Menu

Picking Out Peer-2-Peer Sessions at RSAC 2015

It’s easy to overlook Peer-2-Peer sessions when making your plans, which is a pity. Think about it—you will be digging into a topic you really care about in a room with like-minded peers and a facilitator. We asked each session facilitator to provide a short summary to help you decide which ones to attend this year. 

This post highlights seven P2P sessions (Scroll down for answers). Links to other session summaries are at the bottom of the page.
Peer-2-Peer at RSAC

  1. Cybersecurity Framework - Adoption Experiences and Challenges
  2. Incident Response Tabletop Meet n’ Swap
  3. Secure Agile Development: Why Can’t We All Get Along? 
  4. If your company were to have a breach today, would they know what to say and who will say it? 
  5. US vs EU Privacy Cage Match - Adapting to Changing Data Protection Laws 
  6. Doing Security Response with your Cloud Service Provider 
  7. Should 2015 be the year we ditch information security certifications?  

We also included some questions to get you started thinking so that you come to the session prepared.

Cybersecurity Framework - Adoption Experiences and Challenges (P2P-T09C)
Who should attend?
This session is for those responsible for cybersecurity risk management in the sixteen critical infrastructure segments of the U.S. economy: Chemical; Commercial Facilities; Communications; Critical Manufacturing; Dams; Defense Industrial Base; Emergency Service; Energy; Financial Service; Food and Agriculture; Government Facilities; Healthcare and Public Health; Information Technology; Nuclear Reactors, Materials, and Waste; Transportation Systems; Water and Wastewater Systems. Anyone interested in leveraging the cyber security Framework (CSF) practices to enhance the organization’s cyber-risk posture are also welcome, says Timothy Shea, from RSA Security’s Global Public Sector group and session facilitator. 

Why is this topic important?
The CSF addresses standards, guidelines, and best practices to promote the protection of information and information systems, particularly within the critical infrastructure community. Adoption of the CSF enables realization of its benefits, including: Alignment of BU (or industry) efforts to one taxonomy; Define roadmap (Gap analysis and action plan); Highlight dependency of supply chain in BoD speak and; Demonstrate Due care.

What should attendees think about?
If the attendee has already adopted the Cybersecurity Framework, let’s discuss what lessons they’ve learned. If the attendee is still considering adopting the Cybersecurity Framework, what are the two questions they would like to ask those who have adopted the Framework? 

What will attendees walk away with after the session?
The attendee will walk away with at least one new idea or concept which will help them adopt the CSF or realize additional value from their implementation of the CSF. 

Incident Response Tabletop Meet n’ Swap (P2P-T09D)
Who should attend?
This P2P session will benefit incident response team managers or leads, those who are responsible for authoring and implementing incident response plans and policies.  Target attendees also include those "one-person" shops, a sole individual is tasked with the entire IR for their organization.

Why is this topic important?
With the increased focus on strengthening incident response capabilities, IR managers benefit immensely from "bird of a feather" meetups with fellow professionals.  Tabletop exercises, critical for IR teams, are realistic walk-throughs organizations use to test their current IR policies and procedures prior to an major incident.  This session will bring the key players together to discuss what works in conducting effective tabletops and how to avoid common pitfalls that can derail this collaborative effort, says Alissa Torres, a certified instructor with the SANS Institute and the facilitator of this session.

What should attendees think about?
Prepare for this session by considering your experiences, good and bad, with your in-house mock tabletops and questions you will ask of others with similar objectives.

What will attendees walk away with after the session?
Not only will attendees leave with new contacts with other IR professionals from various organizations and industries, each attendee with receive sample tabletop templates to help with delivering a mock walk-through from the ground up.

Secure Agile Development: Why Can’t We All Get Along? (P2P-T10A)
Who should attend?
This session is for security practioners, software developers, Srum Masters, and development managers. 

Why is this topic important?
“Agile is designed to keep outsiders out—and that means security practitioners, “says Adrian Lane, CTO of Securosis. There are tips for security professionals to have influence and within the developer’s model. Secure code development is really hard and Agile frameworks can make it harder. The discussion will include a couple common pitfalls development teams fall into when it comes to security.

What should attendees think about?
Security practitioners should think about how they communicate with developers today.

What will attendees walk away with after the session?
Lane is hoping for good audience questions. Attendees should walk away with awareness of common issues, and be armed with a handful of practical techniques to work around these issues.

If your company were to have a breach today, would they know what to say and who will say it? (P2P-T10C)
Who should attend?
The ideal attendee should be involved in planning or managing incident response or breach notification. Attendees who are involved with an organizations communications or public relations group will benefit and contribute to the discussion. 

Why is this topic important?
It is not just about having communications, it is about getting the right information out there at the right time, disseminated by the right person. It is about being ahead of social media announcements and reducing the need for damage control. It is about doing it right. “Many security professionals are taught the technical aspects of first responder and incident response. But the management aspect – the management of and communications to stakeholders is not addressed much,” says Robert Shullich, an Enterprise Security Architect at the AMTrust Financial Services and facilitator of this session. The focus on incident response is usually technical in nature, with an objective to determine the “who, what, how, when, and where” a breach occurred, and then recovery from the breach and restoration of operations. But with data breaches, we have breach notification laws. Notification can be a nightmare, and may represent a public relations challenge. A data breach involves crisis management, and the notification involves crisis communications. Then focus of this P2P session is intended to be on crisis communications, i.e. what and how to communicate to the stakeholders, and who does that communications.

