CISO Summit | November 6-8, 2016 | Hotel Palomar Phoenix - Phoenix, AZ, USA

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Sunday, November 6, 2016 - CISO Summit

3:00 pm - 4:30 pm

Registration & Greeting

 

4:30 pm - 6:00 pm

Exclusive CXO Keynote

Top 10 Competencies of the Modern IT Executive

Communication,” “business acumen,” and “relationship building” are all familiar entries on every “Top IT Leadership Skills” list ever written. While these attributes continue to be important in our current climate of risk, innovation and IT opportunity, they are just a drop in the bucket. In an era where technology belongs to everyone, the technology executive must have so much more. In this newly updated presentation, Martha Heller, an IT executive recruiter and author of The CIO Paradox and Be the Business: CIOs in the New Era of IT (fall 2016) presents a list of new skills critical to any IT leader working today. Drawing on personal interviews with more than 400 successful CIOs, Heller, a master storyteller, offers case studies, anecdotes, advice and impressions to arm attendees with the skills they need to bring their companies into the future.

Presented by:

View detailsMartha Heller, President , Heller Search AssociatesHeller Search Associates

 

6:00 pm - 7:00 pm

Networking Cocktail Reception

 

7:00 pm - 8:30 pm

Networking Dinner

 

8:30 pm - 10:00 pm

After Dinner Networking

 

Monday, November 7, 2016 - CISO Summit

7:00 am - 7:55 am

Registration and Networking Breakfast

 

8:00 am - 8:10 am

Welcome Address and Opening Remarks

 

8:10 am - 8:50 am

Share:

Keynote Presentation

Security’s Place in Enterprise Risk Management

While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.

Takeaways:

  • Just because information security is an aspect of enterprise risk doesn’t mean that the CISO needs to take a back seat position
  • Enterprise risk is defined by the business but needs to be quantified by an expert; CISOs bring risk quantification expertise to the table
  • The end goal is not about fiefdoms and ownership, it is about improving enterprise value and success; maintaining focus is essential
 

8:55 am - 9:35 am

Share:

Keynote Presentation

TBD

Sponsored by:

IBM View details

 
 
 

9:45 am - 10:15 am

Executive Exchange

 

Think Tank

Defending The Dual Threat to Carriers of Mobile Security

As mobile devices continue to proliferate, security becomes a bigger and more serious issue. While initial security threats were contained to data loss through lost and stolen devices, the leveraging of targeted cyber security threats has created a dual problem for carriers. The first is the PR nightmare of increasing public perception that mobile security breaches of all types are a carrier and not end user issue. The second is the threat that hundreds of millions of powerful connected devices represent to backbone carrier networks themselves. In this environment mobile providers must make investments in security technologies that protect the network from directed threats (from both known and unknown connections) and extend that protection bubble out to subscribers.

Takeaways:

  • A recent study shows that subscribers are more than twice as likely to feel that mobile security is a carrier issues than a personal issue
  • As in-circulation handsets are increasingly becoming smart phones instead of feature phones telcos are effectively hosting hundreds of millions of threat vectors to their networks on their networks
  • Astute IT leaders will realize that these dual problems can and must be dealt with by a single security solution

Presented by:

Vaughn Hazen, CISO, Freeport-McMoRan View details

 
 

Think Tank

Addressing Cyber Security in the Retail Sector

The 2014 Verizon Data Breach Investigations Report was released recently and declares 2013 the “year of the retailer breach”, unsurprising given the attacks on Target, Michaels, Neiman-Marcus and other retailers. For the second year in a row the report shows retailers to be one of the most heavily attacked industry verticals and the new structure of the report shows that the number one channel of attacks was, by far and away, threats against and compromises of the PoS system yet for all that the report offers nothing more than old school, pat security solutions such as “Use AV”, “Limit Remote Access” and “Segment the Network”. While these are all fine techniques to apply to increase base level security stance, the time has come for retailers to get out of the security dark ages and begin to take cutting edge approaches that respect the increased focus bad actors are giving their businesses.

