Information Security and Threat Management:

Melbourne, March 8, Crown Towers
Sydney, March 9, Sofitel Wentworth

With the number of reported security vulnerabilities in 2006 increasing for the second year in a row and spam experiencing a 100 per cent year on year for the past two years, IT security professionals need to step up their game in 2007.

According to the Computer Emergency Response Team (CERT), the latest threat figures reflect a real increase in the proliferation -- and vulnerability -- of Web applications. Such dramatic increases are not a long-standing feature of the IT landscape. After nearly doubling in 2003 to 4,129, the number of vulnerabilities reported to CERT dropped to 3,784 in 2004 and held almost exactly steady in 2005, before rising again in 2006. The landscape is expected to worsen in 2007. To assist IT executives in combatting these concerns, we are excited to have secured two international speakers to address the ever-changing security space at our next Computerworld breakfast briefing;

- Mark Bouchard, CISSP, is the founder of Missing Link Security Services, a US consulting firm specializing in information security and risk management strategies
- David Thomason, the project manager responsible for the largest deployment of intrusion detection systems in an American financial institution and now Director of Security Engineering, Sourcefire, Inc. If you are responsible for, or concerned about, your organisation's information security then listening to these two speakers could be the most valuable two hours you spend this year.

Speakers

	Information Security Strategies for 2007 and Beyond Mark Bouchard, CISSP, Founder , Missing Link Security Download the presentation here		Enterprise Threat Management (ETM): Bringing Security Together Through Intelligence David Thomason David Thomason, Director of Security Engineering, Sourcefire, Inc. Download the presentation here
	2007 sees CIOs in a security landscape that is characterized by diverse and problematic issues and challenges. Hackers have stepped up their game in an attempt to turn a profit. Blended threats and targeted attacks are becoming status quo. And every time you turn around there is a new technology, system, or application that needs to be secured. While there may be no one issue, theme, or technology that is shaping up to be the undisputed front-runner in 2007, it does not mean that CIOs can sit back and relax. Instead organizations must sift through an ever-growing array of security "solutions" to identify what's real/hot and what's not and, more importantly, to figure out what is really needed to establish an effective yet efficient set of safeguards. Accordingly, this presentation is intended to help CIOs, CSOs, and other key decision makers where they should focus their attention and investments when it comes to information security over the next couple of years. Specific topics that will be addressed include: - What items and technologies are hot (and not so hot) in IT overall, and the impact they are likely to have on an organization's information security initiatives - The prevailing and evolving conditions associated with the threat and vulnerability landscapes and how they are driving the need for new types of countermeasures - The distinction between communications-centric and content-centric protection and the influence this should have on security purchasing decisions - What critical factors organizations need to be aware of when considering certain strategies and countermeasures (e.g., network admission control, information leak prevention, web application firewalls, de-perimeterization) - How threat and vulnerability management challenges are being addressed by other organizations and how solutions in this segment will be evolving		While network security budgets are rising at generous rates — up to 20% of the overall IT budget — the trend simply cannot continue. Just throwing more money at the problem is not the solution. The days of "see a threat, buy a box" are gone. In addition to addressing security issues, network and security professionals are being told to handle policy and compliance enforcement, tracking, and reporting. They are also being asked by management to make the solutions as efficient as possible. Some have tried integrated approaches such as UTM, SIM, and best of breed but have found little success there as well. In this presentation, David Thomason will discuss how today's network security professionals do need a holistic security approach — one that unifies functions such as Vulnerability Assessment/Management, Intrusion Prevention, and Network Behavior Analysis. He will look at the ways Enterprise Threat Management (ETM) unifies these functions through intelligence — giving network security professionals a real-time, highly automated approach that maximizes efficiency and effectiveness and ensures that policy and compliance requirements are being met as well.

David Thomason's entire career has been security related with his focus being on intrusion detection systems. In 1986, he started his career in security while in the United States Air Force. There, he was responsible for building systems compliant with the National Security Agency's C2-level security standard. Later in his Air Force career, David was one of the founders of the Air Force Computer Emergency Response Team (AFCERT) where he worked in a number of roles including Incident Response Team Lead. After almost 10 years in the military, he went to work for a defense contractor and continued to serve in the AFCERT where he was responsible for the successful apprehension and prosecution of three hackers. Subsequently, David became a security consultant where he conducted hundreds of information security risk assessments, penetration tests and security system deployment and integration projects. He was the project manager responsible for the largest deployment of intrusion detection systems in an American financial institution.

Agenda