CISO Summit Agenda
June 7-8, 2012

Networking Opportunities & Session Breaks

Executive Exchange

CISO Keynote Presentation

CISO Focus Group

A visionary speaker addresses the entire summit audience on a topic determined by the CISO Content Committee.

Led by a vendor, these sessions allow executives to discuss business drivers within a particular area of technology. Presentations are 15-20 minutes followed by 10-15 minutes of Q&A.

CISO Executive Visions

Analyst Q&A Session

A panel of IT executives has an in-depth discussion on a critical IT business topic. Audience members have an opportunity to pose questions to the panelists and moderator.

A high-impact, open-forum session covering the latest technology research and led by a member of our analyst partner community.

CISO Thought Leadership

Vendor Showcase

Led by a member of the vendor community, these sessions will provide an overview of cutting edge technology topics and pressing business concerns.

Presented by a member of the vendor community, these sessions are divided into three 10-minute long elevator pitches on the newest technology solutions and services.

CISO Think Tank

CISO Case Study

Focusing on a specific topic or initiative, these interactive, open-forum style sessions allow the attending 15-20 executives to discuss best practices and have lively debates.

Learn about recent technology implementations from the IT executives who drove the projects at their organizations. Presentations are followed by Q&A sessions.

CISO/CTO Roundtable

CISO Open Forum Luncheon

An interactive, focused session led by either an analyst, industry expert or member of the vendor community.

Led by a moderator, these sessions allow attendees to have informal discussions on pre-determined technology topics.

Thursday, June 7th, 2012 - CISO Summit

7:15am - 8:15am

Breakfast Registration & Greeting to the CISO Summit

8:15am - 8:30am

Welcome Address

Presented by Master of Ceremonies

Making Innovation Real

8:35am - 9:20am

Opening CISO Keynote Presentation

Secure Management of Mobile Assets, Content and Applications

Mobile security has evolved well past device restrictions and passcode policies. Enterprises must adopt and implement more advanced security techniques to protect sensitive content, mobile applications and access to internal enterprise and cloud services. This opening keynote session will cover:

Executive Exchange

Thought Leadership

Harnessing Mobility and Extending the Enterprise, Securely

The rapid proliferation of mobile devices in the enterprise coupled with the easy, anytime, anywhere availability of the cloud has created new avenues for increased collaboration and productivity for employees. Though productivity gains can be substantial, so are the potential information risks posed by employee installed consumer/prosumer cloud products.

Attend this presentation where we'll discuss how IT is addressing these questions and learn how you can build a comprehensive approach that covers mobile, cloud, and the enterprise within a secure and compliant infrastructure that doesn't impede on the ease-of-use and access expectations of employees.

Sponsored by

Executive Exchange

Roundtable

Roundtable

Sponsored by

10:30am - 10:45am

Networking Break

Executive Exchange

Thought Leadership

Sponsored by

11:25am - 11:55am

Executive Exchange

CISO Think Tank

Presented by:

Mike Villegas, Director Information Security, Newegg.com

CISO Think Tank

Security and Compliance in Clouds - Why do Clouds make Datacenter Security a New Problem, and What Should I Actually Do About It

You've probably heard all about how nervous everyone is about security and compliance in environments using Virtualization and Cloud Computing. This session will explain what's so different "under the hood" in these platforms. Whether it's a Private or a Public cloud, these new architectures accidentally create new weaknesses and vulnerabilities that CIO's need to know the real causes of. An understanding of why one can't use yesterday's tools for today's problems will be developed. Some actual attacks and compromises will be reviewed for your amusement, illustrating the points. The session will then wrap up giving some concrete suggestions on where to turn for help. Key specifications, standards and organizations will be reviewed, and also some new technical solutions, born in this brave new world, will be highlighted.

