RSA Conference Brochure 2008

standards thursday, april 10 8:00 a.m. – 8:50 a.m. STA-301 friday, april 11 9:00 a.m. – 9:50 a.m. STA-401 (T2) inside the World of NAC Standards Steve Hanna | Distinguished Engineer, Juniper Networks; Co-Chair, Trusted Network Connect Work Group, Trusted Computing Group (T1) Standardizing Key Management for Trusted Storage Michael Willett | Senior Director - Security, Seagate When first introduced, network access control technology was all proprietary. In the last few years, a full suite of NAC standards has been developed and compliant products introduced. Understanding these standards is key to making an informed decision about NAC products. Come hear all about these standards from the co-chair of both NAC standards bodies (IETF NEA and TCG TNC). 9:10 a.m. – 10:20 a.m. STA-302 A trusted storage specification is being implemented by the storage community, including hard drives, tape, flash and optical devices. The storage industry has created a companion key management services specification, covering life cycle management of keys for storage security functions such as full disk encryption. The specification and sample applications will be covered in this session. 10:05 a.m. – 10:55 a.m. STA-402 (T2) Extended Validation: raising the Bar for internet Trust (T2) The New FiPS 140-3 Standard MODERATOR: Ray Snouffer | Mathematician, NIST PANELISTS: Jean Campbell | Director of CMVP — CSE, Communications Security Establishment Randall Easter | Director of CMVP, NIST Allen Roginsky | Mathematician, NIST MODERATOR: Tim Moses | Director, Advanced Security Technology, Entrust PANELISTS: Tom Albertson | Program Manager, Core Operating System Division, Microsoft Corporation Nicholas Hales | Chief Legal Officer, Comodo CA Ltd. Phillip Hallam-Baker | Principal Scientist, VeriSign, Inc. Johnathan Nightingale | Human Shield (Usability & Security), Mozilla Extended Validation (EV) certificates raise the bar for establishing Internet trust. As banks and leading Internet merchants deploy EV certificates, causing green bars to appear in Web browsers, the panel will describe the challenges in creating the standard and associated user experiences, reflect on lessons learned from the first year of deployment and ask “Can the bar be set too high?” 10:40 a.m. – 11:50 a.m. STA-303 This panel focuses on the timing and development of the new Federal Information Processing Standard (FIPS 140-3) and security requirements for cryptographic modules. Major changes to the standard will be discussed, driven by new technology and new attack types, as well as the implications of the changes to vendors and testing laboratories. 11:10 a.m. – 12:00 p.m. STA-403 (T2) What’s New with XACMl, the Access Control Standard? Hal Lockhart | Principal Engineering Technologist, BEA Systems, Inc. (T2) PCi DSS Security Standards Foundation and Future MODERATOR: Sandra Lambert | Managing Partner, Lambert & Associates, LLC PANELISTS: Robert Russo | General Manager, PCI Security Standards Council John Sheets | VP, Innovation, Visa, Inc. Miles Smid | President, Orion Security Solutions Jeff Stapleton | CTO, Innové LLC The extensible access control markup language (XACML 2.0) is both an OASIS standard and ITU-T recommendation. This session will briefly overview XACML 2.0, discuss recent uptake of XACML — highlighted by public interoperability demonstrations — and describe the exciting new features of XACML 3.0. Sessions and speakers are subject to change without notice. The payment card industry data security standard specifies critical security requirements for payment systems used by merchants and card processors worldwide. This panel of experts identifies the basis for the requirements in PCI DSS (e.g., ANSI, ISO), points users to sources that will help them achieve compliance and indicates the direction of future DSS updates. currEnt and futurE sEcurity standardiZation Efforts 42 sEssion classification (B) Business Futures (S) Strategic (T1) Advanced Technical (T2) Intermediate Technical (T3) Basic Technical See page 5 for complete level descriptions.

Table of Contents Feed for the Digital Edition of RSA Conference Brochure 2008

Table of Contents Who Should Attend & Why Keynote Speakers Agenda At-A-Glance Session Classification Special Events & Activities Connect & Network Highlights 1-Day Pre-Conference Tutorials 2-Day Pre-Conference Tutorials Tracks & Sessions Authentication Consumer Protection Business Trends & Impact Case Studies Cryptographers Deployment Strategies Developing with Security Enterprise Defense Hackers & Threats 1 Hackers & Threats 2 Identity & Access Management Industry Experts Law & Liability Policy & Government Professional Development Security-Oriented Architecture Standards Wireless Sponsor Sessions List of Exhibitors Registration Information Sponsors

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.