The Forum will provide a unique venue for discussion of current and future electronic security needs in the financial services sector. By participating in the Forum, financial services companies will have a heightened awareness of current and future security challenges and their potential solutions. Additionally, the Forum is an opportunity to network with other financial services security experts in the New York region. As a research and development center, the Institute for Security Technology Studies seeks to identify the most pressing security technology needs and build partnerships with financial services leaders.

Attendees may participate on an anonymous basis. This will allow discussions to take place without the content of the discussions being associated with a specific organization. Attendees are encouraged to submit questions or scenarios for discussion which will be conveyed to the group on an anonymous basis.

Forums will be be held biannually.

• 8:30 - Continental Breakfast
• 9:00 - Introductions and Overview
  Introduction to the Dartmouth College Institute for Security Technology Studies (ISTS) and the members of the Investigative Research and Infrastructure Analysis (IRIA) group that will be involved with the day's discussions.
• 9:15 - Training and Useful Tools
  Overview of new security technology under development by IRIA and training material provided to each attendee.
• 10:15 - Break
• 10:30 - Moderated Discussion of Scenarios (Including scenarios submitted by attendees)
  Discussion of policy and procedure issues as they relate to security management.
• 12:00 - Working Lunch
  Attendees form break-out groups for discussion of technical issues as they relate to security management.
• 1:45 - Break
• 2:00 - Reassemble and Review Feedback from Group Discussions
  Moderated discussion of ideas generated by break-out groups. Meritorious or unique ideas will be offered to all forum attendees for further discussion and review.
• 2:30 - Additional Moderated Discussion of Scenarios
  Discussion of additional scenarios generated by attendees prior to or during the forum.
• 3:30 - Wrap-up
  Evaluation of the benefits of the forum and its continuation. Discussion regarding establishing a Corporate-ISTS relationship.
• 4:00 - Adjourn

How do you convince management that maintaining a strong security posture involves more that just installing a firewall?

The media has placed much attention on the importance of deploying firewall technology in order to protect a network's perimeter. While a strong perimeter is important, the "soft and chewy inside" portion of the network must be addressed as well. Insider threats, payload based attacks, and other variations must be equally addressed. The problem facing many security professionals is how to get upper management to recognize this threat and allocate resources to deal with potential problems before an embarrassing incident occurs.

How do you mitigate the risk of remote users who are connected full time to the Internet through a cable modem but frequently use a Virtual Private Network (VPN) to gain access to corporate resources?

Many organizations have made the move to leveraging VPN technology in order to allow remote users access to internal network resources. The "problem" raised by this type of connectivity is that the user's home system now becomes an extension of the internal network. Since this home system does not have the benefit of sitting behind the corporate firewall, how does one mitigate the risks of the home system being used by an attacker as a conduit to attack the internal network? How can the IT staff ensure that whatever security precautions are implemented on the home system are not simply removed by the home user or anyone else with physical access to the system?

For additional information on this event, or to submit a topic for discussion, please e-mail seef@ists.dartmouth.edu

For directions to the Princeton Club, click here