Recorded Live:February 22, 2011
Click here to download this ISSA Web Conference
Click here to download presentation slides
Web Conference Overview:
Over two decades ago the US NIST came out with an advisory stating that one should put a banner setting the expectation level for privacy on a system. (ie. "XYZ Company reserved the right to monitor any and all communications, up to and including email”.)
The rationale was that one might violate federal laws and the rights of an individual attempting to access the system. This debate was held and resolved. However, with several aspects of consumerization, this debate is being raised again.
Questions like: How does one handle employee hardware in their environment? What privacy can a person expect on technology used for company and personal business? What are the responsibilities of cloud providers? Can an export occur in the cloud?
This session will attempt to address some of these questions while providing insight into this area.
Michael F. Angelo Chief - Security Architect, NetIQ
InfoSec vs Legislation – The Final Battle
Presentation Overview:With the revolutionary changes to business models, governments are stepping in to try and protect companies and their customers. These protections take the form of Legislation and Regulation. In addition there are a number of proposed Mandatory Certifications. Unfortunately, it is becoming increasingly easy for the InfoSec professional to unknowingly run afoul of them.
Speaker Biography:Michael F. Angelo, CRISC, is currently the Chief Security Architect for NetIQ and is the Chair of the ISSA Web Conferences Committee. He is a technical advisor to the US Department of Commerce and is the chair of the team working on security export controls. He has presented on the issue of legislative impact to corporate IT infrastructures at a number of conferences including the ESPP at the US RSA Conference. Amongst his many accomplishments, he is a former Staff Fellow at Compaq and HP with over 25 years in the security world; he has been a Sigma-Xi distinguished Lecturer; and was named Inventor of the Year for the City of Houston (with 51 granted patents in the area of security). His blogs can be found on the NetIQ Community site, RSA360 site, and on the SC Magazine sites.
Bill Connolly - Managing Director, Stroz Friedberg
Data Privacy: in the Workplace and Across the Border
Presentation Overview:As regulators and litigators increasingly look to Electronically Stored Information ("ESI”) to make their case, and the volume of ESI maintained by corporations continues to grows, it becomes increasingly difficult for companies, their IT professionals, and their lawyers to comply with data protection laws and at the same time protect their corporate interests. In this presentation, Bill Connolly will discuss data protection laws that affect lawyers, information security professionals, and the corporations they represent.
Speaker Biography:Bill Connolly is the Managing Director of Stroz Friedberg’s Boston office, where he actively supervises data breach, cybercrime, digital forensics, and electronic discovery projects for major law firms and corporations involved in civil, criminal, regulatory, and internal corporate matters. Prior to joining Stroz Friedberg, he served for seven years as an Assistant U.S. Attorney in the Criminal Division of the U.S. Attorney’s Office in Boston, most recently in the white collar fraud unit, where he investigated and prosecuted major white collar crimes and corporate fraud matters.
Hoyt L. Kesterson II - Senior Consultant, Terra Verde Services
Business Records to ESI to Digital Evidence
Presentation Overview:"The primary authenticity issue in the context of business records is onwhat has, or may have, happened to the record in the interval between when it was placed in the files and the time of trial.In other words, the record being proffered must be shown to continue to be an accurate representation of the record that originally was created.”—decision by US Magistrate Judge Grimm.
This talk will describe the relationship of data integrity and the need to prove the authenticity of Electronically Stored Information submitted to court. Ways to achieve that integrity will also be covered.
Speaker Biography:Hoyt Kesterson is a consultant with Terra Verde Services. He has more than 40 years of experience in information security and related technologies. For 21 years he chaired the international standards group that created the X.509 certificate, a fundamental component in digital signature and securing web transactions. He is Vice-Chair of the ABA’s eDiscovery and Digital Evidence Committee. A testifying expert, he has given many CLE-accredited talks to lawyers and to technologists. He is an acknowledged contributor to a book on e-discovery, and a book on digital data and the rules of evidence both are published by the ABA.
Allan Wall MSc., CISSP, A.Inst.ISP - Independent Consultant
Moderator Biography:Allan Wall has been working within the IT industry for nearly twenty years. Most recently he managed a team of IT Risk Management focussed pre-sales systems engineers / consultants for Symantec in the UK and delivered lectures as a guest on the MSc in Information Security at Royal Holloway University of London. He is Founder Associate Member of the Institute of Information Security Professionals. He has participated on a number of ISSA UK expert panels providing feedback into UK Government information security initiatives, and is a Director of Academic Liaison to the ISSA UK management team. Currently, he serves on the ISSA Web Conference Committee. He holds a BSc (Hons) in Biochemistry and Genetics, a Post-Graduate Certificate in Education from Newcastle University (UK), and a Masters in Information Security at Royal Holloway University of London.