|
Symposium Speakers:
Keynote: Margaret E. Grayson AEP Networks President of AEP Government Solutions Group and Executive Vice President of AEP Networks; member of the National Infrastructure Advisory Council (NIAC) Abstract: Keynote: Beyond Sarbanes-Oxley: The Challenges of Securing Cyberspace Margaret E. Grayson, President, AEP Networks Government Solutions Group
And, while the issues surrounding corporate compliance and its link to security are complex, they pale in comparison to the dynamics involved in securing cyberspace, with its community of consumers, citizens, corporations, education and government organizations, and its seemingly “borderless” multi-national participation. What can and should reasonably be done to facilitate the securing of cyberspace? This presentation will address the benefits and the challenges associated with compliance, and will consider the larger question of securing cyberspace. BIO: Margaret E. Grayson is the President of AEP Government Solutions Group and Executive Vice President of AEP Networks, a specialist in providing secure networking, application access, and information sharing solutions, and a pioneer in the development of Internet cyber security protection. Ms. Grayson is a member of the National Infrastructure Advisory Council (NIAC) serving at the request of President George W. Bush. http://www.dhs.gov/dhspublic/interapp/editorial/editorial_0353.xml She is also a member of the Potomac Officers Club and has been named to Maryland’s Top 100 Women for her professional achievements and contributions to the community. Ms. Grayson is on the Board of Directors for the Montgomery College Foundation, the Dean’s Advisory Council for the School of Management at the State University of New York, and the Advisory Board for the Center of Excellence in Information Assurance at SUNY Buffalo. She holds an M.B.A from the University of South Florida and a B.S. in Accounting from the State University of New York at Buffalo. Ms. Grayson served as President of V-ONE Corporation, before it combined with AEP Networks in 2005. Prior to joining V-ONE, Ms. Grayson served as Vice President and then CFO for SPACEHAB, Inc, and Chief Financial Officer for CD Radio, Inc. in Washington DC, an early entrant in the satellite radio mobile communications market. Previously, Ms. Grayson served as a senior executive and consultant to high tech start-up companies. She was principal financial advisor for raising private and public financing, investor relations, structuring and negotiating joint ventures and completing five successful acquisitions, both domestic and international. Ms. Grayson has published a number of articles on security and the protection of cyberspace, and is a frequent speaker on topics such as corporate risk management, information assurance, enterprise network security, secure mobile and satellite communications, and government law enforcement information sharing for homeland security.
Citadel Information Group, Inc. Stan Stahl, Ph.D., President, Citadel Information Group, Inc. Robert Braun, Esq., Partner Jeffer, Mangels, Butler & Marmaro LLP Abstract: An Emerging Information Security Minimum Standard of Due Care This article examines the emerging body of law surrounding an enterprise’s responsibility for securing information, together with the emerging body of information security management principles and practices for doing so. Seven key information security management elements are identified which we believe constitute an information security minimum standard of due care. Enterprises failing to implement these seven management elements could face significant legal exposure should they suffer a security breach resulting in damage to a 3rd-party. BIO: Stan Stahl, Ph.D. is President of Citadel information Group, an information security management services firm. An information security pioneer, Stan's career began 25 years ago on a wide-range of advanced projects for the White House, the different military branches, the National Security Agency, and NASA. Stan serves as Vice President of the Los Angeles Chapter of the Information System Security Association. He is a frequent speaker and writer on information security. He earned his Ph.D. in Mathematics from The University of Michigan. Robert Braun, J.D. is a partner in the law firm of Jeffer, Mangels, Butler & Marmaro LLP. Bob's practice, spanning more than 20 years, focuses on corporate, finance, and securities law with an emphasis on emerging technologies, financial institutions, healthcare business transactions, and hospitality businesses. Bob counsels clients on regulatory, corporate, and strategic functions, including national and international matters. Bob has extensive experience in electronic privacy, ecommerce, software development and licensing. He received his J.D. from UCLA.
Keynote: Joanne McNabb, Chief California Office of Privacy Protection Department of Consumer Affairs Abstract: California is nationally recognized as the leader in privacy protection. In addition to a constitutional right to privacy, over fifty laws on privacy and identity theft passed in recent years are serving as models for other states and for the federal government. Yet hardly a week goes by that we don't hear of a security breach that exposes thousands of people to the risk of identity theft. How effective are these laws in protecting the privacy and confidentiality of personal information? BIO: Joanne McNabb is Chief of the California Office of Privacy Protection. Created by legislation in 2001, the first-in-the-nation Office is a resource and advocate on identity theft and other privacy issues. In addition to providing information and education for consumers, the Office also publishes privacy practice recommendations for business and other organizations. McNabb is co-chair of the International Association of Privacy Professionals’ Government Working Group and a member of the Privacy Advisory Committee to the U.S. Department of Homeland Security. Before starting up the Office of Privacy Protection, McNabb had over 20 years experience in public affairs and marketing, in both the public and private sectors, including five years with an international marketing company in France. Her marketing background gives her an understanding of the commercial uses of personal information that have become a significant privacy concern. McNabb attended Occidental College and holds a master’s degree in Medieval Literature from the University of California, Davis.
