Tracks & Sessions TRACK A Acquiring Information Security - These sessions aim to put you on a firm footing for buying information security products and services. This track covers: When to outsource security Contract negotiation tricks The marketplace and how it's changing How to scope upcoming network security technology, which can offer a better ROI than today's solutions How to address windows security TRACK B Implementing Information Security - This track looks at the approaches necessary to building safe and sane security strategies, including sessions on: Security architectural building blocks Implementing secure remote access policies Addressing web services security Identity, authentication and access control The role of smart cards in information security TRACK C Managing Information Security - Topics include: Business Continuity Planning - just in case Managing secure Email Systems while fighting viruses and SPAM Business application security - what's in the package and what needs to be added? Trust in outsourcing arrangements and what about BASEL II? TRACK D Sector5 Track - Protecting the Critical Infrastructure. SECTOR5 has gathered the top minds in information security from commercial, industrial and government agencies. You'll have the opportunity to work with these experts and your industry peers to determine the best sector-specific approaches to security initiatives. Discussion areas will include: Authentication, biometrics and identification Intrusion detection, viruses and forensics Crisis response Security and privacy Governmental roles in defence of cyberspace (P2)Gartner Plenary: The Information Security Scenario - from the Board Room to the World Victor S. Wheatman, Managing Vice President, Information Security and Risk, Gartner Enterprises secure their systems with firewalls, intrusion protection and anti-virals. Breaches increase with the threat of dedicated and politically motivated hackers. Ensuring security is a constant challenge as standards change. How do new technologies make you vulnerable? What solutions are available? Which technologies have failed expectations and which are geared for productivity? (P3)Keynote Speaker - Dame Stella Rimington - Intelligence, Counter Espionage and Information Security Dame Stella Rimington, Former Director General of MI5 First women to become Director General of MI5. Educated at Edinburgh University and Liverpool University, Dame Stella started her career working part-time for MI5 at their office in New Delhi, India. She became Director General of MI5 in 1992 and led the Service's counter-espionage work in the closing days of the Cold War. In the late 1980's she was in charge of the Service's work against international terrorism. (P4)The Critical Information Security Issues: A Challenge Panel. Computer Associates & Schlumberger, Victor Wheatman, Research VP and John Pescatore, Research VP, Gartner Top information security provider professionals face hard questions from Gartner interlocutors and audience participants on the state of the information security market, the reality of modern day threats to industry and enterprise infrastructures and the path forward towards new configurations, new service offerings and relevant technological advancements. (P5)Gartner Plenary: What Not To Bare! Unfashionable Practices to Avoid When Implementing Wireless and Mobile Security John Pescatore, Research VP and John Girard, Research VP, Gartner Today's mobile and wireless workers expose so much of their private information to the public, that there ought to be a law! Actually there are laws, but most enterprises find it hard to cover up their data in daily activities. The "Wireless Brothers" head into new consulting realms - aided by their audience, video interviews and other multimedia, present an entertaining session on mobile and wireless security, following users and advising them on ways to improve their data connections while reducing their scandalous data exposures. And of course they will address the tough questions: What risks face users of Wireless LANs and what are the solutions? What is the status of wireless security standards? How should enterprises approach vendor lock-in versus open standards in wireless security? (A1)European Managed Security Service Providers Khalda Parveen, Analyst and Alain Dang Van Mien, Principal Analyst, Gartner. Enterprises now recognise the value of outsourcing security. However, consolidation among security vendors has resulted in uncertainty. What does consolidation mean for the European security market and who will be the dominant vendors? What are the key criteria for choosing managed security services? What do enterprises that turn to managed security look for? (A2) The European Security Market Fabrizio Biscotti, Research Analyst and Alain DangVanMien, Research Director, Gartner How will the worldwide information security market change in the next three years? Who will win? What will be the key strategies? How will the information security marketplace shake out by 2007? What elements of the marketplace