Data Protection Track
Protecting data has become job one at most organizations and the need for a strong data protection, data classification and data leakage strategy is essential. The data protection track helps you unravel the complexities of creating a data protection program from cradle to grave.
The Information Centric Security Lifecycle
Adrian Lane, Senior Security Strategist, Securosis
We hear time and again how the bad guys are after our data, and that firewalls and antivirus aren't enough. But there's a lack of information on taking a strategic, cost-effective approach to data security.
Confused by DLP, encryption and database security? This session presents a strategic overview of the new approaches of information-centric security. Adrian Lane shows you which tools, techniques, and technologies work best in order to protect your most sensitive information. From DLP, to encryption and database security, attend and learn where to start, what really works, and how to put it all together without breaking the bank.
Case Study: Allstate Insurance Company's Local Data Protection (LDP) Project
Eric Leighninger, Chief Security Architect, Allstate Insurance Company
Protecting data-at-rest, data-in-transit and data-in-use in large information intensive enterprises is a daunting challenge from both the technological and financial perspective. Eric Leighninger provides first-hand advice on how Allstate is attacking this problem with regard to data-at-rest on mobile devices and removable media.
Attacking the data-at-rest protection problem requires a combination of encryption and compensating control mechanisms such as data obfuscation, filtering and masking. Allstate, like many comparable companies, has developed a data encryption strategy that takes into account the sensitivity and value of the data itself, the context in which it is used and the associated risk of compromise. Leighninger discusses Allstate's local data protection project that dealt with laptop and media encryption with an emphasis on:
- A description of the problem to be solved and its relationship to the larger set of enterprise data
protection considerations - Technical and procedural challenges and issues that developed
- An overview of the project, implementation and support issues that arose during test and
deployment of the encryption solution - Lessons learned
Software Security: State of the Practice
Diana Kelley, Partner, SecurityCurve
With software running the world’s most critical business processes, it’s essential to understand both its utility and the risk it can bring to those processes. Organizations need to design for functionality, yet constrain behavior so that software meets the appropriate risk levels and is manageably secure in the enterprise. In this presentation, Diana Kelley, shows you how to incorporate risk management into the software development lifecycle effectively.
- Learn about business logic security vulnerabilities that attackers are exploiting but your processes and tools are probably missing
- Learn the top things to consider when defining software security requirements
- How to apply and enforce security practices during development
- Tips for implementing an effective security training program for members of the software development team