“Defining what an incident is continues to be a challenge for organizations as they grapple with traditional data leakages and the growing threat of organized cyber criminal activity,” says Rich Baich principal, Deloitte & Touche. He is just one of several dozen speakers who will be presenting at the event.
Attendees can choose sessions grouped into four separate tracks:
- Track 1: Policy/Management, helps security pros prioritize, better understand and provide guidance around important topics, such as PCI, DRM, security awareness and privacy.
- Track 2: Emerging Threats/Risk Planning, focuses on the risk planning and mitigation theme, as well as the latest emerging threats faced by organizations, and the best practices necessary to fend them off.
- Track 3: Editor's Choice, focuses on the constant change in the environment, necessitating flexibility in every security line of business, as well as international cybercrime, breach PR best practices, and how to keep current with the latest trends.
- Track 4: Security, Compliance, Audit and Governance, co-presented by ISACA New York Metropolitan Chapter, digs into IT risk management, compliance optimization, partnering with auditors and IT security governance.
“The SC World Congress will help you learn how to measure your organization's risk posture, determine what your risk tolerance should be, and mitigate that risk to cost-effectively protect your information assets,” says Dave Cullinane (right), CISO, eBay.
Cullinane, who is also speaking at the event, will discuss how to achieve an effective risk mitigation stance.
“Effective management of information security risk is essential to protecting one of your organization's most critical assets – information,” he says.
Compliance with federal, state and other industry mandates, an oft-talked about industry topic, will be addressed at the event, as well. For instance, Bobby Singh, director, information security, Smart Systems for Health Agency, will be leading a discussion on how HIPAA affects any enterprise required to safeguard employee health care records. He notes that, when it comes down to security planning it's about being methodical.
“A balanced approached to information security enables the business to take risks,” explains Singh.
One way of addressing the risks is taking down the cybercriminals who exploit them. Often, however, this requires cooperation between law enforcement agencies across borders to fight international incidents of cybercrime. Kevin Hyland, detective inspector of the Scotland Yard, John Iannarelli, supervisory special agent with the FBI, Kim Marcus, Interpol, and others will be looking to shed light on how the business world and law enforcement agencies can work together on this front.
“Criminals are moving from more traditional crimes into the hi-tech world,” says Hyland. “They feel safe to operate often thousands of miles away and feel law enforcement agencies will not pursue them across international boundaries. The joint operation I headed between Scotland Yard, the FBI and other European Police Services shows how wrong they can be.”
In the session, Practical Security and Privacy, Warren Axelrod, chief privacy officer, U.S. Trust, leads a group of experts that debunks myths surrounding privacy issues. “Marshall McLuhan once stated that ‘Our age of anxiety is, in great part, the result of trying to do today's job with yesterday's tools and yesterday's concepts,'” says Axelrod. “This is so true of information security, where we are continually attempting to stem the tide of evolving attacks as they become ever more sophisticated and effective against defenses which were developed to prevent damage from earlier exploits.”
He adds that information security practitioners need to pare away approaches that are no longer valid, and abandon methods that don't work. “In their place, we must implement new techniques that can counter the rapid mutation of threats and exploits. While the panelists may not have the answers (nobody does), they will certainly draw attention to the weaknesses of our current portfolio of weapons and suggest approaches that might give us a chance of getting ahead of the attackers.”
For some time, industry pundits have noted weaknesses in how the federal government has approached the IT security challenges of today. To provide some executable advice on steps to take to address these, leading experts from the Commission on Cybersecurity for the 44th Presidency, will be on hand. Rep. Jim Langevin, D-R.I.; retired U.S. Air Force Lt. Gen. Harry Raduege Jr., chairman of the Center for Network Innovation at Deloitte & Touche; Marcus Sachs, executive director for government affairs, national security policy at Verizon Communications; and others will offer up the first opportunity to hear the final plan that the commission will be using to advise the next president on the most critical cybersecurity issues facing the United States.
“We have learned that a missing ingredient in cybersecurity for many government organizations is the very way the agency or department is organized – most retain organizational structures reflecting industrial models developed in the early 20th century. We highly recommend that they be updated to a 21st century information-age model. Neither the government nor the private sector can secure cyberspace alone,” explains Sachs. “We are recommending a new approach to the public/private partnership model.”
Noting that cybersecurity is a top challenge facing the country today, Lieutenant General Raduege Jr. (right), adds that cybercrime is non-stop. “Relentless cyberthreats are impacting businesses, government activities, national security, and every American, as we depend more on the internet for interactions in the global economy,” he says. “A problem of this enormity will require an aggressive national-level approach involving both government and industry.”
Another pressing concern will be highlighted by Mano Paul, software assurance advisor for (ISC)2. He will discuss how to stop vulnerabilities due to coding errors. “Software security is a confluence of people, process and technology from the boardroom-to-the-builder, from the client-to-the-coder, from requirements to release,” he says. “It is about managing risk and creating a culture that inherently yields hack-resilient software implementing secure processes and technologies by trained people, aimed at providing solutions to meet business needs.”
2007 and 2008 saw a deluge of lost customer data – TJX, several universities and Hannaford Bros. Neil Warner, chief information security officer, GoDaddy, leads a plenary session, Consumer Data, which examines how a leading internet host keeps data as risk free as possible.
Located in New York, the largest concentration of corporate headquarters and federal and local government offices in the United States, the SC World Congress is the only dedicated IT security event focused on providing the latest solutions and inside information to help IT & data security professionals do their jobs better.
For more info on the SC World Congress, click on www.scworldcongress.com.
SC WORLD CONGRESS: Speakers include...The SC World Congress will feature several dozen speakers from every segment of business. For a full list of speakers, please click on www.scworldcongress.com. We have room here to highlight only a few:
Kevin Hyland, detective inspector, Scotland Yards Anti Corruption Command, has supervised a number of criminal investigations, including an international conspiracy to breach computer security in Europe and the U.S.
Kim E. Marcus, assistant director, Office of the Special Representative of Interpol to the United Nations, works criminal and international terrorism matters. She currently augments capacity building initiatives of INTERPOL and its 186 member countries. Marcus was a prosecutor, admitted to the practice of law in New York and Connecticut.
Retired Air Force Lt. Gen. Harry D. Raduege Jr., chairman, Deloitte Center for Network Innovation, Deloitte & Touche, where he directs the operation and defense of the Global Information Grid.
Neil Warner, chief information security officer, Go Daddy, is responsible for IT security, business continuity, SSL registration authority, spam/abuse, IT audit, product quality assurance and IT operation organizations.