Embed Size (px)
Citation preview
Composedoftopicsvitaltoyoursuccess:Attacks & Countermeasures, Risk & Audit,
Fundamentals, Awareness Training & Education, Policy & Compliance, Critical Issues,
Management & Governance, Hands-on Technology, Advanced Technical Skills,
Identity & Access Management, Forensics, Web Services and Mobile & Wireless
CSINetSec.com
16Th ANNUAl
T h e P h o e n i c i a n • J u n e 1 2 – 1 4 , 2 0 0 6 • S c o T T S d a l e , a r i z o n a
110FinelyTunedSessions.70Exhibits.
GREAT ROOM RATES: $190/nt. Register by May 8 and Save $200.
T h e P r ac T i c e o f i n f o r m aT i o n S e c u r i T y
We
dn
es
da
y
S1 CISSP Common Body of Knowledge (CBK) Overview
Pre-ConferenceFundamentals of
Computer SecurityAwareness Training
& EducationPolicy &
Compliance
Critical Issues
Risk & Audit
Saturday, june 10 9:00am–5:00pm
S2 ISO 17799, ISO 27001 (BS 7799), and FriendsRay Kaplan, CISSP Ray Kaplan & Associates
Charles L. Johnson, CISM, MPM, PMP Humana, Inc.
1–Day SeminarSunday, june 11 9:00am–5:00pm
Official CISSP Exam
Sunday, june 11 8:00am–3:00pm M
On
da
yT
ue
sd
ay
ConferenCe at a GlanCe
1:15–2:30pm
10:30–11:45am
4:30–5:30pm
3:15–4:15pm
9:45–11:00am
11:15am–12:30pm
3:15–4:15pm
1:15–2:30pm
4:30–5:30pm
10:30–11:45am
T1 How to Be a More Effective Information Security ProfessionalJohn O’Leary, CISSPComputer Security Institute
T2Business Impact AnalysisThomas Peltier, CISSPPeltier Associates
T3Web Hacking—Exploits and CountermeasuresJustin Peltier, CISSPPeltier Associates
T4How to Develop a Winning Security ArchitectureDavid Lynas, CISSPDavid Lynas Consulting Group
T5Privacy and InfoSec Program: Creating an Effective Framework for Synergy and Organizational ImpactRebecca Herold, CISSPRebecca Herold, LLCChris Grillo, CISA, CISMMedica
T6Wireless Security in the EnterpriseAaron Earle, CISSPAE&E Corporation
Sat/Sun, june 10–11 9:00am–5:00pm
2–Day Seminars
AWR-1Hey, Let’s Bore Our Users Today With Some Security Training!!Todd FitzgeraldUnited Government Services
AWR-2Security Awareness: Starting at Ground ZeroKristy WestphalArizona Department of Economic Security
AWR-3Getting Management to Say “Yes” to Security AwarenessAnne KuhnsWalt Disney World Co.
AWR-4Are They Really Clueless?Jack JonesCBCInnovis
AWR-5Choosing and Using Proper Awareness TechniquesJohn O’LearyComputer Security Institute
AWR-620 Different Security Educational Things and How They WorkBrad SmithCIR Security
AWR-7Awareness Solutions for Data Classification Roll-OutThomas PeltierPeltier Associates
AWR-8Phishing: From Social Engineering to Programming TechniquesJonathan RuschU.S. Department of Justice
AWR-9Security Awareness: Are You Hitting the Mark?Krina SniderSprint Nextel Corporate Security
AWR-10Keeping the Elephants Away: Does Security Training Improve Security?Pat LoganMarshall University
COM-1Regulatory Compliance: Taming IT’s New Beast of BurdenShlomo KramerImperva, Inc.
COM-2The Emerging Legal Duty of CareMarc ZwillingerSonnenschein Nath & Rosenthal LLP
COM-3SOX 2006: The National Effect and International PerspectiveLarry DietzSymantec
COM-4Strategies for Improving Policy ComplianceCharles Cresson WoodInfoSecurity Infrastructure, Inc.
COM-5Getting Buy-In for FISMA CompliancePatrick HowardU.S. Dept. of Housing and Urban Development
COM-6Sustainable Compliance with an ISO 17799 FoundationCharles L. JohnsonHumana Inc.
COM-7Payment Card Industry Data Security Compliance ProgramLarry ByrnsIBM
COM-8The Cornerstone of an Effective IT Security ProgramAlbert LewisSRA International, Inc.
COM-9Build your eDocument Management TeamVicki Luoma, Milton LuomaMinnesota State University, Luoma Law Office
COM-10Surviving SOX, Round 2: Benefits and Pitfalls to InfoSec Due to SOXRobert ChildsFirst Community Bank NM
CRT-1Network Security Reviews Made Easy and Simplified, 2006Joe PopinskiInformation Engineering
CRT-2Information Sharing: Panacea or Peril?Mark RaschSolutionary, Inc.
CRT-3Security Framework for VoIP SecurityRobert J. Thornberry, Jr.Lucent Technologies
CRT-4Identity Theft: The Growing ConcernThomas PeltierPeltier Associates
CRT-5Privacy and International Data FlowsRebecca HeroldRebecca Herold, LLC
CRT-6Two Steps to Security: Identify Your Data, Lock Down Your NetworkDavid DrabXerox Corporation
CRT-7The Identity GapPhillip Hallam-BakerVeriSign, Inc.
CRT-8Show Me the Money: Get Funding and Support for Risk ManagementCheryl JacksonHewlett-Packard
CRT-9Poor Man’s Guide To Network Espionage GearShawn MerdingerTippingPoint
CRT-10Counter Attack to Identity Theft: Data MaskingPaul PrestonPlato Group
AUD-1Keeping Pace with SOX, GLBA and Other Compliance RegulationsJohn WeinschenkCenzic
AUD-2Quantitative Risk Assessment in ActionBruce EdwardsUniversity of Louisville
AUD-3Why You Need a Network Security AssessmentJoe PopinskiInformation Engineering
AUD-4Making the Critical SCADA Infrastructure Environment SaferGustavo J. QuinteroInformation Security Consultant
AUD-5Stop the Bleeding: Getting in Front of VulnerabilitiesJack JonesCBCInnovis
AUD-6Structured Approach to Assessing and Managing RiskJohn McCumberSymantec
AUD-7Risk Management Over E-mail, Instant Messaging and WebDr. Sue Abu-HakimaEntrust
AUD-8Aligning Security and GovernanceRonald HaleISACA
AUD-9Protecting Client InformationCharles HudsonWilmington Trust
AUD-10Using the CVE in Practical Risk AssessmentDavid Aylesworth & Jason GrimProject Performance Corporation
ATC-1What Hackers Don’t Want You to KnowDouglas ConorichIBM
ATC-2The Insider ThreatDennis BrixiusMcGraw-Hill Companies
ATC-3Spear Phishing: Next-Generation Threat in Enterprise SecurityProneet BiswasiPolicy Networks
ATC-4Back Hacking Live!Ofer MaorHacktics
ATC-5Metasploit: How to Use the Exploit FrameworkMatthew LuallenSph3r3, LLC
ATC-6Cybercrime: Spyware, Adware and the Rest of the StorySarah GordonSymantec
ATC-7Botnets: Affecting Corporations, ISPs and Law EnforcementWendi WhitmoreAir Force Office of Special Investigations
ATC-8The Rise of Cyber-CrimeDavid PerryTrend Micro, Inc.
ATC-9Defending Against Social Engineering AttacksBrad SmithCIR Security
ATC-10Vulnerabilities of EncryptionJohn O’LearyComputer Security Institute
MGT-1The CSO Forum: Senior Practitioners and Emerging LeadersTerri CurranBOSE Corporation
MGT-2Selling Network Security by the NumbersMichael CorbyGartner Consulting
MGT-3Solutions to Better Security Through IT ArchitecturesHord TiptonU.S. Department of Interior
MGT-4Logs and the Law: What is Admissible in Court?Dominique LevinLogLogic
MGT-5Addressing the Need for Security MetricsScott TompkinsCorSolutions
MGT-6Outsourcing: Managing a Security Service ProviderJohn AngelastroSunGard Availability Services
MGT-7&8Measuring/Benchmarking Security PerformanceJohn O’LearyComputer Security Institute
MGT-9The Role of IT Asset Management in Information SecurityRandolph SmithUPS
MGT-10Security and ITILBill KowaleskiHewlett-Packard
TEC-1ABC’s of Penetration TestingMaximiliano CaceresCore Security Technologies
TEC-2Under the Microscope— Dissecting Bot CodeCarl BanzhofCitadel Security Software, Inc.
TEC-3Device Driver MalwareAlan Ross, Dennis Morgan, Dave Schulhoff, Toby KohlenbergIntel
TEC-4Security in an Open WorldMark O’NeillVordel
TEC-5Log Mining for SecurityAnton ChuvakinnetForensics
TEC-6Tracing Processes on Microsoft PlatformsA. Padgett PetersonLockheed Martin
TEC-7Top Web Application Vulnerabilities and How to Hunt Them DownRyan BergOunce Labs
TEC-8Exploitation Frameworks: A Comparative StudyFrank Nagle, Jayson Jean, Adam ZeldisiDefense
TEC-9Behavioral Malware Analysis Using SandnetsJoe StewartLURHQ
TEC-10Multi-Function Appliances: Coming of AgeSanjay BeriJuniper Networks
HOT-1&2Hands-on Network Vulnerability AssessmentJustin PeltierPeltier Associates
HOT-3&4The How’s and Why’s of Intrusion Detection Event CorrelationEugene SchultzHigh Tower Software
HOT-5&6Exploit DevelopmentMaximiliano CaceresCore Security Technologies
HOT-7&8Advanced Wireless Security Configurations: WPA, WPA2 and 802.11iAaron EarleAE&E Corporation
HOT-9&10Hands-on Cyber Crime InvestigationJustin PeltierPeltier Associates
IAM-1Identity and Access ManagementJohn O’LearyComputer Security Institute
IAM-2Authentication Methods—New Solutions for New ChallengesChris VoiceEntrust
IAM-3Realizing a Trusted Identity Architecture— Before It Is Too LateGregory AbrenioBooz Allen Hamilton
IAM-4Identity Management and National SecurityJ.R. ReaganBearing Point
IAM-5Realities of Identity FederationMatthew GardinerComputer Associates
MOB-6Breaking Wireless SecurityAaron EarleAE&E Corporation
MOB-7Wireless IDS Challenges and VulnerabilitiesJoshua WrightAruba Wireless Networks
MOB-8SSL or IPSec? Tough Remote Access Decisions Made EasierVivian GanitskyJuniper Networks
MOB-9RFID: Security and PrivacyJohn O’LearyComputer Security Institute
MOB-10Smoking out Rogue WiFi Traffic on Your Corporate Wireless LANAndrew GreenawaltPerimeter Internetworking
FOR-1Computer Forensic PrimerWarren KruseAON Consulting
FOR-2Windows ForensicsWilliam StackpoleMicrosoft Corporation
FOR-3From the Lab to the Boardroom: Forensics Goes MainstreamJim ButterworthGuidance Software
FOR-4Beyond EnCase & Forensic ToolkitsThomas AkinInternet Security Systems
FOR-5How to Respond to Incidents Without Going to JailMark RaschSolutionary, Inc.
WEB-6 Web Services Security: ProtocolsJahan MorehSigaba
WEB-7Exploiting and Defending Web ServicesNish BhallaSecurityCompass.com
WEB-8Securing Service-Oriented ArchitecturesStephen GantzBlueprint Technologies
WEB-9XML, HTTP, TCP Security ConvergeKurt RoemerNetContinuum
WEB-10Web Services Depends on Interoperable Security StandardsAnthony NadalinIBM
INT-1Intro to CryptologyRobert RichardsonComputer Security Institute
INT-2Introduction to the NIST Security FrameworkChristopher MichaelComputer Associates
INT-3&4Network Security FundamentalsJohn O’LearyComputer Security Institute
INT-5Biometrics 2006: Opportunities and ChallengesBen RothkeAXA Technology Services
INT-6TCP/IP Security—Firewalls and InternetworkingRay KaplanRay Kaplan & Associates
INT-7Creating a Fundamentally Secure NetworkPaul HenrySecure Computing
INT-8Access Controls 101Douglas ConorichIBM
INT-9Smart Card-Based Network Security SystemsRandy VanderhoofThe Smart Card Alliance
INT-10The Secure Management ConsoleDavid LynasDavid Lynas Consulting Group
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 41 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4 1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4 1 2 3 41 2 3 41 2 3 4
1 2 3 4 1 2 3 41 2 3 4
1 2 3 41 2 3 4
1 2 3 4 1 2 3 41 2 3 4
1 2 3 4 1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 41 2 3 41 2 3 4 1 2 3 41 2 3 4
1 2 3 4 1 2 3 41 2 3 4 1 2 3 41 2 3 4
1 2 3 4
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
Attacks & Countermeasures
Management & Governance
Advanced Technical Skills
Hands-on Tech
Identity & Access Management
Forensics
2–Day SeminarsthurSday/friday,june 15–169:00am–5:00pm
T7How to Create and Sustain a Quality Security Awareness ProgramJohn O’Leary, CISSPComputer Security Institute
T8How to Complete a Risk Assessment in Five DaysThomas Peltier, CISSPPeltier Associates
T9Check Point FirewallsJustin Peltier, CISSPPeltier Associates
T10Return on Investment for Information SecurityDavid Lynas, CISSPDavid Lynas Consulting Group
T11A Survey of Computer Forensics Tools and TechniquesMark Spencer, CISSPEvidentdata Inc.
T12Defend Your NetworksAaron Earle, CISSPAE&E Corporation
Web Services
Mobile & Wireless
Monday, 8:30–9:30am
Uncertain Risks: Information Security in Corporate America Scott Blake, CISM, CISSPCISO, Liberty Mutual Insurance Group
tueSday, 8:30–9:30am
Awareness Panel: What Works, What Doesn't MODERATOR: John O'Leary, Educational Director Computer Security InstitutePANElISTS: Todd Fitzgerald United Government Services, LLCJack Jones, CBCInnovisDaniel Marcotte Royal Canadian Mounted PoliceKrina Snider, Sprint Nextel Corporate Security
WedneSday, 8:30–9:30am
CSI/FBI Computer Crime and Security Survey 2006Robert Richardson, Editorial DirectorComputer Security Institute
OPEN TO ALL!
IS1 Hands-On Social Engineering Brad Smith, RN, CISSP CIR Security
1/2–Day Intensive SeminarWedneSday, june 14 2:00–5:00pm
Post-Conference
Master tracks
AWR-1Hey, Let’s Bore Our Users Today With Some Security Training!!Todd FitzgeraldUnited Government Services
AWR-2Security Awareness: Starting at Ground ZeroKristy WestphalArizona Department of Economic Security
AWR-3Getting Management to Say “Yes” to Security AwarenessAnne KuhnsWalt Disney World Co.
AWR-4Are They Really Clueless?Jack JonesCBCInnovis
AWR-5Choosing and Using Proper Awareness TechniquesJohn O’LearyComputer Security Institute
AWR-620 Different Security Educational Things and How They WorkBrad SmithCIR Security
AWR-7Awareness Solutions for Data Classification Roll-OutThomas PeltierPeltier Associates
AWR-8Phishing: From Social Engineering to Programming TechniquesJonathan RuschU.S. Department of Justice
AWR-9Security Awareness: Are You Hitting the Mark?Krina SniderSprint Nextel Corporate Security
AWR-10Keeping the Elephants Away: Does Security Training Improve Security?Pat LoganMarshall University
COM-1Regulatory Compliance: Taming IT’s New Beast of BurdenShlomo KramerImperva, Inc.
COM-2The Emerging Legal Duty of CareMarc ZwillingerSonnenschein Nath & Rosenthal LLP
COM-3SOX 2006: The National Effect and International PerspectiveLarry DietzSymantec
COM-4Strategies for Improving Policy ComplianceCharles Cresson WoodInfoSecurity Infrastructure, Inc.
COM-5Getting Buy-In for FISMA CompliancePatrick HowardU.S. Dept. of Housing and Urban Development
COM-6Sustainable Compliance with an ISO 17799 FoundationCharles L. JohnsonHumana Inc.
COM-7Payment Card Industry Data Security Compliance ProgramLarry ByrnsIBM
COM-8The Cornerstone of an Effective IT Security ProgramAlbert LewisSRA International, Inc.
COM-9Build your eDocument Management TeamVicki Luoma, Milton LuomaMinnesota State University, Luoma Law Office
COM-10Surviving SOX, Round 2: Benefits and Pitfalls to InfoSec Due to SOXRobert ChildsFirst Community Bank NM
CRT-1Network Security Reviews Made Easy and Simplified, 2006Joe PopinskiInformation Engineering
CRT-2Information Sharing: Panacea or Peril?Mark RaschSolutionary, Inc.
CRT-3Security Framework for VoIP SecurityRobert J. Thornberry, Jr.Lucent Technologies
CRT-4Identity Theft: The Growing ConcernThomas PeltierPeltier Associates
CRT-5Privacy and International Data FlowsRebecca HeroldRebecca Herold, LLC
CRT-6Two Steps to Security: Identify Your Data, Lock Down Your NetworkDavid DrabXerox Corporation
CRT-7The Identity GapPhillip Hallam-BakerVeriSign, Inc.
CRT-8Show Me the Money: Get Funding and Support for Risk ManagementCheryl JacksonHewlett-Packard
CRT-9Poor Man’s Guide To Network Espionage GearShawn MerdingerTippingPoint
CRT-10Counter Attack to Identity Theft: Data MaskingPaul PrestonPlato Group
AUD-1Keeping Pace with SOX, GLBA and Other Compliance RegulationsJohn WeinschenkCenzic
AUD-2Quantitative Risk Assessment in ActionBruce EdwardsUniversity of Louisville
AUD-3Why You Need a Network Security AssessmentJoe PopinskiInformation Engineering
AUD-4Making the Critical SCADA Infrastructure Environment SaferGustavo J. QuinteroInformation Security Consultant
AUD-5Stop the Bleeding: Getting in Front of VulnerabilitiesJack JonesCBCInnovis
AUD-6Structured Approach to Assessing and Managing RiskJohn McCumberSymantec
AUD-7Risk Management Over E-mail, Instant Messaging and WebDr. Sue Abu-HakimaEntrust
AUD-8Aligning Security and GovernanceRonald HaleISACA
AUD-9Protecting Client InformationCharles HudsonWilmington Trust
AUD-10Using the CVE in Practical Risk AssessmentDavid Aylesworth & Jason GrimProject Performance Corporation
ATC-1What Hackers Don’t Want You to KnowDouglas ConorichIBM
ATC-2The Insider ThreatDennis BrixiusMcGraw-Hill Companies
ATC-3Spear Phishing: Next-Generation Threat in Enterprise SecurityProneet BiswasiPolicy Networks
ATC-4Back Hacking Live!Ofer MaorHacktics
ATC-5Metasploit: How to Use the Exploit FrameworkMatthew LuallenSph3r3, LLC
ATC-6Cybercrime: Spyware, Adware and the Rest of the StorySarah GordonSymantec
ATC-7Botnets: Affecting Corporations, ISPs and Law EnforcementWendi WhitmoreAir Force Office of Special Investigations
ATC-8The Rise of Cyber-CrimeDavid PerryTrend Micro, Inc.
ATC-9Defending Against Social Engineering AttacksBrad SmithCIR Security
ATC-10Vulnerabilities of EncryptionJohn O’LearyComputer Security Institute
MGT-1The CSO Forum: Senior Practitioners and Emerging LeadersTerri CurranBOSE Corporation
MGT-2Selling Network Security by the NumbersMichael CorbyGartner Consulting
MGT-3Solutions to Better Security Through IT ArchitecturesHord TiptonU.S. Department of Interior
MGT-4Logs and the Law: What is Admissible in Court?Dominique LevinLogLogic
MGT-5Addressing the Need for Security MetricsScott TompkinsCorSolutions
MGT-6Outsourcing: Managing a Security Service ProviderJohn AngelastroSunGard Availability Services
MGT-7&8Measuring/Benchmarking Security PerformanceJohn O’LearyComputer Security Institute
MGT-9The Role of IT Asset Management in Information SecurityRandolph SmithUPS
MGT-10Security and ITILBill KowaleskiHewlett-Packard
TEC-1ABC’s of Penetration TestingMaximiliano CaceresCore Security Technologies
TEC-2Under the Microscope— Dissecting Bot CodeCarl BanzhofCitadel Security Software, Inc.
