I'm presentating two sessions from TechEd (written by Steve Riley, Jesper Johansson and Byron Hynes) tomorrow night (Tuesday 18th October) in our office on Thames Valley Park near Reading - the event's free to attend. If you'd like to join us then browse here to book your place.
The details are listed below:
Session One: Security Myths
Far too much of what we do in security does not have any real impact on security, not to mention that it does not map to any realistic threats that you have decided to mitigate as part of your overall risk management strategy. In this session, we cover the top ten things that security professionals do that do not have any real impact on security. In some cases, these steps actually have exactly the opposite effect, as they compromise confidentiality, integrity, and/or availability instead of improve it.
Session Two: Protecting Privacy on the Microsoft Platform
In the era of proliferating privacy regulations worldwide, encryption requirements are everywhere. However, "encryption" doesn’t necessarily mean protection — if we hand over the keys to a robber, then he’s going to get in our house despite the lock on the doors. We’ll discuss various encryption approaches that organizations have proposed or deployed, and distinguish between those that merely satisfy a simple "checkmark" on a privacy auditor’s list, and those that actually provide the protection that was intended by the regulations. We’ll also explore encryption options in Windows and delve into how Windows protects important secrets.