Event Sponsors
Agenda
Thursday, October 2
8:00 am Registration and Continental Breakfast
Financial Ballroom Foyer
9:00 am Opening Remarks
Financial Ballroom 2/3
Dan Srebnick, Associate Commissioner, IT Security & Chief Information Security Officer, Department of Information Technology and Telecommunications (DoITT), City of New York
9:15 am Protection of Data and Privacy - The Leadership Imperative
Financial Ballroom 2/3
Karen Agnifilo, General Counsel, Office of the Criminal Justice Coordinator, City of New York
Anthony Crowell, Special Counselor to the Mayor, City of New York
William Heinzen, Deputy Counselor to the Mayor, City of New York
9:45 am Keynote
Financial Ballroom 2/3
Facing Our Ultimate Threat, or My Girlfriend is Going to Get Me Hacked
Robert Hansen, CEO, Founder, SecTheory
When it comes to security, consumers have been left behind. As web tools encourage more and more social interaction and information sharing, web users are tempted to speed past warnings, click on the cute or the cool, inadvertently give away critical information, and put your entire system at risk. In this funny, informative keynote, you will be challenged to rethink what it means to protect systems and data in the 21st Century.
Mr. Hansen (CISSP) has worked for Digital Island, Exodus Communications and Cable & Wireless in varying roles, from senior security architect to product manager for many of the managed security services product lines. He has also worked at eBay as a Senior Global Product Manager of Trust and Safety, focusing on anti-phishing, anti-DHTML malware and anti-virus strategies.
Robert authors content on O'Reilly and Dark Reading, and co-authored the book, XSS Attacks: Cross Site Scripting Exploits and Defense. He is a member of a NIST.gov focus group and others. He also speaks at SourceBoston, Secure360, Blackhat, DefCon and Networld+Interop.
10:45 am Break
Financial Ballroom Foyer
11:15 am Concurrent Sessions
Policy
What You Know for Sure that Just Ain't So - What Questions You Should be Asking and What the Answers Should Be
Treasury Room
"It ain't what you don't know that gets you into trouble. It's what you know forsure that just ain't so." - Mark Twain
Mark Twain's words are as true today as they were almost 150 years ago. What leaders "know for sure that just ain't so" about cyber security can have disastrous consequences. A common theft put the identity of millions of veterans at risk; just last year, another theft compromised the names and social security numbers of all 64,000 Ohio state employees. Leaders know enough to be concerned. But the language of cyber security professionals is often confusing and confounding. What do you need to know about security? What are the most common myths and misconceptions? In this session, you will learn the answer to these questions and more.
Patricia Titus, Director of Strategic Planning, Unisys Corporation
Technology
Application Security - How Much is Enough?
Financial Ballroom 1
Some estimates hold that 70% or more of applications contain high or medium security vulnerabilities. How do you know when an application is secure enough? What are the steps in the software development life cycle that developers should follow to protect sensitive information and public systems?
In this session, you will learn about best practices and the Build Security In (BSI) program. BSI is headed by the Cyber Security Division (NCSD) of the U.S. Department of Homeland Security. It is a national collaborative effort that provides practices, tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development.
Joe Jarzombek, Director for Software Assurance, National Cyber Security Division, Department of Homeland Security
Greg Neuhaus, Assistant Commissioner, Disaster Recovery, New York City Department of Information Technology and Telecommunications (DoITT), City of New York
Technology
Security and the High Risk User
Seaport Room
Statistics show that one of the biggest security threats to an organization is from the inside. One area of vulnerability is what has been labeled a "high risk user". These users - the system developers, programmers, network managers and technicians - are critical to any IT organization. The challenge is to manage their work in a way that keeps your organization secure and does not hamper their ability to work. In this session you will learn how to:
- Identify your organization's high risk users
- Understand what does your organization needs to do to manage them
- Ensure compliance with governing laws and regulation for users both inside and outside the organization.
Bill Mann, Senior Vice President, Business Security Unit, CA, Inc.
12:15 pm Lunch
Financial Ballroom 2/3
12:50 pm Lunch Keynote
Financial Ballroom 2/3
Will Pelgrin, Director, New York State Office of Cyber Security and Critical Infrastructure Coordination, State of New York
What is in a current threat landscape and what should every executive know in order to address these threats? In this session, William Pelgrin, the Director of the NYS Office of Cyber Security & Critical Infrastructure Coordination and Chair of the Multi-State Information Sharing and Analysis Center, will present a non-technical discussion of these issues. His presentation will highlight some key cyber security initiatives underway in New York State and across the nation, and will explain how these initiatives can help you enhance cyber security readiness and response. He will also provide an overview of the threats to the systems that control our critical infrastructures -- such as electric power generators, traffic signals and dams (SCADA - Supervisory Control and Data Acquisition). The protection of these control systems is of great importance to municipalities, and attendees will learn why they should be concerned and what they can and must do to protect the systems.
