RSA 2014安全大會(huì)將于2月24日-28日在舊金山舉辦。圍繞威脅最新趨勢(shì)和安全產(chǎn)業(yè)前沿動(dòng)態(tài)，本屆大會(huì)共設(shè)置有大約20個(gè)議題，其中包括：安全分析、應(yīng)用安全、云安全與虛擬化、密碼學(xué)、數(shù)據(jù)安全和隱私、管理風(fēng)險(xiǎn)合規(guī)、黑客和威脅、安全中的人為因素、移動(dòng)安全、政策和管理、安全策略、安全趨勢(shì)和創(chuàng)新、技術(shù)架構(gòu)等。

圍繞上述議題，RSA2014安全大會(huì)共有300余場(chǎng)演講或討論。

安全分析和取證(Analytics and Forensics)

[[108582]]

“安全分析和取證”議題，涵蓋相關(guān)調(diào)查分析技術(shù)的應(yīng)用，應(yīng)用這些收集、保存數(shù)據(jù)的技術(shù)，是為了發(fā)現(xiàn)安全攻擊或其他問題事件的來源，并發(fā)現(xiàn)和溝通未來防護(hù)的方式。

在RSA 2014大會(huì)上，圍繞“安全分析和取證”議題的演講共有15場(chǎng)，分別是：The Art of Attribution: Identifying and Pursuing your Cyber Adversaries(歸因的藝術(shù)：識(shí)別并追捕你的網(wǎng)絡(luò)敵人)、Computer Forensics and Incident Response in the Cloud(云中電腦取證和事件響應(yīng))、The Relevance of Government Cybersecurity Intelligence(政府網(wǎng)絡(luò)安全智能的關(guān)聯(lián))、Using Big Data to Protect Big Data (利用大數(shù)據(jù)保護(hù)大數(shù)據(jù))、'2nd-Wave' Advanced Threats: Preparing for Tomorrow's Sophisticated Attacks(第二波高級(jí)威脅：備戰(zhàn)未來的復(fù)雜攻擊)、Big Data's Potential in Helping to Secure the Internet of Things(大數(shù)據(jù)保護(hù)網(wǎng)絡(luò)信息的潛力)、Mobile Analysis Kung Fu, Santoku Style (移動(dòng)分析的功夫)、Targeted Security Analytics: You Know Where They are Going. Be Waiting(有目標(biāo)的安全分析：你知道他們?nèi)ツ膬海戎?、Using Automated Cyber Threat Exchange to Turn the Tide against DDOS(使用自動(dòng)網(wǎng)絡(luò)威脅交流扭轉(zhuǎn)DDoS趨勢(shì))、Security by and for the People! (安全為人人，人人為安全)、Hunting for OS X Rootkits in Memory (在內(nèi)存中尋找OS X Rootkits)、A Human Factor Interface for SIEM (SIEM的人性化界面)、Malware Under the Hood – Keeping your Intellectual Property Safe(被掩蓋的惡意軟件：確保知識(shí)產(chǎn)權(quán)的安全)、Collaboration across the Threat Intelligence Landscape(威脅智能合作)、Information Exchange on Targeted Incidents in Practice(有目標(biāo)攻擊事件中的信息交換)。#p#

應(yīng)用安全(Application Security)

[[108583]]

鑒于web和云計(jì)算應(yīng)用的增長(zhǎng)，“應(yīng)用安全”議題聚焦于以下話題：安全設(shè)計(jì)、發(fā)展、部署，以及套裝和定制化應(yīng)用程序的運(yùn)營(yíng)。該議題將涵蓋目前的最新威脅及其應(yīng)對(duì)措施。

