RSA Conference

    • Security Topics
    • Conference Info
    • RSA Conference USA 2008
    • RSA Conference Japan 2007 (upcoming)
    • RSA Conference Europe 2008

    Email This Page

    2008 Annual Meeting Archives

    This is a collection of session proceedings, documents and links to web pages that are relevant to the topics discussed at the ESAF 2008 Annual Meeting, which was held on April 7, 2008 at the Four Seasons, San Francisco, California The theme for this meeting was “Navigating the Perfect Storm.”

    This page is intended as a resource for ESAF participants to capture the valuable information shared at the meeting, as well as any related reports or studies that senior executives in information security would find useful. All of the materials have been prepared or recommended by Program Management, the Program Committee or ESAF participants.

    2008 ESAF Meeting Proceedings

    GENERAL SESSIONS

    PDFGetting a Seat at the Table: Making Security and Privacy More Strategic to Business Innovation

    PDFMetrics That Matter

    PDFWhat Advice Would You Give the Next President? 

    PDFUniting the Public and Private Sectors in the Fight to Secure Cyberspace

    BREAKOUT SESSIONS

    PDFCan We Get a Grip on Application Security?

    PDFThe Coming Invasion: Consumer Devices in the Enterprise

    PDFEarly Warning Signs: The Psychological Aspects of the Insider Threat

    PDFVirtualization: What’s the Real Security Story?

    PDFMoving From Compliance to Governance

    PDFCutting Through the Hype: Strategies for Securing Web 2.0 in the Enterprise 

    INTERACTIVE POLLING RESULTS

    PDFInteractive Polling Results 

    Documents Relevant to Meeting Topics

    THE COMING INVASION: CONSUMER DEVICES IN THE ENTERPRISE

    PDFEstablishing Mobile Security Based on Open Standards (12 slides)
    This presentation makes the case for global open standards for mobile security. It provides an overview of the Trusted Computing Group’s Mobile Trusted Module, which is the world’s first open hardware-assisted security standard for mobile trusted platforms. (by Janne Uusilehto, Head of Product Security, Nokia Corporation; and Chair, Mobile Security Working Group, Trusted Computing Group)

    EARLY WARNING SIGNS: THE PSYCHOLOGICAL ASPECTS OF THE INSIDER

    PDFThe Insider Threat: Recent Findings and Innovations (23 slides)
    This presentation details the numerous critical pathway elements that lead to insider risks and attacks. It also discusses the use of psycholinguistic software to locate and access disgruntlement and insider risk. (by Eric Shaw, Behavioral Science Consultant, Stroz Friedberg; Visiting Scientist, Insider Threat Group, Computer Emergency Response Team [CERT], Carnegie Mellon University)

    PDFPathological Organizational Affective Attachment: Why Some People Become Insider Threats in the Workplace (4 slides)
    Outlines the causal cycle that can lead to insider incidents. (by Harley V. Stock, Forensic Psychologist, Incident Management Group)

    PDFWorkplace Violence: Advances in Consultation and Assessment (41 pages)
    This paper by Harley V. Stock discusses the role of forensic psychological business consultation and the importance of preparation for workplace violence events. It defines the legal and ethical issues associated with forensic psychoanalysis as well as current risk assessment practices and issues. Notably, Stock also proposes a new model for conducting workplace violence assessments. This paper is published as a chapter in Forensic Psychology: Emerging Topics and Expanding Roles.

    VIRTUALIZATION: WHAT’S THE REAL SECURITY STORY?

    PDFWhat is Virtualization? (7 slides)
    An overview of the associated benefits and risks of implementing virtualization. (Provided by Michael Hoesing, Director, Information Systems Audit, First Data Corporation)

    MOVING FROM COMPLIANCE TO GOVERNANCE

    PDFCompliance Challenge: A Good Trojan (7 slides)
    Outlines the challenges in regulatory compliance and provides diagrams demonstrating the process for IT compliance and a common framework for efficiency in compliance strategies. (By Henry Teng, Senior Director, Global Information Security Risk Management, Royal Philips Electronics)

    CAN WE GET A GRIP ON APPLICATION SECURITY?

    The following are links to various articles on the topic of software security written by Gary McGraw, Chief Technology Officer at Cigital:

    Software (In)security: Paying for Secure Software (April 7, 2008)
    http://www.informit.com/articles/article.aspx?p=1189519 

    Software Security Strategies (January 9, 2008)
    http://www.darkreading.com/document.asp?doc_id=142829 

    Want Turns to Need (April 20, 2007)
    http://www.darkreading.com/document.asp?doc_id=122253 

    Other articles by Gary McGraw:
    http://www.cigital.com/~gem/writings/

    • ESAF Registration

      Registration is now open.