Takeaways:

  • Retail organizations are increasingly being seen as low hanging fruit when it comes to financially motivated security threats
  • Core capabilities of how these companies run their business are being directly, and successfully targeted
  • Retail sector spending on IT security lags the market in general and lags significantly on a spend:threat ratio

Presented by:

Andrew Tuck, Director of IT Security (CISO), Costco View details

 
 
 

10:20 am - 10:50 am

Executive Exchange

 

Thought Leadership

Securing the Mobile, Cloud-First Enterprise

More and more organizations are embracing the cloud and mobility to improve productivity and make their business more competitive. This is turning the current security landscape upside down. At the same time newer, more advanced threats are creating new risks that traditional security appliances struggle to keep up with. CIOs and CISOs are looking for new approaches to securely adopt cloud and mobility.

In this session Zscaler will discuss why many IT organizations are choosing to adopt a cloud-based approach to securely enable mobility, cloud applications and social media, while ensuring compliance and reducing risk. The audience will learn how a cloud security strategy can help them. Protect users from advanced threats:

  • Why traditional security appliances are failing
  • Why full SSL content inspection is necessary to detect emerging, advanced security threats
  • How to embrace cloud with full visibility and control of Shadow IT Get real-time visibility and control: mine billions of user transactions in seconds to quickly identify gaps in security and ensure compliance with corporate policies.

Sponsored by:

Zscaler View details

 
 
 

10:55 am - 11:25 am

Executive Exchange

 

Roundtable

TBD

Sponsored by:

E8 Security View details

 
 

Roundtable

TBD


Sponsored by:

VMware View details

 
 
 

11:30 am - 12:00 pm

Executive Exchange

 

Roundtable

Gaming the Domain Name System: How Bad Guys Use DNS To Commit Online Fraud

What’s in a domain name? The answer – a lot. A domain name represents a company’s brand, trust, values and good will. Cybercriminals take advantage of this trust by abusing domain names to commit fraud, phishing, or other malicious activities.

In 2015, Operation In-Our-Sites (IOS) took down nearly 1000 websites selling counterfeit goods. What are you doing to protect your brand online?

Inducted into the Internet Hall of Fame for work related to the Domain Name System (DNS), Farsight Security CEO and cofounder Dr. Paul Vixie will discuss how every online transaction – good or bad – begins with a DNS lookup. He will provide real-world examples of how bad guys are gaming DNS to commit online crime as well as practical steps and tools organizations can utilize to protect their brand online to secure their organization.

Takeaways

  • DNS is the underlying infrastructure of the Internet. Every online transaction – good or bad – begins with a DNS lookup
  • Bad guys abuse domain names to commit fraud, gain entry into your network, more
  • By putting in place the right tools and processes, you can minimize your risk to domain abuse and stay ahead of the bad guys

Sponsored by:

Farsight Security Inc View details

 
 

Roundtable

Identity and the New Age of Enterprise Security

From a technology standpoint, as a “society” the world of business has gone through two distinct stages in the evolution of its information security focus. The first addressed network based protection and preventative controls such as firewalls and anti-malware. The second looked at data-centric and detective controls such as encryption and intrusion/extrusion monitoring. Since breaches continue to occur at a record pace, what is need new is clearly a new evolution, one that pushes towards individual focused security through granular user monitoring and management as provided by solutions such as Identity and Access Management. While IAM isn’t a new technology field, it is one whose time has come and CISO need to begin investing in modern-day, light-weight, easy to implement IAM solutions now to stay ahead of the curve, and reduce enterprise threats. 

Takeaways: 

• The breach onslaught demonstrates that existing security solutions are incapable of defending current threats 

• Enterprises need to begin looking at security from an activity perspective rather than an artifact perspective 

• IAM provides activity insight, and therefore threat awareness, no other platform can equal

 

12:05 pm - 12:35 pm

Executive Exchange

 

Think Tank

Is Security Obscuring the Benefit of the Cloud?

