sharing enterprise data, such as mobile device management (MDM), virtual desktop and enterprise file sharing and sync (EFSS).

    Room: 105
    0
    Adi Ruppin
  • 9:00am - 3:00pm16 Exhibit Floor Open Please check back for presentation details.
    0
  • 10:15am - 11:15am16 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm16 Executive Track Roundtable: Emerging Threats-What is Keeping You Up at Night? (INVITE ONLY)

    This Roundtable is Invite Only. 

    Room: Executive Boardroom
    0
  • 11:15am - 12:00pm16 Information Security Awareness

    Using examples of from her experience with GE Capital, Ms. Esch will outline steps for information security awareness. Working with external parties like SANS, as well as internal resources, to develop cross-business awareness programs. Utilizing a unified front toward connecting with your end users and developing programs from the ground up. Discussing where you can be in 3-5 years based on an internally-modified version of the SANS Maturity Model.

    Room: Theatre
    0
    Jenifer Esch
  • 11:15am - 12:00pm16 Managing the Legal Risks of Mobile Apps

    Does your mobile app address security and user privacy?  This presentation explores the regulatory landscape and gaps, industry guidelines and best practices in the ever-changing mobile app environment. 

    Room: 101
    1
    Kathy Ossian
  • 11:15am - 12:00pm16 Mobile Security: Threats, Vulnerabilities, & Exposure Next Level of Security Management

    Mobile technology devices create a security challenge that every professional needs to know in order to protect data. The impact of the mobile environment as it relates to mobile security has security professionals back to the drawing board handling protection of data tactics on these devices. Understand threats, vulnerabilities and exposure areas for a mobile environment in order to respond in the corporate environment. We will focus on BYOD, Mobile Device Management, mobile policies, standards, applications and digital forensics. Discover the fundamentals of mobile and the need for security on mobile devices to ensure a comprehensive security program that further mitigates mobile risk exposure. Investigate the potential attacks, defense options and continuous need to respond to the ever-changing management of mobile devices. Do you have adequate protection to combat mobile challenges? Don’t miss this opportunity to be prepared!

    Room: Suite 3
    1
    Duane G. Hopkins
  • 11:15am - 12:00pm16 Network Critical: Compliance Oriented Network Architecture (CONA)

    Best practice reference architecture for building automation into compliance and security network architectures using tap and aggregation platforms as the foundation for an automated tool chain.

    Room: 105
    0
    Robert Lamb
  • 12:00pm - 1:15pm16 Executive Track: Mobile Device Management; Mobile Devices in the Workplace - VIP / Invite Only

    Executive Track: Mobile Device Management; Mobile Devices in the Workplace - VIP / INVITE ONLY.

    Room: Executive Boardroom
    3
  • 12:15pm - 1:00pm16 LUNCH KEYNOTE: Driving Efficiency and Cost Savings in your Security Program

    Today's economic climate has driven organizations of all sizes to do more with less and focus on maximizing shareholder value. Staff budgets are under scrutiny and IT security teams must deliver clear metrics proving the effectiveness of their spend. This is complicated by a constantly evolving threat landscape that requires more vigilance than ever... but more vigilance doesn't always equal more spend! Fortunately, innovation within the security community is thriving and we have endless tools and techniques to drawn from as we combat the threat. Many firms have deployed these tools over the years to improve their security posture, but most are not deployed, managed or monitored properly. This leads to inefficient use of the organizations hard-earned IT security budget, and a greater need to show the value of every dollar spent. This presentation will outline a pragmatic approach to improving efficiency in your security program. We will walk through a litmus test that can be applied to new security initiatives and a review process for systems already deployed.

    Room: Keynote Theater
    0
    Aaron Shilts
  • 1:15pm - 2:00pm16 Check Point Software Technologies: Modern Day Attacks & A Silent Security

    The presentation outlines major world events and new attack techniques that have been dissected or silently monitored in order to understand current and future attack vectors and better defend against them.

    Room: 105
    0
    Kierk Sanderlin
  • 1:15pm - 2:15pm16 Industry Expert Panel: Governance, Risk and Compliance

    How can your current governance strategy align with your current company culture? This panel discussion will address the current and upcoming GRC regulations and laws and discuss how to implement them into your company’s organizational structure in order to achieve compliance while still maintaining a secure environment.

    Room: Keynote Theater
    0
  • 1:15pm - 2:15pm16 Industry Expert Panel: Network Security

    Network Security is defined as, “the protection of a computer network and its services from unauthorized modification, destruction or disclosure”. Cyber security professionals are tasked with keeping up with new threats to the network while maintaining efficient workflow and access to information. This panel discussion aims to explore current issues being raised in the area of Network Security and solutions available to make the network more secure.