Presented by:

David Bernstein, Chairman, IEEE Cloud Computing Standards Committee

and Sr. Architect NIST/US Dept. of Commerce Cloud Computing Project

12:00pm - 12:30pm

Executive Exchange

Thought Leadership

External On-Line Storage Sites

Enterprise employees have a growing need to share information externally and to move information in/out of the company in an easy, yet secure manner. Simply putting a semi-controlled SharePoint site does not seem to satisfy that need. The market has provided thousands of these sites with inexpensive, easy-to-use mobile applications from just about any kind of device, e.g., Google Docs, DropBox, YouSendIt, Box.net, Evernote. Without guidance and standards to control use of these sites, employees may expose sensitive company documents to third party services without appropriate security controls, i.e., encryption, authentication, access management, etc. This session is intended to stimulate discussion and exchange approaches to dealing with this issue, whether by blocking, corporate standard solutions or user awareness.

12:35pm - 1:35pm

Networking Luncheon

Raising the ROI of IT

Executive Exchange

Roundtable

SIEM and the Creation of Actionable Intelligence:

Moving from Monitoring to Incident Detection and Response

Traditional models to monitor security events are failing in the light of today's attack environment. Monitoring logged events across key system resources is not enough. This approach needs to be enhanced by business use cases, actionable security intelligence, and timely incident response.

What steps have you put in place to interpret your monitored logs into meaningful security intelligence? A security solution which embraces log management must embed necessary business use case-driven rule building procedures, correlation processes, global intelligence feeds, and best practices, in order to create the methodology necessary to detect & respond to the current threat landscape.

Sponsored by

Roundtable

2:20pm - 2:50pm

Executive Exchange

CISO Think Tank

Presented by:

Don Devine, Director, Information Risk Management, Coventry Healthcare

CISO Think Tank

Presented by:

Matthew Reed, Director, Information Security Compliance and Awareness,

Consolidated Graphics, Technology Services & Solutions Group

2:55pm - 3:25pm

Executive Exchange

Roundtable

Roundtable

3:25pm - 3:40pm

Networking Break

Executive Exchange

Thought Leadership

Data-Driven Security

With concern growing about the increasing volume and sophistication of threats, and the questions they raise about the effectiveness of legacy defense, organizations seek more timely, accurate and detailed insight into high-risk activity, both inside the organization and beyond. Today, the rise of "Big Data" and more effective analytics for turning insight into action offer new potential for building a more "data-driven" approach to security management.

In this session, participants will discuss questions such as: How are security teams turning an avalanche of data into an advantage? How are they making use of new approaches to data management and analytics? Does data sharing with other organizations help, or does it pose more risk than opportunity? What are the greatest concerns or frustrations with security data management, and where do current approaches need to change?

Executive Exchange

Roundtable

Roundtable

4:55pm - 5:55pm

CISO Executive Visions

Mobility/Wireless Trends and Security

The mobile/wireless trend has been transformational for North American enterprises, with customers so far ahead in their approach to mobility that it will be crucial to allocate major capital investments and promote innovation and technologies that can restructure their e-commerce infrastructure. In addition, the proliferation of personal devices and a growing demand from employees are changing the ways in which organizations deliver mobility solutions to the workforce. Deployment of mobile marketing strategies is already reaching a larger customer base while allowing valuable data to be captured. This executive panel discussion will also look at Mobile Device Management (MDM) software and its benefits both from a security and a content delivery standpoint.

Topics to be discussed include:

• Benefits of mobile platforms and unified communications to make the enterprises more agile and reactive
• Workforce mobility as a tool to engage employees as brand ambassadors and early adopters of disruptive technologies, allowing better alignment between technology and business goals
• Mobile devices as a competitive edge, helping you exceed your customer's expectations and delivering a superior shopping experience
• Identity management and the technical approach to management

Moderator:

Master of Ceremonies

Panelists:

Vito Sardanopoli, Director, IT Security, Quest Diagnostics

6:00pm - 7:00pm

Cocktail Reception

7:00pm - 9:30pm

Gala Dinner & Evening Entertainment

9:30pm - 10:30pm

After Dinner Networking

Friday, June 8th, 2012 - CISO Summit

7:30am - 8:30am

Networking Breakfast

Expanding Business Impact

8:40am - 9:20am

CISO Keynote Presentation

Cloud Gateway - Securing the Enterprise

Desktop virtualization is one of the most transformative technologies to come around in a long time. It is simultaneously simple and powerful, and it promises to revolutionize computing at every level of the organization and beyond. Implementing new technologies, the CISO need to secure the enterprise while - simultaneously - cut costs, streamline operations, and improve performance. Traditionally judged by three financial criteria: initial capital expense, ongoing operating costs, and time to value, these implementations necessitate complex programming, heavy investments in servers and software, training, and disruptive version control.