TEC-3Device Driver MalwareAlan Ross, Dennis Morgan, Dave Schulhoff, Toby KohlenbergIntel
TEC-4Security in an Open WorldMark O’NeillVordel
TEC-5Log Mining for SecurityAnton ChuvakinnetForensics
TEC-6Tracing Processes on Microsoft PlatformsA. Padgett PetersonLockheed Martin
TEC-7Top Web Application Vulnerabilities and How to Hunt Them DownRyan BergOunce Labs
TEC-8Exploitation Frameworks: A Comparative StudyFrank Nagle, Jayson Jean, Adam ZeldisiDefense
TEC-9Behavioral Malware Analysis Using SandnetsJoe StewartLURHQ
TEC-10Multi-Function Appliances: Coming of AgeSanjay BeriJuniper Networks
HOT-1&2Hands-on Network Vulnerability AssessmentJustin PeltierPeltier Associates
HOT-3&4The How’s and Why’s of Intrusion Detection Event CorrelationEugene SchultzHigh Tower Software
HOT-5&6Exploit DevelopmentMaximiliano CaceresCore Security Technologies
HOT-7&8Advanced Wireless Security Configurations: WPA, WPA2 and 802.11iAaron EarleAE&E Corporation
HOT-9&10Hands-on Cyber Crime InvestigationJustin PeltierPeltier Associates
IAM-1Identity and Access ManagementJohn O’LearyComputer Security Institute
IAM-2Authentication Methods—New Solutions for New ChallengesChris VoiceEntrust
IAM-3Realizing a Trusted Identity Architecture— Before It Is Too LateGregory AbrenioBooz Allen Hamilton
IAM-4Identity Management and National SecurityJ.R. ReaganBearing Point
IAM-5Realities of Identity FederationMatthew GardinerComputer Associates
MOB-6Breaking Wireless SecurityAaron EarleAE&E Corporation
MOB-7Wireless IDS Challenges and VulnerabilitiesJoshua WrightAruba Wireless Networks
MOB-8SSL or IPSec? Tough Remote Access Decisions Made EasierVivian GanitskyJuniper Networks
MOB-9RFID: Security and PrivacyJohn O’LearyComputer Security Institute
MOB-10Smoking out Rogue WiFi Traffic on Your Corporate Wireless LANAndrew GreenawaltPerimeter Internetworking
FOR-1Computer Forensic PrimerWarren KruseAON Consulting
FOR-2Windows ForensicsWilliam StackpoleMicrosoft Corporation
FOR-3From the Lab to the Boardroom: Forensics Goes MainstreamJim ButterworthGuidance Software
FOR-4Beyond EnCase & Forensic ToolkitsThomas AkinInternet Security Systems
FOR-5How to Respond to Incidents Without Going to JailMark RaschSolutionary, Inc.
WEB-6 Web Services Security: ProtocolsJahan MorehSigaba
WEB-7Exploiting and Defending Web ServicesNish BhallaSecurityCompass.com
WEB-8Securing Service-Oriented ArchitecturesStephen GantzBlueprint Technologies
WEB-9XML, HTTP, TCP Security ConvergeKurt RoemerNetContinuum
WEB-10Web Services Depends on Interoperable Security StandardsAnthony NadalinIBM
INT-1Intro to CryptologyRobert RichardsonComputer Security Institute
INT-2Introduction to the NIST Security FrameworkChristopher MichaelComputer Associates
INT-3&4Network Security FundamentalsJohn O’LearyComputer Security Institute
INT-5Biometrics 2006: Opportunities and ChallengesBen RothkeAXA Technology Services
INT-6TCP/IP Security—Firewalls and InternetworkingRay KaplanRay Kaplan & Associates
INT-7Creating a Fundamentally Secure NetworkPaul HenrySecure Computing
INT-8Access Controls 101Douglas ConorichIBM
INT-9Smart Card-Based Network Security SystemsRandy VanderhoofThe Smart Card Alliance
INT-10The Secure Management ConsoleDavid LynasDavid Lynas Consulting Group
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 41 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4 1 2 3 4
1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4 1 2 3 4
1 2 3 4 1 2 3 4
1 2 3 4 1 2 3 4 1 2 3 4
1 2 3 4
1 2 3 41 2 3 41 2 3 4
1 2 3 4 1 2 3 4
1 2 3 4
1 2 3 41 2 3 4
1 2 3 41 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4 1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4 1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
1 2 3 4
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
neW
Keynotes
neW
In a symphony, the whole is much greater than the sum of the individual parts. In information security, a successful program depends on the skillful blending of many separate facets. Other conferences focus mainly on technology solutions or technical skills, while at CSI we understand that management, policy, and compliance issues are just as, if not more, important.
At CSI NetSec, you’ll receive an honest view of information security; no speaking slot is for sale. Sessions are selected solely on the merit of the content and speaker to help you conduct a successful security program at your organization.
Who Should Attend • Information Security Managers and Directors• Security Specialists and Staff• Systems Analysts• Network Engineers• CIOs, CSOs and CISOs• Network and Systems Managers and Administrators• Webmasters• Technical Engineers• If you are responsible for, plan, manage, or administer
information security, this conference is for you.
About CSIComputer Security Institute (CSI) is the world’s premier membership association and education provider serving the information security community. Through conferences, seminars, publications and membership benefits, CSI has helped thousands of security professionals gain the necessary knowledge and skills for success. For 33 years, CSI conferences have won the reputation as being the most well-respected in the industry; now in its 16th year, CSI NetSec attracts practitioners from over 40 countries. To learn more about CSI, go to GoCSI.com. See page 35 for more information on CSI Membership.
Why Attend? CONDUCTED BY PRACTITIONERS FOR PRACTITIONERSCSI NetSec focuses on the practice of information security—that means that our speakers understand from real-world experience the practitioner point of view and the challenges you face within your organization.
COMPOSE A PROGRAM SUITED EXACTLY TO YOUR NEEDSThe NetSec ’06 program features nine full tracks and four half-tracks, allowing you to develop a customized program that hits all the right notes. Whether new to security or a seasoned maestro, you’ll find sessions that will strike a chord.
ENCORE PERFORMANCE AT THE PHOENICIANIf you attended last year, you’ll know how the unique setting and relaxing tempo of the Phoenician Resort helps you to unwind and absorb the knowledge all around you. If you haven’t yet experienced this magnificent venue, you owe it to yourself and your career to see what the rave reviews are all about.
ACCENT ON NETWORKINGMeet other practitioners who are in tune with the challenges you encounter and learn how they solved them. A conference is a great way to get connected to your peers who know the score.
SHARE KEY SESSIONS BACK AT THE OFFICEYou’ll receive full conference proceedings on CD Rom to view the sessions you didn’t take, review the sessions you took, and pass along to colleagues.
OvERTURE AND CODA: PRE & POST-CONFERENCE SEMINARSCome early or stay late to take advantage of a pre- or post-conference seminar. These focused seminars, taught by CSI’s highly-ranked instructors, will provide a strong foundation with which to begin the conference, or amplify understanding of a specific topic. See pages 10—13.
CPE Credits Earned and ReportedAll conference attendees earn 18 CPE units for the conference and 16 CPE units for each pre- and post- conference two-day class. For those of you who are CISSP certified, CSI will automatically forward your earned CPEs to (ISC)2 upon completion.
T h e P r a c T i c e o f i n f o r m a T i o n S e c u r i T y
� Join CSI and save $200 on NetSec. See page 35.
�
Save On NetSec When You Join CSIYou’ll not only benefit from CSI member-only publications Computer Security ALERT and Computer Security Journal, but you’ll save $200 on each CSI conference. Attend one conference and membership practically pays for itself.
See page 35 for complete list of CSI Membership benefits.
Session Technical Level Rating ScaleThe CSI rating system was created to help you achieve maximum benefit from each session. Sessions are rated according to the scale below, allowing you to put together a conference program tailored specifically to the technical requirements of your job.
Table of Contents
FOUNDATIONThis level will teach you the basics about the session topic and give you an introduction to the subject matter. Get started on your career or take a refresher course to enhance your job knowledge.
INTermeDIATeThis level focuses less on the technical details and more on the business-related information that drives the decision-making process. General network security knowledge is helpful to fully benefit.
TechNIcAlThis level is for the security professional that has a good network security background and would like more in-depth discussion on the technical aspects of the subject matter.
ADvANceD TechNIcAlThis level is designed for the security professional that actively works on the subject matter and is looking for detailed technical information available from an expert in that particular area.
3�
21
New SessionsThis year we have added 4 NEW Tracks and 74 NEW Sessions, marked by this icon throughout the catalog.
NEW
CSINetSec.com
Register Online at CSINetSec.com �
conference-at-a-GlanceTech rating ScaleSymphony of eventsKeynotesexhibitionPre/Post conference Seminars
TrAcKS AND clASS DeScrIPTIONS
Fundamentals of computer SecurityAwareness Training & educationPolicy & compliance critical Issuesrisk & AuditAttacks & countermeasuresmanagement & GovernanceAdvanced Technical Skillshands-on TechnologyIdentity & Access managementmobile & WirelessForensicsWeb ServicescSI membershipThe Phoenician and Travel registration Instructionsregistration Form
25689
10
141618202224262830313233 3435363839
Media Sponsors
Education Partners
NEW
NEW
NEW
NEW
Monday Welcome ReceptionMONDAY, June 12, 5:30–7:00PM In the shadow of Camelback and in sight of luxurious pools, you’ll mingle with your peers at the social highlight of the conference. Join us on Monday evening to meet your colleagues in a fun and relaxed setting, making contacts that will enhance your conference experience—and extend beyond.
Free to All!
16th Annual Network Security Exhibition
This is a unique opportunity to visit 70 leading industry vendors of information security services and products. Here is your chance to speak face-to-face with the builders of the products you are using or considering. Come away better informed about the latest technologies and the best solutions to employ to protect your organization.
Passport to PrizesTUESDAY, June 13, 2:45PMWin great prizes simply by visiting the Exhibit Hall and booths of participating exhibitors. Past prizes have included: $200 Gap gift card, $100 Visa and American Express gift cards, iPod Shuffle, iPod Video, MP3 Player, Canon PowerShot Digital Camera.
Virtuoso Book SigningMONDAY–TUESDAY, June 12–13Our well-published speakers will be signing their books at the conference bookstore. Check the conference website, CSINetSec.com, for specifics.
Harmonize With Your Peers You’ll have plenty of opportunities to make long-lasting and helpful contacts at evening events, including the Monday Welcome Reception, lunches, vendor parties and, in your free time, on the golf course or by the pool. However, if you’d like to have space for a more intimate discussion with your co-workers or cohorts, please contact Jennifer Stevens at [email protected].
Symphony of Events
Facilitated by: TODD FITzGERALD CISSP, CISM, CISADirector, Systems Security United Government Services, LLC
DANIEL MARCOTTE, CISMManager, Security Training and Awareness Royal Canadian Mounted Police
tuesdAy Night “CoNCert oF Peers” rouNdtAble:
What are Your Security Awareness Techniques?TUESDAY, June 13, 7:00–9:00PM
The roundtable participants will discuss:• Fun, interactive ways to grab the users’ attention; • Awareness giveaways that make a lasting impression;• Measuring the effectiveness of security awareness, and;• Web-based approaches—do they work.
Bring your creativity to the session to learn and share with others.
tuesdAy Night ChAlleNge:
Capture the Flag TUESDAY, June 13, 7:00–10:00PMPut your attack knowledge to the test in this challenging—and fun—learning experience where you’ll practice and learn, vulnerability assessment, penetration testing and ethical hacking skills. Capture the Flag is a computer security game in which you try to penetrate a number of target systems; each becoming increasingly difficult. This session is not a substitute for a class on hacking, but it is an excellent opportunity to learn in a moderated and fun environment. Enrollment is limited so please sign up when you register.
Sponsored by:
Win a version of CORE IMPACT (a $5,000 value). CORE IMPACT is the first comprehensive penetration test solution for assessing specific information security threats to an organization.
� Join CSI and save $200 on NetSec. See page 35.
MONDAY, JUNE 129:30AM–1:15PM2:15PM–3:30PM
TUESDAY, JUNE 139:30AM–1:15PM2:15PM–3:30PM
�
CSI NetSec offers more than just classroom learning—a medley of activities is planned to contribute to your best conference experience.
Start each day with a Keynote presentation from computer security professionals eager to share their expertise, gather together for a
special awareness roundtable discussion on Tuesday night, and win prizes by visiting exhibitors in the Exhibit Hall. Or simply enjoy the
harmony of your surroundings and let your mind wander for a few moments.
Morning KeynotesDon’t miss any of these exciting speakers.
MONDAY, 8:30–9:30AM
Uncertain Risks: Information Security in Corporate AmericaSCOTT BLAKE, CISO, Liberty Mutual Insurance Group
Mr. Blake will share his experiences in driving a security strategy that aligns tightly to business objectives, creating a right-sized information security operation in an uncertain world.
TUESDAY, 8:30–9:30AM
Awareness Panel: What Works, What Doesn’t?Moderator: JOHN O’LEARY Educational Director, Computer Security InstitutePanelists: Todd Fitzgerald, United Government Services, LLCJack Jones, CBCInnovisDaniel Marcotte, Royal Canadian Mounted PoliceKrina Snider, Sprint Nextel Corporate SecurityFor NetSec 2006, CSI has convened a panel of experienced practitioners—men and women who have tried the techniques, modified approaches and seen what works and what doesn’t. We’ll ask them not just what has worked, but what awareness techniques and approaches will work in 2006 and beyond.
WEDNESDAY, 8:30–9:30AM
CSI/FBI Computer Crime and Security Survey 2006Robert RichardsonEditorial Director, Computer Security Institute
Robert Richardson, co-author of the report, will discuss the preliminary findings of the 2006 Survey, which will not be released until August. Covered are: trends in the types and numbers of incidents, dollar losses and protection strategies being employed.
CISSP Common Body of Knowledge (CBK) OverviewOne-day IntensiveSATURDAY, June 10, 9:00AM–5:00PMCSI is pleased to offer a 1-Day intensive (ISC)2® Official CISSP® CBK® Review Seminar in conjunction with NetSec. This review course will address key areas in each of the ten domains of the CBK. For a full course description and registration details, please refer to page 10.
Official (ISC)2 ExamSUNDAY, June 11, 8:00AM–3:00PMFor the convenience of those seeking any of the (ISC)2’s Certifications such as Certified Information Systems Security Professional (CISSP®), Systems Security Certified Practitioner (SSCP®), Certification and Accreditation Professional (CAPCM), or any of our concentrations (CISSP®-ISSEP®, CISSP®-ISSMP®, CISSP®-ISSAP®), examinations will be offered at NetSec. (ISC)2 provides the necessary tools and credentials to advance your information security career. The exam will be proctoredby an official (ISC)2 test supervisor. To register for any of the (ISC)2 Exams, please visit https://www.isc2.org or call +1.866.462.4777.noTe: registration for the (iSc)2 examinations does not include registration for cSi netSec.
(ISC)2 Networking ReceptionTUESDAY, June 13, 5:30–7:00PMPLEASE NOTE: SEPARATE REGISTRATION REQUIRED. Come join your fellow (ISC)2 Members at an exclusive networking reception Tuesday evening. This intimate group of industry insiders is guaranteed to expand your professional network, while allowing you to connect with colleagues within the industry. Space is limited, so please R.S.V.P. to [email protected].
Education Sponsor:(ISC)2® is the premier not-for-profit organization dedicated to educating and certifying information security professionals globally. Since 1989, (ISC)2 has certified over 40,000 individuals in 110 countries. (ISC)2 issues the CISSP, CAPCM and SSCP credentials.The CISSP is the first information technology credential accredited by ANSI under ISO/IEC Standard 17024. www.isc2.org.
Free to All!
Register Online at CSINetSec.com �
Sy
mp
ho
ny
of
Ev
En
tS
Keynotes Keynotes O p e n t O A l l !
WEDNESDAY, JUNE 14, 8:30–9:30am
CSI/FBI Computer Crime and Security Survey 2006RobeRt RichaRdson
Editorial Director, Computer Security InstituteThe CSI/FBI Computer Crime and Security Survey is the world’s most widely quoted research on computer crime. Come hear
CSI Editorial Director Robert Richardson, manager of the survey and a co-author of the report, discuss the preliminary findings of the 2006 survey (11th annual) before the official release in August. Covered are trends in the numbers and types of incidents, dollar losses and protection strategies being employed. Q&A will follow the presentation. This is sure to be a popular presentation you won’t want to miss.
� Join CSI and save $200 on NetSec. See page 35.
With “The Practice of Information Security” being at the core of this year’s conference, each day begins with the practitioners’ perspective—Monday, from the executive level, Tuesday, a select panel of implementers and Wednesday, aggregate statistics from those in the trenches. Hear from a CISO on aligning security strategy with business objectives—an industry leader who doesn’t shy away from a bit of controversy. Next, learn from a diverse group of practitioners who discuss best ways of implementing an awareness program. Finally, be among the first to know the early findings of the CSI/FBI Computer Crime and Security Survey, based on responses from over 700 computer security practitioners.
TUESDAY, JUNE 13, 8:30–9:30am
Awareness Panel: What Works, What Doesn’t? ModeRatoR: John o’LeaRy
Director of Education, Computer Security Institute
PaneLists: KRina snideR
Manager, Security Awareness Sprint Nextel Corporate Securitytodd FitzgeRaLd
Director, Systems Security United Government Services, LLCJacK Jones
Chief Information Security Officer CBCInnovisdanieL MaRcotte
Manager, Security Training and Awareness Royal Canadian Mounted PoliceWe’ve all heard for years, and most of us firmly believe, that security awareness is an absolutely necessary component of any successful information security program. We’ve fought for budget and spent money and resources on training classes and events and newsletters and user guides and trinkets and intranet security Web site content to keep our messages in the forefront of user and manager consciousness. But it’s sometimes easier to obtain and spend those resources than to ascertain whether or not our awareness efforts are doing what they’re supposed to do.
For NetSec 2006, CSI has convened a panel of experienced practitioners—men and women who have fought the good fight, tried the techniques, modified approaches to meet their organizational cultures and seen what works and what doesn’t. In the light of increased attention to security matters and strong focus on regulatory and compliance issues, we’ll ask them not just what has worked, but what awareness techniques and approaches will work in 2006 and beyond. We’ll also find out what we should avoid and why.
MONDAY, JUNE 12, 8:30–9:30am
Uncertain Risks: Information Security in Corporate Americascott bLaKe, cisM, cissP
Chief Information Security Officer, Liberty Mutual Insurance GroupInformation security professionals have become experts in articulating fear, uncertainty and doubt in the form of the
worst-case scenario approach to information risk management. Unfortunately, the little data we do have about the actual costs of security rarely support this presentation of the risk environment. How then should our business leaders decide on the right level of security for the enterprise and how can we—as security professionals—support correct thinking about the level of risk? Mr. Blake will share his experiences in driving a security strategy that aligns tightly to business objectives, creating a right-sized information security operation in an uncertain world.
Scott Blake, CISM, CISSP, is chief information security officer for Liberty Mutual Insurance Group where he is responsible for enterprise security strategy and policy. Prior to joining Liberty in 2004, Scott was vice-president of information security for BindView Corporation, where he founded the RAZOR security research team and directed security technology, market and public affairs strategy. Since 1993, Scott has also worked as a security consultant, IT director and network engineer.
Ke
yn
ot
es
Thank you to our Gold Sponsors:
Your FREE show pass also allows entrance into the Keynotes on Monday, Tuesday, and Wednesday (See opposite page for details.)
Monday, June 12, 9:30am–1:15pm • 2:15pm–3:30pm
tuesday, June 13, 9:30am–1:15pm • 2:15pm–3:30pm
The NetSec Exhibition is the best place to meet
and research the vendors of the network security
products and services that will help you secure
your organization’s information.
F R e e t o A L L !
Register Online at CSINetSec.com 9
Thank you to our Exhibitors:
Pre-Register Now for the Exhibition at CSINetSec.com and save yourself a wait in line. (Conference attendees need not register for the show; exhibition admittance is included with conference registration.)
Learn Firsthand from the Vendorsthe exhibition at netSec is a unique opportunity to visit important vendors of network-focused security services and products–all in one place, all at one time! It is your chance to discuss face-to-face with the builders of the products you are using or considering. Visiting the exhibits saves you hours of research and lets you quickly compare solutions. Come away much better informed about the latest technologies and the best solutions to employ to protect your enterprise.
Win Free Prizes by Visiting the Exhibit HallGift certificates, cash, palm pilots—these are just a few of the prizes you might win when you get your “passport to prizes” stamped at participating exhibitors’ booths. Come join the fun. You may be a lucky winner!
