 |
The Georgetown
Law Center and ISSA Conference on
Emerging Trends in Information Security and the Law
“Plausible Deniability is Dead”
November 9-10, 2006
Georgetown University Law Center
Washington, DC
Conference Summary:
CEOs, CIOs, CISOs and legal professionals need to understand the developments
in regulations and statutes that have led to convergence of issues
between information security and inhouse and outside counsel. Business
planning must consider the business drivers of the legal and security
factors to be successful. This two-day conference is designed for
CxOs and legal counsel together with a combination of panels, presentations
and interactive sessions to highlight key success strategies for the
transparency required for business integrity, security and compliance.
Benefits of Attendance:
• Gain an understanding of the
legal standards for information security
• Develop skills
for teaming legal and IT professionals in complex commercial transactions
• Learn how computers and IT security impact corporate governance
• Acquire insights into how to depose and cross-examine information
security professionals
• Understand the liabilities associated
with not understanding information security controls
•
Acquire strategies for improving privacy statements and compliance
• Learn how to prepare outsourcing agreements that are effective
in managing security and privacy requirements
• Be prepared
for the lawyer’s role when computer systems are attacked
• Understand how computer forensics can alter traditional discovery
strategies |
| Thursday, November 09,
2006 |
| 8:30am – 8:45am |
Welcome & Introduction
Paul B. Kurtz, Executive Director, Cyber Security Industry Alliance
Lawrence Center, Executive Director, Georgetown CLE |
| 8:45am – 9:30am |
Opening Keynote:
Richard A. Clarke |
| 9:30am – 10:15am |
Where We’re Headed – New Developments and Trends
in the Law of Information Security
Thomas J. Smedinghoff
This session will focus on recent key cases, legislation, and regulations
relating to information security, and examine the impact of those
developments on corporate obligations to address security, and on
corporate liability for failure to do so. Putting these events in
perspective, this session will identify the big picture trends emerging
from seeming unrelated security law developments. |
| 10:15am – 10:30am |
Networking Break |
| 10:30am – 11:15am |
New and Evolving Challenges for CEOs -- Corporate Governance
and IT Security
Moderator: John S. Tritak
Participants: John W. Carlson
Lisa J. Sotto
Marios Damianides (invited)
If securing critical IT infrastructures is a "shared responsibility"
among suppliers, end-users and government, what are the specific responsibilities
of corporate end users to adopt information security governance practices,
and should practices vary according to risk levels or other factors? |
| 11:15am – 12:30pm |
Law & Technology: Strange Bedfellows?
Moderator: Vincent I. Polley
Participants: Susan Koeppen
Stewart Pomerantz
Thomas J. Smedinghoff
Rhonda E. MacLean
Effective counseling requires communication between lawyers and those
who manage IT resources. The panel will chronicle the a case study
FTC consent decree and the emergence of cooperative teaming arrangements
between counsel and engineer and manager. |
| 12:30pm – 2:00pm |
Networking Lunch |
| 2:00p – 2:15pm |
Afternoon Introduction
William J. Cook |
| 2:15pm – 3:45pm |
The Expert Witness and the Cross Examination
Attorneys: Mark J. Zwillinger
Paul R. Gupta
Expert Witness: Greg Schaffer, Former CISO Alltel (invited)
By now, everyone has heard about legal cases in which a corporation
is alleged to have been negligent in securing sensitive information
under its control, but unfortunately, few CISOs have had yet the experience
of sitting through a deposition or examination where each one of their
security decisions is subjected to legal scrutiny. In this one-hour
session, two experienced information security attorneys will conduct
a mock examination of a CISO whose decisions and action (and budgetary
constraints) will be the lynchpin of a possible negligence action
by on corporation against another. |
| 3:45pm – 4:00pm |
Networking Break |
| 4:00pm – 4:30pm |
Follow-up: The Decision, Question and Answers Session |
| 4:30pm – 5:00pm |
Day 1 Summary
Marc Rotenberg |
| 5:00pm – 7:00pm |
Networking Cocktail Reception |
| Friday November 10,
2006 |
| 8:30am – 8:45am |
Welcome & Introduction and Recap of Day
1
David M. Cullinane |
| 8:45am – 9:30am |
Opening Keynote
Moderator: Prof. John D. Podesta
Participants: Prof. Eugene H. Spafford |
| 9:30am – 10:15am |
Critical Topic Presentation - The Need for Transparency
in Privacy StatementsSpeakers: Prof. Annie I. Antón
Larry Ponemon (invited)
Research indicates that transparency in privacy statements and practices
may hold competitive advantage for consumer confidence in Internet
transactions and commerce. Yet, there are practical issues many firms
