Advertise on ITWeb         Tue, 07 Dec, 16:58:50 PM

Practical Security: Solutions for challenging times
Don't miss out, book your seat today!

Dates: 11 - 13 May 2010

Venue: Sandton Convention Centre

DAY 1: 11 May 2010 (Tuesday)
The business of security – Threat horizon 2010 and beyond, legislation (PPI), risk, compliance, standards (PCI), security metrics, social networking, web application security, web services, web 2.0 and more.

Click here for day one speaker synopsis and biographies


08:15 Welcome from ITWeb
Ranka Jovanovic,
Editorial Director, ITWeb
08:20 Opening Address from the Conference Chair
Bruce Whitfield
, Journalist, TV and Radio Presenter, 702
08:25 Conference overview – Security in 2010: where are we now?
Charl van der Walt
Johann van der Merwe
Security Advisory Competency Leader
Dominic White
08:45 The road less travelled: when security meets business
Pat Pather, Director - GSO Security, Standard Bank
  Many CISOs struggle to articulate the value of their security programs and justify the security budget to business and executive management, even more so during economic downturns. In this talk Pat Pather explores the do's and don'ts of creating a strategic security program and examines strategies to align security with the business. He will hare his views on managing security in tough economic times, whilst ensuring you meet compliance requirements AND service demands of the business.
Strategies to align security with the business
How to build a strategic security program
Managing security in tough economic times
Ensuring you meet compliance requirements AND service demands
09:55 From TIA to Google: Modern threats to privacy
Moxie Marlinspike, Independent Computer Security Researcher
  A lot has changed since discussions around digital privacy began. The security community won the war for strong cryptography; anonymous darknets that presumably make the eradication of information impossible have been successfully deployed, and much of the communications infrastructure has been decentralised. These strategies were carefully conceived while planning for the most dystopian visions of the future imaginable, and yet somehow they've fallen short of delivering us from the most pernicious privacy threats today. Rather than a centralised state-backed database of all our movements, modern threats to privacy have become something much more subtle, and perhaps all the more sinister. This talk will explore these evolving trends and discuss some interesting solutions in the works.
The evolution of modern threats to privacy
A look at interesting solutions that are in the works
10:40 Protecting customers from online threats: The Paypal perspective
Allison Miller,
Group Product Manager, Account Risk at PayPal, an eBay company
  In this talk we'll discuss threats and attacks targeting end users such as social engineering, credential theft, malware, spam & abuse -- and the resulting problems like account takeovers, botnet activity, privacy leaks, and identity theft. We will look at some recent case studies where customers have been targeted to answer some key questions: What are the downstream impacts of these attacks on individual customers? Does the presence of known vulnerabilities or "safety gaps" have an effect on the reputation of the service provider in economic terms?
Getting a handle on threats and attacks targeting end users
A closer look at the downstream impacts of attacks on individual customers
The effect of known vulnerabilities on the reputation of the service provide
11:25 Protecting your customers assests: What must you do so that you will not need the NPA
Paul Louw, Deputy Director: Public Prosecutions, National Prosecuting Authority
  In this talk, Paul Louw (formerly with the Scorpions and now the NPA), takes a closer look at exactly where law enforcement in South Africa is at now, with some ideas of how we can improve their effectiveness, as well as the growing importance of public/private partnerships between banks and law enforcement. He will share overview of the crime threat SA business has faced since 2005, focusing on the current problem of "business on-line fraud" where the banks and/or their clients were bleeding millions during 2009. He will also draw a comparison between SA's current state of affairs and the USA where Pres Obama's strong focus on information security prompted last year's “clean slate” review of the effectiveness of legislation, strategic plans and more.
The crime threat SA business has faced since 2005
Law enforcement in South Africa in 2010
SA vs the US: A global perspective on effective legislation
What can be done to improve the effectiveness of SA's law enforcement
Pro-active investigations to combat cybercrime
The use of financial information as an investigative tool
(T1) TRACK 1: Information Security Management
  Within organisations, security fits a business function. Tasks associated with business management and policy-related guidelines take up a significant amount of attention for CISOs. This track helps security professionals prioritise, better understand and provide guidance around important topics, such as PCI, privacy, compliance and how to measure the business value of security. These timely topics will be of value to security personnel at all levels.
(T2) TRACK 2: Emerging Threats / Risk Planning
  Emerging threats and risk planning go hand in hand, as you can't map out your business risk without a firm understanding of the wide variety of threats faced by your organisation. Sessions in this track will focus on the risk planning and mitigation theme, as well as the latest emerging threats faced by organisations, and the best practices implemented to thwart them. Topics discussed will include secure coding, risk assessments, as well as dangerous attack vectors. This track is of value to all in the profession, but particularly to those needing to know more about what the bad guys are up to.
(T3) TRACK 3: Web/Application Security
  This track focuses on web application security and offers a deeper dive for the more technical security and IT professionals at the conference. More emphasis will be given on technical aspects of web security, threats and vulnerabilities, as well as relevant solutions, as opposed to the more executive focused content in the other two tracks.