are safe for investment ? How will Europe and the US shape up in European IT security? (A3)Intrusion Prevention and Security Platforms John Pescatore, Vice President and Research Fellow, Gartner A sea-change in security is happening. New security platforms will provide management of multiple systems at wire speed. How will inline-network intrusion prevention and deep packet inspection firewalls work? When should an enterprise outsource and when should the function be in-house? Who are the market leading providers and what is their strategy? (A4) How to Save a Million Euros Negotiating Security Software Licensing Jon Mein, Research Director, Alexa Bona, Principal Analyst, Gartner. The cost of security software is at least 50% determined by contracts and usage rights in licensing agreements. Specific terms can have a profound effect on TCO. Why should you be concerned with terms and conditions? What terms can lower TCO of security software? Where are the 'Gotchas' in negotiating a security software licence? (A5)Evaluation Anti-Spam Products and Services Anthony Allan, Ph.D research Director, Gartner What are the economics of spam? What steps should enterprises take to minimize spam's impact? How can industry groups and legal bodies effect change? What tools and services are available to fight spam? (A6)Enterprise Security Strategies for Windows John Pescatore Gartner Research Fellow Viruses, worms and hacking continue to pound Windows PCs and web servers. Microsoft has tried to react by promising "Trustworthy Computing". Will Microsoft's initiative change how enterprises secure Windows? Will emerging wireless, XML and Web Services affect PC and server security? Will Windows security be implemented in homogeneous and heterogeneous environments? (B1)Information Security Architectures and Organisational Structures Ray Wagner, Ph.D, Research Director, Gartner The Internet, B2B and mobile workers extend the enterprise while increasing security risks. Web, wireless, content management and other technologies bring further risk. The focus on information security is challenging organisations. Who should manage it? How much to spend? What drives new architectures? How can new architectures minimise risk? Who makes it work? (B2) Policy Issues in Remote Access John Girard, Vice President and Research Director, Gartner Many remote access programs are not legally compliant. Bad practice grows as global enterprise proliferates. The challenges of remote access are cultural and policy-driven. How do you establish consensus on global working practices? Will distributed workforces change employee legislation? What challenges are created by pervasive computing? How will you face these issues while governments move goalposts? (B3)Security for the Web Services Enabled Enterprise Ray Wagner, PhD. Research Director, Gartner XML, SOAP, UDDI, SSL, PKI, DCE: web security issues aren't new. Availability, Authentication, Authorisation, Privacy, Non-repudiation, Audit - we've seen them all. The simplicity of web services masks the complexity of providing true security. And web services will continue to bring new challenges. How should they be secured? Which security programmes succeed? (B4)The Identification and Authentication Spectrum Victor S. Wheatman, Managing Vice President, Gartner There are many ways to authenticate users, from password and user ID to iris recognition and other biometrics. We assess each on the basis of risk, cost and user acceptance. Which techniques are best for enterprise use? What inhibits acceptance of PKI and digital certificates? Which biometrics are likely to be cost-effective to 2007? (B5)Smart Cards, RFID and Information Security Clare Hirst., Analyst, Gartner The potential and versatility of smart card projects are well-established. However, there are alternatives, and implementing secure smart card projects is not always easy. What should enterprises consider in their IT security hardware buying decisions? What benefits can smart cards offer for IT security? What are the alternatives to smart cards for enterprise security? (B6)Implementing Identity and Access Management Anthony Allan, PhD., Research Director, Gartner Managing user accounts and privileges isn't getting easier. Directories don't provide all needed features for well-managed security. We discuss how user accounts and privileges can be better managed, the relationships between directories, single sign-on and employee provisioning... How will changing environments affect security? What best practices ensure well-managed, secure administration? (C1)Enterprise Risk Management - Do You Feel Lucky Simon Mingay, Research Vice President, Gartner Over the next five years, enterprise risk management will change substantially because of legislative, environmental, business and technology factors. We look at the effect on the IS organisation and how the enterprise should implement enterprise risk management. (C2)Fighting Back through Anti-Virals and Spam Blocking Arabella Hallawell, Research Director, Gartner Email is not the only vector