Conferences that solve current IT challenges
Patch and Vulnerability Management
Delivering the levels of security, compliance and confidence needed for your extended enterpriseStrategies to help leverage full value from your design and implementation of an effective Business Intelligence framework
February 7, 2008
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois
The number of vulnerabilities is growing. The timeframe between when a vulnerability is found and when it is exploited has shortened. The urgency to mitigate network vulnerabilities has become more crucial than ever.
What You Will Learn
In this one day conference attendees will learn:
- How to develop an efficient and effective patch management process
- How to update your current patch management framework
- Creating a system inventory
- How to align vulnerability management with incident resolution
- How to implement an effective patch management solution
- How to patch an entire server farm
- How to patch in a virtualization environment
- How to monitor vulnerabilities, remediation and treats
- Prioritizing, deploying, & testing remediations
- Taking it to the next level: How to take your patch management process and build into effective vulnerability management
- How to develop and implement metrics
- How to convert volumes of IT vulnerabilities into business risk exposure analysis
- How to insure compliance with industry regulations
- How other IT departments have worked through their patch management challenges
8:00am - 9:00am - Registration and Continental Breakfast
Designing & Implementing a Comprehensive Patch/Vulnerability Management Process
Richard Linke, Former Global Security Patch Management, Kraft Foods
According to industry analysts, most users see BI as an IT initiative. This creates challenges in achieving the value of BI. User adoption remains elusive which in turn prevents the best decisions from being made.
In this session attendees will learn:
- How to design an effective BI/PM framework
- How to make insightful decisions about significant changes in the business and markets
- How to develop and implement an effective BI Competency Center
- How to transform coarse data into actionable intelligence
- How to leverage BI to drive the decisions necessary for the recovery
- How to calculate baseline metrics for business intelligence
- How other IT organizations are helping to make business decisions for the extended enterprise
- How to make processes more agile with BI
10:00am -10:30am - Refreshment Break
Vulnerability and Patch Management…from the Hacker's Perspective
Eric Schultze, Chief Technology Officer, Shavlik Technologies
This presentation examines methods hackers use to exploit unsecure and unpatched systems to obtain access to protected networks and sensitive information. Through live demos, we'll show how a seemingly secure system can allow unprivileged users complete access to both the system and the network. We will highlight common configuration and design weaknesses in various systems. We will also demonstrate what can happen if you have even one unpatched system on your network. We will discuss ways to identify and remediate poorly configured and unpatched system.
Business Rationale for Patching Computer Systems
Danny Harris, Manager of Information Security Policy and Awareness, The Aon Corporation
This session will focus on the rationale for patching computer systems, with an emphasis on improving security and reliability. We will discuss how the security threatscape has dramatically changed by examining a number of real-world attacks and the implications for business. In addition, other factors such as regulatory requirements, due care, and good business practices need to be considered among the criteria for patching systems.
12:30pm - 1:30pm Luncheon
Penetration Testing: How to Determine if Your Security Investments are Effectively Detecting and Preventing Attacks
Billy Austin, Chief Security Officer of SAINT Corporation
Penetration testing has become an essential part
of assessing and improving the security of an
enterprise or organization's network. The goal
of a penetration test is to assess the overall
security of a network by attempting to
compromise that system using an attacker's
techniques. Only performing a vulnerability scan
is passive and does not address the implications
of a successful intrusion. It only lists what
the potential vulnerabilities may be without
probing deeper to reveal the true threats to
assets. Further, it identifies the problems
which may have already occurred rather than
evaluating against a real attack like
penetration testing does. A penetration test, on
the other hand, is active, in that it is able to
attack a system and measure its readiness.
Penetration testing delivers results that goes
beyond the data yielded by a vulnerability
assessment in that it's an authorized attempt to
breach the architecture of a system using
attacker techniques. With a penetration test,
you actually exploit vulnerabilities in your
network and try to replicate the kinds of access
a hacker could achieve.
During this session attendees will learn:
- The fundamentals of penetration testing and why it is becoming increasingly important
- The critical difference between vulnerability scanning and penetration testing
- How to determine if your current security investments are detecting and preventing attacks
2:30pm - 3:00pm - Refreshment Break
Strategies for Securing Legacy Servers
Jon Miller, Senior Security Consultant, Accuvant
All companies have legacy applications and servers, either 3rd party or home-brewed that aren't always conducive to working with the latest security patches. In this presentation we will explore alternatives to conventional patches, that will help prevent server or service compromise without reliance on mainstream vendor binary patching.
Strategic Framework of Vulnerability Management
Joshua Shi, Security Architect, TransUnion
This presentation will outline a framework for implementing a vulnerability management program. Topics covered will include items/issues to be aware of as you architect a vulnerability management framework specifically for your organization. This presentation will also cover reporting for all levels of your organization, including how to gather and report on meaningful metrics that can be used to track progress for remediation of vulnerabilities throughout your environment. The framework presented has proven to be effective in environments varying in size from dozens to tens of thousands of hosts. Free and commercial product usage will be discussed as they relate to the frameworks.
Conference price: $249 per person.
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)˛, Inc.
As is always the case at CAMP IT Conferences events, the talks will not include
product presentations. During the continental breakfast,
coffee breaks, and the luncheon break you will have the opportunity
to informally meet representatives from the following sponsoring
companies, who have solutions in the area of the conference.