Cloud delivered computing services, whether Software, Platform, or Infrastructure as a Service offer the potential of significant business advantages such as reduced cost and increased flexibility. These advantages however come with very real risks, chief among them security concerns and the risk of data and compliance breaches – how do you secure what you can’t see, touch, and control? Join our panel as we explore both the security and compliance issues inherent in Cloud deployments, look at the hidden issues that first time Cloud adopters may simply not be aware of, and discuss through solutions that can be used to address these challenges and allow enterprises to fully and firmly embrace the Cloud.

Takeaways:

  • Be exposed to the true security and compliance cloud threat landscape
  • Learn how successful cloud adopters have mitigated these risks
  • Discover how to build cloud protection capabilities keyed to your needs

Presented by:

BG Badriprasad, Chief Security Architect, Ross Stores

 

Think Tank

Security in an Outsourced World

Building security into your enterprise processes, and integrating it with your existing technology investments has never been more critical or complicated than it is in this era of decentralized computing, and ever-tightening compliance requirements. Furthering this complication is the impact that partnering deals can have since infrastructure, applications, and even data may no longer be under your direct control. To be able to ensure efficient and effective security capabilities you need to understand the nature of the threats that exist today, the impact a sourcing relationship can have on these threats, and the mitigation strategies and tools key industry leaders are using to address the challenge.

Takeaways:

  • Social, Mobile, Cloud, and Analytics is already having a significant impact on enterprise security, sourcing potentially adds another layer of complexity
  • Beyond “simple” security however there are also issues such as privacy and compliance that also need to be considered
  • Investing in the right tools and practices is essential to weather the storm without breaking the bank

Presented by:

Brian Mork, CISO, Celanese View details

 
 
 

12:40 pm - 1:40 pm

Networking Luncheon


 

1:45 pm - 2:15 pm

Executive Exchange

 

Think Tank

Building a Collaborative and Social IT Security Program

In today’s environment there can be no arguing that a comprehensive IT Security program is a de facto requirement for every organization. Such a program needs to address the full range of security threats that can be leveraged against an organization, needs to be integrated into whatever regulatory and governance requirements exist, but beyond that it needs to be accessible, consumable, and actionable by everyone that is influenced by it, or interacts with it. Building a program that is shared through social channels and relies on the collaborative input of employees and constituents for not only creation but enforcement will drive higher levels of adoption, responsiveness and, ultimately, protection.

Takeaways:

  • A security program, that is the stated intentions of the organization combined with the policies and tools to back those intentions up is essential
  • The program needs to be easily communicated, easily consumed, and easily complied with
  • Using an open social and collaborative approach to creation, distribution, and enforcement ensure greater adoption and ultimately greater security

Presented by:

Ron Green, EVP, CISO, Mastercard

 

Share:

Think Tank

Best-of-Breed or Consolidated: Principles in Security Architecture Design

When it comes to implementing network security infrastructure there are two schools of thought: use best-of-breed point solutions, or go with all round consolidated platforms. Pros and cons abound for either approach revolving around varying levels of protection, integration, and administrative overhead but the increasing complexity of current security infrastructure is showing a winning approach. Even though consolidated solutions may offer greater benefits in the long run, no one exists in a green-field situation when it comes to network and infrastructure security so careful planning is required to ensure the necessary protection.

Takeaways:

  • The management burden of best-of-breed outweighs performance benefits
  • Consolidated platforms can lead to feature overlap and unnecessary cost
  • Planning is required to maximize coverage but minimize effort and spend

Call for Speakers

 

2:20 pm - 2:50 pm

Executive Exchange

 

Thought Leadership

Strategic and Secure Mobility

Is mobility a cost? Or is it a key part of your strategy for business success? Many businesses are leveraging mobility to generate real and measurable returns and to increase their competitiveness. How? Join CDM Media and BlackBerry as we explore ways in which companies can strategically manage their mobility investments. 

