KoreLogic, Inc. Security Services, Who Are We?

2008 ENTERPRISE SECURITY - EXPERT APPROACHES

East Coast
Friday, May 16, 2008 | 10AM - 5PM
Microsoft Corporation 12012 Sunset Hills Rd Reston, VA

Attendance Limited to 40 Attendees

Please R.S.V.P no later than May 6^th to: securityday@korelogic.com

Event Overview

To assist our customers in addressing today's security challenges, Microsoft and KoreLogic Security have developed the 2008 Enterprise Security Day Seminar series. These Seminars provide you a forum for sharing ideas, best practices and exploring ways to provide business-enabling solutions to your organization.

The presentations are geared towards CISO, CSO, and Security Managers.

AGENDA

10:00 - 10:10 Introduction

10:10 - 10:40 Web Application Security Metrics [Bob Austin]

Despite the fact that majority of software security incidents caused by attackers exploiting known software defects and the focus on improving software security, meaningful web application security metrics are currently very immature. This presentation will briefly address current metrics research and initiatives followed by a discussion of metrics that have been found to be effective in measuring web application security effectiveness.

10:40 - 11:15 Digital Forensics Program Benchmarking [Cliff Barlow]

KoreLogic will present an overview of its Forensic Capability Maturity Model (FCMM) which defines the attributes of a mature digital forensics program. The FCMM was developed to assist organizations in benchmarking an existing program or to guide the development of a new program.

11:15 - 12:00 "Making Data Classification A Security Cornerstone" [Tim Upton]

Join Tim Upton, Founder of Titus Labs in a discussion on information protection practices, strategies, and best practices. Tim will share his thoughts on data classification, and how implementing data classification is providing stronger compliance and protection for organizations while at the same time improving overall business effectiveness without impacting end user productivity.

12:00 - 12:15 Break - Lunch Set Up

12:15 - 12:45 Working Lunch/ Anywhere Access Implications, a recap from the 2008 CSO Summit [Brian Fielder]

Brian Fielder will share some of the key results the recently completed 2008 CSO Summit on the topic of "secure anywhere access" and the implications for security programs and investments.

12:45 - 1:00 Break

1:00 - 2:00 Becoming eDiscovery Ready [Jody Westby, Global Cyber Risk]

Many companies are woefully unprepared to comply with federal litigation rules for producing electronic documents. The business impact is an expensive arduous E-Discovery response. Jody will discuss current E-Discovery issues and critical steps an organization can step to respond more effectively to E-Discovery requests.

2:00 - 3:00 eDiscovery and Compliance Measurement - A Unique Approach [Klayton Monroe and Bob Austin]

Forensic investigators face several significant challenges today including an increasing case load, larger forensic target size, and demands for faster results. KoreLogic will present a real-world, regulatory compliance case study that required data search and analysis of terabytes of data under the pressure of external auditor deadlines.

3:00 - 4:00 Strong Authentication - Role in the Data Protection Lifecycle [Lynn Devore]

Lynn Devore will discuss how Unisys Corporation's strong authentication solution provides powerful security for its employees and contractor personnel accessing vital information from locations around the globe. Learn how a rugged corporate Public Key Infrastructure provided the basis for smart card digital certificates, and how smart card technology enabled a cost-effective, second generation Single Sign On model, which is currently being deployed.

4:00 - 5:00 Identity Access Management Optimization (IO) Model [Alex Voysest-Invited Speaker]

Alex Voyset will present the Infrastructure Optimization Model which has proven very effective in improving the state of IT infrastructure and describes what that means in terms of cost, security risk, and operational agility.

5:00 - 5:10 Wrap Up

5:10 - 7:00 Social Hour - Avoid rush hour and join us for casual networking ...

