Early Bird Session - Mulligans Sponsored By: SAINT
Tuesday April 29, 2003 7:00 - 7:45 AM
Anti-hacking Strategies Billy Austin - SAINT
Identifying Vulnerabilities, Threats and eliminating your organization from becoming a victim of Next Generation Attack Tools.
The growing number of vulnerabilities continues to gain momentum each day. While known vulnerabilities remain to be the number one cause of attacks, unfortunately organizations are still playing catch up with the identification and repair process. This session will cover best practices and processes for controlling these vulnerabilities thus eliminating the known vulnerability attack threats.
This session will cover:
Resent intelligence on the development of new automated attack tools
Vulnerability Assessment scanners
Remediation tools and practices
Exploit Trends and Analysis of well-known vulnerabilities
Best Practices for controlling vulnerabilities
Networking Breakfast Sponsored By: SAINT
Tuesday April 29, 2003 7:00 - 7:45 AM
Incident Response and the Law Sponsored By: Guidance Software, Inc.
Tuesday April 29, 2003 8:00 - 8:45 AM
John Patzakis, Esq CEO and President, Guidance Software
Organizations continue to face ever-increasing legal liabilities surrounding the security of sensitive customer and employee data. Effective incident response plans and tools are now crucial in order to properly respond, contain and analyze a computer incident.
Mr. Patzakis will discuss the direct threats to the enterprise and the corresponding incident response plan goals and tactics. Incident response should now serve as a critical component of the information security equation, answering the mandates of several new laws, including:
o Mandated Incident Response Plans Under Federal Regulation o New California Mandatory Incident Reporting Law (SB 1386) o Liability for Data Destruction under Sarbanes Oxley/SEC Rules
Mr. Patzakis will also provide brief case studies that illustrate the need for proactive use of computer forensics within the enterprise.
The Future of Crime Investigation
Tuesday April 29, 2003 8:45 - 9:30 AM
Mary Riley, Senior Vice President Information Security, Bank of America
Computer technology is changing at an unprecedented rate. our current 100+ Gigabyte drives will begin to approach Terabyte capacity and the word Petabyte (Quadrillions) is now being discussed in planning meetings. Where is computer crime investigation headed?
Getting Operations and Security To Get Along: Collected Best Practices
Tuesday April 29, 2003 9:30 - 10:15 AM
Gene Kim, CTO, Tripwire
One of the biggest challenges facing Information Security executives is how to integrate better with their peers in Operations, Audit, and Management. All too often, despite sharing common objectives, these stakeholders integrate poorly together. Common patterns include Infosec defining a policy, only to be ignored by Ops. Worse, the remedy is Infosec "fixing" the problem without telling anyone, all too often resulting in the entire infrastructure crashing around them.
This briefing presents the results of benchmarking, showing how "best in class" Ops and Security organizations work together to create stellar service levels (high uptimes, low Mean Time To Repair), incredible cost structure (server-to-sysadmin ratios of 100:1 or above), fewest incidents, and earliest integration of Infosec requirements in the service delivery lifecycle. It turns out that when auditable security controls are implemented, what is good for Security is good for Operations, and vice versa!
This briefing will show how they achieve this, summarized in the Visible Ops methodology, a freely-available process that describes how "best in class" operations conduct daily processes. The goals of the Visible Ops methodology are to decrease Outage MTTR, improve operational efficiencies, and build a "culture of causality" in operations. Visible Ops does this by creating auditable controls that create useful metrics that can guide audit and future process improvement.
Morning Networking Break Sponsored By: Interactive Digital Software Association
Tuesday April 29, 2003 10:15 - 10:30 AM
Weakness in Proprietary Encryption - Another Domino
Tuesday April 29, 2003 10:30 - 11:15 AM
Chris Goggans and Jeff Fay, Independent Security Consultants
Many commercial products incorporate ineffective encryption schemes to protect passwords or content, either through a bad choice of algorithm or a poor implementation. This session discusses common problems in commercial products, including several detailed examples of applications whose internal protection schemes have been compromised. Even though users may have few viable alternatives, it is critical that they understand and account for these known vulnerabilities (and their potential impact as part of the "domino effect") when developing their risk management strategy.
Digital Steganography: The Evolving Threat
Tuesday April 29, 2003 11:15 AM - 12:00 PM
Chet Hosmer, President and CEO of WetStone Technologies, Inc.
Digital steganography, or the hiding of information in a digital carrier, has received increased international attention due to recent high profile incidents. It was only subsequent to 9/11 that both law enforcement and private industry comprehended the threat that these covert communications pose. Whether the danger is corporate espionage, terrorism, or child pornography, continued education and vigilance is necessary as this is a technology that continues to evolve and improve. This presentation will provide the audience with a current "state of affairs" for this area and explore the issues and challenges that we can all expect to face in the very near future.
Networking Lunch In The Exhibit Hall Sponsored By: Tenable Network Security
Tuesday April 29, 2003 12:00 - 1:30 PM
Ron Gula, Tenable Network Security Gary Golumb, Research Engineer, Enterasys Networks Ken Green, Research Engineer, Trustwave Marty Roesch, CTO Sourcefire John Copeland, Founder and Chairman, Lancope Inc.
Tenable Network Security (www.tenablesecurity.com) will present four breifings on the current state of intrusion detection. Guest lecturers from Enterasys Networks, Lancope, Sourcefire and Trustwave will discuss recent technology trends, operating an IDS, rules-based IDS tools and anomaly-based IDS tools. At the end of the track, Ron Gula will lead a panel of all the presenters answering your questions about intrusion detection.
