Recorded Live: May 28, 2013
Start Time: 9:00 a.m. US Pacific/ 12:00 p.m. US Eastern/ 5:00 p.m. London
Click here for presentation slides.
Click here to view recorded web conference.
Generously supported by:
Web Conference Overview:
Every so often a new
disruptive technology or use model arises. The hot topics, for the
past few years, have been Consumerization and Cloud Computing. But
what happens when these two topics combine? In today’s world you can
now use your personal device to access the cloud. On the surface
things may not seem confusing, but what happens when you access corporate data
and personal data from the same device? What issues can exist with
bleed over and residual information, and how can we deal with them?
Roy Wattanasin - New England, USA Chapter
Information Security Officer, MITM
Roy Wattanasin is the
information security officer for MITM. He spends most of his time leading and
developing the organization's information security program, performing
penetration tests, finding vulnerabilities and working on other projects. He
enjoys teaching a variety of topics about healthcare information security and
speaking at security conferences. He teaches at Brandeis University and is a
part of many advisory boards. Previously, Roy was a Senior Security Engineer
for Children's Hospital Boston (now Boston Children's Hospital), where he led
the application security, vulnerability management, incident response programs,
security awareness and security engineering initiatives.
Roy is also a member of the MedSec (Medical Security) Linkedin group. He is
also the lead organizer of Security BSides Boston 2013. He is affiliated with
OWASP, ISSA International, HIMSS, the Boston Security Meetup and many other
security and privacy related groups. He also enjoys doing part-time security
Bring Your Own Device
(BYOD) and the cloud are both terms and keywords that everyone has now heard
about. Learn more about the challenges, security risks and results of
performing both at the same time. How do you protect the data on mobile devices
that are also personal devices? What are the best recommended ways to
accomplish this? How do you start and what policies should you implement?
Companies have moved now from the model of mobile devices wasting productive
time to embracing the supporting mobile devices in enterprises to efficiently
perform tasks. Additionally, learn some ways to alleviate this common issue.
David Willson - Colorado Springs, USA Chapter
Attorney/Security Consultant, Titan Info Security Group, LLC
David is a leading authority in cyber security and the law. He is a licensed attorney in NY, CT, and CO, and owner of Titan Info Security Group, a Risk Management and Cyber Security law firm, focused on technology and the law, and helping companies lower the risk of a cyber-incident and reducing or eliminating the liability associated with loss or theft of information. He also assists companies with difficult legal/cyber-security issues. David is also a partner of OnlineIntell, an online company that provides brand and reputation protection, corporate intelligence, and domain, trademark, copyright, and patent infringement detection and solutions. He is also on the Board of Advisors with Cylance.
David is a retired Army JAG officer. During his 20 years in the Army he provided legal advice in computer network operations, information security and international law to the DoD and NSA and was the legal advisor for what is now CYBERCOM.
He has published many articles, such as, "Hacking Back in Self-Defense: Is It Legal; Should It Be?”, "Cyber War or Cyber Cold War?”, and recently, "The Legal Issues of Forensics in the Cloud.” His speaking engagements include: the FBI ICCS conf., RSA (2009-2013) and RSA Europe, CSI, HTCIA, ISSA, FBCINC, the 4th Int'l Cyber Crime Conf., Australia, Cornerstones of Trust, FISSEA, ASIS, ISSA International, Hacker Halted, the OWASP SnowFroc 2013, and others.
He holds the CISSP & Security + certifications and has two LLM’s in International Law and in Intellectual Property law. He is a VP of his local ISSA chapter and a member of InfraGard.
BYOD and Cloud Present Legal Challenges. Combine Them and You Have a Nightmare.K. Scott Morrison
raises a lot of legal and security issues as does the Cloud. Depending on which side you are on some of
the issues include: privacy, who owns the data, who controls the data, how is
the data kept secure, what happens when there is a breach (of the device or the
Cloud), and many more. These questions
and more will be explored from a legal perspective.
Chief Technology Officer, Layer 7 Technologies
K. Scott Morrison is the Chief Technology Officer at Layer 7
Technologies, where he is leading a team developing the next generation of
security infrastructure for cloud computing, API Management and SOA. An
architect and developer of highly scalable, enterprise systems for over 20
years, Scott has extensive experience across industry sectors as diverse as
health care, travel and transportation, and financial services. He has been a
Director of Architecture and Technology at Infowave Software, a leading maker
of wireless security and acceleration software for mobile devices, and was a
senior architect at IBM. Before moving to the private sector, Scott was a
member of the world-renowned medical research program of the University of
British Columbia, studying neurodegenerative disorders using medical imaging
Scott is a dynamic, entertaining and highly sought-after
speaker. His quotes appear regularly in the media, from the New York Times, to the Huffington Post and the Register. Scott has published over 50
book chapters, magazine articles, and papers in medical, physics, and
engineering journals. His work has been acknowledged in the New England Journal of Medicine, and he
has published in journals as diverse as the IEEE
Transactions on Nuclear Science, the Journal
of Cerebral Blood Flow, and Neurology.
He has written articles that have appeared in Forbes and CNN. He is the
co-author of the graduate text Cloud
Computing, Principles, Systems and Applications published by Springer, and
is on the editorial board of Springer’s new Journal
of Cloud Computing Advances, Systems and Applications (JoCCASA). He
co-authored both Java Web Services
Unleashed and Professional JMS.
Scott is an editor of the WS-I Basic
Security Profile (BSP), and is co-author of the original WS-Federation specification. He is a
recent co-author of the Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing,
and an author of that organization’s Top
Threats to Cloud Computing research. Scott was recently a featured speaker
for the Privacy Commission of Canada’s public consultation into the privacy
implications of cloud computing. He has even has lent his expertise to the film
and television industry, consulting on a number of features including the X-Files. Scott’s current interests are
in cloud computing, API security and secure mobile computing—and of course, his
wife and two great kids.
Scott’s blog is at http://KScottMorrison.com
Sits At The Intersection Of Cloud And Mobile
Two of the most compelling trends
in IT today are cloud computing and mobility. Either of these alone carries the
potential for massive disruption to enterprise IT; together, they represent an overwhelming
force. But are these technologies truly separate, or do they have commonalities
that IT management can exploit to gain better control?
Identity is arguably the
architectural keystone bridging these trends. To be successful with these technologies,
we need to change our approach to managing identity. In this presentation, by
CA Technologies and Layer 7 Technologies, you will learn how to leverage
emerging technologies like OAuth, OpenID Connect and SCIM to construct a modern,
Matthew Mosley - Northern Virginia, USA Chapter
ISSA Web Conference Committee, Session Moderator
Matt Mosley has been working as a security professional
for more than 20 years in roles within corporate IT and risk
management, strategic consulting, and product development. In his current
role with ThreatTrack Security, Matt leads product management activities for a
portfolio of malware protection solutions. Prior to this role, Matt held
senior leadership roles with leading security firms including NetIQ, Internet
Security Systems, Intellitactics and Brabeion Software. Matt is an active
member of security industry groups including ISACA and ISSA, and sits on the
ISSA Web Conference Committee. Matt holds the CISSP, CISM, and CISA
designations, teaches CISSP courses for ISSA-NOVA, and is a frequent speaker at