Speaker Biographies

Bob Austin, President, KoreLogic Security

Mr. Austin is a KoreLogic founder with over eighteen years of experience in the technology industry including the establishment of three information security consulting practices. As President of KoreLogic, Bob is responsible for its strategic direction and growth as well as establishing business alliances. Bob is also active in consulting service delivery and directly supports clients in the following areas: assessment of enterprise security programs, development of security strategy; organizational design of security groups, incident response program development, and executive security training. Bob serves as President of the Central Virginia ISSA Chapter and is an OWASP Project Leader in the area of web application security metrics.

Cliff Barlow, Director, Security Services, KoreLogic Security

Mr. Barlow has over twenty one years of experience in design, implementation, security and management of information networks. As the Consulting Director for KoreLogic, Cliff is responsible for all aspects of the consulting delivery process, and functions as a security management consultant and program manager for key KoreLogic clients. Cliff has authored a state bioterrorism assessment project, developed forensic program plans, developed architectures for enterprise monitoring and contributed to the development of a state cyber-terrorism exercise. He provides direct strategic and tactical security guidance to Fortune 500 companies and is a trusted advisor for many Information Security Officers and organizations. Cliff holds a CISSP-ISSMP and PCI QSA.

Lynn Devore, Enterprise Security Architect, Unisys

Lynn Devore is an enterprise security architect at Unisys and has led the policy design, trust definition and architecture development for the Unisys Internal Public Key Infrastructure, as well as the ongoing implementation of the systems. He also is the architect for their smart card rollout, which provides secure multifactor remote authentication and domain logon, and serves as a basis for the company's ongoing RSO/SSO deployment. Following graduation from Marietta College with a B.S. in the physical sciences, Devore taught science for a year and then worked with two Unisys predecessor companies. He holds an MCSE, SANS GIAC-GSEC, and CISSP.

Brian Fielder, Strategic Security Advisor, Microsoft National Security Team

Brian has more than fourteen years experience in the areas of Information System Security. His experience includes penetration testing, security policy development, incident response program development, Security Architecture, and overall security program management. In his current role for Microsoft, Brian spends time consulting with customers on the topics of security program management and strategic security planning. Prior to joining Microsoft, Brian was a Director of Information Security at Charles Schwab. Brian has been a speaker on security subjects such as Internet Security, Web Services, UNIX security auditing and practices, Penetration Testing, Cisco auditing, and Microsoft systems security. He holds a CISSP; Certification on technologies such as Microsoft, Cisco, Firewalls, various Extranet software applications, Novell, Sun Solaris.

Jody Westby, CEO, Global Cyber Risk LLC

Drawing upon a unique combination of more than twenty years of technical, legal, policy, and business experience, Jody Westby brings a seasoned, multidisciplinary perspective to the many issues facing businesses and governments today in the areas of privacy, information security, outsourcing/offshoring risks, cybercrime, and IT business risk management. She regularly consults with governments, private sector executives, and operational personnel on the development of enterprise security programs that dovetail the technical, legal, operational, and managerial considerations. Jody is a member of the bars of the District of Columbia, Pennsylvania, and Colorado and serves as chair of the American Bar Associations Privacy and Computer Crime Committee. She is co-author and editor of four books on privacy, security, cybercrime, and enterprise security programs. She speaks globally and is the author of numerous articles.

Tim Upton: Founder Titus Labs.

Tim has an extensive background as a technology consultant in the security and large infrastructure spaces and as an entrepreneur with over 17 years of IT experience. Tim is the founder of Titus Labs and provides the overall vision for Titus Labs products and services around information protection best practices.

Tim's consulting background includes specialized skills in messaging, security, and Internet technologies and has lead architecture and business discussions with US Veteran Affairs (250,000 users) and US Air Force (525,000 users) to solve information protection requirements. Tim has spoken at numerous events around information protection best practices including speaking at the Microsoft MBX sales kickoff and speaking at the Microsoft TSCP panel in where the largest A&D contractors worldwide were in attendance.

