This is a past or an expired conference.
Please click here to view listing for all upcoming events.
|
LAST UPDATED: Tuesday, December 26 2006
 |
|
Wednesday, September 13, 2006 |
 |
|
 |
|
|
07:45 Registration/Continental Breakfast Exhibit Hall Opens
8:30 Welcome from INFORMATION MANAGEMENT NETWORK (IMN)
Keynote Opening Address:
Joe Bernik, Regional Information Security Office-Technology Risk Management North America
ABN AMRO BANK
LESSONS LEARNED: THE EVOLUTION OF SECURITY AND HOW IT IMPACTS YOUR BUDGET
08:55 THE CISO ROUNDTABLE
In the worst case scenario, a security breach can cost your financial institution millions in downtime as well as greatly damaging your customers' quality of life. This session, comprised of a CISO/CSO panel of experts, will open the Summit and the panelists will debate the question: What is Enough Security?, and discuss prioritizing resources, cost, and ROI in maintaining a secure environment in a financial or large enterprise institution. The session will also cover:
• Getting Line Managers to Allocate Resources to Security
• Best Practices
• Outsourcing Security Management
• Cost & ROI
• Prioritizing Resources
• Business Continuity Planning
Session Chair:
C. Warren Axelrod, SVP, Business Information Security Officer UNITED STATES TRUST COMPANY, N.A.
Panel Participants:
Joe Bernik, Regional Information Security Office-Technology Risk Management North America
ABN AMRO BANK
Jim Routh, CISO, DTCC
Allan G. Pomerantz, CSO, PHILADELPHIA STOCK EXCHANGE
David Bryant, Vice President-Information Security Manager. Enterprise Information Security RAYMOND JAMES FINANCIAL |
09:55 Deluxe Refreshments
Demonstrations In The Summit Theater
Demonstration 1: 
Demonstration 2: 
Demonstration 3: 
CONCURRENT SESSIONS CHOOSE "A" OR "B":
10:55 - TRACK A - SOFTWARE/APPLICATION DEVELOPMENT & IMPLEMENTATION
• Security and Application Development as Separate Disciplines or are they Converging?
• Integrating Security into the Beginning Stages of the Application Development Process
• Risk Assessment & Testing for Security Flaws During the Development Lifecycle
• Automated Tools
• Application-Specific Rules
Session Chair:
Mike Weider, CTO, WATCHFIRE
Panel Participants:
Kenneth F. Belva, Information Security Officer, CREDIT INDUSTRIEL ET COMMERICIAL
Jim Routh, CISO, DTCC
Roger Thornton, CTO, FORTIFY
Claudia Dent, Senior Vice President of Product Management and Marketing OUNCE LABS
Kevin Kernan, CEO, SECURE SOFTWARE
10:55 - TRACK B - 2-FACTOR AUTHENTICATION
• Governmental & FFIEC Regulatory Overview
• Multifactor Authentication vs. Layered Security Approaches
• Risk Assessment Approaches: Can They Work?
• How does 2-Factor Authorization Defend Against Phishing?
• 2-Factor Authorization: A Stand-Alone Approach or Part of your Risk Management Tool Box?
• The Latest Applications
• Bringing Multi-Factor Authentication & True Financial Fraud Detection Together
• What are the Costs? (Personnel, Time & Economic)
• How does the Black Box Work?
Session Chair:
Dan Schutzer, Executive Director, FINANCIAL SERVICES TECHNOLOGY CONSORTIUM
Panel Participants:
Don Rhodes, Policy Manager, Payments & Technology, AMERICAN BANKERS ASSOCIATION
Edward Regan, Vice President-Information Technology Risk Management, JPMORGAN CHASE BANK NA
Ann S. Johnson, Area Vice President ESG Americas Sales RSA SECURITY
11:55 - TRACK A - THE YEAR OF THE WEB APPLICATION HACK: DATA FROM THE FRONT LINES
As network routers, firewalls, and operating systems become more mature, web applications have become one of the most popular attack vectors. Although there are numerous reports covering network-based attacks, public vulnerability announcements, and Spam/Phishing schemes, there is little empirical data on the attacks that specifically target web applications. This presentation sheds light on how applications are being attacked. Additional themes this discussion will focus on include:
• Understanding the Top 5 Web Application Hacking Facts
• Recognizing Bot Attacks, Google Hacking Vulnerabilities and Directed Attack Vectors
• The Latest on how to Address the Situation
Panel Participants:
Scott Parcel, Director of Engineering, CENZIC
Roger Thornton, CTO, FORTIFY
Robert Martin, Principal Engineer, MITRE CORPORATION
Matt Fisher, Senior Security Engineer, SPI DYNAMICS
Michael Weider, CTO, WATCHFIRE
11:55 - TRACK B - MULTIFACTOR AUTHENTICATION: WHAT IS THE CONSUMER GOING TO DO ABOUT ALL THE TOKENS?