     

     

     

    Room: Suite 3
    0
  • 2:15pm - 3:00pm16 Conference Dessert Break / Exhibitor Product Demonstrations Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 4:30pm16 Movie Premiere: CODE 2600

    CODE 2600 documents the rise of the Information Technology Age as told through the events and people who helped build and manipulate it. The film explores the impact this new connectivity has on our ability to remain human while maintaining our personal privacy and security. As we struggle to comprehend the wide-spanning socio-technical fallout caused by data collection and social networks, our modern culture is caught in an undercurrent of cyber-attacks, identity theft and privacy invasion. Both enlightening and disturbing, CODE 2600 is a provocativ. wake-up call for a society caught in the grips of a global technology takeover. View the official movie trailer here

    Room: Keynote Theater
    0

Day 2

  • 7:00am - 3:00pm17 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:30am17 SecureWorld Plus: Completing Risk Assessments Quickly (days not weeks)

    Risk assessment is viewed by many organizations as a long and complicated process. This class will quickly dispel that myth and provide the attendees the tools required to complete a quality risk assessment, using an industry standard process, in days not weeks.

    We examine the components of the risk assessment process and how it can be used within each organization. We examine currently used threat list and how they can be used to speed up the process while still maintain quality results. We examine examples of threat lists and discuss how these can be altered to meet the attendee’s specific needs.

    We then examine various control lists that address the issues that are presented to the organization daily. We focus on current laws and standards (CobiT, ITIL, NIST, OMB, FISCAM, FFIEC, ISO 27002, ISA (manufacturing) GLBA, HIPAA, SOX, PCI DSS) and map them to the attendees’ organizational requirements.

    At the end of this session, the attendees will take with them an understanding of the risk assessment process, the tools they need to perform the task at their own organization, examples of threat lists, sample control lists, a management summary letter template and a completed risk assessment action plan.

    Course Completion

    Upon the completion of our Risk Assessment course, students will have:

    The knowledge to design, manage and oversee an organization’s risk management process

    Knowledge of the key elements to complete risk assessment projects in five days or less through the use of the Facilitated Risk Analysis and Assessment Process (FRAAP):

    • Risk Management basics
    • Project Impact Analysis: the due diligence portion of project management
    • Risk Assessment: Documentation of how management meets it’s fiduciary
    • Risk mitigation: Using key concepts to reduce identified risk to an acceptable level
    • Compliance checking and vulnerability assessment

    The required knowledge and ability to provide effective risk management and consulting for their organization

    Course Benefits

    The Risk Assessment course offers students outstanding benefits, including:

    • Demystification of the risk assessment process
    • Tools needed to complete risk assessments
    • A case study to test the process
    • Sample management summary reports

     

    Room: 106
    2
    Thomas R. Peltier
  • 8:30am - 9:15am17 Allgress: Communicating Risk to Senior Leadership

    Communicating information security risk to the board requires that you convey a message that speaks the language of the business while remaining the security expert in the room. In many cases, you become the "chief marketing officer" of the info sec group - a role that isn't always a comfortable one for many people. We'll discuss techniques to help explain risk in terms that your business leadership, corporate governance, or board can understand, and present risk as it relates to your business

    Room: 103
    0
    Gordon Shevlin
  • 8:30am - 9:15am17 FireMon: Building Risk Visibility into Your Firewall Management Process

    Firewall deployments in large organizations can easily get out of control – and become rife with unnecessary risk. Inappropriate access is granted readily. Constant change complicates policy implementation. A real-time, enterprise-wide picture of network security posture is a distant dream. Only by automating tedious manual processes at the operations, management and compliance levels of the organization can security teams regain control and better protect their information. This requires consolidated, real-time data of the security infrastructure and a scalable, distributed solution that provides fast, flexible analysis and reporting. This presentation provides pragmatic advice on new technologies that will put hours back into each day, including how to: - Visualize the overall risk posture so management can understand security effectiveness - Simplify operations by understand security device configurations of multiple firewall vendors - Continuously monitor critical data to ensure compliance daily, not annually - Tune discovered access paths to reachable, vulnerable assets so patching is not needed

    Room: 105
    0
    Matt Dean
  • 8:30am - 9:15am17 Game Time: Disaster Recovery and Incident Response

    Beat the clock. Table-top. Tag. Scavenger hunts. All are forms of games. All four can be applied to strengthening a team’s readiness. Take two of the security domains: Business Continuity and Operations Security. Both include disciplines for reacting to emergencies. Disaster Recovery, for example, is a planned reaction to an outage. Incident Response is a planned reaction to a security breach. With policies and plans in place, organizations must routinely practice in order to be ready for such events. This session will present and discuss several games that organizations can play to improve DR and IR readiness.

