As when it first began as the ARPAnet, the Internet's killer-app is still email. Nearly everyone has and uses it, and businesses depend on it. Because of it's ubiquity and ease of use, it is also the most popular and successful threat vector for network and computer attacks from viruses, worms, spam, and protocol attacks, in addition to run-of-the-mill network eavesdropping. The good news is that techniques for taming email as "threat" while still permitting email as "tool" exist and the tools, if used correctly, keep getting better. Email Security Day is all about presenting the best methods and mechanisms to keep our email flowing and useful. It will also give you an opportunity to hear from and speak to some of the leading solution providers in this space.
Secure Email Day is a mixture of lecture, expert-lead group discussion, and a vendor panel.
A basic understanding of email and cryptography terms
- Introduction and Problem definition
- Why email is insecure
- Why it should be
- Challenges we face
- Overview of solutions
Almost everything we talk about today will build on this and how it this is applied to email. This will be enough to bring the crypto-beginner up to speed without boring the crypto-knowledgeable.
- Authentication, non-repudiation, integrity, and confidentiality
- Keys both public and secret; and terms
- Email Security Solutions
- Commercial and "home-grown."
- What have you tried, what worked, what didn't, and why (Group discussion)
- Public Key Infrastructures (PKI) and Email
PKI should be an enabler, and for some it is. For others it has been a stumbling block. Jon Callas, CTO of PGP Corporation will discuss the pluses and minuses and present "Improving Message Security With a Self-Assembling PKI."
- Spam Control, Part 1: Methods, mechanisms, services, and solutions.
- Spam Control, Part 2: What have you tried, what worked, what didn't, and why. (Group discussion)
- Grill the Experts
Will secure email ever be ubiquitous? How do we sell the concept into our organizations? What are the hurdles to use and deployment, and when will we surmount them? This panel will answer these questions and more.
- Protecting and ensuring the integrity of information is not just a good idea. For some of us, it's the law.
As I mentioned earlier, I am leading Secure Email Day at N+I in Las Vegas on Monday, May 2, 2005. Here is how the day looks: