|Date:||6 November-8 November 2003|
|Location:||New England, USA|
|Organizer:||New Leaf Productions|
Registration is limited to one hundred and fifty (150) Chief Executive Officers, Chief Information Officers, Chief Technology Officers, Chief Security Officers and other chief executives concerned with corporate security.
Each session will focus intensely on one of the four main areas of corporate vulnerability-and give participants time to reflect on their own company's preparedness in that area:
1) People, Policy and Processes: Unsuspecting employees are the biggest danger to corporate security and the number one target for a savvy attacker. In addition, most corporations have a tenuous, at best, link between their security policies and business processes. This weak or non-existent link provides ample room for an attacker to gain unauthorized access. Mr. Mitnick will provide his insight on this often overlooked, yet highly dangerous, area of vulnerability and offer specific guidance on the ‘red-flags’ to look for and ways to protect your company’s critical information assets.
2) Physical Corporate Security: In the wake of 9/11 and increased sensitivity to anything out of the ordinary, one might think that physical corporate security is a given. Nothing could be further from the truth. This portion of the agenda will highlight security flaws, illustrate the magnitude of the danger, offer concrete steps to bolster physical security and offer strategic guidance on implementing safeguards. Many corporations are joining their corporate security units and cyber-security counterparts into an overall enterprise protection program. How effective would this strategy be in your environment? In addition, the link between this area and the ‘People, Policy and Process’ area will be clarified and specific tools and techniques will be shared for mitigating the related risks.
3) Application and Database Security: Most corporate systems that are connected to the hostile Internet offer web services to advertise their products and services. The attackers often target these web services looking for vulnerabilities that exist in third-party applications or databases that can be used to compromise the confidentiality, integrity or availability of customer information. With increased demand by customers, remote employees, suppliers and business partners to share mission-critical information via web services, the risks have exponentially increased. Delegates will be briefed on today’s most pressing application and database security risks and provided with an extensive, strategic toolkit to help them safeguard their intellectual capital.
4) Network and Telecommunications-with special emphasis on Wireless Network Security: The ubiquitous nature of the Internet and the shift to a virtual work environment has created a nightmare for network security. With increasing numbers of remote workers and a spike in affordable, portable computers and connectivity devices, web-based access to sensitive corporate data is a commonplace activity. Unfortunately, this everyday activity and its associated productivity gains are accompanied by substantial risks. Compounding these risks is the proliferation of mismanaged wireless networks that creating a gaping hole in the security of the network, and, as a result, once reasonably-protected information is now highly vulnerable. A corporation’s telecommunications (private branch exchange/pbx) system is another attractive target for security breaches. Once an attacker knows gains knowledge of the enterprise’s private telephone system, he or she can wreak havoc by placing outgoing calls, intercepting voicemail, creating voicemail boxes and identifying analog lines that are equipped with a dial-up modem. Delegates will be briefed on the current challenges to network and telecommunications security and offered a strategic look bolstering their corporate defenses and incident response plans.
- DefCamp 2014
Organized by Cyber Security Research Center - 25 November - 29 November 2014
- Healthcare Cyber Security Summit 2014
Organized by SANS - 3 December - 10 December 2014
- (ISC)2 Security Congress EMEA 2014
Organized by (ISC)2 - 8 December - 10 December 2014