    Room: 101
    1
    J Wolfgang Goerlich
  • 8:30am - 9:15am17 InfraGard Michigan Members Alliance, Inc. Chapter Meeting

    The InfraGard Michigan Members Alliance, Inc. Chapter Meeting Chapter Meeting is open to all conference attendees. 

    Room: Keynote Theater
    0
  • 8:30am - 9:15am17 Radware: In the Line of Fire – the Morphology of Cyber-Attacks

    Organizations in every industry sector are constantly targets of cyber attacks. Attend this session to learn why your company may be next.

    Radware will share its first hand experiences and case studies about attack vectors that are used, timelines, pre-attack preparation scenarios, what each vector attempted to achieve and the resultant impacts on the target business. Hear some practical techniques that organizations can employ to safeguard their operations.

    Through denial of service attacks, website defacement, information theft and other disruptive techniques, hactivists will continue their relentless cyber-attacks in order to highlight their own ideals and dissent. Some of the information in Radware’s case studies may assist those who attend this briefing to better prepare for their own future mitigation efforts.

    Room: Theater
    0
    Carl Herberger
  • 9:00am - 3:00pm17 Exhibit Floor Open Please check back for presentation details.
    0
  • 9:30am - 10:15am17 OPENING KEYNOTE: Power to the CISO’s: Gaining Control of Cyber Security at a Strategic Level

    Cyber security urgently needs a strategic approach. We can no longer defend everything all the time against every possible kind of attack. We can no longer stay ahead of attackers by simply racing to block each new vulnerability and exploit as they are discovered. Cyber defenses need to be made much more selective and sophisticated. This requires basing them on a realistic analysis of cyber risks. Changes in the way operations are conducted need to be considered along with security measures. C-level executives have the necessary the scope and authority, but lack the technical expertise and are unlikely to acquire it. The best way forward is for CISO’s and their teams, who already have the technical expertise, to be given the scope and authority they need to do their job properly. To make this happen, CISO’s need to lay out what they would do with this increased power. This talk will present a plan of action.

    Room: Keynote Theater
    0
    Scott Borg
  • 10:15am - 11:15am17 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm17 Executive Track: Network Security - VIP / Invite Only Please check back for presentation details. Room: Executive Boardroom
    0
  • 11:15am - 12:00pm17 Are Passwords Dead?

    Is it time to retire passwords as a method for authentication for employees, system administrators, remote users, customers, and partners? This session will review alternative methods of user identification and authorization. We will explore various technologies and threats against these authentication methods and enterprise implementation strategies.

    Room: Suite 3
    1
    Nan Poulios
  • 11:15am - 12:00pm17 Bit9: Why You Need a New Generation of Endpoint and Server Security

    A new generation of cyber criminals is dedicated to stealing or destroying the vital business and customer data stored on your servers and traversing your endpoints—and antivirus and other traditional security solutions cannot stop them. Every business is a potential target for today’s sophisticated and increasingly prevalent threat actors.

    Session attendees will learn how an innovative endpoint and server security solution that doesn’t rely on signatures and can defend your enterprise against even the most persistent, sophisticated cyber criminals, nation-states and hacktivists by continuously monitoring and recording all activity through cloud-based services. This allows for real-time enforcement giving organizations immediate visibility into everything running on their endpoints and servers.

    Room: 105
    0
    Jessica Couto
  • 11:15am - 12:00pm17 Critical Infrastructure

    Law and policy are unable to keep pace with technical progress or change. The cyber world is an under-regulated arena where modern day pirates or activists seek to cement their digital footprints. Governments are scrambling to adopt laws and policy to properly regulate this space and establish appropriate restraints to protect private citizen and businesses. The wheels of legal progress, however, are slow. Plus, the expectations of privacy and free speech afforded to citizens may need tempering to produce a climate where legal changes in the cyber world thrive. This paper highlights some legal and strategic concerns of a national cyber-security law.

    Room: Theater
    1
    Monplaisir Hamilton
  • 11:15am - 12:00pm17 PCdIe

    Even though the PCI DSS has been around for more than 6 years now, companies both large and small still continue to struggle with compliance. Strangely enough, many of the organizations that struggle with PCI compliance have been validated as PCI compliant. The prescriptive requirements of PCI DSS combined with the one-size-fits-all approach, causes many headaches, frustrations, and heavy financial burdens for those organizations undergoing this compliance effort.

