RMIMA August 2011

RMIMA and SIM Member $35, Non-Member $65, Student & Faculty $15
Non-member price includes a full year of RMIMA membership at no additional charge.

A full day of learning and exploration into the latest IT mobile and web trends and technologies that will benefit your business and help you drive your mobility and web initiatives in the right direction all year long.

This is your chance to hear from the industry and academic speakers as they reveal all they know about new mobility and web trends, threats and risks to avoid or mitigate, and best practices for navigating your business - in just one day. Event Highlights:

David Campbell, Electric Alchemy, Ltd. Keynote: Ubiquitous Insecurity: Challenges in Securing the Mobile Workforce ABSTRACT: Smartphone sales are outpacing sales of traditional handsets. Users have embraced the connected lifestyle provided by theses tiny computers, but at what cost to their privacy and security? This presentation will identify a number of security issues present on current popular smartphone offerings and demonstrate the impact of successful exploitation. Recommendations appropriate for both end-users and enterprise managers will be provided.

Dan Cornell, Denim Group: Smart Phones and Dumb Apps - Threat modeling ABSTRACT: Enterprises are targeting both internal users and customers with smartphone applications for platforms such as Apple iPhone and Google Android. Many of these applications are constructed without fully considering the associated security implications of their deployment. Breaches can impact both users as well as the enterprise distributing the application as attackers take advantage of expanded access to sensitive data and network services. Threat Modeling is an established practice used to identify potential security issues before starting development and holds promise for organizations developing leading-edge smartphone applications. This talk discusses emerging threats associated with deploying smartphone applications and provides an overview of the Threat Modeling process.

Steve Fox, Coalfire: Botnet Trends 2011 ABSTRACT: 2011 has seen an increase in computer infections which put user’s systems under the control of botnet operators. Organized crime rings use the botnet platforms to gain access into user’s bank accounts and other credentialed systems. This presentation is based on our analysis of over 100,000 infected computers. We will discuss the latest trends on – Zeus and Spyeye botnets, Define botnets and discuss the business risk, Current trends, 0-day prevalence, AV evasion, and Protecting your web applications and corporate user’s computers.

Barry Price, Gafyd.net, All Things Google Abstract: Google has taken an important role in mobile computing. "Cloud" computing for email, calendars, documents, maps, and web access has significantly enabled productivity in mobile communications and information access. Google is now a major player in mobile operating systems (Android) and APPs bringing even more capabilities to mobile devices. This presentation highlights Google’s "All Things Mobile" strategy and specifically addresses the business benefits and implications of the new BYOD (Bring Your Own Device) mobile work force.

Lucy Thomson and Jennifer Kurtz, Authors: Data Breach Legal Issues and Best Practices to Mitigate or Avoid a Data Breach ABSTRACT: This presentation will be both an informative and practical guide to help attorneys, executives, technology professionals, politicians, and policy-makers better understand cybersecurity. We will covers the complexities as well as causes of data beaches. We will explain just what encryption actually means, and how your organization can move forward with practical solutions to prevent data breaches. “Data Breach and Encryption Handbook” recommended by the American Bar Association (ABA). Data breaches are escalating at an alarming rate, leaving hundreds of millions of sensitive personal data records exposed to identity theft and fraudulent use. The potential threats to both government and private sector information systems continue to grow in frequency and sophistication -- ranging from hacker attacks and insider threats to state sponsored attempts to destroy or disrupt critical missions. Mobile devices and cloud computing, as well as advanced persistent threats (APT), increase the challenges. With an average price tag of $6.7 million per incident, what organization can afford to ignore the possibility of a data breach…and the protracted investigations, lawsuits, and media scrutiny that are sure to follow. Although most data breach laws confer a legal safe harbor if encryption is in place at the time of a potential breach, achieving compliance may not be as simple as it sounds. Covered topics include: What qualifies as “sufficient” encryption? What can we learn from recent massive breaches and the security lapses that caused them? How do you comply with the sometimes contradictory hodgepodge of legal requirements for encryption (46 states, D.C., and federal data breach laws for healthcare information)? In this panel, data protection attorneys Lucy Thomson and Jennifer Kurtz join forces to lay out a strategy for the enterprise to achieve safe harbor through security best practices and improved understanding of data breach laws. They are two of the authors of the American Bar Association’s groundbreaking Data Breach and Encryption Handbook, released in February 2011.
Gary Horvath, Update on the employment in Colorado Mark Kadrich, Kaiser Mobility Joey Pelequin, Fishnet Security, Enterprise Mobile Security Policy Best Practices

All Things Mobile