The International Information Systems Security Certification Consortium, Inc., (ISC)², is collocating its second annual Security Congress with the ASIS International 58th Annual Seminar and Exhibits here in Philadelphia. The combined conferences create the only security event of its kind worldwide.
Attendees from both groups can access more than 220 ASIS educational opportunities that cover the breadth of security disciplines. In addition, (ISC)2 has organized another 77 sessions in nine tracks of interest to information security professionals. Attendees from either group can attend all sessions at no additional charge.
Headquartered in the United States and with offices in London, Hong Kong, and Tokyo, (ISC)2 has been a global leader in educating and certifying information security professionals for more than 20 years. The nonprofit provides vendor-neutral educational products, career services, and certification credentials to more than 75,000 certified industry professionals in 135 countries.
The following summaries highlight a sample of (ISC)2 sessions scheduled for each of the time slots today:
11:00 am to 12:00 noon
Open-source Software (Session #2182). How should security address technical concerns, operational challenges, and compliance issues relating to open-source software? The answer revolves around a company’s eagerness to automate as well as its willingness to manage, select, and govern the use of the application throughout its life cycle. This session will discuss how companies can manage the potential challenges of technical failure as well as security and IP risks. Philip Marshall, Black Duck Software, will lead the discussion.
THREATS INSIDE AND OUT
Modeling Behaviors (Session #2186). This session will explore the premise that information security is failing to defend assets because unknown risks are a distraction and waste resources. Research shows, however, that malicious threats do not fit a common profile. Data also can be used to build a model of attackers based on their behaviors, which can be used to design more effective defenses. John Benninghoff, CISSP, Transvasive Security, is the speaker.
1:45 pm to 3:00 pm
Where’s IT Made? (Session #2285). Multiple vendors around the world assemble and transport IT products. Abundant opportunities exist for malicious actors to tamper with and sabotage products, resulting in system, integrity, and operational compromises. A solution? Create a dialog between acquirers and suppliers of IT products and services to set expectations and an understanding of what is needed and how the process can be managed. Learn how to bring the parties together from speaker Nadya Bartol, CISSP, Booz Allen Hamilton.
4:30 pm to 5:30 pm
Trusted Clouds (Session #2380). Cloud computing promises to increase the agility of corporate IT departments. But IT executives only want these benefits if they can have the same level of trust that exists in their physical data centers. Through actual examples, the speaker will explain the process changes that are required to build secure private and hybrid clouds. Virtualized security solutions that address common concerns will be highlighted by speaker Ravi Kumar, VMware, Inc.
Follow My Botnet (Session #2387). The media is replete with talk of sophisticated malware used for everything from creating bot agents to devising mechanisms to protect the command and control infrastructure of criminal operations. But some attacks rely on the simple technologies used daily on social networking sites. This session will show how a common PDF file can be exploited to serve as a delivery mechanism for malware and how Twitter and other free services facilitate malware’s command and control. The speaker is Christopher Elison, Damballa, Inc.