Session Descriptions

Data Protection Decisions is a customized educational seminar designed by the editors of SearchSecurity.com and Information Security Magazine Online. Our one-day seminar tackles data protection from all angles to help you build an effective data governance/data protection strategy and leverage the best tactics for managing compliance technologies.

Pragmatic Data Security

Rich Mogull, Founder, Securosis

While data breaches run rampant and every vendor under the sun claims to offer a data protection solution, there is very little information available to build a practical, effective, data security program. This session busts through hype, hyperbole and complexity and details a pragmatic approach to information-centric security you can implement in nearly any organization. From tools, to techniques, to process, and even to satisfying those pesky auditors we present a straightforward, step-by-step process to reduce risks, stay out of the headlines and keep your organization's most valuable information assets safe. Attend and discover:

• The top 5 actions you must take today for data protection
• Why traditional data classification doesn't work and how to fix it
• A step by step process to building a data security program
• All the major data security tools and which ones really work

Truth, Lies and Fiction about Encryption

Adrian Lane, Analyst/ CTO, Securosis

It's a security practitioners dream: deploy a technology that ensures data protection 100% of the time. Short of unplugging a computer and locking it in a vault, few technologies come as close to this ideal as encryption. Encryption is very effective for certain security problems, but is not a panacea for all security needs. Encryption provides data privacy & integrity for data at rest and in motion, but not for data in use. Apply encryption to problems it can not solve and you are wasting time, money and employee productivity. It is not uncommon to see the deployment of an encryption solution to have pronounced performance impact, and in some cases, break applications and business processing systems outright. Just because there are a wide variety of encryption options that have been developed does not mean that they are all useful, and many encryption solutions need to be limited in their use to only one or two circumstances.

This presentation discusses the common views and misconceptions regarding encryption, and dispel the myths around the technology. Attend and delve into the practical considerations for encryption, and map some of the use cases to compliance and security goals. Sift through the hype and explore the important issues product vendors gloss over in real world deployments of encryption technologies.

Understanding and Selecting a DLP Solution

Rich Mogull, Founder, Securosis

Data Loss Prevention is one of the most hyped and least understood technologies to enter the security arsenal over the past few years. Yet with it's capabilities to help you understand how your organization uses information, and to apply protective controls, it's also one of the most promising recent security advances. This session focuses on the reality of DLP, including defining the technology, reviewing use cases, and understanding resource requirements.

Learn how to protect information, reduce risks and compliance costs, and avoid deployment pitfalls that vendors tend to forget to mention in their marketing materials as we:

• Define Data Loss Prevention and discuss the differences between full suites and point solutions
• Explore real-world use cases to derive maximum value
• Review resource requirements, including pricing and staffing expectations

Understanding and Selecting a Database Activity Monitoring Solution

Rich Mogull, Founder, Securosis

Database Activity Monitoring is emerging as a powerful and effective tool for both security and compliance. With the ability to monitor all database activity, including administrators and alert on policy violations, they offer an unparalleled ability to protect your most sensitive assets without interfering with business process. But not all tools are created equal, with fundamental differences in architectures, database support, blocking capabilities and performance. Mogull explores the inner workings of these tools and makes specific recommendations on evaluating, purchasing, and deploying Database Activity Monitoring. Attend and discover how to:

• Define Database Activity Monitoring, and how it differs from database auditing  
• Understand the difference between network, external monitoring, and agent architectures     
• Evaluate the major features of DAM, including workflow and advanced capabilities like change management      
• Review a 3 step product evaluation and testing process 
• Determine deployment expectations