CONFERENCE SESSIONS - Click here to see the conference schedule...

The Cornerstones of Trust 2008 conference is the showcase for today’s leading ideas on security. For anyone interested in security, nothing will give you the in-depth information and unique insight that you’ll get from Cornerstones of Trust 2008.
This is the perfect opportunity to meet other members of the security community, learn about new tools and techniques,
and gain insights into the future direction of the security industry.

Four Parallel Tracks:

Track One: Convergence of Physical and IT Security
Is it possible to leverage existing physical and IT security infrastructure in ways that improve a corporate security posture while reducing total cost of ownership? This track explores the possibilities and constraints by examining the integration of identity management, access control, and system automation technologies with analytic tools and world class management practices.

Session 1: Bringing practical convergence solutions to life - by James Connor, Principal, N2NSecure
James Connor, a top ten mover and shaker according to Security Technology and Design magazine, provides an enlightening, yet pragmatic view of current and emerging opportunities to manage risk more effectively by integrating physical and information technology controls. This session includes an overview of approaches to integrate global security operations, access control, CCTV-video, biometrics, analytics, system automation, and related privacy, security, and regulatory compliance considerations.

Session 2: Security convergence in practice – Kim Jones, Chief Information Security Officer, eTelecare
How do we translate convergence possibilities into immediate opportunities? This interactive discussion uses a case study format to analyze real world deployments and convergence approaches. Highlights include integration of physical access controls with identity management systems and best practices for global operations.

Session 3: Strategic planning for security convergence – a panel discussion
This session will provide excellent content to extend a corporate security roadmap to consider convergence opportunities and risks. This moderated, interactive discussion with a group of industry experts will examine intersecting technology and industry trends that will significantly impact physical and IT security practitioners over the next three years.

Track Two: Proactively Securing Core Business Functions
Enterprise IT organizations know they must protect their resources, applications, and processes. Every security professional should advocate a systematic, comprehensive approach to crafting security architecture and implementing and managing security over time. This track discusses security architecture, governance and practical integration into delivery for the business.

Session 1: Fitting information protection into the business - An issue of governance By Dr. Fred Cohen, Information Protection Consultant, Fred Cohen & Associates
In this talk, the overarching governance structure of how information protection integrates with business is discussed and described with drill-down into the emerging issues of business modeling, inventory control, and work flows - and lots of real-world examples.

Session 2: Developing Secure Web Solutions by Liam Lynch, Chief Security Strategist (Senior Director), eBay, Inc. Marketplaces
In this session, expert advice is provided on how to develop secure Web applications. Security is the science of compromise across the breadth of protected transactional business functions. The presentation covers architecture, design and coding practices in the context of threats to business and its users with advice on applications APIs, federation mechanisms and security audits.

Session 3: Panel – Balancing Business Priorities with Integrated Security
The session will debate various approaches to ensuring security is integrated into the full business lifecycle. Get practical advice on balancing security with pressing business demands. Panel members include responsibilities along the whole value chain: business consultant, security architect, program manager, delivery manager and business owner.

Track Three: Security Smarts Metrics and Measures
Session 1: What are security smarts? - A Panel Discussion
A small panel of industry practitioners and experts will each discuss what their interpretation of what security smarts are and why they believe that they are pertinent for every organization that is concerned with network and data security. The moderator will follow with a few questions and then open the floor up to audience questions. Participants will leave with a better understanding of what is important to a good security program.

Session 2: How do you measure security smarts?
A panel of industry practitioners and experts will each discuss the metrics systems that they use to gauge success within their organization. They will talk about the issues of identifying appropriate metrics, maintaining metrics reliability, and how they relate their metrics to non-security colleagues. The moderator will follow with a few questions and then open the floor up to audience questions. Participants will leave with a better understanding what can be measured versus what should be measured.

Session 3: Where are you in the security smarts spectrum - are you clueless or contributing?
Panel members from the previous two discussions will discuss the basic security smarts spectrum and where their perspective security programs fall on that spectrum. They will discuss how you can integrate security smarts into your enterprise, how metrics play a role, and where your security program is based on the spectrum. Audience participation is expected. Participants will leave with a better understanding of the maturity of their security program.

Track Four: Ediscovery and Digital Evidence, and Predictive Analytics for Risk Measurement

Session One: Ediscovery and Digital Evidence: Through the Information Security Looking Glass
Boardroom surveys have shown that Ediscovery is the #1 risk management concern among CEOs and corporate counsel. Risk from Ediscovery caused the editor of Information Security magazine to say "the biggest threat for 2008 is lawyers." Our panel of experts, including attorneys, will explain why information security professionals need to care about Ediscovery and digital evidence. Find out what they can do to minimize Ediscovery risk. And find out why lawyers are not only your biggest threat, but also your strongest allies.

Session Two: Predictive Analytics for Risk Measurement
This session will demonstrate how traditional warehousing and analytic tools (and budget) can help build and implement predictive models that identify unwanted behavior. The idea is to use the same tools that analyze CRM data for marketing purposes, in context to behavior that leads to fraud/misuse/non-productive activity. Questions we hope to answer are who on your data warehouse team should you approach, where is the data, how do we ask for the data, and, how are the models implemented and managed. Those on the panel will include:
A data warehouse expert
A data modeling expert
A Chief Risk Officer