The multi-page agenda flyer and speaker bios is 2013_i-symposium_agenda.
8:00 Check‐in, Breakfast
8:30 Welcome: Wade Sherman, VP – Lead Counsel, Digital Marketing, Adobe Systems
8:35 Keynote: CFAA: A Failed Experiment, Eric Goldman, Law Professor, Director, High Tech
9:30 Networking Break
10:00 Breakout: Suggestions for Accessible Documents, Hon. David Nuffer, U.S. District Court,
District of Utah
Breakout: The Surveillance State: From 9/11 to Snowden, Ben Stanley, Attorney,
Breakout: Are Employees’ Smart Phones Safe Enough for Business? Scott Blackmer,
Founding Partner, InfoLawGroup LLP
11:00 Networking Break
11:15 Breakout: Exchanging Medical Records Online, Scott Rea, VP GOV/EDU Relations & Sr.
PKI Architect, Digicert
Breakout: EU Data Privacy Directive: Past, Present and Future. Lee Wright, Shareholder
Kirton & Mckonkie; Julie Park, Privacy Officer, Corp. of the Presiding Bishop
Breakout: Ethics CLE, The Cybersecurity Implications of Utah Rule of Professional
Responsibility 1.6: The Standard of Due Care Has Emerged, Matt Sorensen, TechLaw
12:15 Lunch and State of the Net, Ben Holt, Attorney, Kilpatrick, Townsend & Stockton
12:30 Presentation of Utah Tech Pioneer Award
12:40 Lunch Keynote: Fast Failure, James Clarke, CEO & Managing Partner, Clarke Capital
1:30 Networking Break
1:45 Breakout: Getting More Security For Less with Managed Security Services, Eli J.
Martinez, IT Security Risk Manager, Corp. of the Presiding Bishop; Commander, Utah Air
Breakout: Who Owns the Customer? James Harrison, CEO and Founder,
Breakout: CLS Bank Decision, William B. Bunker, Partner, Knobbe Martens
2:45 Networking Break
3:00 Breakout: Consumer Privacy Communications – Practical Strategies for Educating
Consumers by Drafting Effective Policy Statements Across Digital Platforms, Panel,
Sharon Bertelsen, Of Counsel, Ballard Spahr, Mercedes Tunstall, Partner, Ballard Spahr
Breakout: Cloud Security and Managing Use Risks, Carl Allen, Director Information
Security, Intermountain Healthcare
Breakout: Individual Efforts to Maximize Privacy and Security of Data in an era of
Cyberstalking and NSA Surveillance. Charles L. Mudd Jr. Mudd Law Offices
4:00 After Conference Social
The quarterly ISSA Utah Chapter 1/2-Day security seminar. Includes breakfast and lunch.
1) Securing the Virtual Environment | How to Defend the Enterprise Against
Presenter: Matthew Wallace, Director of Product Development, ViaWest, Inc.
2) Best Practices, Audit and Control for an Enterprise Vulnerability Management Program
Presenters: Grant Johnson & Jeff Buzzella, Qualys
3) IT Risk Management: Because You Can Have Too Much Security
Presenter: David A. Nelson, Jr. CISSP, Founder of Integrity Technology Systems
SEC566: Implementing and Auditing the Twenty Critical Security Controls – In-Depth
Community Instructor: James Murray, NCCI Holdings, Inc.
Other: 30 CPE/CMU; Laptop Required
Cybersecurity attacks are increasing and evolving so rapidly that is more difficult than ever to prevent and defend against them. Does your organization have an effective method in place to detect, thwart, and monitor external and internal threats to prevent security breaches?
As threats evolve, an organizations security should too. To enable your organization to stay on top of this ever-changing threat scenario, SANS has designed a comprehensive course on how to implement the Twenty Critical Security Controls, a prioritized, risk-based approach to security. Designed by private and public sector experts from around the world, the Controls are the best way to block known attacks and mitigate damage from successful attacks. They have been adopted by the U.S. Department of Homeland Security, state governments, universities, and numerous private firms.
The Controls are specific guidelines that CISOs, CIOs, IGs, systems administrators, and information security personnel can use to manage and measure the effectiveness of their defenses. They are designed to complement existing standards, frameworks, and compliance schemes by prioritizing the most critical threat and highest payoff defenses, while providing a common baseline for action against risks that we all face.
The Controls are an effective security framework because they are based on actual attacks launched regularly against networks. Priority is given to Controls that (1) mitigate known attacks (2) address a wide variety of attacks, and (3) identify and stop attackers early in the compromise cycle.
The British governments Center for the Protection of National Infrastructure describes the Controls as the baseline of high-priority information security measures and controls that can be applied across an organisation in order to improve its cyber defence.
SANS in-depth, hands-on training will teach you how to master the specific techniques and tools needed to implement and audit the Critical Controls. It will help security practitioners understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats.
The course shows security professionals how to implement the controls in an existing network through cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Controls are effectively implemented.
Paraben’s PFIC Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!
The Future of Android Security
Presenters: Alex Geiger and John Gluth, Green Hills Inc.
The global enterprise Android mobility market is growing rapidly, yet Android security solutions are in their infancy. We’ll discuss emerging technologies to address secure boot, data-at-rest and in-transit encryption, user authentication, and dual persona (BYOD/EOD) in an Android environment that has proven fertile to hackers. We’ll also touch on the U.S. Government initiatives to build an ultra-secure smartphone using commercial off-the-shelf technology.”
3:00 Introduction of Speakers
4:00 Question & Answer
4:15 Speakers Depart/ISC2 Chapter Business
4:30 Light Refreshments