Security Week Conference Tracks

It has become imperative to analyze the enterprise` needs with a practical view on overall business risks and regulatory compliance. This approach has enabled companies to better align their technological needs with the businesses’ overall objectives. This track will address the current challenges faced by organizations to produce the mental and organizational shift to align business needs and objectives with a GRC integrated technological platform.

• What premises were considered and how have organizations planned for building a strong corporate view and attitude towards GRC – Governance, Risks and Compliance?
• What are the main challenges companies face when looking to integrate enterprise wide compliance with business rules and objectives?
• What are the main principles companies need to follow to move to an integrated Governance, Risk, and Compliance Model for your IT Organization?
• What are GRC best practices in reference to the Green IT movement?

A sustainable platform is required to secure the organization`s competitiveness in the market and ultimately their return on investment. Companies must consistently improve their information security policies and strategies to meet the demands of new business landscapes, while complying with current regulations. Because of this, IT executives and professionals must thoroughly understand how to properly balance the right technological architecture with several security automation capabilities. This panel shall help participants to:

• Understand what challenges are created by adopting security automation and how to address them in the context of business alignment and return on investment?
• What are the proper questions that should be answered in order to determine the relevant approaches for integrating enterprise wide security automation technologies to business rules and needs?
• How should a company prepare for new threats that will occur from the increase of information sharing capabilities?

• When is the right time for an organization to consider virtualization as a functional element of the company´s IT infra-structure?
• How should the company plan for it?
• What are the immediate impacts on information security management?
• What are the immediate impacts on the infrastructure management?
• How will malicious code threat the virtual architectures?
• What are the new sets of security variables that need to be considered in the virtual environments?
• What are the career challenges that IT professionals, especially ones focused on information security, will need to face and understand in the “new virtual world”?

This new wave of Web 2.0 technologies are adherent with the latest projections in the adoption of second generation web applications.  Offering new applications based on collaboration and information sharing will create completely new challenges for security professionals that balance security and availability.

• How to build a secure second generation web platform with RIA (rich internet applications), collaborative technologies like RSS feeds, wikis and blogs? What important security measures must be considered?
• Become familiar with various auditing methods including: Access/authentication auditing and suspicious activity auditing.
• Apply common IT frameworks for security control standards.
• Differentiate between privileged and non-privileged user auditing.   
• Recognize how application and database auditing compliments your existing layered defense strategy.

A new approach for identity management is being applied in many organizations.  This new corporate view is based on behavioral analysis and is helping enterprises understand and better monitor the traffic on their networks. Because of this, it is imperative for organizations to understand how to balance their competitive need to share information with better control and monitoring of the individual user traffic on the networks.

• How does this new identity management view evolve from a perimeter outlook to more individualized control, where IT managers are able to monitor every network user and their traffic patterns?
• How to integrate non-identity management and access control strategy with the regulatory obligations, such as SOX (Sarbanes Oxley) and PCI (Credit card industry payment standard)?
• How will cryptography become more commonly used in the process of balancing the need for  identifying and controlling network traffic while providing proper authorized information sharing?

This infrastructure supports business interactions between value-chain players and allows them to share company information across the network. Network security is vital and an upcoming business trend in outsourced remote network security management.  The core of this business is to keep investments at a good cost-benefit ratio and release company energy to focus on other areas.

This presentation will offer a practical view and approach when deciding to have your network security managed remotely by a third party.

• How the speed of new threats has created a financial burden for companies needing to upgrade their IT investments to stay current.
• What new threats will create demand for a new set of rules for network security management and the remote outsourcing of IT management?
• How do you develop an outsourced remote network security management program that allows the company to upgrade network security and availability while creating a higher cost-benefit ratio?
  

Companies are trying to move towards adoption of proactive security approaches, getting ahead of the threats and pre-empting attacks. This presentation´s will highlight the best approaches for application security.

• Should enterprises secure its perimeter or secure applications?
• Will proactive approaches guarantee security or is a reactive/proactive approach better?
• Which vendors have a competitive advantage in securing applications and software?

As enterprises migrate to converged voice/data networks, concerns shift to security. This debate will evaluate the security issues related to Voice over IP, with a special focus in separating what is hype from reality. Topics that will be reviewed are:

• What are the unique challenges associated with securing VoIP?
• What are the best practices for securing IP Telephony, Internet Telephony and toll by-pass implementations?
• Which vendors are leading the way with innovative VoIP security solutions?

What is reality and what is just hype.

• How will the vulnerabilities of mobile networks evolve and how should companies prepare for them?
• What are the main concerns that companies have when implementing mobile networks?
• What are the best practices that will help network managers prepare for future threats?
• Which vendors will offer the market the best solutions that will protect companies’ mobile networks from the future threats?

• What do these professionals need to know in order to be ready for future challenges?
• What are the risk management and information security trends that will influence the business environment and how do companies and executives need to prepare for them?