What should attendees think about?
Attendees may not be able to share these answers, but they should be aware of these questions:

  • Does your organization have a crisis communications plan and a public relations department or group, in place?
  • Does your organization use external entities (Law Firms, Public Relations Firms) to develop the plans, or provide consulting and best practices advice?
  • Does your organization believe that a breach is coming, that a breach is in progress, or head in the sand (a breach will never happen to us)?
  • Has your organization had a breach that required notification? If so, how was it handled?
  • If a breach within your organization should occur: Who will be the spokesperson for the organization? Has that been already determined?
  • Does everyone in the organization know where to refer any inquiries? Does everyone in the organization know what can and can’t be said to outsiders?
  • Does your organization have public facing social media accounts? Are they moderated? If there is a breach, can someone provide breach information through those accounts? Is that being properly controlled and censored?
  • Does your organization (either internally or through a 3rd party) monitor social media outlets looking for publication of any information about your organization (good or bad) so that all negative information can be intercepted as soon as possible and required damage control can be implemented? 

What will attendees walk away with after the session?
P2P sessions let attendees see what their counterparts in the industry are doing. Attendees after this session should be able to go back to their organization and begin a discussion regarding whether they are prepared for a data breach and how they will handle it. They would be able to bring specific ideas to that discussion, including how other organizations are doing it.  “Hopefully attendees will accept that preparation and planning are needed, and that trying to put these things in place after the breach is discovered will be too late,” says Shullich.

US vs EU Privacy Cage Match - Adapting to Changing Data Protection Laws (P2P-T10D)
Who should attend?
The EU data privacy changes impact organizations that either operate in Europe or process data from EU countries.  This session benefits attendees responsible for handling consumer data in that context.  This includes security managers responsible for data security, consultants or executives negotiating business agreements in the EU, or public-sector liaisons. 

Why is this topic important?
This session is important because it explores the consequences of a global community on the way we protect data while ensuring privacy. “Privacy is fundamental value.  How a society responds to new technological innovation that challenge privacy—that is the trick,” said Trevor Hughes in 20 in 2014: The Top Privacy Issues to Watch.  “Our challenge is to use our technological prowess to facilitate the reconciliation of our disparate views on data privacy,” says Steven Fox, the senior cybersecurity officer at the Internal Revenue Service and the facilitator of this session. 

What should attendees think about?
Attendees should consider that the EU views privacy as an individual right.  The USA, in contrast, has a market-based approach to addressing data privacy.  This fundamental difference impacts the selection of data protection technologies, security policies, and governance models.  The evolving changes in EU data protection regulations are a reaction to both increasing global commerce and concerns over data surveillance.

What will attendees walk away with after the session?
Attendees will leave the session with actionable steps on how to prepare for the changes in EU data protection regulations.  This includes tips for policy/procedure reviews, and tips for communicating with data subjects and third-party processors.  Lastly, they will understand the conflicts underlying the changing face of international commerce.

Doing Security Response with your Cloud Service Provider (P2P-W01B)
Who should attend?
This session is for enterprises/organizations who are using cloud services or are considering using cloud services who want to understand how cloud service providers protect and respond to cyber threats we face today. CISOs, SOC, Managers, Incident Responders and Information security staff would benefit most from these discussions.

Why is this topic important?
Organizations are using, or considering using, cloud services and have security and other concerns. They are interested in how they will meet their security and compliance requirements and how security response in a cloud services environment will differ from what they are used t with traditional on-premises IT.

What should attendees think about?
Some questions to think about include: Once you move to a cloud service environment, how will you do incident response? How do I work with my cloud service provider during a security incident? How does my cloud service provider help me be secure and meet my compliance obligations? 

What will attendees walk away with after the session?
“I am hoping to get enterprises thinking about security response and how it is different when some or all of your IT services are hosted in the cloud,” says Jerry Cochran, Principal security engineering manager at Microsoft and facilitator of this session. “I am hoping to spur proactive thinking and action that encourages people to think about these issues and questions preemptively.” 

Should 2015 be the year we ditch information security certifications? (P2P-W01C)
Who should attend?
The attendees should be middle management or technical directors looking for strategic information to use. 

Why is this topic important?
“Far too many people in the industry focus on certifications, and not enough on real world experience.  HR needs to understand the limits of certifications,” says Ben Rothke, a senior eGRC consultant with The Nettitude Group and facilitator of this session.

What should attendees think about?
Attendees should think about why they get so worked up about the value of the CISSP certification, when it is in fact the lowest hanging fruit, Rothke says. 

What will attendees walk away with after the session?
“That experience is all that matters.  Certifications just look pretty,” Rothke says. 

Check out P2P sessions in parts onetwothreefourfive, and six. We look forward to seeing you in San Francisco!

← View more Blogs

This document was retrieved from http://www.rsaconference.com/blogs/picking-out-peer-2-peer-sessions-at-rsac-2015 on Thu, 30 Mar 2017 16:29:55 -0400.
© 2017 EMC Corporation. All rights reserved.