Big 4 Information Security Forum

Transcription

1 San Francisco ISACA Chapter Proudly Presents: Big 4 Information Security Forum A Day-Long, Multi-Session Event, being held in San the Sir Francis Drake Hotel! *** PLEASE NOTE THIS EVENT WILL NOT BE AT THE HOTEL NIKKO *** Where: Sir Francis Drake Hotel Powell Street San Francisco, CA (415) When: Thursday, May 20 th, 2010 Registration: 8:30 a.m. 9:15 a.m. Session: 9:15 a.m. 4:30 p.m. - Breakfast / Lunch / Afternoon Refreshments provided Speakers: See below for Sessions Agenda, Speaker Information, and Schedule CPE Hours: 6.0 Cost: $79.00 ISACA Members $89.00 Non-Members $59.00 Students $79 for members = 6 CPEs + Meals 4x the CPE units of our regular monthly luncheon sessions for less than 2x the cost = more than 50% savings for our valued members!!!

2 Sessions Agenda and Speaker Information: 2010 Security Trends Vijay Jajoo, Director KPMG Session Synopsis: Over the past 20 years, the information security landscape has significantly evolved from focus on firewalls, operating systems, web applications to edge devices and data protection. This evolution has been driven by consumer behavior, and the platforms leveraged to manage the business and deliver services. With every new technology, there lies the business benefits, as well as certain risks. This session will focus on discussing the 2010 trends that we see in the industry, and how to be prepared as a security professional, to minimize the risks, create business value, and gain efficiencies. Speaker Bio: Vijay Jajoo is a Director in KPMG s IT Advisory practice with over 15 years of experience assisting clients with IT Strategy, Security Transformation, Enterprise Governance Risk & Compliance (GRC), Security Incident Response programs, and enabling their business processes using emerging technologies to meet their strategic objectives and mitigate business and compliance risks. His technical and functional security expertise includes a wide range of platforms, networks and applications, and his primary focus has been on servicing Fortune 100 companies in the Financial Services and Internet Services industries. Vijay has presented at various IT and Security industry events on key security challenges, trends and remediation strategies like data breach and identity theft, IT transformation, and CIO/CISO agenda, Enterprise GRC roadmap and implementation. Vijay was a steering committee member with IDSP (Identity Theft Prevention & Identity Management Standards Panel), coordinated by ANSI and the BBB institute, to help develop a practical standards framework to minimize identity theft and fraud across various industries. He also assisted the primary authors in writing and editing the book Cloud Security and Privacy (O'Reilly Media). He earned his MBA with an emphasis in Telecommunications and International Finance from the University of San Francisco, CA. He s a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified LiveWire Investigator (CLI) and Cisco Certified Network Associate (CCNA).

3 Cyber Intelligence / Warfare Ali Golshan, Manager PricewaterhouseCoopers Session Synopsis: Concerns over Advanced Cyber Threats is growing by day, and it has been well documented that certain organized groups and governments have taken an active approach to creating cyber attack capabilities. Today s security solutions are falling short due to their approach & architecture. Furthermore, the rise of espionage groups such as the Shadow Network, using sophisticated methodologies to hack military and civilian networks, as well as governments employing Cyber Warfare as part of military offensive such as Russia's well documented attacks on the Georgian Cyber infrastructure during the 2008 conflict. We have reached a point where a new threat landscape has been created, through weaponizing of malware, and networks such as RBN (Russian Business Network) created for the distribution of these types of attacks. As a result there is an urgent need in a paradigm shift to combat these highly sophisticated and targeted attacks. Speaker Bio: Ali Golshan is focused on the security of information technology, with a focus on technical assessments related to malware, targeted attacks, and cyber warfare, has been involved in the security industry for over 9 years, with the last 5 years focused on the changing threat landscape, and the paradigm shift required in the security industry to combat organized, and sophisticated attacks. Ali is a leading subject matter specialist in IT Security, consulting, development, and operational processes, with extensive experience in R&D towards mapping and building advanced threat vectors.

