Categories and Topics

Each proposal will be evaluated in one of the categories listed below.

• Management and Operations
• Policy and Compliance
• Technology

Management and Operations

Some suggested topics include:

• Business Continuity Planning
• Conducting Information Security Risk Assessments
• Developing and Maintaining Management Support
• Effective Partnerships and Collaborations
• Emerging Issues for Security Professionals
• Incident Tracking Methods and Tools
• Internal and External Audits of Information Security Program
• IT Staff Recruitment, Training, Professional Development, and Certifications
• Measuring Effectiveness: The Metrics of Success
• Organizational Change
• Outsourcing Services Securely (E-Mail, Document Storage)
• Physical Security of Information Assets
• Security Program Funding
• Strategic and Tactical Planning for Security
• Tactics to Increase Your Security Budget
• User Awareness and Training
• Other Effective Practices and Solutions

Policy and Compliance

Some suggested topics include:

• Building a Policy Framework
• Data Handling Policies and Procedures
• E-Discovery and Electronically Stored Information (ESI)
• Ensuring Appropriate Security Requirements for Strategic Partners and Vendors
• Establishing Governance of Information Security Program
• Incident Handling: Response Protocols and Notification of Affected Individuals
• Information Security Program Metrics and Accountability
• Laws and Regulations that Govern Security and Privacy
• Model Policies or Guidelines to Empower CIOs and CISOs
• Negligent Security and Emerging Standards of Liability
• Privacy Issues
• Overcoming Resistance and Getting Buy-In for Security Policies
• The Role of an Acceptable Use Policy and Other Security Policies
• The Payment Card Industry Data Security Standard (PCI DSS)
• The Relationship of Privacy to Security
• Working with Law Enforcement
• Writing, Implementing, and Enforcing Security Policies
• Other Effective Practices and Solutions

Technology

Some suggested topics include:

• Application Security, Including ERP Systems and Web Applications/Code Security
• Botnets
• Business Continuity and Disaster Recovery
• Change Management
• Computer Forensics
• Conducting Investigations
• Darknets and Honeypots
• Data Encryption
• Developing and Maintaining an Incident Response Capability
• Event and Activity Logging and Monitoring, Event Correlation, and Trend Analysis (SIM)
• Flow Monitoring, Tools, and Analysis
• Host and Network Protection Approaches (Vulnerability Management)
• Identity and Access Management
• Incident Handling Tools and Techniques
• Interinstitutional Information Sharing
• Intrusion Detection and Intrusion Prevention
• Maintaining a Chain of Evidence
• Malicious Software Trends and Current Exploits
• Messaging Security
• Network Registration and Enforcement
• Outsourcing Investigations
• Penetration Testing
• Personally Identifiable Information (PII) Scanning
• Portable Device Security
• Remote Access Security
• Sensitive Data Protection
• Software Patching
• VoIP Security
• Vulnerability Scanning
• Web Application Scanning
• Wireless Security
• Other Effective Practices and Solutions

Corporate and Campus Solutions

Corporate presentations will be accepted. Please note that these are presentations by a vendor coupled with a client institution on technology challenges and solutions. These proposals must demonstrate how the product or service has aided the institution in its mission to provide adequate information security. A vendor must meet the guidelines for proposal submission and offer a solution that is within one of the stated categories or an emerging area of concern. Choose proposal topics from any of the suggested topics that complement your company's security solutions. The conference program committee strongly encourages vendors to present with a partner from higher education. Our experience indicates that vendor sessions are much more popular if attendees are shown how the vendor product or service has added value for a peer institution, with input from people who can speak from direct experience about how the product or service has aided them on their campuses. A fee of $1,550 for corporate members and $1,775 for nonmembers will be required to present.

In addition to a proposal submission, we strongly encourage vendors to consider reserving space for a corporate display. Corporate displays (tabletop displays) have been a very effective means for corporate representatives to showcase their products or communicate their services in an informal yet highly interactive way. Although the security conference does not offer an exhibit hall, many participants have found this conference to be their key travel event of the year and have remarked on the value of learning about the products and services provided by the vendor community through these tabletop displays. For more information about these and other corporate opportunities, visit the Corporate Participation page.