在RSA 2014大會(huì)上，圍繞“應(yīng)用安全”議題的演講共有15場(chǎng)，分別是：Entropy, Random Numbers and Keys: What's Good Enough? (熵、隨機(jī)數(shù)字和密鑰：怎樣算夠好)、The NIST Randomness Beacon(NIST隨機(jī)性警示)、Succeeding with Enterprise Software Security Key Performance Indicators (成功進(jìn)行企業(yè)軟件安全密鑰性能指示)、Evaluating the Security of Purchased Software: Can We Find Common Ground?(評(píng)估商業(yè)軟件的安全性)、Scaling a Software Security Initiative: Lessons from the BSIMM (衡量軟件安全：從BSIMM得到的教訓(xùn))、New Foundations for Threat Modeling(威脅模式的新基礎(chǔ))、DevOps/Security Myths Debunked(被揭穿的DevOps/Security迷思) 、DHS Cybersecurity Future Technology : Where We Go From Here(DHS網(wǎng)絡(luò)安全未來技術(shù))、RESTing on Your Laurels Will Get You Pwned、The Game of Hide and Seek, Hidden Risks in Modern Software Development (躲貓貓游戲：現(xiàn)代軟件發(fā)展中隱藏的風(fēng)險(xiǎn))、How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell - (如何實(shí)現(xiàn)靈捷安全)、Follow the Money: Security Researchers, Disclosure, Confidence and Profit(跟錢走：安全研究者、信心和利益)、Software Liability?: The Worst Possible Idea (Except for all Others)(軟件責(zé)任?最糟的想法)、Writing Secure Software Is Hard, but at Least Add Mitigations!(寫安全的軟件不容易，但至少要緩解威脅)、Seven Habits of Highly Effective Security Products(高效安全產(chǎn)品的七個(gè)特點(diǎn))。#p#

云安全與虛擬化(Cloud Security & Virtualization)

[[108584]]

“云安全和虛擬化”議題包含：云中安全架構(gòu)、管理、風(fēng)險(xiǎn)、遷移事宜、身份管理和案例研究。該議題的內(nèi)容涉及：虛擬化部署模式、VM完整性、虛擬架構(gòu)的安全。

在RSA 2014大會(huì)期間，圍繞“云安全和虛擬化”議題，共有14場(chǎng)演講：Virtualization and Cloud: Orchestration, Automation and Security Gaps(虛擬化和云：配置、自動(dòng)化和安全鴻溝);Shifting Roles for Security in the Virtualized Data Center(虛擬化數(shù)據(jù)中心中的安全角色轉(zhuǎn)換);Cloud Computing in China: Opportunities, Challenges and Risks (云計(jì)算在中國(guó)：機(jī)會(huì)、挑戰(zhàn)和風(fēng)險(xiǎn));Survey of the Operating Landscape Investigating Incidents in the Cloud (對(duì)云中安全事件的調(diào)查);Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy (好籬笆帶來好鄰居：重新思考你的云戰(zhàn)略);Dueling Banjos - Cloud v Enterprise Security: Using Automation & DevOps NOW(云安全：使用自動(dòng)化和DevOps);Let Your Users Go Rogue(讓你的用戶胡鬧去吧);Is the Cloud Really More Secure Than On-Premise(云真的比On-Premise更安全嗎);Hijacking the Cloud: Systematic Risk in Datacenter Management Networks(劫持云：數(shù)據(jù)中心管理網(wǎng)絡(luò)中的系統(tǒng)風(fēng)險(xiǎn));Oh the PaaSabilities, Security in a Platform as a Service World ;Why AWS CloudHSM can Revolutionize AWS(AWS CloudHSM為何能變革AWS);Secure Cloud Development Resources with DevOps (用DevOps保護(hù)云發(fā)展資源);Applying Cryptography as a Service to Mobile Applications(將加密作為服務(wù)用到移動(dòng)應(yīng)用中);Cloud Application Security Assessment, Guerilla Style(云應(yīng)用安全評(píng)估是游擊戰(zhàn))。#p#

密碼學(xué)(Cryptography)

[[108585]]

密碼學(xué)是不斷變化的，這一聚焦于數(shù)學(xué)和計(jì)算機(jī)科學(xué)的學(xué)術(shù)論壇，將展示密碼科學(xué)的相關(guān)最新論文。

在RSA 2014大會(huì)召開期間，將舉辦一系列的密碼學(xué)術(shù)研討會(huì)，包括：Welcome & Non-Integral Asymmetric Functions(非整數(shù)非對(duì)稱函數(shù));Public-Key Encryption(公共密鑰加密);Hardware Implementations(硬件安裝);Side-Channel Attacks(邊信道攻擊);Symmetric Encryption & Cryptanalysis(對(duì)稱加密分析);Digital Signatures(電子簽名);Protocols(協(xié)議);The PRNG Debate(PRNG討論);Hash Function Cryptanalysis(哈希函數(shù)密碼分析);Applications of Cryptographic Primitives等。#p#

