Hear from IT leaders and industry experts in more than 100 sessions at the leading business technology event.
Chief Technology Officer, Emagined Security
Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 120 published papers. Gene was the Editor-in-Chief of _Computers and Security_ from 2002 - 2007, is currently on the editorial board for this journal, and is an associate editor of _Network Security_. He is also a SANS instructor, member of the SANS NewsBites editorial board, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. A Distinguished Fellow of the Information Systems Security Association (ISSA), Gene has also been named to the ISSA Hall of Fame and has received ISSA's Professional Achievement and Honor Roll Awards. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.
IT security technology is extremely dynamic in nature. Not only do new and improved security technologies constantly emerge, but some technologies become increasingly prevalent, whereas others fall by the wayside. Furthermore, many information security experts believe that we have been using the same basic security measures over the last 20 years and that this is one of the major reasons for the growing gap between actual risk and managed risk. The technology arena is not excepted from this view. Because technology is so critical in mitigating information security-related risk, keeping in touch with security technologies (especially new and emerging ones), understanding their real functionality, capabilities, limitations, and potential for improvement despite all the hype that surrounds them, understanding environments and contexts in which they are most likely to be successful, and learning how to develop an effective strategy for deploying and phasing in these technologies is essential.
This one-day course will cover four extremely critical security technologies: network security, cloud computing, virtualization, and intrusion detection technology. The course will present a realistic view of each technology and will then delve into security issues related to each one.
* Network security
* Cloud computing
* Virtualization and security
* Intrusion detection technology
You Will Learn
* The major types of current and emerging threats against network security and how the network threat landscape has changed over the last few years
* Major kinds of network security technologies (with an emphasis upon new and emerging technologies), how each can help protect against network attacks, and limitations of each
* How to develop and implement an effective network security strategy
* The nature and benefits of cloud computing, including the types of cloud services that are available
* Security risks in cloud services and available control measures (where they exist)
* Likely future developments in cloud computing and their probable impact upon security
* How to develop an effective strategy for mitigating cloud-related security risk
* What virtualization is and how virtualization works
* Major types of virtualization
* Benefits and downsides (especially from a security perspective) of virtualization
* Controls that counter virtualization-related security risk
* How virtualization technology is likely to evolve over time and the probable impact upon information security
* How to develop an effective strategy for mitigating virtualization-related security risk
* What intrusion detection is and how it works
* The major approaches to intrusion detection
* What is right and what is wrong with today’s intrusion detection technology
* How SIEM technology helps compensate for limitations in today’s intrusion detection technology
* Intrusion detection in the future
* How auditors need to approach auditing today’s new and emerging technology deployments
Who Should Attend
* IT staff members (especially system and network administrators)
* Information security specialists
* Managers and executives who need to know “what’s up and what’s coming down the pipe” in information security technology