32 Security and Compliance Sessions Now Live in the re:Invent 2016 Session Catalog
September 9, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details.
AWS re:Invent 2016 begins November 28, and now, the live session catalog includes 32 security and compliance sessions. 19 of these sessions are in the Security & Compliance track and 13 are in the re:Source Mini Con for Security Services. All 32se titles and abstracts are included below.
As in past years, the sessions in the Security & Compliance track will take place in The Venetian | Palazzo in Las Vegas. Here’s what you have to look forward to!
SAC201 – Lessons from a Chief Security Officer: Achieving Continuous Compliance in Elastic Environments
SAC305 – Auditing a Cloud Environment in 2016: What Tools Can Internal and External Auditors Leverage to Maintain Compliance?
SAC309 – You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Validation from Adobe
SAC311 – Evolving an Enterprise-level Compliance Framework with Amazon CloudWatch Events and AWS Lambda
SAC315 – Scaling Security Operations: Using AWS Services to Automate Governance of Security Controls and Remediate Violations
SAC401 – 5 Security Automation Improvements You Can Make by Using Amazon CloudWatch Events and AWS Config Rules
The re:Source Mini Con for Security Services offers you an opportunity to dive even deeper into security and compliance topics. Think of it as a one-day, fully immersive mini-conference. The Mini Con will take place in The Mirage in Las Vegas.
SEC302 – WORKSHOP: Working with AWS Identity and Access Management (IAM) Policies and Configuring Network Security Using VPCs and Security Groups
- How to scale your security and compliance infrastructure to keep up with a rapidly expanding threat base.
- The security implications of scaling for numbers of users and numbers of applications, and how to satisfy both needs.
- How agile development with integrated security testing and validation leads to a secure environment.
- Best practices and design patterns of a continuous delivery pipeline and the appropriate security-focused testing for each.
- The necessity of treating your security as code, just as you would do with infrastructure.
SEC307 – Microservices, Macro Security Needs: How Nike Uses a Multi-Layer, End-to-End Security Approach to Protect Microservice-Based Solutions at Scale
SEC309 – Proactive Security Testing in AWS: From Early Implementation to Deployment Security Testing
- How does a policy change affect the overall permissions for a user, group, or role?
- Who has access to perform powerful actions?
- Which services can this role access?
- Can a user access a specific Amazon S3 bucket?
- Using constraint solving to show that VPCs have desired safety properties, and maintaining this continuously at each change to the VPC.
- Using automatic mechanical theorem provers to prove that s2n’s HMAC is correct and maintaining this continuously at each change to the s2n source code.
- Using semiautomatic mechanical theorem provers to prove desired safety properties of Sassy protocol.