RSA 2014安全大會將于2月24日-28日在舊金山舉辦。圍繞威脅最新趨勢和安全產業(yè)前沿動態(tài)，本屆大會共設置有大約20個議題，其中包括：安全分析、應用安全、云安全與虛擬化、密碼學、數據安全和隱私、管理風險合規(guī)、黑客和威脅、安全中的人為因素、移動安全、政策和管理、安全策略、安全趨勢和創(chuàng)新、技術架構等。

圍繞上述議題，RSA2014安全大會共有300余場演講或討論。

安全分析和取證(Analytics and Forensics)

[[108582]]

“安全分析和取證”議題，涵蓋相關調查分析技術的應用，應用這些收集、保存數據的技術，是為了發(fā)現安全攻擊或其他問題事件的來源，并發(fā)現和溝通未來防護的方式。

在RSA 2014大會上，圍繞“安全分析和取證”議題的演講共有15場，分別是：The Art of Attribution: Identifying and Pursuing your Cyber Adversaries(歸因的藝術：識別并追捕你的網絡敵人)、Computer Forensics and Incident Response in the Cloud(云中電腦取證和事件響應)、The Relevance of Government Cybersecurity Intelligence(政府網絡安全智能的關聯(lián))、Using Big Data to Protect Big Data (利用大數據保護大數據)、'2nd-Wave' Advanced Threats: Preparing for Tomorrow's Sophisticated Attacks(第二波高級威脅：備戰(zhàn)未來的復雜攻擊)、Big Data's Potential in Helping to Secure the Internet of Things(大數據保護網絡信息的潛力)、Mobile Analysis Kung Fu, Santoku Style (移動分析的功夫)、Targeted Security Analytics: You Know Where They are Going. Be Waiting(有目標的安全分析：你知道他們去哪兒，等著吧)、Using Automated Cyber Threat Exchange to Turn the Tide against DDOS(使用自動網絡威脅交流扭轉DDoS趨勢)、Security by and for the People! (安全為人人，人人為安全)、Hunting for OS X Rootkits in Memory (在內存中尋找OS X Rootkits)、A Human Factor Interface for SIEM (SIEM的人性化界面)、Malware Under the Hood – Keeping your Intellectual Property Safe(被掩蓋的惡意軟件：確保知識產權的安全)、Collaboration across the Threat Intelligence Landscape(威脅智能合作)、Information Exchange on Targeted Incidents in Practice(有目標攻擊事件中的信息交換)。#p#

應用安全(Application Security)

[[108583]]

鑒于web和云計算應用的增長，“應用安全”議題聚焦于以下話題：安全設計、發(fā)展、部署，以及套裝和定制化應用程序的運營。該議題將涵蓋目前的最新威脅及其應對措施。

在RSA 2014大會上，圍繞“應用安全”議題的演講共有15場，分別是：Entropy, Random Numbers and Keys: What's Good Enough? (熵、隨機數字和密鑰：怎樣算夠好)、The NIST Randomness Beacon(NIST隨機性警示)、Succeeding with Enterprise Software Security Key Performance Indicators (成功進行企業(yè)軟件安全密鑰性能指示)、Evaluating the Security of Purchased Software: Can We Find Common Ground?(評估商業(yè)軟件的安全性)、Scaling a Software Security Initiative: Lessons from the BSIMM (衡量軟件安全：從BSIMM得到的教訓)、New Foundations for Threat Modeling(威脅模式的新基礎)、DevOps/Security Myths Debunked(被揭穿的DevOps/Security迷思) 、DHS Cybersecurity Future Technology : Where We Go From Here(DHS網絡安全未來技術)、RESTing on Your Laurels Will Get You Pwned、The Game of Hide and Seek, Hidden Risks in Modern Software Development (躲貓貓游戲：現代軟件發(fā)展中隱藏的風險)、How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell - (如何實現靈捷安全)、Follow the Money: Security Researchers, Disclosure, Confidence and Profit(跟錢走：安全研究者、信心和利益)、Software Liability?: The Worst Possible Idea (Except for all Others)(軟件責任?最糟的想法)、Writing Secure Software Is Hard, but at Least Add Mitigations!(寫安全的軟件不容易，但至少要緩解威脅)、Seven Habits of Highly Effective Security Products(高效安全產品的七個特點)。#p#