• FFIEC Regulations: The Reactions
• Assessing the Risk: What Needs to have 2-Factor Protection?
• To Token or Not to Token: That is the Question • Too Many Tokens, Too Little Time...How can you Choose? What Happens When Customers have too Many Tokens?- • What are the Challenges in Customer Authentication?
• Unique Passwords
• Customer Awareness how to we achieve it successfully
Session Chair:
Sharon L. Kaufman, Assistant Vice President-Service Provider Oversight, THE BANK OF NEW YORK
Panel Participants:
Dan Schutzer, Executive Director, FINANCIAL SERVICES TECHNOLOGY CONSORTIUM
Iri Trashanski, Director-Business Development & Marketing, MSYSTEMS
Ann S. Johnson, Area Vice President ESG Americas Sales RSA SECURITY
Andy Cottrell, Chief Technology Officer, TRICIPHER
Alecia Kontzen, Senior Vice President & E-Commerce Operational Risk Manager, WACHOVIA CORP.
12:40 Luncheon
01:40 - TRACK A - ENTERPRISE-WIDE CYBER SECURITY MANAGEMENT
• Assessing the Enterprise-Wide View of Risk Across the IT Infrastructure
• Selecting Enterprise Solutions: What are the Keys?
• Enterprise-Wide Access Management Controls
• Enterprise Connectivity Security
• Enterprise IM Solutions
• Enterprise-Wide Firewalls: What do they Really Block?
• Greynets
• Entry Points you Might not have Considered
• Firmwide Security Standards
• Correlating and Calculating Threats Across the Enterprise
Session Chair:
C. Warren Axelrod, SVP, Business Information Security Officer UNITED STATES TRUST COMPANY
Panel Participants:
Dennis J. Tsu, Vice President-Marketing, AIRTIGHT NETWORKS
David Sherry, Vice President-Information Security Manager, Enterprise Information Security, CITIZENS FINANCIAL GROUP
Mike Witkowski, CTO, MAXXAN
Claudia Dent, Senior Vice President of Product Management and Marketing OUNCE LABS
Ira Greenstein, Chief Technology Officer, US SENATE FEDERAL CREDIT UNION
01:40 - TRACK B - MAINTAINING APPLICATION SECURITY
• Effectively Monitoring what is Going on Inside Networks
• Application Firewalls: The Latest
• Using Smart Keyboards to Provide Secure Systems for Sensitive Applications
• Application-Level Authentication
• On-Line Application Security
• How Hackers are Taking Advantage of Poor Web-Based Software Security
• The Latest Application-Level Controls
• Inspection & Audit
Session Chair:
Brian Chess, Founder & Chief Scientist, FORTIFY
Panel Participants:
Scott Parcel, Director of Engineering, CENZIC
Mark Kraynak, Director of Product Marketing, IMPERVA
Matthew J. Lane, IAM, QDSP - Director of Information Technology, JANUS ASSOCIATES, INC.
Brian M. White, IT Audit Director, WACHOVIA CORP.
Jeremiah Grossman, founder and CTO, WHITEHAT SECURITY
02:25 - TRACK A - DESKTOP/LAPTOP SECURITY & PROTECTING FROM THE INSIDER THREAT
• Measuring the Effectiveness of Desktop Controls
• What are the Major Challenges that Organizations Face in Trying to Defend Against Insider Attacks?
• If my Network Users are Trusted or my Organizations has not Experienced an Insider Attack, how can I Justify Buying Such Technology?
• What Techniques are Attackers Going to Employ in the Next Generation of Insider Attacks?
• What are your Latest Policy Additions?
• Protecting Sensitive Information from Missing/Stolen Laptops
• Protecting yourself from Plug-in Exposure
• Upgrading Desktop Systems with Security In Mind
• Email Policy
• Having your Own "Mr. Spock" When Stopping Logic Bombs
• Keyloggers: The Latest; the Greatest
• Exposures Inherent with a Remote/Mobile Workforce
• Encrypted Drives: An Effective Tool?
• Productivity/Security Tradeoffs
• Regulatory Compliance
Session Chair:
Steve Roop, Vice President-Products & Markets, VONTU
Panel Participants:
Raffi Jamgotchian, CTO, CANARAS CAPITAL MANAGEMENT
Matt Miller, Vice President of Engineering, COUNTERSTORM
Ben Campbell, Vice President-Sales Operations, SAFEND
Tony Brockman, Product Marketing Manager, SYMANTEC
02:25 - TRACK B - NETWORK LEVEL SECURITY:THE LATEST EXPOSURES,THE LATEST DEFENSES
• Where is the Technical Innovation in Network Security Products? Have we Made any Progress in the last 6 years? What's the Next Big Step?