數(shù)據(jù)安全和隱私(Data Security & Privacy)

[[108586]]

“數(shù)據(jù)安全和隱私”議題涵蓋分類、追蹤和保護(hù)數(shù)據(jù)的策略和技術(shù)。該議題包括數(shù)據(jù)庫安全、數(shù)據(jù)分類、加密、DLP和敏感數(shù)據(jù)面臨的新威脅等。這個(gè)議題下的關(guān)鍵詞有：隱私問題、大數(shù)據(jù)趨勢(shì)、規(guī)則和策略。

在“數(shù)據(jù)安全和隱私”議題下，共有16場(chǎng)演講：The Top Privacy Issues to Watch(警惕重要的隱私問題);Implementing Privacy Compliant Hybrid Cloud Solutions(部署混合云中的隱私問題);Data Encryption for Virtualized Enterprise(虛擬化企業(yè)的數(shù)據(jù)加密);Mission Impossible?: Building and Defending Zero-Knowledge Privacy Services(構(gòu)建“零知識(shí)”隱私服務(wù)可能嗎);From Data to Wisdom: Big Lessons in Small Data (從數(shù)據(jù)到智慧：小數(shù)據(jù)中的大教訓(xùn));Let Go of the Status Quo: Build an Effective Information Protection Program(突破現(xiàn)狀：構(gòu)建有效的信息保護(hù)程序);Honeywords: A New Tool for Protection from Password Database Breach(Honeywords:防止密碼數(shù)據(jù)庫泄露的新工具);Castles in the Air: Data Protection in the Consumer Age(消費(fèi)時(shí)代的數(shù)據(jù)保護(hù)是空中樓閣);Third-Party Cyber Security & Data Loss Prevention(第三方網(wǎng)絡(luò)安全和DLP);Security vs. Privacy: Who is Winning?(安全vs.隱私：誰獲勝) ;The Boundary Between Privacy and Security: The NSA Prism Program(隱私和安全邊界：NSA棱鏡項(xiàng)目);Is Your Browser a User Agent, or a Double Agent?(你的瀏覽器安全嗎);Walking the Security & Privacy Talk(安全和隱私的對(duì)話); Moving from Compliance to Stewardship(從合規(guī)到管理);BYOD: An Interpretive Dance(詮釋BYOD) ;How to Discover if your Company's Files are on a Hacker's Shopping List(如何發(fā)現(xiàn)公司文件是否被攻擊者盯上)。#p#

管理風(fēng)險(xiǎn)合規(guī)(Governance, Risk & Compliance)

“管理/風(fēng)險(xiǎn)/合規(guī)”議題包括企業(yè)風(fēng)險(xiǎn)管理和合規(guī)。該議題包括：創(chuàng)建和部署風(fēng)險(xiǎn)管理架構(gòu)，風(fēng)險(xiǎn)量化和管理等。

在RSA2014大會(huì)期間，圍繞該議題的演講共有14場(chǎng)：Business Control & Velocity: Balance Security, Privacy, Ethics & Optimize Risk(商業(yè)控制和速度：平衡安全、隱私、倫理和優(yōu)化風(fēng)險(xiǎn));Trust Us: How to Sleep Soundly with Your Data in the Cloud(相信我們:如何讓云中數(shù)據(jù)高枕無憂);Achieving and Exceeding Compliance Through Open Source Solutions (通過開源解決方案實(shí)現(xiàn)合規(guī));Adventures in Insurance Land – Weaknesses in Risk Pricing and Alternatives (保險(xiǎn)領(lǐng)域中的冒險(xiǎn)：風(fēng)險(xiǎn)定價(jià)的不足);To Regulate or Not to Regulate Cyber Security: That Is the Question(控制還是不控制網(wǎng)絡(luò)風(fēng)險(xiǎn)，這是個(gè)問題);Your Product is Made WHERE? (你的產(chǎn)品在哪里造出);Information Security Policy for Users (Not Auditors)(為用戶而非審計(jì)者而定的信息安全策略);Buyer Beware: How to Be a Better Consumer of Security Maturity Models(如何成為成熟的安全模式購(gòu)買者);Measurement as a Key to Confidence: Providing Assurance (權(quán)衡是安全保險(xiǎn)的關(guān)鍵);Ending Risk Management Groundhog Day (終止風(fēng)險(xiǎn)管理中的“偷天情緣”);Reboot Your IT Threat Risk Assessment (TRA) Process in 20 Minutes(20分鐘重啟你的IT威脅風(fēng)險(xiǎn)評(píng)估);Technical Metrics Aren’t Enough: 10 Strategic Security Measures(光有技巧還不夠：10個(gè)安全評(píng)估策略);Visualize This! Meaningful Metrics for Managing Risk(為風(fēng)險(xiǎn)管理帶來有價(jià)值的評(píng)估);The Dichotomy of the System Administrator(系統(tǒng)管理員分身術(shù))。#p#

