Content: Virtualization technologies have been aggressively adopted based on the promise of better utilization, increased efficiency, reduced cost and improved infrastructure agility. Organizations taking advantage of the benefits of virtualization will also have to demonstrate efforts to ensure these environments are fully integrated within a broader compliance program. Enterprises currently struggle with complex compliance requirements that include the impact of local data protection, global industry mandates as well as regulatory requirements. In addition, many organizations must navigate the complexities associated with internal polices and agreements with business partners and customers. Because of this, it is critical to have a complete view into how virtualization impacts an organizations’ compliance program.

The Seminar will cover the following topics.

• Virtualization Overview
• Server, Application & Storage Virtualization
• Virtual Data Center
• The Cloud
• Principles Driving Virtualization’s Impact on Security, Compliance and Risk
• Virtualization Security, Compliance and Risk Modeling Directions
• Virtualization Management Infrastructure


Objective: Attendees should have some regulatory compliance experience, an understanding of security policy configuration guidance (CIS, SANS, NIST, CERT, etc.), and some exposure to virtualization. Attendees at this seminar will:

• Develop an understanding of the various forms of virtualization
• Gain insight into how the various virtualization layers interact in both data center and public cloud scenarios
• Be introduced to security features in each technology
• Survey current virtualization vulnerabilities and misconfigurations in each technology
• Review authoritative security configuration guidance in each technology
• Survey emerging directions in addressing security, compliance and risk in virtualization infrastructures

This program is presented in Group-Live format and is an Intermediate - Program Level, Computer Science - Category program requiring Basic Audit knowledge and no advanced preparation. Recommended CPE credit is 8.0 hour.

Select the "Register Now!" button to register for this program.
Registration for this session can be completed on the Chapter's website at http://www.isacantx.org.

Lunch, morning, and afternoon snacks will be provided.

Dennis Moreau, Senior Technologist, EMC2

Dennis was a Founder and the Chief Technology Officer for Configuresoft, Dennis Moreau specializes in the application of leading edge technologies to the solution of complex problems in the Information Technology management domain. His primary focus is in developing enterprise scale solutions to improve IT efficiency and effectiveness for systems management, security compliance and configuration optimization. He works actively with the National Institute of Standards and Technology (NIST) and MITRE on the development of security configuration policy compliance standards, serving on MITRE's OVAL Advisory Board. Dr. Moreau holds a Doctorate in Computer Science and speaks regularly at IT management and security conferences worldwide.
Recent Speaking Engagements:

• “Security and Compliance in Virtualized Environments”, SecureWorld 2009 Dallas, Dallas, TX, November5, 2009
• “PCI: Ensuring Compliance with Regulations”, SecureWorld 2009 Dallas, Dallas, TX, November4, 2009
• “Issues in Virtualization Security”, University of Louisiana CACS, Computing Summit 2009, Lafayette, LA, October 30, 2009
• “Closed Loop Security Management and Operations for Virtual Infrastructure”, Virtualization Security Summit, CSI 2009, National Harbor, MD, October 27, 2009
• “Security Standards for SaaS and Cloud Service Providers”, RSA Europe 2009, London, UK, October 20 - 22, 2009
• “Attacking and Defending Virtualization Infrastructure”, RSA Europe 2009, London, UK, October 20 - 22, 2009
• “Compliance Assessment in Deeply Virtualized Data Centers”, CISCON 2009, Helena, MT, September 15, 2009
• “Continuous Improvement in Security Processes”, CISCON 2009, Helena, MT, September 14, 2009
• “Virtualization security Threat Panel”, CISCON 2009, Helena, MT, September 14, 2009
• “Virtualization Security Directions”, SANS What Works in Virtualization and Cloud Computing Security Summit 2009, Washington, DC, August 17 - 21, 2009
• "Best Practices for VM Deployment" with Gene Kim, SANS Virtualization Security Summit 2009, Washington, DC, August 17, 2009
• “Utility Computing and Security Information Standards: SCAP Directions”, NIST, Gaithersburg, MD, June, 2009.
• “Security Posture, Risk and Behavioral Coupling in Cloud, Grid and Virtualized Infrastructure,” NIST, Gaithersburg, MD, June, 2009
• “Security, Compliance and Trust in Clouds”, Computing Sciences Corporation, CTO Cloud Computing Advisory Council, May 27, 2009

ISACA – North Texas Chapter is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417. Web site: www.nasba.org

We have registered with the Texas State Board of Public Accountancy as a CPE sponsor. This registration does not constitute an endorsement by the Board as to the quality of our CPE programs.

For information regarding refund, complaint, and program cancellation policies, please visit our website at:
www.isacantx.org/index.cfm/Programs_and_Seminars