for malicious code. CodeRed and Nimda showed how weak AV defences are against hybrid worms. Gartner's AV analysis exposes the threat of malcode and examines worms that bypass email and gateways. How is the AV scenario changing? How are vendors responding? What improvements are being made in signature response times? (C3)Business Continuity Planning Trends and Best Practices Simon Mingay, Research Vice President, Gartner Post 9/11, how will enterprises mitigate risks of business process interruption? What processes and tools are needed to protect critical applications? How will business continuity services market evolve? (C4)Business Application Security and the Impact of Operational Risk Management Alain DangVanMien, Research Director, Gartner Business applications such as those from SAP, Siebel and Oracle bring potential security vulnerabilities. Enterprises that assess risk and breach avoidance reduce exposure to threats. What role will legislation such as BASEL II and standards such as ISO 17799 play? How do vendors address business application security? What methods achieve adequate security for business applications? (C5) Trust Issues in Offshore Outsourcing Ian Marriott, Research Director, Gartner Enterprises often find outsourcing contracts disrupted by political, social and military events. We assess risk, explore case histories, investigate scenarios and suggest solutions. We cover geo-political risk, business continuity planning and risks associated specifically with offshore outsourcing. We also focus on IP protection, data security and software piracy in potential offshore destinations. (C6)Securing Email, Privacy and Monitoring Employee Behaviour - Legal and Technology Issues Arabella Hallawell, Research Director, Gartner Approaches to securing email include S/MIME, PGP and staging servers using SSL. But once email is encrypted, how does the enterprise monitor communications for inappropriate use? What laws protect individual and employee privacy? What about all that spam? We examine best approaches to secure email, content scanning technologies, spam and how to block it. (D1)Policies for Critical Infrastructure Protection Andrea DiMaio, Research VP, Gartner Critical infrastructure protection is achieved through a combination of policies, regulations, R&D and industry guidelines. Governments and industry must choose from several CIP policy options. (D2)Government Defenders of Critical Information Infrastructure Moderator: French Caldwell, Research VP, Gartner Panelists: Mike Todd, Program Director, BT Information Assurance, Andrew Sleigh, Managing Director, Kl Systems QinetiQ and Dr. Nigel P. Brown, Civil Contingencies Secretariat, Cabinet Office A multi-national strategy to secure cyberspace is not near reality, but the issue of a common defence in cyberspace raises questions for the role of governments, inter-governmental bodies and industries. This concentration will examine the implications of different publ8ic sector approaches to a common defence in cyberspace. (D3)CIP for Networks and the Internet Moderator: Andrew Rolfe, Principal Analyst, Gartner Panelists: David Harcourt, Head of IP & Data Network Security, BT Wholesale, Richard Cross, Information Security Officer, Toyota Motor Marketing Europe, Paul Simmonds, Global Information Security Director, ICI, Mark Stevens, CTO, WatchGuard and Dr. G. Robert Malan, CTO Arbor Networks How can user systems and connected data and voice service provider's infrastructure be protected from intrusion and denial-of-service attacks. What new tools and techniques are available? How far is the responsibility for such protection shifting from systems and servers, towards the network infrastructure and "in the cloud" security services? (D4)Society and CIP Moderator: Arabella Hallawell, Research Director, Gartner Panelists: Mark Elliott Plotkin, Partner, Covington & Burling, Simon Watkin, Senior Policy Advisor, Covert Investigation Policy Team, Home Office and Jeremy White, Security Consultancy Manager, UK Security Practice, Logica CMG One of the fundamental questions for public policy is how are surveillance and protection balanced with individual privacy? As technology advances, so do the opportunities to use and misuse private information. (D5) CIP for Financial Service Moderators: AnneMarie Earley, Managing VP, Gartner Research and Peter Redshaw, Principal Analyst, Gartner Panelists: Robert Fletcher, Director, Group IT Risk & Security, Barclays, Jeremy Youngman, Managing Consultant, IT Security, Norwich Union, Gert Engman, Group Executive Vice President, Swedbank and BrendanPickering, Head of IT Security, HSBC Bank No information available at this time. (D6)Coordinated Crisis Response Moderator: Simon Mingay, Research VP, Gartner Panelist: Ken Paul, Director of Group Crisis Management, BP, Howard Monks, Head of Audit, IT & Systems, Group Audit, Lloyds TSB Group and John Sharp, CEO, Business Continuity Institute Disasters, both natural and contrived, will happen. Often, people and businesses look to the first responders to forestall the effects