"The sessions will cover security practices and standards that explicitly address mitigating exploitable software weaknesses that represent the sources for future zero-day attacks,”says Joe Jarzombek, director of software assurance at DHS.
Palm Harbor, FL (PRWEB) July 21, 2011
(ISC)2® (“(ISC)-squared”), the world’s largest information security professional body and administrators of the CISSP®, announced today that its inaugural (ISC)2 Security Congress will include a six-session Software Assurance (SwA) Workshop developed by the U.S. Department of Homeland Security (DHS) as part of a broader Application Security Track that will help security professionals in both the software development and operational communities identify software risks and ensure that effective security is built into enabling applications.
The (ISC)2 Security Congress, co-located with the 57th ASIS Annual Seminar Exhibits, will be held Sept. 19-21, 2011, at the Orange County Convention Center in Orlando, Fla. Attendees will hear keynote speeches by Jeb Bush, Vicente Fox and Burt Rutan and can select from among 22 educational tracks and 200 sessions covering a range of timely security topics.
“The SwA Workshop is intended for both software developers and information security professionals,” says Joe Jarzombek, CSSLP, PMP, director of software assurance at DHS. “It will address why the provision of reliable, resilient, robust and secure software—from the process control systems to commercial applications—is paramount to the protection of the nation’s critical infrastructure. The sessions will cover security practices and standards that explicitly address mitigating exploitable software weaknesses that, if left unaddressed, represent the sources for future zero-day attacks.”
Among other highlights, the Workshop will feature a welcome session and wrap-up panel discussion with Mr. Jarzombek. Other sessions in the SwA Workshop include the following:
- How to Measure Software Security—Bob Martin, CSSLP, principle engineer for the MITRE Corp.
- Why Do Developers Make Dangerous Software Errors?—Michele Moss, CISSP, CSSLP, lead associate at Booz Allen Hamilton
- Improve Your SDLC with CAPEC and CWE—Paul Nguyen, CISSP, CISA, CGEIT, vice president of cyber solutions for Knowledge Consulting
- SwA and the Cloud – Counting the Risks—Andy Murren, manager, Security & Privacy Services Group, Deloitte & Touche LLP
The broader Application Security Track at the (ISC)2 Security Congress will cover such topics as the fundamentals of application security; what it takes to develop secure applications and increase security “app-titude”; how to justify spending critical resources on software security; choosing the right vendor tools to aid in the development of secure code; and software assurance best practices.
“According to the (ISC)2 2011 Global Information Security Workforce Study, information security professionals now cite application vulnerabilities as the No. 1 threat,” says (ISC)2 executive director and former chief information officer (CIO) of the U.S. Department of Interior, W. Hord Tipton, CISSP-ISSEP, CAP, CISA. "We believe that providing a platform for the world’s most knowledgeable software security experts to discuss how software developers and information security specialists can effectively address security risks will go a long way toward reducing application vulnerabilities.”
For more information about how to attend the (ISC)2 Security Congress or for details on the Software Assurance Workshop and Application Security Track, please download the official (ISC)2 Security Congress Brochure.
Courtney Jewell Beveridge
© 2011, (ISC)² Inc. (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CAP, SSCP and CBK are registered marks of (ISC)², Inc.
Tags: (ISC)2, Security Congress, CSSLP, Hord Tipton, software assurance
# # #