CSS Homepage

Day 1 - Tuesday, May 22, 2007
Pre-Conference Security Workshops
8:00am	9:00am		Breakfast
9:00am	12:00 pm		Workshop 1: You've lost a laptop - Now what?
			One of your workers has lost an important laptop. You know the one with all that test customer data, an all-to-frequent but potentially lethal news event that would never happen to you. In this workshop we'll perform a practical, hands-on exercise as we decide how to deal with this difficult and potentially bad situation. Was the laptop lost or stolen? What was on it? How does one manage this kind of incident? How do you determine the risk to your organization and its customers? Who gets involved? What are the best practices for investigating the event, documenting findings, exploring legal obligations, and managing communications to the marketplace and customers, and remediating practices for the future? At the end of this workshop, you will have a better understanding of the implications, risks, processes and policies you need to consider to thoroughly protect your organization.
11:30am	12:30pm		Lunch/Break
12:30pm	3:30pm		Workshop 2: Gone Phishing: How to Recognize, Catch and Clean a Phish
			Before the emails are sent, before DNS entries are changed, phishers are doing work. They are selecting victims and creating harvesting sites. These sites are then linked to emails and other lures to bring victims to the site. In this class we will examine the process that takes place before the emails are sent, by playing the part of the bad guy. Then we'll switch gears and play the role of the investigator. In this class each student will construct a phishing site based on a sample banking web site. After each site is built the class members will learn how to identify the source phisher and reconstruct the activity of that phisher. Required: Laptop computer with wireless capability
3:30pm	5:00pm		Break/Registration
Conference Begins
5:00pm	6:00pm		Keynote Session: Understanding and Managing the new Digital Identity	Kim Cameron, Architect of Identity and Access in the Connected Systems Division, Microsoft Corp.
			Who are you? It's a simple question, but it doesn't have a simple answer. The way you represent your identity changes as you move through the world. Different contexts require different identities, each of which is expressed in a different way and provides different information. In one very important context—the networked world—identity is currently a much more muddled thing. Just as in the physical world, all of us have a variety of digital identities, and they're expressed in different ways. Today, however, there's no consistent way to deal with this portfolio of digital identities. Instead, we're left struggling in a complex, confusing, and insecure environment. This means that the solution is not to mandate a single system for digital identity, but rather to find a coherent way to use multiple digital identity systems. What's required is a system of systems—a metasystem—focused on identity. Making this identity metasystem a reality requires cooperation. No single organization can unilaterally impose a solution. Fortunately, vendor-neutral communication standards exist that can be used to address this issue. Using these Web services technologies, it's possible to define a consistent way to work with any digital identity created by any source, using any identity technology.
6:00pm	9:00pm		Opening Reception/Dinner at The Pavilion
Day 2 - Wednesday, May 23, 2007
7:30am	8:30am		Breakfast
8:30 am	8:45 am		Welcome
8:45am	9:30am		The State of Online Banking Security	Gwenn Bezard, Research Director, Aite Group
			In this session, Gwenn Bezard will highlight research from a March 2007 report, which presents findings from a survey among 21 of the top 100 U.S. banks ranked by number of checking accounts. The survey focused on individuals leading the online banking channel at their institution. The presenter will highlight banks' current security issues and concerns, as well as the technology and investment directions within the Web, phone, and mobile banking channels. Attendees will learn some of the key findings of this survey that pertain to online banking security.
9:30am	10:15am		The importance of using international standards in your compliance programs	John A. DiMaria, Product Manager; Business Continuity, BSI Management Systems
			Our society is so reliant on information that the loss or corruption of the country’s information infrastructure would create a situation where most businesses could not survive. The financial services industry specifically is continuously evolving and growing in complexity, leading to organizations facing many challenges and concerns. Issues such as corporate governance, risk management and regulation continue to have an impact on the industry. Customers want more for less and still have the confidence that their information is secure. Implementing a formal, globally accepted Information security process such as ISO 27001 is an integrated approach that addresses those policies and procedures for identifying, controlling, and protecting information from unauthorized manipulation. Attendees will learn how to establish an internationally endorsed ISMS systematic process that takes a holistic approach to facilitate meeting all legal and regulatory requirements and managing sensitive information such that it remains secure. How it is a strategic business decision that can reap benefits and profits for the company.
10:15am	10:30am		Break
10:30am	11:15am		Effective Risk Management	Jim Maloney President & CEO Cyber Risk Strategies
			The objective for almost any security program is to reduce information security risks to an acceptable level for the enterprise, subject to a variety of internal and external constraints. This presentation will offer an approach to managing information security risks that emphasizes flexibility and adaptability, in response to a landscape of constantly changing threats.