Contact Us

Home	Solving Your Complex Core Business Risks In An Innovative, Pragmatic, Cost-Effective Way
Solutions
Results
Tools
Resources
About KoreLogic
	2008 ENTERPRISE SECURITY - EXPERT APPROACHES East Coast Friday, May 16, 2008 \| 10AM - 5PM Microsoft Corporation 12012 Sunset Hills Rd Reston, VA Attendance Limited to 40 Attendees Please R.S.V.P no later than May 6^th to: securityday@korelogic.com Event Overview To assist our customers in addressing today's security challenges, Microsoft and KoreLogic Security have developed the 2008 Enterprise Security Day Seminar series. These Seminars provide you a forum for sharing ideas, best practices and exploring ways to provide business-enabling solutions to your organization. The presentations are geared towards CISO, CSO, and Security Managers. AGENDA 10:00 - 10:10 Introduction 10:10 - 10:40 Web Application Security Metrics [Bob Austin] Despite the fact that majority of software security incidents caused by attackers exploiting known software defects and the focus on improving software security, meaningful web application security metrics are currently very immature. This presentation will briefly address current metrics research and initiatives followed by a discussion of metrics that have been found to be effective in measuring web application security effectiveness. 10:40 - 11:15 Digital Forensics Program Benchmarking [Cliff Barlow] KoreLogic will present an overview of its Forensic Capability Maturity Model (FCMM) which defines the attributes of a mature digital forensics program. The FCMM was developed to assist organizations in benchmarking an existing program or to guide the development of a new program. 11:15 - 12:00 "Making Data Classification A Security Cornerstone" [Tim Upton] Join Tim Upton, Founder of Titus Labs in a discussion on information protection practices, strategies, and best practices. Tim will share his thoughts on data classification, and how implementing data classification is providing stronger compliance and protection for organizations while at the same time improving overall business effectiveness without impacting end user productivity. 12:00 - 12:15 Break - Lunch Set Up 12:15 - 12:45 Working Lunch/ Anywhere Access Implications, a recap from the 2008 CSO Summit [Brian Fielder] Brian Fielder will share some of the key results the recently completed 2008 CSO Summit on the topic of "secure anywhere access" and the implications for security programs and investments. 12:45 - 1:00 Break 1:00 - 2:00 Becoming eDiscovery Ready [Jody Westby, Global Cyber Risk] Many companies are woefully unprepared to comply with federal litigation rules for producing electronic documents. The business impact is an expensive arduous E-Discovery response. Jody will discuss current E-Discovery issues and critical steps an organization can step to respond more effectively to E-Discovery requests. 2:00 - 3:00 eDiscovery and Compliance Measurement - A Unique Approach [Klayton Monroe and Bob Austin] Forensic investigators face several significant challenges today including an increasing case load, larger forensic target size, and demands for faster results. KoreLogic will present a real-world, regulatory compliance case study that required data search and analysis of terabytes of data under the pressure of external auditor deadlines. 3:00 - 4:00 Strong Authentication - Role in the Data Protection Lifecycle [Lynn Devore] Lynn Devore will discuss how Unisys Corporation's strong authentication solution provides powerful security for its employees and contractor personnel accessing vital information from locations around the globe. Learn how a rugged corporate Public Key Infrastructure provided the basis for smart card digital certificates, and how smart card technology enabled a cost-effective, second generation Single Sign On model, which is currently being deployed. 4:00 - 5:00 Identity Access Management Optimization (IO) Model [Alex Voysest-Invited Speaker] Alex Voyset will present the Infrastructure Optimization Model which has proven very effective in improving the state of IT infrastructure and describes what that means in terms of cost, security risk, and operational agility. 