 In our session we'll look at security - again from a strategic viewpoint. Security covers a wide range of issues in the modern enterprise. While protection of data is at the forefront, security involves many other aspects and issues from secure collaboration to the security and protection of employees in an increasingly tumultuous world. We'll deal not only with securing mobility, but how the strategic use of mobility can make you more secure.

Sponsored by:

BlackBerry View details

 
 
 

2:55 pm - 3:25 pm

Executive Exchange

 

Roundtable

TBD


Sponsored by:

enSilo View details

 
 

Roundtable

Applying Big Data Principles to Security Paradigms

Volume, variety, velocity, veracity; all four of the hallmarks of Big Data have a clear fit in the world of security as the number of threats grows, their natures diverge, the speed with they are encountered (and subsequently have to be dealt with) accelerates, and the need to be ever more accurate enhances. As enterprises have made significant investments in Big Data programs and analytics platforms, they are beginning to reap real benefits in terms of business efficiency and innovation. The time then has come to begin applying those same principles and platforms to the security challenges facing enterprises to allow for faster, more effective overall security.

Takeaways:

  • The nature of the enterprise security challenge closely mimics many of the Big Data challenges business are beginning to learn how to solve
  • Just as Big Data challenges required different tools to address for Line of Business and “general” IT issues, so they will for information security challenges
  • Security must become the next focus for analytics capabilities, and analytics the next focus for security professionals.
 

3:30 pm - 4:00 pm

Executive Exchange

 

Roundtable

Improving Email Deliverability AND Security

It may seem self-evident, but email is still the predominant form of business communication whether in B2B or B2C channels with business sending over 100 billion emails each and every day. Not all of this traffic is legitimate, desired, or safe however with estimates that as much as 90% of all email traffic can be considered spam or worse. In this environment businesses need to ensure that the email they send is viewed as trustworthy, and that the mail they receive is safe of threats. To do this email authentication is imperative and DMARC, Domain-based Message Authentication, Reporting, and Conformance is the gold standard. While DMARC policies are published to public DNS servers and already protect up to 60% of mailboxes for the most part these are public mailboxes from consumer email providers and many business are still on the outside looking in. Savvy IT Leaders know that they need to leverage commercial solutions that streamline DMARC management for their own email infrastructure to ensure they are protected from threats, and able to communicate with partners, clients, and prospects.

Takeaways:

  • Email authentication is essential in today’s spam-centric world to ensure deliverability of key business communications
  • Email authentication also ensures businesses are protected from the myriad email based security threats that assail them every day
  • DMARC provides this protection but management can be convoluted and time consuming without focused management solutions

Roundtable

Data Centric Security

For years the security focus of the enterprise was to build a hardened perimeter at the edge of the network, an impenetrable shell that kept the good out and the bad in. Over the last few years this model has fallen by the wayside. Technologies such as Cloud and Mobility have pushed the enterprise beyond its traditional perimeter while increased levels of partnership have created inroads through that shell. As a result, infrastructure based security is no longer sufficient or appropriate and enterprises everywhere are having to make the shift to a new security paradigm, one that is centered on the data itself, not on the infrastructure that houses it.

Takeaways:

  • Learn the principles of data centric security
  • Understand the role encryption plays and how it should be integrated
  • Determine when and where data monitoring tools make sense
 

4:05 pm - 4:35 pm

Executive Exchange

 

Share:

Think Tank

To Whom Should the CISO Report?

While security breaches are certainly nothing new, their visibility is increasing and as it increases it places increased pressure on the enterprise to set themselves up for success. To do this, then, is it time to (re)consider the reporting structure of the information security group and the CISO directly? Though these roles have grown up under the umbrella of IT as a whole, in many ways the responsibilities run parallel to those of general IT and forcing them into a reporting structure where they are secondary potentially compromises the opportunity for the CISO, and the information security group, to achieve the success demanded by the enterprise. Has the time come for the CISO to rise in stature and become a peer to the CIO rather than a direct report?

