VA SCAN Conference 2009
Conference Proceedings
Security in Lean Times
October 5-6, 2009
University of Virginia
Charlottesville, Virginia
As the conference was advertised:
Given the current troubled economy, there will likely be few public and private sector entities to escape the need for pruning programs that do not clearly and directly support high priority goals. This situation could prove especially difficult for the information security profession, in which demonstration of strategic value has been a significant challenge even in the best of times.
Security professionals know all too well that without strong executive backing for security programs, funding and staffing sources for necessary technology dry up, essential security policies go unapproved, and attempts to build security awareness are short-circuited. There is no better time for individuals responsible for information security to assess how their resources are being deployed and consider how those usages appear in the eyes of senior management. New strategies more directly linked to institutional goals make be needed and/or the value of current ones may need better articulation—hard work, but there’s plenty of help out there.
Highlights of the Sixth Annual VA SCAN Conference included:
- ISO 27002 security standard
- Auditing in a virtual environment
- Convergence of IT security and emergency preparedness
- Security in the cloud
- e-Discovery and effective records management
- Building a case for security expenditures
- Virtualization and security
- Authentication strategies
- Mobile device security
Session Descriptions | PDFs of Presentations
Keynote Plenary Session
Gene Kim (Tripwire) — Creating Effective Security Controls: A Ten-Year Study of High Performing IT Security | Slides (pdf)
Plenary Session
Open Discussion on Security Issues with Randy Marchany
Lunch with Wayne Donald
45 Years of Technology Experience - What's Next? Slides (pdf)
Audit Track
- Kevin Savoy/Brian Daniels — Auditing Networked Printers Slides (pdf)
- Dave Litton/Phil Napier — Interfaces between Disparate Databases - Auditing and Controls Slides (pdf)
- Ken Magee — ISO Standard Slides (pdf)
Management Track
- Steve Werby & Jim Jokl Security in the Cloud: Questions You Need to Ask Slides (pdf)
- Caroline Walters — Reduce the Haystack: E-Discovery and Records Management Slides (pdf)
- Jason Richards — Governance for Compliance: The Convergence of Central and Distributed IT Compliance Slides (pdf)
- Andrea Di Fabio — Deploying Network Access Control Slides (pdf)
- Panel: Kirby Felts, Wayne Martin, Shirley Payne, Marjorie Sidebottom—The Intersection of Information Security and Emergency Preparedness Slides (pdf)
- Darlene Quackenbush—Strengthening Your Personal Firewall Slides (pdf)
Technical Track
- Mary Dunker — Who's There? A Methodology for Selecting Authentication Credentials Slides (pdf)
- Karen McDowell — Mobile Device Security: Time to Move into High Gear Slides (pdf)
- Randy Marchany — e-Discovery and Fraud/Abuse Details (Pay No Attention to the Man Behind the Curtain) Slides (pdf)
- Rob Lee — Windows Forensic Analysis: Dissecting the Windows Registry — Part 1 (Slides copyrighted and not available for download)
- Rob Lee — Windows Forensic Analysis: Dissecting the Windows Registry — Part 2 (Slides copyrighted and not available for download)
Page Updated: 2011-06-30