云安全與虛擬化(Cloud Security & Virtualization)

[[108584]]

“云安全和虛擬化”議題包含：云中安全架構、管理、風險、遷移事宜、身份管理和案例研究。該議題的內容涉及：虛擬化部署模式、VM完整性、虛擬架構的安全。

在RSA 2014大會期間，圍繞“云安全和虛擬化”議題，共有14場演講：Virtualization and Cloud: Orchestration, Automation and Security Gaps(虛擬化和云：配置、自動化和安全鴻溝);Shifting Roles for Security in the Virtualized Data Center(虛擬化數據中心中的安全角色轉換);Cloud Computing in China: Opportunities, Challenges and Risks (云計算在中國：機會、挑戰(zhàn)和風險);Survey of the Operating Landscape Investigating Incidents in the Cloud (對云中安全事件的調查);Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy (好籬笆帶來好鄰居：重新思考你的云戰(zhàn)略);Dueling Banjos - Cloud v Enterprise Security: Using Automation & DevOps NOW(云安全：使用自動化和DevOps);Let Your Users Go Rogue(讓你的用戶胡鬧去吧);Is the Cloud Really More Secure Than On-Premise(云真的比On-Premise更安全嗎);Hijacking the Cloud: Systematic Risk in Datacenter Management Networks(劫持云：數據中心管理網絡中的系統(tǒng)風險);Oh the PaaSabilities, Security in a Platform as a Service World ;Why AWS CloudHSM can Revolutionize AWS(AWS CloudHSM為何能變革AWS);Secure Cloud Development Resources with DevOps (用DevOps保護云發(fā)展資源);Applying Cryptography as a Service to Mobile Applications(將加密作為服務用到移動應用中);Cloud Application Security Assessment, Guerilla Style(云應用安全評估是游擊戰(zhàn))。#p#

密碼學(Cryptography)

[[108585]]

密碼學是不斷變化的，這一聚焦于數學和計算機科學的學術論壇，將展示密碼科學的相關最新論文。

在RSA 2014大會召開期間，將舉辦一系列的密碼學術研討會，包括：Welcome & Non-Integral Asymmetric Functions(非整數非對稱函數);Public-Key Encryption(公共密鑰加密);Hardware Implementations(硬件安裝);Side-Channel Attacks(邊信道攻擊);Symmetric Encryption & Cryptanalysis(對稱加密分析);Digital Signatures(電子簽名);Protocols(協(xié)議);The PRNG Debate(PRNG討論);Hash Function Cryptanalysis(哈希函數密碼分析);Applications of Cryptographic Primitives等。#p#

數據安全和隱私(Data Security & Privacy)

[[108586]]

“數據安全和隱私”議題涵蓋分類、追蹤和保護數據的策略和技術。該議題包括數據庫安全、數據分類、加密、DLP和敏感數據面臨的新威脅等。這個議題下的關鍵詞有：隱私問題、大數據趨勢、規(guī)則和策略。

