Recorded Live:November 16, 2010
Click here to download presentation slides
CLICK HERE to register and begin viewing this ISSA Web Conference
Web Conference Overview:
Information Security Standards impact us all in the security profession in some way or another. Whether you are involved in building compliance standards or certification capability, or using standards to guide baseline management, architectural, design or implementation activities, there is an increasingly important aspect impacting what we do. One of the strengths of standards is that once established they should not change too much in order to ease their use by not being a moving target. However, new standards are being developed and existing ones are being modified or improved or added to in response to changes in the infosec threat environment and users requirements. Our speakers will look at some aspects of the standards landscape that have changed in 2010 or will change soon, that which we will need to know about in order to assess the impact on what we do as security professionals.
Erin Connor, Director, EWA-Canada
IT Security Certification Alphabet Soup: FIPS, CC and SCAP
Presentation Overview:There are many product certification and validation programs out there that address different aspects of the security arena. In this discussion we will take a high level look at three standards that are particularly important in the federal arena in terms of the issues they deal with, similarities and differences, associated testing programs, how they fit together, what product vendors need to know and what consumers need to understand.
Speaker Biography:Erin Connor is a Director at EWA-Canada with responsibility for EWA-Canada's Information Technology Security Evaluation & Testing Facility, which includes a Common Criteria Test Lab, a Cryptographic Module Test Lab that carries out validation testing of cryptographic products to FIPS 140-2, a Security Content Automation Protocol (SCAP) Test Lab that tests configuration assessment and auditing products to SCAP program requirements, and a Payment Assurance lab that certifies bank machine PIN pad devices and Point-of-Sale devices to Interac® and Payment Card Industry standards. Erin has a MSc from the University of Ottawa and a BSc from the University of Victoria.
Alexander W. Dent - Reader in Information Security, Information Security Group, Royal Holloway, University of London
Can Compliance Kill Security?
Speaker Biography:Dr. Dent is a reader and lecturer in the Information Security Group at Royal Holloway, University of London. His primary research interest is in mathematical cryptography and, in particular, public-key algorithms and protocols, on which he has published extensively. Dr. Dent teaches the course on "Standards and Evaluation Criteria” for the award-winning M.Sc. in Information Security at Royal Holloway, and has served as a researcher on the EU’s NESSIE algorithm evaluation project and as a UK expert on the ISO/IEC standardization committee for almost ten years. During this period he has scrutinized numerous draft International standards and acted as an editor for the ISO/IEC standard on random bit generation.
Al Cooley, Director of Product Marketing, IBM
Answering the Challenge of Growing Compliance Mandates: Database Activity Monitoring
Presentation Overview:Organizations are faced with complying with a growing number of government and industry mandates, including SOX, PCI DSS, HIPAA and numerous data privacy regulations. For most organizations this is a challenge, given budgets constrained by today’s economic realities. In this presentation we explore how Database Activity Monitoring technology can be used to slash compliance costs across a variety of mandates, while improving the security of sensitive enterprise data.
Speaker Biography:Al Cooley is responsible for Product Marketing within IBM’s InfoSphere Guardium business unit. Mr. Cooley has broad software and security industry experience with start-ups like Industrial Defender and Guardium, as well as public companies like Tele Atlas. His articles and lectures on topics including database activity monitoring, industrial cyber security, HIDS and UTM technologies have appeared in a variety of media. Al holds a MBA from the University of Michigan, a BS from WPI and has conducted advanced studies in Computer Engineering at Boston University.