|
|
Sessions and Speakers
David Ames,
Pricewaterhouse Coopers |
 |
Lessons Learned from Data Breach Responses
This presentation will walk the audience through the aftermath of a breach of information security including these key topics:
- Preparation required to address regulatory inquiries and minimize breach impact
- The external parties involved
- Traditional costs of a breach
- The breach notification efforts, and
- The questions you need to be prepared to answer
David is a Senior Associate in the PwC Technology practice. He is based in the Atlanta office and specializes in investigations and IT security. David has experience providing incident response support, PCI related services, and forensics analysis to companies of all sizes. David graduated from the University of Georgia with a degree in Management Information Sciences and is a CISSP.
|
Richard Austin,
Kennesaw State University |
 |
From Autopsy to Physical Exam: The Changing Face of Digital Forensics
For many years the typical practice of digital forensics has been more like an autopsy where the disk-image remains of a system were examined to retrieve traces of user and system activity. However, as incident responders have long known, much useful information (active network connections, memory-only malware, etc) exists only while the system is still running. The growing field of live forensics is concerned with collecting and analyzing the state of the still-running (live) system in a forensically sound fashion. This session will present a whirlwind introduction to useful Open Source tools that enable the incident responder and forensic investigator to supplement their "post-mortem" system autopsy with data from the running system.
Richard is a CISSP and holds an MS in Information Systems with concentration in Information Security. He also holds a BSc in Psychology from Jacksonville State University.
|
Celia Baker,
IntelliGRACS Group |
 |
Security Policy & User Awareness
Two of the most important parts of a security program are having the right policies in place and then ensuring your user community is aware of those policies. This session is not only about what policies and awareness programs are but how they fit together, why you should have them, and what pitfalls to look out for.
IT Audit & Security - Learning to Play Together
This This session will look at the role of IT Audit and the interplay between audit and security. Session will look at how to get more proactive in implementing proper controls. Why wait for audit to document a problem? Start implementing proper controls from the start and in the long run you will have a more proactive and efficient control environment.
Celia is the owner of IntelliGRACS Group, Inc. and her certifications include CGEIT, CISM, CISA and CISSP. Celia is an accomplished security executive with over 15 years experience in managing security and risk initiatives. She has extensive experience in IT governance, risk management, regulatory compliance, all areas of information and physical security, as well as business continuity/disaster recovery planning. She is a graduate of the Georgia Institute of Technology, is a Persian Gulf War Veteran, and is a third year law student at Concord Law School.
|
| Jon Banks, CISSP |
|
eDiscovery Primer
The preponderance of electronic records is why understanding e-discovery requirements is so important and needs to be properly addressed and prepared for before a lawsuit is filed. This presentation is intended to help information security professionals gain an appreciation and understanding of e-discovery requirements. This presentation will review the responsibilities information security professionals may have under the pertinent sections of the Federal Rules of Civil Procedure and the Federal Rules of Evidence, the basis for litigation in the United States.
Jon is in his final year of study for the Executive Juris Doctorate degree in Law and Technology through Concord Law School. He has eleven years of information security experience including building information security programs; security engineering, analyst, and operations; and governance and compliance. He serves on the University of Georgia MIS Advisory Board.
|
Aaron Bawcom,
Reflex Systems, Inc. |
 |
New Directions in Virtualization Security: How Segmentation Can Strengthen Your Security Posture
These days, many IT organizations now employ very pragmatic security policies to protect their infrastructure resources. However, until recently, these same policies have also made it difficult to adopt and embrace the latest virtualization technologies as these systems require increased levels of security protection. The good news is that new advancements in security technology will not only enable virtualization of these critical IT assets but also allow for even more extensive security policies in environments that are subject to rapid change.
Aaron Bawcom joined Reflex as Vice President of Engineering in September of 2007. Bawcom is responsible for the development of products bringing more than 12 years of engineering management experience to the company. He holds a B.S. degree in Computer Science from Texas A&M University.
|
Dan Carcone,
Imperva |
 |
Live Hacking Demo: Understanding Web Application & Database Attacks
This is a Web Application and Database hacking demonstration on a live web site that was created specifically for this purpose. For the first portion of the presentation we will be involved in an in depth discussion and training of application and database vulnerabilities. This discussion will include many real life examples of penetration tests that we have conducted. The attack training that we will be conducting was designed to increase people's awareness of inherent design flaws found in the majority of today�s applications. We demonstrate things such as SQL Injection, Cross Site Scripting, Discount Cookie Poisoning, direct database attacks and several other application and database attacks.
Dan Carcone is a Director at Imperva, Inc. Mr. Carcone has 19+ years experience in penetration testing and securing information systems from unauthorized intrusion and attacks. He first worked as Security Testing Engineer at Bell Telephone Companies Security consulting group in 1987 specializing in UNIX systems. Since then Mr. Carcone has worked at numerous fortune 1000 companies and software vendors, providing consulting to companies how to protect their most valuable information assets. Mr. Carcone has been a feature presenter in several computer security videos and widely quoted in the world of network and application/database security.
|
| Matt Carothers |
 |
The End of Spam
This presentation details the complex series of events required to deliver a spam email through a trojan botnet, identifies the weakest links in the system, and describes new methods to attack them.
Matt is Cox Communications' recognized expert in the area of customer security and key to many product initiatives supporting Cox's "Trusted Provider" strategic goal. Matt plays an instrumental part in the creation and architecture of significant components of the Customer Security platform. In addition to providing that expertise inside Cox, Matt participates in multiple groups and forums to the benefit of Cox and the internet as a whole. He is frequently called upon to speak to the media and presents at cable and security industry events as a subject matter expert. Matt has nearly 10 years experience in the field of information security. Prior to joining Cox in 2001, he studied Computer Science at the University of Oklahoma.
|
Aaron Cohen,
Foreground Security |
 |
Security for Social Networks
The decision to allow social media technology is a risk based decision, not a technology based decision. The goal of the IT organization should not be to say no to Social Media websites and block them completely, but to say yes, and how do we do that in a secure manor? Foreground Security will offer some ways to tighten up security around SNS and get the most functionality and security from social networking sites.
. | |