Exhibition
Visit over 70 Exhibitors at CSI NetSec ‘06
ex
hib
itio
n
Join CSI and save $200 on NetSec! See page 34.10
1-Day Pre-ConferenCe Saturday, June 10, 9:00aM-5:00PM
S1CISSP Common Body of Knowledge (CBK) Review1-Day Intensive ReviewCSI is pleased to offer a 1-Day intensive (ISC)2® Official CISSP® CBK® Review Seminar in conjunction with NetSec. This review course will address key areas in each of the ten domains of the CBK, with an emphasis on assisting information security professionals in attaining the broad and comprehensive level of knowledge required to provide expert service to clients and employers as a Certified Information Systems Security Professional (CISSP).The focus will be on the key areas of the CBK that prove to be most difficult for most potential CISSPs, and will be reinforced through numerous practice questions and review points. Practice examination and sample questions review–an opportunity to practice for the examination in a real-test type scenario with feedback on questions and correct responses. Sunday, June 11, 8:00aM-3:00PM
Official CISSP ExamFor the convenience of those seeking any of the (ISC)2’s Certifications such as Certified Information Systems Security Professional (CISSP®), Systems Security Certified Practitioner (SSCP®), Certification and Accreditation Professional (CAPCM), or any of our concentrations (CISSP®-ISSEP®, CISSP®-ISSMP®, CISSP®-ISSAP®), examinations will be offered at NetSec. (ISC)2 provides the necessary tools and credentials to advance your information security career. The exam will be proctoredby an official (ISC)2 test supervisor. To register for any of the (ISC)2 Exams, please visit https://www.isc2.org or call +1.866.462.4777.NOTE: Registration for the (ISC)2 examinations does not include registration for CSI NetSec.
Sunday, June 11, 9:00aM–5:00PM
S2ISO 17799, ISO 27001 (BS 7799) and Friends— Using Them to Build an Information Security Management System
Ray Kaplan, CISSp
Ray Kaplan & AssociatesChaRleS l. JohnSon, CISM, MpM, pMp
Humana Inc.Amidst the increasing complexities of the legal and regulatory environments in which we operate, the use of ISO 17799, ISO 27001 (BS 7799) and other developing ISO Information Security Management System (ISMS) standards is rapidly gaining credibility, respect
and acceptance. This 1-day seminar presents a discussion of how to use them to guide your journey through your labyrinth of legal, regulatory, and “best practices” requirements.
You will learn:• An introduction to ISO 17799, ISO 27001 (BS
7799) and other developing ISO Information Security Management System (ISMS) standards;
• How to apply them in conjunction with the other information security-related standards, regulations, and “best practices” to which your organization must adhere;
• The formal audit, the registration process and the operations of a registrar;
• Self-certification, its benefits and its limitations;
• Industry experience in a complex regulatory environment, and;
• Answers to your questions about how to build a standards-based security program.
2-Day Pre-ConferenCeSaturday and Sunday, June 10–11 9:00aM–5:00PM
T1How to Be a More Effective Information Security ProfessionalJohn o’leaRy, CISSp
Computer Security InstituteThere’s an assumption in the title of this interactive CSI course: you already do the security job well, but want to become even more effective. Learn to develop the programs—physical, software, hardware and administrative—that will serve as foundation stones
for your organization’s information security effort. Help plan a path for appropriate security over time, given organizational imperatives and realistic constraints. Build the skills to develop these crucial programs, whether you’re creating them from the ground up, or administering or improving programs already in place.
You will learn how to:• Identify key projects to implement in order to
raise the bar;
• Develop and fine-tune a security policy statement;
• Raise the level of security awareness throughout your organization, and;
• Interface more effectively with internal groups whose support and commitment you need.
T2Business Impact AnalysisThoMaS pelTIeR, CISSp
Peltier AssociatesThis course will examine methods used to identify the critical business processes, applications and systems for an organization. Attendees will use these methodologies to create organization-specific processes that will help them identify their
critical systems. You will gain the ability to quickly and inexpensively identify critical applications, systems and business processes.
Pre-Conference Seminars
11Register Online at CSINetSec.com
To understand the BIA process we will:• Create attendee-specific BIA methodology;
• Examine how BIA results fit into the requirements of your business continuity and disaster recovery plans;
• Assess how BIA supports compliance with existing laws and regulations, and;
• Apply real-world examples of BIA to your own organization.
T3Web Hacking—Exploits and CountermeasuresJuSTIn pelTIeR, CISSp
Peltier AssociatesPort 80 has been called the highway into the network. How secure is your highway? If you’re not sure, it’s time to explore Web hacking. In this two-day, hands-on seminar, we will probe the security of Web-enabled applications and exploit common vulnerabilities.
This class helps you to develop a skill set essential to security testing as more applications become Web-enabled.
At the end of this course, you will be able to:• Assess Web authentication;
• Assess Web inputs for vulnerabilities;
• Assess Web database interfaces for security holes, and;
• Demonstrate the impact of these vulnerabilities.
T4How to Develop a Winning Security ArchitectureDavID lynaS, CISSp
David Lynas Consulting GroupThis highly participative workshop takes attendees through a detailed and proven security architecture design process used successfully by a number of high-profile multinational organizations. Upon completion of this class you will have developed an outline for a comprehensive strategy to create a
winning enterprise security architecture, or improve an existing program. The strategy developed will be specific to your own business requirements and these objectives will be achieved through an innovative combination of presentations, peer group discussions, team workshops, interviews and role-playing activities.
You’ll learn how to:• Ensure the architecture meets the overall goals
of your enterprise;
• Understand and meet both business and technical requirements;
• Manage the design process and the resulting security program;
• Deliver key security architecture concepts;
• Consolidate security solutions to improve efficiency and reduce costs, and;
• Select appropriate security technologies and architecture components.
T5Privacy and Information Security Programs: Creating an Effective Framework for Synergy and Organizational ImpactRebeCCa heRolD, CISSp
Rebecca Herold, LLCChRIS GRIllo, CISa, CISM
MedicaThere are often gaps in communication and coordination between privacy and information security activities, increasing the risks of security breaches and noncompliance with contracts and regulations. Through presentation, discussion, and case studies, attendees will obtain a better understanding of the challenges faced by both groups and create a workable roadmap to integrate their efforts. Participants take away additional tools to help facilitate effective cooperative processes involving privacy and
information security, resulting in compliance and positive organizational impact.
You will learn how to:• Understand privacy and security issues faced by
both privacy and security professionals;
• Use existing governance frameworks to successfully integrate privacy and information security throughout the entire organization, and;
• Demonstrate regulatory and legal due diligence and establish a standard of due care by implementing key compliance activities.
Specific topics include: privacy and security frameworks, strategic planning/roadmap development, policy management, risk assessments, security and privacy requirements in system development, incident response and notification, and training and awareness.
T6Wireless Security in the EnterpriseaaRon eaRle, CISSp
AE&E CorporationThis high-impact, content-driven course will focus on many corporate-use wireless networking technologies. We will explore the security methods used in radio frequency devices from the first cellular security method to the latest
WLAN 802.11i standard. Wireless standards, deployment strategies, design issues, security controls, comprising tools and hacker techniques will all be discussed We’ll also take a look at why security failed at first and review the new techniques and tools that have been implemented to address the issues. You will be able to enter this class with zero knowledge of wireless networks and come out a capable, knowledgeable wireless administrator.
You’ll learn how to:• Correctly secure wireless networks;
• Evaluate and exploit different types of wireless networks;
• Properly understand and evaluate risk across multiple wireless technologies, and;
• Create a wireless security policy.
*This session requires students to bring a laptop.
Pr
e-C
on
fe
re
nC
e S
eM
ina
rS
Join CSI and save $200 on NetSec! See page 34.12
1/2-Day Post-ConferenCeWedneSday, June 14, 2:00–5:00PM
IS1Hands-On Social EngineeringbRaD SMITh, Rn, CISSp
CIR SecurityIM attacks, Phishing, Trojans and many viruses use techniques to entice the user to “click here” that are based on Social Engineering (SE) using Neuro-Linguistic Programming (NLP) techniques. This session gives you hands on training about SE
using NLP techniques via guided sessions and role-playing so you truly understand these new skills. Understanding these techniques will help you determine when you or your company is under SE attack, construct defenses against SE, train your staff, design effective security policies, seek information on issues or interview new staff. After this session you will: know more about yourself, be better at one-to-one meetings; write more persuasive documents; give better presentations, and; be better prepared to protect yourself and your company. This class will be action-packed and fun so you’ll retain this invaluable information.
2-Day Post-ConferenCethurSday and friday, June 15–16 9:00aM–5:00PM
T7How to Create and Sustain a Quality Security Awareness ProgramJohn o’leaRy, CISSp
Computer Security InstituteSince the most serious and damaging IT security-related acts are usually done by those with some form of authorized access, employee attitudes and motivations must be a critical concern. But effectively motivating the various types of users within
the organization requires tailoring the awareness message to those users’ perceptions and their business reality. This course will give you practical ideas and techniques for delivering security training, customized according to your audience. You’ll find out how to plan and execute a program that’s right for your specific environment and budget, and that will evolve with the organization.
In this seminar, you’ll learn how to:• Identify the key ingredients in a successful
security training and awareness program;
• Define, segment and target key groups for focused training;
• Delineate specific behavioral change objectives for identified target audience segments;
• Gather and organize a wide variety of techniques and materials for maximum impact, and;
• Evaluate the results of your security awareness program.
T8How to Complete a Risk Assessment in Five DaysThoMaS pelTIeR, CISSp
Peltier AssociatesRisk assessment is viewed by many organizations as a long and complicated process. This two-day session will dispel that myth and provide attendees with the tools required to complete a quality risk assessment, using an industry standard process, the Facilitated
Risk Analysis and Assessment Process (FRAAP), in five days or less. At the end of the session attendees will take with them an understanding of the risk assessment process, the tools they need to perform the task at their own organization, examples of threat lists, sample control lists and a management summary letter template.
In this seminar, you’ll learn how to:• Tie business objectives to security controls;
• Conduct a FRAAP;
• Develop a comprehensive FRAAP action plan, and;
• Gain the support of the customer.
T9Check Point FirewallsJuSTIn pelTIeR, CISSp
Peltier AssociatesCheck Point X—This is the primary course for Check Point’s flagship product, VPN-1/FireWall-1. This course covers the basic steps involved in configuring an Internet firewall and provides hands-on training to manage a VPN- 1/FireWall-1 installation. In addition,
new capabilities in the Check Point NGX version of VPN-1/FireWall-1 are highlighted.
• Understand the VPN-1/FireWall-1 architecture and deploy its various components;
• Define a security policy using SmartDashboard;
• Deploy and manage distributed gateways using Check Point’s SmartUpdate and Secure Internal Communications;
• Administer and troubleshoot VPN-1/FireWall-1 Security Policies;
Post-Conference Seminars
“Keynotes excellent! Great sessions and content, as well as post-conference classes offered. Good activities and networking opportunities.
IngrId LohneIssdsT systems, Inc.
13Register Online at CSINetSec.com
• Enable SmartDefense global protection mechanisms;
• Set up user authentication in a VPN-1/FireWall-1 environment;
• Implement Network Address Translation;
• Protect your network with backups;
• Upgrade VPN-1/FireWall-1;
• License VPN-1/FireWall-1;
• Install and configure VPN-1/FireWall-1 for enterprise VPN deployment;
• Configure and deploy SecuRemote and SecureClient;
• Use general VPN-1/FireWall-1 security functions;
• Use content-security options, including URL filtering.
T10Return on Investment for Information SecurityDavID lynaS, CISSp
David Lynas Consulting GroupHow do we measure security and the purpose it is serving? How do we know if it is succeeding and if our program has value? This innovative two-day class presents the issues and takes the participant through a structured process to define the answers.
We will examine case studies and our own environments, resulting in a clear picture of our investment in security and the value our business gains from it. We will create an action plan for improvement, learn how to measure and manage it and learn how to assess how our program stacks up against standards such as ISO 17799 and relevant directives and legislation. We’ll discuss the importance of measuring the value in security, what value the business needs from security, and a structured process to evaluate and measure security value and return on investment.
You’ll also learn how to: • Measure the value in security;
• Measure investment in security;
• Measure return on investment;
• Create, measure and use security metrics and performance indicators;
• Use benchmarks, and;
• Evaluate your security against relevant standards and legislation.
T11A Survey of Computer Forensics Tools and TechniquesMaRK SpenCeR, CISSp
Evidentdata Inc.Selecting the right tools and applying them properly is critical in any investigation involving computers, but how does one choose? In this course, instructor Mark Spencer will draw upon his extensive experience in both the public and private sectors to help
clear away the confusion regarding which tools should be applied to set the stage for successful investigations. During this two-day course, students will be exposed to tools from Guidance Software, AccessData, Paraben, Technology Pathways, Digital Detective, Sandstorm Enterprises and BlackBag Technologies, as well as open source developers—all designed to forensically tackle different types of systems. From workstations, servers and networks, to e-mail stores and wireless technologies, each system will be explored. Be exposed to a variety of computer forensics tools, learn to analyze data from many types of systems in a forensically sound manner, and obtain a better understand of the tools you need and how to best apply them.
T12Defend Your NetworksaaRon eaRle, CISSp
AE&EThis class is for anyone involved with configuring, designing, or supporting IP-based networks. This class will explore the threats to your network, showing attendees how an attacker can compromise various security methods to gain access. We’ll look
at the common configuration mistakes and design methods that allow hackers to take advantage of various networking devices, primarily focusing on networking devices such as routers, switches and access points. We will explore various network communication protocols such as RADIUS, DNS, DHCP, SMTP, routing protocols and many others. The workshop will allow attendees to take part in attacking and protecting networking equipment from a magnitude of threats. Gain a detailed understanding of how to prevent outages and lower risk, learn about common hacker tools used to target or manipulate network devices, and learn ways to maximize uptime in the event of a network attack or failure.
*This session requires students to bring a laptop.
Po
St-C
on
fe
re
nC
e S
eM
ina
rS
“Excellent blend of high
level and detail technical sessions. An outstanding
refresher on subjects previously visited and
good introduction to new material. Keynotes and
networking as well as exhibits made it a terrific
experience!
ray Curry Isa new england
Join CSI and save $200 on NetSec. See page 35.14
1
1
2
11INT–1MONDAY, 10:30–11:45AM
Intro to CryptologyRobeRt RichaRdson
Editorial Director, Computer Security Institute (CSI)This session presents the foundation required for you to understand cryptographic principles, trends and usage. We will examine encryption’s role in the security of your organization’s sensitive information, covering tools for ensuring the privacy, integrity and authenticity of sensitive data in networks. We’ll show where encryption has been and try to predict where it’s going (emphasizing PKI). We’ll clarify the terminology as well as technical aspects of secret key algorithms (including DES), public key cryptography and certificate authorities. We’ll guide you through the workings of public key encryption to secure information and provide digital signatures.
INT–2MONDAY, 1:15–2:30PM
Introduction to the NIST Security FrameworkchRistopheR Michael, cissp, issep, itil
Technology Strategist, Computer AssociatesIncreasingly, commercial and non-federal government entities are adopting the NIST security framework. Unlike other frameworks like the ISO 17799 standard which remain at a high level, the NIST series of documents provides explicit guidance—down to the level of specifying base levels of security controls for systems at different levels of risk. NIST security guidelines are mandatory for federal agencies, but they are just as applicable to commercial entities—and equally valuable. In this presentation we’ll explore the overall NIST security framework and provide a roadmap to the various NIST Special Publications which support the framework. Whether or not attendees choose to adopt the NIST framework for their organizations, they will gain familiarity with the key NIST concepts and documents which they can then draw from as appropriate for their organizations.
INT–3&4MONDAY, 3:30–5:45PM
Network Security FundamentalsJohn o’leaRy, cissp
Director of Education, Computer Security Institute (CSI)This double session describes the basic security goals of availability, integrity and confidentiality as they relate to networks. After analyzing these long-standing cornerstones of network security in terms of your working network environments today and tomorrow, we’ll turn to the ever-changing and ever-expanding world of jargon. We’ll spend some time investigating the meaning of specific terms relevant to this area to foster your understanding of network security concepts and their implementation. This should also help you converse meaningfully with your technicians and avoid being scammed when they don’t want to give straight answers. Next we’ll identify major threats and vulnerabilities that could impact your network’s ability to support critical functions. Since we’ve brought up the issue of what bad things could happen, we must next turn to what you can do about them. From a position of reality rather than vendor hype, we’ll cover technical, physical and administrative countermeasures for identified vulnerabilities.
INT–5TUESDAY, 10:30–11:45AM
Biometrics 2006: Opportunities and Challengesben Rothke, cissp, cisM
Director—Security Technology Implementation, AXA Technology ServicesBiometrics is a powerful authentication technology. This session will take a look at what biometrics are and how they can be successfully deployed to provide an organization with the strong authentication it needs to secure its network infrastructure. Topics covered include: 1) What biometrics is and what it isn’t; 2) What biometrics can and can’t do for your security program; 3) How biometrics works, and the related strengths and weaknesses of fingerprint, facial, retinal signature dynamics, and voice recognition; 4) The real challenge of biometrics—making it all work together; 5) Standards and APIs; and 6) return on investment (ROI).
INT–6TUESDAY, 1:15–2:30PM
TCP/IP Security—Internetworking and FirewallsRay kaplan, cissp, cisa, cisM, issMp
Principal Consultant, Ray Kaplan & AssociatesThis session builds on the basics of TCP/IP Security. The session discusses the security implications of how TCP/IP networks are interconnected (internetworking), how they are attacked, and how they can be properly protected. Vulnerabilities, risks and risk mitigation are discussed. The session starts with an overview of internetworking security and architectures. It includes a comparison of contemporary firewall technologies, their strengths, and their limitations. An overview of how TCP/IP networks are attacked with examples is included along with a discussion of how interconnected networks can be defended. Well-known risk mitigation success factors are presented along with common mistakes. A discussion of how to formulate an interconnection policy and bring it to bear in contemporary internetworking is presented. The implications of contemporary regulatory compliance for internetworking are discussed.
Learn how to build. . . . . . . .
Fundamentals of Computer Security
“excellent, especially
for fairly new to iT security
folks. excellent organization of
events. Wonderful location.
Janet Greeneunited Space alliance, Kennedy
Space center
NEW
15Register Online at CSINetSec.com
2
1
1 1
a solid and rigorous foundation for growth and success. the sessions in this track cover principles, concepts, procedures and technologies
that define It security today and will shape its evolution tomorrow. Instructors in this track prepare attendees to explain security issues,
tradeoffs, threats and countermeasures to those whose support is critical to a successful program. this track is designed for those new to
security, or anyone interested in learning the basics.
INT–7TUESDAY, 3:15–4:15PM
Creating a Fundamentally Secure Networkpaul henRy, cissp, cisa, cisM, Mcp + i, Mcse
Vice President, Secure ComputingReal security is hard work but it is not rocket science. A common sense approach is the key to getting our network fundamentally secure. We will cover: security policy and procedures; understanding and addressing the current attack vector; hardening publicly accessible servers; using existing application controls to afford multi-layer security; zones of trust and access considerations; the importance of understanding normal traffic on your network; anti-virus considerations; worm and Trojan defenses; the fact that spam is no longer just a nuisance, but a serious security threat; desktop security; content filtering; authentication issues and solutions; expanded use of encryption; and, bringing it all together. Attendees will come away from this session armed with an understanding of the principles to a common sense approach in getting their networks fundamentally secure.
INT–8TUESDAY, 4:30–5:30PM
Access Controls 101douglas conoRich
Global Solutions Manager, IBMThe cornerstone of any information security program is controlling how resources get accessed so that they can be protected from unauthorized disclosure, loss, or modification. These security features that control how users, applications and systems communicate can be technical, physical, or administrative in nature. The presentation will discuss: identification methods and technologies; biometrics; authentication methods, models and technologies; discretionary, mandatory and nondiscretionary access controls; accountability, monitoring and auditing practices; emanation security and technologies; and, possible threats to access control practices and technologies.
INT–9WEDNESDAY, 9:45–11:00AM
Understanding and Implementing Smart Card-Based Network Security SystemsRandy VandeRhoof
Executive Director, The Smart Card AllianceNow that major software vendors have integrated security suites into overall enterprise computing architectures, IT security professionals are challenged to protect the information they manage and provide individuals with proper access to the applications and data from within the organization or remotely. This Smart Card Alliance panel presentation will look at how smart card technology serves as a portable, secure container for identity credentials that are cost-effective, scalable and more secure than traditional passwords. This interactive session will teach: the basic attributes of smart card technology for mutual authentication from embedded chips to ID cards to tokens; interfaces with one-time password systems, digital certificates and biometrics; and, how credentials are issued, maintained and revoked. The session will conclude with a look at project planning a smart card system.
