ISSA International Conference, Day 2

For the second day, members of The Information Systems Security Association (ISSA) are meeting in Baltimore to discuss today’s security challenges. Here’s a partial look at today’s agenda.

9 a.m.

M. Eric Johnson – Director, Glassmeyer/McNamee Center for Digital Strategies and Professor, Tuck School of Business at Dartmouth College: Human Behavior – The Weakest Link?

For many organizations, the most challenging security frontier is people. Corporations and governments alike are faced with

staggering risks from members of their own organization. Whether willful or inadvertent, human-induced leaks fueled by

mass distribution from WikiLeaks can create breath-taking exposure. Likewise, simple deceptions can lead to large-scale losses

of intellectual property. While the risks are not new, the targeted threats toward individuals are increasing with ever-more

sophisticated deceptions. The consumerization of technology has simply added to the human challenge. Whether malicious or

naďve, learning how to assess and change human behavior is every security professional’s challenge. In this presentation, the

problems with people will be explored and how firms might address them in the future will be considered.

10:30 a.m.

Application Security: New Requirements for Software (Panel)

In the past, it was easy enough to just throw out a new program and have it become a corporate standard if it just worked.

However, in today’s world it now needs to be secure.What does this mean? How do you design, implement, and test in today’s

world? Simply put what does SDL mean to you?

Cloud Computing Legal Risk and Liability, David Navetta, Esq, CIPP – Founding Partner, Information Law Group

Cloud computing has emerged as one of the fastest-growing segments of the information technology industry. While outsourcing a company’s data to the cloud creates enormous value for businesses and drives down costs, it also creates significant business, legal and reputational risks. This presentation, conducted by information security lawyer, David Navetta, will explain the legal risks that businesses face in seeking to leverage the cloud and suggest ways to address these risks. It will also offer guidance to cloud computing providers on what they can do to help allay their customers’ fears and increase their competitiveness by proactively addressing these legal risks.

Study from East Japan Earthquake Disaster, Kazuki Yonezawa – Senior Manager, Symantec Japan Inc. and President ISSA Tokyo Chapter

Glenn Townson CISSP, ISSEP – Director and Systems Engineering, Secure Technologies Group, LLC.

The March 2011 magnitude 9 earthquake and resulting 60-foot tsunami devastated Eastern Northern Japan. As Japan recovers

from these tragic events the ISSA Tokyo Chapter looks at the issues IT systems administrators faced with the loss of electricity,

water, fuel for generators and water purification facilities. This session will share studies from this disaster and provide

suggestion for sustainable IT environment for future

11:40 a.m.

Rafal Los – Security Evangelist & Blogger, Hewlett Packard (HP):

The Future of Software Security Assurance – Cloudy, with Storms Likely

It’s been almost 15 years since the browser started its march to become the dominant engine for business, personal and social

applications. It was about that time security professionals first realized that software, and by extension ‘web applications,’ were

gearing up to be a battlefield for hackers and corporate defenders, with developers creating the opportunity. Since then there

has been a building parade of critical vulnerabilities, mass exploitations, and media hype, no more so than in the past five years.

But for all of the industry’s testing tools, developer education and protective mechanisms – things don’t seem to be getting

better.

Software Security Assurance (SSA) is the process of ensuring a reasonable degree of trust in software. As we look 3-5 years out

into the future, how will this process evolve to rise and meet the ever-changing threats? The speaker will examine the future of

attack methodologies including automated exploitation, mass injections, and logic hacking – and protective methodologies and

technologies including developer education, testing technology, the mythical “secure SDLC,” and the future of Web Application

Firewalls. We will delve into what’s next, and how you can get ahead, (or fall a little less behind), the coming threats.

1 p.m.

Position Yourself for 2020 – An Executive Perspective

This keynote panel will feature leading executives discussing what they expect the future to hold for security professionals. How

will information security change between now and 2020? What skills will be valuable? How will security concerns integrate with

business goals? And how can practitioners prepare for this future?

Moderator: Bob Bragdon – Publisher, CSO Magazine and CFOworld.com

Panelists Include:

• Roland Cloutier – Vice President, Chief Security Officer, ADP

• Andy Ellis – Chief Security Officer, Akamai

• Dave Estlick – VP Information Security, Starbucks Coffee Company

• Kris Herrin – Chief Technology Officer, Heartland Payment Systems

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!