Conferences that solve current IT challenges

Patch and Vulnerability Management

Delivering the levels of security, compliance and confidence needed for your extended enterpriseStrategies to help leverage full value from your design and implementation of an effective Business Intelligence framework

February 7, 2008

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

   

Donald E. Stephens Convention Center  Rosemont (O'Hare) Illinois

Overview

The number of vulnerabilities is growing. The timeframe between when a vulnerability is found and when it is exploited has shortened. The urgency to mitigate network vulnerabilities has become more crucial than ever.

What You Will Learn

In this one day conference attendees will learn:

  • How to develop an efficient and effective patch management process
  • How to update your current patch management framework
  • Creating a system inventory
  • How to align vulnerability management with incident resolution
  • How to implement an effective patch management solution
  • How to patch an entire server farm
  • How to patch in a virtualization environment
  • How to monitor vulnerabilities, remediation and treats
  • Prioritizing, deploying, & testing remediations
  • Taking it to the next level: How to take your patch management process and build into effective vulnerability management
  • How to develop and implement metrics
  • How to convert volumes of IT vulnerabilities into business risk exposure analysis
  • How to insure compliance with industry regulations
  • How other IT departments have worked through their patch management challenges

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

 

9:00am-10:00am

Designing & Implementing a Comprehensive Patch/Vulnerability Management Process

Richard Linke, Former Global Security Patch Management, Kraft Foods

According to industry analysts, most users see BI as an IT initiative. This creates challenges in achieving the value of BI. User adoption remains elusive which in turn prevents the best decisions from being made.

In this session attendees will learn:

  • How to design an effective BI/PM framework
  • How to make insightful decisions about significant changes in the business and markets
  • How to develop and implement an effective BI Competency Center
  • How to transform coarse data into actionable intelligence
  • How to leverage BI to drive the decisions necessary for the recovery
  • How to calculate baseline metrics for business intelligence
  • How other IT organizations are helping to make business decisions for the extended enterprise
  • How to make processes more agile with BI

10:00am -10:30am - Refreshment Break

Schultze

10:30am-11:30am

Vulnerability and Patch Management…from the Hacker's Perspective

Eric Schultze, Chief Technology Officer, Shavlik Technologies

This presentation examines methods hackers use to exploit unsecure and unpatched systems to obtain access to protected networks and sensitive information. Through live demos, we'll show how a seemingly secure system can allow unprivileged users complete access to both the system and the network. We will highlight common configuration and design weaknesses in various systems. We will also demonstrate what can happen if you have even one unpatched system on your network. We will discuss ways to identify and remediate poorly configured and unpatched system.

Harris

11:30am-12:30pm

Business Rationale for Patching Computer Systems

Danny Harris, Manager of Information Security Policy and Awareness, The Aon Corporation

This session will focus on the rationale for patching computer systems, with an emphasis on improving security and reliability. We will discuss how the security threatscape has dramatically changed by examining a number of real-world attacks and the implications for business. In addition, other factors such as regulatory requirements, due care, and good business practices need to be considered among the criteria for patching systems.

 

12:30pm - 1:30pm Luncheon

Austin

1:30pm-2:30pm

Penetration Testing: How to Determine if Your Security Investments are Effectively Detecting and Preventing Attacks

Billy Austin, Chief Security Officer of SAINT Corporation

Penetration testing has become an essential part of assessing and improving the security of an enterprise or organization's network. The goal of a penetration test is to assess the overall security of a network by attempting to compromise that system using an attacker's techniques. Only performing a vulnerability scan is passive and does not address the implications of a successful intrusion. It only lists what the potential vulnerabilities may be without probing deeper to reveal the true threats to assets. Further, it identifies the problems which may have already occurred rather than evaluating against a real attack like penetration testing does. A penetration test, on the other hand, is active, in that it is able to attack a system and measure its readiness. Penetration testing delivers results that goes beyond the data yielded by a vulnerability assessment in that it's an authorized attempt to breach the architecture of a system using attacker techniques. With a penetration test, you actually exploit vulnerabilities in your network and try to replicate the kinds of access a hacker could achieve.

During this session attendees will learn:

  • The fundamentals of penetration testing and why it is becoming increasingly important
  • The critical difference between vulnerability scanning and penetration testing
  • How to determine if your current security investments are detecting and preventing attacks

2:30pm - 3:00pm - Refreshment Break

 

3:00pm-4:00pm

Strategies for Securing Legacy Servers

Jon Miller, Senior Security Consultant, Accuvant

All companies have legacy applications and servers, either 3rd party or home-brewed that aren't always conducive to working with the latest security patches. In this presentation we will explore alternatives to conventional patches, that will help prevent server or service compromise without reliance on mainstream vendor binary patching.

 

Shi

4:00pm-5:00pm

Strategic Framework of Vulnerability Management

Joshua Shi, Security Architect, TransUnion

This presentation will outline a framework for implementing a vulnerability management program. Topics covered will include items/issues to be aware of as you architect a vulnerability management framework specifically for your organization. This presentation will also cover reporting for all levels of your organization, including how to gather and report on meaningful metrics that can be used to track progress for remediation of vulnerabilities throughout your environment. The framework presented has proven to be effective in environments varying in size from dozens to tens of thousands of hosts. Free and commercial product usage will be discussed as they relate to the frameworks.


Conference price: $249 per person.


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)˛, Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

  


 
Share Your Expertise Keep in Touch The Conference Center
Submit your speaking proposal or call us at (312) 527-2800 Add yourself to the CAMP IT Conferences mailing list. Directions
Lodging Information
Village of Rosemont
Chicago O'Hare Airport