Takeaways:

  • The demands for enterprise security are increasing exponentially as new computing paradigms take over
  • Making security secondary to other IT initiatives and demands ultimately undermines the ability of the CISO
  • Recent findings show that enterprises with a direct CISO to CEO reporting structure suffer significantly less financial loss

Call for Speakers

Think Tank

Building Dynamic Security Teams

There’s no other way to say it than bluntly; Information Security is a white-hot field within Information Technology as a whole – over the last dozen years it has gone from after-thought, to scapegoat, to critical enterprise success factor. As a result, the need for capable and qualified Information Security specialists, whether front-line Analysts, mid-level Managers, or top level CISOs is at an all-time high, but personnel and skills availability is sinking to an all-time (at least in terms of supply and demand ratio) low. There simply isn’t enough expertise in existence to go around, or enough education occurring to create it. In this environment, senior Information Security leaders are having to get creative in their pursuit of the people, performance, and passion necessary to address this capability shortfall.

Takeaways:

  • Learn how to build grass-roots programs that cultivate a farm full of potential security experts through internal and collaborative programs
  • Find out how to leverage key organizational traits to generate buzz and interest where none existed before
  • Understand the relevance of certs vs. experience and how to evaluate and validate the value of candidates
 

4:40 pm - 5:20 pm

Share:

Executive Visions

Shadow IT – To Embrace or Eliminate?

DNS is a core infrastructure component that is often overlooked when thinking about security, often used by the bad guys to compromise an enterprise network. How can the good guys can take advantage of the same DNS data to prevent the bad guys from sneaking in? 

The Power of DNS: Gaining Security Insight Through DNS Analytics. 

DNS is a critical component to all technology running on an enterprise network. Whether that is IT infrastructure, a corporate server, a desktop, a laptop, a POS system, external devices connected to a guest network or even unmanaged devices such as smart phones or any other connected “thing,” they all use DNS to communicate internally and externally. The pervasiveness of DNS and the wealth of data generated by it provide tremendous internal and external visibility into the network that can help manage ever-increasing levels of risk. 

Reason why this material is innovative or significant and/or how you think attendees will be able to apply the knowledge.

DNS Security is generally perceived as either securing DNS architecture and infrastructure from various attack vectors or maintaining a black and white website list to control access to malicious domains – while that is certainly an important part, there are far more security controls, intelligence and benefits that can be obtained from DNS. This material sheds light on the various benefits of DNS to the enterprises and how both internal and external DNS data can be used to proactively mitigate known and unknown threats. After attending this session, attendees will be able to look at DNS from a different perspective.

Sponsored by:

BlueCat Networks View details

 
 
 

5:20 pm - 6:30 pm

Cocktail Reception

 

6:30 pm - 8:00 pm

Networking Dinner

 

8:00 pm - 10:00 pm

After Dinner Networking

 

Tuesday, November 8, 2016 - CISO Summit

7:00 am - 8:00 am

Networking Breakfast

 

8:10 am - 8:50 am

Keynote Presentation

The Three T’s of Cyber Security

Talent, Tools, and Technique: Aetna’s Chief Security Officer, Jim Routh, will share his perspective on what the most important “T” among the three, sharing examples of all of them.

Presented by:

James Routh, CISO, Aetna View details

 
 
 

8:55 am - 9:35 am

Keynote Presentation

Cyber-Espionage and the Advanced Persistent Threat

More and more C-level executives are realizing that cyber security is not just an IT function given the far-reaching and direct impact that cyber security threats can have on current and future business operations. As is evidenced in recent reports from security providers such as Mendicant, McAfee, SentinelOne and others, cyber espionage attacks by APT actors are breaching organizations both large and small, public and private. Whether the objective is Intellectual Property (IP), M&A information, financial records, or other business-sensitive protected data losses can result in significant brand, reputation, and financial impacts. To counter these risks, CISOs need to realize that traditional security techniques are insufficient, and that a new tier of security solutions are required to defend against the APT attack.

