Joint Conferences Tutorial

This tutorial is motivated by the need for closing the gap between software development and data management practices, and the current state of security and privacy regulations. This tutorial seeks to give an overview on the legal and regulatory requirements for data safeguards and critical system security as it has evolved through extensive financial reporting requirements. This tutorial will also review the state-of-the-art research and best practice in some related areas; e.g., bridging host/network integrity management with intrusion prevention/detection for forensic analysis, and the concept behind entropy based zero knowledge approach for privacy and/or confidentiality protection.

1. Cyber Law - the basics of intellectual property and privacy protection as well as the frameworks of regulatory controls.
2. Bridging intrusion analysis and forensic explanation for fulfilling regulatory reporting requirements.
3. Intellectual Property - safeguarding data as economic property and forensics challenges when data is exploited.
4. Privacy protections: information-theoretic research and best practice.
5. For better or worse: the role of data mining on discovering new useful information and reverse identification from aggregated data.
6. The driving compliance issues: Sarbanes Oxley, HIPAA, GLBA and 1386.

his tutorial is derived from the nation's leading executive forum on IT Security which has been attended by over 3,000 IT security managers and reflects the need for a solid understanding of the legal and regulatory framework we now must consider in all aspects of our systems lifecycles.
Who should attend: This tutorial provides a vital foundation in security that is essential for all systems developers, designers, programmers and analysts. Security must become an integral component of all systems and not an add-on appendage created only after the systems have been exploited. In addition, researchers, technology developers/managers, and students interested in an overview of the selected research topics and challenges in the field can also benefit from this tutorial.
As a value added service, attendees of this tutorial may qualify for earning CEP credits towards the proficiency requirement of CISSP.

Kenneth W. Kousky, Founder & CEO of IP3, Inc.: Ken Kousky is a veteran of the IT software and services industries. Few individuals are able to blend such a broad range of experience and expertise as an executive (Ken was Founder and CEO of Wave Technologies, a NASDAQ publicly-traded independent technology company for six years), as an educator (he's taught at the University of Pennsylvania and Washington University in both the School of Engineering, the School of Arts & Sciences and the Business School as a teaching fellow, adjunct professor, and as Director of the Center For Communications and Network Management), and as a technologist (he's been a software industry executive and holds a CISSP, (Certified Information Systems Security Professional). His years of experience as both an educator and an entrepreneur (recipient of Entrepreneur of the Year award) are reflected in his business and professional accomplishments. He is a visionary in the computing technology, education and marketing industry with three successful start-ups, two major mergers and an IPO under his belt.
Today Ken is CEO of IP3, Inc., an information security consulting firm, and serves on the IEEE New Standards Committee. He also serves on the advisory boards of several universities: Saginaw Valley State University’s College of Business & Management Advisory Board, St. Louis Public School Foundation, Webster University's Business School Advisory Board, and Washington University Arts and Sciences and National Council.
Ken received his Master's degree in Economics from the University of Pennsylvania in 1978. He also holds a Bachelor's degree in Economics and Urban Studies from Washington University.

Professor Bon K. Sy, Ph.D., CISSP, Queens College & Graduate Center/CUNY: Bon Sy received his Ph.D. (1988) in Electrical and Computer Engineering from Northeastern University in Boston, Massachusetts. He is currently a full Professor of the University Graduate Center and Queens College of the City University of New York (CUNY). From September of 1997 to August of 1998, he was on sabbatical leave joining the PAMI (Pattern Analysis and Machine Intelligence) Group as the visiting Associate Professor of the University of Waterloo, Canada. He recently joined the rank of CISSP as certified by the International Information Systems Security Certification Consortium.
Professor Sy has over 60 prestigious journal and conference articles to document his funded research projects. He is the holder of the patent on his data mining technique for model discovery, and the lead author of the book entitled “Information-Statistical Data Mining” published by Kluwer Publishing (now Springer) at 2003 in its International Series in Engineering and Computer Science. He has served as an invited expert to testify in front of the Technology Committee for Government of the New York City Council, the academic chair and invited speaker of the VoIP security expo, as well as the chair for the conference workshop in data mining for security control included in DMIN06.