AGENDA

The second annual iNSIGHT 2008 is the premier System i security and compliance conference dedicated solely to tackling today’s security and compliance issues. Hosted by PowerTech, iNSIGHT 2008 will deliver over 20 in-depth sessions that will drill down deep into real-world solutions to give you serious, practical information that you can put to use right away. INSIGHT 2008 provides the perfect forum for education, peer networking, and collaborative problem solving.

Conference-at-a-Glance

At iNSIGHT 2008, System i professionals and top security and compliance experts will come together for an intense learning experience. Whether you're new to System i security and compliance, or a seasoned veteran, these sessions will get you up to speed fast or quickly fill-in your knowledge gaps.

The State of System i Security 2008
John Earl - PowerTech
John Earl, PowerTech CTO will deliver the iNSIGHT 2008 keynote address and unveil PowerTech’s 2008 “State of System i Security” study. Be among the first to discover the findings of this industry respected study and learn what steps your organization can take to address these all-too-common security exposures.

The Sorry History of Data Breaches
Rich Mogull – Securosis
It is an alarming statistic, but since 2003, over 150 million individuals have had their private data comprised through Data Security Breaches. Find out how to protect your private data. Examine the valuable lessons learned from high profile cases like TJ Maxx and CardSystems Solutions that you can apply to your environment.

What's New in V6R1 Security  
Jeff Uehling - IBM
This presentation will cover the wide range of security enhancements added by IBM in the V6R1 operating system release.  These enhancements include the ability to encrypt data on media and on disk, new intrusion detection and prevention enhancements along with a number of additional system integrity and audit & compliance related changes that are available for all customers.

The Data Security Lifecycle
Rich Mogull – Securosis
Rich Mogull has broken security controls out based on the lifecycle stage of the data. From creation to destruction, the Data Security Lifecycle shows which controls you should apply, and at which phase. This no-nonsense session offers practical guidance and provides vital direction for data security technology projects.

Best Practices for i5/OS Security    
Jeff Uehling –IBM
Discover the best practices necessary to secure your system. In this presentation you’ll learn why you need to run at security level 50, and examine examples of exposures that exist at the lower security levels. Also how to detect & prevent programs that could compromise security on your system and the necessary system value settings and security recommendations when developing applications, and more. This is definitely a must-attend session for System Administrators and System Security Officers.

Simplify Regulatory Compliance with PowerTech Compliance Monitor
PowerTech
Compliance with government and industry regulation is a fact of doing business, but unfortunately the time and the costs can rob your organization of the expertise of its most valuable technicians.  Learn how to effectively use PowerTech Compliance Monitor to significantly reduce the cost and simplify Compliance reporting, so you can free up your time for more appropriate projects.

Common Sense Security Auditing
Dan Riehl  - PowerTech
Dan Riehl’s paper that demystifies the process of auditing a System i is one of PowerTech’s most popular publications. In this session, PowerTech expert, Dan Riehl, reviews and equips you with best practices for auditing and monitoring the security health of your System i.

What’s New in Compliance Monitor
PowerTech
The latest release of PowerTech Compliance Monitor includes several groundbreaking features that radically streamline auditing and compliance reporting. This is your opportunity to experience the following features, hands-on:

• A new QAUDJRN reporting capability that lets you consolidate journal entries across systems – making it easier to track a single user’s actions
• The new Policy Editor that lets you customize policy to meet your requirements
• How to customize ScoreCards for your environment
• A new Data Compression feature that lets you store weeks of security history in a fraction of the space

Controlling Privileged Users with PowerTech Authority Broker - Basic Concepts
PowerTech
Too many people with too much access to critical data – that’s one of the most common security lapses uncovered that AS/400 shops get cited for in audits. External and internal auditors are demanding that companies do a better job of managing and monitoring powerful users, and enforcing separation of duties.  A PowerTech expert will show you how implementing Authority Broker will save you time and help you enforce segregation of duties.

Incorporating Authority Broker into your Workflow – Advanced Concepts
PowerTech
Recent releases of Authority Broker have added new functionality that allows you to customize the use of the product to your environment. Do you need to change library lists, add extra approval steps to the swap process, update accounting codes or interface with another software package?  Authority Broker 3.1 gives you the tools to accomplish almost anything using custom exit programs and PowerTech provided sample code.  PowerTech experts will show you how to incorporate Authority Broker into everyday usage – and maximize results.

Hardening Your i5/OS Security
John Earl - PowerTech
IBM does a great job of providing us with a secure operating system, but there are some things that you have to tighten up yourself.  In this session you’ll learn about the strengths and weaknesses of i5/OS, and what you can do to harden the operating system.

