TRACK SESSIONS TRACK SESSIONS
DEvELOpERS AND AppLICATIONS (CONTINuED) GOvERNANCE (CONTINuED)
Regular Expressions as a Basis for Day: Tuesday 28th October Lessons Learned from Société Générale - Preventing Day: Wednesday 29th October
Security Products are Dead
Start: 10.15 End: 11.15 ID: DEV-202
Future Fraud Losses Through Better Risk Management
Start: 09.00 End: 10.00 ID: GOV-301
What protection do you get from \un\W+(?:\w+\W+){1,6}?safe\b?
Steve Moyle, Founder/Chief Technology
Jerome Kerviel, a junior trader with Société Générale, single-
Joseph Magee, Chief Technology
There are more than 250,000 regular expressions in our porous
Offi cer, Secerno
handedly created the world’s largest fi nancial fraud case.
Offi cer, Vigilant, LLC.
virus and malware detection engines, yet we are still vulnerable to How could this slip through the risk management system?
errors and zero day attacks. Regular expression signatures offer
AT
This session explores how information security technology could
no real security - they are dead: long live their successor! have detected the fraud and prevent it from happening in the future.
S
Developing TLS Applications with Suite B Cipher Suites Day: Tuesday 28th October Product Development and Security Day: Wednesday 29th October
Suite B Cipher Suites for TLS (Suite B TLS) are a new Transport Layer
Start: 11.45 End: 12.45 ID: DEV-203
- What Matters Most?
Start: 10.30 End: 11.30 ID: GOV-302
Security standard defi ning Suite B-compliant cipher suites for TLS
Peter Robinson, Principal Engineer,
Security vulnerabilities at the application level represent a
1.2. Conformance to this standard is emerging as a US government
Moderator:
RSA, The Security Division of EMC
signifi cant and unresolved risk to organisations worldwide. It has
requirement. This session describes Suite B TLS and associated
Paul Kurtz, Executive Director, SAFECode
IT
become increasingly apparent that the optimum way to mitigate
technologies, outlines implementation requirements, and compares toolkits.
these threats is to validate a software development professional’s
Panelists:
understanding of best practices in addressing security throughout Eric Baize, Senior Director, Product
RE
an application’s lifecycle. Security Offi ce, EMC Corporation
G
Unifi ed Security for Unifi ed Communications Day: Tuesday 28th October
N
IS
TE
OW
R Unifi ed Communications promises to go beyond e-mail, voice,
Andrea Servida, Deputy Head of Unit,
Start: 17.15 End: 18.15 ID: DEV-208
European Commission
instant messaging and presence and allow users, organisations
and applications to communicate seamlessly. On the fl ipside,
Dobromir Todorov, UC Architect,
John Colley, Managing Director,
CL
ICK
H
S
E
security needs to balance and protect personal and organisational
BT Global Services EMEA, (ISC)
2
R
E
assets. The session expands on how well positioned we are today
AT
and what more we need tomorrow.
Achieving Effective Information Security Governance: Day: Wednesday 29th October
Challenges and Approaches
Start: 11.45 End: 12.45 ID: GOV-303
GOvERNANCE This panel will provide guidance on ways for organisations to
Moderator:
successfully implement effective IT security governance solutions.
Magnus Nystrom, Technical Director,
Supported by the
The Need To Adopt Standards-Based Anti-Malware Day: Tuesday 28th October The ITIL, COBIT and ISO 27000 standards on IT management
European Network
Testing Methodologies
Start: 10.15 End: 11.15 ID: GOV-202
and IT security management are important tools in that process
RSA, The Security Division of EMC
and Information Security experts discuss the need for standards-based, advanced
and will be compared. Another aspect which the panel will discuss
Panelists:
Moderator:
Security Agency testing procedures to keep pace with anti-malware product
is the importance of aligning information risk management with
Jacques Cazemier, Architect, VKA
David Perry, Global Director of
development. They will detail defi ciencies in current practices,
business objectives. Sarb Sembhi, President,
(ENISA)
and examine why it is critical to adopt universally-accepted
Education, TrendMicro, Inc.
ISACA London Chapter
guidelines, and the reasons behind the need for advances in
Panelists: Pernilla Rönn, Senior Information
the objectivity of anti-malware product testing methodologies.
Graham Cluley, Senior Technology Security Consultant, Saab Combitech
Consultant, Sophos
Bo Karlsson, Senior Advisor,
Larry Bridwell, Global Security Saab Combitech
Strategist, Grisoft/AVG Technologies
Andreas Marx, Manager, AV-Test GmbH
HOSTS (ConTInUED on nEXT PAGE)
Sessions in this
Anthony Arrott, Special Assistant
track will focus on
to the Chief Technology Offi cer,
Learn about issues Cyber CSI: How Criminals Manipulate Day: Tuesday 28th October
government policy and
TrendMicro, Inc.
IT
related to functional
legal topics for the
Anti-Forensics to Foil the Crime Scene
Start: 10.15 End: 11.15 ID: HOST-202
devices connecting
security community,
The latest red-hot hacker trick is anti-forensics. Join a leading
to a network that are
Christopher Novak, Principal,
as well as regulatory Which Which is Which: Addressing the Emerging Day: Tuesday 28th October
forensics investigator as he discusses common anti-forensics
not directly related to
Verizon Business
compliance, risk
Needs for Digital Content’s Evidentiary Value
varieties. Participants will learn how hackers are stealing data
Start: 11.45 End: 12.45 ID: GOV-203 network-level security
management and
right from under administrators’ noses without them even knowing
Today, and from now on, systems need to take into account the
standards.
Moderator:
or interconnectivity,
or suspecting there is a problem, and how forensics investigators
quality and strength of their Digital Evidentiary Value.
Todd Glassey, Chief Scientist, Certichron, Inc
for example, servers,
catch these bad guys.
S
endpoints (desktops,
Click here for all Panelists:
laptops, printers,
Track Session
Steven Teppler, Senior Counsel,
multi-function
Social Immunity: Day: Tuesday 28th October
information
KamberEdelson, LLC
devices), mobile
Can Computer Systems Be More Socially Immune?
Start: 11.45 End: 12.45 ID: HOST-203
John Taysom, Executive Director, RVC
communications Creatures living in social groups have a greater risk of infectious
Ahmed Sallam, Chief Software Architect,
Michael Spadea, Privacy Counsel, devices, embedded disease. However, living in a group can also provide health
Barclays LLC
ALC
McAfee
systems and issues advantages. This session applies the same fi ndings to computer
related to the security, describing a stateful, cooperative, transitive distributed
operation of devices security system that makes computer systems more immune once
Data Security Regulation in the UK and Continental Day: Tuesday 28th October
(operating systems, they join a network.
TF
Europe - How Far to Go?
Start: 16.05 End: 17.05 ID: GOV-207 virtualisation, endpoint
The European Commission is updating its legal framework for
Moderator:
security capabilities).
telecoms network and service providers. Proposals include new
Protecting Consumer Electronics Devices Day: Tuesday 28th October
Kimon Zorbas, Public Policy Manager,
obligations to report breaches of personal data to authorities
Europe, BSA Click here for all
From cellphone upgrades to pay TV piracy, we survey several
Start: 16.05 End: 17.05 ID: HOST-207
and consumers and report breaches of security or integrity to
attacks against well- known mobile phone platforms, game
Panelists:
Track Session
authorities. These proposals come in the wake of high-profi les
consoles, and networking platforms. Consumer embedded
Benjamin Jun, VP of Technology,
Susan Daley, Government Relations information
breaches of personally identifi able information in Europe and
platforms must withstand attacks that extract keys, bypass boot
Cryptography Research, Inc.
Manager, Symantec
amid continued concerns about data security. In addition, the UK
protection, create interoperable clones, and enable unauthorised
Information Commissioner’s Offi ce has received authority to levy
Prof. Dr. Patrick Van Eecke, Partner,
“upgrades”. Learn how to secure your embedded platform against
AT
fi nes on organisations that “deliberately” or “recklessly” violate the
DLA Piper UK LLP
these attacks.
U.K’s Data Protection Act, following a spate of breaches in the UK
Anna Buchta, Policy Offi cer,
government and private sector. Leading European experts discuss
European Commission
these and other recent developments. Stewart Room, Partner, Field Fisher
Waterhouse LLP
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18