With the consumerization of IT, organizations everywhere are feeling the pressure to incorporate a broader spectrum of mobile devices into the corporate environment.  Meanwhile, the threat environment for mobile devices is unique and changing, and security capabilities are lagging behind mobile functionality.  In order to successfully incorporate a broader variety of mobile devices into the corporate environment, organizations must thoroughly assess the risks and develop a risk mitigation plan.

This session will review available risk assessment models, unique considerations when conducting a risk assessment for mobile devices, as well as a case study of a recent mobile device risk assessment.

Speaker:
David Frei is a member of the Capital One IS Audit team, serving as Digital and Information Security Specialist.  David brings 10 years of experience from KPMG providing security advisory, IT attestation, and external audit services to various clients in Financial Services, Insurance, Consumer Products, Healthcare, Energy/Mining, Telecommunications, Federal, and Local Governments. His certifications include: Certified Information Systems Security Professional (CISSP) and Certified Information Privacy Professional (CIPP).

David has strong information security/digital experiences that include assessing mobile devices and applications, consulting on information governance frameworks, performing sensitive data flow analyses, assessing security and privacy controls to prevent and detect data loss across the information lifecycle, developing and evaluating Information Security Management Systems and third-party vendor risk assessment programs, performing vulnerability assessments, and managing IT and business process components of internal controls readiness and attestation projects.

This talk will cover the common tools used by hackers to create Advanced Persistent Threats, and, the
tools today’s security professional should be familiar with to combat these attacks.

Speaker: Jack Mannino, CEO of nVisium Security

Building secure Android applications can be achieved with a mix of common sense, leveraging platform security features, and following secure development best practices. This presentation will focus on security “quick wins” during development and will cover techniques that can reduce the overall attack surface within Android applications.

The OWASP GoatDroid and OWASP MobiSec tools will be used throughout the presentation to demonstrate issues encountered in the real world. We will cover the attack surface for Android and highlight the most prevalent security flaws found within production applications.

Jack Mannino is the CEO of nVisium Security, an application security firm located within the Washington DC area. At nVisium, he helps to ensure that large corporations, government agencies, and software startups have the tools they need to build and maintain successful application security initiatives. He is an active Android security researcher, and has a keen interest in identifying security issues and trends on a large scale. Jack is the leader and founder of the OWASP Mobile Security Project. He also serves as a board member on the OWASP Northern Virginia chapter. Jack is also the lead developer for the OWASP GoatDroid Project, which is a collection of vulnerable Android applications used for training and education.

Speaker: Deneen DeFiore, GE, Site Leader for ISTC

Deneen will present an overview of the GE Information Security Technology Center (ITSC) including:

• GE’s information protection philosophy and drivers
• The services the ITSC provides GE business units
• The range of personnel and skills employed
• Why GE selected Glen Allen Virginia as the location for the ITSC
• Questions and Answers

It is a given that the most important requirement of a successful security program is executive support, ideally executive respect.  Koos Lodewijkx, IBM IT Security strategist, will describe how he and his team use a “10 Essential Security Practices” model to create a transformational security program that supports IBM’s IT Risk Program objectives.  You will leave Koos’ presentation with an understanding of this security program framework developed by security thought leaders and embraced by IBM’s business leadership team.

Speaker: Koos Lodewijkx leads the IT Risk Strategy & Policy team in IBM, responsible for driving the technical architecture for IT Security across IBM world-wide, and developing and managing the IT Security and Business Continuity / Disaster Recovery policies and standards.

Previously, he held the role of Lead Strategist for the IBM Security Solutions division.  Koos has been working in IT Security for well over a decade.