CCi5 is honored to present "Watching the Watchers"; this updated eye-opening presentation is primarily told from the intruder’s perspective, providing a state-of-the-union style examination of the challenges facing IT Security today. Topics covered include risk reduction, policy implementation, systems configuration and other areas of interest that should appeal to both the technical audience as well as the executive leadership.The presentation has been built to provide an understanding of both technical considerations as well as the business, fiduciary and legal responsibility within organizations. We will review several topics including business awareness to the security climate in today’s world, accountability within an organization for the actions of Information Security practices and understanding the technical and theoretical path that the intruders are taking in the future and other.Risk reduction will be introduced throughout the discussion as the barometer many organizations use to gauge the initiatives that are undertaken as part of an Information Security program. We will look to assess the impact of both technical and policy based solutions giving examples, as well as case studies and real world examples of where ideas have both worked and fallen on the rocks.We will touch upon regulatory with the aim being is to provide an oversight into the main initiatives companies are facing today. We will be discussing both the theory as well as practical applications of both technical and policy based solutions that businesses are challenged with implementing. As with both risk and regulatory sections of the presentation, the goal is to provide insight into the potential business impact of security within the enterprise through examples and case studies.We will examine how foreign governments, organized crime, motivated computer hackers and competitors are just a small fraction of the threats facing companies today and we will review what is being done to try and combat this offensive both domestically as well as within the greater global community.

Speaker Bio
Chris Roberts, co-founder and president of CCi5, heads a team of cyber security professionals specializing in assessment and forensic investigation. He brings a wealth of knowledge, technical expertise, leadership and analytical skills gained from seventeen years experience in information technology. With a focus on information security, his professional experience includes roles as Information Security Officer and Director of Engineering and Architecture for a large retail firm, CTO and Technical Architect for a counterintelligence firm and leader of IT Security Architecture Project Management for a major international retailer. Mr. Roberts’ background in security assessment and vulnerability testing includes penetration testing, compromise investigation, analysis and documentation. He has developed and implemented company-wide information security awareness programs and frequently speaks and gives presentations on topical security issues. He is an active member of the Systems Administration and Network Security (SANS) organization and an active participant in the Open Web Application Security Project (OWASP) community. He currently serves as a member of ISSC and as a FBI business liaison. His credentials include: CISSP, CCIE and MCT. Chris was educated in the United Kingdom.

Presented by: Chris Roberts, CEO & Founder, CCi5 Inc.

Securing the information assets of an enterprise has never been so important or so complicated. The past several years have seen a significant increase in the number of security threats and vulnerabilities and significant advancements in attack methodologies with new tools, techniques, and attack vectors being released on a weekly basis.

Join Accuvant for a lively, interactive discussion to review the latest in current vulnerabilities and tools for ensuring security. Through presentation and live demonstration, attendees will learn about the latest attacks, tools, and techniques employed by today’s hackers, as well as countermeasures that can help protect against these attacks.

Topics of discussion:

• Password security
• Google hacking (data mining)
• Exploit and attack frameworks
• Wireless insecurities (WEP and WPA cracking)
• Application attacks from Information Gathering to SQL Injection
• Physical security (key bumping)
• VoIP hacking and games
• RFID cloning and threats
• Ideas and resources for combating vulnerabilities

Presented By: Accuvant, Inc.

Securing the information assets of an enterprise has never been so important or so complicated. The past several years have seen a significant increase in the number of security threats and vulnerabilities and significant advancements in attack methodologies with new tools, techniques, and attack vectors being released on a weekly basis. Join Accuvant for a lively, interactive discussion to review the latest in current vulnerabilities and tools for ensuring security. Through presentation and live demonstration, attendees will learn about the latest attacks, tools, and techniques employed by today’s hackers, as well as countermeasures that can help protect against these attacks.

Topics of discussion:

• Password security
• Google hacking (data mining)
• Exploit and attack frameworks
• Wireless insecurities (WEP and WPA cracking)
• Application attacks from Information Gathering to SQL Injection
• Physical security (key bumping)
• VoIP hacking and games
• RFID cloning and threats
• Ideas and resources for combating vulnerabilities

Presented By: Accuvant

PCI compliance is currently one of the most important security issues facing business today. However, not every organization has millions of dollars to spend on a compliance effort. This session will discuss some basic concepts regarding the PCI Data Security Standard (version 1.2), and how small and medium sized businesses can achieve compliance with a modest budget.

Among the topics covered in this presentation:

• Basics of PCI Compliance
• Understanding the PCI “Levels”
• The Role of Outsourcing in PCI
• Common PCI Myths
• Ten Inexpensive Things To Help Achieve Compliance

Presented By: Anitian Enterprise Security

The war on battling vulnerabilities has become a daunting process over the years including the record high exploits released in 2008. This presentation illustrates how attackers are automating the process of launching exploits to compromise workstations, servers, network devices and telephones. Live demonstrations of the latest exploits, attack methods, and most popular target devices will be included. This session will educate attendees on the latest techniques while also providing visualization on how IT Managers can perform their own penetration testing on any system/device.

