September 21, 2010
Skeletons in the Closet: Securing Inherited Applications
John Dickson, Denim Group
Abstract
Many security officers worry less about the security of new applications being built and more about the security of hundreds of applications they inherited. What applications represent the biggest risk? What attributes make them more or less risky? What are the most cost-effective courses of action given budget constraints in today's business environment?
This interactive workshop will help participants understand how to attack this problem and create a risk-based approach to managing the security of an existing application portfolio using tools like the OWASP ASVS model. The session will decompose an example application to determine how to conduct a bottom-up risk profile for future risk comparison against other applications. The audience will also participate in an exercise comparing different applications to better understand the ranking process. The audience will leave with a framework, action plan and basic understanding of the risk-ranking process that they can immediately apply to their work environment.
About the Speaker
John Dickson is a principal at Denim Group, Ltd. and a Certified Information Systems Security Professional (CISSP) whose technical background includes hands-on experience with intrusion detection systems, telephony security and application security. He helps Chief Security Officers of Fortune 500 and Federal organizations launch software initiatives and has served as Chief Information Security Officer for a major healthcare organization.
John Dickson is a former U.S. Air Force officer who specialized in network defense and command and control while on active duty and Air Force Reserves. He joined Denim Group after holding several leadership positions at high profile organizations including Regional Vice President of International Operations and Director of Consulting at SecureLogix Corporation, Senior Account Manager at Trident Data Systems and Manager at KPMG's Information Risk Management consulting practice. In these positions, he specialized in network penetration projects, firewall project management, enterprise security reviews, security architecture development, intrusion detection and more.
John regularly speaks on the topic of application security at venues such as the RSA Security Conference and the Computer Security Institute's (CSI) Conferences. He is a founder and former chairman of the San Antonio Technology Accelerator Initiative (SATAI), a founder of the Alamo Chapter of ISSA, the Immediate Past Chair of the North San Antonio Chamber of Commerce and the TRISC co-chair for 2008. He currently serves on the Founders Board for the Institute for Cyber Security at the University of Texas at San Antonio and as Director of the Texas Lyceum, a statewide leadership organization.
He holds a Bachelor of Science degree from Texas A&M University, a Master of Science degree from Trinity University in San Antonio, Texas, and an MBA from the University of Texas at Austin
Please RSVP if you plan to attend.
September 21, 2010 6:30 PM
Government Printing Office
Room A138
732 N. Capitol St.
Washington, DC, 20401
Click here for details
Note that ID is required for security. Must pass through metal detector and bags will be x-rayed. Each guest must pass through a metal detector. The guards will then take him or her to a reception area for ID check. The ID will be exchanged for a visitor badge, and the guest can then be escorted to the meeting room.