3rd Security Practitioners Conference
Evolving Security Architectures and Trends in Managing Risk and Compliance
July 22-23, Toronto, Canada

Objective of Meeting

This third Security Practitioners Conference featured plenary presentations, addressing a range of key security issues including:

• Security Architectures
• Virtualization & Cloud Computing,
• Trends in Governance, Risk, & Compliance (GRC)

Summary

The two-day event gathered security subject matter experts to discuss a range of security issues primarily focused around architecting information security, security and identity issues in cloud computing, and governance, risk, compliance, and audit.

The presentations can be accessed from the links below under separate headings as follows:

• Wednesday July 22
• Joint Stream: Security & Identity Issues in Cloud Computing
• Thursday July 23

The presentations referenced below are freely available only to members of The Open Group and conference attendees.

Wednesday July 22

Plenary: Architecting Information Security

• Welcome & Introduction
  Allen Brown, President & CEO, The Open Group and
  Jim Hietala, VP Security, The Open Group
• The Disciplines of Information Security and Security Architecture: Two Complementary Ambits
  Murray Rosenthal, CISA, Senior Policy Analyst – Security, Risk Management, & Information Security, I&T Strategic Planning & Architecture, I&T Division, City of Toronto
• Debunking the Doomed Approach to Virtualization Security
  Manu Namboodiri, Vice President, Marketing, BitArmor
• Developing the Corporate Security Architecture
  Alex Woda, Practice Director, Avient Solutions Group
• New Approach to Architecting Security
  Steve Whitlock, Chief Security Strategist, Boeing
• Building Reference Security Architecture
  Predrag Zivic & Bob Steadman, Loblaw, Canada

Joint Stream: Security & Identity Issues in Cloud Computing

Host: Mike Jerbic, Trusted Systems Consulting Group

This was a joint stream with the Architecture Practitioners Conference.

Target Audience: Security Architects, Security Practitioners, Enterprise Architects, Applications, Technology, and Solutions Architects

• Cloud Computing Privacy and Security Issues
  Tim Brown, Vice President & Chief Architect, Security Management, CA, Inc.
• Cloud Security Alliance: View of Cloud Architectures and Security
  Chris Hoff, Cloud Security Alliance; and Director of Cloud and Virtualization Solutions, Data Center Solutions Group, Cisco
• Alignment of CSA and Jericho Forum Cloud Architectural Views
  Steve Whitlock, Chief Security Strategist, Boeing, and Jericho Forum Board member
• The Cloud Security Debate: Is Cloud Computing More or Less Secure than Traditional In-House IT?
  Moderated by Dana Gardner, Principal Analyst, Interarbor Solutions, and ZDNet Blogger
  Panelists: Glenn Brunette, Distinguished Engineer & Chief Security Architect, Sun Microsystems, and Cloud Security Alliance member
  Doug Howard, Chief Strategy Officer, Perimeter eSecurity, and President, USA.NET
  Chris Hoff, Director of Cloud & Virtualization Solutions, Cisco , and Cloud Security Alliance member
  Dr. Richard Reiner, Chairman & CEO, Enomaly

Thursday July 23

Plenary: Governance, Risk, Compliance, & Audit

• Introduction & Opening Remarks on Governance, Risk, Compliance, and Audit
  Jim Hietala, VP Security, The Open Group
• IT Security Pay, Skills Demand, and Career Trends
  David Foote, Foote Partners LLC
• Beyond COBIT: Implementing COBIT, ITIL, ISO 27000, and Six Sigma  
  Peter Davis, Principal, Peter Davis & Associates
• XDAS Audit & Logging Standard for Servicing Today's Regulatory/Compliance Requirements
  Joël Winteregg, CEO, NetGuardians, Switzerland
• NIST View on Standards for Compliance
  Tim Grance, Senior Computer Scientist, Information Technology Laboratory, NIST
• Compliance Tools and Methodologies – How the ACEML Standard will Meet Industry Needs
  Shawn Mullen, IBM
• Overview of Cloud Security Alliance: Governance, Risk Management, Compliance, & Audit (GRCA) Domains
  Shawn Chaput, Cloud Security Alliance; and Executive Security Consultant & Chief Architect, Privity Systems, Inc.
• PANEL AND WORKSHOP: Developing Requirements for Governance, Risk, Compliance, & Audit beyond the CSA 1.0 Guidance
  Moderated by: Shawn Chaput, Cloud Security Alliance, and Executive Security Consultant & Chief Architect, Privity Systems, Inc.

Outputs

The presentations and panel sessions were delivered by security professional practitioners from both vendor and customer organizations, and provided experience-based insights into the approaches and methods that are currently in use and under development in the information security industry.

The presentations given at the meeting, and the associated discussions and panel sessions, all provided participants with a wealth of experience-based insight into current best practice in security, from leading experts and practitioners around the world.

Next Steps

The next Security Practitioners' Conference will be held in Hong Kong, China, October 20-21 2009.

If you are interested in presenting at a future conference, then please submit a Presentation Proposal.

Links

More about The Open Group Security Forum