黑客和威脅(Hackers & Threats)

[[108587]]  

“黑客和威脅”議題主要討論黑客產(chǎn)業(yè)、高級(jí)威脅、新型漏洞、漏洞挖掘技巧、逆向工程，以及如何面對(duì)這些問題。該議題還包含了對(duì)最新威脅的討論。

在RSA2014大會(huì)上，圍繞“黑客和威脅”議題，共有20多場(chǎng)演講：The Dark Web and Silk Road(Dark Web和“絲綢之路”);One Year Later: Lessons and Unintended Consequences of the APT1 Report (1年后：APT1報(bào)告帶來的教訓(xùn)和結(jié)果);Effects-based Targeting for Critical Infrastructure (基于實(shí)效的關(guān)鍵基礎(chǔ)設(shè)施攻擊);A Deep Dive into the Security Threat Landscape of the Middle East(中東安全威脅深度研究);An Arms Race: Using Banking Trojan and Exploit Kit Tactics for Defense(攻防戰(zhàn)：以其人之道還治其人之身);Cybersecurity the Old Fashioned Way: Pass Known Good Content(基于已知內(nèi)容的網(wǎng)絡(luò)安全傳統(tǒng)攻擊);Learning Malware Languages: Fun with Dick and Jane’s Malware(學(xué)習(xí)惡意軟件語言);Cloud Ninja: Catch Me If You Can!(云忍者：有本事就來抓我呀);Whose IP Is It Anyway: Tales of IP Reputation Failures;How Microsoft, FS-ISAC & Agari Took Down the Citadel Cybercrime Ring (微軟、FS-ISAC和Agari如何對(duì)付網(wǎng)絡(luò)犯罪);Disrupting the Progression of a Cyber Attack(打亂網(wǎng)絡(luò)攻擊的步伐);Operation Olympic Games Is the Tom Clancy Spy Story that Changed Everything(奧林匹克運(yùn)動(dòng)會(huì)改變一切嗎);They Did What?!? – How Your End Users Are Putting You at Risk(他們干了什么?你的用戶怎么將你置于風(fēng)險(xiǎn)中了);A Hacker’s Perspective: How I Took Over Your City’s Power Grid(黑客：我是怎樣竊取城市能源的)。

在“高級(jí)威脅”議題下的演講還包括：Anti-Stealth Techniques: Heuristically Detecting x64 Bootkits(防竊技術(shù)：?jiǎn)l(fā)性地檢測(cè)x64 Bootkits);Hardware Trojans and Malicious Logic (硬件木馬和惡意邏輯);Security Response in the Age of Mass Customized Attacks(定制化攻擊時(shí)代的安全響應(yīng));From Disclosing Existing Vulnerabilities to Discovering New Vulnerabilities(從披露已知漏洞到發(fā)現(xiàn)新漏洞);Buy Candy, Lose Your Credit Card - Investigating PoS RAM Scraping Malware ;C U SRF with Cross USer Request Forgery (CSRF新形式：CUSRF);Pass-the-Hash: How Attackers Spread and How to Stop Them(越過哈希：攻擊者如何傳播并阻止它們);DLL Side-Loading: A Thorn in the Side of the Anti-Virus (AV) Industry(DLL Side-Loading：AV產(chǎn)業(yè)的痛);Too Critical to Fail: Cyber-Attacks on ERP, CRM, SCM and HR Systems(攻擊ERP、 CRM、SCM和HR系統(tǒng));Bitcoin Is Here: How to Become a Successful Bitcoin Thief!!!(如何成功竊取比特幣);Turning Medical Device Hacks into Tools for Defenders(將醫(yī)療設(shè)備攻擊轉(zhuǎn)變?yōu)榉烙ぞ?;Hacking iOS on the Run: Using Cycript(用Cycript攻擊iOS);Hunting Mac Malware with Memory Forensics (通過存儲(chǔ)分析來找到Mac惡意軟件);Now You See Me – Attacks with Web Server Binaries and Modules(對(duì)Web Server攻擊的討論);Eyes on IZON: Surveilling IP Camera Security (盯住IZON：監(jiān)控IP相機(jī)安全)。#p#

