ISE® Southeast Schedule of Events 2011

Advanced Persistent Threat: It Pays to be Paranoid

Tim Callahan
Group Vice President, Manager Business Continuity and Information Assurance
Sun Trust
ISE® Northeast People's Choice Award Winner 2009, ISE® North America Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2009, ISE® Northeast Executive Award Finalist 2007, ISE® Southeast People's Choice Award Winner 2006, ISE® Southeast Executive Award Finalist 2006

Insider threat. Social engineering. Spear phishing. Pervasive botnet infections. Legitimate websites hosting malware. Polymorphic malware. Blended threats. Multiple infection vectors. Command & control servers. Some of the biggest and best companies in the world are being targeted by criminal and nation-sponsored groups seeking to obtain information on intellectual property, legal activities, trade negotiations, customers, employees, credit card numbers and other financials, production information and schematics – and more.

Theft of information and electronic data at global companies has overtaken physical theft for the first time, with losses rising from $1.4m to $1.7m per billion dollars of sales, according to the 2010/2011 Kroll Annual Global Fraud Report. A study conducted by the Ponemon Institute reveals that 83% of respondents believe their organization was the target of advanced attacks, with 44% believing they were victims of frequent targets.

Data Like Digital Water: Plugging the Leaks

John B. Sapp Jr.
Director, Product Development Standards - Security, Risk & Compliance
McKesson Corporation
ISE® West Executive Award Finalist 2010

It seems that everywhere we turn, organizations are leaking data. Headlines expose losses of data in industries across the board and now WikiLeaks, with its publication of leaked cables, has organizations wondering if such an event could happen to them.

Data leakage is virtually impossible to stop, but the problem often isn't technology. It's people. The WikiLeaks incident underscores the risks inherent in failing to compartmentalize and in granting employees inappropriate levels of access to data and IT resources. Disgruntled staff, tech-savvy contractors and dismissed employees may misuse privileged access, or gain unauthorized access, and exploit the data. On the other end of the spectrum, naïve employees and well-intentioned users inadvertently leak data through improper and insecure handling of sensitive data.

Cloud Computing: Security and Privacy and Contracts, Oh My!

Phil Agcaoili
Chief Information Security Officer
Cox Communications
ISE® Central Executive Award Winner 2009

Platform-as-a-Service. Infrastructure-as-a-Service. Software-as-a-Service. Dedicated private. Open public. Hybrid. While there is no single term that describes a cloud environment, the fact remains that more and more data is moving to the cloud. Forrester predicts that cloud computing PaaS will be $15.2B by 2016 and Gartner claims the cloud computing IaaS market will reach $23.5B by 2013.

Benefits of cloud computing include reduced operating costs, savings on hardware, simplified licensing arrangements, streamlined infrastructure environments, consolidated facilities, increased functionality and flexibility, ability to scale and speed of access.  But is it secure? As more information on individuals and companies is placed in the cloud, attention must be turned to how safe an environment it is and how we assess security and perceive risk.

The Consumerization of IT: Plague or Progress?

Tammy Moskites
Chief Information Security Officer
The Home Depot
ISE® North America People's Choice Award Winner 2010
ISE® North America Executive Award Finalist 2010
ISE® Southeast Executive Award Finalist 2010
ISE® Central Executive Award Finalist 2009

Smartphones and tablets are washing across the enterprise like a tsunami. Whether driven by an executive push or because employees are simply just using them, consumer technology's momentum has reached a dizzying pace and keeping them off the network can be akin to whack-a-mole.

Boundaries between work and personal technologies are diminishing. Boomers and Gen-Xers are bringing personal devices to work. Millennials and the Gen-Zs grew up using PCs, laptops, mobile phones, iPhones, iPods – and now iPads; and are making the provision of mobile tools a condition of employment. Technologies originally aimed at consumers, such as thumb drives, instant messaging and handheld audio and video players, are now ubiquitous in the business world.

Outsourced or Outsmarted: How to Avoid the "Gotchas" in Outsourcing

Paul Huesken
Director of Information Assurance
The Coca-Cola Company
ISE® Southeast & North America Judge

Whether it’s driven by a desire to reduce costs, tap into deep expertise, streamline internal operations or gain the flexibility afforded by cloud services, organizations are increasingly outsourcing a wide range of functions. On the menu are non-critical commodity-type activities, network operations, application development, customer service and even infrastructure and security monitoring. Yet, deciding to outsource is difficult. The promised benefits are so attractive – but the stakes are so high. It’s not surprising that hesitancy is a common reaction when deciding to outsource.

Security challenges surface whenever business processes are moved outside of the confines of the firewall. Whether it be legal liability, compliance issues, brand risk or customer concern, the more eyes and hands you have on your data, the greater the risk of something going wrong. This problem is magnified by the fact that your data may be stored on many different computers and the people accessing your data may well be on the other side of the world.

Not Your Father’s Identity and Access Management: Moving from IAM to IAI

Kyle Duke
Information Security Officer
HealthSpring
ISE® Southeast People's Choice Award Winner 2010

The internal corporate network is now a connected web of people and devices as more employees work remotely; and partners, customers and vendors are given access to corporate systems and sensitive data. This connected business model many times means managing access for users the company knows little about, and accommodating SSO and less intrusive authentication. To complicate matters, cloud-based applications are on the rISE®, bringing more challenges to managing user security. Layered on top of these business considerations is the requirement to meet industry-specific standards and comply with regulations such as HIPAA, SOX and PCI. Businesses must prove accountability around data access and management.

Vendor Consolidation: A Tale of Two Meanings

Ed Sarama
Chief Security Officer and Senior Vice President, Enterprise Risk & Resilience
Fiserv
ISE Southeast Award Winner 2006

Within the industry, best of breed products offered by niche players and small vendors often fulfill our technology needs perfectly, whereas a larger vendor may not measure up. Smaller companies, whose success depends on your success, typically provide better customer service and are strongly motivated to help you succeed. To many a user’s chagrin, the security technology industry is consolidating due to mergers and acquisitions, resulting in fewer, larger players. What may happen to the acquired vendor and its technology is often an open question. Vendor consolidation impacts vendor relationships, technology direction and customer support; elevates concerns about the safety of existing and new investments; and adds uncertainty and risk that is best to be avoided.