Applications & Development
Applications and Development sessions should focus on topics related to the secure development, implementation and operation of packaged and custom-developed applications, whether they are legacy, Web-based, or other (e.g., peer-to-peer). Related sessions include applied cryptography.
Business of Security
Business of Security covers emerging technology/business trends and market manoeuvres, with strong emphasis on new developments and how the business environment will be impacted. This topic will be of special interest to senior business and information security executives. Sessions also could include non-implementation issues about the security industry, such as strategic trends, financing (e.g., VC investment in security start-ups) and broad service offerings such as auditing and systems integration.
Cloud Security & Virtualization
Security topics include cloud vendor Service Level Agreements (SLAs), security architecture in the cloud, cloud security governance, issues involved in migrating to the cloud, cloud security risks, cloud security related case studies, security architecture in the cloud, and related topics. Virtualization security topics include deployment models, VM integrity, virtualization security architecture, and other related topics.
Cyberwarfare & Cybercrime
Cybercrime and Cyberwarfare sessions could include case studies, new cybercrime activities, the underground economy, emerging cybercrime or cyberwarfare threats, defenses, and business models for cyber criminals. One goal of this topic area is to help lift the veil on what is happening in the underground attacker community and provide actionable information to security professionals. Another goal is to explore the growing threat of cyberwarfare.
Data Security covers strategies, practices, and technologies to classify, track, and protect sensitive data. Sessions could include developments in Data Leakage Prevention (DLP), new threats to sensitive data, and managing data strategically across the enterprise, with partners, with outsourcers and with users.
Endpoint security has become a huge challenge for enterprises. Employee machines typically have to balance multiple agents, antivirus software, and a range of applications. Sessions should focus on defending endpoints. Topics included antivirus, anti-spyware, host-based security technologies, patch management and securing personal devices in the enterprise (consumerisation). Additional sessions could focus on protecting machines and the enterprise against the careless or clueless insiders that make poor security choices.
Enterprise Defence sessions should focus on more efficient ways to protect corporate assets from unwanted intrusion. Sessions should cover big-picture issues involved in defending the enterprise such as coordinating with partners and vendors and building a defense-in-depth architecture.
European Policy & Legislation
European Policy & Legislation topics should cover European specific current and emerging regulations, legislation, privacy, security, law enforcement, and government procurement issues.
Governance, Risk & Compliance
GRC topics cover risk management frameworks and how to better quantify and manage risk. Compliance topics should include standards such as PCI, Sarbanes Oxley and others. Sessions on governance can include how to effectively communicate and enforce policies and standards in the enterprise.
Hackers & Threats
Hackers and Threats sessions should be technically advanced and include discussions about social engineering (spam, phishing, pharming, etc.), vulnerabilities and/or exploits that are in the wild.
Identity Management covers issues of access control, authentication, identification technologies & protocols. Sessions on Identity and Access Management (IAM) fit here, along with sessions on IAM standards and architecture. This topic also covers issues such as credential management, multifactor authentication and new methods of authentication.
Security and the battle for justice go hand-in-hand. Topics in Law range from unintended consequences due to legislation and legal rulings, to liability from negligence claims by private litigants.
Sessions should focus on the mobile devices that form the edges of the enterprise and their applications. Topics include management of mobile devices, mobile malware, and how consumerisation impacts mobile security.
Network Security sessions should focus on the security of the network infrastructure. Topics include network monitoring, intrusion prevention, firewalls, new threats to networks, information on DoS and DDoS attacks and other emerging issues in network security.
Physical Security & Critical Infrastructure
Physical Security should include topics such as video surveillance and analytics. Critical infrastructure protection topics include SCADA and distributed/process control systems.
Policy & Government
Policies and requirements promulgated by government entities impact information security in both the public and private sector. Topics should cover current and emerging regulations, legislation, national security, law enforcement, and government procurement issues applicable at the local, national and international levels.
Privacy has become one of the most interesting areas in corporate governance and security. Topics can include building a privacy programme, establishing privacy standards, legal/governance aspects of privacy, privacy enhancing technologies and emerging threats to privacy.
Professional Development covers individuals’ technical and business/management training and career development, as well as staff and personnel management.
Research Revealed sessions should cover advanced technical sessions that detail security research which is pushing the boundaries of IT Security. Sessions should address the underground economy, new classes of vulnerabilities, exploitation techniques, reverse engineering and how to combat these problems.
Security awareness is an important aspect of overall enterprise defense. Sessions should be related to building, deploying and measuring the effectiveness of security awareness programs. Sessions can include new approaches to security awareness, case studies of security awareness programs and techniques for building a security-savvy culture.
The rise of social networking has created both new opportunities and new security risks for businesses. Sessions should cover emerging social networking risks as well as strategies and techniques for managing those risks in the enterprise. Topics can include corporate social networking policies, exploitation techniques for data available through social networks, risk mitigation techniques, Open Source Intelligence (OSINT) tools and techniques, and defences against attackers that are mining and correlating data available through social networks.
Strategy and Architecture
This topic covers architectural and strategic planning considerations for the deployment of security-enabled technologies, as well as trends in emerging technologies, aligning security to other business units, and security metrics. Sessions should cover research, implementation and deployment of solutions for enterprise rights management, forensics, and other enterprise security-related issues, as well as vulnerability assessments and penetration testing.
War Stories address real-world enterprise security challenges. Sessions should include case studies that detail challenges, issues, resolutions, lessons learned and recommended best practices.
Wireless Security sessions are for IT professionals and developers deploying or creating wireless or embedded applications and infrastructures. Sessions should focus on new developments in wireless networks LANs, embedded security technologies and securing wireless devices.
The Call for Speakers is now open and will close Friday 18th May. View Tips for Submission or submit now.
Mark your calendars for RSA Conference Europe 2013 taking place in Amsterdam from 29th to 31st October.