InfoSec 2010 - A "must visit" show

InfoSec is rapidly approaching. This is a hugely important show for anyone that is involved in information security. I will be there meeting up with friends old and new, plus presenting at a couple of sessions;

Wrestling with PCI DSS Compliance - A Unique Look at Achieving Compliance From An Auditors' Perspective

11.00hrs Tuesday 27th April

Everyone that accepts credit cards must live up to the Payment Card Industry Data Security Standard (PCI DSS). Since 2006, enterprises have worked to achieve compliance with the evolving standard even as major retailers and payment processors continued to be in breach. With another PCI DSS update arriving at the end of 2010, how can IT teams be best prepared to protect their business and achieve compliance? Who better to ask than the auditors responsible for assessing and reporting compliance at the world's largest merchants, Qualified Security Assessors (QSAs). That's exactly what the Ponemon Institute and Thales set out to do and have just published in their new research. Hear from the researchers and an experienced QSA to learn more.

Issues this discussion will consider include:

• Understand what auditors find most important and challenging
• Select the technologies for achieving compliance that auditors find most effective
• Reduce the cost for compliance with the right data protection strategies
• Learn auditor recommendations for improving the PCI DSS program
• Plan for updates auditors expect to PCI DSS in 2010
• Evaluate their cost of assessment compared to other organisations

Tim Holman, QSA & CTO,Blackfoot UK
Larry Ponemon, Chairman, Ponemon Institute
Bryta Schulz, Vice President of Product Marketing for the information technology security activities, Thales

Compliance - How To Defend Yourself and Stay Out of Court

12.15hrs Thursday 29th April

Complying with what seems to be a never-ending wave of regulation has always been a difficult task, however it seems that we are now at a critical-mass of compliance, where the chances to fall foul have never been so great. So how can you avoid disaster and, if disaster should strike, what should you do?

Issues this discussion will consider include:

• Does good security = compliance?
• Crisis response should it all go wrong
• The importance of compliance—bringing it back to reputation and the bottom-line
• Is compliance possible in a global economy?
• Top tips for effective recovery and damage limitation

Tracey Andrew, Head Of Information Security & Compliance, Berkshire Shared Service
Keith Attfield, Ex-Director Of Information Security & Information Risk Specialist, Veolia Water
Shash Patel, Intellectual Asset Protection & Data Privacy, Air Products
Stuart Room, Partner, Field Fisher Waterhouse LLP

These should be interesting sessions and the panels will be up for a good interactive session with the audience—so come prepared with your difficult questions!