VIP Reception - Monday, October 19, 2015
|5:30 - 6:15 PM||Check In and Networking|
|6:15 - 6:25 PM||Welcome + Introduction|
|6:25 - 6:45 PM||Keynote Speaker|
|6:45 - 7:00 PM||Q & A|
|7:05 - 7:30 PM||Networking|
Tuesday, October 20, 2015
|7:00 AM||Check-in Begins + Networking Breakfast|
|8:00 – 8:15 AM||Welcome + Year in Review|
|8:15 – 8:25 AM||Setting the Stage: The More You Know…|
This brief talk will provide insight about how you may consider the various conference topics to aid you on your security journey. Knowledge of adversaries, threats, and mitigation techniques lead to improved security. No matter what you are securing…if you don’t know your systems AND what your adversaries capabilities are you will lose. This is Sun Tzu 101. Even more so...if you are unaware of your systems and adversaries then your mitigation techniques will be of little to no value. Increased knowledge and awareness ties directly to increased security. With that as a backdrop, some thoughts on how the great conference speakers will help you on your security journey will be shared.
|8:25 – 8:45 AM||The New Executive Order: The Impact on Public and Private Sectors|
The New Executive Cyber Security Order – What it means and the Impact Across both Public and Private Sectors.
|8:45 – 9:40 AM||Keynote - Cybersecurity and Cyberwar: What Everyone Needs to Know|
A generation ago, "cyberspace" was just a term from science fiction, used to describe the nascent network of computers linking a few university labs. Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. And the cybersecurity issues that result challenge literally everyone: politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyberwars; business executives defending firms from once unimaginable threats, and looking to make money off of them; lawyers and ethicists building new frameworks for right and wrong. Most of all, cybersecurity issues affect us as individuals. We face new questions in everything from our rights and responsibilities as citizens of both the online and real world to simply how to protect ourselves and our families from a new type of danger. And yet, there is perhaps no issue that has grown so important, so quickly, and that touches so many, that remains so poorly understood.
|9:45 – 10:30 AM||Break in Exhibit Area|
|10:30 – 11:45AM||Panel Discussion - Cyber Security vs Cyber Warfare|
When does cyber security become warfare? Our panel of experts from the public and private sectors will explore the distinction between corporate defense against cyber intrusions and nation state defense against foreign aggression. Do these threats originate from different places, or is there a common enemy? Along the spectrum of response options, learn how the Department of Defense determines its course of action, and how the increasing use of corporate cyber-hunters is changing the game.
|11:45AM – 12:30 PM||Lunch in Exhibit Hall + Atrium|
|12:30 - 1:15 PM||Keynote - Turning the Tables on Cyber Attackers|
Cyber attackers have several advantages over defenders: they only have to get their attack right once, they can leverage the element of surprise, and they can readily acquire defense systems and practice against them to find holes. Despite all the attacker advantages, defenders have a potential advantage of their own that has yet to be fully exploited: the act of attacking inevitably creates a trail of evidence, and that evidence can be used to detect and block attacks. We will discuss a Big Data security analytics ecosystem that leverages defender advantages to turn the tables on the attackers.
|1:15 - 2:30 PM||Panel Discussion - Team-Based Cyber Risk Management Programs|
Anthem BlueCross. The IRS. The Houston Astros. They can all testify that cyber attacks damage an organization far beyond the breached data. The ripple effect is felt on your relations with customers, investors, employees and investigators. This expert panel will discuss best practices to bring together a team of stakeholders from across your organization – including information security, legal and communications – to define your organization’s unique risk profile and design a cost-effective, holistic security program that accounts for all forms of risk and, most importantly, prepares you for the inevitable data compromise incident when it does occurs.
|2:30 - 3:00 PM||Break with Dessert in Exhibit Area|
|3:00 - 3:20 PM||Keynote - Cyber Response Strategies|
Historically, the National Guard has been activated for State missions to provide emergency-relief support during natural disasters such as floods, earthquakes and forest fires; search and rescue operations. This evolving mission now encompasses cyber. In this session, MG Nash reviews how the MNARNG Cyber Response Strategy extends beyond defending military networks to include Coordination, Train, Advise, and Assist (C/TAA) functions, communication exercises and response exercises to increase NG capacity for accelerated response to a cyber incident.
|3:20 - 3:40 PM||Keynote - Critical Security Controls to reduce Cyber Risk|
Security controls are essential for reducing cyber threats yet seem daunting and time consuming to implement. Leading threat research highlights how cyber hygiene through security controls could significantly reduce cyber threats. SANS Critical Security Controls (CSC) has emerged as a risk based list of security controls to mitigate the most common and damaging threats with a cost effective and consistent set of prioritized controls. This presentation evaluates threat report trends that emphasize the need for cyber hygiene, and reviews the CSCs top 20 security controls to reduce cyber risk and increase an organization's operational resilience. Use information to maximize communication efforts to business managers to explain the importance and benefit of implementing security controls.
