Breakout Sessions
9/23/2008 @ 12:45 pm
Business Continuity
Emergency Crisis Communication: Lessons Learned from Higher Education Campus Shootings and recent “Active Shooter” Homicides
SPEAKER: Robert Chandler
This session will review the case studies of some of the more significant on campus crises and seek to identify lessons learned and changes that have been implemented on higher education campuses in the aftermath of the widely publicized campus and workplace homicides of the past two years, in addition the presentation will review general empirical research findings and normative models of how people process information and make decisions in a crisis situation, how the crisis affects these processes, the fundamentals of effective crisis communication (what you say, how you say it, and when you say it), and the importance of targeted, two-way, mapped and tested, multi-channel delivery, and situational adapted communication during common crisis situations. In addition, a case-study analysis of how one organization, Pepperdine University, approached crisis communication challenges for their campus in devising a plan and deployment of a communication system. The case study will detail examples of best practices for rolling out an emergency notification system, driving stakeholder and constituent sign-ups, and preparing people, processes, and technology for a crisis through disaster exercises and testing.
Information Security
The International State of Information Security, the Wins, the Loses and the Work that Needs to be Done
SPEAKER: Howard Schmidt
As we continue the foray into a total digital society, many of the information security programs we have built over the years need to be updated to address the new cyber threats. While we can never be 100% secure or investigate and prosecute all of the cyber criminals, we can reduce the number of incidents by developing private/public partnerships that draw on the strengths of government/law enforcement and the private sector to use technology, policies and personnel to improve information security. Howard will talk about the latest threats and countermeasures to protect ICT.
IT Audit
Statewide Cyber Security
SPEAKER: Bill Perez
This session will cover strategic goals and objectives; current challenges and opportunities and recent accomplishments.
Focused Solutions
INX Inc. Virtualization: vmware NetApp
The Focused Solutions track presents vendor specific solutions for today’s IT challenges. This track gives you knowledge about specific products without the pressure from a one-on-one meeting with a vendor sales or marketing representative. You can ask those hard questions that sometimes seem out of place in face-to-face meetings.
9/23/2008 @ 1:45 pm
Business Continuity
Integrating PCI Requirements into the Business Continuity Program
SPEAKER: Anne Heitke
As companies have struggled to implement the requirements for Payment Card Industry (PCI) compliancy, they have many times overlooked how recovery strategies are impacted by the changes they are making. This can have a significant impact on their ability to recover operations after either a major disruptive event or, in some cases, simply recovering a part of the organization in a timely fashion.
This presentation looks at the major areas of concern that have been defined through more than a year of PCI compliancy engagements. Each of the twelve major areas is reviewed in light of their continuity requirements, with suggestions for remediation of potential weaknesses. The presentation provides companies with a blueprint for successfully integrating PCI compliancy into their existing Business Continuity and Disaster Recovery programs.
Information Security
RFP Nightmares: How to Contract What You Don't Want
SPEAKER: Doug Landoll
Organizations seeking to meet information security regulations and requirements often look to outside experts to assist in the required tasks. From vulnerability scans to security risk assessments this objective and expert assistance can increase the effectiveness of the organization's security. However, when consideration is given to the development of the Request For Proposals (RFPs) the contracted assistance can ofter be a mismatch. Using RFPs issued to the public, Mr. Landoll will demonstrate the common pitfalls of mismanaged outsourcing, ambiguous language, and "wired" giveways. The session will include recommendations for improving the RFP process.
IT Audit
Best Practices for Successful Risk Management
SPEAKER: Kent Knudsen
This session will focus on how to successfully implement best practices in the area of IT risk management. Strategies and topics will include:
* How to tailor industry best practices to your organization (one size does not fit all)
* A vulnerability scan does not a risk assessment make (but is necessary)
* Leveraging defense-in-depth in risk mitigation efforts (compensating controls)
* Track and trend key IT security metrics to reduce risks
* Setting a baseline and ?raising the bar? over time
* Obtain independent third party review for validation of security posture
Focused Solutions
Dell / MessageOne
The Focused Solutions track presents vendor specific solutions for today’s IT challenges. This track gives you knowledge about specific products without the pressure from a one-on-one meeting with a vendor sales or marketing representative. You can ask those hard questions that sometimes seem out of place in face-to-face meetings.
