11th International West Coast Security Forum

Edit Event

"The Threat of Cyber Crime and Cyber Terrorism"
It's a dangerous world we live in and each passing day, some new threat seems to appear. The terms cyber terrorism, information warfare and cyber crime seem to get used quite a bit in today's media. Whether it's hackers in Estonia conducting a massive distributed denial of service attack on their nation's systems for revenge, the CIA reporting that hackers breached power grids Africa for extortion, a bot-net herder renting out your family's PC for a denial-of-service attack, or a disgruntled job-applicant in Australia who hacked into a sewage treatment plant and reversed the flow into public parks, streams and the backyard of a prestigious hotel, no one can deny these events happen. There are countless more examples that support this assertion. Of course, invoking the word "terrorism" either inspires eye-rolling or flag-waving among many with little middle ground left for serious consideration. Unfortunately, these issues are very real and can affect even small and mid-size businesses.

But can these things happen to your organization? In varying degrees, cyber crime and cyber terrorism or information warfare can easily affect you. In the end, motive - politics, profit, revenge, etc. - is the only difference between the three, but the impact on you occurs regardless. Why would anyone attack your company? What are the means and motives of these criminals? What can you do to protect yourself and your organization? All these questions and more will be answered by the collection of professionals and experts at this year's International West Coast Security Forum.

Themes include:

Executive Level Track - Are you a Target? What are the organization's responsibilities?
Security starts at the top. A firm governance model stipulates the controls needed to ensure compliance with Legislation and regulations specific to your agency. This has raised information security to the forefront of may organizations' operations. But many questions remain surrounding what is applicable to you and how to succeed. Key issues:

Security governance & risk management
Security awareness & training
International standards & best practices (ISO 27001, Cobit, COSO, BS7799-3, etc)
Law & Liability
Auditing & Assessment
Legislation & Regulation (SOX, PCI, NERC, etc)
The role of government & law enforcement
Policies, Standards, Guidelines and Certification

Management Track - What can you do?
At a management level, being responsible for securing the enterprise can indeed be a daunting task. Some of the content to be raised will ease your burden and provide some guidance to making your program successful. Topics include:

Security program & plan development

Enterprise security architectures

Testing & auditing

Prioritizing & triage

Incident response

Data & user centric security models
Technical Track - Tools and Techniques
Hackers, Crackers, Script kiddies, and the like all have the tools and methods to get into your organization either logically or physically - do you know what they are? Knowing their methods will better prepare you for protecting your assets. Some of the topics being discussed are:

Penetration Testing methodologies

Technical network traversing

Wireless hacks

DNS / ARP poisoning

Social engineering

Web application exploits

Defensive Programming Techniques

SQL script injection / cross site scripting
Critical Infrastructure Protection - Defense for SCADA / HMI systems
Technology implementations now transcend merely bits and bytes to the physical realm which raises a whole new set of concerns and problems. Systems such as SCADA (Supervisory Control and Data Acquisition) and HMI (Human Machine Interfaces) are used by many critical infrastructure organizations controlling transportation hubs, power, water and other essential services. It is imperative that we protect them from failure. Discussions may include:

Examples and case studies

Controls commonly used

Approaches to securing critical infrastructure

Why we should or shouldn't worry