Information systems managers have been hit with a deluge of security and privacy regulations. Everything from encrypting credit card numbers to guaranteeing the privacy of personal financial information, as governed by the Gramm Leach Bliley Act (GLBA), has put added importance on properly securing their systems. Some regulations have been moving targets. The Health Information Portability and Accountability Act (HIPAA) was enacted in 1996, yet all regulations have not yet been finalized. And while many of these managers find this task to be quite daunting, those who manage systems in a global environment have seen it become a full time job. This session will discuss the aspects of security and privacy regulations and look at the unique challenges presented by global information flows.
This session will provide information on techniques and services to investigate cyber crimes including techniques to discover, recover and present digital evidence. Attendees will learn the do's and don'ts of dealing with digital evidence so that the results stand up in court. Can your competition steal your proprietary intellectual property and trade secrets from under your very nose? They can, and this case study shows you how it happened in one real world example. Only the names have been changed to "protect the innocent". This case study discusses the facts around an employee using a Trojan horse virus and his company's corporate intranet to steal sensitive information from executive officers' computers, and then e-mailing it to a competitor in exchange for a payoff and a promise of a future job. The topic involves IP damages, steganography (used by the terrorists to communicate), digital watermarking, electronic discovery, and other timely subjects.
This two-part session focuses on Biometrics within the Department of Defense (DoD). The first portion will be an overview of biometrics and will introduce the DoD's Biometrics Management Program and the activities at the DoD Biometrics Fusion Center. This will include the DoD's changing security requirements and how the DoD is using biometric solutions to meet those requirements. The second segment will discuss the role of biometrics in the authentication process and show the benefits and shortcomings of the various biometric technologies. There will also be a synopsis of major advances in the biometric marketplace and some of the latest biometric security trends.
This session will present the National Institute of Standards and Technology (NIST) strategy for developing security standards and guidelines mandated by the Federal Information Security Management Act (FISMA) of 2002. Three key documents will be discussed: Federal Information Processing Standard Publication 199, Standards for the Security Categorization of Federal Information and Information Systems; NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems; and NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems. The use of the new security standards and guidelines in developing effective organization-wide information security programs and ultimately achieving more secure enterprise information systems for the nation's critical information infrastructure will also be discussed. Web-based information security resources will be available to assist organizations in all aspects of securing their enterprise information systems. NIST information security programs and security-related information can be accessed by visiting the Computer Security Division web site at: http://csrc.nist.gov.