Information Security Best Practices 2009

Philadelphia, PA
Thursday, January 29, 2009

INFORMATION SECURITY BEST PRACTICES 2009
Interactive Media, Consumer Behavior and the Law

  
JANUARY 29-30, 2009

WHARTON SCHOOL, UNIVERSITY OF PENNSYLVANIA



SPEAKERS AND SCHEDULE:

   
 
January 29, 2009:  1:00pm - 6:30pm
January 30, 2009:  9:30am - 5:00pm



Day 1

1:00   Andrea Matwyshyn Welcome and Introduction
1:15   Ed Felten The Limits of Best Practices: A Case Study
2:00   DATAMINING AND   PRIVACY
David Hoffman Providing better protection of data at rest: how technology and regulation need to work together
  Eric Bradlow Bayesian Modeling with Aggregate Data: Applications to Data Fusion, Couponing, Out-of-Stocks, and Travel Paths
Ian Brown On the Toxicity of Personal Data
  Peter Fader Customer-Base Analysis Using Repeated Cross-Sectional Summary (RCSS) Data
3:00   INFORMATION   SURVEILLANCE AND PRIVACY
Christopher Slobogin Government Security Measures: Proposals from the ABA's Task Force on Transaction Surveillance
Joel Reidenberg ...
Katherine Strandburg  Emergent Associations and Relational Surveillance in Traffic Data
  Paul Ohm The Rise and Fall of Invasive ISP Surveillance
4:00   COOKIES (break)
4:15   INFORMATION CRIME
Jennifer Chandler The Legality of Technological Self-help and Self-Defense
Lilian Edwards Phishing in a Cyber Credit Crunch World: What Can Law Do?
5:00   HEALTH DATA PRIVACY
Andy Podgurski Electronic Health Information Security and Privacy
  Catherine Tucker Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records
  Kevin Cronin Securing Health Data in Consumer-Centric Environments
  Sharona Hoffman Electronic Health Information Security and Privacy
Day 2
9:30   CORPORATE NORMS: CREATING INCENTIVES FOR GOOD INFOSEC CONDUCT
Carol DiBattiste              Privacy and Information Security 101:  Have a plan
Christopher Marsden Cybersecurity and international safety: learning to drive on the left?
Gerry Lewis Combatting information threats: examples from Comcast
Yariv Brauner Tax and infosec
11:00   ENCRYPTION
Cem Paya Identity Management and Strong Authentication
  Greg Vetter Cryptography Patenting and Strategic Implications for Information Technology
  Miranda Mowbray    Cloud Computing Good Practice: anonymize or statistically summarize customer data before selling it on
12:00   LUNCH
1:00   DATA BREACHES AND DISCLOSURE PRACTICES
Caspar Bowden ...
Judith Rauhofer Data Security Breach Notification: A European View
  Michael Siebecker Encapsulated Trust, Disclosure and Data Security
  Paul Schwartz Federal and State Data Security Laws: Of Federal Preemption, Ceilings, and Floors
2:30   HUMAN FACTORS IN INFORMATION SECURITY
Diana Slaughter Defoe Comment:  Humans in the Security Equation
Elizabeth Rowe The Human Players in the Data Security Game
Gerry Faulhauber Solving the Interoperability Problem:  Are We on the Same Channel?
Lorrie Faith Cranor The Human in the Loop
3:45   COOKIES (break)
4:00   SOCIAL NETWORKS AND INFORMATION SECURITY
 Lance Hoffman      Identity, Privacy, and Security in Social Networks
  Alessandro Acquisti The Best of Strangers: Behavioral economics, Malleable privacy valuations, and Context-dependent willingness to divulge personal information
Shawndra Hill Social Network Signatures and Re-Identification for Fraud Detection 
5:00   CONCLUDING COMMENTS  
 

Andrea Matwyshyn  (organizer) 

    

  

Alessandro Acquisti

                      
    

University of Pennsylvania, Legal Studies and Business Ethics, Wharton School

    

Carnegie Mellon Heinz School of Public Policy and Management

           



  

   
The Best of Strangers: Behavioral economics, Malleable privacy valuations,

and Context-dependent willingness to divulge personal information

 

 
   

Caspar Bowden
   

 

 

Microsoft Corporation, Senior Privacy and Security Officer, EU
  

   

 

Eric Bradlow

 

 

University of Pennsylvania, Marketing, Wharton School
  

   
Bayesian Modeling with Aggregate Data: Applications to Data Fusion, Couponing, Out-of-Stocks, and Travel Paths

 