9/23/2008 @ 3:15 pm
Information Security
Formal Risk Acceptance
SPEAKER: William Murray
Most Information Security Officers report the same set of vexing and frustrating problems. These include:
*Managers do not listen or hear
*They over-react to auditors and other outsiders
*They do not treat security as peer with such priorities as early to market, ease of use, low cost etc.
*They do not follow my recommendations.
*I do not have adequate resources to accomplish my responsibilities
While these complaints are common among ISOs, they are not really security problems and normal security tools do not address them. Good standards might help but getting agreement to standards is part of the problem.
This presentation focuses on a part of Risk Management, risk acceptance, as a method for addressing these problems. It notes that the default approach to risk is acceptance but that such default acceptance may be called ?not managing? and leaves one open to criticism by ?auditors and other outsiders.? It recommends formalizing acceptance in such a way as to minimize these problems.
IT Audit
Tackling the PCI Challenge
SPEAKER: Jim Pflaging
If you're mystified by PCI (Payment Card Industry) Compliance, you're not alone. Since its 2004 inception, merchants and service providers have struggled to navigate the PCI standard's complexities. What makes this daunting is the fact that PCI is not optional and every organization handling credit card transactions must comply. Unfortunately, many businesses are failing to meet PCI requirements.
This session will explore specific challenges with achieving PCI compliance. Using real world examples, the speaker will share best practices and lessons learned from how organizations have incorporated new approaches like using event data management solutions into the compliance process to reduce business risk.
Business Continuity
Adjusting Your Disaster Response Plan to Fit Your Disaster
SPEAKER: Bob VandePol
We tend to be very well prepared to meet the needs of our last disaster. This case study presentation will outline how a crisis response organization needed to adjust their Disaster Response Plan from the terrorist attacks of September 11 to Hurricanes Katrina and Rita.
Focused Solutions
K2Share, LLC
The Focused Solutions track presents vendor specific solutions for today’s IT challenges. This track gives you knowledge about specific products without the pressure from a one-on-one meeting with a vendor sales or marketing representative. You can ask those hard questions that sometimes seem out of place in face-to-face meetings.
9/23/2008 @ 4:15 pm
Information Security
The Buck Stops There: Using Data Classification Policy to Assign Risk
SPEAKER: Doug Landoll
Information system owners, because of their business knowledge and position, are ultimately responsible for their systems and data. However, when it comes to the security of their data, information system owners are typically unwilling to take security responsibility and point to the information security department. These situations can quickly devolve a non-productive approach to implementing security techniques, tools, and technology and result in a set of security controls that neither satisfies the security departments idea of a secure system nor the systems owners budget.
Using the data classification policy as a basis to define data sensitivity and the associating security protection requirements and minimum controls has been a successful tool on several Lantego engagements. Mr. Landoll is illustrate how this approach can be used to turn around stubborn corporate mentalities to pragmatic solutions that involve both the subject matter experts and the stakeholders.
Business Continuity
Resiliency... Evolution or Revolution
SPEAKER: Elizabeth Lester
Forget theory lets talk reality! Earthquakes, hurricanes, power outages, floods are great experiences to test your plans against. Let's have a frank discussion of why we need to go beyond the "check the box" of planning to what really works! Vital parts of resiliency will be discussed including Incident Management, Crisis Management, Disaster Recovery and Business Continuity. Why is it important to build resiliency into your organization?
