Stream A (Tuesday 25th)	NEW APPROACHES TO TRACING CYBER ATTACKS: Profiling Techniques and Trace-Back Research	COSAC reveals new techniques for determining the response to attacks on networks. The discussion will begin by applying the medical community concept of critical pathing and will then debate the first stage of research showing that it is possible, theoretically at least, to trace an attack over the Internet to its source regardless of the attacker's efforts at obfuscation based, at least in part, upon the behaviour of the Internet itself instead of wholly upon the behaviour of the attack packets or appearance in logs.
Stream B (Tuesday 25th)	A STING IN THE LEGAL TALE: The Hidden Challenges in Incident Management & Contract Law	COSAC presents an interactive and holistic Incident Management workshop and using a series of new legal case histories debates how the law of online contracts regulates virtually everything that we do online. In this stream you will roll play discovery, reporting and investigation, and embark on a vigorous debate on the effect of clickwrap contracts upon our organisations.
Stream C (Tuesday 26th)	ISO27001: Putting the Theory into Practice	COSAC provides a guide to avoiding the trap of creating an overly bureaucratic, cumbersome Information Security Management System that is time-consuming and costly to maintain. The theory of the certification process will be explained - what to expect, how to deal with the auditor and how long it takes. The theory is followed by the practice: a leading edge culture changing federal agency case study.
Stream D (Tuesday 25th)	MAYHEM, MYTHS AND MALWARE: A Guide to the Latest Technology Threats and Countermeasures	COSAC examines a cross-section of technology-related threats and issues and debates what to do to protect our valuable resources. Have rootkits moved to the forefront of malware-related threats? Is this year's buzzword technology, NAC, really self-defeating? And how do we deal with unhelpful ISPs, host providers, international law enforcement and IT "bad guys" when trying to bring down cloned sites?
Stream E (Tuesday 25th)	MEASURES AND METRICS MANIA: Getting Business Value from Measuring Security and Risk	COSAC throws new light onto the perpetual challenges in Security Measurement. If you can't measure it, how can you prove that it's working? This highly interactive stream debates what to measure, how to quantify it, and how to report progress to management. How do we determine what is the right amount of security and risk? And how do we resolve the fact that the people who are in the best position to make decisions about prioritizing security activities are the ones least likely to understand those decisions?
Stream F (Tuesday 25th)	STRATEGY, PLANNING & GOVERNANCE: A Framework, an End-Goal and a Prioritised Plan	COSAC addresses the real challenges of creating a pragmatic security strategy. After setting the scene by demonstrating the value of a strategic framework, this stream embarks on an innovative roll-play to determine the real end-goal for strategy and attempts to establish a 'rolling benchmark' of the things which are exercising the COSAC audience from the minefield of changes in legal and regulatory developments, social and political environment, business and market trends, and technological advances and innovations.
Stream G (Wednesday 26th)	IDENTITY & MOBILE IDENTITY STRATEGY: Proposals for Real-World Resolution	COSAC delivers an interactive workshop to remove the roadblocks to building an effective Identity and Access Management strategy and then proposes a framework to gracefully support both older and newer mobile devices with varying capabilities to provide appropriate identity assertion levels to the target application, allowing it to automatically adjust the capabilities it offers to mobile users.
Stream H (Wednesday 26th)	MANAGEMENT MODELS & CONVERGENCE TRENDS: Securing the Future Enterprise	COSAC critically evaluates the globalised level playing field in service provision and management and asks how security will work in an environment in which services are delivered from the other side of the world. The stream goes on to debate the trend for convergence to a broader organisational approach to security and risk management.
Stream I (Wednesday 26th)	THE COSTS & BENEFITS OF CONTROL: Gaining A Business & Budget Perspective	COSAC investigates the anomaly in our approach to applications: secure coding practices are common nowadays and widely followed but have we lost sight of the risk environment in which our valuable and sensitive information is processed? Do we have application development teams busily deploying code that might undermine the most rigorous risk management programme? And, if we insist on proper applications testing, how do we deal with the subtle intricacies surrounding the use of live data in test environments?
Stream J (Wednesday 26th)	WATCHING YOU, WATCHING ME: The Latest Developments in Spyware & Forensics	COSAC provides an in-depth examination of both ends of the spectrum: analysis of the spyware watching us and our ability to trace events on newer sources of information such as cellphones. This stream presents the industry's most current research on the evolution of spyware and exposes infection vectors to a level of statistical data rarely seen. The second session examines the features of cellphones that provide rich sources of forensic information including the SIM card, the internal memory and expansion SD cards.
Stream K (Wednesday 26th)	INNOVATION IN MOTIVATIONAL AWARENESS: Marketing A Memorable Message	COSAC delivers the means to influence the behaviour and perception of our target audiences. The most effective security awareness training happens through totally engaging the audience and we will share ideas for making it fun and relevant to change the security culture. Analysing techniques used by marketing experts, we will discuss real examples of marketing ideas and provide a CD of valuable resources that can be customized to use at your company.
Stream L (Wednesday 26th)	PENETRATION TESTING & INCIDENT RESPONSE: The Good, The Bad & The Ugly	COSAC asks important questions about how we can get a meaningful industry standard Penetration Testing accreditation scheme that customers can understand. Opinions will be canvassed to explore publication of the resultant approach in an open letter to the industry. This stream will also share the experience of creating Ireland's CERT and apply the lessons to anyone establishing their own Incident Response Team at a departmental, company, sector or national level.