Yariv Brauner
  

 

University of Florida School of Law
  

   Data taxation

 

Ian Brown
  

 

  
Oxford Internet Institute
 

   
On the Toxicity of Personal Data

 

Jennifer Chandler
   

 

  
University of Ottawa Law School
  

   
The Legality of Technological Self-help and Self-Defense

 

 

Lorrie Faith Cranor
  

 

Carnegie Mellon University, Dept. of Computer Science
  

   
The Human in the Loop

 

Kevin Cronin

  Praxeon. Inc., CEO  
Securing Health Data in Consumer-Centric Environments
 
Carol DiBattiste    
         
    
Lexis Nexis,

SVP, Privacy, Security, Compliance & Government Affairs
  

   
Privacy and Information Security 101:  Have a plan

Lilian Edwards
  

 

 

University of Sheffield Law
  

   
Phishing in a Cyber Credit Crunch World: What Can Law Do?

 

Peter Fader

 

    

University of Pennsylvania, Marketing, Wharton School
  

   
Customer-Base Analysis Using Repeated Cross-Sectional Summary (RCSS) Data

 

 

Gerry Faulhauber
   

 

  
University of Pennsylvania, Business and Public Policy, Wharton School
  

   
Solving the Interoperability Problem:  Are We on the Same Channel?

 

 

Ed Felten
  

 

     
Princeton University, Dept. of Computer Science
 

    The Limits of Best Practices: A Case Study

 

 

Shawndra Hill

   

 

  
University of Pennsylvania, OPIM, Wharton School
  

   
Social Network Signatures and Re-Identification for Fraud Detection 

 

David Hoffman

 

 

Intel Corporation, Director of Security Policy and Global Privacy Officer

   
Providing better protection of data at rest: how technology and regulation need to work together
 Lance Hoffman     
    
George Washington University, Computer Science
   
   
Identity, Privacy, and Security in Social Networks

 

 

Sharona Hoffman

 

Case Western Reserve University School of Law / Dept. of Bioethics

   
Electronic Health Information Security and Privacy

  
Gerard Lewis
  
      
Comcast, Senior Counsel and Chief Privacy Officer
 
   
Combatting Information Threats: Examples from Comcast

  

Christopher Marsden
 

    
University of Essex Law
  
   
Cybersecurity and international safety: learning to drive on the left?
 

Miranda Mowbray
   HP Research, UK
   
Cloud Computing Good Practice: anonymize or statistically summarize customer data before selling it on

 

 

 

Paul Ohm

 

University of Colorado Law School

 

 

 

The Rise and Fall of Invasive ISP Surveillance


Cem Paya  
    
   
  
Google, Inc,
 
  
Identity Management and Strong Authentication

 

 

Andy Podgurski

 

Case Western Reserve University Dept. of Computer Science

 
Electronic Health Information Security and Privacy

   
Judith Rauhofer

 

Joel Reidenberg

 

   

University of Central Lancashire Law School/ University of Vienna 

     
Fordham Law School

   
Data Security Breach Notification: A European View





Information privacy law

Elizabeth Rowe
  

 

 

University of Florida School of Law
 

   
The Human Players in the Data Security Game

Paul Schwartz
   

 

 

University of California, Berkeley Boalt Hall School of Law
  

   
Federal and State Data Security Laws: Of Federal Preemption, Ceilings, and Floors

 

Michael Siebecker
   

 

 

Washington University School of Law / University of Florida
  

   
Encapsulated Trust, Disclosure and Data Security

 

 

Diana Slaughter Defoe

 

University of Pennsylvania School of Education

   
  
  
Comment:  Humans in the Security Equation

 

Christopher Slobogin

 

   Vanderbilt University School of Law    
Government Security Measures: Proposals from the ABA's Task Force on Transaction Surveillance

 

Katherine Strandburg

 

   Fordham University School of Law/ Depaul University School of Law    
 Emergent Associations and Relational Surveillance in Traffic Data

Catherine Tucker

 

  
  

 

Greg Vetter

 

   
   
Massachusetts Institute of Technology

     
    
University of Houston Law Center

 

 

Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records

 

 Cryptography Patenting and Strategic Implications for Information Technology

 

 

Payment Instructions

  •      


    REGISTRATION LIMITED TO 60 PARTICIPANTS


          
       
      
    REGISTRATION FEES:

    • $5000 - corporate 15 registrations group discount

    • $400 - individual corporate practitioner registration

    •   $350 (each conference)  - individual joint registration with WIMI social networks conference

Copyright © 2014 The Active Network, Inc.