8:00 am - 9:00 am - Registration and Continental Breakfast

9:00 am-10:00 am
Developing an Efficient and Effective Patch Management Process
that Aligns to the Needs of the Business
Muneer Mubashir, Senior Systems Engineer, BMC Software

The complex nature of today’s IT environments and the ever increasing need for IT to prove its value necessitates IT to operate in a framework conducive to overall strategic business initiatives. A value driven IT organization can only be established when People, Process and Technology are designed to work together in concert. For most companies, automated patch management is no longer the primary concern. Many have implemented some form of an automated patch management solution that automates the download, sorting and distribution of patches. However, for organizations to gain confidence in the patching outcomes a careful analysis of the patch process itself is needed.

This session will discuss the key elements of a robust, repeatable and an efficient Patch Management process based on the ITIL framework by highlighting the following:

·         Aligning patch risk with business requirements

·         Transforming an organization to a value creation mode, instead of the reactive, fire fighting modus operandi

·         Establishing a continuous review and improvement process

·         Alignment with regulatory requirements such as Sarbanes-Oxley

10:00 am - 10:30 am - Refreshment Break

10:30 am-11:30 am
An Overview of Patching Strategies and Their Alternatives
Matt Rodgers, Director, Product Management, Blue Lane Technologies

Patching servers represents a unique challenge. The cost to install a patch on a server is high, interoperability concerns are great, and an incident on a single server can impact untold numbers of users. Despite the challenges, patching servers remains a priority because they represent some of the highest value assets in the infrastructure and typically house the most sensitive and valuable data.

Attendees will be exposed to some useful frameworks to consider when dealing with server patch deployments and will be presented with an overview of the current alternatives to patching.

11:30 am - 12:30 pm
Business Rationale for Patching Computer Systems
Daniel M. Harris, Manager of Information Security Policy and Strategic Development / The Americas, The Aon Corporation

This session will focus on the rationale for patching computer systems, with an emphasis on improving security and reliability. We will discuss how the security threatscape has dramatically changed by examining a number of real-world attacks and the implications for business. In addition, other factors such as regulatory requirements, due care, and good business practices need to be considered among the criteria for patching systems. 

Danny will provide the audience with an astonishing series of security statistics as to how businesses have suffered losses as a result of not patching early and often.

12:30 pm - 1:30 pm - Luncheon

1:30 pm-2:30 pm
Strategies for Balancing IT & Security with Regulatory Compliance
Paulette Hradnansky, Director, Information Security Operations, Motorola

Corporations are now being held to much stricter standards with respect to information security.   This presents the challenge of making security much too restrictive and cumbersome to manage.  As a security and IT practitioner, how do you find a balance between security and usability?  How do you make sure you are adhering to regulatory compliance and at the same time managing your organization’s internal needs of effective risk management, operational integrity and service management?

2:30 pm - 3:00 pm Refreshment Break

3:00 pm-4:00 pm
Designing a Security Management Framework to Reduce Risk for IT Vulnerabilities in Real-Time
Jim Resch, Director of Security Management Solutions, BigFix, Inc.

Lacking an effective vulnerability and security configuration management framework, many organizations discover their current systems management and applications management IT infrastructure is inadequate in protecting critical assets, data, and intellectual property only after suffering the costly and embarrassing consequences of a security breach. 

In this session, you will learn that the key to developing a robust vulnerability management framework lies in three core competencies – real-time asset discovery and visibility, holistic software and security life-cycle management approach, and continuous policy-based enforcement for compliance across your entire IT infrastructure.

4:00pm-5:00pm
Implementing Enterprise Patch/Vulnerability Management Frameworks & Processes
Derek Milroy, Security Architect, The Corp-Sec Project

Derek is a frequent speaker at CAMP known for his "hands-on approach". The first part of his presentation will outline a framework for assessing patches relative to your environment and how to implement an effective patch management process for your network. The second part of this presentation will outline a framework for implementing a vulnerability management process that ensures remediation takes place and is tracked. The third part of this presentation will explore topics related to integrating your vulnerability management process with your NSM (Network Security Monitoring) infrastructure.

The frameworks to be presented have proven to be effective in environments varying in size from dozens to tens of thousands of hosts. These frameworks are not theoretical.

---

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education,
 in addition to 0.7 CEUs and 7 PDUs.
CISSP is a registered certification mark of (ISC)², Inc.

---

What You Will Learn

This one day conference will provide IT departments with an understanding of the following:

• How to develop an efficient and effective patch management process
• How to update your current patch management framework
• How to align vulnerability management with incident resolution
• How to implement an effective patch management solution
• How to develop a vulnerability management framework
• How to convert volumes of IT vulnerabilities into business risk exposure analysis
• How to insure compliance with industry regulations
• How other IT departments have worked through their patch management challenges
   

---

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.