April D. Robertson, MPA, RHIA, CHP Corporate Compliance Officer ChartOne, Inc.
Abstract:
HIPAA Privacy and Security COMPLIANCE
- How has HIPAA changed what we do? - What are the Covered Entity's compliance responsibilities? - What is PHI? - Key requirements for releasing PHI - Workforce training components - Auditing, monitoring and trending - Questions and Answers
BIO: April D. Robertson MPA, RHIA, CHP, directs the Corporate Compliance Office for ChartOne Incorporated. ChartOne is a national company with corporate offices in Burlington, Massachusetts. ChartOne’s on-demand solutions combine innovative Web-based technology with premier chart management services to provide an affordable answer to electronic medical record. Ms. Robertson spearheads internal and external HIPAA training, regulatory compliance and education efforts and also advises on HIM software product development requirements. Before joining ChartOne, Ms. Robertson has been an HIM director for a number of California healthcare organizations, including the Golden Gate Service Area of Kaiser Permanente, and Vice President of Ambulatory Services for the QuadraMed Corporation. Ms. Robertson holds RHIA, RHIT and CHP credentials, in addition to a Master’s degree in Public Administration and Health Services Administration. Ms. Robertson speaks nationally on the HIPAA Privacy and Security Rules, best practices for regulatory compliance and AHIMA’s E-HIM™ Vision. April is past president and director of the California Health Information Association, national chair of the vendor task force working on strategic initiatives for the 14th Congress of the International Federation of Health Records Organizations (IFHRO) which will be held in Seoul, Korea in May 2007, and a member of AHIMA’s 2005 Advocacy and Policy Task Force. Ms. Robertson is also an AHIMA Director serving a 3-year term.
Ernst & Young Kevin Moncrief Partner, Ernst & Young LLP West Coast Leader, Security & Technology Solutions-Los Angeles
Topic: New Technology & Compliance Keynote: Ken Kousky President/CEO of IP3, Inc. Speaker: Measuring, Tracking & Reporting Compliance Keynote: 9-11, Enron & Katrina Why Regulation Happens and What to Look Forward To BIO
Today Ken is CEO of IP3, Inc., an information security consulting firm, and is currently serving on the board of OpenUmbrella.org, a non-profit addressing market awareness and understanding of open source technologies. He is also on the advisory boards of several private IT companies. Ken received his Master's degree in Economics from the University of Pennsylvania in 1978. He also holds a Bachelor's degree in Economics and Urban Studies from Washington University.
Keynote: Mark Kraynak Director of Product Marketing Imperva
Abstract
Keynote: Breaking the Rules to Meet the Regulations: The Future of the Firewall
Audience target: CXOs, Security & IT Architects
Synopsis: Securing proprietary data and associated business applications is a critical component of most compliance initiatives, not to mention the need for companies to protect their customers from financial damage and their brand investments from reputation damage. This presentation reviews the requirements for data security implied by various regulations in the light of the difficulties posed by a changing threat environment in which attackers are increasingly focused on stealing valuable business data. We then proceed to suggest a new architecture for infrastructure solutions that meets the security challenges and automates the process of compliance auditing and reporting. We enumerate and demonstrate the characteristics that are needed in order to efficiently and effectively provide the technical components of regulatory compliance. BIO: Mark Kraynak is the Director of Product Marketing at Imperva. Before joining Imperva, Mr. Kraynak held marketing and consulting positions at Ernst & Young's Center for Technology Enablement, CacheFlow (now BlueCoat Systems) and Check Point Software Technologies. Mr. Kraynak is a regular speaker on application and database security and participates in industry efforts to define the role of application and database firewalls in security architectures.
Erik Friebolin Risk Management Consultant SiegeWorks International
Speaker: Risk Management Compliance Panelist: Will Regulation Slow Technology Deployment
BIO
Mr. Friebolin is a Risk Management Consultant with over 11 years experience in security auditing, policy and procedure, combined with technical proficiency in security related tools and hardware. Mr. Friebolin has experience with compliance audits for legislation such as Sarbanes Oxley and Gramm-Leach-Bliley. In addition, Mr. Friebolin has extensive experience in industry standard frameworks such as ISO17799/BS7799, and in IT audit practices utilizing CoBIT and COSO frameworks.