在“數據安全和隱私”議題下，共有16場演講：The Top Privacy Issues to Watch(警惕重要的隱私問題);Implementing Privacy Compliant Hybrid Cloud Solutions(部署混合云中的隱私問題);Data Encryption for Virtualized Enterprise(虛擬化企業(yè)的數據加密);Mission Impossible?: Building and Defending Zero-Knowledge Privacy Services(構建“零知識”隱私服務可能嗎);From Data to Wisdom: Big Lessons in Small Data (從數據到智慧：小數據中的大教訓);Let Go of the Status Quo: Build an Effective Information Protection Program(突破現狀：構建有效的信息保護程序);Honeywords: A New Tool for Protection from Password Database Breach(Honeywords:防止密碼數據庫泄露的新工具);Castles in the Air: Data Protection in the Consumer Age(消費時代的數據保護是空中樓閣);Third-Party Cyber Security & Data Loss Prevention(第三方網絡安全和DLP);Security vs. Privacy: Who is Winning?(安全vs.隱私：誰獲勝) ;The Boundary Between Privacy and Security: The NSA Prism Program(隱私和安全邊界：NSA棱鏡項目);Is Your Browser a User Agent, or a Double Agent?(你的瀏覽器安全嗎);Walking the Security & Privacy Talk(安全和隱私的對話); Moving from Compliance to Stewardship(從合規(guī)到管理);BYOD: An Interpretive Dance(詮釋BYOD) ;How to Discover if your Company's Files are on a Hacker's Shopping List(如何發(fā)現公司文件是否被攻擊者盯上)。#p#

管理風險合規(guī)(Governance, Risk & Compliance)

“管理/風險/合規(guī)”議題包括企業(yè)風險管理和合規(guī)。該議題包括：創(chuàng)建和部署風險管理架構，風險量化和管理等。

在RSA2014大會期間，圍繞該議題的演講共有14場：Business Control & Velocity: Balance Security, Privacy, Ethics & Optimize Risk(商業(yè)控制和速度：平衡安全、隱私、倫理和優(yōu)化風險);Trust Us: How to Sleep Soundly with Your Data in the Cloud(相信我們:如何讓云中數據高枕無憂);Achieving and Exceeding Compliance Through Open Source Solutions (通過開源解決方案實現合規(guī));Adventures in Insurance Land – Weaknesses in Risk Pricing and Alternatives (保險領域中的冒險：風險定價的不足);To Regulate or Not to Regulate Cyber Security: That Is the Question(控制還是不控制網絡風險，這是個問題);Your Product is Made WHERE? (你的產品在哪里造出);Information Security Policy for Users (Not Auditors)(為用戶而非審計者而定的信息安全策略);Buyer Beware: How to Be a Better Consumer of Security Maturity Models(如何成為成熟的安全模式購買者);Measurement as a Key to Confidence: Providing Assurance (權衡是安全保險的關鍵);Ending Risk Management Groundhog Day (終止風險管理中的“偷天情緣”);Reboot Your IT Threat Risk Assessment (TRA) Process in 20 Minutes(20分鐘重啟你的IT威脅風險評估);Technical Metrics Aren’t Enough: 10 Strategic Security Measures(光有技巧還不夠：10個安全評估策略);Visualize This! Meaningful Metrics for Managing Risk(為風險管理帶來有價值的評估);The Dichotomy of the System Administrator(系統(tǒng)管理員分身術)。#p#

黑客和威脅(Hackers & Threats)

[[108587]]  

“黑客和威脅”議題主要討論黑客產業(yè)、高級威脅、新型漏洞、漏洞挖掘技巧、逆向工程，以及如何面對這些問題。該議題還包含了對最新威脅的討論。

在RSA2014大會上，圍繞“黑客和威脅”議題，共有20多場演講：The Dark Web and Silk Road(Dark Web和“絲綢之路”);One Year Later: Lessons and Unintended Consequences of the APT1 Report (1年后：APT1報告帶來的教訓和結果);Effects-based Targeting for Critical Infrastructure (基于實效的關鍵基礎設施攻擊);A Deep Dive into the Security Threat Landscape of the Middle East(中東安全威脅深度研究);An Arms Race: Using Banking Trojan and Exploit Kit Tactics for Defense(攻防戰(zhàn)：以其人之道還治其人之身);Cybersecurity the Old Fashioned Way: Pass Known Good Content(基于已知內容的網絡安全傳統(tǒng)攻擊);Learning Malware Languages: Fun with Dick and Jane’s Malware(學習惡意軟件語言);Cloud Ninja: Catch Me If You Can!(云忍者：有本事就來抓我呀);Whose IP Is It Anyway: Tales of IP Reputation Failures;How Microsoft, FS-ISAC & Agari Took Down the Citadel Cybercrime Ring (微軟、FS-ISAC和Agari如何對付網絡犯罪);Disrupting the Progression of a Cyber Attack(打亂網絡攻擊的步伐);Operation Olympic Games Is the Tom Clancy Spy Story that Changed Everything(奧林匹克運動會改變一切嗎);They Did What?!? – How Your End Users Are Putting You at Risk(他們干了什么?你的用戶怎么將你置于風險中了);A Hacker’s Perspective: How I Took Over Your City’s Power Grid(黑客：我是怎樣竊取城市能源的)。

