Anticipate the unexpected - ASIS 2012
Anticipate the unexpected - ASIS 2012
Anticipate the unexpected - ASIS 2012
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Education sessions: 3000 Series<br />
TUEsDAY, sEPTEMbEr 20 • 4:30 pm–5:30 pm<br />
3380 Debate—Collecting of Personal<br />
information From <strong>the</strong> Cloud<br />
■ Intermediate<br />
are we over sharing? as more and more of <strong>the</strong><br />
global village connect and share personal<br />
information, <strong>the</strong>se connected pieces of data have<br />
become increasingly valuable. But are we losing<br />
our personal privacy? While Google’s spiders may<br />
find much of <strong>the</strong> data on us and <strong>the</strong> organizations<br />
we represent, we are <strong>the</strong> ones who are truly to<br />
blame for making it available in <strong>the</strong> first place.<br />
This spirited debate will explore privacy trends and<br />
how <strong>the</strong> impact of social media has shaped our<br />
current and future data protection strategies.<br />
Raj Goel, Chief Technology Officer, Brainlink<br />
International, Inc.<br />
3381 Psychological Principles in<br />
social Engineering<br />
■ Intermediate<br />
From lawyers to panhandlers, con artists to serial<br />
killers—knowing <strong>the</strong> fundamental attributes of<br />
psychology can propel your social engineering<br />
efforts to a new level. understanding people’s<br />
tendencies and reaction to your behavior can<br />
help you maintain control or convincingly deceive<br />
your target. This presentation includes core<br />
psychological principles and combines <strong>the</strong>m with<br />
real-world technical security examples to assist<br />
you in creating more successful storyboards for<br />
social engineering efforts.<br />
Joe Sechman, Director, Sunera; Robert Carr, Senior<br />
Manager, Sunera<br />
3383 impact of social Networking on<br />
security Threats<br />
■ Intermediate<br />
The expanding use of social networking technologies<br />
in and outside <strong>the</strong> workplace has created<br />
a new set of threats facing <strong>the</strong> organization.<br />
This presentation provides a comprehensive<br />
overview of <strong>the</strong> new and emerging landscape<br />
of social networking and <strong>the</strong> resulting attack<br />
vectors created by our use of <strong>the</strong>se technologies.<br />
develop an understanding of <strong>the</strong> specific range<br />
of risks organizations face in managing <strong>the</strong>se<br />
new technologies. learn a range of potential<br />
responses to address <strong>the</strong>se risks and <strong>the</strong> likely<br />
vulnerabilities we face in confronting <strong>the</strong>se rapidly<br />
evolving technologies in our organizations.<br />
David Melnick, Principal, Manager, Deloitte, LLP;<br />
Charlie Blanchard, Deloitte, LLP<br />
3384 A Guide to security Metrics<br />
■ Intermediate<br />
a metrics program provides <strong>the</strong> information<br />
security team with information for better decision<br />
making at both strategic and operational levels.<br />
an effective program should influence <strong>the</strong> strategy<br />
so that decisions made based on <strong>the</strong> data from<br />
<strong>the</strong> metrics program are different than <strong>the</strong>y would<br />
be without such data. Operationally, an effective<br />
program guides day-to-day decision making and<br />
optimizes existing technologies and processes.<br />
Security metrics may be used to fix a security<br />
process which is broken, to focus limited<br />
resources on protecting <strong>the</strong> most valuable assets,<br />
or to ensure that basic security processes are in<br />
place and working well.<br />
Caroline Wong, Senior Manager, Security Program,<br />
Zynga, Inc.<br />
3385 software Assurance Panel<br />
Wrap-up<br />
■ Intermediate<br />
This interactive session highlights <strong>the</strong> strengths<br />
and weaknesses of <strong>the</strong> methods and practices<br />
presented today. ask <strong>the</strong> speakers to contrast<br />
<strong>the</strong>ir perspectives in order to understand what<br />
lessons best apply to you. do <strong>the</strong> practitioners<br />
appreciate <strong>the</strong> benefits and products from <strong>the</strong><br />
<strong>the</strong>oreticians and modelers? What will it take to<br />
make all this work and produce tangible results?<br />
how far are we from a software assurance<br />
marketplace with automated tools we can use?<br />
can we move cybersecurity and applications<br />
development from a blame game to a team game?<br />
Joe Jarzombek, Director of Software Assurance, U.S.<br />
Department of Homeland Security; Bob Martin, Principle<br />
Engineer, The MITRE Corporation; Richard Struse, Deputy<br />
Director of Software Assurance Program, U.S. Department<br />
of Homeland Security; Paul Nguyen, Vice President, Cyber<br />
Solutions for Knowledge Consulting Group<br />
“You need to be <strong>the</strong>re to appreciate<br />
<strong>the</strong> level of education and practical<br />
knowledge you will acquire in a<br />
week.”<br />
Ikhuoria evans<br />
Security Intelligence & Surveillance Analyst,<br />
Lagos and Offshore<br />
Shell nigeria exploration & Production<br />
company (SnePco)<br />
52 Asis 2011 <strong>Anticipate</strong> <strong>the</strong> <strong>unexpected</strong>. The security tools, techniques, and talent for tomorrow.