INT–10WEDNESDAY, 11:15AM–12:30PM
The Secure Management ConsoledaVid lynas, cissp
CEO and Founder, David Lynas Consulting GroupPeter Drucker said “If you cannot measure then you cannot manage.” But in the information security profession, measurable security success factors are very rarely designed in. Without them we can never achieve “security by design.” Many professions do follow this paradigm. When an engineer designs and assembles a construction, s/he retains focus on critical risks while monitoring a series of measurable success factors. For example, a bridge is constructed to bear a specific load and a building is erected in such a way that it flexes safely in a high wind or withstands the shockwaves of an earthquake. In Information Security however we often construct systems with little or no success criteria defined—so how do we know when security has succeeded? How do we know when we have enough security? How ‘secure’ are we?
FU
ND
AM
EN
TA
lS
OF
cO
MP
UT
ER
SE
cU
RIT
YIN
T. . . . . . . .
Fundamentals of Computer Security
“i was impressed
with the hands-on training. i was also impressed with the depth of knowledge the speakers had.
tOBy mOlIna meritec
NEW
NEW
Join CSI and save $200 on NetSec. See page 35.16
1
2
2
1
1
2AWR–1MONDAY, 10:30–11:45AM
Hey, Let’s Bore Our Users Today With Some Security Trainingtodd fitzgeRald, cissp, cisa, cisM
Director, Systems Security, United Government Services, LLCThe choice is ours, to deliver security awareness training the traditional way (boring), or add some excitement to our users’ lives! The most effective security awareness training happens through totally engaging the audience. This presentation provides techniques for making it fun. In fact, this presentation will demonstrate a series of interactive techniques for having fun and delivering the message at the same time. Retention is much more likely to happen when the participants are engaged. Attendees will leave with methods, important logistics and examples that they can use within their organizations.
AWR–2MONDAY, 1:15–2:30PM
Security Awareness: Starting at Ground Zero kRisty Westphal, cissp, gcia, gcfa
Information Security Officer, Arizona Department of Economic SecurityStarting with nothing for a security awareness program can be daunting when it’s now your task to make something happen. Did I mention that you have no budget and little help in coming up with a strategy? Well, then this is a session for you. Not only will we discuss tools and techniques that have been proven effective in organizations, but you’ll learn how to build a program from nothing into a repeatable, effective awareness campaign. The attendee will walk away with tangible security awareness tools (articles, presentations and communications) that they can take back and use within their own organizations. Themes of awareness campaigns will also be discussed, as well as delivery methods. This class will help to show you how information security can be made interesting, informative and useful to everyone.
AWR–3MONDAY, 3:15–4:15PM
Getting Management to Say “Yes” to Security Awarenessanne kuhns, cissp
Manager, IT Security, Walt Disney World Co.Sometimes the hardest part of a security awareness program is getting started. A critical success factor is gaining management support—not only for getting your program off the ground, but for long-term sustainability as well. A clear mandate from senior management lays the foundation for program success, smooths the way for your program initiatives, and makes things a whole lot easier on you. But how do you get them to say “Yes” so you can enjoy all the benefits? This session will detail the successful approach used by the awareness staff at a large company to get management backing for implementation of its security awareness program. Attendees will leave with practical ideas and suggestions that will get their management saying “Yes”.
AWR–4MONDAY, 4:30–5:30PM
Are They Really Clueless? Jack Jones, cissp, cisa, cisM
Chief Information Security Officer, CBCInnovisInformation security has a long history of having trouble getting management to buy in to its conclusions and recommendations. Is the answer to don an Armani suit, learn business terminology and make your pitch during a “power lunch?” Or is the answer to “learn the business” so that you can couch your recommendations in a way that’s meaningful to executives? Or, perhaps, the executives really are clueless and you might as well beat your head against a wall as try to explain why your security initiative is important. In this session, we’ll discuss the fundamental nature of the risk decision problem, as well as where and why we tend to struggle on the issue. We’ll also take a look at the business perspective in combination with the security perspective to see where and how they fit together. You’ll come out of this session with a risk decision framework that explains and can help address many of the frustrations you face.
AWR–5TUESDAY, 10:30–11:45AM
Choosing and Using Proper Awareness Techniques John o’leaRy, cissp
Director of Education, Computer Security Institute (CSI)In trying to educate managers, users and infosec personnel on the importance of protecting information resources, we need to remember that different approaches work for different target audience segments at different ranges of geographical separation. Top managers need to know things in macro, bottom-line terms. You don’t necessarily have to be there to educate them, but you must be ready to rapidly address their questions. Data security professionals need detailed technical training. Interacting with machines in a lab setting can work very well. Computer users, operators, programmers and infosec technicians, Webmasters and content developers must be shown what they can do on a day-to-day operational basis. There are just too many of them to cover one-on-one. In this interactive session, we’ll analyze techniques and technologies to ascertain which ones work best in which situations.
AWR–6TUESDAY, 1:15–2:30PM
20 Different Security Educational Things and How They Work bRad sMith, cissp
Director, CIR SecurityHelping end users understand the importance of NOT opening funny-looking e-mail or NOT sharing their passwords has always been part of a professional security plan. The problem is that most security professionals are not professional educators. Why do we produce dry, fact-riddled “things” that don’t make learning fun or memorable for the end user? This session will give you 20 different pre made security educational items that you can start using today. All examples are based on current adult education theory and the “six concepts of persuasion,” which you’ll learn. Your knowledge of these concepts will aid you later, in everything from selling your ideas to the boss to selling appropriate behavior to your family. Good security is made even better with good education.
Awareness is a hot topic. . . . . . . . .
Awareness Training & EducationNEW
NEW
NEW
NEW
17Register Online at CSINetSec.com
1
2
21
apart from always making good business sense, awareness programs may now be mandated by internal and external regulations.
to be successful, awareness programs need to be proactive, fresh and current. this track, redesigned for 2006, shows attendees why
organizations need awareness programs and how to successfully develop and deploy effective, relevant programs.
AWR–7TUESDAY, 3:15–4:15PM
Awareness Solutions for Data Classification Roll-Out thoMas peltieR, cissp, cisM
President, Peltier Associates A productive data classification program cannot be implemented without employee awareness and training to address policy, methodology and requirements. This session examines how three organizations successfully implemented their data classification programs—what worked and where problems occurred. From these practical examples, attendees will learn the underlying elements that will make the process effective in their own organization. Attendees will leave with an understanding of how to establish awareness program scope and how to ensure that the right messages reach the user community.
AWR–8TUESDAY, 4:30–5:30PM
Phishing: From Social Engineering to Programming Techniques Jonathan Rusch
Special Counsel for Fraud Prevention, U.S. Department of JusticePhishing is most commonly described as the use of e-mail messages and Web sites, designed to resemble those of legitimate corporate enterprises and government agencies, to obtain identifying and financial information to commit identity theft and fraud. In fact, law enforcement authorities and information security specialists recognize that phishing encompasses a wider variety of social engineering and programming techniques. Because phishing has rapidly become one of the more significant threats to e-commerce, this presentation will describe the principal types of phishing techniques, identify the human and technological vulnerabilities that these techniques exploit, discuss law enforcement approaches to investigating and prosecuting phishers and offer recommendations on educating the public about phishing and reducing the incidence of the problem.
AWR–9WEDNESDAY, 9:45–11:00AM
Security Awareness: Are You Hitting the Mark? kRina snideR
Manager, Security Awareness, Sprint Nextel Corporate SecurityAt the end of the day, how do you know that your security awareness program is effective? Have the number of security incidents decreased? Are fewer laptops being stolen? Are employees adopting stronger passwords? Measuring the effectiveness of a security awareness program can be difficult, but not impossible. This session will provide: Overview of different types of awareness events; Flowchart and track the steps involved from A to Z; Understand your audience and deliver to their needs; Show employees the “What’s in it for me” factor; How to get the most bang for your buck; and Measuring your results. Attendees will discover many facets to not only delivering an effective security message, but also influencing the behavior and perception of your target audience. The presentation will also provide a detailed example of how these measures were put into place, for an eye-opening social engineering exercise at a large corporation. .
AWR–10WEDNESDAY, 11:15AM–12:30PM
Keeping the Elephants Away: Does Security Training Improve Security? pat logan
Associate Professor, Marshall UniversityFor many years, a debate has raged over whether vendor certifications benefit your company or just the employees who are given the opportunity to improve their skill sets. Many organizations are now pursuing information security certification for their IT employees as part of the implementation of Sarbanes-Oxley, HIPAA and other industry-specific oversight and auditing rules. Does certification for employees provide measurable positive impact for your organization? Does security training bullet-proof your organization against attack? Management must look at the business return (ROI) on certification and training. There is no doubt that improving the knowledge of your employees may improve the effectiveness of your information security planning, but how can that return be measured and weighed against the hard and soft costs of the certification and training process? How should employees be selected for specific security training and certification? What metric should be used to measure the organizational benefit?
AW
AR
EN
ES
S T
RA
ININ
G &
ED
Uc
AT
ION
AWR
. . . . . . . .
“i was very impressed. i learned many useful
tidbits, and gained many useful new
friends and fellow network security contacts. i look
forward to attending next year’s netSec.
alex O. OStBerGnetwork Security Specialist,
Department of administration, State of montana
NEW
NEW
NEW
Join CSI and save $200 on NetSec. See page 35.18
12
1
2
1
2
COM–1MONDAY, 10:30–11:45AM
Regulatory Compliance: Taming IT’s New Beast of BurdenshloMo kRaMeR
President/CEO/Founder, Imperva, Inc.The expanding universe of regulatory mandates governing financial and privacy data is imposing increased levels of accountability on IT executives. To complicate matters, chief information officers must comply with legislative requirements that are often vaguely defined and open to interpretation. How can IT executives ensure their organizations will meet compliance audits? This presentation will examine the shared information security requirements between the major regulatory mandates including Sarbanes-Oxley, HIPAA, S.B. 1386 and the Gramm Leach Bliley Act. In addition, the session will provide a clear and concise blueprint that outlines the technical infrastructure, controls, and audit mechanisms necessary to simultaneously comply with the most stringent financial and industry legislations in the world.
COM–2MONDAY, 1:15–2:30PM
The Emerging Legal Duty of CareMaRc zWillingeR, cissp
Partner, Sonnenschein Nath & Rosenthal LLPAs of November 2005, 21 states have passed legislation requiring companies to notify consumers or customers when their sensitive personal information has been acquired by an unauthorized person. At the Federal level, Congress is debating legislation that would not only require breach notifications to consumers, but would require all companies to take specific measures to protect consumer information maintained in electronic form. In this session one of the nation’s leading information security lawyers will provide clear and concise guidance not only on how to comply with these new state and federal laws, but on how to position your company to avoid liability relating to information security breaches, if and when they occur.
COM–3MONDAY, 3:15–4:15PM
SOX 2006: The National Effect and International PerspectivelaRRy dietz
Director, North American Enterprise Marketing, Symantec CorporationThe Sarbanes Oxley Act was passed in 2002. Many effected organizations have already made their first reports, but the lasting effect and international perspective on governance has been largely unexplored. This session reviews lessons learned and addresses governance activity by the international community to include a look at the upcoming Japanese Financial Service Agency’s “Guidelines for the Basis of Assessment and Auditing over Financial Reporting.” Updates on legal activities and the impact on information security professionals will also be supplied. Thought-provoking hypothetical case studies give participants the opportunity to try their legal and information security analysis skills.
COM–4MONDAY, 4:30–5:30PM
Strategies for Improving Policy CompliancechaRles cResson Wood, cissp, cisa, cisM,
InfoSecurity Consultant, InfoSecurity Infrastructure, Inc.It’s one thing to have a good information security policy document and an entirely different thing to have a high level of compliance with that same policy. This presentation will focus upon why information security is now a team effort, requiring the involvement of many different people outside the Information Technology Department, including users. Given the need to have a team approach to information security, we will discuss specific strategies that attendees can use to help increase the level of compliance with published policies. These compliance-enhancement strategies will focus on three areas: how to write better policies, how to better implement policies and how to better communicate policies. The session will end with a brief discussion about a number of commercially-available software tools that can be used to enhance policy compliance.
COM–5TUESDAY, 10:30–11:45AM
Getting Buy-In for FISMA CompliancepatRick hoWaRd, cissp, cisM
Chief Information Security Officer, U.S. Dept. of Housing and Urban DevelopmentThe Federal Information Security Management Act (FISMA) holds organizations accountable for implementing an effective IT security program and a wide range of security controls. Chief Information Security Officers (CISOs) exercise primary responsibility for complying with FISMA, but must in turn rely on the support of subordinate elements to meet strict FISMA standards. The purpose of this session is to highlight approaches for selling IT security to offices and individuals who already have a full plate and view security as an unnecessary burden. The session is presented from the perspective of a department-level CISO, and will specifically address how to obtain support in the areas of contingency planning, certification and accreditation, and security awareness based on recent experiences at two separate government agencies.
COM–6TUESDAY, 1:15–2:30PM
Sustainable Compliance with an ISO 17799 FoundationchaRles l. Johnson, cisM
Security Consultant, Humana Inc.Attendees will walk away with the knowledge of how to effectively communicate to management an approach for their program. Governed by a multitude of regulations and requirements, we are increasingly pressed to provide sufficient information about our security infrastructure so that our management or external customers can make informed decisions about buying our products or securing our services. We have availed ourselves to the work effort of others and our own as we have captured the essence and the correlation of ISO 17799, CoBiT, ITIL, COSO, HIPAA, GLBA, SOX, DOD (C2), FISMA and several others. Additionally we will provide attendees approximately 25 supporting corporate policies already written in MS Word and ready to customize with your company name and terminology.
The growing number of new and. . . . . . . .
Policy & ComplianceNEW
NEW
NEW
NEW
NEW
NEW
19Register Online at CSINetSec.com
1
2 22
emerging security policies in the past few years is staggering. How to comply with these new policies is a challenge for privacy and security
professionals, who often must handle compliance in addition to other job responsibilities. this track will cover some of the most pressing
and current policy and compliance issues facing our industry today.
COM–7TUESDAY, 3:15–4:15PM
Payment Card Industry Data Security Compliance ProgramlaRRy byRns, cissp
Associate Partner, IBM Security and Privacy Practice, IBMIn 2004, the Payment Card Industry (PCI), which consists of the six credit card brands, agreed on one data security standard. Anyone working with credit card transactions must follow a set of security requirements or be subject to civil and financial penalties. During this session we will cover a brief history of the PCI and its brands, and discuss the compliance levels (tiers) and common definitions for PCI. We will go over the PCI program by brand (some brands do not have requirements) and discuss the PCI Data Security Standard Program, including: security assessment requirements (“digital dozen”); network security scan requirements (vulnerability scan);applicant assessment; and the security incident and forensic program. We will also talk about the penalties and fines by brands and discuss the most frequently targeted companies. We will also cover the PCI Assessor Program (the folks that audit your compliance program).
COM–8TUESDAY, 4:30–5:30PM
Security Policy: The Cornerstone of an Effective IT Security ProgramalbeRt leWis, cissp, issMp
Senior Information Assurance Manager, SRA International, Inc.Although many organizations deploy sophisticated technical security control devices such as firewalls and intrusion detection systems to counter threats to their IT infrastructure, many do not have a comprehensive IT security policy in place to specify the configuration of those devices. The lack of a strong security policy leads to ad hoc security device configuration, which eventually results in compromises to IT security. This presentation will focus on the critical link between a strong and comprehensive IT security policy and an effective IT security program for the organization.
COM–9WEDNESDAY, 9:45–11:00AM
How to Build your eDocument Management Team: A Step-by-Step ApproachVicki luoMa
Assistant Professor, Minnesota State UniversityMilton luoMa
Senior Partner, Luoma Law Office The newest management challenge is how to deal with the requirements of electronic document management—including retention and deletion—particularly in the face of litigation and new eDiscovery rules. These challenges require the creation of an eDocument management team consisting of computer forensics specialists, IT specialists, auditors, attorneys and an information management director. This presentation provides a step-by-step process of how and when to create your eDocument management team in order to effectively meet the challenges posed by litigation and government regulation.
COM–10WEDNESDAY, 11:15AM–12:30PM
Surviving SOX, Round 2: Changes, Benefits and Pitfalls to InfoSec Due to SOXRobeRt childs, cissp, cisa, cisM
Vice President and Information Security Officer, First Community Bank NM Last year we discussed steps taken to pass the Sarbanes-Oxley (SOX) audits. This year we will take a look at what changes SOX has brought to information security. Have these been beneficial? Or a distraction from the real risks? In this presentation, we will discuss the changed focus of information security, management’s increased expectations, and implications of approaching security from a compliance-focused perspective. We will also delve into the pitfalls and distractions that the spider web of regulatory compliance has wrought upon the information security arena. The presenter will share his insights and observations from his two plus years of implementing and maintaining SOX-compliant security programs. Participants will have the opportunity to share their experiences and gain insight into the new compliance-focused information security world.
PO
lIc
Y &
cO
MP
lIA
Nc
ECO
M. . . . . . . .
“as a policy person, i was pleased to see
that there were a lot of courses i could apply to my work—i need to
know how to approach setting policy vs. how to actually configure
hardware. your choice of presenters was ouTSTandinG!
tanya mcmullenSandia national laboratories
NEW
NEW
NEW
NEW
Join CSI and save $200 on NetSec. See page 35.20
2 2
2
2
2CRT–1MONDAY, 10:30–11:45AM
Network Security Reviews Made Easy and Simplified, 2006Joe popinski, cissp, cisM, cpp, cfe
Director of Network Security Consulting, Information EngineeringThis session will present a simplified approach to implementing and conducting a network security review and assessment including the business and technical aspects. We’ll discuss a multi-step methodology to plan and conduct a network security review of your corporate network infrastructure including how to apply NIST Special Publication 800 principles and the NSA Information Assurance Methodology (IAM). Covered are the basics for: planning and estimating the review; determining resources; developing a formal proposal for approval; initiating and conducting the review; and considering deliverable development and presentation. Included are examples of network discovery and scanning tools, wireless security techniques and lessons learned from recent experiences. This talk is based upon a successful business model focusing on small- to medium-sized companies with limited IT staffs. Audience participation is encouraged. Several take-aways are provided.
CRT–2MONDAY, 1:15–2:30PM
Information Sharing: Panacea or Peril?MaRk Rasch, J.d.
Senior Vice President, Chief Security Counsel, Solutionary, Inc.The National Strategy for Securing Cyberspace, like numerous Presidential documents that preceded it, called for increased information sharing about computer security threats, vulnerabilities and incidents as a mechanism to improve overall security. But will such strategies ever truly be successful? This session will focus on current efforts to share information in the public and private sectors, the practical and technical manner in which they work, and the legal, bureaucratic and policy impediments to information sharing generally. It will also discuss methods of improving relevant information sharing, streamlining and automating the process, and the role of white, grey and black hat hackers in discovering and exposing new vulnerabilities. Also on the agenda is the role that vendors play and their duties to inform the public about vulnerabilities and to promptly correct them. Finally, it will discuss the civil and criminal liabilities associated with both disclosure and failure to disclose vulnerabilities.
CRT–3MONDAY, 3:15–4:15PM
Security Framework for VoIP SecurityRobeRt J. thoRnbeRRy JR.
Director, Lucent Network Security Office, Bell Laboratories, Lucent TechnologiesIT security needs a comprehensive security framework in order to ensure the security of end-to-end communications. This is especially important in addressing security of complex real-time applications such as VoIP. ITU Recommendation X.805 provides a comprehensive view of network security and serves as a guide to implementing the security needed to meet critical business needs. The session examines Recommendation X.805 and provides insight on how to apply it to take a holistic approach to security. The framework specifies the network infrastructure, network usage planes and security dimensions necessary for secure end-to-end communications and the session addresses the creation of practical solutions with a focus on VoIP security.
CRT–4MONDAY, 4:30–5:30PM
Identity Theft: The Growing ConcernthoMas peltieR, cissp, cisM
President, Peltier AssociatesIt can happen to anyone. The phone rings and a collection agency demands that you pay past-due accounts for goods you never ordered. The supermarket refuses your checks because you have a history of bouncing them. But you have always paid bills on time. What has happened? The crime of identity theft is on the rise. Every minute, an estimated 13 people fall victim. Using a variety of methods, criminals steal Social Security numbers, driver’s license numbers, credit card numbers, and other pieces of individuals’ identities. They use this information to impersonate their victims, spending as much money as they can in as short a time as possible before moving on to someone else’s name and identifying information.
