Robert B. Dix, Jr., Vice President of Government Affairs and Critical Infrastructure Protection, Juniper Networks (Moderator)
Ely Kahn, Director of Cybersecurity Policy at National Security Staff, Executive Office of the President
Mitchell Komaroff, Director, Globalization Task Force for the Assistant Secretary of Defense for Networks and Information Integration / DoD Chief Information Officer, Department of Defense
Deborah Parkinson, Senior Policy Analyst and Professional Staff Member, U.S. Senate Committee on Homeland Security and Governmental Affairs

Plan to attend this interactive panel discussion with recognized subject matter experts focused on understanding the diverse and numerous threats to national information assets, with a particular emphasis on the challenges for government INFOSEC professionals. Hear more about emerging ideas for information protection and management, and how new legislation may impact users, managers and their industry partners alike. Bring your questions and your practical, actionable ideas for industry and government collaboration that will yield measurable results and improved critical infrastructure protection. This is your opportunity to join the dialogue about cybersecurity today, and what’s next.

9:25

Understanding New FISMA Performance Metrics

John Gilligan, President, The Gilligan Group
Matt Coose, Director, Federal Network Security, National Cybersecurity Division, Department of Homeland Security

In April this year, the U.S. Office of Management and Budget issued updated reporting instructions for agency reference and use under the Federal Information Security Management Act of 2002 (FISMA). The reporting under the new guidelines is due by mid-November, and many cyber security professionals across government need to expand their understanding of the updated guidelines, what is new in the guidance that requires near-term action, and where to get help to meet these mandates. Join this session to build on your knowledge of FISMA performance metrics, and bring your questions for discussion with seasoned security experts who can help you get started now.

10:00

Coffee / Networking Break

10:30

Building an Architecture of Trust: The Network’s Role in Securing Cyberspace

Don Proctor, Senior Vice President, Cisco

Today there are tectonic forces that are shaping a new cybersecurity landscape. In this ever-changing environment, we need an “Architecture of Trust” that provides a comprehensive architectural approach to managing cybersecurity risk and assuring our safety. The network not only plays a vital role in protecting our information and assets, it also can enable a platform for innovation in cybersecurity going forward.

11:00

A Strategy to Develop an Effective U.S. Cyber Workforce

Karen Evans, Partner, KE&T; Cybersecurity Commission Member, Center for Strategic and International Studies; and former Administrator for IT and E-Government, U.S. Office of Management and Budget
Franklin (Frank) Reeder, Cybersecurity Commission Member, Center for Strategic and International Studies

There is general agreement that the U.S. must strengthen and expand its Cyber Workforce. As a national effort, there are numerous approaches under review to increase general cybersecurity awareness across the general public--from consciousness-raising in grammar school curricula, to targeted training camps for future security professionals at the high school, college, and post-graduate levels, to focused efforts to continually educate those in government and industry dedicated to stopping cyber threats. Join this session to hear from members of the Center for Strategic and International Studies Cybersecurity Commission on its collective efforts to evaluate the available options to bolster the cyber workforce, and learn of their initial recommendations addressing how to improve national cybersecurity preparedness. Bring your ideas and your questions to this lively session.

11:30

Cyber Forensics: The Key to Attack Attribution

Jim Butterworth, Senior Director of Cyber Security, Guidance Software
Stephen Elky, Deputy Director for IT Services, Library of Congress

Once you identify vulnerability or an attack on your information infrastructure, what do you do to understand who has breached your defenses, their motives, and how to prevent future unauthorized access? Given the complexity of today’s operating environments, coupled with the exponentially growing threat landscape, cybersecurity professionals are looking to leverage technologies that can help evaluate existing security gaps and prevent future cyber attacks. Attendees will learn about tools that are designed to detect unapproved or unknown processes, and how they are used in real-world situations. Join this session to deepen your knowledge of how to uncover potential threats, quickly make triage decisions and remediate suspected attacks. And perhaps most critical, understand how to determine the threat level and purpose of unknown software or running processes, and how available attribution techniques can determine if a new attack is linked to a previous incident.