安全中的人為因素(Human Element)

[[108588]]

“安全中的人為因素”是安全界的前沿話題。該議題包含：內(nèi)部威脅、社交網(wǎng)絡(luò)/社會(huì)工程及安全意識(shí)。該論壇將論及人們的信任選擇、防護(hù)個(gè)人安全的創(chuàng)新方式、傳統(tǒng)攻擊中的人為因素等。

在RSA2014大會(huì)上，圍繞“安全中的人為因素”議題，共16場(chǎng)演講：Security Awareness Metrics - Measuring Change in Human Behavior (衡量安全意識(shí)：人類行為的變化);Gamifying Security Awareness(安全意識(shí)游戲化);The Sixth Man: How Cybersecurity Awareness Programs Strengthen Our Defense(網(wǎng)絡(luò)安全意識(shí)項(xiàng)目如何增強(qiáng)防御);Cognitive Injection: Reprogramming the Situation-Oriented Human OS(認(rèn)知注入：改寫狀態(tài)導(dǎo)向的人類“OS”);Securing Boomers, Gen Xers and Gen Yers: Omg We Are So Different!(保護(hù)各代人：天哪，我們?nèi)绱瞬煌?;Keeping Up with the Joneses: How Does Your Insider Threat Program Stack Up? (你的內(nèi)部威脅是怎么累積而成的);It’s Time to Offer Facebook Logon to Your Customers(是時(shí)候向用戶提供Facebook賬號(hào)了);Social Media Single Sign-On: Could You Be Sharing More than Your Password(社交媒體單點(diǎn)登錄：你的密碼信息還在被共享嗎);Helping People Walk the Narrow Path(助力簡(jiǎn)單生活);Changing User Behavior: The Science of Awareness (改變用戶行為：意識(shí)的科學(xué));Social Engineering: When the Phone is More Dangerous than Malware(社會(huì)工程：當(dāng)電話比惡意軟件更危險(xiǎn));How to Catch an Insider Data Thief (怎樣抓住竊取數(shù)據(jù)的內(nèi)鬼);Malicious Acrobatics on Social Media (社會(huì)媒體中的惡意伎倆);The Social Networking Battleground: Growth vs. Security(社交網(wǎng)絡(luò)戰(zhàn)場(chǎng)：增長(zhǎng)vs.安全);How to Make a Security Awareness Program FAIL! (是什么讓安全意識(shí)教育失敗);Top Attacks in Social Media (社交媒體中的主要攻擊)。#p#

移動(dòng)安全(Mobile Security)

“移動(dòng)安全”議題聚焦于BYOD管理、智能設(shè)備安全和IT消費(fèi)化趨勢(shì)下的策略、流程和技術(shù)。包括：移動(dòng)惡意軟件、應(yīng)用威脅、設(shè)備管理和移動(dòng)平臺(tái)新威脅。

在RSA2014大會(huì)上，圍繞“移動(dòng)安全”議題，將有14場(chǎng)演講：Finding Needles in a Needlestack with Graph Analytics and Predictive Models(利用圖表分析和預(yù)測(cè)模型找刺兒);Mobile Devices Security: Evolving Threat Profile of Mobile Networks(移動(dòng)設(shè)備安全：發(fā)展中的移動(dòng)網(wǎng)絡(luò)威脅);What Is the Future of Data Privacy and Security in Mobile? (移動(dòng)數(shù)據(jù)隱私和安全的未來);Assume a Hostile Environment: Securing Mobile Data in the App(假想敵對(duì)氛圍：在App中保護(hù)移動(dòng)數(shù)據(jù));Touchlogger on iOS and Android (iOS和 Android上的Touchlogger);Predatory Hacking of Mobile: Real Demos(移動(dòng)攻擊的真實(shí)演示) ;OTT, Virtual Carriers and the New Wave of Spam Threats in the 4G/LTE World(4G/LTE世界中的OTT、虛擬運(yùn)營(yíng)商和新一波垃圾郵件威脅);Android Security - Building a Secure Open Source Platform(安卓安全：構(gòu)建安全的開源平臺(tái));Practical Attacks against MDM Solutions (and What Can You Do About It)(如何應(yīng)對(duì)攻擊者越過MDM管理);Why Mobile Should Stop Worrying and Learn to Love the Root(別再為移動(dòng)擔(dān)心，學(xué)著去愛Root吧);Rogue Mobile Apps: Nuisance or Legit Threat? (來勢(shì)洶洶的移動(dòng)APP：麻煩還是威脅);Lessons Learned from Physical Tamper-Response Applied to Client Devices (從客戶設(shè)備Physical Tamper-Response學(xué)到的);Mobile Application Assessments by the Numbers: A Whole-istic View(由數(shù)字評(píng)估移動(dòng)應(yīng)用);Smartphone Privacy(智能電話隱私)。#p#

