SEMINAR ARTICLE

ASIS Partners with (ISC)2

Monday, September 19 - 7:16am

A full array of events and sessions targeted to growing segments of the security industry have been integrated into the ASIS International 57th Annual Seminar and Exhibits here in Orlando. (ISC)2, the largest not-for-profit global organization of certified information security professionals, held credential clinics, certification reviews, and a certification exam last weekend. For the next three days, the group has designed five tracks of educational sessions for its core members. In between, (ISC)2 will sponsor a member reception and a Gala Dinner at the Peabody Hotel.

The relationship between ASIS and (ISC)2 benefits both security practitioners and IT professionals. “The roles of the information security and traditional security professionals within the global business marketplace are rapidly evolving, converging,” says ASIS President Raymond T. O’Hara, CPP. “By collocating our annual events, our combined memberships of more than 100,000 professionals gain access to core knowledge and best practices across the full spectrum of information and traditional security. The opportunity to connect with one’s security counterpart and to build a solid practitioner network is one of the most valuable benefits to be derived from this relationship.”

The goal is “to develop high-quality programs for the broader security community that will further develop a workforce whose skills are in great demand,” says W. Hord Tipton, executive director of (ISC)2.

All sessions in the five tracks are at the intermediate education level. Following is a summary of the sessions planned for today.

APPLICATION SECURITY

11:00 am to 12:00 noon

Security and Design (Session #2182). Integrating security into business pro­cesses, applications, and systems has been a stumbling block for many organizations. Ways to prevent security from being an afterthought and methods security managers can use to build reliable business solutions will be the focus of speaker Kevin Henry, KMHenry and Affiliates Management, Inc.

Software Assurance (Session #2185). Ensuring the integrity and resiliency of software is vital to protecting the nation’s critical infrastructure from threats and cyberattacks. Building security into the underlying infrastructure software will be the focus of this presentation by Joe Jarzombek, U.S. Department of Homeland Security.

1:45 pm to 3:00 pm

Software Security (Session #2282). Convincing corporate executives to spend scarce financial resources on building more secure software can seem like an uphill battle. Examples from other industries can help security officers and software project developers build a case for software security initiatives. Relevant models will be presented by John Dickson, The Denim Group.

4:30 pm to 5:30 pm

Lifecycle Costs (Session #2382). Calculating how much software will cost over time is difficult. Comparing the range of security costs, related risks, and the financial ramifications will be the focus of speaker Eric Irvin, Alert Logic.

Software Errors (Session #2385). This session will focus on software assurance (SwA) and how the benchmarking resources developed by the SwA Forum Processes and Practices Working Group can be used to address security applications. Representatives from (ISC)2 will discuss the program.

CLOUD SECURITY

11:00 am to 12:00 noon

Compliance (Session #2180). Cloud computing resources must include security and privacy controls that have been adapted for this environment. Learn how to create a next generation security compliance framework that is tied to industry standards from speaker Robert Weronik, CPP, Alexion Pharmaceuticals, Inc.

1:45 pm to 3:00 pm

Cloud Toolkit (Session #2280). Does outsourcing critical business functions compromise a company’s legal and regulatory obligations for data management and protection? The Cloud Security Alli­ance has produced a toolkit that can resolve the questions and provide assurances to management. Learn from two speakers from Cisco: Dr. Marlin Pohl­man, EMC, and Becky Swain.

4:30 pm to 5:30 pm

Understanding the Cloud (Session #2380). Detecting and isolating cloud-based incidents and reporting them through the appropriate channels can be difficult and confusing. Learning how to analyze requirements across platforms, develop test procedures, identify risks to management, and talk to software vendors will be the focus of two speakers from CGI Federal: Erika Voss and James Hewitt.

GOVERNANCE, REGULATION, AND COMPLIANCE

11:00 am to 12:00 noon

Risk Management (Session #2184). Creating an effective risk management strategy from the ground up can be daunting. Developing a program that can raise security’s profile within the corporate management structure will be the focus of the following panel: Brandon Dunlap, Brightfly Consulting; Chris Trautwein, (ISC)2; and Michael Kelly, Target Corp.

1:45 pm to 3:00 pm

What’s in the Pipeline (Session #2284). Legislation and regulations now being considered at the federal level will require companies to reassess their IT pol­icies. Representatives from (ISC)2 will be on hand to discuss potential changes.
MOBILE SECURITY AND SOCIAL NETWORKING

11:00 am to 12:00 noon

Just Say Yes (Session #2183). Smartphones and tablets provide another way for a business to gain a competitive advantage. The risks that these new devises bring to the workplace must be examined to prevent a security incident that could erase any benefits. Information on how to establish security policies for mobile devices, train employees on their secure use, and centralize management oversight will be offered by Jerod Brennen, Jacadis.

1:45 pm to 3:00 pm

Security Guardrails (Session #2283). Managing a mobile workforce where company equipment is often used for the exchange of both business and personal data requires a new focus from corporate security. Experts will lead a lively discussion of what works and how to sell new techniques within the enterprise. The panel will consist of Brandon Dunlap, Bright­fly Consulting; Winn Schwartau, Mobile Application Development Partners; and A. Spencer Wilcox, CPP, Constellation Energy.

4:30 pm to 5:30 pm

Mobile Devices and Privacy (Session #2383). Recent court cases have challenged the notion that companies have the right to read, review, and record data on their networks. The courts have ruled that companies can infringe on the privacy rights of employees if they access that data under certain circumstances. Unraveling the ramifications and understanding the best practices for using security and compliance monitoring tools will be the focus of A. Spencer Wilcox, CPP, Constellation Energy.

SWISS ARMY KNIFE

11:00 am to 12:00 noon

Infrastructure Risks (Session #2181). A risk-based approach to protecting the nation’s critical infrastructure offers the best way to implement an effective security program with the limited resources available from both private and public sources. A panel will discuss the various sides of the issue and offer their advice on the best options: Mark Weatherford, NERC; Diana-Lynn Contesti, (ISC)2; Allan McDougall, CPP, Evolutional Security Management.

1:45 pm to 3:00 pm

CISO/CPO Dialogue (Session #2281). An organization’s privacy and information security teams must be on the same page when protecting data in a global economy. Developing ways to work together effectively requires the ability to communicate effectively from both sides. Examples of how to achieve this goal will be the focus of a panel lead by W. Hord Tipton, (ISC)2.

4:30 pm to 5:30 pm

Beyond Technology (Session #2381). Threats to security can come from nation states that engage in cyber warfare as well as by tech savvy criminals who commit fraud for financial gain. Manipulating data to meet political or social agendas often receives extensive media attention, resulting in new forms of manipulation and exploitation. Unraveling today’s complex cybersecurity issues will be the goal of Freddy Tan, Microsoft Asia.
 

 

Comments

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.