在“高級威脅”議題下的演講還包括：Anti-Stealth Techniques: Heuristically Detecting x64 Bootkits(防竊技術：啟發(fā)性地檢測x64 Bootkits);Hardware Trojans and Malicious Logic (硬件木馬和惡意邏輯);Security Response in the Age of Mass Customized Attacks(定制化攻擊時代的安全響應);From Disclosing Existing Vulnerabilities to Discovering New Vulnerabilities(從披露已知漏洞到發(fā)現新漏洞);Buy Candy, Lose Your Credit Card - Investigating PoS RAM Scraping Malware ;C U SRF with Cross USer Request Forgery (CSRF新形式：CUSRF);Pass-the-Hash: How Attackers Spread and How to Stop Them(越過哈希：攻擊者如何傳播并阻止它們);DLL Side-Loading: A Thorn in the Side of the Anti-Virus (AV) Industry(DLL Side-Loading：AV產業(yè)的痛);Too Critical to Fail: Cyber-Attacks on ERP, CRM, SCM and HR Systems(攻擊ERP、 CRM、SCM和HR系統(tǒng));Bitcoin Is Here: How to Become a Successful Bitcoin Thief!!!(如何成功竊取比特幣);Turning Medical Device Hacks into Tools for Defenders(將醫(yī)療設備攻擊轉變?yōu)榉烙ぞ?;Hacking iOS on the Run: Using Cycript(用Cycript攻擊iOS);Hunting Mac Malware with Memory Forensics (通過存儲分析來找到Mac惡意軟件);Now You See Me – Attacks with Web Server Binaries and Modules(對Web Server攻擊的討論);Eyes on IZON: Surveilling IP Camera Security (盯住IZON：監(jiān)控IP相機安全)。#p#

安全中的人為因素(Human Element)

[[108588]]

“安全中的人為因素”是安全界的前沿話題。該議題包含：內部威脅、社交網絡/社會工程及安全意識。該論壇將論及人們的信任選擇、防護個人安全的創(chuàng)新方式、傳統(tǒng)攻擊中的人為因素等。

在RSA2014大會上，圍繞“安全中的人為因素”議題，共16場演講：Security Awareness Metrics - Measuring Change in Human Behavior (衡量安全意識：人類行為的變化);Gamifying Security Awareness(安全意識游戲化);The Sixth Man: How Cybersecurity Awareness Programs Strengthen Our Defense(網絡安全意識項目如何增強防御);Cognitive Injection: Reprogramming the Situation-Oriented Human OS(認知注入：改寫狀態(tài)導向的人類“OS”);Securing Boomers, Gen Xers and Gen Yers: Omg We Are So Different!(保護各代人：天哪，我們如此不同);Keeping Up with the Joneses: How Does Your Insider Threat Program Stack Up? (你的內部威脅是怎么累積而成的);It’s Time to Offer Facebook Logon to Your Customers(是時候向用戶提供Facebook賬號了);Social Media Single Sign-On: Could You Be Sharing More than Your Password(社交媒體單點登錄：你的密碼信息還在被共享嗎);Helping People Walk the Narrow Path(助力簡單生活);Changing User Behavior: The Science of Awareness (改變用戶行為：意識的科學);Social Engineering: When the Phone is More Dangerous than Malware(社會工程：當電話比惡意軟件更危險);How to Catch an Insider Data Thief (怎樣抓住竊取數據的內鬼);Malicious Acrobatics on Social Media (社會媒體中的惡意伎倆);The Social Networking Battleground: Growth vs. Security(社交網絡戰(zhàn)場：增長vs.安全);How to Make a Security Awareness Program FAIL! (是什么讓安全意識教育失敗);Top Attacks in Social Media (社交媒體中的主要攻擊)。#p#