EDUCATION AND CREDENTIALS
Degrees/Certificates B. Sc Computer Science and Business Administration Florida State University, Tallahassee, FL M.Sc, Information Systems, (Cum Laude) Kennesaw State University, Kennesaw, GA
Certificate in Information Security and Assurance
Cenzic, Inc. Tom Stracener Sr. Senior Security Analyst
Abstract: You Have 15 Seconds to Comply: Easing the Cost of Web Application Regulatory Compliance Complying with state and federal legislation regarding the confidentiality, integrity, and availability of consumer data is a significant task, particularly when it comes to securing enterprise web applications against unauthorized use, misuse, and disclosure. The combination of highly generic legislation with one-size fits all security technologies results in a blur of requirements and solutions and no clear path of resolution. The goal of this talk is to discuss with specific examples how web application security scanners can be leveraged to ease the cost of compliance, where these technologies fit into the compliance process, and how existing technologies from other industries compare. BIO Mr. Stracener was one of the founding members of nCircle Network Security. While at the company he served as the head of vulnerability research from 1999 to 2001, developing the industry's first numeric vulnerability scoring system, and co-inventing several patented technologies. Mr. Stracener is an experienced security consultant, penetration tester, and vulnerability researcher. One of his patents, "Interoperability of vulnerability and intrusion detection systems," was granted in October 2005. Most recently he has been in the employ of Cenzic Inc., a start-up in the application security industry. At Cenzic, Tom serves as a Sr. Security Analyst heading up Cenzic's vulnerability research division and is the manager of Cenzic's SmartAttack library for the flagship product Hailstorm.
Ray Wizbowski Sr. Director Market Development ForeScout Technologies
Abstract: Policy Driven Compliance As regulatory compliance issues continue to escalate, the need to establish automated security controls becomes a top priority for network administrators. The challenge continues to be in finding the right controls and determining what technology investment will produce true compliance. In this session, we will discuss the challenge of synthesizing the needs of corporate security personnel with the role of auditors to ensure compliance and discover how policy can be the vehicle by which compliance is achieved. BIO: Ray has over 10 years of experience in strategically building and guiding a variety of high tech organizations. With a cross functional background, Ray has employed several business disciplines to help guide ForeScout Technologies to a leading position in the network access control and technical compliance industries. Prior to ForeScout, Ray held senior business development and marketing positions at MetiLinx, Positio Investor and Public Relations, and Action Foundation. In the course of his career, Ray has provided strategic counsel for several multinational companies including, Canon USA, Silicon Valley Group (acquired by ASML), Mitsubishi Electronics, and Motorola. In business development roles, Ray has built partnership frameworks which included such companies as Microsoft, Nokia, Red Hat, Sun Microsystems, and VMWare. Ray holds a BA in philosophy and intellectual history from Fresno Pacific University.
Jeff Sanchez Director, Los Angeles Office Protiviti Abstract:
Developing and Auditing an Information Privacy Program Customer Information Privacy has become a top concern for many companies as more than 100 public disclosure of privacy breaches have occurred in 2005. This presentation will review the history of privacy objectives and will concentrate on the processes both to develop and implement a privacy program as well as the steps one should take to review or audit such a program. BIO: Jeff is a Director in Protiviti’s Los Angeles office. He joined Protiviti in 2002 after spending 10 years with Arthur Andersen’s Technology Risk Consulting practice. Jeff has participated in technical consulting and audit projects primarily in the Hospitality/Gaming, Financial Services, and Retail industries. Jeff leads Protiviti’s West Coast Privacy and Payment Card Industry Data Security Standard compliance practice. In the last 12 months Jeff has led privacy assessment projects for 6-7 companies including multiple Fortune 500® companies and some of the largest sub-prime lending companies in the region. Jeff has conducted numerous technical training courses on Electronic Commerce, Wireless Security, and Sarbanes Oxley. For the last six years Jeff has concentrated on internal audits in technology areas. Jeff is a CIA, CISM, CISA, and PMP.
Keynote: John Patzakis Vice Chairman Guidance Software Abstract: Keynote: Computer Investigations: A Key Element to Compliance Sarbanes–Oxley, GLBA, FCPA and other legal mandates have brought corporate America new requirements for having an enterprise computer investigation infrastructure that is effective, reliable, and non-intrusive. We will focus on how enterprise computer investigations map to numerous compliance requirements, providing a multi-faceted capability for incident response, internal investigations, and regulatory and legal compliance.