CRT–5TUESDAY, 10:30–11:45AM
Privacy and International Data FlowsRebecca heRold, cissp, cisa, cisM, flMi
Owner and Principal, Rebecca Herold, LLCThis session will provide an overview and discussion of the most pressing global privacy requirements for handling information that crosses country borders, including such regulations as the European Union Data Protection Directive, Canada’s PIPEDA, Japan’s Personal Information Protection Act and others. We will discuss incidents that have occurred, along with changes, solutions and techniques for complying with these requirements. We will also discuss the wide range of issues that companies must take into account when addressing international information data transfers and the multitude of ways in which data can be transferred across borders. We will discuss the challenges associated with personal information (both consumer and employee) protections and these transfer issues.
Your management already is. . . . . . . .
Critical Issues
“many relevant
sessions; provided me with ideas of
important issues to focus on in my daily work. i’ll be back for
sure!
FlemmInGS Juul PeDerSen H. lundbeck a/S
NEW
NEW
NEW
21Register Online at CSINetSec.com
1
2
2
2 2
or soon will be, asking for detailed explanation and guidance on these topics, which simply cannot be ignored. Some relate to the latest
technologies, some to the newest and most insidious threats, some to creative approaches for strengthening security and some to ways of
bringing business sense into analysis of security issues. these are topics that grab management’s attention, so be prepared.
CRT–6TUESDAY, 1:15–2:30PM
Two Steps to Security: Identify Your Data, Lock Down Your NetworkdaVid dRab
Director of Information Content Security Services, Xerox CorporationWhile the need for document security is widely recognized, many companies are unaware of a major threat—the networked peripheral. Each time a document is copied, printed, scanned or faxed, the image left on the system’s hard drive(s) is as much at risk of getting hacked as the information on PCs. This presentation will discuss how according to Xerox estimates, intrusions into secure corporate networks cost businesses an average of a half-million dollars per incident. As data security regulations become more demanding, and the rates of networked peripherals grow exponentially, companies cannot afford to not take action. The presentation will include experiences working with Fortune 500 clients to identify information that represents the greatest threat if exposed, and the processes involved in developing a comprehensive security solution for the future.
CRT–7TUESDAY, 3:15–4:15PM
The Identity Gapphillip hallaM-bakeR
Principal Scientist, VeriSign Inc.The threat of phishing and emergence of Weblogs have focused attention on what is being called the “identity” problem. There is certainly no shortage of affordable strong authentication technology, yet the majority of Web sites, even those where substantial assets are exposed, are reduced to username and password. The problem that remains to be solved is how to make these technologies available in a form that end users can make use of and Web sites can support. In this session you will find out about the current state of the identity standards efforts currently in progress and how they relate to established standards including SAML and OATH and legislative initiatives such as RealID and the UK Identity card. If the identity problem is to be solved it is necessary to address the technology, usability and privacy problems at the same time.
CRT–8TUESDAY, 4:30–5:30PM
Show Me the Money: How to Get Funding and Support for Risk ManagementcheRyl Jackson, cissp
HP North America Security Practice, Hewlett-PackardAre you constantly hitting a brick wall when trying to get budget, resources and management support to successfully develop and roll out your risk management program? Does management tell you “no” before the question is even out of your mouth? Are you having trouble putting together a strategic plan? This session will cover the following: why develop a strategic plan; is the plan enough; how do you develop your risk management program, including a record of what is and what will be so you can show ROI; and, how do you set the context? This session will help you develop an organized approach that will resonate with management and help you get the budget, resources and support you need to make your risk management program successful.
CRT–9WEDNESDAY, 9:45–11:00AM
Poor Man’s Guide To Network Espionage GearshaWn MeRdingeR
Security Analyst, TippingPointThe recent availability of low-cost embedded network devices has encouraged an impressive open source software development effort. Free software contributions and new features greatly enhance these devices’ flexibility, and remove technical barriers for many people. But there is a darker side to this increased capability, and when combined with the almost “throw away” cost of many embedded devices it’s clear that a new breed of threat is emerging in network environments at home, on the road and in the enterprise. This presentation covers a number of low-cost embedded network devices that may appear innocent, but have the potential of being quickly transformed into an elusive beast loose on your network, possibly controlled by an attacker thousands of miles away. Attendees can expect creativity, demonstrations of cool/new/unique/scary devices and a healthy dose of paranoia.
CRT–10WEDNESDAY, 11:15AM–12:30PM
Counter Attack to Identity Theft: Data Maskingpaul pReston
General Manager, Plato GroupTraditionally, organizations have been concerned with protecting sensitive data from external theft. However, as research indicates, 70 percent of security incidents come from insiders. Data masking, the process whereby information in a database is de-identified, creates realistic databases without the risk of exposing sensitive information to unauthorized users. Data masking allows organizations to avoid the costly consequences and penalties associated with data breaches. Additionally, data masking has unique benefits including: providing data protection, ensuring compliance with privacy legislation and maintaining client confidence. We will discuss how data masking is achieved, its common uses, its benefits to C-level executives, how it protects against data theft inside and outside the company and how it provides information privacy.
cR
ITIc
Al
ISS
UE
SCRT
. . . . . . . .
“Vast resources of
current information. This is a high priority
event that i feel the need to attend
annually.
GeOrGe JenKInSIndependent community Bankers
of america
NEW
NEW
NEW
NEWN
EW
Join CSI and save $200 on NetSec. See page 35.22
12
1
2
2
2
AUD–1MONDAY, 10:30–11:45AM
Keeping Pace with SOX, GLBA and Other Security Compliance RegulationsJohn Weinschenk
President and CEO, CenzicFinancial institutions that increasingly rely on Web applications for online banking face a slew of information security regulatory requirements. Application security assessment is fast becoming essential to meeting today’s standards. This session will examine solutions that aid financial institutions in complying with these governmentally enforced laws, specifically exploring how an automated approach to risk assessment assists in: checking for vulnerability to the injection of malicious code into Web servers; automating the testing of code and key controls during the software development; process; updating controls in response to new vulnerabilities and changes in applications, and, allowing companies to respond more quickly and efficiently to new vulnerabilities in the software development lifecycle.
AUD–2MONDAY, 1:15–2:30PM
Quantitative Risk Assessment in Action: A Real Life ExamplebRuce edWaRds
Information Security Officer, University of LouisvilleIn this session you will learn the pros and cons of qualitative vs. quantitative risk assessment. In addition to the knowledge gained from an applied example, you will take away the mathematical framework used in the real life quantitative model and recommended current day tools for developing your own models using a quantitative approach. Finally, you will see how a proven quantitative approach is but one big step away from continuous risk assessment.
AUD–3MONDAY, 3:15–4:15PM
Why You Need a Network Security AssessmentJoe popinski, cissp, cisM, cpp, cfe
Director of Network Security Consulting, Information EngineeringThis session presents the fundamental reasons why you need a network security assessment from an enterprise perspective. Covered are: basics on business risks and financials; mission statement and policy issues; technical aspects of implementation and baselining; network management concerns; incident response planning; and high-tech vulnerability identification. The presentation is designed to offer the audience a broad perspective on how to sell management (your own or a client’s) on the need for a network security assessment. Topics include: business risks and challenges; compliance concerns: mission critical functional support; buy-in key factors; financial considerations; and steps to get started.
AUD–4MONDAY, 4:30–5:30PM
Making the Critical SCADA Infrastructure Environment SafergustaVo J QuinteRo, iso 17799 iMpleMentoR,
Information Security ConsultantImplementing security best practices can help the “security guys” in organizations get control of the security of their operational environment, but in many cases the issue is where to start. Organizations using SCADA systems need to develop an appropriate IT security strategy. This can done based on dictated best practices but, beyond a doubt, should be done on an ad hoc basis for process control/SCADA. Attendees will take away solid know-how on: assessing security on process control/SCADA and identifying “quick wins”; creating a tactical/strategic security plan for the improvement of their process control/SCADA environment regarding their threats; and, implementing an information security practice based on an ad hoc methodology that allows tracking of all initiatives.
AUD–5TUESDAY, 10:30–11:45AM
Stop the Bleeding: Getting in Front of VulnerabilitiesJack Jones, cissp, cisa, cisM
Chief Information Security Officer, CBCInnovisContinual testing for vulnerabilities is a critical part of any effective risk management program. Unfortunately the technology projects our companies continue to implement can introduce new vulnerabilities as fast (or faster) than we can identify and fix them. Furthermore, it’s been well established that preventing vulnerability in design and pre-implementation is far less expensive than mitigating issues post-implementation. The challenge is how to integrate risk management into the system development lifecycle. In this session, we’ll take a look at how a Fortune 100 financial services firm successfully integrated information risk management into its technology SDLC.
AUD–6TUESDAY, 1:15–2:30PM
Structured Approach to Assessing and Managing RiskJohn MccuMbeR
Strategic Program Manager, Symantec CorporationThis session will push back the advance of “security as art” and supplant it with a structured methodology that functions independent of technology evolution. It outlines a simple, yet thorough process to guide security practitioners, policy makers, information technologists and auditors in the analysis and mitigation of risks in IT systems. There are numerous significant advantages to this approach. Government policymakers can stop wrestling with outdated, inaccurate compliance-based security models that are obsolete by the time the system is designed and deployed. This technology-independent approach will allow these senior decision-makers to specify their security and privacy needs long before systems are built. Conversely, the same approach will allow systems developers, integrators and security specialists to design and evaluate their compliance with these demands. IT systems designers and developers will be able to address security requirements in a structured, consistent manner.
Security professionals face many issues. . . . . . . .
Risk & AuditNEW
NEW
NEW
NEW
NEWN
EW
23Register Online at CSINetSec.com
1 12
2
in implementing an effective risk management process and forming an effective audit-security alliance. the risk sessions provide risk
analysis methods and offer practical examples to assist in real-world implementation. the audit sessions present the compliance side and
extend the risk management process to incorporate vulnerability assessment. they also examine how the implementation of audit logs and
established compliance checking methods can assist security and audit practitioners.
AUD–7TUESDAY, 3:15–4:15PM
Risk Management of Communication Over E-mail, Instant Messaging and WebdR. sue abu–hakiMa, ph.d.
Senior Advisor Compliance and Content Analysis, EntrustEnterprise communication is the double–edged sword that drives efficiency while presenting the highest risk to the organization. A myriad of government regulations and corporate governance policies present a strong challenge to e-mail, instant messaging, FTP and Internet use. In this presentation we will describe the issues that organizations are grappling with today while balancing a mix of regulations such as Sarbanes-Oxley, HIPAA, securities and individual privacy laws. We will also discuss front-end risk mitigation strategies based on real-time automatic policy enforcement and sophisticated content analysis, as well as back-end risk management through archiving and forensic e-discovery for audits. We will describe a number of content filtering approaches and highlight their advantages and disadvantages for risk management. Finally, we will present possible solutions that combine content analysis with encryption selectively for protecting sensitive communications.
AUD–8TUESDAY, 4:30–5:30PM
Aligning Security and GovernanceRonald hale, cisM
Director Information Security Practices, ISACAWith the increase in regulatory compliance and interest in ensuring the integrity and continuity of business processes, the need for information security has become more critical and visible within the executive office and among boards of directors. Security is not seen as a technical issue but as a component of the overall governance structure within an organization. This session will define information security governance, identify the outcomes and benefits of examining security from the vantage of governance and provide useful examples of how security can be integrated into the corporate and IT governance structures. This session will include research conducted by ISACA and the IT Governance Institute about the current trends in security governance and the value this brings to organizations.
AUD–9WEDNESDAY, 9:45–11:00AM
Protecting Client InformationchaRles R. hudson, JR., cissp, cisM
Infrastructure Security Manager, Wilmington TrustAlmost monthly, reports of client data being lost or stolen can be found in the news. These disclosures have happened numerous ways, but always seem to be related to people, processes or procedural oversights. With current and proposed legislation at both the state and national levels, it is imperative for companies to take measures to protect this data. In this session we will discuss these recent events and other avenues where disclosures could happen. We will also discuss how you can develop strategies to stop these breaches and react to incidents. The reaction discussion will include processes for determining who and how to notify individuals in the event of a breach.
AUD–10WEDNESDAY, 11:15AM–12:30PM
Using the CVE in Practical Risk AssessmentsdaVid aylesWoRth, cissp, cisM, pMp
Principal Analyst, Project Performance CorporationJason gRiM
Principal Analyst, Project Performance CorporationCommon Vulnerabilities and Exposures (CVE) standardizes names for vulnerabilities and information security exposures. Risk assessments and scanning tools in particular are important elements for evaluating the security of an IT system. Both identify vulnerabilities and recommend corrections, but it is difficult for system owners to reconcile the many choices presented. The CVE allows the system owner to organize and catalog vulnerabilities and recommendations. A methodology that uses the CVE compatibility database to standardize the output from the assessments and tools will result in significant savings. This presents a practical approach to providing a common interface, definition and solution for every vulnerability that is recognized by assessment tools. Taking each assessment tool’s output and comparing it to another’s output creates a common definition allowing for faster analysis and solution identification. This methodology can generate customized reports responding to each customer’s requirements.
RIS
k &
AU
DIT
AUD. . . . . . . .
“Good source of
information. Very well organized. content
level of the conference includes every aspect
of network security.
SHeIla mercaDO telecommunications regulatory
Board of Puerto rico
NEW
NEW
Join CSI and save $200 on NetSec. See page 35.24
333
1
1
1
ATC–1MONDAY, 10:30–11:45AM
What Hackers Don’t Want You to Knowdouglas conoRich
Global Solutions Manager, IBMNo one wants to experience downtime, lost productivity, or corrupted software and data due to viruses, worms, Trojan horses and other malicious attacks. This session will teach you how to create a safer and more secure network environment. We will discuss common hacker tools and techniques and explain how hackers work. . We begin with a brief overview of basic security concepts and discuss the specifics of various types of attacks, showing you how to protect against them. Using a variety of hacker scenarios we’ll show how attacks occur and how they are propagated throughout a network. You will leave with an understanding of how hackers work and how to keep your systems protected against them.
ATC–2MONDAY, 1:15–2:30PM
The Insider Threatdennis bRixius
Vice President, Risk Management and Chief Security Officer, McGraw-Hill Companies While we have spent countless dollars on securing the perimeter in the corporation, the need to properly secure and manage the inside threats has largely been ignored. This presentation addresses the increasing threats against the corporation that are generated by employees and non-employees operating within the perimeter. The context will provide a reference to these threats and various mitigation strategies to reduce the likelihood of an internal exploit.
ATC–3MONDAY, 3:15–4:15PM
Spear Phishing: Next-Generation Blended Threat in Enterprise SecuritypRoneet bisWas
Senior Security Architect, iPolicy NetworksAttendees will learn how these evolved versions of phishing attacks work, how to identify signs of the attack and what countermeasures they can introduce to protect their network. The presentation will address how the inherent trust levels in an enterprise are exploited to initiate the attack and how multiple propagation mechanisms—like a packaged SMTP engine—can increase an attack’s ability to spread. The other key feature to be touched upon is how malware packaged with these threats increases their damage potential. This will be followed by discussion of protocol anomalies and traffic anomalies, which are indicators of a spear phishing attack under progress. Finally, we will exemplify how an effective internal security strategy can be used to identify and contain these attacks. Upon completion, attendees will have a clear understanding of how to effectively deploy multiple security components to counter this threat.
ATC–4MONDAY, 4:30–5:30PM
Back Hacking Live!ofeR MaoR
Chief Technology Officer, HackticsApplication security has recently become a hot topic in the information security community. Terms such as SQL injection, URL tampering, cookie poisoning, session hijacking and others are used by consultants, vendors and the technical media. But how well do we understand these threats? Join us for a live demonstration of application hacking techniques executed against a demo online banking application. In this demonstration we will cover all common Web application attacks, explain the flaws which cause them and demonstrate actual exploits used by hackers in the real world. At the end of this session, each attendee will be able to fully understand the real essence of Web application attacks and the threat they pose to the organization.
ATC–5TUESDAY, 10:30–11:45AM
Metasploit: How to Use the Exploit FrameworkMattheW luallen, cissp, giac, ccie
President and Principal Consultant, Sph3r3, LLC. After completion of this hands-on course you will understand how to leverage the Metasploit exploit framework to validate the findings of your penetration tests—performed, of course, with the appropriate authorization and approval. Metasploit is an excellent, openly available resource that, if used successfully, can help to prove your organization’s security weaknesses. The framework contains the appropriate prebuilt capabilities to validate a vulnerability or exploit and install a backdoor or payload, and even provides several pre-built exploits and backdoors for your exploiting pleasure. Each attendee will receive a bootable live CD–ROM with Metasploit pre-installed and be guided through a series of demonstrations and labs to ensure their understanding of the concepts and techniques.
ATC–6TUESDAY, 1:15–2:30PM
Cybercrime: Spyware, Adware, and the Rest of the StorysaRah goRdon
Research Scientist, SymantecWhat exactly is cybercrime? Who are the cybercriminals? What do they want from you? How do they choose their victims? Are there steps you can take to avoid helping them expand their territory, and to reduce your risk of being their next victim? This interactive discussion will explore the theory and concepts of cybercrime, and will include a brief presentation of several individual case studies of both criminal and victim. Participants will leave this session ready to assist their companies, and their peers, in the fight against cybercrime. This discussion is ideal for academics, policy makers and law enforcement.
It is said there are management . . . . . . . .
Attacks & CountermeasuresNEW
NEW
NEW
NEW
NEW
NEW
25Register Online at CSINetSec.com
12
1
1
solutions to technical problems but no technical solutions to management problems. In the attacks and countermeasures track we discuss
both high- and low-technology attacks, from cross-site scripting and denial-of-service attacks to identity theft and social engineering. at the
same time, we identify management and preparedness challenges, such as business issues surrounding penetration testing and building a
framework for an incident response team.
ATC–7TUESDAY, 3:15–4:15PM
Botnets: Affecting Corporations, ISPs and Law EnforcementWendi WhitMoRe
Special Agent, Computer Crime Investigator, Air Force Office of Special InvestigationsGone are the days of hackers motivated by notoriety and pride. These days, computer hackers make money by attacking unsuspecting networks and exploiting them for all they’re worth. To be successful, these criminals use botnets (networks of compromised computers) to execute crimes that include distributed denial-of-service attacks, distributed pirated movie and music networks, online extortion attacks, computer intrusions and large-scale worm automation. Botnets are one of the single most potentially devastating trends in computer crime today. This presentation describes this disturbing trend in detail, outlines case studies of former attacks, suggests strategies for success and details how private corporations, ISPs and law enforcement can work together to combat this problem.
ATC–8TUESDAY, 4:30–5:30PM
The Rise of Cyber-CrimedaVid peRRy
Global Director of Education, Trend Micro, Inc.The largest change in malware in recent years is not a technical difference, but a difference of ideology. In place of college students, pranksters and would-be hackers, we now deal with a landscape of actual criminals. Join us in a real-world case study of not only viruses, Trojans and worms, but the wholesale invasion of the Internet by organized crime.
ATC–9WEDNESDAY, 9:45–11:00AM
Defending Against Social Engineering AttacksbRad sMith, cissp
Director, CIR Security Advertisers use it, many federal agencies teach it to their operatives and psychologists use it to gain patient trust. Used properly, social engineering skills will help you gain the trust and confidence of anyone—from your own children to staff members who need to comply with security rules. This how-to session gives you a model for effective communications and skills to influence a subject’s experiences. Learn three key power moments in conversations, and understand the concept of and four ways of making people feel at ease, in any situation. Attendees will practice these skills during the session, then test their mastery. Articles, online references and a checklist are also included. This session is valuable for anyone who needs to gain the trust of others, or who wants to make sure that they, their family, or their organization do not fall prey to social engineering techniques. Nurse Smith has used these skills for years on emergency room patients and will relate real–life stories and uses.