政策和政府(Policy & Government)

[[108589]]

網(wǎng)絡(luò)空間的安全屬于國(guó)家和經(jīng)濟(jì)安全事務(wù)。各國(guó)政府都在發(fā)展策略，這些策略影響著公共/私人安全專業(yè)人員的工作。在“政策和政府”議題下，包含的話題有：立法、軍事/法律、APT、主動(dòng)防御、關(guān)鍵基礎(chǔ)設(shè)施和政府角色等。

RSA2014大會(huì)上，圍繞“政策和政府”議題，有15場(chǎng)演講：Can Government Cybersecurity Policies Balance Security, Trade & Innovation?(政府網(wǎng)絡(luò)安全政策能實(shí)現(xiàn)安全、貿(mào)易和創(chuàng)新的平衡嗎);Facts vs. Fear: Foreign Technology Risks in Critical Industry Sectors(事實(shí)vs.恐懼：關(guān)鍵工業(yè)領(lǐng)域的境外技術(shù)風(fēng)險(xiǎn));Updating the Law on Government Access to Your Online Data(為線上數(shù)據(jù)更新政府權(quán)限規(guī)范);Securing Our Nation's Data Centers Against Advanced Adversaries (保護(hù)國(guó)家數(shù)據(jù)中心免受高級(jí)敵人破壞);An Overview of the EO Cybersecurity Framework(EO網(wǎng)絡(luò)安全架構(gòu)概覽);Meet the PCLOB: An Introduction to the Independent US Privacy and Civil Liberties Oversight Board(隱私和自由：PCLOB是如何運(yùn)作的);Riding the Tiger – Harnessing the Power of Industry in Cyber Security(馭虎之道：借用網(wǎng)絡(luò)安全產(chǎn)業(yè)之力);Watching the Watchers: Privacy Officers Inside the U.S. Government(監(jiān)督監(jiān)督者：美國(guó)政府中的隱私官);Cyber Legislation: National Security & Corporate Responsibility Collide(網(wǎng)絡(luò)空間立法：國(guó)家安全和公司責(zé)任沖突);Government x 2: State and Federal Collaboration on Cybersecurity(政府x2：網(wǎng)絡(luò)安全中的政府部門合作);Cyber Battlefield: The Future of Conflict(網(wǎng)絡(luò)戰(zhàn)場(chǎng)：對(duì)抗的未來);View from the Inside: DHS Priorities in Cybersecurity(網(wǎng)絡(luò)安全中的DHS優(yōu)先權(quán));Leading Cybersecurity: Technically Sexy, Programmatically Dowdy(領(lǐng)導(dǎo)網(wǎng)絡(luò)安全：技術(shù)上豐滿，程序上骨感);Risk and Responsibility in a Hyper-Connected World(超級(jí)聯(lián)通世界里的風(fēng)險(xiǎn)和責(zé)任);Effects of Recent Federal Policies on Security and Resiliency Landscapes(最新安全政策效果)。#p#

安全策略(Security Strategy)

[[108590]]

“安全策略”議題包含：企業(yè)安全架構(gòu)中的策略、計(jì)劃和新領(lǐng)域，實(shí)施成功的安全項(xiàng)目中的管理問題。該議題將涉及構(gòu)建安全項(xiàng)目所需的架構(gòu)和工具等。