5:00 - 5:10 Wrap Up 5:10 - 7:00 Social Hour - Avoid rush hour and join us for casual networking ... Speaker Biographies Bob Austin, President, KoreLogic Security Mr. Austin is a KoreLogic founder with over eighteen years of experience in the technology industry including the establishment of three information security consulting practices. As President of KoreLogic, Bob is responsible for its strategic direction and growth as well as establishing business alliances. Bob is also active in consulting service delivery and directly supports clients in the following areas: assessment of enterprise security programs, development of security strategy; organizational design of security groups, incident response program development, and executive security training. Bob serves as President of the Central Virginia ISSA Chapter and is an OWASP Project Leader in the area of web application security metrics. Cliff Barlow, Director, Security Services, KoreLogic Security Mr. Barlow has over twenty one years of experience in design, implementation, security and management of information networks. As the Consulting Director for KoreLogic, Cliff is responsible for all aspects of the consulting delivery process, and functions as a security management consultant and program manager for key KoreLogic clients. Cliff has authored a state bioterrorism assessment project, developed forensic program plans, developed architectures for enterprise monitoring and contributed to the development of a state cyber-terrorism exercise. He provides direct strategic and tactical security guidance to Fortune 500 companies and is a trusted advisor for many Information Security Officers and organizations. Cliff holds a CISSP-ISSMP and PCI QSA. Lynn Devore, Enterprise Security Architect, Unisys Lynn Devore is an enterprise security architect at Unisys and has led the policy design, trust definition and architecture development for the Unisys Internal Public Key Infrastructure, as well as the ongoing implementation of the systems. He also is the architect for their smart card rollout, which provides secure multifactor remote authentication and domain logon, and serves as a basis for the company's ongoing RSO/SSO deployment. Following graduation from Marietta College with a B.S. in the physical sciences, Devore taught science for a year and then worked with two Unisys predecessor companies. He holds an MCSE, SANS GIAC-GSEC, and CISSP. Brian Fielder, Strategic Security Advisor, Microsoft National Security Team Brian has more than fourteen years experience in the areas of Information System Security. His experience includes penetration testing, security policy development, incident response program development, Security Architecture, and overall security program management. In his current role for Microsoft, Brian spends time consulting with customers on the topics of security program management and strategic security planning. Prior to joining Microsoft, Brian was a Director of Information Security at Charles Schwab. Brian has been a speaker on security subjects such as Internet Security, Web Services, UNIX security auditing and practices, Penetration Testing, Cisco auditing, and Microsoft systems security. He holds a CISSP; Certification on technologies such as Microsoft, Cisco, Firewalls, various Extranet software applications, Novell, Sun Solaris. Jody Westby, CEO, Global Cyber Risk LLC Drawing upon a unique combination of more than twenty years of technical, legal, policy, and business experience, Jody Westby brings a seasoned, multidisciplinary perspective to the many issues facing businesses and governments today in the areas of privacy, information security, outsourcing/offshoring risks, cybercrime, and IT business risk management. She regularly consults with governments, private sector executives, and operational personnel on the development of enterprise security programs that dovetail the technical, legal, operational, and managerial considerations. Jody is a member of the bars of the District of Columbia, Pennsylvania, and Colorado and serves as chair of the American Bar Associations Privacy and Computer Crime Committee. She is co-author and editor of four books on privacy, security, cybercrime, and enterprise security programs. She speaks globally and is the author of numerous articles. Tim Upton: Founder Titus Labs. Tim has an extensive background as a technology consultant in the security and large infrastructure spaces and as an entrepreneur with over 17 years of IT experience. Tim is the founder of Titus Labs and provides the overall vision for Titus Labs products and services around information protection best practices. Tim's consulting background includes specialized skills in messaging, security, and Internet technologies and has lead architecture and business discussions with US Veteran Affairs (250,000 users) and US Air Force (525,000 users) to solve information protection requirements. Tim has spoken at numerous events around information protection best practices including speaking at the Microsoft MBX sales kickoff and speaking at the Microsoft TSCP panel in where the largest A&D contractors worldwide were in attendance.
© Copyright 2008. KoreLogic Security. All rights reserved.