ATC–10WEDNESDAY, 11:15AM–12:30PM
Vulnerabilities of EncryptionJohn o’leaRy, cissp
Director of Education, Computer Security Institute (CSI)Encryption is a security-enabling technology and one of the keystones of electronic commerce. Without encryption, there would be no digital signatures, VPNs, confidential e-mail, protected Web-based business transactions or secure archives. But encryption is not a panacea. It cannot stand alone as THE security for a network. Encryption has inherent weaknesses, and some unrealistic claims regarding encryption made by vendors or in-house evangelists have made it subject to unfortunate misunderstandings. Specific types of encryption have particular potential technical flaws, and the way encryption is implemented, operated and managed can open up even more vulnerabilities. In this session, we will examine the use of encryption, searching for weak points, misunderstandings and operational errors that can or have actually resulted in security vulnerabilities. Then we’ll provide some recommendations for helping smooth the path to management’s understanding of problems and solutions.
AT
TA
ck
S &
cO
UN
TE
RM
EA
SU
RE
SATC
. . . . . . . .
Attacks & Countermeasures
“Great conference!
Wonderful forum for getting information
regarding iT security on new subjects and getting up to date info on those
subjects that we as iT people have been dealing
with for years.
SylvIa e. cuFFee Fleet & Industrial Supply center
NEW
NEW
Join CSI and save $200 on NetSec. See page 35.26
3
2 21MGT–1
MONDAY, 10:30–11:45AM
The CSO Forum: Dialogue With Senior Practitioners and Emerging LeadersteRRi cuRRan, cissp, cisM, cpp, Micaf
Director, Information Security, Bose CorporationThe responsibility of being a chief security officer (CSO) has never been more challenging. Longtime CSOs are facing a new array of technical and regulatory challenges that test their expertise and classical security training. Newer CSOs are facing the challenge of expanding existing programs into new, fresh initiatives for their organizations. And all CSOs—regardless of experience, industry sector, or background—are faced with new regulations, technologies and business issues that need to be addressed. This interactive session will address the concerns and plans of seasoned and newcomer CSOs. Findings from an annual, unscientific poll of CSOs will be reviewed so that participants can see how their concerns match up—or don’t. The end goal is to obtain a clear view of contemporary issues and how practitioners are dealing realistically with these issues.
MGT–2MONDAY, 1:15–2:30PM
Selling Network Security by the NumbersMichael coRby, cissp, ccp
Senior Director, Gartner ConsultingThe good news is that senior management finally gets the message that network security is important. The next challenge is to address how to determine a cost model for developing and maintaining an effective program. We will review several methods of determining the true cost of providing security services and how each plays out in an executive setting. Calling on a vast collection of experiences in measuring security and presenting successful proposals to corporate executives, useful and illustrative tools will be provided that help communicate the relationship between risk, investment and security. We’ll summarize with a look at collected standards of due care that define the state of security service levels and their metrics, and at a process for determining the appropriate level of adherence to standards, looking at relative position among peers and industry and highlighting past successes and future opportunities for improvement.
MGT–3MONDAY, 3:15–4:15PM
Solutions to Better Security Through IT ArchitectureshoRd tipton, cissp, issep, cap
Chief Information Officer, U.S. Department of InteriorInformation technology is managed in complex and diverse environments. This session presents a perspective for managing and adapting to the ever-increasing threat vectors and the necessary emerging technologies to meet this challenging environment. The presentation will discuss the effects of constrained resources, ingrained cultures, resistance to change, aging workforces, competition for scarce IT skills, inadequate IT and business architectures, intensive oversight and exponentially growing security threats. The focus of the solution will be on development and management of the business and IT architectures wrapped with the security architectural layer. A model for a mature service-oriented security architecture (SOA) will be graphically illustrated.
MGT–4MONDAY, 4:30–5:30PM
Logs and the Law: What is Admissible in Court?doMiniQue leVin
Vice President of Product Management, LogLogicAs most Global 2000 organizations are finding out, federal privacy laws now include an IT security component. Laws that do not focus on information privacy may require organizations to implement a security program to ensure compliance. Specific industries such as healthcare and financial services are subject to rigorous government regulations while public companies or those wishing to go public face the requirement of Sarbanes-Oxley audits. What do all of these statements have in common? The increased requirements for reporting, monitoring and retaining log data. Log data analysis and archives are explicitly mandated by many regulatory statutes and best practices. Log data can provide a complete real-time and historical record of access, activity and configuration changes for applications, servers and network devices. Such independent audit trails aid security and business policy validation and can prevent information leakage or theft.
One of our primary goals as. . . . . . . .
Management & Governance
“as always, the
conference was very well put together. The
organizing staff should be commended for a job
well done.
mIcHael SKala Stanford university medical center
NEW
NEW
NEW
NEW
27Register Online at CSINetSec.com
1
2 2 2
2
security practitioners is to build a security program that is responsive, resilient and effective. this track covers the key management issues
behind anticipating the challenges, budgeting the resources and gaining the support necessary to ensure that our information security
strategy protects and preserves our assets. additionally, the sessions in this track will deliver methods that the information security
professional can use to build a successful career and stable future.
MGT–5TUESDAY, 10:30–11:45AM
Addressing the Need for Security Metricsscott toMpkins, cissp, cisa
Senior Director, Information Security, CorSolutionsMeasuring information security has become a full-time job for many of us. We track viruses, spam, intrusions and other incidents. Like many aspects of information security we make up the rules as we go along. What metrics and reporting are needed for management? What metrics must be tracked for compliance with HIPAA or Sarbanes-Oxley? Security metrics focus on actions organizations take to manage and reduce risks. Metrics are useful to management, who face a complex set of questions regarding security, including: what to measure; how much to spend; how to weigh improvements vs. expenditures; how to measure improvements; and, how to verify that risks are being reduced. Metrics must be examined that measure not only the state of security, but the overall processes that an organization follows to implement and manage security. This session will address these and other issues.
MGT–6TUESDAY, 1:15–2:30PM
Outsourcing Security: How to Select a Managed Security Service ProviderJohn angelastRo, cissp, cisa, cisM
Senior Director of Security Services, SunGard Availability ServicesIn this session, long-term IT security practitioner and manager John Angelastro, head of internal IT Security for SunGard, examines the advantages and disadvantages of outsourcing to a MSSP and provides selection criteria to determine what items should be outsourced and to which MSSPs. We will analyze the best candidates for outsourcing and the areas to consider when selecting a provider. We’ll also cover how to align these provider services with our business and security organizations. This session targets security managers, directors and other professionals who want to maximize the use of their security budgets and focus more of their time on core strategic security initiatives.
MGT–7&8TUESDAY, 3:15–5:30PM
Measuring/Benchmarking Security PerformanceJohn o’leaRy, cissp
Director of Education, Computer Security Institute (CSI)Your security program is working very well… How well? How do you know? More importantly, how do you convince management and the end users of systems that you are doing the right things and doing them efficiently? In this session, we will delve into the complex, tricky, often frustrating task of trying to measure the level of security in an organization or subgroup. This is a participative session. You will group with other attendees to address some specific questions relating to benchmarking a firm’s information systems security. We’ll have fun, working together, bouncing ideas off each other and fine-tuning our possible measures of effectiveness. Come ready to work.
MGT–9WEDNESDAY, 9:45–11:00AM
The Role of IT Asset Management in Information SecurityRandolph sMith, cissp, issMp, issap
Manager, Information Security, UPS
IT asset management (ITAM) is not just software license control and knowing where all the computers are. It is also about how the gap between what assets you believe you have and what assets really exist affects your ability to manage risks, protect your infrastructure and intellectual property, comply with legal requirements and protect your brand image. This overview will explore how competing points of view can be harnessed to achieve common objectives. Attendees will obtain an understanding of the functions, roles and stakeholders for IT asset management and where these elements intersect with information security goals. The necessity of ITAM as the foundation of risk management and regulatory compliance is described. The presentation suggests methods to justify and implement ITAM and identifies some technologies that support the processes.
MGT–10WEDNESDAY, 11:15AM–12:30PM
Security and ITILbill koWaleski, cissp, itil
Senior Security Consultant, Hewlett PackardMany organizations are now adopting information technology infrastructure library (ITIL) as a standard for implementing IT processes. ITIL has a security management process but it has not been widely adopted. This presentation provides a short primer on the ITIL security management process and then presents some ideas for how to practically apply it using a case study of the integration of security incident management into the ITIL incident management process. Attendees will learn the basics of the current ITIL security management process and be able to take away some ideas about how to integrate their information security operations into an ITIL environment.
MA
NA
GE
ME
NT
& G
Ov
ER
NA
Nc
EM
GT. . . . . . . .
Management & Governance
“much more productive
than the big conferences i have been to.
Bernut SylvaIn nSc
NEW
NEW
NEW
NEW
Join CSI and save $200 on NetSec. See page 35.28
43
2
32
3
TEC–1MONDAY, 10:30–11:45AM
ABC’s of Penetration TestingMaxiMiliano caceRes
Director of IMPACT Product Management, Core Security TechnologiesPenetration testing has become an essential part of assessing and improving the security of an organization’s network. The goal of a penetration test is to assess the overall security of a network by attempting to compromise that system using an attacker’s techniques. There is often confusion about the difference between a vulnerability scan and a penetration test. A vulnerability scan identifies the problems that may have already occurred, rather than evaluating security by defending against a real attack, as penetration testing does. Penetration testing is active, while vulnerability scanning is passive. Vulnerability scans do not address the implications of a successful intrusion; they only list potential vulnerabilities without probing deeper to reveal the true threat to assets. A penetration test’s results go beyond the stale data and actually try to replicate the kinds of access a hacker could achieve, identify what resources are exposed and determine if your current security investments are detecting and preventing attacks.
TEC–2MONDAY, 1:15–2:30PM
Under the Microscope: Dissecting Bot CodecaRl banzhof
Chief Technology Officer, Citadel Security Software, Inc.This presentation will walk through a review and discussion of the architecture and source code of a widely distributed bot. It will examine the building blocks for which to extend and modify the bot source code and illustrate how easy it is to add new exploits and functionality with the availability of source code from the Internet. With the information presented, security managers can understand and evaluate the risks and exposures that bots pose to their networks. This is an advanced presentation that will require some understanding of programming using C++.
TEC–3MONDAY, 3:15–4:15PM
Device Driver Malwarealan Ross, cissp, issap
Security Architect, Inteldennis MoRgan
Senior Information Security Specialist, InteldaVe schulhoff
Senior Information Security Specialist, Inteltoby kohlenbeRg
Senior Information Security Specialist, IntelMalware has been evolving from the “showoff” activities of a few years ago to much more targeted and specialized attacks that focus on economic gain. There is a new type of malware emerging, one that specifically targets device drivers. This class of malware is particularly dangerous because it cannot be detected and/or prevented by traditional means (i.e. host intrusion detection and anti-virus technologies). This presentation will discuss the emerging threat of device driver-targeted malicious code and include proof–of-concept testing with documented examples that demonstrate the behavior of such code. We will then discuss some potential mitigation methods and technical solutions that will help counteract these new security threats.
TEC–4MONDAY, 4:30–5:30PM
Security in an Open WorldMaRk o’neill
Chief Technology Officer, VordelOpen system architectures have at last become a reality. However, while open systems can deliver significant business benefits to large enterprises, they also present new security challenges. With the ever -increasing need to protect our organizations from fraud, and to ensure our compliance with more stringent fiscal regulations, open and secure can be seen as mutually exclusive goals. This presentation will discuss the open architectures that are being deployed today and the demands that they place on our security framework. It will explore the nature of existing legacy security, how this should be incorporated into a new security infrastructure and how this in turn can enable us to deploy secure open systems.
TEC–5TUESDAY, 10:30–11:45AM
Log Mining for Securityanton chuVakin, ph.d.
Security Strategist, netForensicsThe presentation will describe methods for discovering interesting and actionable patterns in log files for security management without specifically knowing what you are looking for. This approach is different from classic log analysis as it allows one to gain insight into insider attacks and other advanced intrusions, which are extremely hard to discover with other methods.- The speaker will demonstrate how data mining can be used as a source of ideas for designing future log analysis techniques that will help uncover the coming threats. The most important part of the presentation will be the demonstration of how the above methods work in a real-life environment.
TEC–6TUESDAY, 1:15–2:30PM
Tracing Processes on Microsoft Platformsa. padgett peteRson, cissp, iaM
Principal in Information Security, Lockheed MartinOne of the more challenging aspects of a complete security risk assessment is finding out exactly which process has opened a port. Tools like ISS, Foundstone and nMap will provide information on which ports are open and provide the name of the registered application from a database, but often—and particularly in the range above port 1024—the library process will not be an actual process. This session will examine and demonstrate available mechanisms for tying a process to a port and how to disable if appropriate.
Take a deeper look. . . . . . . .
Advanced Technical SkillsNEW
NEW
NEW
NEW
NEW
29Register Online at CSINetSec.com
32
3
3
into different facets of information security technology. Security administrators, architects, and managers will benefit from the advanced
technical solutions discussed in the technology track. the solutions discussed can be implemented in most organizations – from the small
office to the corporate enterprise.
TEC–7TUESDAY, 3:15–4:15PM
Top Web Application Vulnerabilities and How to Hunt Them DownRyan beRg
Co-Founder and Lead Security Architect, Ounce LabsWeb applications continue to be the most frequently attacked, but often least-protected, layer of enterprise networks. As hackers find growing incentives to commit data theft, fraud and espionage, vulnerable applications become easy, lucrative targets. Organizations must identify and eliminate vulnerabilities—including cross-site scripting, SQL injection and command injection—from the Web–facing applications that access critical back-end data and resources. To most effectively address software vulnerabilities, security professionals should understand how programming errors, policy violations and design flaws in application source code expose business operations to risk. This presentation will present the “dirty (baker’s) dozen” —the 13 most critical vulnerability areas to address when assessing Web applications—as well as strategies to identify and remediate these vulnerabilities. The presentation will also include in-depth code examples and methods for prevention.
TEC-8 TUESDAY, 4:30–5:30PM
Exploitation Frameworks: A Comparative StudyfRank nagle, cissp
Assistant Director of Vulnerability Aggregation, iDefense, A VeriSign CompanyJayson Jean
Security Analyst, iDefense, A VeriSign CompanyadaM zeldis
Security Analyst, iDefense, A VeriSign CompanyExploitation frameworks are applications that allow for the automated exploitation of vulnerable systems. Typically, corporations use these frameworks to perform penetration testing on their internal systems. However, hackers also frequently take advantage of the automated test-and-penetrate mechanisms that these frameworks offer. This presentation will attempt to give a comprehensive review of the features included in Core Security’s IMPACT, Immunity’s Canvas and Metasploit exploitation frameworks. Additionally, we will compare these frameworks to determine which is the most useful in a corporate setting and which might prove the most significant threat to vulnerable networks. Finally, we will give a demonstration of the three frameworks in action.
TEC-9WEDNESDAY, 9:45–11:00AM
Behavioral Malware Analysis Using SandnetsJoe steWaRt
Senior Security Researcher, LURHQMalware analysis typically involves low-level reverse-engineering, or behavioral analysis by running code in a virtual machine sandbox. A “sandnet” extends the concept of a sandbox by giving malware an artificial “playground” network environment that appears from the malicious code’s point of view to be the whole Internet, in order to examine more of the possible execution paths of the malware being analyzed. In this presentation, I will introduce an open-source project which will provide a behavioral analysis sandnet, in order to allow semi-automated analysis of malware. The sandnet described uses a Linux control host, and a stock Windows operating system running directly on standard hardware (eliminating dependence on easily-detectable virtual machines).
TEC-10WEDNESDAY, 11:15AM–12:30PM
Multi-Function Appliances: Coming of AgesanJay beRi
Director of Product Management, Juniper NetworksA security solution comprised of multiple layers is the best defense against today’s increasingly sophisticated attacks. Increasingly, IT professionals are evaluating devices that combine security technologies that make sense together–beginning with FW and VPN, and branching out to include intrusion prevention. Multi-service or integrated security gateways are not a new concept. However, a variety of concerns have relegated them, predominately to a handful of “low-stress” use-case scenarios. This presentation will outline the top criteria to look for when evaluating MSGs and provide scenarios of how and where these solutions can be deployed to provide maximum protection. It will also provide an example of how to effectively consolidate multiple security services by exploring the characteristics of Integrated Security Gateway technology.
AD
vA
Nc
ED
TE
ch
NIc
Al
Sk
Ill
STEC
. . . . . . . .
“Great place. Good speakers, plenty of
tracks. more than enough tech. stuff, especially in exhibit hall. at approx. $150 per session it’s a
good deal.
BOB Brewer aZ State Dept. admin, ISD, Info Sec.
Services
NEW
NEW
NEW
NEW
Join CSI and save $200 on NetSec. See page 35.30
3
3 3
23
HOT–1 & 2MONDAY, 10:30AM–2:30PM
Hands-on Network Vulnerability AssessmentJustin peltieR, cissp, cisM, ccsp
Chief Technology Officer, Peltier AssociatesIt is always better to find our own security holes before the attackers do. How do we do that? We prepare ourselves with the education, tools and techniques to assess our systems. In this hands-on double session we will probe a system for vulnerabilities using both Windows and Linux utilities to see what security holes exist. This session will help you develop the skills to find your own system’s shortcomings before the bad guys do.
HOT–3 & 4MONDAY, 3:15–5:30PM
The How’s and Why’s of Intrusion Detection Event Correlationeugene schultz, cissp, cisM
Chief Technology Officer, High Tower SoftwareIntrusion detection systems (IDS) have improved over time, but they nevertheless miss attacks and also produce false alarms. Correlating the output of multiple IDS and devices can compensate; this presentation explains how and why. The manner in which data are correlated is a critical consideration, however. This presentation will explain and critique the major approaches to event correlation—time correlation, vulnerability correlation, open port correlation, profile correlation, route correlation, and Baysian correlation—with real-life examples of each. Attendees will learn the advantages and limitations associated with each type of event correlation method, something that will improve intrusion detection analysts’ abilities to detect security breaches. Attendees will also gain information that will help them make better decisions in buying IDS systems and security event manager software and appliances.
HOT–5 & 6TUESDAY, 10:30AM–2:30PM
Exploit DevelopmentMaxiMiliano caceRes
Director of Product Management, Core Security TechnologiesThe presentation will deliver an overview of exploit development and commonly used exploit techniques to establish the fundamentals of how security professionals can identify and exploit vulnerabilities in application code. This talk will be a hands-on review of commonly found vulnerabilities with a focus on exploitation. Attendees will write a sample exploit and customize available payloads to fit in different attack scenarios. To accelerate the exploit development process, attendees will use CORE IMPACT and its comprehensive exploit framework. This is an advanced technical presentation. Attendees should have: 1) A good understanding of networking protocols, 2) High level programming language knowledge such as C/Python, and 3) possess a basic understanding of assembly language for the Intel architecture.
HOT–7 & 8TUESDAY, 3:15–5:30PM
Advanced Wireless Security Configurations: WPA, WPA2, and 802.11iaaRon eaRle, cissp, cisa, cisM
Chief Executive Officer, AE&E CorporationAnxiety over the (highly publicized) insecurity of wireless networks pressed the infosec industry to race for answers, which finally came in the form of the WPA, WPA2 and 802.11i standards. Yet, protecting wireless networks is still a challenge—no longer a lack, but a glut of solutions has created confusion and complexity. Attendees will receive the information and experience needed to understand each one of these standards in detail. We will go over all the interconnecting standards and protocols used within WPA, WPA2, and 802.11i, and explain the related roles of everything from EAP to PEAP, RADIUS to 802.1x and AES to TLS. We will also instruct attendees on how to configure their wireless laptops to work with each of these standards, and pass on the know-how to configure, understand and select the best wireless security standard for their organization. * This session requires a wireless capable laptop running Windows XP or Windows 2000 with a wireless network adapter.
HOT–9 & 10WEDNESDAY, 9:45AM–12:30PM
Hands-on Cyber Crime InvestigationJustin peltieR, cissp, cisM, ccsp
Chief Technology Officer, Peltier AssociatesLearn novel and innovative techniques for conducting large-scale cyber crime investigations and formal post-digital incident root cause analysis (incident postmortems). Included will be next-generation investigative process approaches, use of shallow link analysis to analyze large logs and other investigative data and formal modeling of incident flows and witness/suspect statements. During the class, attendees will analyze a large log data set and a hacking incident. Using shallow link analysis, see a demonstration of the use of formal modeling tools to analyze incident flow and to determine the truth of witness and suspect statements. Attendees will be able to take with them a collection of papers on various new investigative techniques as well as a copy of the shallow link analysis tool used in class. Links to modeling tool downloads will also be provided.
Hands-on Technologythe sessions in this innovative track will
provide hands-on exercises on a single
relevant security technology or concept.
Sessions will be double sessions to allow
sufficient time to dive into the topic.
