SC World Congress: Summit in the city

September 1, 2009

After Heartland Payment Systems suffered what might be the largest data breach in U.S. history, Bob Carr, the CEO of the payment processor company, which had sales of $1.5 billion in 2008, emerged as one of the leading advocates for an evolution in the way credit card and other financial transactions are handled.

At the second annual SC World Congress, taking place in New York on Oct. 13 and 14, Carr will discuss the multifaceted approach his company took to enhance its own security, a process that involved not only the implementation of new technology, but the sharing of information about breaches to help prevent future intrusions.

"The cybercrimes arms race has reached a new threshold," says Carr. "The hijacking of the websites of Network Solutions with the theft of domain credentials should be enough to have the full attention of any person who is managing the funds or financial systems of any business."

The techniques enlisted to achieve these nefarious purposes, like spear phishing, SQL injections, and network and CPU sniffers, are becoming more and more sophisticated, he says. "Somebody needs to do something. That somebody is us. We all need to work together to fend off the black hats who are better organized than we are. Our nation's productivity has been diminished and consumer confidence in the integrity of our payments systems is threatened as we work overtime to play defense. It is time to make significant improvements to the design of major parts of our modern payments infrastructure -- right now."

And as the systems evolve, the goal to maintain compliance with all the information security mandates now out there has become intertwined with the safe-keeping of the very data that these directives were created to help protect. Given how essential data has become to running businesses, many experts would agree that protecting it is the top priority in any information security plan.

"The most important issue that CSOs and CISOs have to deal with is the data in their enterprise," says Tim Stanley, CISO of Continental Airlines and another speaker at SC World Congress. "Since the invention of the file server, data has multiplied like wild rabbits. If we don't learn to domesticate the rabbits we will be buried in failed compliance/audit reports."

These are just some of the topics up for discussion at this year's SC World Congress. The conference again will gather together the leading voices in the information security arena for two days of pertinent conference sessions examining topics ranging from data theft and compliance to establishing partnerships between government and the private sector. As well, the industry's top vendors will assemble on the expo floor to show off scores of solutions. And, fresh off the success of last year's inaugural edition, this year's event will move to a more centralized and convenient location in midtown Manhattan.

Concentrated focus
Sessions will be divided into four tracks. The Policy and Management track is intended to help security professionals better understand tasks associated with business management and policy-related guidelines. Sessions in the Emerging Threats and Risk Planning track examine the latest emerging threats faced by organizations, and the best practices implemented to thwart them. Editor's Choice track sessions, meanwhile, focus on the most timely issues, as assessed by SC Magazine's Editor-in-Chief Illena Armstrong.

New this year is a Technical track that examines the technical aspects of threats and vulnerabilities, as well as relevant procedures and solutions.

For the Security Innovators Throwdown, a new event at SCWC, we solicited submissions from young security companies. A panel of judges is going over the selections to highlight in an upcoming edition of the magazine the most innovative new security tools and services.

Also new this year is our mock jury trial. With the help of leading IT security experts from the U.S. Department of Justice and others, this keynote session will arm delegates with the facts they need to present electronic forensic evidence during legal proceedings.

Word from the top
Another keynote speaker on the bill, William Kovacic, commissioner of the Federal Trade Commission, will discuss how internet-related crime is being addressed by governing bodies. On two different sessions, Ron Baklarz, Amtrak, and Dennis Brixius, McGraw-Hill, discuss best practices and offer tips on what CISOs can do to more effectively manage their security programs in these tough economic times.

To Baklarz, adopting a less reactive approach to information security demands to a more proactive footing is critical in today's complex business environment, especially given where most organizations are without adding the complications that come along with tightened budgets and limited resources."When it comes to information security planning, most of us are really reacting more than planning," he explains. "Unfortunately, not much action occurs unless there is an audit finding."

Concerns are rising about such calamitous events resulting from the use of newer applications that many organizations are looking to adopt to fit their budgets and collaborative needs. For example, as businesses migrate managed services to third-party vendors, everyone is talking about cloud security these days. Jim Reavis, co-founder and executive director, Cloud Security Alliance, leads a panel to present key security innovations needed to assure the future of cloud computing. Also on the panel are: Dave Cullinane, eBay; Alan Boehme, ING; Jerry Archer, Intuit; Ron Hale, ISACA; and Paul Kurtz, former White House adviser and partner with Good Harbor Consulting. From cloud security needs and Web 2.0 vulnerabilities to compliance demands and tying IT security to future business plans, the most up-to-date information, best practices and technological offerings will be showcased at SC World Congress. So, however you get there, get there and we'll look forward to welcoming you to midtown Manhattan for what promises to be a vital get-together filled with superior content for security practitioners.

For details on SC World Congress 2009, please click here.

