InfoSec World is Back! Human (and Canine!) Experts to Share Their Cybersecurity Secrets and Know-How

• Keynotes address pertinent issues including: our security journey so far, its impact and ways to course-correct; the need for “reasonable security” as defined by law; fighting cybercrime with K9 electronic detection; and quantifying risk to build a defensible cybersecurity budget
• Hands-on learning opportunities via real-life simulations and gamified training and competitions
• Hear from experts drawing from more than a decade of cybersecurity experience, ten-plus years of data breach research and numerous enterprise case studies

SOUTHBOUROUGH, Mass., November 9, 2017 – MIS Training Institute (MISTI), the international leader in information security, audit and IT audit training, is pleased to announce InfoSec World 2018 Conference and Expo, scheduled for March 19-21. One of the longest running annual conferences dedicated to the business of information security will take place at Disney's Contemporary Resort, Lake Buena Vista, Florida.

This year’s agenda addresses information security issues and questions plaguing security professionals at all types and sizes of organizations. Talks cover a diverse range of topics, such as: information security best practices in the age of cloud, IoT and data analytics; building the ideal security architecture for complex, dynamic, and interconnected systems; effective incident management; and the automation and commoditization of information security, and many others.

“Today’s security professionals need skills to be both a business partner and enabler, and the technical expertise to prevent, detect, and respond to security challenges,” said Katherine Teitler, Director of Content, MISTI. “Our goal for InfoSec World is to provide a platform that brings together security practitioners to advance their knowledge of the technologies, processes, and procedures that allow them to run a more secure, agile business, and enable them to identify, manage, and communicate information security risk throughout their organizations.”

The three-day main conference features expert keynote addresses, stimulating panel discussions and interactive roundtables, hands-on tech labs as well as informative breakout sessions. Additionally, InfoSec World 2018 offers hands-on pre- and post-conference workshops. Focused summits on CISO Leadership, Cloud Security and Privacy and Risk are also scheduled. To top it off, this gathering provides a rare opportunity for information security professionals to network, in an intimate yet vibrant setting, with more than 1,000 attendees from a range of industries, professional backgrounds and countries.

Must Attend Sessions at InfoSec World 2018 Include:

The wide-ranging agenda covers all aspects of cybersecurity, including: information security management and strategies; hacking and the threats landscape; governance, risk and compliance; and information security infrastructure and operations. Listed here are the keynotes sessions this year.

“Are We There Yet?” - Getting There Is Only Half the Trip
By Amélie E. Koran, Deputy CIO, U.S. Department of Health and Human Services, Office of the Inspector General
We are now in the midst of the next wave of information security, with a more diverse and dispersed talent pool, varying and more advanced threats and millions of potential attack surfaces multiplying by the hour. Are we in good hands, or do we need to hand over the driver’s seat to somebody else? This talk takes a high-level view of information security practices thus far – addressing the good and the bad, where those practices have led us and what we, as a security community, need to do as we move forward.

Are We Over-Investing or Under-Investing in Cybersecurity Year Over Year? How do We Know?
By Devon Bryan, Executive Vice President and CISO for the Federal Reserve System
In what ways can we provide defensible and quantitative responses to calculate ROI and justify the cybersecurity budget to the Board of Directors? Furthermore, how do we assure the organization’s leadership, including the CFO, that the security organization is rightly prioritizing cybersecurity financial investments against the organization’s riskiest items? This keynote address explores contemporary approaches to defensible cybersecurity budget and investment priorities, based on risk quantification techniques.

Integration of the Electronic Storage Detection K-9
By Ian Polhemus (Detective K9 Handler, City of Seattle), Todd Jordan (K9 Electronic Detection Expert), Bear (Labrador Retriever, Electronic Detection K9, Cybercrime Fighter)
Though cyber investigators can track down more digital information than most criminals think, retrieval of data from external sources—hard drives, USBs, and detachable storage—can provide additional evidence and speed up processes that might otherwise take weeks or months to uncover. But did you know that electronic storage devices can be detected by scent?

This keynote address introduces attendees to the newest technology component in K-9 investigations. It provides an overview of the Electronic Storage Detection (ESD) K-9 program, including the law enforcement and civilian applications in use today. Attendees will also see a live demonstration from one of these exceptional K9 - “Bear” who became famous after finding key digital evidence in the Jared Fogle child pornography case.

Getting to “Reasonable” and Learning to Love “Grey”
By Whitney Merrill, Privacy, eCommerce and Consumer Protection Counsel, Electronic Arts (EA)
The Federal Trade Commission (FTC), the leading privacy and data security law enforcement authority, requires companies to implement “reasonable security” to protect personal information. But what does “reasonable” mean? Does PCI or SOC 2 compliance suffice? If you look at the term “reasonable security” and cringe, asking yourself, “well…where’s the checkbox of things I need to have to have reasonable security,” you’re doing security wrong.

This talk discusses the long history of “reasonableness” in law, why reasonableness should be embraced and how to approach creating a reasonableness-based data security program.

Preparing Security Professionals for the Next Wave of Cyber Threats:
InfoSec World 2018 introduces Tech Labs and Tech Challenges, which offer information security professionals opportunities to gain firsthand experience and learn from seasoned professionals in real-life security scenarios.

Tech Labs
These 2-3 hour sessions are hands-on, guided learning for participants. Students learn new skills by working through real-life red and blue team simulations. An expert mentor guides them through written instructions to complete the full exercise.

Capture the Flag Tech Challenges
In teams of up to four people, InfoSec World attendees, sponsors, and students are invited to participate in a prepared Capture the Flag challenge taking place among all the action in the Expo! Teams will have to combine their knowledge and skills sets to compete together and complete the challenge. Each team’s real-time progress will be projected on a big screen, so bring your A-game!

The listed features only represent some of the highlights of the highly interactive and topical program. For more information on the conference, its detailed agenda as well as logistics, please visit: https://infosecworld.misti.com.

To become a part of this vibrant community of global information security experts, register today!

About InfoSec World Conference and Expo
For more than 20 years security professionals have made InfoSec World the “business of security” conference. Produced by MIS Training Institute (MISTI), InfoSec World assembles information security professionals from every market and field of study, from nations around the world.

About MIS Training Institute
MIS Training Institute (www.misti.com) is the international leader in information security, audit, and IT audit training. MISTI has trained more than 200,000 delegates across five continents, offering conferences, on-site training, and seminars in Information Security, Internal and IT Auditing, SOX Compliance, Network Infrastructures, Operating Environments, and Enterprise Applications, as well as Web-based training.