Black Hat USA 2003

Note: if the class is overfilled, then you will be wait-listed. You will be contacted should this occur.


Black Hat USA Training 2003
Caesars Palace, Las Vegas, NV, July 28-29, 2003

All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered for each student.

Course Length: 1 day

Cost: US $2000 before July 3, 2003 or US $2200 after July 3, 2003
NOTE: this is a one day course. A Certificate of Completion will be offered.


course description
One Day Course
Tuesday, July 29

Information Security in Mergers & Acquisitions

Chris Conacher
What to bring:
Just yourself!


The Mergers & Acquisitions (M&A) process has vast implications for Information Security. The potential for disruption of otherwise sound security measures is something that is well known to attackers. The general confusion and strains upon resources inherent in such an undertaking provide new opportunities for social engineering, for the failure of standard controls, the integration of unsecured and unsanitized hardware and software and the creation of numerous, well informed, disgruntled employees. Business pressures for the acquisition to succeed or to keep various parties happy often means that integration moves faster than controls can be put in place to manage the risks. All of these factors provide numerous attack opportunities that would not normally exist in either organization and the horrifying reality is that few of the people involved in making the critical business decisions appear to understand the implications of these opportunities.

In any acquisition the aim is to obtain certain assets for a certain value. It must, therefore, make sense to want to protect those assets and their value. Most people involved in the acquisition process would understand the need to transfer the existing insurance cover so that buildings are covered in case a disgruntled employee decides to burn them down. In today's business world the introduction of "soft" assets as the major component of so many companies' value makes this a far more complex process. This is shown by the fact that far fewer people would know how to protect against a disgruntled employee deleting, copying or modifying key information assets, or how to determine the existence of backdoors in the target company's systems that will allow the same disgruntled employee free access whenever he or she wants.

This course aims to highlight all of the questions that need to be asked before, during and after the acquisition and to provide an approach that will help you obtain the answers and act accordingly. It is designed to help Executive and Senior management involved in making the critical business decisions appreciate the factors that exist in terms of Information Security risk and risk management in the Mergers & Acquisitions process.

What you will learn:
Students will gain an understanding of:

  • The critical Information Security risks within the Mergers & Acquisitions (M&A) process
  • How these risks relate to your organization and your target organization
  • The potential impact in terms of competitiveness, financial loss and legal liability and protection 
  • The need for Information Security in managing those risks
  • How the risk changes as you move through the different stages of the M&A process
  • Key actions that should be taken to address those changes
  • The impact your business decisions can have on Information Security
  • The additional value that Information Security can add to the decision making process

Students will also cover many general topics in support of the core information including:

  • The role of Information Security within the business
  • General Information Security methodologies
  • How risk is determined and the identification of assets, threats and vulnerabilities as the elements of risk
  • The development of countermeasures to manage identifiable risk

Who Should Attend?
This course is primarily intended for Executive and Senior Management involved in the strategic decision making process for mergers, acquisitions and new business initiatives, but will also prove useful for anyone with an interest in Information Security risk, its management and its strategic business impact.

Course Length: 1 day

Cost: US $2000 before July 3, 2003 or US $2200 after July 3, 2003
NOTE: this is a one day course. A Certificate of Completion will be offered.



Chris Conacher has over 6 years experience in formal Information Security roles. This time has been spent with the Fortune 500 companies BAE Systems (formerly British Aerospace and Marconi Space Systems), BAE Systems Airbus and Intel Corporation. He has also worked for the Information Risk Management consultancy practice of 'Big 5' firm KPMG LLP where he specialized in 'High-Tech' companies. Chris' time in Information Security has seen him working in England, France, Germany, Greece, Russia and the USA. His specialties include the development, deployment and review of corporate information security programs; the secure integration of Mergers & Acquisitions; data protection in disaster recovery planning; and information security business impact analysis. Chris has a strong understanding of the strategic business impact of information security and works to align information security to complement corporate operating models. He is also an experienced trainer, project manager and has held numerous speaking engagements to internal and external clients and professional groups.

Black Hat Logo
(c) 1996-2007 Black Hat