This presentation will cover the following:

• Remote attack
• Client Attack/Email Harvesting/Custom Trojan
• Phone spoofing, PBX and Phone cracks
• Content Scanning
• Voice Morphing & Recording
• Analysis & Best Practices

Presented By: SAINT Corporation

Download Presentation

Modern Internet content is becoming more and more user driven. People no longer look to static pages for information, they rely on blogs and forums. They get their information real-time from Twitter and Facebook. They share information through Slashdot and Digg. They entertain themselves through YouTube. It goes on. As the content mechanisms change, so do the threats. Learn how to protect yourself from new attacks as the threat environment adapts and seizes opportunity in the world of Web 2.0.

Presented By: MX Logic

Details of this presentation will be announced soon.

Presented By: TBA

10:30am Recession Proof Your Network and Prepare for the Future

Is the recession having an effect on your bottom line? Do you need to scale back your operation today but want to be prepared for rapid growth? Are you looking at either cutting costs or pushing to increase productivity? Does your business need to change the way it works to survive in the future? This session will address ideas on what businesses can do with their current network infrastructure to better support their businesses needs today and into the future. We will discuss a variety of ways companies are using technology to meet their business needs today by better utilizing their budget dollars and leaving a multitude of options for the future. We will present a case study showing how clients can move from traditional network infrastructure to a fully integrated network in the local area and across the country. We will show how to deliver the network infrastructure needed to support today’s complex data applications.

Presented By: tw telecom

Logs, if utilized to their full capacity, can reduce significant costs for organizations. Just as you might have seen an increase in speeding tickets lately, a cash-strapped government is taking the route of audits whether it is traffic or regulatory compliance. To add to the complexity, resources in your organization are probably shrinking and your boss expects you to get more out of less.

Attend this presentation to learn:

• How can you utilize logs to improve IT operations, security posture and regulatory compliance in your organization
• What are your peers doing to keep pace with rising threats in cyberspace
• What are some of the simplest ways to start saving, today
• What is Security Information and Event Management (SIEM)
• How to achieve high 3 digit ROI with under 3 month payback using 3 simple SIEM/Log Management use cases

Presented By: Accuvant & ArcSight

In today’s economy, justifying a new project and the purchase of new software can be extremely difficult. But what if that new project could save the company millions of dollars and be fully implemented in less than a month? Learn how a single management server can provide the visibility and control you need for high performance systems and security management to 250,000 endpoints regardless of their location or connection type and be implemented globally in days or weeks. Please join us for a brief presentation exploring how BigFix has saved organizations hundreds of thousands to millions of dollars through everything from reducing computer electricity usage and software licensing/maintenance fees to information security process efficiencies and infrastructure consolidation.

Presented By: Accuvant & BigFix

There are many attack vectors for compromising the privacy of customers, patients, and employees. Web applications continue to expose valuable information to legitimate users, but are often ill-protected against determined hackers. Lost laptops and USB memory devices risk large scale breaches of thousands of private records. And legitimate insiders, many of whom are now in fear of losing their jobs due to the recession, often email or copy sensitive information ‘just in case.’

In this session, the speaker will explore these various threats and how best to address them, especially in a climate where more access to information is being demanded. The session will focus on two aspects of potential privacy breaches: external threats such as hackers and malware, and internal threats such as careless or malicious insiders.

Presented By: Trend Micro

Network security attacks can devastate an organization by crippling systems, stopping productivity and causing the company to pay extreme fines if confidential information is pilfered. Prepare to discuss social networks, botnets, data loss prevention plus other malicious wild things, and how to keep your valuable employees, systems and data safe.

Presented By: WatchGuard Technologies

Application exploit are on the rise. And yet industry experts are reporting that most organizations are still not adequately keeping up with security patches for their operating systems, much less their applications. One of the most effective ways to protect against application exploits is to implement security patches within 48 hours of release across your entire organization. Sound impossible? Join us for this discussion on patch management best practices, industry benchmarks, recent analyst reports, and ROI metrics to help "sell" the project to upper management. We'll also explore some of the pitfalls that may be preventing you from achieving your patch management and application security goals.

Presented By: BigFix

Today's enterprise is taking advantage of a number of key technologies to drive their collaboration and communications strategies. Adoption of new technologies like Cloud computing, Telepresence and Web based collaboration enable business to be much more efficient than ever before with the network playing an increasingly important role. Not simply a matter of "bigger pipes", the network needs to deliver an enhanced "Quality of Experience" for the enterprise to realize the true business advantage. Couple that with the demand for additional security solutions, the network is more and more critical to the Enterprise data needs. When the application is enabled by the network, the result is an empowered employee driving efficiencies around the business and getting the needed results for the enterprise.

Presented By: tw telecom

For Organizations looking to substantially reduce the cost of litigation and gain control over vast amounts of circulating, unstructured content– there’s eDiscovery. This session will address how to take control of litigation, file collection, file processing, and most importantly… how to gain wisdom, knowledge and profitability from the expansion of collected data. The discussion will be aimed at security professionals, those concerned with the ever changing regulations and those that want control over their own data.

Presented By: FusionStorm

Achieving the benefits promised by VMware data center virtualization requires choosing the right storage solution. In this presentation we will review the various storage options available and discuss why NFS shared storage is a better choice than the conventional wisdom of using a Fibre Channel (FC) or iSCSI SAN. We will also debunk persistent myths that may deter you from considering NFS for your VMware deployment.

Presented By: BlueArc