01:30 - 01:45 Ron Gula, CTO, Tenable Network Security Introduction, speaker introductions, recent trends in IDS technology.
01:45 - 02:30 Gary Golumb, Research Engineer, Enterasys Networks Review of IDS industry, major players, technologies, best practices and hacker techniques.
02:30 - 02:45 15 min break
02:45 - 03:30 Ken Green, Research Engineer, Trustwave Incident Response: Responding to IDS events
04:45 - 05:30 John Lancope, Founder and Chairman, Lancope Inc. Anomaly based Network IDS
05:30 - 05:45 15 min break
05:45 - 06:30 Security roundtable
T-2 Body Armor For Cyber Cops (Center)
Tuesday April 29, 2003 1:30 - 3:00 PM
Sponsored by iDEFENSE
Special annual meeting of some of the most respected Cyber-Cops on the planet!
Kevin Manson Matt Donlan Bill Siebert Marjie Britz Dan Mares Randy Grubb Joe Mykytyn Det Shlomo Koenig CFE SCERS CFCE
This ever popular track usually goes on well into the evening. The training, netwoking and little nuggets of technical gold have been annual highlights at every Techno-Security conference so far.
This year's session will open with a detailed discussion of the secure CyberCop portal which Matt Donlan's ESP Coporation developed for highly secure communication among diverse agencies over the Internet.
Here are some of the additional topics being presented for Techno-2003: __________________________________________________
Preparing For The Forensic Examination
Dan Mares will discuss some procedures to prepare your hardware, software and procedures for each examination. Simple tasks which may be overlooked, but can be easily attacked by defense attorneys to cast doubts on your process. __________________________________________________
Advanced Investigation & Tracking of Web Sites
Shlomo Koenig, Deputy Sheriff, Rockland County Sheriff Department, Computer Crimes Unit
Web pages and web site investigation & tracking Saving capturing, downloading and printing web pages and code What do you need to set up a web site? And the trails left behind Reading html, and source codeTypes of HTML code and languages Packet capturing Web based mail vs. email and readersTools for tracking and investigating
Dr. Marjie Britz - Professor Department of Political Science/Criminal Justice office - The Citadel
This presentation will explore the current state of organized crime within American borders, and discuss homeland foundations of criminal syndicates since the intersection of technology and crime. _________________________________________________
Advanced Investigation & Tracking Of Web sites
Det Shlomo Koenig CFE SCERS CFCE
Topics to be covered include:
1. Web Pages and Web Site Investigation & Tracking
2. Saving Capturing, Downloading And printing WebPages and code
3. What do you need to set up a website? And the trails left behind
Andrew Briney - Editor Information Security Magazine Joyce Brocaglia - CEO Alta Associates Mary Ann Davidson - CISO Oracle Ron Baklarz - CISO American Red Cross Jeff Reich - Director of Information Security Interland Tim McKnight - Senior Director & Chief Information Assurance Officer at Northrop Grumman
Our panel of senior industry leaders will share their views on some of the most pressing issues and concerns which impact security managers from every size company and agency. Here are a few of the timely topics which they will address:
Developing and implementing effective policies: How has this process changed? What have you learned in terms of "best practices" as your career has evolved?
Budgeting for IT security when times are tight.
Tips for bridging the gap between... · IT and IT security. · Physical and IT security · Technical security and people security · Privacy and security · Senior management and IT security
Reporting structures: Should IT Sec have a "seat at the table?" Who do you report to? Is it effective?
Format: Andrew Briney - Editor Information Security Magazine will lead the discussion with a short PPT presentation (3-4 slides), and branch into each discussion section with a slide or two to frame the discussion. Throughout there will be audience Q&A.
T-2 Body Armor for Cyber Cops - Continues (Center)
Tuesday April 29, 2003 3:30 - 6:30 PM
T-4 Homeland Security CyberThreat Update and Infrastructure Due Diligence (East)
Tuesday April 29, 2003 3:30 - 6:30 PM
3:30 – 3:35 Introduction and Overview Don Hewitt
3:35 – 4:20 CyberThreats to Critical Infrastructure Matt Devost
4:20 – 5:00 Vulnerability Assessments and Due Diligence Don Hewitt
5:00 – 5:15 BREAK
5:15 – 5:45 Practical Examples from Real Assessments Chris Goggans Jeff Fay
5:45 – 6:10 Putting It Together – Risk Assessments and Don Hewitt Due Diligence Security Programs
6:10 – 6:30 Open Forum Q&A All Presenters
Venture Capital perspective on Security Sponsored By: Apax
Tuesday April 29, 2003 6:30 - 7:30 PM
Neeraj Bharadwaj - Apax
Key trends in the security market around market sizing, customer perspective, technology etc. Review of vc investments in security Number and type of deals, valuations etc. Areas of opportunities for start-ups given roadmaps of incumbents, next gen computer/network security pain points etc. Guide book for start-ups looking to raise money Criteria VCs use for funding start-ups, milestones vs capital commitments etc.
This special Open House / Southeast ecTaskForce meeting will be a follow-up meeting similar to last year's event. All attendees are welcomed to attend and get to know many of the local, state and federal members of the United States Secret Service Electronic Crimes Task Force.
During this session, we will hear a special presentation by LT. Chip Johnson, Supervisor of the South Carolina Computer Crime Center and member of SLED. Lt. Johnson has also been a long time member of the USSS Electronic Crimes Task Force.
This meeting will be jointly hosted by the United States Secret Service Columbia, SC, Charlotte, NC and Miami, FL field offices and the South Carolina Computer Crime Center.