Takeaways:

  • The era of cheap, powerful, and unique security threats is upon us and in this era traditional tools are insufficient
  • These Advanced Persistent Threats can be targeted at any organization, not just the biggest and the richest
  • Tools that allow for quick detection AND dynamic response are key; it’s not just finding the door is open, but closing it quickly that is key
 

9:45 am - 10:15 am

Executive Exchange

 

Think Tank

Avoiding ERM for the Sake of ERM

In many ways ERM, or Enterprise Risk Management, has become just another buzz word that is bandied around without any clear understanding of its meaning, any clear understanding of its value, or any clear understanding of how it can be achieved. ERM is not a project or a task on a list to be checked off. Instead it is a fundamental change in how an enterprise approaches the way it conducts its business to ensure that all possible impacts to its capital and earnings are identified, quantified, and mitigated. Such a sweeping paradigmatic shift isn’t something that can be taken on lightly and enterprises seeking to just place a check mark next to a to do list line item will be sorely disappointed in their results.

Takeaways:

  • ERM is a way of life, not a one-time effort and the only way to value is to come to that realization early
  • To be successful, an ERM deployment must be sponsored from the top and have the involvement of every level and every department
  • Even though ERM initiatives are all-encompassing it’s best to start small; trying to boil the ocean is the surest way to failure and loss of good will and buy-in

Share:

Think Tank

Dealing with the Surge in Public Sector Security Threats

Verizon’s 2014 Data Breach Investigation Report has recently been released, and the statistics, as they pertain to the public sector are nothing less than staggering as public entities reported over forty-seven thousand security incidents. A significant reason for this is US government agency reporting requirements that demand the reporting of even minor incidents, rules that other organizations do not have to comply with. More telling is that only Financial Services organizations suffered more incidents with confirmed data loss than various public entities. The messaging then is clear; the public sector is under sustained and concerted attack, and the need to take action has never been stronger. Join us as we discuss the nature of the challenges that afflict the public sector and explore strategies for dealing with the tidal wave of attacks.

Takeaways:

  • The volume of threat data leveraged against government bodies shows that not all threats are directly financially motivated
  • Security spending as a percentage of budget is low across the board but lower still for public sector so ensuring adequate protection is challenging
  • Public sector needs to get creative to ensure appropriate protection, leveraging not just tools but greater internal awareness and training

Call for Speakers

 

10:20 am - 10:50 am

Executive Exchange

 

Thought Leadership

Balancing Reactivity and Proactivity in Enterprise Security

As with all things in life, the focus on how to conduct enterprise security ebbs and flows between varying degrees of reactivity and proactivity. In the old school “Security 1.0” world, where the focus was almost completely on network security, efforts were in general proactive in nature with firewalls and anti-malware seeking to prevent threats before they even occurred. This didn’t work so well and so “Security 2.0” focused on reactivity, wrapping things like encryption around the data so that even if a breach occurred, the loss would be mitigated. Yet breaches, and losses, continue to occur. So if primarily proactive security doesn’t work, and if primarily reactive security also doesn’t work, how then do we find the right balance between the two to find a security posture that does work?

Takeaways:

  • Proactive security measures, those that prevent a threat from occurring are valuable and necessary but haven’t proven effective
  • Reactive security measures, those that mitigate a threat that has occurred are also valuable but complicated a limit enterprise efficiency and efficacy
  • A new approach is needed, but is that one that blends techniques or one that finds new approaches (whether they be reactive, proactive, or both)?
 

10:55 am - 11:25 am

Executive Exchange

 

Roundtable

How to be Socially Secure (or Securely Social)

Social media is the least hyped and potentially least adopted of the so-called disruptive technologies, at least by enterprises in general. This doesn’t mean that employees are embracing these tools personally however, nor does it mean that enterprises should continue to avoid them. The fact of the matter is social platforms allow for incredible levels of interaction that when harnessed can lead to significant creativity and productivity gains allowing enterprises that adopt and encourage the use of social collaboration platforms to be more successful than their non-social peers. But every newly adopted technology brings with it unique problems and so it is the CISOs job to provide the secure landscape within which this social collaboration, both internal and external, sanctioned and not, can occur.

