IMPORTANT: Remember to RSVP and pay at http://www.issala.org/event-registration/?ee=8
Terry Gold - Physical Access for IT Professionals: What you don’t know could already be hurting you
Securing access to buildings, internal access points and assets is typically handled by a corporate security group outside of IT and assumed to be secure. However, the process for evaluating technology that is implemented at the door is typically very different than how IT selects vendors and the criteria for doing so is often far more relaxed. The result is that many of the access points that are required to be secure — such as data centers, executive offices, R&D labs, dispensaries and even the front door — are more times than not fairly simple to subvert - and look like an authorized user while doing so.
IT Executives and InfoSec professionals are too often unaware of the weaknesses left by their physical security colleagues. Even the auditors who have signed off in various compliance areas (such as PCI, for example) are unaware. Gaining physical entry, going undetected, and taking physical possession is far simpler than most assume and metrics for proper assessment are seldom assessed jointly with the stakeholders that depend on them.
This session will discuss how physical security access control generally operates, from system infrastructure to credentialing and authentication. It will focus on understanding the general technology, its most-glaring flaws and how it can be repeatedly subverted across a corporate facility. By going through a demonstration, discussing best practices for remediation, and an opportunity for Q&A, the talk will equip the audience to understand the risks in their environment and take action to address the security gaps that have long been ignored. Additionally, the talk will provide an overview of advanced credentialing concepts that flow into IT such as secure elements chips, cryptographic keys and contactless approaches that can be leveraged to meet IT and Physical Access future requirements.
Terry Gold is an independent security analyst specializing in identity, authentication and access control covering both physical and IT security. His firm was founded on the principal of vendor neutrality while helping corporate organizations to become more secure, aware, and in control of their security strategy in these areas since there were few sources of reliable, independent, and in-depth research in these areas.
Mr. Gold has built a worldwide reputation as a specialist, and has assisted some of the largest and most branded companies in the world with exploring, drafting and implementing smart strategies for physical access, IT Security and convergence leveraging smart cards, RFID and PKI. Most recently, he was Vice President of Cloud Identity for idOnDemand where he established their leadership in the SaaS market. Prior, he was with ActivIdentity, a leader in the credential management infrastructure space, and several other companies such as Bioscrypt, Novell, and SilverStream where he specialized in biometric authentication, Identity Management, and Enterprise Application Integration respectively.