Ideas and information provided can be
implemented anywhere—from the small
office to the global enterprise.
hA
ND
S-O
N T
Ec
hN
Ol
OG
Y
HO
T
“excellent. outstanding.
While i am a cSi member and repeat returnee
to the fall conference, this is the first netSec
conference that i have attended. it has been
excellent.
cHarleS l. JOHnSOnHumana, Inc.
NEW
NEW
NEW
31Register Online at CSINetSec.com
M ast e r t r ac k
1
2
2
1
2
IAM–1MONDAY, 10:30–11:45AM
Identity and Access ManagementJohn o’leaRy, cissp
Director of Education, Computer Security Institute (CSI)The phrase tends to make us think of multiple interacting technologies that support common identity and access needs of private and government transactions. True, but it’s not a complete picture. I&AM also includes policies, business practices, standards—even laws to facilitate secure commerce and government services and ensure adequate privacy for individuals and corporate entities. It is the foundation for internal control, but it’s also growing to encompass more areas of information security. Authentication, whether ID/Password, token-based, challenge/response, or biometric, is part of identity and access management. So are access control and cross-platform authentication and protection of identity-related information—and virtually anything else that helps address the challenges of managing information access within and across organizational boundaries. We’ll examine the structure and interaction of various elements of identity management, citing drivers used by organizations to make a strong business case.
IAM–2MONDAY, 1:15–2:30PM
Authentication Methods from the Edge– New Solutions for New ChallengeschRis Voice
Vice President, Technology, EntrustIn response to on-line identity attacks, a variety of new authentication technologies are being brought to market. Forged in the face of waning trust in the internet, these offer flexible, alternative approaches to the usual suspects of tokens and smartcards. The objectives of this session are to review the “state of the art” in identity theft attacks and incidents; discuss where stronger authentication is appropriate as a response; describe new technological approaches to authentication, from different vendors, and where they are appropriate; and, real-life case studies of organizations successfully deploying new technologies.
IAM–3MONDAY, 3:15–4:15PM
Realizing a Trusted Identity Architecture—Before It Is Too LategRegoRy abRenio, cissp
Associate, Booz Allen HamiltonGovernment agencies, businesses and consumers are demanding a computing environment in which they can accurately identify each other in a manner that both increases security and improves business relationships. This presentation will explore standards and technologies related to identity vetting, smart cards, public key infrastructure, biometrics and Web services to enable the practical realization of a trusted identity architecture that can be aligned with strategic business objectives. We will illustrate the fundamental elements required to securely create, transmit and validate identity information in a manner to build a trust chain that will withstand the most sophisticated threats against e-commerce and identity theft. As a result, participants will learn about innovative tools to secure their infrastructure before the consumer completely loses trust in e-commerce.
IAM–4MONDAY, 4:30–5:30PM
Identity Management and National SecurityJ.R. Reagan, cisM,
Managing Director, BearingPointCountries around the globe have begun to establish leadership positions in implementing technology solutions and legal frameworks for identity management. Border and transportation security, national identity, global trade management and other requirements have heralded the use of biometrics and smart cards for border control and immigration applications and given rise to new uses for large-scale civilian identification programs. This presentation will highlight best practices for fusing information and physical security for unique identity management initiatives on a global basis.
IAM–5TUESDAY, 10:30–11:45AM
Realities of Identity FederationMattheW gaRdineR
Senior Product Marketing Manager, Computer AssociatesIdentity Federation enables companies to further leverage the Internet to ease user access to information and applications specifically as they cross a company’s ecosystem of suppliers and partners. After introducing the concept of identity federation and providing a brief review of the key standards that make it up, this session will focus on the evolution of identity federation, will supply specific customer use cases that highlight the different stages of the evolution, and will close by reviewing specific takeaway recommendations on how to plan for federation.
Identity & Access ManagementIdentity management is one of the
information security industry’s busiest
areas this year. as enterprises seek to
improve their security by enhancing
their identity management capabilities,
they need practical information on how
to implement and manage these new
technologies and protocols.
IDE
NT
ITY
& A
cc
ES
S M
AN
AG
EM
EN
TIAM
NEW
NEW
NEW
Join CSI and save $200 on NetSec. See page 35.32
M ast e r t r ac k
3
3
4
2
2
MOB–6TUESDAY, 1:15–2:30PM
Breaking Wireless SecurityaaRon eaRle, cissp, cisa, cisM, Mcp
Security +, Chief Executive Officer, AE&E CorporationThe widespread growth of wireless networking has caused more and more corporations to adopt a wireless workplace. This go-anywhere-be-connected-everywhere environment creates great security challenges. These challenges are further complicated by mobile workers operating various devices across multiple technologies. To properly combat these challenges, one must first identify the risks facing the mobile workforce. This session will detail the current threats facing wireless networks in the local area and across the wide area. It will look at each of the latest security methods, protocols and technologies, identifying the vulnerabilities currently being used by hackers. We will see how hackers perform wireless network penetrations with an emphasis on their tools and techniques. We will walk through the short history of wireless networking security, why it failed and what has been implemented to alleviate that failure. Your interest in attending this type of session suggests you have a basic knowledge of wireless networking.
MOB–7TUESDAY, 3:15–4:15PM
Wireless IDS Challenges and VulnerabilitiesJoshua WRight
Senior Security Architect, Aruba Wireless NetworksEmerging wireless attacks utilize multiple weaknesses that cross protocol and frequency boundaries, producing blended threats that make it easy for an attacker to violate wireless security. Although wireless IDS systems offer detection and protection mechanisms for organizations against these attacks, wireless IDS systems are not perfect. This presentation will examine the strengths and weaknesses of wireless IDS systems, identifying vulnerabilities that can be manipulated by the attacker to become “invisible” to the administrator and will also introduce a framework for evaluating the security of wireless IDS systems called LORCON (Loss of Radio CONnectivity).
MOB–8TUESDAY, 4:30–5:30PM
SSL or IPSec? Tough Remote Access Decisions Made EasierViVian ganitsky
Director, Product Management, Juniper NetworksToday’s distributed enterprises face the complex challenge of having to deploy an infrastructure that can help diverse users connect from a plethora of devices and gain access to the right set of resources securely. In the absence of a single transport solution, enterprises are often forced to deploy disconnected access systems for Web applications, streaming media and VoIP apps. IPSec transport offers high performance, while SSL can provide highly available, always-on connectivity. However, what if enterprises could have a single access platform that provides a choice between IPSec and SSL transport without having to install a separate client on remote machines? This session will examine the options for remote access and discuss how to provide intelligent access provisioning and coordinated security policy administration, while reducing administrative costs. Network-layer access with adaptive dual transport modes, and best solution scenarios for SSL and IPSec will be discussed in detail.
MOB–9WEDNESDAY, 9:45–11:00AM
RFID: Security and PrivacyJohn o’leaRy, cissp
Director of Education, Computer Security Institute (CSI)We’ve read some articles in trade pubs. We’ve felt the buzz. “RFID will revolutionize how we do business.” We might even have heard our physical security guys or warehouse group talking about how they’re going to implement RFID for inventory control or article surveillance or building access or something else. But we’re IT security people, and we know that RFID involves wireless communication, so we’re concerned. However, we don’t know exactly what to be worried about, or what to do about our nebulous fears, or how to convince management to allocate us the resources we need to definitively analyze the threats and build a structure of appropriate countermeasures. We’ll look at RFID—what it is and how it can be used—and approach a more definitive focus for our security concerns. We’ll do a basic overview of the technology and then put our security hats on to analyze some specific implementations, looking for threats, vulnerabilities, countermeasures, implementation strategies and ways to explain RFID security.
MOB–10WEDNESDAY, 11:15AM–12:30PM
Smoking out Rogue WiFi Traffic on Your Corporate Wireless LANandReW gReenaWalt, ccse
Founder and CTO, Perimeter Internetworking With smart phones and other gadgets supporting three or more wireless standards at a time, security officers have begun sniffing the airwaves for rogue devices accessing their networks as well as employee phones and laptops carelessly left in a “discoverable” mode. Some are also contemplating entirely new policies, such as banning all wireless devices from the network except those issued and managed by IT. Hackers are already preparing exploits for some of the standards. The effects of their attacks could be catastrophic to individuals and companies. This session will explain, using monitoring techniques and case studies, how companies can monitor, detect, isolate and eliminate rogue WiFi traffic on their networks.
Mobile & Wirelessthe mobile and wireless networking track is
primarily focused on providing the most up-
to-date security within these ever-changing
technologies. as new standards arise and
products emerge, a solid education in
these principles is essential for any security
professional in a decision-making role.
MO
BM
Ob
IlE
& W
IRE
lE
SS
NEW
NEW
NEW
NEW
33Register Online at CSINetSec.com
M ast e r t r ac k
1
3
1
2
3
FOR–1MONDAY, 10:30–11:45AM
Computer Forensic PrimerWaRRen kRuse, cissp, cfce
Managing Director, AON ConsultingThis session will provide participants with experience in sound computer forensic methodologies, with emphasis on computer evidence issues. The class stresses evidence preservation—the documentation of computer evidence findings—and solid evidence processing methodologies which help overcome legal attacks against the admissibility of computer related evidence. A forensic investigator lives and dies by the tools she uses to gather, save and process evidence. To be successful in this field, you need to have a lot of tools. This session will also provide participants with experience using the most popular forensics tools—Encase and Access Data. Other tools such as Paraben and ProDiscover will also be covered. This is a vendor-neutral presentation based on real-world experience using the tools the instructor uses. The course is ideal for individuals who conduct computer security reviews, computer-based internal audits and computer-related investigations.
FOR–2MONDAY, 1:15–2:30PM
Windows ForensicsWilliaM stackpole, cissp/issap, cisM
Lead Security Architect, Microsoft CorporationThis session covers the tools and techniques you can use to extract forensic information from Windows-based systems. The session includes a demonstration of forensic data extraction from a live Windows system and tips for extracting data from NTFS formatted disks.
FOR–3MONDAY, 3:15–4:15PM
From the Lab to the Boardroom: Forensics Goes MainstreamJiM butteRWoRth
Senior Forensic Consultant, Guidance SoftwareTraditionally a law enforcement discipline, computer forensics has emerged as a capability that has helped corporations to deal with the rise of computer-related incidents. This presentation will provide attendees the framework to build a modern investigative infrastructure and incident response capability. Topics that will be covered include: legal issues (including international data privacy); regulations and guidelines (what exists that governs); policies and procedures (how to draft a policy); technology and infrastructure (network-enabled forensic investigations vs. enterprise investigations); staffing and training (how to build a team, case management and training); lab environment (best practices); and industry trends (where is the industry heading?). Throughout this presentation, reference to real-world case examples will be cited.
FOR–4MONDAY, 4:30–5:30PM
Beyond EnCase and Forensic ToolkitsthoMas akin, cissp, cnx
Senior Incident Response Analyst, Internet Security SystemsAs the prevalence of intrusion, virus infestation, fraud and other information security breaches increases, it becomes evermore crucial to understand computer and network forensics. There are no new crimes, only new ways of committing the old ones. Digital investigations into these crimes are more than analyzing hard drives. The presentation will cover additional skills needed to make an investigator more effective at recreating events and catching criminals. The skills include: network forensics (trapping and analyzing network traffic); log analysis (effectively analyzing large amounts of various log data); password cracking (methods of cracking suspect passwords); metadata (finding and analyzing metadata); analyzing malware (tips on identifying and analyzing Trojans, bots and other malware); and e-mail analysis (investigating e-mail messages in various formats).
FOR–5TUESDAY, 10:30–11:45AM
How to Respond to Incidents Without Going to JailMaRk Rasch
Senior Vice President, Chief Security Counsel, Solutionary, Inc.Many people are familiar with the technical aspects of computer security incident response and forensics. However, a successful incident response plan must include detailed knowledge of: the laws and policies related to privacy of employees and others, electronic surveillance, computer crime and fraud, trespassing, reporting of incidents, bank secrecy and suspicious activity reporting, chain of custody and evidence, entrapment, and appropriate investigative techniques. The unwary investigator could destroy the evidentiary requirements for later litigation or prosecution, or even commit violations of the law themselves. All this without going to jail.
ForensicsIncidents of computer crime are rising
at an alarming rate. as a result, the
burden of performing proper forensics on
information systems is often switching
from law enforcement to corporate It
and information security professionals.
Sessions in this track will demonstrate
the techniques for recovering computer
evidence after a system has been
compromised. Sessions will also include
the latest in forensic tools and techniques,
as well as the technologies that assist in
recovering evidence. FO
RE
NS
IcS
FOR
NEW
NEW
NEW
NEW
Join CSI and save $200 on NetSec. See page 35.34
M ast e r t r ac k
3
2
1
3
3
WEB–6TUESDAY, 1:15–2:30PM
Web Services Security: ProtocolsJahan MoReh
Chief Security Architect, SigabaA new wave of enterprise applications is being developed according to a service-oriented architecture (SOA). The most popular deployment of an SOA is through Web services standards. This session discusses four possible methods for securing Web services and the relative strengths and weaknesses of each. Upon completion of this session attendees will be able to: articulate how Web services fit in a Service Oriented Architecture (SOA); list components of Web services; describe four models for securing Web services; demonstrate an understanding of XML; understand how to employ digital signature as the basis for Web services security; and articulate the model for Web services security for SOAP and its various Web services security token profiles..
WEB–7TUESDAY, 3:15–4:15PM
Exploiting and Defending Web Servicesnish bhalla
Founder, Vice President of Professional Services, SecurityCompass.comWeb services are becoming the cornerstone of Web applications. Web services are also being abused by attackers to gain access to systems. The applications using Web services are still vulnerable to SQL injection and cross-site scripting attacks. The talk will focus on understanding how to attack and how to prevent attackers from abusing Web services by using publicly available tools. It will also talk about the basic methodology of attacking Web applications.
WEB–8TUESDAY, 4:30–5:30PM
Securing Service-Oriented Architecturesstephen gantz, cissp, issap, ceh
Senior Enterprise Architect, Blueprint TechnologiesAdvances in Web services security standards and technologies provide the technical foundation for delivering Web services with adequate security—long a barrier to widespread implementation of these services. As more organizations move to service-oriented architectures, it is important to understand the security challenges presented by SOA models—particularly those relying on Web services—and the appropriate use of available technologies, standards and security measures to provide security for SOA infrastructures. This session presumes a basic familiarity with standards such as SOAP, WSDL, WS-Security, and XACML, and will focus on the application of these standards and the technologies that implement them within commonly implemented SOA patterns. The focus of this technical session will be to go beyond security Web services so attendees can understand and implement effective service-oriented architecture security.
WEB–9WEDNESDAY, 9:45–11:00AM
XML, HTTP, TCP Security ConvergekuRt RoeMeR, cissp
Chief Technology Officer, NetContinuumWeb services and SOA applications are gaining traction by enterprises worldwide. To safely deploy these applications, the full underlying protocol stack must be secured to open access and create a manageable perimeter. With multiple devices to manage at multiple protocol layers, security managers are now looking for optimal ways to converge their TCP, HTTP and XML security control points to improve policy management effectiveness and raise security and efficiency. This session will deliver a blueprint on how to define requirements for securely delivering XML/SOAP applications. Attendees will learn: the key security threats that must be considered; the policies that should be developed to address these security threats, and; the best strategies for efficiently delivering and managing a total security solution to safely expose the application.
WEB–10WEDNESDAY, 11:15AM–12:30PM
Web Services Depends on Interoperable Security Standardsanthony nadalin
Chief Security Officer, IBMFor the Web to deliver on its fundamental promise, it must provide predictable interoperability and security. This session will highlight the array of emerging Web services security standards (WS-Security), including those related to token types, headers, signatures and encryption. An overview of OASIS’s in-progress security standards work will also be provided. In addition to the work of OASIS, the WS-I Basic Security Profile Working Group is tasked with producing security scenarios and a basic security profile. The process of creating a security scenario and its relationship to the basic security profile, which provides implementation best practices and other guidance regarding Web services security standards, will also be discussed. Finally, the presentation will address the philosophy and methodology of profile design, the choice of Web services security standards to be profiled and the interoperability gaps among popular Web services security standards.
Web Services the next generation of enterprise
application development will focus
primarily on service-oriented architectures.
while the general scheme of web services
is well understood, much in the way of
practical implementation remains to be
worked out. the devil is in the details,
particularly when it comes to the security
of these application frameworks. Sessions
in this track will look at security-related
standards and protocols within the web
services arena, vulnerabilities discovered
to date, strategies for penetration-testing
web services applications, and best
practices for deploying secure web services
applications.
WE
b S
ER
vIc
ES
WEB
NEW
NEW
NEW
NEW
NEW
Join the World’s Leading Membership Association—CSIComputer Security Institute (CSI)
is the world’s leading membership
organization specifically dedicated
to serving the information security
professional. Since 1974, CSI has been
aggressively advocating the critical
importance of protecting
information assets and providing
education on ways to protect the
information assets of corporate,
educational and government
organizations. CSI holds two
conferences each year, and seminars
in cities nationwide, throughout the
year, covering a wide variety of security
topics. CSI membership has many
benefits, including discounted rates
on conferences and seminars, and
publications specifically for
infosec professionals.
Save $200 on the conference when you sign up for CSI Membership Sign up for CSI Membership for just $224 ($264 Intl.) and get immediate savings of $200 off the Non-member conference fee. Take advantage of this deal today! For fastest processing of your membership, please use this form and fax to (415) 947-6023, along with your conference regis-tration. Use code NMNS6 for your member # on registration form. You may also sign up for solely membership using this form or at GoCSI.com.
❏ Yes! I am joining now and registering for the conference at the discounted member rate.
❏ Yes! I am joining now but will not be registering for the conference.
❏ Send more info. Please add my name to the CSI mailing list of news and future events.
Sign me up for CSI membership for: 1 year ❏ $224 U.S./Canada/Mexico ❏ $264 International
2 years ❏ $399 U.S./Canada/Mexico ❏ $475 International
3 years ❏ $537 U.S./Canada/Mexico ❏ $633 International
Name:
Title:
Company:
Address:
City/State/ZIP: Country:
Phone: Fax:
E-mail:
Payment Method:
❏ Charge my: ❏ Visa ❏ Mastercard ❏ Amex
Card #: Exp. Date:
Name on card:
Signature:
❏ Check Enclosed (Payable to Computer Security Institute) ❏ Bill me nS6cat
computer Security Institute cmP media 6th Floor 600 Harrison Street San Francisco, ca 94107 v (866) 271-8529 • f (415) 947-6023 [email protected]
CSI MembershipIf you are already a cSI member, simply provide your membership number on the conference registration Form.
Computer Security AlertThe official CSI monthly newsletter with timely updates and practical tips to ensure your success.
Computer Security Journal CSI quarterly publication with in-depth articles and useful product reviews and comparisons
Securcompass® The SecurCompass measurement module uses an online survey to help you understand the current state of security in your organization, relative ranking compared to your peers, and tasks needed to improve the level of security.
cSI/FBI computer crime & Security Survey This widely-cited survey takes a look at trends in computer crime—how many companies are experiencing breaches and attacks, from where, financial loss associated, protection measures, and more. Published annually in the summer.
conference and training Discounts CSI members receive discounts of $200 off every CSI event!
Plus: Member-only online access to articles, networking opportunities, publications discounts, and more!
CSI Membership includes:
With your CSI Membership, enjoy VIP
treatment at CSI conferences. At CSI
NetSec 2006, we are pleased to offer a
Member Hospitality Lounge with light
refreshments, computers and Internet
access. Come to check your e-mail or
just to relax.
Also, Members enjoy reserved seating
at the 8:30AM Keynotes. Look for the
roped off area in the front reserved for
“Members Only”.”
ME
Mb
ER
Sh
IP
35Register Online at CSINetSec.com
T h e P h o e n i c i a n R e s o R T
The Phoenician Resort | Scottsdale, Arizona6000 East Camelback Road, Scottsdale, AZ 85251 USA
North America: (800) 888-8234 • Worldwide: (480) 941-8200
www.thephoenician.com
The Phoenician will be the headquarters hotel for the CSI NetSec 2006 Conference and Exhibition. All programs, exhibits and
hospitality functions will be scheduled at The Phoenician.
The Phoenician in Scottsdale, AZ, a luxury resort with world-class conference facilities, provides unprecedented opportunities to
mix and mingle with leading computer security practitioners in an atmosphere designed to deliver focused attention to the security
issues that matter most. Recharge your batteries at Phoenician’s world-renowned spa, their fine restaurants,
one of the Phoenician’s many swimming pools, or simply by strolling the grounds and
listening to the peace and quiet.