    This presentation uses real world experience to uncover the fundamental flaws of the PCI DSS, the most difficult requirements, lawsuits involving PCI, and the way forward.

    Room: 101
    1
    Andrew Weidenhamer
  • 12:00pm - 1:15pm17 Executive Track: Governance, Risk, and Compliance - VIP / INVITE ONLY. Please check back for presentation details. Room: Executive Boardroom
    3
  • 12:00pm - 1:00pm17 Motor City ISSA Chapter Meeting

    Motor City ISSA Chapter Meeting--this meeting is reserved for ISSA Motor City Chapter Members. 

    Room: Lookout
    3
  • 12:15pm - 1:00pm17 KEYNOTE: Securing Your Message with Effective Communication

    KEYNOTE DESCRIPTION TO FOLLOW

    Room: Keynote Theater
    0
    Allison Clarke
  • 1:15pm - 2:00pm17 Arbor Networks: DDoS Attacks: The Scale of the Problem

    The motives behind DDoS attacks have broadened; the rise of ideological hacktivism, for example, has led to a wide range of organizations being targeted, as seen in frequent mainstream press coverage. In addition to the wider spread of targets, DDoS attacks have increased in size and complexity. The average volumetric attacks (up 43% so far in 2013, over 2012) are now capable of saturating the Internet connectivity of many businesses. This session will discuss why and how organizations can defend against these targeted and multi-pronged attacks.

    Room: 105
    0
    James Benanti
  • 1:15pm - 2:15pm17 Industry Expert Panel: Bring Your Own Device-BYOD

    Companies have embraced the idea of the mobile worker. Smart phones, tablets, and laptops are now the norm in many organizations even if the official blessing has not been given by the security team. What new headaches does this create? What is being done to effectively secure these devices in the event of loss, intrusion, or the disgruntled employee? Our experts will tackle these questions and more on this panel.

     

     

    Room: Keynote Theater
    0
  • 1:15pm - 2:15pm17 Industry Expert Panel: Securing the Endpoint

    The battle to secure the endpoint wages on. Employees will install rogue software and 3rd party applications on company assets. Is your anti-virus software and authentication policies enough? Malware, APTs , and rootkits are rapidly evolving. What can we do in the information security community to thwart these ever changing threats? And what about the insider threat? Our experts will address these complex issues as well as provide their predictions on how to win the battle of the endpoint.

    Room: Suite 3
    0
  • 2:15pm - 3:00pm17 Conference Dessert Break / Exhibitor Product Demonstrations

    Located on the SecureWorld Exhibit floor.

    0
  • 2:30pm - 2:45pm17 Dash for Prizes

    Be sure to leave your business card* with any participating exhibitor. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm17 DDoS: What is it? How Has it Changed? How Can You Stop it?

    The presentation defines a Distributed Denial of Service. Then shows real world examples of DDoS attacks within the last year along with difficulty in reacting much less stopping the attack. We then discuss three methods of mitigating a DDoS attack and their merits.

    Room: Suite 3
    1
    Clark R. Crain
  • 3:00pm - 3:45pm17 Executive Presence: How to Present Your Security Program to C-Level Executives

    In this presentation, Ethan Steiger will give his firsthand experience at his successful quarterly report outs to the R. L. Polk & Co. senior level executives and Board of Directors. Executive buy-in to a security program is a critical success factor. Ethan will demonstrate his undertaking of building a security program while effectively training his executives to be the program’s best advocatess. He will share some sample report outs, explain metrics that are relevant to executives, and articulate how to summarize security incidents into a meaningful presentation.

    Room: 105
    1
    Ethan Steiger
  • 3:00pm - 3:45pm17 Incident Response and Policies Affecting the Enterprise

    Are you ready for a data incident? Have a response plan? Does it work? How do you know? Preparation is essential in facing an incident. Knowing what to do can make the difference between a quiet resolution and page one of The Detroit News; learn what it takes.

    Room: Theater
    1
    Keith Cheresko
  • 3:00pm - 3:45pm17 Securing Relationships - Securing the Organization

    In order to succeed, information security professionals must increase their intelligence on core business processes. Pervasive security will not be successful without strategic alignment to internal business departments and processes. This session will discuss overcoming challenges by showing where security can provide value back to the bottom line and provide some basic approaches in obtaining support for security objectives.

    Room: 103
    0
    John Fowler

Session Information

Description: