Mid-Atlantic CIO Forum - Meeting Announcement Topic: Data Leakage Protection Date: February 19, 2009 Location: Towson University Please plan to join CIO members and invited guests at the February 19 meeting of the Mid-Atlantic CIO Forum. The topic for this meeting is “Data Leakage Protection”. “Data leakage is one of the most critical information security challenges confronting businesses, employees, and consumers around the world.” (Cisco, 2009). With the expanding universe of data resources and technological capabilities at the hands of employees, the threat of misuse, overexposure and outright theft of critical company data is a challenge that must be addressed far beyond technological prevention measures such as firewalls and intrusion detection systems. First, Steve McOwen, Director, Security Services, Corporate Security Programs Organization, Cisco Systems, Inc., will identify common data leakage mistakes, and discuss how businesses can tailor their security approach to prevent incidents. “One of the most prominent security concerns for businesses is the loss of corporate information. Businesses are enabling employees to become increasingly collaborative and mobile. Without modern-day security technologies, policies, awareness and education, corporate information is more vulnerable.” Mr. McOwen will provide insights into the evolution of such threats, the emergence of data-specific money-driven attacks, and highlight key global research into employee mistakes, business impacts, and cultural issues that are endemic in data leakage. He will present successful practices and strategies for prevention of data leakage. Second, Rick Doten, senior security specialist associated with Verizon Business Security Solutions, will provide further insight into data loss prevention. “The definition of Data Leak Prevention is different for every organization. Some consider the filtering of Web and Email content, others focus on endpoint security and controlling writing to peripherals and USB drives. This session will discuss the different considerations, goals, and technology for the different approaches to help provide guidance to create a process that is realistic and manageable for your organization. Throughout the session, real world examples from data breaches will be provided and discussed. There will also be discussions of examples of good implementations of the Data Leakage Protection process and technology.There will be discussions on data classification, how to choose, and the importance of implementing technology that map to corporate policies. Finding the right technology for your organization requires first defining requirements and developing a process to manage it. One key challenge that will be discussed is getting different internal organizations working together effectively to achieve the goal since desktop, network, security, audit, email are usually managed by different teams within large organizations.” This meeting is a Roundtable Plus meeting. Only CIO members, guest CIOs and guests invited by CIO members for this roundtable will be attending. The roundtable format will be used and all participants will have signed a non-disclosure agreement (NDA). Please join our members at the meeting! The meeting starts at 8:00 AM and ends by 1PM. Brunch and lunch are provided. Pre-registration is required. Meeting logistics including agenda, directions to the meeting place and parking information will be emailed to you after you register. For registration for this meeting, please contact: Bonnie Lawson at blawson@towson.edu or 410-704-4252 | 
