News Stay informed about the latest enterprise technology news and product updates.

Download presentations from Information Security Decisions 2013

At ISD 2013, many of the industry's leading information security experts gathered to share vendor-neutral expertise and proven security strategies.

At TechTarget's annual Information Security Decisions conference, many of the industry's leading information security experts gathered to share vendor-neutral expertise and proven security strategies. If you couldn't make it to this year's event, you can catch up here. Below you can download speaker presentations from a selection of this year's sessions.

Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell
Tom Ritter, Principal Security Engineer, iSEC Partners
During this talk, we will demonstrate how we've used a femtocell for traffic interception of voice calls, SMS, and data in a controlled environment and show active attacks on cellular enabled services. We also demonstrate how we were able to exploit a particular vulnerability in order to remotely clone a mobile device without physical access. Finally, we’ll show how old is new again, and how we need to rethink and redesign protocols and business processes now that the underlying network we rely on is vulnerable to active and passive attacks.

To BYOD (Bring Your Own Device), or not to BYOD?
Ernesto DiGiambattista, Chief Technology & Security Officer, Sentinel Benefits & Financial Group
Beyond technology - Technology and Security Risk professionals need to understand and take stock of compliance and any potential regulatory requirements. This Project addresses how Sentinel approached a BYOD solution that would meet the needs of the business and associates, while addressing all the regulatory requirements. Further, it highlights the importance of non-technical matters that require organizational input and communications if BYOD is to be managed successfully.

DLP, Redone Right
Edward Gardner, Director, Infrastructure and Security Operations, Homesite Insurance
Data Loss Prevention systems are an important part of Homesite's Information Security program. Homesite recently swapped out its existing system in favor of an easier to manage implementation. Implementing a successful DLP solution requires broad cooperation from the business, as well as a deep understanding of the data you are trying to protect. This presentation will cover Homesite's re-implementation of DLP in the enterprise, covering off on pitfalls to avoid and top considerations to keep in mind when rebuilding your DLP program.

Who's Watching the Watcher
William Lewis, Director of Information Technology, State Garden, Inc.
Who's watching the watcher? The watcher should be watching the watcher. As companies refine policies and procedures and add new technologies, what is being done to validate the results of such changes? In this case study, we will talk about how my team tackled auditing and validating policies / procedures, the technologies we used to secure our networks and the approach we have taken to ensure measures that have been put into place are providing the desired results.

An Identity and Access Management Odyssey: A step-by-step approach to building a global capability for managing access
John R. Schramm, Vice President of Global Information Risk Management and Chief Information Risk Officer (CIRO)
Historically, companies have taken a monolithic approach to defining and building a business case for Identity and Access Management (IAM) programs with “everything but the kitchen sink” thrown in.  My experiences in implementing IAM programs at a number of major enterprises lead me to believe that this approach is high risk and prone to failure and that a modular/progressive approach is more successful and likely to result in positive forward progress for companies.  In this talk, I will describe the approach that our IAM team has landed on to build capability in a progressive and modular fashion.  Our IAM approach has generated very positive business results while at the same time building our capability and maturity in the access management area.

Managing for Sanity
Anne Kuhns, Information Security Professional, Former CISO for The Walt Disney Company
Information security professionals deal with an incredible amount of change in their discipline. The rate of change in technology advancements accelerates unchecked, there are four generations of employees in the work place, data is everywhere, data volume is skyrocketing, and this is all occurring while the threat landscape and our exposure footprint becomes more diverse than ever before. As security professionals we face new challenges and new choices every day. How do we keep up? Can we? In this keynote, Anne discusses her thoughts about how she was able to maintain some semblance of order amidst all the chaos which may give you some thoughts about how you, too, can keep your sanity through it all.

Pragmatic Cloud Security
Rich Mogull, Analyst & CEO, Securosis
As the pace of cloud adoption continues unabated, security professionals face the challenge of protecting a still-emerging technology. This session establishes the basics of security for cloud computing, with an emphasis on where the cloud is different from your existing environment. Rather than rehashing security platitudes and generalities, we'll focus on concrete, cloud specific, and dare we say "pragmatic" approaches to get started on cloud security.

It's Finally Time to Love SIEM
Karen Scarfone, Principal Consultant, Scarfone Cybersecurity
A few years back, SIEM offered far more irritation than actionable information. Now, product offerings are more mature and better integrated so that more complex data sets can be assimilated and analyzed. This session looks at how SIEM tools are likely to evolve in the next 2-3 years, how you can lay the groundwork now for more effective SIEM use later, and what operation tips and tricks can enhance your SIEM deployment.

Going Beyond Mobile Device Management - Leveraging NAC for Mobile Devices
G. Mark Hardy, Founder and President, National Security Corporation
Historically, NAC was the way to control guest use of the enterprise network. While it serves that purpose quite well, it also offers capabilities that make it applicable to a larger number of strategic uses. In this session, we’ll take a look at some of those other cases, including the control of mobile devices and coping with the complexities of BYOD.

The Truth About Enterprise Mobile Security Products
Jack Madden, Editor, and
Mobile security products and enterprise mobility management solutions are flooding the market today. CISOs and device administrators have all been exposed to these products and are wondering the same things: Are they effective? What do they actually protect users from? This session will compare the approaches taken by mobile security suites and enterprise mobility management solutions (including mobile device management and mobile app management tools) to give attendees a better grasp on the current state of mobile security and what the real challenges are today. Attendees will learn the validity of deploying mobile security products and enterprise mobility management solutions in their organization and will leave ready to make a more informed decision about the mobile security posture of their organization.

Data Security for Cloud Computing
Rich Mogull, Analyst & CEO, Securosis
One of the top concerns when moving into cloud computing is protecting your digital assets- the data. As with managed services, we trust an outsider with sensitive information, but now we may be doing so in a multitenant environment with limited custom security controls. This session will focus on data security for cloud computing and explore public and private clouds, and techniques for software, platform, and infrastructure as a service.

What's Supposed to Happen at the Endpoint NOW?
Karen Scarfone, Principal Consultant, Scarfone Cybersecurity
One in five of Information Security magazine's enterprise readers think they won't be committed to static signature malware detection in five years. Which make sense - given that half of the readers don't think the signature scanning approach works well anymore. We know whitelisting is out there. And if you’re not too picky you’ve the capability right out of the box with Window professional. But a few questions linger: Are these strategies in fact the right approach? Is it remotely practical at a typical professional organization? Where does NAC play these days? Is the endpoint now better protected by network-based anomaly detection? This expert session offers a wide-ranging discussion of what's actually going on where the fingers meet the plastic.

When Business Processes Fly the Coop
G. Mark Hardy, Founder and President, National Security Corporation
Our business processes are now on the road and we are vulnerable like never before.  We went from PCs to laptops to smartphones, and bring your own device (BYOD) gave us one killer app: email.  But now that the enterprise extends to tablets and always-on connectivity, it's not just about BYOD, but bringing your own apps (BYOA). So: do you have a mechanism to control software provisioning for every BYOD, or do your users just download at will?  Now that our mission critical functions are no longer within our span of control in the same (technical) sense they used to be, we must focus on business processes and controls over them.  We must define the technical arrangements necessary to exert and monitor security controls in a meaningful way. We’ll discuss these and other important points in this closing executive keynote session.

This was last published in October 2013

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.