11:15am	12:15pm		Networking Roundtables
			In-depth, networking discussions with your peers and subject matter experts to share best practices, lessons learned, and plans for the future of your online initiatives. Topics to include:	Fraud Detection & Prevention Phishing Stronger Authentication (FFIEC Guidance) Regulatory Compliance Consumer Education & Loyalty Online Forensics
12:15pm	1:15pm		Lunch
1:15pm	2:00pm		Fraud and ID Theft on mobile devices – Deterring the threat to mobile banking	Bob Egan, Chief Analyst and Research Director, Emerging Technologies, TowerGroup
			Just when IT managers at financial services institutions (FSIs) thought they had most online fraud and identity theft under control, a new threat is arising. In 2007, many banks will launch initiatives such as use of the smart phone as a credit/debit card, and since criminals tend to "follow the money," a rise in viruses via malware on mobile devices can be expected. But FSIs do not seem to be taking action to avert the danger. This session explores the issues of security of mobile devices and makes some recommendation for FSIs, their IT departments, and other interested parties in the midst of developing or considering consumer mobile banking or payment solutions.
2:00pm	2:15pm		Break
2:15pm	3:00pm		Introducing Windows CardSpace™	Richard Turner, Product Manager Identity Platform Developer Marketing Microsoft Corp.
			Windows CardSpace is a new feature of Microsoft Windows that helps users better manage and control the exchange of their personal identity information. Built in accordance with Kim Cameron’s “7 Laws of Identity”, Windows CardSpace helps users sign-in to websites and applications with a few clicks on a mouse rather than having to remember a myriad of usernames and passwords. In doing so, Windows CardSpace helps users avoid many of the threats to online identity such as phishing. In this session, we’ll explore what Windows CardSpace does and how it works leaving you with a sound understanding of its core features and abilities.
3:00pm	3:15pm		Break
3:15pm	3:50pm		Life after FFIEC– Cross Channel Fraud and the Balloon Effect	Amir Orad, Chief Marketing Officer and Executive Vice President, Actimize
			Learn what leading financial institutions are focusing on after meeting FFIEC requirements. It is now time to address the next series of threats. The ‘balloon effect’ tells us that we are only as secure as our weakest link. Fraudsters continually monitor all entry points to uncover the easiest point of attack. Amir Orad of Actimize will share user stories and his views on the next wave of threats, explaining why an enterprise view across all channels is your critical next step in the never-ending fight against fraud.
3:50pm	4:10pm		Keeping Online Banking Safe: Why You Need Geolocation	Bill Varga, Vice President of Business Development, Quova, Inc.
			How can you ensure regulatory compliance if you don’t know where your customers are when they log into their online bank accounts? In this session you will learn how IP geolocation technology can help instantly identify where visitors to your website are geographically located, and if that visitor is trying to conceal their location. Why is this important? Someone attempting to hide their location could indicate potential fraud or identify theft. Bill Varga, will share case studies of how leading financial institutions have implemented IP geolocation to protect themselves and their customers from the financial, regulatory and reputation consequences of fraud attacks.
4:10 pm	4:30 pm		Break
4:30pm	5:15pm		Security Panel Discussion	Participants TBD
5:15pm	6:00pm		Visit with Partners/Break
6:00pm	9:30pm		Special Dinner Reception in Governor's Ballroom
Day 3 - Thursday, May 24, 2007
8:00am	9:00am		Breakfast
9:00am	9:45am		PCI Security Standards Council – Who They Are and What They Are Doing	Bob Russo, General Manager, PCI Security Standards Council
			Formed in September 2006, the PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The Council owns, manages and distributes the PCI Data Security Standard (PCI DSS), and is responsible for the certification of Qualified Security Assessors and Approved Scanning Vendors. Recent events have illustrated the tremendous implications that data breaches have on those in the financial services. Meanwhile, among the growing numbers of retailers who are fully compliant with the PCI Data Security Standard, *not one has suffered a single security breach.* And none have suffered the debilitating brand damage that occurs when customer data is lost. In this discussion PCI Security Standards Council general manager, Bob Russo, will share: · what has been achieved since the Council formed six months ago · what the Council and the Data Security Standard means to everyone in the payment chain · the ramifications and lessons learned from recent breaches · how the Council will engage industry stakeholders moving forward to reflect feedback from the marketplace · how he plans to guide the organization and promote greater adoption of the standard Come find out why close to 200 organizations have joined the Council and explore the latest developments in the process to evolve the standard.
9:45am	10:30am		Delivering Security at Every Level	Bob Varnadoe, Director of Systems Security, CheckFree Corporation
			CheckFree, a leading provider of electronic billing and payment, securely processes more than one billion transactions each year. Learn how CheckFree delivers security at every level -- beginning within the overall enterprise and continuing through financial services products and, ultimately, the consumer experience.
10:30am	11:00am		Conference Wrap-Up/Questions
Conference Ends
Post-Conference Sponsored Activities Begin
11:00am	12:30pm		Hotel Checkout/Lunch
12:30pm	5:30pm		Fazio Foothills Golf Tournament
12:30pm	2:30pm	Or	Tour of Downtown Austin and Lake Austin
12:30pm	2:30pm	Or	Horseback Trail Riding
Post-Conference Activities End