face that impede the ability to reach a standard of care where privacy
statements are complete, clearly understood by consumers, and able
to be fully verified. This session will explore the facts uncovered
in research, and challenges that companies must overcome to be able
to declare complete transparency that is necessary for an environment
of trust. |
| 10:15am – 10:30 am |
Networking Break |
| 10:30am – 11:15am |
Governance: The Art and Science
Moderator: Rhonda E. MacLean
Participants: Anish Bhimani
John J. Huffstutler
Jim Maloney
Developing an effective framework is essential to providing leadership,
increasing accountability and measuring effectiveness. The presentation
will outline how people, policy, process, and technology make up the
crucial ingredients. The panel will discuss experiences and lessons
learned from each member’s unique perspective. This panel interaction
will provide valuable insights and considerations when implementing
a compliance and governance program in the real world. |
| 11:15am – 12:00pm |
Panel Forensics in e-Discovery
Moderator: Anne Rogers
Participants: Troy Larson
Eric M. Friedberg
AJ Venit (invited)
Using forensics for:
a) incident investigations
b) compliance/enforcement
e) litigation support
This panel approaches this topic from the viewpoint of the corporate
environment, ranging from Large corporations (that have historically
faced this and have applied a growing amount of resource to it)
down to the small to medium business entities (that may have thought
this was an unlikely problem for them until the burgeoning growth
and evolution of eDiscovery and the new Federal Rules changes.)
- Preface: the changing environment and predominance of electronic
records
- Observations on the shift toward electronic discovery as a common
part of litigation (civil and criminal)
- eDiscovery Complexities: differences and cautions in preserving,
collecting, handling and producing electronic evidence as opposed
to physical/paper evidence
- Cost factors and business case analysis |
| 12:00pm– 12:15pm |
Networking Break |
| 12:15pm – 1:00pm |
Outsourcing but Keeping Control of your Compliance
Requirements
Moderator: Jody R. Westby
Participants: William Henley
C. Peter Pampillonio
William A. Tanenbaum
This panel will explore the challenges companies face in managing
their privacy and security compliance requirements in the outsourced
environment, whether domestic or offshore. It will also address
privacy/security legal considerations in Master Service & Service
Level Agreements and governance over the outsourced operations.
|
| 1:00pm – 2:30pm |
Networking Lunch |
| 2:30pm – 2:45pm |
Afternoon Introduction
Karen Worstell |
| 2:45pm – 4:00pm |
Incident Response Scenario: Responding in Real Time
Moderator: Richard Power
Participants: Eric Dezenhall
Ed Skoudis
Jody R. Westby
This panel will consist of four panelists role playing as CEO,CSO/CPO,
General Counsel, and PR/Communications and responding in real time
to an incident response scenario. They will explore legal considerations,
communications and public relations pitfalls, fiduciary responsibilities
and governance concerns, and operational considerations. |
| 4:00pm – 4:45pm |
A View on Privacy from the FTC
FTC speaker to be invited |
| 4:45pm – 5:00pm |
Event Summary – Key Takeaways and CxO/Counsel Action
Plan
Karen Worstell |
| |
ISSA has created the perfect membership program for you. The CISO Executive
Membership program delivers the networking opportunities, content, and
resources high-level security professionals are looking for.
Join us at CISO Executive Forum in Washington D.C. to check out this
unique program and meet other industry leaders as you tackle current issues
and discuss solutions.
Don’t miss the chance to be a part of this exclusive program, offering
members: Free registration for 4 events a year, including lodging for
one night and all meals Extensive networking opportunities with peers
and experts Privileged access to online information and discussion forums
And for Charter Members... Direct input on the content of online services
and events!
The CISO Executive Membership offers:
- Access privileges to tailored sources of online information
- Interaction with peers through exclusive online discussion forums
and events
- Educational seminars and online discussions with top industry experts
- An effective forum for understanding and influencing relevant legislation
- A unified voice to influence vendors throughout the industry
Don't miss this opportunity to take part in this exclusive Executive
Forum, and be sure to invite friends and colleagues who would benefit
from ISSA's new CISO Executive Membership.
Please contact ISSA Headquarters at (206) 388-4584 x101 or meetings@issa.org
with any questions.
Become a member!
Click here to register for the exclusive CISO Executive Membership program.
© 2004 Information Systems Security
Association
Copyright
and ISSA Logo Use Policy
All Rights Reserved
Privacy
Policy
|