|3:40 - 4:15PM||Keynote – Evaluating Information Security Solutions to Optimize Successful Implementations|
One of biggest budget busters for an information Security program is technology solutions that are not a good match for the organization. Often, the technology is more than adequate in terms of functionality. However, other attributes of the solution may clash with the organization’s needs and culture. Some acquisitions fail because there is a poor match between the solution’s functionality and the capabilities required to meet the real needs to assure the organization security posture. This presentation discusses an approach to identifying and evaluating security technology solutions to maximize the potential for a successful implementation.
|4:15 - 5:30 PM||Networking Reception in Exhibit Area|
Wednesday, October 21, 2015
|7:45 – 8:45 AM||CEO Breakfast - From Detection to Resolution: How a World-Leading Systems Engineering Firm Navigated a Cyber Crisis – Invitation Only|
All organizations, regardless of size or industry, are susceptible to the risk of a data breach. While the overwhelming majority of data breach incidents do not generate headlines—there are simply too many of them – all such incidents tend to be disruptive and expensive. How disruptive and how expensive depends on your organization’s preparedness, to what degree you efficiently responded and the outcome of any legal action against you.
Join technology and intellectual property attorney, Eran Kahana, as he leads an informative panel discussion featuring Scott Singer, CSIO of PaR Systems, Inc., who will share details and lessons learned from his first-hand experience managing a data breach—from detection to resolution. Scott will be joined on the panel by experienced counsel Terrance C. Newby, and insurance expert L. Keith Burkhardt, who will share guidance on reducing data breach-related risk, coverage issues, the evolving legal climate, as well as lessons gleaned from caselaw and how various cases drive how business needs to prepare to react in the event of a breach
|8:00 – 9:00 AM||Check-in + Light Networking Breakfast|
|9:00 – 9:30 AM||Welcome + Scholarship Presentation|
Dr. Massoud Amin, MBA, Chairman, IEEE Smart Grid; Chairman, Board of Directors, Texas Reliability Entity; Director, Board of Directors, Midwest Reliability Organization; Director and Professor, Technological Leadership Institute and ECE, University of Minnesota
|9:30 – 10:20 AM||Keynote – Why the Future Security Operation Center (SOC) must understand its Adversaries and their Intentions|
Most Security Operations Centers (SOCs) today focus on detection, remediation and prevention, placing less emphasis on the source of the attack or breach. To be truly effective today, however, SOCs should focus on not just the what and when, but also the who (Threat Actor) and the how and why (Threat Vector). While this holistic intelligence approach is not new to the traditional national security and defense intelligence operations, it is new to Cyber Defense strategies. IBM i2 Enterprise Insight Analysis arms intelligence analysts with game changing investigative and analytical capabilities that perform at speed and scale, to create a comprehensive cyber threat intelligence picture. By combining critical data from both the physical and digital world with cyber event intelligence, organizations can visualize, correlate and analyze cyber data to identify threat actors, their purpose, intentions, employers, sponsors, as well as infrastructure location & weaknesses. This enables them to extend network defense perimeters to asymmetric areas not addressed and conquered by traditional security solutions, and turn their cyber defense strategy into a proactive one.
|10:20 – 11:00 AM||Networking Break in Exhibit Area|
|11:00 AM– 12:15 PM||
Panel Discussion - Cyber Intelligence Sharing – Has the Time Finally Come for Real Collaboration?
Cyber security is rarely an area where information sharing is instictive. In the wake of President Obama’s Executive Order on cyber intelligence sharing, how is our nation’s information sharing ecosystem being transformed? Our panel will explore the impact the new requirements are having on organizations at all levels of government and industry, particularly on existing sector-based Information Sharing and Analysis Centers (ISACs).
|12:15 – 1:30 PM||Networking Lunch|
|1:30 – 3:00 PM||Panel Discussion- What financial, retail and heath care companies can learn from 2015’s data breaches|
They say you should never let a good disaster go to waste. After more than eighty million financial, retail and health records were compromised in the first half of 2015, companies found ample opportunity in the aftermath to review and update their data security practices. Today, however, a routine internal IT audit isn’t a sufficient response. The scale of recent incidents has prompted the courts to weigh-in on how companies should be responding. This panel brings together data security experts from the financial, retail and health sectors to discuss key lessons learned from recent data breaches and how they are being impacted by recent court rulings.
|3:00 - 3:30 PM||Break + Dessert in the Exhibit Hall|
|3:30 - 4:35 PM||Closing Keynote - Cyber Attacks and Our Nation's Security|
Cyber attacks have emerged as a leading threat to our national security, endangering both government and private computer systems and networks. In the coming years, our adversaries will hone their skills, and the scope and scale of the threat will escalate. Companies will need to develop a sophisticated understanding of the nature of the threats, the government’s role in defending cyberspace, and the steps companies can take to secure their networks and information. With his extensive national security experience, Olsen brings discusses the myriad threats to companies in cyberspace and the government’s capabilities in this domain, as well as ways companies can enhance their cybersecurity.
|4:35 - 5:00 PM||Closing Remarks|