RSA2014大會(huì)上，圍繞“安全策略”議題的演講共有16場(chǎng)：Response Plan Fitness: Exercise, Exercise, Exercise!(什么是好的計(jì)劃：實(shí)踐、實(shí)踐、實(shí)踐!);Security PR 101(安全PR101) ;Anatomy of a Data Breach: What You Say (or Don’t Say) Can Hurt You (解析數(shù)據(jù)泄露：說不說什么都可能受傷);Inflection: Security's Next 10 Years (改變：安全的下一個(gè)10年);Implementing a Quantitative Risk-Based Approach to Cyber Security(部署可量化的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)管理);Security of Large Complex Technical Systems(大型復(fù)雜技術(shù)系統(tǒng)的安全);10 Dimensions of Security Performance for Agility & Rapid Learning(10度安全法提升靈捷安全);The Steps Zurich Took to Build an “Effective” Information Security Program(Zurich保險(xiǎn)集團(tuán)是怎樣構(gòu)建有效信息安全項(xiàng)目的);How Joshua DoSed Jericho: Cybersecrets of the Bible(圣經(jīng)智慧的安全啟示);Criticality Analysis & Supply Chain: Providing "Representational Assurance"(關(guān)鍵要素分析和供應(yīng)鏈);Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome(別悄悄的：去搞定令人驚奇的策略和隊(duì)友吧);Mutiny on the Bounty: The Epic Tale of How Data Defeated Dogma(數(shù)據(jù)戰(zhàn)勝教條的故事);Where Do We Go from Here, Now That Our Internet Is Gone?(互聯(lián)網(wǎng)消失，我們將走向何方);Eight Conflicts Which Changed Cyberspace (改變網(wǎng)絡(luò)空間的8種沖突);A CISO's Perspective: Protecting with Enhanced Visibility and Response(CISO視角：通過提升可見性和響應(yīng)能力實(shí)現(xiàn)保護(hù));The Role of a Cyber Mercenary (網(wǎng)絡(luò)Mercenary的角色)。#p#

技術(shù)架構(gòu)(Technology Infrastructure)

“技術(shù)架構(gòu)”議題涉及：安全技術(shù)架構(gòu)、策略等，包含：新技術(shù)趨勢(shì)、網(wǎng)絡(luò)/端點(diǎn)安全、企業(yè)權(quán)限管理、漏洞評(píng)估、IDS/IPS和物理/嵌入設(shè)備安全。

圍繞“技術(shù)架構(gòu)”議題，共有16場(chǎng)演講：Ensuring Your 3rd Party Vendors and Partners are Secure(確保第三方供應(yīng)商和合作伙伴安全);Building a Bunker for Business Assets and Processes(構(gòu)建企業(yè)資產(chǎn)和流程的安全堡壘);Are Mobile Devices the Answer to the Strong Authentication Problem?(移動(dòng)設(shè)備是強(qiáng)身份認(rèn)證的解決之道嗎);New Ideas on CAA, CT, and Public Key Pinning for a Safer Internet(CAA、CT和公共密鑰安全新思路);The Future of Authentication: Different Approaches to the Same Goal(身份認(rèn)證的未來：殊途同歸);A Penetration Testing Maturity and Scoring Model (漏洞測(cè)試評(píng)估模式);Smart Grid Security: A Look to the Future (智能電網(wǎng)安全的未來);Beyond Information Warfare: The History of the Future of Security(超越信息戰(zhàn)爭(zhēng)：安全未來的歷史);Tinker Bell SSL: Avoiding the Neverland Security Infrastructure(防止SSL成為擺設(shè));Is the Security Industry Ready for SSL Decryption? (安全行業(yè)準(zhǔn)備好SSL解密了嗎);Make Way for the Internet of Things(為未來網(wǎng)絡(luò)做好準(zhǔn)備);SDN & Security: Why Take Over the Hosts When You Can Take Over the Network(SDN和安全);Babel Revisited: Lessons from an IPv6 Transition (IPv6過渡中的教訓(xùn));Utilities and Cybersecurity - Myth and Reality (公共設(shè)施和網(wǎng)絡(luò)安全：迷思和現(xiàn)實(shí));Building and Extending Solutions with Hardware Trust(通過硬件信任構(gòu)建安全解決方案);Malware Defense Integration and Automation (惡意軟件防御集成及自動(dòng)化)。