  TRACK 1: Information Security Management

(T1) The security implications of the PPI bill: an end user's perspective
Ritasha Jethva
, Head - Information Privacy, ABSA
Practical insight into the Protection of Personal Information Bill
PPI and security: what it means for a typical end-user
(T1) Getting PCI Compliant: The VISA story
Bryce Thorrold
, Country Risk Manager, Africa at Visa
PCI basics and compliance challenges
Exploiting PCI's opportunities and improving business performance with PCI DSS
Suggestions for a smooth PCI implementation
Measuring PCI performance gains
(T1) How to future-proof your compliance program
Kris Budnik
, CSO, Edcon
The current environment and what may be anticipated in the years to come
Strategies to address all various compliance requirements
How to develop best practices that meet or exceed regulatory requirements
How to plan for the “next wave” of compliance demands
(T1) The nice thing about standards is that there are so many to choose from
Allen Baranov
, Security Analyst, South African Breweries
The history and philosophy of the various standards driving security
The inside track on current debates around certifications, standards and GRC
From PCI to ISO: what are they for and how to handle them
The relevance of standards in practice
(T1) Measuring Security Effectively
Tony Stephanou, CSO, T-Systems
What is wrong with the way we currently measure and view security
What makes a good and bad metric
How to measure security activities using practical methods and measures
Using data to convey a meaningful message to organisations
An assessment of effective measurement practices in use today

  TRACK 2: Emerging Threats / Risk Planning

(T2) Why business needs to have security and IT control frameworks in place
David Volschenk, Principal Consultant - IT Risk and Security Services, Ernst & Young
Justin Williams
, Senior Manager, Ernst & Young
David Volschenk Justin Williams
An analysis of benefits and challenges in the implementation of security and IT control frameworks
Best practice approaches for implementing an effective and sustainable information security risk management framework
A broad approach for the development and implementation of an integrated framework, drawing on practical experience
Best practices and regulatory requirements, based on theoretical research and global experiences
Threat Horizon 2010 and beyond: Information security-related threats of the future
Simon Leech
, Technical Director EMEA, Tipping Point
The dynamic nature of internet attack vectors
How geographic location influences the type of attacks that we see
The importance of a virtual patching approach to network security
How to design an IPS infrastructure to protect an enterprise’s most important assets
(T2) Making mobile security work for the business: Strategies to limit risk and protect your mobile assets
Nader Henein, Security Advisory, BlackBerry Security Group, Research In Motion
Importance of mobile security
Emerging mobile security challenges
Critical balance: security versus usability
Being ready for the next cloud
Critical information management
(T2) Can turing prevent man-in-the-middle attacks on Online Banking?
Dr. Frans Lategan,
Security Consultant, ABSA
The evolving threat posed by man-in-the-middle attacks
How to turn the human-ness of users against cyber criminals
Exploring the use of a Turing test on logon to detect unlawful access
(T2) The state of information security: how today's trends are likely to affect the future of security
Tony Olivier, Manager, GSO Strategy and Architecture, Standard Bank;
Helaine Leggat, Senior Corporate Legal Advisor, Chetty Law;
Matt Erasmus
, Host: PubCast: SecFault, DiscussIT
Tony Olivier Helaine Leggat
The IT Security Pubcast and why we the team is "qualified" to comment on Information Security trends
The emerging state of technology attacks and defences
The burgeoning legislative burden and how to position yourself individually and as corporate entities to deal with issues of dynamic change, ahead of law makers
The evolving management problem

