Federal Bureau of Investigation


Image of the seal of the US Department of Justice - click it to go to the  main US DOJ website

US Attorney's
Office - PA / Eastern


Managed and Produced by:

The Hollis 
Group, Inc.

  Conference Postponed:

This conference has been postponed. 
Watch this space for further details.

To be alerted when further information 
is available, let us know

  With Faculty From:

Acculogix, Inc.

Amgen, B.V.

The AC Group, Inc.

Bionix Development Corp.

Blank Rome, LLP

Cybernet Security, LLC

The Federal Bureau of Investigation (FBI)

The Hollis Group, Inc.

Hovione, S.A.

IPR International, LLC


MedAire, Inc.

Micron Technologies, Inc.

PDA International

Quest Diagnostics

Seraph, Inc.

US Army Headquarters

US Attorney's Office

University of Pennsylvania Health System

Vormetric, Inc.

WMD Consulting, LLC

  Program Overview:

2004 Information Infrastructure Assurance for Life Sciences and Healthcare is a two-day program where executives in governance and senior advisory positions from regulated entities will participate in a comprehensive risk management exercise to assess their due diligence responsibilities. Attendees will work with respected and expert practitioners, honing their skills in risk management oversight and liability reduction. The practical case studies will focus on the information infrastructure of clinical research, the challenging interface between Healthcare and Life Sciences. Sessions will confront the accuracy, privacy, and availability requirements of regulators and the expectations of public opinion.

  Who Should Attend:

The Conference is targeted to senior staff in Life Sciences and Healthcare organizations who are accountable for protecting the confidentiality, integrity, and availability of patient and product information, and responsible for keeping the information accessible and useful.

  • CEOs, COOs, CFOs, CIOs, CISOs, CPOs, and Senior Staff

  • CMOs, VPs of R&D, IRB Members, Site & Corporate Auditors

  • Data Center Managers, Network / Security Engineers

  • Technical Staff and Oversight Committee Members

  • Chief, Corporate, and Outside Counsel

  • Industry Media, Consultants, Security Contractors

  • Law Enforcement, Regulatory Agencies, DHS

Problem Statement

Do you know how this equation affects corporate governance?

Senior officers and administrators of pharmaceutical, biotech, clinical, and hospital organizations appreciate the very high value of the medical records and information that their facilities and personnel maintain and provide to local communities and to the nation as a whole. They also face dual Information Infrastructure threats: One is the threat of accidental or unauthorized disclosure of sensitive, confidential, and personal medical information or proprietary product information. The other is deliberate attack, logically or physically, against the information infrastructure to disrupt, destroy, or disclose the same information.

These threats run along physical and logical vectors and include:

  • Unauthorized casual browsing of confidential information

  • Computer security breaches and denial-of-service attacks

  • Physical threats to personnel and data during corporate travel

  • Workplace white-collar crime and workplace violence

  • WMD (Chem / Bio / Rad) attacks and scares against facilities

Compounding these dual threat vectors is the difficulty in complying with a plurality of regulations and guidances from a large cohort of local, state, federal, and international agencies. Most of these agencies have lately adopted a policy of “risk-based” enforcement, which translates to a requirement for regulated organizations to analyze their own operations and apply information assurance mechanisms according to a rational, documented, and rigorously enforced plan.

Unfortunately, in Life Sciences and Healthcare the techniques of threat / risk assessment / remediation is far less developed than in more “hard” industries, such as Aerospace, Defense, and Telecommunications. Translation of assessment techniques to Life Sciences and Healthcare is a current, critical need.

Program Plan:

2004 Information Infrastructure Assurance for Life Sciences and Healthcare provides a detailed, end-to-end exercise in risk management planning that:

  • Presents at an executive-level to persons in corporate governance positions

  • Covers the entire risk management process from “What if?” to “We’re done.”

  • Focuses on the interface between Healthcare and Life Sciences

  • Uses a current information infrastructure as the target for the exercise

  • Provides information from articulate, pragmatic experts in their fields

The planning exercise itself includes presentations and panel discussions of models for physical and logical threat vectors directed against the information infrastructure supporting integrated clinical research and healthcare facilities, systems, and personnel.

  • Estimations of the probability of these threats being realized as actual attacks

  • Assessments of the scope of the exploit’s (i.e., a successful attack) impact

  • Calculations of the net risk associated with these threat / scope pairs

  • Prevention and remediation techniques that are affordable and available today

  • Acceptability of proposed plans under current laws and regulations

The Conference Faculty will focus on pragmatic, workable techniques that apply to the “touch points” at the interface between clinical research organizations and Healthcare providers. It is at this interface that many of the information infrastructure systems are most stressed, where regulatory agencies conduct their closest scrutiny, and where the groundbreaking work in information assurance is happening.

The Conference Agenda addresses Information Infrastructure Assurance with several Plenary Sessions and three Specialty Session Tracks:

  1. Information Infrastructure Threat Enumeration, Evaluation, and Remediation 

  2. Information Infrastructure Assurance Risk and Resource Management

  3. Legal and Regulatory Requirements for Information Infrastructure Continuity

Executive-level, Pre-Conference Tutorials, focusing on methods and standards, technology background, and regulatory awareness are available to bring interested people rapidly up the technology and regulatory learning curves.



Register   Schedule   Faculty   Sessions   Tutorials

Conference Contact: 610.296.9110              


Business Directory