RSA Conference Brochure 2008

industry ExpErts tuEsday, april 8 1:30 p.m. – 2:40 p.m. EXP-105 WEdnEsday, april 9 8:00 a.m. – 8:50 a.m. EXP-201 (T) reconceptualizing Security Bruce Schneier | CTO, BT Counterpane (T) Darwin and Security: What Evolution Tells Us About the Past and Future of Security Paul Kocher | President & Chief Scientist, Cryptography Research, Inc. Traditionally, computer security starts and ends with the computer. More recently, researchers have come to realize that security encompasses so much more: not just user interface, but economics, psychology, sociology and the all-important “security theater” that gives people the feeling of trust that allows them to rely on the security in the first place. This session looks at the big-systems picture of security, and shows how lessons from the social sciences translate into hard security requirements. 3:00 p.m. – 3:50 p.m. EXP-106 Security products don’t just appear; they evolve. In this session, Paul Kocher will analyze how evolutionary models explain security failures and successes, and predict where adversaries and our industry are headed. Technical case studies will examine the evolutionary impact of specific engineering approaches, defect testing methods and security architectures for content protection, tamper resistance and financial systems. 9:10 a.m. – 10:20 a.m. EXP-202 (S) The internet is Not the Wild West: Google’s Approach to Security Douglas Merrill | Vice President of Engineering, Google (B) A Perspective of information Security in the Olympic Games 2002–2008 Yan Noblot | Principal Consultant, Atos Origin When a new technology emerges, businesses grow up to leverage it, and bad guys learn to exploit it. New technologies, Internet growth and Web 2.0 have created security problems. However, many of these problems are not new, and neither are the solutions. This session will show how Google sets security strategy and addresses security issues, plus show how responsible disclosure and engagement with the technical community can help. 4:10 p.m. – 5:20 p.m. EXP-107 (L3) 2008 in Spyware MODERATOR: Ari Schwartz | Deputy Director, Center for Democracy and Technology (CDT) Justin Brookman | Assistant Attorney General in the Internet Bureau, New York Attorney General’s Office Michael Kaiser | Director of Programs, National Center for Victims of Crime Cindy Southworth | Director, Safety Net, National Network to End Domestic Violence Jeff Williams | Principal Group Manager, Microsoft Malware Protection Center, Microsoft Corporation The Olympic Games is the largest sporting event in the world, attracting audiences of more than four billion TV viewers. Real-time information is the link between the competitions and the rest of the world; and information security is of paramount importance to ensure a smooth running of the Olympic Games, as nothing can come in the way of this event. This presentation describes the approach taken to address the challenges of information security in this critical environment and provides a perspective on the evolution of information security over the last four Olympic Games. 10:40 a.m. – 11:50 a.m. EXP-203 (T2) Sins of Our Fathers MODERATOR: Daniel Houser | Sr. Security Identity Architect, Cardinal Health PANELISTS: Ben Jun | Vice President of Technology, Cryptography Research Hugh Thompson | Chief Security Strategist, People Security Panelists will discuss spyware from the point of view of the consumer, the victim and the anti-spyware industry. Panelists will draw from statistics, personal experiences and industry knowledge to look at how 2007 compared to previous years, progress in 2008 and what the future may hold. Panelists will examine past and current spyware fighting, as well as discuss new techniques on the horizon. 5:40 p.m. – 6:30 p.m. EXP-108 (B) How to Take Down the Power Grid Ira Winkler | President, ISAG Three gurus from different areas of cryptography and security present case studies to apologize for sins in prior art, as those who fail to learn from security history are doomed to repeat it. This will be a frank and entertaining discussion of what went wrong with SSL v.1, WEP, CSS, AACS/DRM and failed software, network and physical security implementations. Mea culpa. The power grid is one of the most insecure infrastructures. When DHS released a video showing the effects of hackers causing a generator to blow itself up, the video was misused and laughable. Ira Winkler, who served on red teams targeting the grid, says that the situation is much worse and will discuss the details of how and why the power grid is so vulnerable. 34 sEssion classification (B) Business Futures (L3) Basic Legal/Compliance (S) Strategic (T) Technical Futures (T1) Advanced Technical (T2) Intermediate Technical (T3) Basic Technical See page 5 for complete level descriptions.

Table of Contents Feed for the Digital Edition of RSA Conference Brochure 2008

Table of Contents Who Should Attend & Why Keynote Speakers Agenda At-A-Glance Session Classification Special Events & Activities Connect & Network Highlights 1-Day Pre-Conference Tutorials 2-Day Pre-Conference Tutorials Tracks & Sessions Authentication Consumer Protection Business Trends & Impact Case Studies Cryptographers Deployment Strategies Developing with Security Enterprise Defense Hackers & Threats 1 Hackers & Threats 2 Identity & Access Management Industry Experts Law & Liability Policy & Government Professional Development Security-Oriented Architecture Standards Wireless Sponsor Sessions List of Exhibitors Registration Information Sponsors

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.