• Has the Inability of Vendors to Deliver on Network Security Products Undermined Efforts to Sell Information Security to Senior Management?
• Monitoring, Detecting & Auditing Activity Going on Inside Networks
• Making Sure Confidential Information Doesn't Exit Networks
• Protecting Entry/Exit Points
• Evaluating & Testing Network Infrastructure from a Security Perspective
• Secure Networking Appliances
• Honeypots: a Useful Tool or a Good Way to get your Self Sued?
• What are the Major Shortcomings of Both Signature and Anomaly-Based Network Intrusion Detection Systems?
• Do IPS Solutions Create More Risk that they Eliminate?
• Protecting Routers & Switches
• Unqualified Equipment: What is your Policy?
Session Chair:
Allan G. Pomerantz, CSO, PHILADELPHIA STOCK EXCHANGE
Panel Participants:
Risé F. Jacobs, Vice President-Information Security & Corporate Contingency Planning, ASTORIA FEDERAL SAVINGS
Kevin M. Cayo, Associate Director-Information Risk Management, BARCLAYS CAPITAL
Partiv Shah, Corporate Information Security Manager, DTCC (invited)
Andrew Berkuta, Senior Security Evangelist, MCAFEE,INC.
Howard Hall, Vice President-Corporate Development, VERICEPT CORP.
03:25 Deluxe Refreshments
Demonstrations In The Summit Theater
Demonstration 1: 
Demonstration 2:  |
04:15 EMAIL & INSTANT MESSAGING SECURITY
• Defining Secure Email & the Attributes you Would Recommend for a Secure Email System
• Filters & Quarantines
• The Latest Phishing & Email Scams
• The Email Security War: Fighting Back with Cryptography, Rules-Based Email Filtering and Reputation Databases
• Email & IM Monitoring, Policy, Control
• Filtering/Quarantining of Messages that Might Generate Liability
• Policy-Based Encryption of Outbound Messages: Is it User Friendly?
• Secure Access to the Mail Server
• The Latest Anti-Spam and Anti-Virus Protection
• Denial of Service Attack Update
• IM-Specific Viruses & Attacks
• Do you Allow Public IM Services at your Firm?
• Dealing with Attachments
• Image-Based Spam & Empty Spam Update
Session Chair:
Ray Suarez, Director, Product Marketing SYMANTEC
Panel Participants:
Graham Lawlor, Program Manager for Chat & Instant Messaging, DEUTSCHE BANK
Kurt Shedenhelm, President and CEO, PALISADE SYSTEMS, INC.
Kathleen Kirk, Director, Information Security, PRUDENTIAL FINANCIAL, INC.
Steve Roop, Vice President-Products & Markets, VONTU
05:00 PHISHING & IDENTITY THEFT UPDATE
• Is Phishing Volume Continuing to Soar?
• The Latest Phishing Scams
• Phishing Response
• Are Small Firms Starting to get Phished?
• Domain-Based Strategies: Finding Phished Sites
• Operational Guidelines & Procedures Needed to Prevent Phishing
• Using Electronic Signatures
• Cutting Down Key Loggers to Size
• Authentication
• Spear Phishing: What has it been Catching?
• Man-in-the-Middle Tactics: How to Defend
Session Chair:
Allan G. Pomerantz, CSO, PHILADELPHIA STOCK EXCHANGE
Panel Participants:
Fran Marra, Manager-SIRT Investigations, CITIGROUP
Steve Antoniewicz, Vice President-Security Solutions, NET2S
Danny Allan, Director Security Research, WATCHFIRE
| 05:45 Networking Cocktail Reception Courtesy Of: |
07:00 Day One Concludes
LAST UPDATED: Tuesday, December 26 2006
|
|
Thursday, September 14, 2006 |
|
|
|
|
|
08:00 Continental Breakfast Exhibit Hall Opens
08:45 AFTER THE BREACH: INCIDENCE RESPONSE
• Insider Breach Procedures
• Informing the Public: What are your Choices? When to Make the Information Public
• State Laws to Consider
• Monetary Cost of Data Breach vs. Improved Security Measures
• Bringing in Outside Law Enforcement
• Dealing With Employee Breaches
Session Chair:
Tom Bennett, VP Marketing, OAKLEY NETWORKS
Panel Participants:
Chris Duckers, Senior Product Manager ARCHER TECHNOLOGIES
Dave Chen, Director of Information Security, MCGRAW HILL
Nancy Baran, Vice President-Privacy Officer, PRUDENTIAL FINANCIAL
Marc J. Zwillinger, Partner, SONNENSCHEIN NATH & ROSENTHAL LLP
09:30 MANAGEMENT FOR 3RD-PARTY CONNECTIONS: OUTSOURCED SECURITY APPLICATION DEVELOPMENT CONTRACTORS AND CUSTOMER EXPOSURE
• Security Concerns and Mitigation Strategies from Both Sides of the Business Arrangement
• Should Such Vital Assets be Outsourced?