1:45 pm General Session
Financial Ballroom 2/3
Situation Room: Data Breach
Modeled on the concept of the White House Situation Room, this session takes the audience through a data breach simulation. We have all heard numerous stories about nightmares faced by public and private organizations after the loss of sensitive information. The odds are against it happening to you, but what if it does? No one wants to be front page news - at least not in this way. It will never be possible to protect 100% of all data, but it is possible to set priorities and to be prepared...and to stay out of the headlines! This thought-provoking session focuses on how to prevent a data breach, how to react to a loss should it occur, and last but not at all least, how and when to disclose it.
Moderator: Alan Cox, Vice President/Executive Director, Government Technology Executive Events
Stan Black, Chief Security Architect, EMC Corporation
Rick Doten, Managing Principal, Professional Security Services, Verizon Business
Lester John, Director, Technical Sales, CA, Inc.
Greg Neuhaus, Assistant Commissioner, Disaster Recovery, Department of Information Technology and Telecommunications (DoITT), City of New York
Patricia Titus, Unisys Corporation
2:30 pm Break and Refreshments
Financial Ballroom Foyer
3:00 pm Concurrent Sessions
Policy
Financial Ballroom 1
Protecting Privacy
Sunshine laws, open records laws, freedom of information acts are all based on the same common principle - constituents have a right to know about their government's processes, decisions, and overall stewardship of the public's resources. Governments have an obligation to provide constituents information about its processes and decisions. Yet governments also have an obligation to protect constituents' privacy. In this digital age, the balancing of these two sometimes competing needs goes beyond technical cyber security. It is a policy discussion of balancing an individual's right to privacy with the public's right to information. The balancing act is perhaps even more complex in an open education environment. This session will explore these important issues, both for education and government, and the role leaders must play in the policy discussion.
Carl Cammarata, Chief Information Security Officer, City University of New York
Technology
Now That We've Got It, How Do We Guard It?
Whether it's through e-health records or online applications for services, governments are collecting and storing ever-increasing amounts of data. What are the critical steps to protecting that data? In this session, you will hear an overview of these steps - from the laws and regulations that impact data protection and privacy, to data identification and classification, to the important technologies that you should be paying attention to.
Stan Black, Chief Security Architect, EMC Corporation
Simon Hunt, Vice President & Chief Technology Officer for Data Protection, Symantec Corporation
Technology
With Access Comes Risk
Seaport Room
Many government agencies and departments are starting to dabble in Web 2.0 tools, eager to embrace the promise of wider collaboration and greater connectivity to the community as a way of helping get the business of government done. However, concerns about protecting public assets - both systems and data - have kept others standing on the sidelines. Traditional approaches to data and system protection, such as firewalls and other system defense are not adequate for these new tools. A new data centric approach is needed to adequately protect systems and data. In this session you will hear a pragmatic approach to both the policy and technical controls needed for a data centric security solution.
Rick Doten, Managing Principal, Professional Security Services, Verizon Business
4:00 pm General Session
Financial Ballroom 2/3
Event Wrap Up
Dan Srebnick, Associate Commissioner, IT Security & Chief Information Security Officer, Department of Information Technology and Telecommunications (DoITT), City of New York
4:30 pm Reception
Financial Ballroom Foyer
Network with your colleagues and discuss technology solutions with the event sponsors.
Conference times, agenda and speakers are subject to change.
Video, Government Articles, Slide Shows, Case Studies, Privacy Policy, News Feeds (RSS), MyGT
twitter
100 Blue Ravine Rd. Folsom, CA 95630.
916-932-1300 Copyright © 1995-2008. All rights reserved.
Government Technology Magazine
Government Technology Magazine provides information technology (IT) case studies, applications, news and best practices for state, city and county government.
Get FREE SubscriptionEmergency Management Magazine
Emergency Management Magazine provides technology news and solutions to the local government authorities that help protect our communities.
Get FREE SubscriptionPublic CIO Magazine
Public CIO Magazine provides technology news and solutions to public sector C-level technology executives.
Get FREE SubscriptionDigital Communities Magazine
Digital Communities Magazine is the premier information source for cities, counties and regions to explore and share experiences and best practices beyond just infrastructure and mobile innovations.
Get FREE Subscription