移動安全(Mobile Security)

“移動安全”議題聚焦于BYOD管理、智能設備安全和IT消費化趨勢下的策略、流程和技術。包括：移動惡意軟件、應用威脅、設備管理和移動平臺新威脅。

在RSA2014大會上，圍繞“移動安全”議題，將有14場演講：Finding Needles in a Needlestack with Graph Analytics and Predictive Models(利用圖表分析和預測模型找刺兒);Mobile Devices Security: Evolving Threat Profile of Mobile Networks(移動設備安全：發(fā)展中的移動網絡威脅);What Is the Future of Data Privacy and Security in Mobile? (移動數據隱私和安全的未來);Assume a Hostile Environment: Securing Mobile Data in the App(假想敵對氛圍：在App中保護移動數據);Touchlogger on iOS and Android (iOS和 Android上的Touchlogger);Predatory Hacking of Mobile: Real Demos(移動攻擊的真實演示) ;OTT, Virtual Carriers and the New Wave of Spam Threats in the 4G/LTE World(4G/LTE世界中的OTT、虛擬運營商和新一波垃圾郵件威脅);Android Security - Building a Secure Open Source Platform(安卓安全：構建安全的開源平臺);Practical Attacks against MDM Solutions (and What Can You Do About It)(如何應對攻擊者越過MDM管理);Why Mobile Should Stop Worrying and Learn to Love the Root(別再為移動擔心，學著去愛Root吧);Rogue Mobile Apps: Nuisance or Legit Threat? (來勢洶洶的移動APP：麻煩還是威脅);Lessons Learned from Physical Tamper-Response Applied to Client Devices (從客戶設備Physical Tamper-Response學到的);Mobile Application Assessments by the Numbers: A Whole-istic View(由數字評估移動應用);Smartphone Privacy(智能電話隱私)。#p#

政策和政府(Policy & Government)

[[108589]]

網絡空間的安全屬于國家和經濟安全事務。各國政府都在發(fā)展策略，這些策略影響著公共/私人安全專業(yè)人員的工作。在“政策和政府”議題下，包含的話題有：立法、軍事/法律、APT、主動防御、關鍵基礎設施和政府角色等。

RSA2014大會上，圍繞“政策和政府”議題，有15場演講：Can Government Cybersecurity Policies Balance Security, Trade & Innovation?(政府網絡安全政策能實現安全、貿易和創(chuàng)新的平衡嗎);Facts vs. Fear: Foreign Technology Risks in Critical Industry Sectors(事實vs.恐懼：關鍵工業(yè)領域的境外技術風險);Updating the Law on Government Access to Your Online Data(為線上數據更新政府權限規(guī)范);Securing Our Nation's Data Centers Against Advanced Adversaries (保護國家數據中心免受高級敵人破壞);An Overview of the EO Cybersecurity Framework(EO網絡安全架構概覽);Meet the PCLOB: An Introduction to the Independent US Privacy and Civil Liberties Oversight Board(隱私和自由：PCLOB是如何運作的);Riding the Tiger – Harnessing the Power of Industry in Cyber Security(馭虎之道：借用網絡安全產業(yè)之力);Watching the Watchers: Privacy Officers Inside the U.S. Government(監(jiān)督監(jiān)督者：美國政府中的隱私官);Cyber Legislation: National Security & Corporate Responsibility Collide(網絡空間立法：國家安全和公司責任沖突);Government x 2: State and Federal Collaboration on Cybersecurity(政府x2：網絡安全中的政府部門合作);Cyber Battlefield: The Future of Conflict(網絡戰(zhàn)場：對抗的未來);View from the Inside: DHS Priorities in Cybersecurity(網絡安全中的DHS優(yōu)先權);Leading Cybersecurity: Technically Sexy, Programmatically Dowdy(領導網絡安全：技術上豐滿，程序上骨感);Risk and Responsibility in a Hyper-Connected World(超級聯(lián)通世界里的風險和責任);Effects of Recent Federal Policies on Security and Resiliency Landscapes(最新安全政策效果)。#p#

