Application Security focuses on topics related to the secure design, development, implementation and operation of packaged and custom-developed applications. Given the increasing use of applications outside the enterprise via the web and cloud computing infrastructures, this track will cover current threats and preventive measures. This track also includes sessions on the management of application security programs, the economics of application security, and case studies of application program implementations.
Association Special Topics
Navigate the association landscape and learn about opportunities in training, best practices, credentialing, special programs and career development from leaders in the field.
Breaking Research - NEW
You won’t find slides for this session online. We don’t even know what topics it will cover. This half track is dedicated to the hottest research and most pressing threats as of the conference week. Learn from top researchers in our field. What are tomorrow’s threats? What sits on the horizon of information security? This track looks behind the scenes at the underpinnings of the biggest threats and solutions in information security.
Cloud & Virtualization Security
Cloud Security includes security architecture in the cloud, cloud security governance, issues involved in migrating to the cloud, cloud security risks, vendor Service Level Agreements (SLAs), cloud security related case studies and related topics. This half track also includes sessions on the security aspects of virtualization such as deployment models, VM integrity, virtualization security architecture, and other related topics.
Data Security & Privacy
Data Security covers strategies, practices, and technologies to classify, track, and protect sensitive data. Sessions include developments in Data Leakage Prevention (DLP), database security, data classification, new threats to sensitive data, and managing data strategically across the enterprise, with partners, with outsourcers and with users. Privacy issues, trends, regulations and strategies are a key element of this track. Related sessions include applied cryptography.
Enterprise Defense - NEW
Enterprise Defense covers the policy, planning, and emerging areas of enterprise security architecture and strategy. This track includes advanced sessions on ways to protect corporate assets from unwanted intrusion, vulnerability research, forensics, security policies, security assessment, and bridges the disciplines of data security, network security, access control and threat management.
Governance, Risk & Compliance
This track includes talks on enterprise risk management, compliance and governance. It covers the creation and implementation of risk management frameworks and includes sessions on how to better quantify and manage risk. You will also find compliance-related sessions on standards such as PCI, Sarbanes Oxley, HIPAA, GLBA and others. Sessions on governance cover how to effectively communicate and enforce policies and standards in the enterprise.
Hackers & Threats
Hackers and Threats sessions are technically advanced and include discussions about threats, vulnerabilities and/or exploits that are in the wild. These two tracks also cover security research that is pushing the boundaries of IT Security. Sessions in these tracks will include the processes, techniques and challenges of responding to an actual incident as well as information sharing, threat intelligence and intelligence-driven security. You will also find sessions on the underground economy, advanced threats, new classes of vulnerabilities, exploitation techniques, reverse engineering and how to combat these problems.
Human Element - NEW
The Human Element is becoming a key frontier for security. This half track will cover insider threats, social networking, social engineering and security awareness programs. Sessions in this track will also explore how people make trust choices with technology, innovative ways to secure the human and how some classic attacks are being reimagined to include a human element. This track will also include sessions that cover behavioral approaches to information security.
Identity & Access Management - NEW
This half track will cover the processes, technologies and policies for managing digital identities, their authentication, authorization, roles, and privileges/permissions within or across system and enterprise boundaries and controlling how identities can be used to access resources.
Listen to leading information security professionals talk about today's most pressing matters.
Security and the battle for justice go hand-in-hand. Topics in Law range from unintended consequences due to legislation and legal rulings, to liability from negligence claims by private litigants.
This track tackles the security of mobile devices in the enterprise. Sessions focus on managing employee-owned devices, smartphone/tablet security, and mobile security policies. In this track you'll find information on, mobile malware, handling eDiscovery on employee-owned devices, mobile application threats, managing consumerization, and emerging threats to mobile devices and mobile workers.
Policy & Government
Cyber security has become a major national and economic security issue. Governments around the globe are developing and implementing strategies, policies, mandates and risk management processes that affect security professionals in both the public and private sectors. Topics in this track will include legislation, military and law enforcement initiatives and coordination, APTs, active defense, critical infrastructure protection and the role of government, cloud security, and government procurement issues.
Professional Development(Monday afternoon)
Professional Development covers individuals’ technical and business/management training and career development, as well as staff and personnel management. This track is scheduled for Monday afternoon.
Security Trends & Innovation – NEW
Security Trends covers emerging technology/business trends and market maneuvers, with strong emphasis on new developments and how the business environment will be impacted. This half track will be of special interest to senior business and information security executives as well as security management responsible for strategic planning. Sessions also include non-implementation issues about the security industry, such as strategic trends, financing (e.g., VC investment in security start-ups) and broad service offerings such as auditing and systems integration. This track also contains forward-looking sessions that help organizations prepare for coming changes in the IT security ecosystem.
Sponsor Case Studies
Learn innovative best practices from case studies based on successful strategies, delivered and discussed by leading edge companies.
Technology Infrastructure covers network and endpoint security, IDS/IPS and physical security. You can consider this track as focusing on the core elements of security architecture. Many sessions in this track are highly technical and dive deep into a particular area. These sessions will cover the latest trends and experiences in building systems that are resilient to attack.
General Interest - Used for strategic sessions or sessions introducing new technologies or concepts.
Intermediate - Focused on principles and concepts related to the track that would appeal to attendees with more than 5 years of experience.
Advanced - Geared toward attendees with deep subject knowledge related to the track with 10 or more years of experience.