and to begin rescue and recovery. In order to do so, they must be the best prepared to recover. Interoperability and decision support are critical components of effective response. (D7)The Critical Infrastructures of CIP French Caldwell, Simon Mingay, Andy Rolfe, Arrabella Hallawell and Annemarie Earley. In this final panel, Gartner analysts will share the critical lessons learned from all of the Sector 5 panels. VSP INFORMATION: (VSP 1) IBM -Addressing New Security Challenges Speaker: Nick Coleman, Head of Security Services at IBM Exploring the key emerging challenges such as identity management and access control, and their requirement for solid, robust and resilient infrastructures. (VSP 2) Network Associates - Go on the Security Offensive with Intrusion Prevention! Learn How Leading IT Organisations are Using proactive Security to Balance Security, Availability and Cost. Speaker: Amanda Jobbins, VP of EMEA Marketing and Field Operations at Network Associates Exploiting security vulnerabilities has never been easier. On 25th January 2003, SQL Slammer infected over 5000 servers around the world in UNDER THREE MINUTES. With even more devastating third generation threats around the corner how will you defend yourself? In this informative session Amanda will discuss how other senior IT executives are taking the critical step of blocking threats rather than just detecting them, an approach that can avoid attack recovery costs while reducing operational costs. Amanda will review how to balance security, availability and management costs to ensure a proactive security defense. (VSP 3) PGP - What Would You Do if all Your Information Were Secure? Speaker: Steve Abbott, Vice President Worldwide Corporate Sales at PGP A radically new technology architecture and initial product will be unveiled -- changing how enterprises think about information security, yielding the highest level of regulatory compliance with improved user transparency and lower cost of ownership. (VSP 4) Computer Associates - Reducing Costs Through Security Management Speaker: Simon Perry, Vice President of eTrust solutions at CA Today's typical security infrastructure environment is costly and inefficient to manage. This session will demonstrate repeatable and valuable approaches and technologies for more efficient security management. (VSP 5) Sclumberger - Integrated Business Security: Experience Matters Speaker: Farrokh Abadi, VP of Global Security at Schlumberger Based on Schlumberger's broad experience, our innovative methodologies align security with business objectives to yield appropriate security solutions including conformance to ISO17799, whether applied to SCADA systems or the Olympic Games. (VSP 6) Symantec - Intelligence-Based Digital Defence Speaker: Richard Archdeacon, Director of Technical Services, Symantec Northern Europe Security is more complex than ever. Vulnerabilities and Threats are increasing, and the products to deal with them are proliferating. How can security managers respond more effectively? Is it possible that a community approach will provide real data from which relevant and timely security information and intelligence can be produced. Can we use this to develop a predictive rather than reactive approach to security management? (VSP 7) Netegrity - Securely Let Business In - Keep Risk Out Speaker: Andrew Lloyd, Managing Director Northern Europe, Middle East, Africa, Netegrity Discover how leading organisations increase security, empower their users and achieve greater efficiency with Identity and Access Management. (VSP 8) Microsoft - Building a Secure Platform Speaker: Steven Adler, Senior Security Strategist, Microsoft EMEA Since Microsoft's Trustworthy Computing initiative was launched in early 2002, security has escalated to the number one priority of the company. Steven Adler will present the strategies and tactics Microsoft has in place to help organisations get secure and stay secure, both for the short term and long term, including: Trustworthy Computing Defined Focus on the Issues: Microsoft's Strategy for Improving Patch Management Product Roadmap and Priorities (VSP 9) MessageLabs - The Evolving Trends of Spam and Viruses and What This Means to Your Email Security Speaker: David White, Technical Director, MessageLabs The threat from viruses and spam is changing; during this presentation you will see how these threats have increased over time and how they are now evolving to create an even greater risk to business. (VSP 10) NetIQ - VigilEnt Incident & Event Management Speaker: Chris Pick, VP of Marketing Strategy at NetIQ Achieve more effective and efficient real-time security incident management and reduce staff time by preventing intrusions as well as automating event detection, management and response. (VSP 10) NetIQ - VigilEnt Incident & Event Management Speaker: Chris Pick, VP of Marketing Strategy at NetIQ Achieve more effective and efficient real-time security incident management and reduce staff time by preventing intrusions as well as automating event detection, management and response.