Keynotes

Special Q&A with David Sanger

In this special Q&A with David Sanger, we've provided a sneak preview of what's in store at the Information Security Summit.

Q. Gartner: What's the state of collaboration between the government and private enterprise in working to deter and detect cybercrime?
A. Sanger: Collaboration is still minimal. Bureaucratic suspicions, classified programs and old ways of doing business have all gotten in the way. But the outlook is improving, as the private sector will play a bigger role in shaping the cybersecurity strategy.

Q. Gartner: Which threats could easily blindside us?
A. Sanger: What worries American intelligence officials most is the malicious code hidden deep in our infrastructure - sleeper programs. Understanding how many of these are state-sponsored, state-tolerated, or simply the work of creative hackers is critical, because it alters how you design a deterrent.

Q. Gartner: Will cybersecurity threats significantly change over the next two years?
A. Sanger: Unlike nuclear threats, cyber threats are in constant state of mutation. They change to fit the environment; the firewall you build this year may look like a speed-bump next year.

To hear more from David Sanger click here to read this NY Times Article US Steps Up Effort on Digital Defenses.

• David Sanger
• Author and Journalist
• Read Bio
  
  Chief Washington Correspondent for The New York Times David E. Sanger writes compelling front-page analyses from the White House and around the globe that explain the most complex events of our time.
  
  For over two decades as a Times correspondent, including six years as Chief White House Correspondent, Sanger has become known as one of the nation's most lucid analysts of foreign policy, national security and the politics of globalization. His years as a foreign correspondent give him a unique view into the rise of Asia, the jockeying for power among rising and established nations, and nuclear proliferation. He has twice been a member of Times reporting teams that won the Pulitzer Prize, and his reporting on Iraq and the North Korea nuclear crisis won the Weintal Prize, one of the highest honors for foreign policy coverage.
  
  Sanger's New York Times bestseller, The Inheritance: The World Obama Confronts and the Challenges to American Power (Jan. '09), is an examination of the challenges that the tumultuous events of the past eight years have created for the new president.
  
  Sanger's engaging, articulate style has made him a regular on television including Washington Week, Charlie Rose, Face the Nation, and a variety of National Public Radio shows. A member of the Council on Foreign Relations, he is a graduate of Harvard College.

• Christopher Painter
• Director of Cybersecurity
• National Security Council
• Read Bio
  
  Christopher Painter currently serves as a Director of Cybersecurity at the National Security Council and was part of the team that wrote the President's 60-Day Cyberspace Review. Mr. Painter has been a leader in cybercrime and cybersecurity issues since 1991. From 1991-2000 he was a Federal Prosecutor in Los Angeles specializing in high tech crime prosecutions and was responsible for the investigation and prosecution of some of the most high profile computer crime cases in the country - including the prosecution of notorious computer hacker Kevin Mitnick, the prosecution of the first Internet securities fraud cases, and the prosecution of the "mafiaboy" distributed denial of service case that involved attacks on Yahoo!, Ebay, CNN and e-commerce sites. From 2000-2008 he helped lead the Department of Justice's Computer Crime and Intellectual Property Section. In that role, he supervised the Department's national case, legislative, international engagement and policy efforts. He has chaired the cutting edge G8 High Tech Crime Group for nearly eight years and, in that role, expanded the G8 24/7 High Tech Crime Point of Contact Network to over 50 countries and chaired a high level meeting on Critical Information Infrastructure Protection that resulted in a set of foundational CIIP Principles that were later adopted by the United Nations General Assembly. He also served as the co-chair of the National Cyber Response Coordination Group and a founding member of the National Cyber Study Group. Mr. Painter has made numerous presentations to government and private sector groups throughout the world, has testified before Congress and has appeared on 60 Minutes, CNN, ABC, the BBC and other media.

Speakers

Conference Chairs

• Vic Wheatman
• Managing VP
• Read Analyst Profile

Each year, the challenge is to provide something new. This year, we've done that with a summit oriented around you, the information security professional, within the context of tough economic times. While we have our usual technology-oriented content and data to help you evaluate solutions, we also have critical sessions on the softer skills you need for success, and the methods you need to demonstrate value to insure your survival and growth in the job.

• F. Christian Byrnes
• Managing VP
• Read Analyst Profile

The economy pushes all of us toward efficiency at a time of increased threat. At the same time the security profession is at a transition point as we all learn to deal with business issues in addition to the ever changing technologies. Use this as a time of opportunity! Prepare yourself for your next career step. The economy will turn around (soon, we all hope), so be ready. The Gartner security and risk team is focused on keeping you ready for everything. This Security Summit is a high speed update to prepare you for your next step.

• John Pescatore
• VP Distinguished Analyst
• Read Analyst Profile

Case Studies

Integrating Security into ITILv3 Strategies: Case Study and Best Practices
Tom Scholtz, Gartner

ITLv3 takes a life-cycle view of service management, as opposed to the functional approach of previous versions. While this is a major improvement, it does have major practical implications on IT security, risk and compliance strategies. This presentation addresses:

• What's new in ITILv3, and how does it impact security management strategies?
• How has a multinational organization integrated their security and risk management program into their ITILv3 program?
• What are the best practices in using ITILv3 to align security and service management strategies?

A Day in the Life of a Forensics Investigator
Jeff Miller, Eaton Corp.

This session examines the rapidly growing field of computer forensics and its application in the private sector. The case study presented illustrates how one manufacturing company created an internal center of excellence for computer forensics, the steps used to develop an internal investigation process, and tool selection for conducting their investigations.

• How and why should enterprises approach computer forensics?
• What tools are available for enterprise forensic investigations?
• What is the relationship between computer forensics and e-discovery?

Case Study Interview: How General Dynamics Built Effective Security Governance
Tommy Augustsson, CIO, General Dynamics

An enterprise-wide information security governance board can improve security risk management in even the most complex environments. The most critical elements are senior-level commitment, enterprise-wide involvement and explicit accountability. General Dynamics addresses security risks via a highly advanced Information Security Review Board, with those elements represented from across the entire company.

• How did General Dynamics' Information Security Review Board (ISRB) establish an effective overall standard of security governance across a highly distributed set of primarily autonomous business units?
• How do you secure senior-level commitment and accountability?
• How can you organize governance function with representatives from many different disciplines and many different business units and organizations?

Effective Enterprise Single Sign-On (ESSO) Implementation
Mark Eggleston, Manager, Security and Business Continuity, Health Partners of Philadelphia, Inc.

There are many different methods of enabling single sign-on within an organization. Choosing the method that is best for your organization requires careful consideration and knowledge of not only your applications but also your users. Effective strategies and best practices in SSO architecture, how to meet specific HIPAA security regulations, methods for self-service password reset and provisioning will be presented, to include some lessons learned to help your SSO implementation succeed.

Top Ten Security Lessons I Learned in the Implementation of SOA for a Large Enterprise
Tom Ray

Since 2004, Tom Ray has been implementing a services oriented approach at Washington Mutual Bank as its SOA Security Architect. In that timeframe the company has successfully rolled out numerous internal/external services across its Credit Card, Commercial and Retail business units, enabling secure banking in and across each. In this session, Tom will share some of the key insights and experiences gained by the business along the way and shed some light on the critical technologies involved:

• 24x7 availability
• Continuous operations
• Business continuity management

• Tom Scholtz
• Research VP
• Read Analyst Profile

View All Keynotes/Speakers