| Business Professional Track | Wednesday Oct 3, 2007 | Presentation Abstract |
| Registration and Continental Breakfast | 8:00-8:45 | |
|
Intro and Welcome Allen Scalise, Great Lakes Networks |
8:45-9:00 | |
|
Keynote - Evolution of Threats E. Eugene Schultz |
9:00-10:00 |
Security-related threats have changed substantially over the years. The motive to profit from unauthorized activity (and thus to write code and engage in activity that remains as unnoticeable as possible) has become primary. Additionally, information security practices face new risks related to failure to meet a myriad of compliance requirements (SoX, HIPAA, GLBA, and so on). New security technology has, fortunately, emerged to deal with the changing threat and risk landscape and much of it is more user-friendly that ever before, something that often results in more proficient use and a reduced need for extensive training. Event correlation technology is a good example. Powerful event correlation tools that collect, correlate, and store huge amounts of output from network devices, intrusion detection systems, and other sources have greatly simplified and also reduced the cost of threat management. This presentation will describe this as well as other types of security technology as well as the changes in this technology over time to improve the ability to address threats and risks. |
|
Case Study: Ohio University Allen Scalise, Great Lakes Networks |
10:15-11:00 | |
|
Risk and the Enterprise Audrey Pantas, Chief Information Risk Officer, Xerox Corporation |
11:00-12:00 | Companies are faced with ever increasing external and internal risks at the same time technology has become a critical component of the business. How do we manage the trade offs between securing information assets and enabling the business? Xerox has taken a multi-tiered approach to protecting its information assets with its information risk management strategy. |
| Lunch | 12:00-1:00 | |
|
Cyber Offending by Youth: Implications for Future Infosec Professor Sam McQuade, Rochester Institute of Technology |
1:00-2:00 | Recent survey research undertaken by the Rochester Institute of Technology involving thousands of K-12th grade students suggests that youth may represent the greatest potential resource and threat to information systems security. This presentation will present offending and victimization data with implications for employment and training related policies, programs and practices across employment sectors.” |
|
Data Breach Response Monroe County District Attorney Michael Green; Special Agent Joe Ondercin, Federal Bureau of Investigation; Beth VanVliet, Vice President of Client Services, Dixon Schwabl |
2:00-3:00 | Moderated expert panel discussion of Data Breach planning and response - What to do, how to notify, who to notify, keeping your customers, and more. |
| Break | 3:00-3:30 | |
|
Data Handling Chip Nimick, University of Rochester Medical Center; Dave Pecora, Associate Director of Customer Support Services, Rochester Institute of Technology; Wyman Miles, Senior Security Engineer, Cornell University; Moderator: Interim Director of Information Security William Waterhouse |
3:30-4:30 | Moderated expert panel discussion of Data Handling issues, planning, and solutions. |
| Contributing Sponsors |
  
|
|
| Business Professional Track | Thursday Oct 4, 2007 | Presentation Abstract |
| Registration and Continental Breakfast | 8:00 - 9:00 | |
|
Welcome New York State Assemblyman David Koon |
9:00 - 9:30 | |
| Sponsor Visitation Break | 9:30 - 10:00 | |
|
The Visible Employee Professor Jeffrey Stanton, Syracuse University, School of Information Studies |
10:00 - 11:00 | Jeff Stanton, associate professor and director of the School of Information Studies Ph.D. program has recently published a book called, "The Visible Employee: Using Workplace Monitoring and Surveillance to Protect Information Assets - Without Compromising Employee Privacy or Trust." The book, co-authored by Dr. Kathryn Stam, assistant professor at SUNY Institute of Technology, reports results from four years of research conducted by the authors and focuses on the roles of employees, managers, and information professionals in the support of effective information security. In this presentation, Dr. Stanton will discuss some of the security cases his research team encountered during the project and will provide some practical suggestions for improving security through better management of behavior |
|
CIO Roundtable: Privacy Matters Lionel Bittner, City of Rochester; Ford Greene, Rochester City Schools; David E. Lewis, University of Rochester; Moderator: Rodney J. Petersen, Government Relations Officer and Security Task Force Coordinator, EDUCAUSE |
11:00 - 12:00 | Moderated CIO Panel discussion of privacy issues and concerns. |
| Lunch | 12:00 - 1:00 | |
|
Social Engineering: I am who I say I am. Maybe. Patrick Gray, Cisco Systems |
1:00 - 2:00 | The Internet threat landscape has shifted. What used to be a playground for hackers, crackers and script kiddies, is now a borderless abyss of organized crime fueled by financial gain. Cisco's Patrick Gray, a twenty-year veteran of the FBI and Senior Security Strategist will explore the current threat landscape by highlighting the newest cyber criminals and examining the latest tactics employed by these predators. Gray will address how spammers, phishers, worm writers and hackers interact with this new crime element and how we can prepare our infrastructures to stave off these relentless attacks and protect our critical business assets. Additionally, Gray will touch on chatter in the underground and threats to our critical infrastructures including voice and wireless networks. |
|
IT Value Through Compliance Jim Pierce, MBA, CISA, Senior, Ernst & Young |
2:00 - 3:00 | Regulations affecting information security are rapidly evolving to address growing threats. Compliancy as a business strategy creates improved process while mitigating exposure. |
|
EndNote - Privacy and Security: An Update from Washington Rodney J. Petersen, Government Relations Officer and Security Task Force Coordinator, EDUCAUSE |
3:00 - 4:00 | Concerns about the potential for identity theft resulting from security breaches have led to a number of legislative proposals. Among the proposed Federal solutions are a uniform approach to security breach notification, stronger privacy protections for consumers, limitations on Social Security number use, and more stringent information security requirements. Homeland security directives also call for regular infrastructure protection plans by sectors, including businesses and educational facilities. This session will provide an update on cybersecurity and privacy developments in the Congress and initiatives of executive branch agencies, including the Federal Trade Commission and U.S. Department of Homeland Security. |
| Attendee Reception | 4:00 - 4:30 | |
| Chapter Sponsor |
|
|
| Honorable Mention |
|
|
|
(All schedules are subject to change) |
||