PowerTech Network Security 101 – Configuring Basic Rules and Reporting
PowerTech
Learn how to set basic rules, configure server rules to reduce the number of audit entries created, and configure exception reports that will notify you of problems as they occur.  Other concepts detailed in this session include:

• Setting Rules and Checking Results
• Summary Reporting
• Using Swap Profiles
• Messaging and Alerting

PowerTech Network Security 201
This session delves into the PowerTech Network Security advanced functionalities – the bells and whistles of Network Security, so to speak. Advanced functionalities include:

• How to Increase your Security with Memorized Transactions
• Adding Custom Exit Programs
• Final Lock-Down Methods
• Central Administration for Multiple Systems

Security Information Management – PowerTech Interact
PowerTech
Many organizations conduct intense monitoring of all their critical servers, except for their System i’s!  In this session we’ll show you the ins and outs of using PowerTech Interact to integrate security event management into your enterprise Security Information Management Console.  You can teach your System i to forward real-time security alerts to industry leading Security Information Consoles such as those from ArcSight, OpenService, Tri-geo and ISS.  Don’t have an Enterprise Security Information Management Console?  We’ll show you how to use open source and shareware products to get the process jumpstarted in your organization.

Eliminate Passwords - SSO and PowerTech Easy Pass
PowerTech
In recent years, two trends have converged to bring the management of user accounts and passwords to the forefront; executives pushing for IT cost reduction, and regulations (SOX, HIPAA, etc.) which emphasize the need to secure IT resources.  Learn how organizations have implemented Single Sign-On to reduce the costs and risk of managing multiple passwords. See examples of how PowerTech Easy Pass can be used to simplify the set up and configuration of a single sign-on between Windows and the System i.

Keep private data private - PowerTech Encryption
PowerTech
Preserving and ensuring the confidentiality of sensitive corporate and customer information is a requirement for the majority of businesses today.  If you store a customer’s social security number, you must be able to protect that information using secure encryption practices.  If you accept VISA and/or Mastercard, you must be able to adhere to strict Payment Card Industry (PCI) encryption guidelines.  This session will provide practical tips and you’ll learn the best practices for securing and backing up sensitive data including:

• How to discover the sensitive data on your systems
• How to scope the size of an encryption project
• The best ways to encrypt DB2 database fields
• Best practices for Encryption Key Management
• How to fit Power Tech Encryption into your current applications

Customer Case Studies
iNSIGHT 2008 will also feature PowerTech customers sharing their own experiences and success stories implementing PowerTech products. Want to share your own PowerTech product(s) success story in Las Vegas, and receive a free pass to iNSIGHT 2008? Submit your proposal for a security related presentation and if selected, you’ll receive a complimentary all-access conference pass, in appreciation of your efforts. Your presentation can be on any topic related to i5/OS security, and should be geared towards an audience of System i professionals.

Can’t eliminate Passwords? – You’ve got to control them with PowerTech Password Control
As with any other computer systems, the OS/400 sign-on process is susceptible to a dictionary attack where hackers try to break in by repeatedly trying passwords from known word lists. PowerTech Password Control prevents users on your system from setting weak passwords.  Learn how to enforce and report upon password policies to ensure compliance with corporate password guidelines. This session will also provide an in-depth review of the i5/OS system values that control passwords, including the new system values that will be introduced in V6R1.

An introduction to security frameworks – COBIT and ISO17799
PowerTech
It’s generally accepted that controls also need to be established over information technology.  Most large audit firms have looked to COBIT, a generally applicable and accepted standard for good Information Technology (IT) security and control practices which is promoted by ISACA (Information Systems Audit and Control Association). ISO 17799, an internationally recognized information security standard, has also found more widespread use in the United States in recent years. Many companies use the ISO standard alone to define their security policy, or they use it to provide more detailed guidance on the security specific issues outlined by COBIT. This session will examine these standards and regulations and provide a clear and concise introduction to these frameworks - this is a must-attend session for anyone facing compliance issues.

Future Direction of PowerTech Solutions
Join Brendan Patterson, PowerTech VP of Product Management and Marketing with Jack McAfee, PowerTech VP of Development for their perspective about the future direction of PowerTech products, the company’s objectives and goals for 2008 and beyond, and the anticipated new service and product offerings.

Customer Care Central
Drop by Customer Care Central and learn how you can best maximize your investment in PowerTech products. If you have an open support case, or general support question, this is a great time to talk face-to-face with the PowerTech Support Team.

At Customer Care Central you can also:

• Roll up your sleeves and gain valuable hands-on experience with the latest PowerTech products
• Discuss product features one-on-one with an experienced PowerTech Services Engineer. Tap into their expertise and learn their best practices, tips, tricks, and innovative solutions to help make your job easier
• Don’t forget to ask about all the new PowerTech service offerings

*Many product training sessions will provide an opportunity for hands-on product usage. For those attendees that wish to participate, PowerTech will provide a connection to an AS/400 system running our security software; however we request that each attendee bring a laptop with a network interface card. You will also need a TN5250 client, like iSeries Access or sharewareTN5250 client from Mocha Soft.

*All sessions and content subject to change.