Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

9:00am -10:00am

Designing & Implementing a Comprehensive Patch/Vulnerability Management Process

Richard Linke, Former Global Security Patch Management, Kraft Foods

Patching and managing vulnerabilities requires a well thought-out process that aligns to the business needs of the enterprise and provides a solid framework for the IT department to follow.  The goal is to have a system in place that helps to reduce the time and money invested in dealing with vulnerabilities and the potential exploitation of these vulnerabilities within the enterprise.

In this session attendees will learn a recommended process that Security Managers as well as Systems & Network Administrators can follow to ease the burden and risk of ineffective patch & vulnerability management.

This will include:

• How to create a patch & vulnerability management group

• How to determine the responsibilities of this group

• How to create a system inventory

• How to prioritize IT resources

• How to implement the process

• Virtualization’s impact on the process

• How to patch after a security compromise

10:00am -10:30am - Refreshment Break

10:30am - 11:30am

Vulnerability and Patch Management…from the Hacker's Perspective
Eric Schultze, Chief Technology Officer, Shavlik Technologies

11:30am - 12:30pm

Business Rationale for Patching Computer Systems

Danny Harris, Manager of Information Security Policy and Awareness, The Aon Corporation

This session will focus on the rationale for patching computer systems, with an emphasis on improving security and reliability. We will discuss how the security threatscape has dramatically changed by examining a number of real-world attacks and the implications for business. In addition, other factors such as regulatory requirements, due care, and good business practices need to be considered among the criteria for patching systems.
 

12:30pm - 1:30pm Luncheon

1:30pm - 2:30pm

Penetration Testing: How to Determine if Your Security Investments are Effectively Detecting and Preventing Attacks

Billy Austin, Chief Security Officer of SAINT Corporation

Penetration testing has become an essential part of assessing and improving the security of an enterprise or organization's network.  The goal of a penetration test is to assess the overall security of a network by attempting to compromise that system using an attacker's techniques.  Only performing a vulnerability scan is passive and does not address the implications of a successful intrusion.  It only lists what the potential vulnerabilities may be without probing deeper to reveal the true threats to assets.  Further, it identifies the problems which may have already occurred rather than evaluating against a real attack like penetration testing does.  A penetration test, on the other hand, is active, in that it is able to attack a system and measure its readiness.  Penetration testing delivers results that goes beyond the data yielded by a vulnerability assessment in that it's an authorized attempt to breach the architecture of a system using attacker techniques.  With a penetration test, you actually exploit vulnerabilities in your network and try to replicate the kinds of access a hacker could achieve. 

During this session attendees will learn:

• The fundamentals of penetration testing and why it is becoming increasingly important

• The critical difference between vulnerability scanning and penetration testing

• How to determine if your current security investments are detecting and preventing attacks

2:30pm - 3:00pm - Refreshment Break

3:00pm - 4:00pm

Strategies for Securing Legacy Servers

Jon Miller, Senior Security Consultant, Accuvant

4:00pm - 5:00pm

Strategic Framework of Vulnerability Management

Joshua Shi, Security Architect, TransUnion

This presentation will outline a framework for implementing a vulnerability management program.  Topics covered will include items/issues to be aware of as you architect a vulnerability management framework specifically for your organization.    This presentation will also cover reporting for all levels of your organization, including how to gather and report on meaningful metrics that can be used to track progress for remediation of vulnerabilities throughout your environment.  The framework presented has proven to be effective in environments varying in size from dozens to tens of thousands of hosts. Free and commercial product usage will be discussed as they relate to the frameworks.

What You Will Learn

• This one day conference will provide IT departments with an understanding of the following:

• How to develop an efficient and effective patch management process

• How to update your current patch management framework

• Creating a system inventory

• How to align vulnerability management with incident resolution

• How to implement an effective patch management solution

• How to patch an entire server farm

• How to patch in a virtualization environment

• How to monitor vulnerabilities, remediation and treats

• Prioritizing, deploying, & testing remediations

• Taking it to the next level: How to take your patch management process and build into effective vulnerability management

• How to develop and implement metrics

• How to convert volumes of IT vulnerabilities into business risk exposure analysis

• How to insure compliance with industry regulations

• How other IT departments have worked through their patch management challenges

Conference price : $199 per person.

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.