12:00

Attendee Networking Luncheon and Visit Sponsor Exhibits

1:00

Security Engineering and Why it is Essential

John Diamant, HP Secure Product Development Strategist & HP Comprehensive Applications Threat Analysis Service Lead, Security and Privacy Professional Services, US Public Sector, HP Enterprise Services
Janet Oren, CISSP-ISSEP, CSSLP, Senior Information Systems Security Engineer, National Security Agency

Join this session and expand your understanding of Security Engineering and why INFOSEC professionals develop this expertise within their own ranks for positive cyber security outcomes. This is your opportunity to learn why “development of detailed engineering plans and designs for security features, controls and systems” (Wikipedia) is so critical to secure government operating environments, that meet user requirements and prevent or mitigate malicious attacks on information assets. Attendees will hear directly from government and industry leaders in information security about the major concerns they have regarding the lack of focus on security systems engineering and ways to provide meaningful training and value-added security engineering programs within your organization to address existing gaps.

1:40

Social Media and Cyber Security: A Toxic Combination?

Joe Howard, District Manager, Federal, Websense
Terry Davis, Social Media Policy Lead, Office of the CIO, Department of Defense

In the past year, there has been tremendous debate about the merits and risks associated with using social media in business, civilian, and military work environments. Many agencies have incorporated forms of social media into their operations; others have banned its use on the grounds that the applications consume bandwidth, compromise network security, and worse. Few topics in the cyber security arena have attracted the attention that social media and its role in the enterprise have ignited. Plan to attend this session and learn how government organizations are considering and using blogs, micro-blogs, wikis, Facebook, Twitter, and more to enable communications among their staffs and industry partners. Understand the primary risks— how cyber criminals and adversaries are capitalizing on the social media and Web 2.0 dynamic, to the unintended disclosure of personally identifiable information (PII) and sensitive agency data. This session will provide an overview of the situation today, as well as recommendations to limit network security exposure while maximizing the possible benefits for enterprise-wide applications.

2:10

How to Use Continuous Monitoring to Reduce Your Agency's Vulnerability Footprint

Holly Ridgeway, Deputy Chief Information Security Officer and Director, Justice Security Operations Center, Department of Justice (Moderator)
Charles (Chuck) McGann, Corporate Information Security Officer, U.S. Postal Service
John Streufert, Director, Information Assurance Office, Bureau of Information Resources Management, Department of State

If practical solutions are often the most effective, then consider how agencies can and are stepping up their efforts to continuously monitor their computing and data management operations for unusual, anomalous, and unpredictable behavior. This session will focus on the experience of three government organizations and how they have implemented continuous monitoring to support their specific mission and business objectives—including how they are similar, and how they vary in their approaches to delivering cyber security for their agency operations. Learn the tools and strategies used, how and why they were selected, the benefits, trade-offs, and challenges of implementing a seamless program given in-place computing architecture, and in light of organizational cultures. This interactive session will help attendees build their understanding of the realities and real returns of using continuous monitoring to support current and emerging security controls and reporting requirements.

3:05

Break

3:10

Do You Know Who is Accessing Your Data?

Adam Bosnian, Vice President, Products and Strategy, Cyber-Ark Software

Government information security and compliance is a high-stakes game where navigating new regulations and keeping ahead of emerging threats can be a matter of national security. Look no farther than the recent indictment of a former TSA data analyst who was accused of trying to sabotage a terrorist screening database. The sensitive nature of privileged accounts and their elevated data access requires extra attention as part of any identity and access management process. Industry data shows that up to eighty percent of system breaches are caused by internal users, including privileged administrators and power users who accidentally or deliberately damage IT systems or release confidential data. Join this session to learn how to better protect highly sensitive information against internal and external threats, including how powerful, privileged accounts must be monitored and controlled. Further, build your understanding of how to use policies and technologies that are designed to provide special treatment for privileged identities in order to help mitigate the risk of internal data misuse.

3:40

Dynamic Cyber Security: Architecting Defense in Detail

Tim Brown, Chief Security Architect and Distinguished Engineer, CA Technologies, Security Business

The U.S. critical infrastructure has evolved from a “network-enabled” position to one that now is “network- dependent.” No aspect of the national critical infrastructure operates without extensive use of information technology, and it is this fact that makes our networks such a high priority target for adversaries. Civilian and defense agencies have learned through experience that mission critical networks are contested, violated, infiltrated and penetrated, leading to significant risks to US interests. Attend this session to learn in detail about how government agencies can deploy secure, self-aware, proactively-managed defense mechanisms with commercially-available technologies that can be integrated with specialized R&D efforts, for the best possible approach to combat the cyber security threats our nation is facing today.

4:10

Wrap-up and Announcements

4:15-5:30

Conference Networking Reception Sponsored by

View Seminar