Home | About Us | Contact Us | FAQ  
Infomation Security Executive of the Year Award   Executive Alliance, Inc
Infomation Security Executive of the Year Award
ISE AwardNominationsSponsorshipArchivesPress / Media
Home > ISE UK and Ireland Executive Forum 2008
ISE UK and Ireland Home
About the ISE Award
Special Guests
Executive Nominees
Project Nominees
Judges
Sponsorship
UK Sponsors
Testimonials
Schedule of Events
Executive Forum 2008
ISE Advertising
infosecurity
- April, 2008
 
ISE UK and Ireland Executive Forum 2008

Wednesday 22nd October 2008
Le Meridien - Piccadilly
London, England
13:45
 

Guest Host Moderators

Adrian Asher
 Adrian Asher
Global Head of Information Security
Man Group PLC
ISE UK and Ireland Awards 2007 Finalist
Biography >
Colin Clark
 Colin Clark
Head of Corporate Business Control
Somerfield Stores Limited
ISE UK and Ireland Project Award 2007 Winner
Biography >
Paul Wood
 Paul Wood
Group Business Protection Director
Aviva Plc
ISE UK and Ireland Awards 2008 Nominee
Biography >

Thought Leadership Topic One:

Managing IT Controls for User Access to Ensure Compliance and Survive Audits

IT controls around user access, regardless of the internal business policy or industry regulation, are the common denominator for surviving audits and ensuring compliance. However, the creation and enforcement of access policy for job-critical applications and systems is an increasingly complex undertaking, especially for organizations with large transient workforces. Adding to the complexity is the rapid adoption of new technologies that support increased enterprise collaboration and virtualized or remote access. An organization's approach to addressing compliance requirements is critical especially as high-profile data breaches continue to make headlines, and repercussions for non-compliance weigh heavily on companies' reputations and their bottom line.

Businesses throughout the UK and Ireland are under constant pressure to demonstrate compliance with business policies, or guidelines and regulations such as the Payment Card Industry (PCI) Data Security Standard, and Basel II. Effective compliance solutions require strong policies and automated technology solutions around user access.

Many organizations are implementing identity management solutions including automated user provisioning and de-provisioning, roles based access control, and federated identity management to exchange critical information across company boundaries with customers, suppliers, and trusted partners.

Discuss with your peers at this executive roundtable:

  • What technologies, processes, and policies your organization has in place to control access to systems.
  • How identity management can play a significant role in enabling organizations to meet today's demands for security and compliance.
  • Best practices for rolling out identity and provisioning solutions to ensure successful implementation.
  • The benefits and challenges of implementing automated provisioning and de-provisioning solutions as well as role based access control.

Back to Top

Thought Leadership Topic Two:

Protecting Data from the Inside Out by Knowing Where your Software and Web Applications are Vulnerable

Data privacy. Outsourced Development. Security in the SDLC. There has never been a greater reason to secure your critical data, and it is your applications - the foundation upon which organizations function that are putting that data at risk.

Although analyzing applications for insight into risk may seem daunting, the path to knowing where your software and web applications are most vulnerable and remediating those vulnerabilities is critical to understanding and managing your business risk.

The ongoing epidemic of data breaches and regulations and compliance standards such as the Payment Card Industry Standards (PCI) have painfully highlighted the insecurity of many of today's applications. How, then, can organizations ensure their applications are secure, and avoid the cost , stock price downturn, or worse, having to explain to consumers and regulators how code defects allowed attackers to steal sensitive information?

Historically, the focus has been on one of the following two approaches to securing software:

  • Manual Security Code Review which, while providing a thorough analysis, has issues of efficiency, repeatability, reliability and cost, while also requiring highly skilled security expertise.
  • Penetration Testing which is only focused on web front ends and exposed interfaces. Pen testing is considered an "Outside-In" approach, and requires a functionally complete application to analyze, so it cannot be built into the SDLC process.

While both of these approaches have their value, automated software risk analysis tools now allow organizations to approach secure code development in a more systematic, automated, and predictable manner. These tools can greatly improve the speed and accuracy of code review, and may be integrated seamlessly into the development lifecycle, precisely locating vulnerabilities in the line of code and providing detailed information about the type of flaw, the risk it poses, and how to fix it.

Discuss with your peers at this executive roundtable:

  • Tools and technologies for identifying web application vulnerabilities
  • Benefits of automating code review to ensure compliance
  • Ways of firmly entrenching application security in all stages of the Software Development Life Cycle (SDLC)
  • Roles and responsibilities of the application quality assurance (QA) teams, information security staff, audit professionals, and developers in ensuring secure applications
  • Methods and processes to deal with attacks that target software and web application vulnerabilities
  • Providing training for application developers in writing secure code

Back to Top

Thought Leadership Topic Three:

The Security Risks of Social Networking and What it Means for Global Organizations

Social networking sites are one of the most remarkable technological phenomena of the 21st Century. They are becoming among the most visited websites globally. For example, as of June 2007, MySpace was the most visited website with more than 114 million global visitors, representing a 72% increase over 2006. Face book increased its global unique visitors by 270% by June 2007.

Social websites have significant business value because of the marketing applications they offer. Global enterprises are under pressure to open up these sites to more and more employees to keep up with the competition. As with every fast-growing technology, however, security and privacy have not been the first priority in the development of these social networking sites, and as a result, significant privacy and security risks have emerged. Major threats include social networking for the purpose of corporate espionage, information leakage by employees, escalated attacks by viruses and worms, and increased spam.

Security executives are tasked with understanding the major threats when they open up these websites in their organizations and the solutions for ensuring that individual and corporate data are protected from these threats.

Discuss with your peers at this executive round table:

  • The benefits and challenges of opening up social networking in your organization
  • Policies and processes that are needed to ensure corporate Data is protected
  • Technologies that can be implemented to help prevent data loss and identify and block malicious sites from being accessed
  • Education and awareness techniques to ensure employees understand the risks of social networking

Back to Top
Privacy Policy  |   Security Policy  |   Purchase Policy © 2003 - 2009 Executive Alliance, Inc. All rights reserved.