Hotel & Travel
THe PHoenicianTHe PHoenicianH i t s a l l t H e R i g H t n o t e s
36
The hotel pours it on. You’re in for an over-the-top experience.
Travel & Leisure Magazine
“ ”
Join CSI and save $200 on NetSec. See page 35.36
“Great coverage of
topics, excellent knowledgeable speakers, great
venue.
Stephen Monahanamerican express
Hotel & TravelPhoenician highlighTs:
• 250-Acre Resort
• The Centre for Well-Being Spa
• 27 Hole Championship Golf Course, Clubhouse and Pro Shop
• Tennis Garden Featuring 12 Secluded Courts
• $8 million art collection
• Nine heated pools and 165-foot water slide
• Eleven restaurants and lounges
• Daily guest activity programs
• Funicians Club for Kids
Special Room Rates$190.00 per night Call The Phoenician to make room reservations. Please mention you are with the Computer Security Institute NetSec 2006 Conference & Exhibition to obtain special discounted room rates. Follow hotel instructions to guarantee your room reservation. Any changes must be made with the hotel. Cut-off for the special CSI room rates is May 10, 2006. For reservations, call (800) 888-8234 or (480) 941-8200.
THe PHoenicianTHe PHoenicianairline ReservationsAmerican Airlines is the official airline for Computer Security Institute. Special discounted tickets are available if reservations are made through the American Airlines Meeting Services Desk. Call (800) 433-1790 for reservations. CSI’s discount code number is 7766AI.
airport transportationRegular Taxi — Approximately $25.00
Phoenician Transportation (800) 888-8234 — $37.00
Super Shuttle — Approximately $15.00
Special RequestsPlease contact CSI Customer Service via e-mail ([email protected]) or phone (415) 947-6320 if you require special meals or alternate accommodations as outlined under the Americans with Disabilities Act.
parkingValet/Overnight Parking — $26.00/daySelf Parking — Complimentary
H i t s a l l t H e R i g H t n o t e s
The Phoenician
Fine Dining
World-Renowned Spa
Spectacular Settings
Register Online at CSINetSec.com 37
R e g i s t R a t i o n
Registration Instructions
3 Conference Discounts AvailableEarly Bird DiscountSave $200 off Conference fee when you register before May 8, 2006.
Save $75 on Pre & Post Conference Seminars when you register before May 8, 2006.
Member DiscountCSI members receive $200 off the Non-Member conference registration fee. See registration form for details.
Team DiscountsWhen three or more from the same company register and pay at the same time, each receives a $50 discount.
Call (415) 947-6320 for details.
Continuing Professional Education Credits (CPE)Attendees earn:
• 18 CPE units for the conference (Monday–Wednesday)
• 16 CPE units for each 2-day seminar
• 8 CPE units for each 1-day seminar
• 3 CPE units for each 1/2-day seminar
Special service reserved for CISSPs: CSI will automatically forward your earned CPE units to (ISC)2
upon completion of training. Please provide your certificate
number in the space provided on the registration form.
Four Easy Ways to Register 1 Register online: at the CSI website: www.GoCSI.com
2Fax: the registration form on the back of this page, with
payment information, to (415) 947-6023
3Mail: the registration form and payment to:
CSI Conference Registration
C/O CMP Media 5th Floor
600 Harrison Street
San Francisco, CA 94107
4Call: (415) 947-6320
all electronic payments for Computer security institute are to be sent to:
Chase Manhattan Bank55 Water street nY, nYACCOUNT NUMBER: 097-031291ABA NUMBER: 021-000-021CMP Media LLC600 Community Dr.Manhasset, nY 11030FEDERAL TAX ID NO.: 11-2240940
all payments must include:• attendee name• Company• invoice number (if applicable)• Reference:
“Csi netsec Registration Payment”• Conference gL: 21373-0606• Us funds only
Registration and Payment Deadlines• online Registration closes June 9, 2006.
• Registrations received (via fax, mail or email) after June 7, 2006 will be processed at the on-site registration center at the Phoenician scottsdale.
• a check, money order or credit card information MUst accompany your registration.
• if your membership cannot be verified by Csi at the time of registration, you will be charged the non-member fee.
• While on-site registrations will be accepted, we strongly recommend you register early to reserve class space and to save time on-site.
• Registrations are not confirmed and classes are not reserved until full payment is received.
Cancellation Policy• Cancellation requests must be in writing. a fax will be
accepted.
• a full refund will be issued if written cancellation is received prior to May 15.
• no refunds will be issued for cancellations received after May 15, 2006.
• substitutions are always welcome.
Payment Information• For registrations paid with a government training Document,
the training Document MUst accompany your registration form. Registrations will not be processed, and class selections cannot be guaranteed without a copy of the government training Document.
• Bank Wire transfers and electronic Funds transfers (eFt’s): Wire transfer transaction Document from your bank MUst accompany registration form. Registrations will not be processed and class selections cannot be guaranteed without a copy of the Wire transfer transaction Document from your bank. Please include a $20 service feeon all Wire transfers.
Join CSI and save $200 on NetSec. See page 35.38
RegistrationRegistration Deadline is June 9.Registrations received after 4:00 pm PST June 9 will be processed on-site. Registrations will be processed on a first-come, first-served basis. Registrations without payment information will not be processed. For multiple registrations, copy this form. Questions? Call our registration team at (415) 947-6320. Register online at GoCSI.com or follow these quick steps.
The Phoenician • June 12-14
1. Attendee Information
Keycode: Member #:
Name: Job Title:
Company:
Address: MS:
City/State/ZIP: Country:
Phone: Email address:
I am substituting for CSI member:
CISSP: ❒‑ No ❒‑ Yes Cert. #
(Upper left corner of label)
(Upper right corner of label)
Cancellation PolicyCancellation requests must be in writing. Full refunds will be issued if written cancellation is received prior to May 15, 2006. Substitutions are always welcome. Those who have not submitted written cancellation will be responsible for the full fee.
What is your Job Function?❒ Information/Data/Computer
Security❒ Network/Communication Security❒ IT Audit❒ IT Svcs/Outsourcing/Sys
Integration❒ Consulting❒ Web Development/Web
Management❒ E‑Business/E‑Commerce/
Internet/Intranet❒ Application Development/
Programming❒ Disaster Recovery/Bus Continuity❒ Engineering ❒ Financial❒ Legal❒ Admin/Tech Support/Help Desk❒ Sales/Marketing ❒ Other
What is your Job Level?❒ Executive Management❒ Director❒ Manager❒ Sr. Staff/Supervisor❒ Staff/Specialist❒ Owner/President❒ Consultant❒ Other
I have the following involvement in purchasing products:(select all that apply)❒ Create IT Strategy❒ Determine Needs/Features❒ Evaluate Brands❒ Specify Brands/Vendors❒ Approve Purchases
What Industry are you in?❒ Banking ❒ Consulting
❒ Education ❒ Federal Government❒ Healthcare❒ Insurance❒ Information Technology❒ Manufacturing❒ State or Municipal Gov’t❒ Telecommunications❒ Utility❒ Other
What is your company’s computer security budget? ❒ $0‑50,000❒ $50,001‑100,000❒ $100,001‑500,000❒ $500,001‑1 million❒ 1million‑3 million❒ 3 million‑5 million❒ over 5 million❒ Unknown
3.Please indicate your payment method below. All payments must be made in U.S. funds. A check, money order or credit card information must accompany your registration.
Registrations are not confirmed and classes are not reserved until payment is received.
❒ Charge my: ❒ Visa ❒ Mastercard ❒ Amex
Card #: Exp. Date:
Name on card:
Signature:
Billing address (if different from above):
❒ Check Enclosed (Payable to Computer Security Institute)
❒ Bank Wire/Electronic Payment (please include a $20 service fee and attach transaction document)
Wire Transfer Transaction Document from your bank MUST accompany registration form. Registrations will not be processed and class selections can not be guaranteed without a copy of the Wire Transfer Transaction Document from your bank. See p. 38 for CSI bank details and mailing info.
❒ Government Training Doc. # Government Training Document MUST accompany registration form. Registrations will not be processed and class selections can not be guaranteed without a copy of the Government Training Document.
MONDAy, JUNE 12 1st 2nd 10:30am-11:45am ❏ ❏ INT-1 Intro to Cryptology❏ ❏ AWR-1 Let’s Bore Our Users With Training❏ ❏ COM-1 Regulatory Compliance ❏ ❏ CRT-1 Security Reviews ❏ ❏ AUD-1 Keeping Pace with Compliance Regulations❏ ❏ ATC-1 What Hackers Don’t Want You to Know❏ ❏ MGT-1 Dialogue With Senior Practitioners, Leaders❏ ❏ TEC-1 ABC’s of Penetration Testing❏ ❏ HOT-1&2 Hands-On Vulnerability Assessment❏ ❏ IAM-1 Authentication Methods❏ ❏ FOR-1 Computer Forensic Primer
1st 2nd 1:15pm-2:30pm ❏ ❏ INT-2 Introduction to the NIST Security Framework❏ ❏ AWR-2 Security Awareness: Starting at Ground Zero ❏ ❏ COM-2 The Emerging Legal Duty of Care❏ ❏ CRT-2 Information Sharing: Panacea or Peril?❏ ❏ AUD-2 Quantitative Risk Assessment❏ ❏ ATC-2 The Insider Threat❏ ❏ MGT-2 Selling Network Security by the Numbers❏ ❏ TEC-2 Under the Microscope—Dissecting Bot Code❏ ❏ IAM-2 Authentication Methods ❏ ❏ FOR-2 Windows Forensics
1st 2nd 3:15pm-4:15pm ❏ ❏ INT-3&4 Network Security Fundamentals❏ ❏ AWR-3 Getting Mgmt to Say “Yes” to Awareness❏ ❏ COM-3 Sox ‘06: Nat’l Effect and Int’l Perspective❏ ❏ CRT-3 Security Framework for VoIP Security❏ ❏ AUD-3 Why You Need a Network Security Assessment❏ ❏ ATC-3 Next-Generation Blended Threat in Security❏ ❏ MGT-3 Better Security Through IT Architectures❏ ❏ TEC-3 Device Driver Malware❏ ❏ HOT-3&4 Intrusion Detection Event Correlation❏ ❏ IAM-3 Realizing a Trusted Identity Architecture❏ ❏ FOR-3 Forensics Goes Mainstream
1st 2nd 4:30pm-5:30pm ❏ ❏ AWR-4 Are They Really Clueless? ❏ ❏ COM-4 Strategies for Improving Policy Compliance❏ ❏ CRT-4 Identity Theft: The Growing Concern❏ ❏ AUD-4 Critical SCADA Infrastructure Environment❏ ❏ ATC-4 Back Hacking Live!❏ ❏ MGT-4 Logs and the Law: What is Admissible❏ ❏ TEC-4 Security in an Open World❏ ❏ IAM-4 Identity Management and National Security❏ ❏ FOR-4 Beyond EnCase & Forensic Toolkits
TUESDAy, JUNE 13 1st 2nd 10:30am-11:45am ❏ ❏ INT-5 Biometrics 2006: Opportunities, Challenges❏ ❏ AWR-5 Using Proper Awareness Techniques ❏ ❏ COM-5 Getting Buy-In for FISMA Compliance❏ ❏ CRT-5 Privacy and International Data Flows❏ ❏ AUD-5 Getting in Front of Vulnerabilities❏ ❏ ATC-5 Metasploit: Exploit Framework❏ ❏ MGT-5 Addressing the Need for Security Metrics❏ ❏ TEC-5 Log Mining for Security❏ ❏ HOT-5&6 Exploit Development❏ ❏ IAM-5 Realities of Identity Federation❏ ❏ FOR-5 Respond to Incidents Without Going to Jail
1st 2nd 1:15pm-2:30pm ❏ ❏ INT-6 TCP/IP❏ ❏ AWR-6 20 Educational Things & How They Work ❏ ❏ COM-6 Compliance with an ISO 17799 Foundation❏ ❏ CRT-6 Identify Your Data, Lock Down Your Network❏ ❏ AUD-6 Assessing and Managing Risk❏ ❏ ATC-6 Spyware, Adware, and the Rest of the Story❏ ❏ MGT-6 Outsourcing: Security Service Provider❏ ❏ TEC-6 Tracing Processes on Microsoft Platforms❏ ❏ MOB-6 Breaking Wireless Security❏ ❏ WEB-6 Web Services Security: Protocols
1st 2nd 3:15pm-4:15pm ❏ ❏ INT-7 Creating a Fundamentally Secure Network❏ ❏ AWR-7 Awareness Solutions for Data Classification❏ ❏ COM-7 Payment Card Industry Data Sec. Compliance❏ ❏ CRT-7 The Identity Gap❏ ❏ AUD-7 Risk Management of Communication ❏ ❏ ATC-7 BotNets: Corps, ISPs & Law Enforcement❏ ❏ MGT-7&8 Measure/Benchmark Security Performance❏ ❏ TEC-7 Top Web Application Vulnerabilities❏ ❏ HOT-7&8 Advanced Wireless Security Configurations❏ ❏ MOB-7 Wireless IDS Challenges and Vulnerabilities
❏ ❏ WEB-7 Exploiting and Defending Web Services
1st 2nd 4:30pm-5:30pm ❏ ❏ INT-8 Access Controls 101❏ ❏ AWR-8 Phishing: Techniques ❏ ❏ COM-8 Cornerstone of Effective IT Security Program❏ ❏ CRT-8 Get Funding, Support for Risk Management❏ ❏ AUD-8 Aligning Security and Governance❏ ❏ ATC-8 The Rise of Cyber-Crime❏ ❏ TEC-8 Exploitation Frameworks: Comparative Study❏ ❏ MOB-8 SSL or IPSec? ❏ ❏ WEB-8 Securing Service-Oriented Architectures
WEDNESDAy, JUNE 13 1st 2nd 9:45am-11:00am ❏ ❏ INT-9 Understanding and Implementing Smart Card❏ ❏ AWR-9 Security Awareness: Are You Hitting the Mark? ❏ ❏ COM-9 Build your eDocument Management Team❏ ❏ CRT-9 Poor Man’s Guide To Network Espionage Gear❏ ❏ AUD-9 Protecting Client Information❏ ❏ ATC-9 Defend Against Social Engineering Attacks❏ ❏ MGT-9 Role of IT Asset Management in Info Sec❏ ❏ TEC-9 Behavioral Malware Analysis Using Sandnets❏ ❏ HOT-9&10 Hands-On Cyber Crime Investigation❏ ❏ MOB-9 RFID: Security and Privacy❏ ❏ WEB-9 XML, HTTP, TCP Security Converge
1st 2nd 11:15am-12:30pm ❏ ❏ INT-10 The Secure Management Console❏ ❏ AWR-10 Does Security Training Improve Security? ❏ ❏ COM-10 Surviving SOX, Round 2❏ ❏ CRT-10 Counter Attack to Identity Theft❏ ❏ AUD-10 Using the CVE in Risk Assessment❏ ❏ ATC-10 Vulnerabilities of Encryption❏ ❏ MGT-10 Security and ITIL❏ ❏ TEC-10 Multi-Function Appliances❏ ❏ MOB-10 Smoking out Rogue WiFi Traffic ❏ ❏ WEB-10 Interoperable Security Standards
Pre/Post ConferenceSATURDAy, JUNE 101st 2nd 8:00am-3:00pm ❏ ❏ S1 CISSP CBK Overview
SATURDAy AND SUNDAy, JUNE 10-111st 2nd 9:00am-5:00pm ❏ ❏ T1 Be a More Effective Info Security Professional❏ ❏ T2 Business Impact Analysis❏ ❏ T3 Web Hacking—Exploits and Countermeasures❏ ❏ T4 How to Develop a Winning Security Architecture❏ ❏ T5 Effective Framework for Synergy & Org. Impact❏ ❏ T6 Wireless Security in the Enterprise
SUNDAy, JUNE 111st 2nd 9:00am-5:00pm ❏ ❏ S2 ISO 17799, 27000, BS 7799
WEDNESDAy, JUNE 141st 2nd 2:00-5:00pm ❏ ❏ IS1 Hands-On Social Engineering
THURSDAy AND FRIDAy, JUNE 15-161st 2nd 9:00am-5:00pm ❏ ❏ T7 Create & Sustain Quality Sec. Awareness Program❏ ❏ T8 How to Complete a Risk Assessment in Five Days❏ ❏ T9 Check Point Firewalls❏ ❏ T10 Return on Investment for Information Security❏ ❏ T11 Computer Forensics Tools & Techniques❏ ❏ T12 Defend Your Network
SPECIAL EvENT - NO CHARGETUESDAy, JUNE 131st 2nd 7:00-10:00pm ❏ ❏ CTF Capture the Flag
4. Class SelectionFill out the class selections below. We must have your class selection to process your conference registration. Incomplete or illegible forms will delay processing. Please register early to guarantee your classes. Include a second choice for each time slot, as classes fill up quickly!
EXAMPLE:1st 2nd
❏‑❏ TEC-1 ❏‑❏ AUD-1
Register online at gocsi.com or FAX to 415-947-6023
Conference Fees:Conference (Mon‑Wed) $ (Monday to Wednesday am)
Saturday Seminar $ (CISSP CBK Overview Pre-Con)
Sunday Seminar $ (Pre-Conference 1-Day)
Sat/Sun Seminar $ (Pre-Conference 2-Day)
2‑Day Wireless Security $ (Pre-Conference 2-Day)
2‑Day Web Hacking $ (Post-Conference 2-Day)
Wednesday 1/2 day Session $ (Post-Conference 2pm–5pm)
Thurs/Fri Seminar $ (Post-Conference 2-Day)
2‑Day Check Point Firewalls $ (Post-Conference 2-Day)
2‑Day Defend Network $ (Post-Conference 2-Day)
Membership $ ❒ check if this is a membership renewal
Total Due $
2. CSI Members 2/1–3/29 3/30–5/7 5/8–OnsiteConference $1,095 $1,195 $1,395 (Monday–Wednesday am)
1‑Day Seminar $595 $595 $595(CBK Overview Pre-Con)
1‑Day Seminar $320 $320 $395(Pre-Conference Sunday)
2‑Day Seminars $720 $720 $795 (Pre- or Post-Conference)
2‑Day Wireless $1,020 $1,020 $1,095 (Pre-Conference)
2‑Day Web Hacking $1,670 $1,670 $1,745 (Pre-Conference)
½‑Day Session $160 $160 $200 (Wednesday 2pm-5pm)
2‑Day Check Point Firewalls $1,670 $1,670 $1,745 (Post-Conference 2-Day)
2‑Day Defend Network $1,020 $1,020 $1,095 (Post-Conference 2-Day)
Non-Members 2/1–3/26 3/27–5/7 5/8–OnsiteConference $1,295 $1,395 $1,595 (Monday–Wednesday am)
1‑Day Seminar $595 $595 $595(CBK Overview Pre-Con)
1‑Day Seminar $420 $420 $495(Pre-Conference Sunday)
2‑Day Seminars $920 $920 $995 (Pre- or Post-Conference)
2‑Day Wireless $1,220 $1,220 $1,295 (Pre-Conference)
2‑Day Web Hacking $1,870 $1,870 $1,945 (Pre-Conference)
½‑Day Session $210 $210 $250 (Wednesday 2pm-5pm)
2‑Day Check Point Firewalls $1,870 $1,870 $1,945 (Post-Conference 2-Day)
2‑Day Defend Network $1,220 $1,220 $1,295 (Post-Conference 2-Day)
Fill in fees below using price schedule below and at right.
Membership U.S. & Canada: Internnational
1 year $224 $264
2 years $399 $475
T h e P r ac T i c e o f i n f o r m aT i o n S e c u r i T y
Harmonize with Peers
Virtuoso Speakers
Premier Keynotes
Magnificent Setting
Computer Security Institute 600 Harrison Street
San Francisco, CA 94107
(415) 947-6320
F E AT U R I N G:
CSINetSec.com
•FundamentalsofComputerSecurity
•AwarenessTraining&Education
•Policy&Compliance
•CriticalIssues
•Risk&Audit
•Attacks&Countermeasures
•Management&Governance
•AdvancedTechnicalSkills
•Hands-onTechnology
•Identity&AccessManagement
•Mobile&Wireless
•Forensics
•WebServices “excellent event—nice
location. The instructors are all top notch. Keep
up the good work.
Bruce HutHmacHerI.S. manager
Office of the county counsel
T h e P h o e n i c i a n • J u n e 1 2 – 1 4 , 2 0 0 6 • S c o T T S d a l e , a r i z o n a
Register by May 8 and Save $200.