IT Audit
Enterprise Risk and Compliance: Lessons Learned
SPEAKER: Kathleen Donaho-Jaeger
A formal enterprise risk management program adds systematic processes for evaluating, prioritizing and mitigating risk. An ERM program is required for compliance with various regulations and standards. But which of the several ERM frameworks is right for your organization? In this session we will explore the lessons learned from those who have been down this road and lived to tell the tale. We will also discuss tools, technologies, strategies and tactics needed to assess risk and ensure compliance.
Focused Solutions
COOP Systems
The Focused Solutions track presents vendor specific solutions for today’s IT challenges. This track gives you knowledge about specific products without the pressure from a one-on-one meeting with a vendor sales or marketing representative. You can ask those hard questions that sometimes seem out of place in face-to-face meetings.
9/24/2008 @ 12:45 pm
Business Continuity
Return to Productivity After Workplace Tragedy
SPEAKER: Bob VandePol
It can happen here. When tragedy strikes the workplace, employers face both the obvious human loss and increased exposure to immense financial loss. The aftermath of such incidents produces multiple tangible and intangible costs. When not addressed, tragedy often begets additional tragedies. Business Continuity Professionals are recognizing the benefits of strategic application of psychological first aid as a behavioral risk management tool. Use of Critical Incident Response services can significantly contribute to managing those costs by facilitating individual and organizational recovery after workplace tragedy.
The presenter will use lecture, multi-media video presentation, and audience discussion to outline indicators for use, describe and demonstrate what happens during a Critical Incident Response intervention, and provide anecdotal and statistical review of personal and cost outcomes. Attendees will leave this session with increased awareness regarding the frequency of critical incidents, greater understanding of the direct and indirect costs associated with those incidents, insight into the individual and organizational impact of trauma, and be able to outline concrete strategies to facilitate resiliency and recovery by use of Critical Incident Response services.
Information Security
Implementing New Technologies and their Security Implications
Virtualization, IP version 6, VoIP, VoWLAN, Video Collaboration
SPEAKER: Vern Williams
If you have not deployed it, it is new to you. What are some of the gotchas that you should avoid in deploying these technologies with security implications and some of the security reasons for deploying these technologies.
IT Audit
Records Management and Electronic Discovery: Maintaining the Right Balance and Avoiding Costly Missteps (Part 1)
SPEAKER: David Arlington
The presentation will focus on the dynamic relationship between records management policies and electronic discovery and how actions taken in connection with one can impact the other. The presentation will be based on actual experiences from litigation matters and will include records management and e-discovery best practices learned as a result of these experiences.
Focused Solutions
INX Inc. Virtualization: Cisco
The Focused Solutions track presents vendor specific solutions for today’s IT challenges. This track gives you knowledge about specific products without the pressure from a one-on-one meeting with a vendor sales or marketing representative. You can ask those hard questions that sometimes seem out of place in face-to-face meetings.
9/24/2008 @ 1:45 pm
Business Continuity
Continuing Operations During a Pandemic
SPEAKER: Cynthia Morgan
DESCRIPTION TO COME
Information Security
Black Box vs. White Box: Different Application Testing Strategies
SPEAKER: John Dickson
Competing approaches for application security testing have pros and cons. This presentation will look at and discuss a number of security assessment strategies including white box testing, black box testing, static analysis and dynamic analysis.
IT Audit
Records Management and Electronic Discovery: Maintaining the Right Balance and Avoiding Costly Missteps (Part 2)
SPEAKER: David Arlington
The presentation will focus on the dynamic relationship between records management policies and electronic discovery and how actions taken in connection with one can impact the other. The presentation will be based on actual experiences from litigation matters and will include records management and e-discovery best practices learned as a result of these experiences.
Focused Solutions
DYONYX
The Focused Solutions track presents vendor specific solutions for today’s IT challenges. This track gives you knowledge about specific products without the pressure from a one-on-one meeting with a vendor sales or marketing representative. You can ask those hard questions that sometimes seem out of place in face-to-face meetings.