Bound for midtown
After Heartland Payment Systems suffered what might be the largest data breach in U.S. history, Bob Carr, the CEO of the payment processor company, which had sales of $1.5 billion in 2008, emerged as one of the leading advocates for an evolution in the way credit card and other financial transactions are handled. 
At the second annual SC World Congress, taking place in New York on Oct. 13 and 14, Carr will discuss the multifaceted approach his company took to enhance its own security, a process that involved not only the implementation of new technology, but the sharing of information about breaches to help prevent future intrusions.

"The cybercrimes arms race has reached a new threshold," says Carr. "The hijacking of the websites of Network Solutions with the theft of domain credentials ― combined with the new stealth trojans that allow insertion of advanced keyloggers and the recent spate of zero batch ACH thefts draining business banking accounts ― should be enough to have the full attention of any person who is managing the funds or financial systems of any business."

Spear phishing, SQL injections, network and CPU sniffers are becoming more and more sophisticated, he says. "Somebody needs to do something. That somebody is us! We all need to work together to fend off the black hats who are better organized than we are. Our nation's productivity has been diminished and consumer confidence in the integrity of our payments systems is threatened as we work overtime to play defense. It is time to make significant improvements to the design of major parts of our modern payments infrastructure ― right now."

And as these debates continue, the goal to maintain compliance with all the various information security mandates now out there has become tightly intertwined with the safe-keeping of the very data that these directives were created to help protect. Given how essential data has become to running today's technology-dependent businesses, many experts would agree that protecting it is the top priority in any information security plan.

"The most important issue that CSOs and CISOs have to deal with is the data in their enterprise," says Tim Stanley, CISO of Continental Airlines and another leading speaker at SC World Congress. "Since the invention of the file server, data has multiplied like wild rabbits. If we don't learn to domesticate the rabbits we will be buried in failed compliance/audit reports."

This is just one aspect among many others that will be topics for discussion at this year's SC World Congress. Fresh off the success of last year's inaugural edition, this year's event will move to a more centralized and convenient location in midtown Manhattan. The conference again will gather together the leading voices in the information security arena for two days of pertinent conference sessions examining topics ranging from data theft and compliance to establishing partnerships between government and the private sector. As well, the industry's top vendors will assemble on the expo floor to show off scores of solutions designed to tackle today's sophisticated threats.

Sessions will be divided into four tracks. The Policy and Management track is intended to help security professionals better understand tasks associated with business management and policy-related guidelines. Sessions in the Emerging Threats and Risk Planning track examine the latest emerging threats faced by organizations, and the best practices implemented to thwart them. Editor's Choice track sessions, meanwhile, focus on the most timely issues, as assessed by SC Magazine's Editor-in-Chief Illena Armstrong. New this year is a Technical track that examines the technical aspects of threats and vulnerabilities, as well as relevant procedures and solutions.

For the Security Innovators Throwdown, a new event at SCWC, we solicited submissions from young security companies. A panel of judges is going over the selections to choose the top 12 most innovative new tools and services in the information security market. In addition, we are inviting VCs, angel investors and others interested in this vibrant market to witness our judging process during the course of the two-day event, so participants might be able to seal a deal.

Sessions
Also new this year is our mock jury trial. With the help of leading IT security experts from the U.S. Department of Justice, the keynote session, "Your day in court," will arm delegates with the facts they need to properly present electronic forensic evidence during legal proceedings.

Another addition to the bill, William Kovacic, commissioner of the Federal Trade Commission, will discuss how internet-related crime is being addressed by governing bodies. On two different sessions, Ron Baklarz, CISO, Amtrak; and Dennis Brixius, VP, risk management and CSO, The McGraw-Hill Companies, discuss best practices and offer tips on what CISOs can do to more effectively manage their security programs in these tough economic times.

To Baklarz, adopting a less reactive approach to information security demands to a more proactive footing is critical in today's complex business environment, especially given where most organizations are without adding the complications that come along with tightened budgets and limited resources.

"When it comes to information security planning, most of us are really reacting more than planning," he explains. "Unfortunately, not much action occurs unless there is an audit finding or a catastrophic event."

Concerns about such calamitous events resulting from the use of newer applications that many organizations are looking to adopt to fit their budgets and collaborative needs are rising. For example, as businesses migrate managed services to third-party vendors, everyone is talking about cloud security these days. Jim Reavis, co-founder and executive director, Cloud Security Alliance, leads a panel to present key security innovations needed to assure the future of cloud computing. Also on the panel are: Dave Cullinane, CISO, eBay; Alan Boehme, SVP of IT strategy and architecture, ING; Jerry Archer, CISO, Intuit; Ron Hale, VP of security programs, ISACA; and Paul Kurtz, former White House adviser and partner with Good Harbor Consulting.

From cloud security needs and Web 2.0 vulnerabilities to compliance demands and tying IT security to future business plans, the must up-to-date information, best practices and technological offerings will be showcased at SC World Congress. So, however you get there, get there and we'll look forward to welcoming you to midtown Manhattan for what promises to be a vital get-together filled with superior content for security practitioners.

For complete details on SC World Congress, including a complete agenda and descriptions of all speakers, please click here.

prestitial ad