  TRACK 3: Web/Application Security

(T3) Surviving the Internet in 2010
Saumil Shah, CEO and Founder, NetSquare Solutions
The state of web security and what is really needed
The role of well-known vulnerabilities and bugs in creating the attack patterns of tomorrow
A critical look at the inherent weaknesses in the underlying web standards
What is really needed to build secure web applications
(T3) From Web 2.0 to Threats 2.0
Stefan Tanase, Senior security researcher, Kaspersky Labs
What exactly is web 2.0?
Why does web 2.0 attract malware authors?
How did malware spread over the internet before web 2.0 and how is it different now?
What are the new attack vectors created by web 2.0 technologies?
What social engineering tactics emerge over the web 2.0 concepts?
How dangerous is the combination of human & technological vulnerabilities?
Are web 2.0 attacks more efficient?
How difficult it is to protect ourselves?
How are web 2.0 threats going to evolve?
(T3) Abusing and leveraging intelligence from Social Media Platforms
Nitesh Dhanjani, Senior Manager, Ernst & Young
Hacking the psyche: Remote behaviour analysis that can be used to construct personality profiles to predict current and future psychological states of targeted individuals, including discussions on how emotional and subconscious states can be discovered even before the target is consciously aware
Techniques on how individuals may be remotely influenced by messaging tactics and how criminal groups and governments may use this capability
Reconnaissance and pillage of private information, including critical data that the victim may not be aware of revealing, and that which may be impossible to protect by definition
Case study on how social platforms are the next-generation operating systems and how a security defect can lead to a compromise of the victim's data
(T3) Built in, not bolted on: web application security done right
Paul van Woudenberg & Theo van Niekerk, ThinkSmart Information Systems and Security
Paul van Woudenberg Theo van Niekerk
Why bolted-on solutions are not long-term answers to web application security
Arguments in favour of a built-in approach to web application security
From theory to practice: Security in the development process and design
Using OWASP resources such as the Development Guide and ESAPI
(T3) A consistent security model for web services
Dominique dHotman
, Manager: Enterprise Architecture, Ooba
The Ooba story: SOA deployment across many different business lines and application types
Practical advice on building WS-* compliant software across the board
How to connect with clients and/or business partners in a simple, secure and standards based fashion
How Ooba's development life-cycle ensures governance and consistent application
  Click here for day one speaker synopsis and biographies
  Click here for day two programme












SecureData offers extended value-add to customers, resellers and vendors alike. Our multi-centric, best-practice security solutions span the perimeter, network, endpoint, storage application and data protection - all supported by SecureData’s highly skilled technical, product, marketing and sales teams, enabling our partners to deliver high-quality security solutions and services.

Who should attend?
Those charged with developing and implementing their organisations' information security programs, including:
> CEOs/Managing Directors
> CIOs / CTOs / CISOs
> Infrastructure Architect / Solutions Architect / Security Architect
> Risk Manager / IT Auditor / Compliance Manager / Business Continuity Managers
> Information Security Manager / Information Risk Manager / Security Risk Manager
> Data Security Professionals

For CISOs and other c-level delegates:
> Engage and participate in an unrivalled information-packed security education programme
> Understand the latest emerging threats and the best practices implemented to thwart them
> Prepare for new regulations that will increase your compliance burden
> Learn how to align security with business requirements
> Sharpen your security strategy and tighten your tactics
> Discover the tools and technologies that will help you make the most out of your security budget
> Better manage all kinds of risk and measure your security performance

What's in it for you?
Whether you're an executive responsible for securing your organisation's assets and infrastructure, an experienced information security professional or a newcomer, the ITWeb Security Summit 2010 will help you to:
> Identify threats: Understand current and potential security threats to their business
> Mitigate risk: Manage the challenge of regulatory compliance, policies and procedures
> Safeguard assets: Protect critical infrastructure through effective security programmes
> Learn what works: Gain first-hand insight into successful security techniques and best practices
> Experience it: Witness demonstrations of hacker tools and techniques, and how to prevent them
> Review options: Explore a diverse range of innovative security products and solutions
> Exchange ideas: Network with peers and industry experts in the field of information security

ITWeb is committed to keeping the Security Summit at the forefront of both local and global trends in IT Security. To achieve this we have enlisted a team of esteemed South African practitioners to assist us in planning for the event. Lead by SensePost, this team's role is to advise us on theme, tracks, topics and speakers and, finally, to review and provide input on talks and papers.