Keynote: John B. Furay V Special Agent and Electronic Crimes Special Agent (ECSAP) United States Secret Service Los Angeles Field Office Electronic Crimes Task Force
Abstract:
Keynote: Emerging Trends in Electronic Crimes and Privacy Panelist: Future of Privacy Discussion will focus upon the emerging trends and developments of criminal enterprises in the area of electronic crimes. The discussion will also address the global impact that these crimes have and their effect on privacy. BIO: John graduated from the Federal Law Enforcement Training Center’s Criminal Investigator’s Training Program and the United States Secret Service Academy in Beltsville, Maryland, and has also successfully completed the Federal Law Enforcement Training Center’s Basic Computer Evidence Recovery Training (BCERT) and the U.S. Secret Service’s Electronic Crimes Special Agent Program (ECSAP). John presently serves on several Secret Service Headquarters’ Project Committees in the Electronic Crimes and the Electronic Crimes Task Force Program. These projects pertain to the following:
John is currently assigned as a Special Agent and Electronic Crimes Special Agent (ECSAP) with the United States Secret Service, Los Angeles Field Office’s Electronic Crimes Task Force. As a Special Agent in the U.S. Secret Service and also as an Electronic Crimes Special Agent (ECSAP), John has testified in criminal cases in the Superior Court of the State of California both as a case agent and as an expert in criminal computer forensics, along with testifying on numerous occasions before Federal Grand Juries.
Jay Foley Co-Executive Director Identify Theft Resource Center Panelist: Future of Privacy BIO:
 Jay Foley is the co-founder/director of the Identity Theft Resource Center, a nationwide, nonprofit identity theft program located in San Diego, California. The ITRC was established in 1999 in response to the growing need for victim assistance and public empowerment caused by the explosive rise in identity theft crime rate. As the spouse of an identity theft victim, Foley understands the practical and emotional complexities of this crime. Since 1999, he has assisted thousands of victims via email and telephone.
As ITRC’s primary criminal justice contact, he has received great support and accolades from members of law enforcement across the country who frequently refer victims to him for assistance. Foley currently sits numerous law enforcement, governmental and legislative taskforces, including JAG and has testified at legislative hearings in various states and in front of Congress. Foley is also a popular presenter and trainer. He has also appeared on many major television news shows, quoted in most major newspapers and radio stations around the country. Jay Foley’s background includes over 20 years in project management, customer service training, sales and database management. His experience in the US Navy and study for his MCSE and MCDBA certificates has proven to be invaluable in understanding the computer’s role in this crime, possible solutions and in anticipating future trends. He is a recipient of the 2004 Crime Victims Service Award presented by the U. S. Attorney General for the Department of Justice and commendations by Senator Dianne Feinstein and former CA Governor Gray Davis.
PANELISTS: Auditorium Will Regulation Slow Technology Jack Furay, U.S. Secret Service, Electronic Crimes Task Force Jovo Manojlovic, Cimcor, Director of Marketing Erik Friebolin, SiegeWorks, Risk Management Consultant
Careers Ken Shotting, NSA, Technical Director Fred Gallegos, Cal Poly Pomona, Professor Seth Cox, Protiviti, Associate Director
Future of Privacy Jack Furay, U.S. Secret Service, Electronic Crimes Task Force
Encase Labs – Guidance Software (Main Campus) Nick Ringold
|
Regulation
has the power to impact every aspect of internal corporate affairs, from
corporate governance to privacy to business practices and standards. Certainly
regulation has had a significant impact on the security of corporations’
IT infrastructures and the way in which information is protected. A recent
survey of enterprise executives, including IT and security professionals,
found that regulations like Sarbanes-Oxley have helped to make networks
more secure by compelling IT departments to tighten their user policies
and strengthen their access controls, data protection and damage recovery
technologies. At the same time, there are significant issues with the
costs and resources necessary to implement regulatory compliance, the
lack of specific implementation guidelines within the regulations, and
the undue impact regulations can have on small businesses.
Ken
Kousky is a veteran of the IT software and services
industries. Few individuals are able to blend
such a broad range of experience and expertise as an
executive (he was CEO of a
public
company for six years), as an educator (he's taught at the
University of Pennsylvania and Washington University in both
the School of Engineering, the School of Arts & Sciences and
the Business School as a teaching fellow, adjunct professor,
and as Director of the Center For Communications and Network
Management) and as a technologist (he's been a software
industry executive and holds a CISSP, Certified Information
Systems Security Professional). His years of experience as
both an educator and an entrepreneur (recipient of an
Entrepreneur of the Year award) are reflected in his
business and professional accomplishments. He is a
visionary in the computing technology, education and
marketing industry with three successful start-ups, two
major mergers and an IPO under his belt. 