Takeaways:

  • Your employees are already social whether you realize it or not, facilitate it or not so ignoring the issue only leads to greater security problems
  • Social collaboration presents a real security threat as information is more freely shared, and interactions occur outside the boundaries of enterprise control
  • Social security programs must be built in layers, addressing first unsanctioned use, then sanctioned all while differentiating between internal and external social activity

Roundtable

Addressing Privacy on a Global Scale

Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.

Takeaways:

  • Privacy is one of the most challenging issues for any business and CISO to address
  • The difference in regulations between and among European countries (both those in and out of the EU itself) and North American ones means traversing a fraught landscape
  • A strong approach to privacy that addresses global differences is essential to being a stable and viable global business

Sponsored by:

IBM View details

 
 
 

11:30 am - 12:00 pm

Executive Exchange

 

Roundtable

Security and Compliance; Chicken and Egg or Chalk and Cheese?

Since regulatory (and industry) compliance became a notable “thing” in the early-mid 2000’s it has been intimately linked with information security and often times has been the lever (or hammer) by which enterprises made necessary investments in security. But being “compliant” and being “secure” aren’t the same thing, and in too many cases enterprises that were perfectly compliant have been perfectly breached. A new focus is needed; one that respects that while security and compliance are not the same thing, they are working towards the same goal (a reduction in overall enterprise risk exposure) and sees that compliance flows from security.

Takeaways:

  • While a secure company is likely a compliant company, the same cannot be said of the reverse situation
  • Just because compliance has loosened the purse strings doesn’t mean it takes a pre-eminent position on security investments
  • Reducing enterprise risk is the goal of both practices but without appropriate focus on both is a goal that will never be achieved

Roundtable

Securing the Mobile Workforce

As enterprise IT is increasingly being delivered by mobile computing platforms, the nature of security threats, as well as the manner in which security is delivered is changing. Mobility pushes computing well beyond the traditional network perimeter meaning not only are new security paradigms are required to protect devices and data from direct threats, but the network itself from threats leveraged through those devices. While traditional security measures aren’t dead, by themselves they are certainly no longer sufficient, and IT departments must invest in new technologies, new processes, and new approaches to ensure sufficient levels of enterprise protection.

Takeaways:

  • Understand the nature and magnitude of the new threat landscape
  • Discover the tools and techniques best suited to address these new threats
  • Learn how to best protect your business in an ever more connected world
 

12:05 pm - 12:45 pm

Share:

Executive Visions

Diversity in IT

The importance technology plays within an enterprise will only continue to gain momentum as more developers, engineers, and programmers enter the workforce. As these segments continue to grow, so does the diversity of the workforce within the technology field. For a field that is severely constrained by a talent and skills gap, this influx of bodies can only be a good thing. Beyond the basic ability to deliver of identified capabilities a diverse workforce, whether cultural or gender influenced offers a whole that is more than the sum of the parts. Finding ways to drive and increase diversity in IT then should be a key focus for every IT executive.

Takeaways:

  • Identify the importance behind diversity in technology, opportunities, and capabilities
  • Discuss the importance of cultivating diversity at the grass-roots level and building post-secondary programs that drive awareness of and interest in IT
  • Understand the hurdles that exist that limit the prevalence of diversity in IT, and what steps must be taken to lower, if not eliminate, them

Presented by:

Tess Martillano, Managing Director, Global Head of IT Risk Management (C-SIRO), BNY Mellon

 
 

12:45 pm - 12:55 pm

Thank You Address and Closing Remarks

 

1:00 pm - 1:30 pm

Grab and Go Luncheon

 

1:30 pm - 2:00 pm

Shuttle-Bus to Golf Tournament

 

2:00 pm - 5:00 pm

Nine-Hole Golf Tournament

 

5:00 pm - 5:30 pm

Shuttle-Bus back from Golf Tournament

 

5:30 pm - 6:30 pm

Networking Cocktail Reception

 

6:30 pm - 8:00 pm

Networking Dinner

 

8:00 pm - 10:00 pm

After Dinner Networking