4 Owning Corporations: Abusing (and Leveraging) Subliminal Intelligence form Open Source Channels Nitesh Dhanjani, Senior Manager Ernst and Young Session Synopsis: Take a look at your corporation's security project portfolio and you are likely to find the following initiatives: application security, platform security, identity and access management, data security, network security. By investing in these projects, your corporation is probably spending millions every year to protect its intellectual property. Unfortunately, the traditional channels many security projects aim to protect are increasingly becoming outmoded and of little interest to the new generation of malicious and persistent actors. In this presentation, we will take a detailed look at how malicious attackers can leverage subliminal intelligence, which is continuously being leaked into the public domain by staff and executives alike, to ascertain confidential information and to steal intellectual property from the largest corporations. Here are the topics we will cover: How vulnerabilities in social media platforms can be abused to uncloak identities and discover the underlying business hierarchies. Reconnaissance and pillage of confidential corporate information via behavioral analysis of social networks. Inside-out intelligence gathering from public channels - specifically location aware social channels. Influence analysis of social network graphs to discover and steal corporate information. Hacking the Psyche: How to build psychological and emotional dashboards of targeted individuals for social engineering by way of manipulation. The goal of this presentation is to raise consciousness on how open source mechanisms can and are being abused by malicious actors to infiltrate their way into corporations by abusing channels that leak subliminal intelligence. Speaker Bio: Nitesh Dhanjani is a well known information security researcher and speaker. Dhanjani is the author of "Hacking: The Next Generation" (O'Reilly), "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly), and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network Security" (Osborne McGraw-Hill). At Ernst & Young, Dhanjani is Senior Manager in the Advisory practice, responsible for helping some of the largest corporations establish enterprise wide information security programs and solutions. Dhanjani is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as social media, cloud computing, and virtualization. Prior to E&Y, Dhanjani was Senior Director of Application Security and Assessments at Equifax where he spearheaded security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & threat modeling, and managed the attack & penetration team. Before Equifax, Dhanjani was Senior Advisor at Foundstone's Professional Services group where, in addition to performing security assessments, he contributed to and taught Foundstone's Ultimate Hacking security courses. Dhanjani holds both a Bachelor's and Master's degree in Computer Science from Purdue University.

5 Cloud Security Arun Perinkolam, Manager Deloitte & Touche Session Synopsis: Cloud computing promises significant cost savings, rapid deployment opportunities, dynamic scalability and flexibility. With these purported benefits, however, come various security and privacy risks and challenges which are widely cited as the top barrier to adoption for cloud services. Whether operating in a public, private, or hybrid cloud model, developing an effective security and privacy program for the cloud will be an imperative to managing risk and protecting key IP and data assets from unauthorized access and disclosure. We will provide participants with an overview of the various cloud business models, discuss the broad security and privacy concerns facing enterprises today, and highlight some of the key differences and challenges addressing security and privacy risk in the cloud versus more traditional IT deployment models (e.g. hosting). Speaker Bio: Arun is a Manager with the Security & Privacy practice at Deloitte & Touche LLP, serving clients in the Technology and Consumer Business (Retail) industry sectors. As an Information Technology and Security Solutions consultant, Arun has served both national and global clients on engagements ranging from information security strategy development to detailed design & deployment of enterprise security solutions for over 9 years in both technical and management leadership roles. Arun specializes in the domains of Information Security and Technology Risk Management Strategy, Identity and Access Management, Data Protection and Compliance (including PCI), System Vulnerability Assessment and related methodologies. More recently Arun has been focused on serving clients in the areas of Ecommerce Security and Fraud Management. Arun holds a Masters degree in Computer Science from the University of Southern California and also holds the CISSP and CSSLP certifications.

6 Tentative Session Schedule Session Start End Registration / Breakfast 8:30 9:15 Session 1 9:15 10:30 Break 10:30 10:35 Session 2 10:35 11:50 Networking Lunch 11:50 12:50 Session 3 12:55 2:10 Break 2:10 2:15 Session 4 2:15 3:30 Afternoon Networking Break w/ Refreshments 3:30 4:00 *** TENTATIVE: Open Q&A session with the presenters 4:00 4:30