• How can you be Sure Security is More than Adequate at a 3rd-Party?
• Secure Transmission Networks & SSL Encryption
• Outsourcing Software Development & Ensuring Adequate Security
• Monitoring 3rd-Party Connections Internally & Externally
• Objectives, Baseline Requirements and Essential Service Level Agreements
• Engagement Pitfalls and Best Practices
• Who is Accountable for a Breach? Why?
• What can Businesses Reasonably Demand from their Service Providers as Proof of Security?
• What Must Businesses do to Help Service Providers Deliver Secure Applications?
• As an Outsourcer, What are the Concerns? As a Service Firm, How do you Answer those Concerns?
Session Chair:
C. Warren Axelrod, SVP, Business Information Security Officer UNITED STATES TRUST COMPANY, N.A.
Panel Participants:
Joe Bernik, Regional Information Security Office-Technology Risk Management North America, ABN AMRO BANK
Kris Zupan, CEO, E-DMZ SECURITY
Mike Armistead, Founder & Vice President of Marketing, FORTIFY
Claudia Dent, Senior Vice President of Product Management and Marketing OUNCE LABS
Brian M. White, IT Audit Director, WACHOVIA CORP.
10:30 Deluxe Refreshments
11:15 A VIEW FROM THE REGULATORY COMMUNITY
• Federal Data Security Regulations
• HR 3997
• Branch Notification
• State Law Update
• Multi-Factor Authentication
• Sarbanes-Oxley Update
• Encryption Update
• NASD & SEC Requirements
Session Chair:
Don Rhodes, Policy Manager, Payments & Technology, AMERICAN BANKERS ASSOCIATION
Panel Participants:
Daniel Kaufman, Attorney-Advisor to Chairman, FEDERAL TRADE COMMISSION
William Henley, Jr. Examination Specialist, FDIC (invited)
Michael V. Campbell, Counsel, THE FEDERAL RESERVE BANK OF NEW YORK
Jeanne Devine, Counsel-Northeast District Counsel's Officer, OFFICE OF THE COMPTROLLER OF THE CURRENCY
John Walsh. Associate Director-Chief Counsel, SECURITIES & EXCHANGE COMMISSION
12:15 COMPLIANCE, AUDITING & MONITORING SECURITY
• What are the Latest Regulations you are Wrestling With? How are you Implementing? Where have the Nightmares been?
• Compliance & IM
• Regulatory Compliance for Wireless Networks
• All Compliance Systems are Expensive and Difficult to Use: Is this Statement True? What is so Difficult?
• Compliance Reporting & Audit Trails
• Automating the Burden of Documentation
Session Chair:
Ted Julian, Vice President Business Strategy APPLICATION SECURITY, INC.
Panel Participants:
Sam DeKay, Assistant Vice President, THE BANK OF NEW YORK
Ken Phelan, Chief Technical Officer GOTHAM, INC.
Nancy Baran, Vice President-Privacy Officer, PRUDENTIAL FINANCIAL
Alecia Kontzen, Senior Vice President & E-Commerce Operational Risk Manager, WACHOVIA CORP.
01:15 Luncheon
02:15 PATCH MANAGEMENT UPDATE
• The Financial Services Institutions Speak Out: What do Software Providers Need to do? Which Software Providers have the Best Patch Management Procedures?
• Finding Vulnerability in a Piece of Unpatched Software
• Dealing With Hackers that take Advantage of Recently Announced Patches: What is your Time Frame?
• Methodologies to Ensure Operating Systems are Up-to-Date and Patched Properly
• Unauthorized Patches: How to Prevent
Panel Participants:
Afzal Khan, Director of Systems Security, EVEREST REINSURANCE
Dave Chen, Director of Information Security, MCGRAW HILL
Kathleen Kirk, Director-Information Security, PRUDENTIAL FINANCIAL, INC.
Phil Lerner, Managing Director of InfoSecurity, THEINFOPRO
03:00 EMPLOYEE TRAINING
• The Latest Policy Changes you have Implemented
• 3rd-Party Trainers: What to Look for
• Lessons Learned After the Security Breach
• What Methods do you use to Train Employees?
• Web-Based Training
• Awareness Methods other than Training
Panel Participants:
Sam Dekay, Assistant Vice President, THE BANK OF NEW YORK
Kevin M. Cayo, Associate Director-Information Risk Management, BARCLAYS CAPITAL
Edward J. Liebig, Chief Information Security Officer
03:45 IMN's 5th Annual Cyber Security Executive Summit Concludes
|
Email Event to a Colleague
Printer Friendly