安全策略(Security Strategy)

[[108590]]

“安全策略”議題包含：企業(yè)安全架構中的策略、計劃和新領域，實施成功的安全項目中的管理問題。該議題將涉及構建安全項目所需的架構和工具等。

RSA2014大會上，圍繞“安全策略”議題的演講共有16場：Response Plan Fitness: Exercise, Exercise, Exercise!(什么是好的計劃：實踐、實踐、實踐!);Security PR 101(安全PR101) ;Anatomy of a Data Breach: What You Say (or Don’t Say) Can Hurt You (解析數據泄露：說不說什么都可能受傷);Inflection: Security's Next 10 Years (改變：安全的下一個10年);Implementing a Quantitative Risk-Based Approach to Cyber Security(部署可量化的網絡安全風險管理);Security of Large Complex Technical Systems(大型復雜技術系統(tǒng)的安全);10 Dimensions of Security Performance for Agility & Rapid Learning(10度安全法提升靈捷安全);The Steps Zurich Took to Build an “Effective” Information Security Program(Zurich保險集團是怎樣構建有效信息安全項目的);How Joshua DoSed Jericho: Cybersecrets of the Bible(圣經智慧的安全啟示);Criticality Analysis & Supply Chain: Providing "Representational Assurance"(關鍵要素分析和供應鏈);Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome(別悄悄的：去搞定令人驚奇的策略和隊友吧);Mutiny on the Bounty: The Epic Tale of How Data Defeated Dogma(數據戰(zhàn)勝教條的故事);Where Do We Go from Here, Now That Our Internet Is Gone?(互聯(lián)網消失，我們將走向何方);Eight Conflicts Which Changed Cyberspace (改變網絡空間的8種沖突);A CISO's Perspective: Protecting with Enhanced Visibility and Response(CISO視角：通過提升可見性和響應能力實現保護);The Role of a Cyber Mercenary (網絡Mercenary的角色)。#p#

技術架構(Technology Infrastructure)

“技術架構”議題涉及：安全技術架構、策略等，包含：新技術趨勢、網絡/端點安全、企業(yè)權限管理、漏洞評估、IDS/IPS和物理/嵌入設備安全。

圍繞“技術架構”議題，共有16場演講：Ensuring Your 3rd Party Vendors and Partners are Secure(確保第三方供應商和合作伙伴安全);Building a Bunker for Business Assets and Processes(構建企業(yè)資產和流程的安全堡壘);Are Mobile Devices the Answer to the Strong Authentication Problem?(移動設備是強身份認證的解決之道嗎);New Ideas on CAA, CT, and Public Key Pinning for a Safer Internet(CAA、CT和公共密鑰安全新思路);The Future of Authentication: Different Approaches to the Same Goal(身份認證的未來：殊途同歸);A Penetration Testing Maturity and Scoring Model (漏洞測試評估模式);Smart Grid Security: A Look to the Future (智能電網安全的未來);Beyond Information Warfare: The History of the Future of Security(超越信息戰(zhàn)爭：安全未來的歷史);Tinker Bell SSL: Avoiding the Neverland Security Infrastructure(防止SSL成為擺設);Is the Security Industry Ready for SSL Decryption? (安全行業(yè)準備好SSL解密了嗎);Make Way for the Internet of Things(為未來網絡做好準備);SDN & Security: Why Take Over the Hosts When You Can Take Over the Network(SDN和安全);Babel Revisited: Lessons from an IPv6 Transition (IPv6過渡中的教訓);Utilities and Cybersecurity - Myth and Reality (公共設施和網絡安全：迷思和現實);Building and Extending Solutions with Hardware Trust(通過硬件信任構建安全解決方案);Malware Defense Integration and Automation (惡意軟件防御集成及自動化)。