Live Event: September 25, 2012
Start Time: 9:00 a.m. US Pacific/ 12:00 p.m. US Eastern/ 5:00 p.m. London
Click here to view on-demand.
Click here for presentation slides.
Generously supported by:
Web Conference Overview:
Buffer overflows, injection attacks, worms, viruses and
social engineering have all shown us one thing. The issue is usually not
the hardware. As a matter of fact, when was the last time we heard of the
actual hardware being hacked? It is usually a program or application that
is attacked. This raises the question – what are software providers doing
to address this issue? How are they trying to improve the inherent
security of their applications and in some cases even the operating systems?
This session will attempt to provide answers to all of these questions and
Director for Software Assurance, National Cyber Security Division,
US Dept of Homeland Security
Worldwide Product Marketing Manager, IBM
Kimberly Madia is a worldwide product marketing
manager for the InfoSphere Guardium and Optim solutions. She has been with IBM
for over 10 years and earned an MBA in Marketing and Information Management at
Carnegie Mellon University. During her career at IBM she has worked as a
technical support representative and a business partner enablement manager.
Currently she is focused on developing client solutions across software brands
to support compliance, to improve business processes and to help organizations
Protecting applications and preventing fraud
applications contain an organization’s most sensitive financial, customer,
employee, and intellectual property information. These systems are often the
most difficult to secure especially with modern trends in enterprise computing,
the rise of social media, the cloud, mobility and the era of big data.
Organizations must protect both data and applications against external and
internal threats across a complex security landscape. The primary purpose
of application-layer monitoring is to detect fraud that occurs via enterprise
applications, rather than via direct access to the database. This level of
monitoring is often required for data governance requirements such as SOX (in
addition to monitoring direct database connections by privileged users). In
this session, we’ll show you how to positively identify application users
associated with specific database queries and transactions, protect valuable
business assets, foster secure and efficient collaboration, and effectively
integrate security into existing business processes.
Michael F. Angelo
Chief Security Architect, NetIQ
Michael F. Angelo, CRISC, is currently the Chief Security
Architect for NetIQ and the Chair of the ISSA Web Conferences Committee. Amongst his many accomplishments he was a
Staff Fellow at Compaq and HP, a
Sigma-Xi distinguished Lecturer, and named Inventor of the Year for the City of
Houston (with 52 granted patents in the area of security). In addition, he was
named ISSA Security Professional of the Year for 2011. His blogs can be found
on the NetIQ Community site.
Overview: Historical Perspective of Software Security
computer security expert was focused on keeping bad people out and preventing bad things from happening
to their systems. This was reasonably easy to do when we could put firewalls and
intrusion detection software in place. Then we discovered we needed to do
inspection, and now in the light of APT and attacks like FLAME we need to
rethink even this strategy. Ultimately these attacks attempt to circumvent security on the
system by hacking the user. But is hacking the user really the issue, or
is it potential
holes in the software?
What if the next
line in defense is the software on the system. That is if a program is
to injection attacks or buffer overflows… what’s next… This presentation will
review the past and current trends in secure software development and look at some of the new directions that
are just around the
Phillip H. Griffin
ISSA Web Conference Committee, Session Moderator
H. Griffin, CISM has over 18 years of information assurance experience. Phil
has served as a trusted security advisor, security architect, and consultant
with leading corporations. He has acted as committee chair, editor, and head of
delegation in the development of international security standards, and he
currently serves on the ISSA Educational Advisory Council, and on the board of
the Raleigh ISSA Chapter. At Booz Allen Hamilton, his work encompasses
authentication technologies, access control policy, and message schema. Phil
has eight patents pending in the area of biometric security, and has spoken at
leading security conferences around the world.