Anticipate the unexpected - ASIS 2012
Anticipate the unexpected - ASIS 2012
Anticipate the unexpected - ASIS 2012
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
TUEsDAY, sEPTEMbEr 20 • 1:45 pm–3:00 pm<br />
3220 Getting From Here to There:<br />
Advancing in <strong>the</strong> security Field<br />
● Fundamental<br />
With <strong>the</strong> ever changing world of <strong>the</strong> private<br />
security sector, learning what it takes to ‘move up<br />
<strong>the</strong> ladder’ can be challenging and confusing. a<br />
panel of security veterans tell it like it is for those<br />
ready to move up.<br />
Jeffrey Hawkins, Manager, Security Management<br />
Education Outreach, American Military University; Jeffrey<br />
Slotnick, CPP, PSP, President, Setracon Incorporated; Ray<br />
Van Hook, CPP, Executive Director of Campus Security, The<br />
School of The Art Institute<br />
3280 Forensics and <strong>the</strong> Cloud<br />
■ Intermediate<br />
due to <strong>the</strong> explosion of applications for cloud<br />
computing, a new practice has emerged in<br />
“cloud forensics.” In fact, <strong>the</strong> u.S. department<br />
of Justice has begun to focus efforts in this area.<br />
Who controls <strong>the</strong> evidence, including collection,<br />
preservation, and validation of information<br />
contained within <strong>the</strong> cloud? What happens if that<br />
cloud is outside <strong>the</strong> united States? This session<br />
attempts to explain what <strong>the</strong> cloud and forensics<br />
mean in relation to one ano<strong>the</strong>r.<br />
3282 Picking <strong>the</strong> right Tool for<br />
<strong>the</strong> Job: Using Vendor Tools to Aid in<br />
<strong>the</strong> Development of secure Code<br />
■ Intermediate<br />
Building secure code is a top priority for<br />
organizations today. as criminals move from<br />
attacks against <strong>the</strong> operating system to third<br />
party applications, organizations find <strong>the</strong>mselves<br />
on <strong>the</strong> receiving end of attacks. developing<br />
secure code is not only technically challenging,<br />
but is inherently difficult due to a variety of factors<br />
including interaction with o<strong>the</strong>r code, and new<br />
attacks. Many vendors have released tools to aid<br />
developers in this endeavor. This session looks<br />
at <strong>the</strong> application security products market and<br />
discusses some of <strong>the</strong> options that organizations<br />
have in choosing a tool.<br />
Robert Ayoub, Global Program Director, Network Security,<br />
Information & Communication Technologies, Frost and<br />
Sullivan<br />
TUESDAY<br />
LEVEL KEY: ● Fundamental ■ Intermediate ▲ Advanced<br />
3283 Mobile Applications: Managing<br />
Enterprise risk and Exploitation<br />
■ Intermediate<br />
an emerging trend is for large organizations to<br />
shift mobile device ownership and maintenance<br />
to <strong>the</strong>ir employees to reduce business costs.<br />
at <strong>the</strong> crossroads of this shift in IT governance<br />
are smartphone applications and <strong>the</strong>ir ability<br />
to access corporate resources and intellectual<br />
property. not all smartphone applications are<br />
created equal. Most organizations lack formal<br />
processes to support centralized device<br />
management, secure application distribution,<br />
software security, and privacy control. Vetting<br />
risk becomes increasingly embedded into <strong>the</strong><br />
converged mobile and Intranet architectures.<br />
This session presents a mobile application risk<br />
management framework which addresses<br />
assessment and mitigation techniques.<br />
Richard Tychansky, Information Assurance Engineer,<br />
Lockheed Martin Corporation<br />
3284 Putting Your House in Order—<br />
business intelligence Ga<strong>the</strong>red<br />
From 100+ sustainable iT-GrC<br />
implementations<br />
■ Intermediate<br />
Review best practices and concepts from<br />
real-world IT GRc implementations proven to<br />
work for 100+ organizations. decipher when to<br />
apply various risk assessment methodologies<br />
(top-down vs. bottom-up; threat-based vs.<br />
business criticality). Gain an understanding<br />
of existing controls framework and selecting<br />
appropriate frameworks based on <strong>the</strong> target areas<br />
and relevant regulations. Review techniques for<br />
avoiding pitfalls of controls catalogue overload.<br />
case studies highlight challenges of <strong>the</strong> IT GRc<br />
program roll-out and exploring technology to<br />
match <strong>the</strong> organization’s needs and<br />
methodologies.<br />
Vivek Shivananda, Founder/CEO, Rsam<br />
“The seminar and Exhibits is<br />
<strong>the</strong> best source for staying<br />
current in <strong>the</strong> industry and<br />
reviewing products.”<br />
Mike Bruggeman<br />
Director, Global Security<br />
General Motors<br />
September 19–22, 2011 | Orange County Convention Center | Orlando, Florida | www.asis2011.org 47