9:30am - 10:00am

Executive Exchange

Thought Leadership

Sponsored by

10:05am - 10:35am

Executive Exchange

CISO Think Tank

A Matter of Security - The Evolution of the APT Deep Net

Searching the Internet today can be compared to dragging a net across the surface of the ocean. Google does well in casting the net and mining it for profit, but it still doesn't delve far beneath the surface. A few well-tuned botnets however, don't have the limitations of Google, and a case can be made that their "prime movers" are compiling a searchable "Deep Net" using compromised home computers, business networks, harvested credentials and exploited "Trusted" relationships. Deep Net is the natural next step of APT. We will explore this using basic Complex Adaptive System tools and the Threshold effect. We will then theorize how it will look and how it will impact our organizations.

Topics

• The weakest link of cybersecurity. Trusted Access.
• The tight integration of 419 Scams, Botnets and distributed computing
• Complex Adapative Systems and the Threshold Effect
• Deep Net, what it will mean to us

Presented by:

Jim McKenney, VP, Information Security, Valley View Bank

CISO Think Tank

An Open Forum Discussion about SIEM

This session will be an open forum discussion around Security Information and Event Management (SIEM) technology.

Topics to be discussed include:

• For those companies that are utilizing Security Information and Event Management (SIEM) technology, have you seen your organization's needs for a SIEM environment evolve and increase in recent years?


• Are compliance mandates a primary driver? Please elaborate on the types of compliance mandates that your SIEM solution addresses or will help you address.
• What other key drivers or requirements support your business case for the SIEM solution?


• Has your interest and business case to support a SIEM environment resulted in the pursuit of an enterprise-wide solution? Or independent, isolated solutions SIEM technologies and solutions to address different types of needs across your organization.


• Whether you are pursuing or currently have a SIEM solution in place, how important is integration with other technologies, including:


• DLP?
• File Integrity Monitoring?
• IDS/IPS?
• Identity and Access Management Systems?
• MS Active Directory?
• Network Devices (e.g. firewalls, routers, switches, proxies, etc.)
• Other Security Appliances?


• Describe successes or business drivers that have required the integration of one or more of the above technologies.


• Have you encountered any significant obstacles in implementing and/or utilizing SIEM technologies in your environment? If yes, please describe some of your most significant obstacles.


• How much of your SIEM planning and work efforts been devoted toward defining and implementing the processes associated with use the SIEM data, including, for example:


• Creating and reviewing dashboard views, reports?
• Creating, assigning and maintaining alerts or exceptions?


• Have responsibilities and accountabilities with regard to using the SIEM tool been well defined? Outside of Information/IT Security, please describe other groups or users.


• Which group has been assigned with primary responsibility for maintaining the SIEM tool and environment? Please describe your experience in effectively maintaining your SIEM solution.

Moderated by:

Vito Sardanopoli, Director, IT Security, Quest Diagnostics

10:40am - 11:10am

Executive Exchange

Thought Leadership

Is "Virtual" Security a Good Thing?

Virtualization and data growth continue to put pressure on organizations, requiring dynamic performance on one end and large data repositories that can maintain data integrity for many years on the other. When deploying virtualization or a public or private cloud environment, a variety of factors can cause security concern and ultimately inhibit speed of adoption.

This session will identify and discuss will include:

• Securing dormant and in use virtual machines
• Reducing the complexity of your virtual security landscape
• Mitigating cloud security risks
• Navigating policy management guidelines through IT governance

11:15am - 11:45am

Executive Exchange

Thought Leadership

Big Data and Security

As organizations turn to emerging technologies for data management at scale such as Hadoop, security professionals will need to give these new technologies their attention - particularly when Big Data is a primary motivator for the embrace of Cloud Computing. What are participants' security priorities or concerns when it comes to Big Data? What about privacy - both for individuals and organizations whose information is accessed, as well as confidential information of concern to your own organization? Is the need for expertise in security - already a problem for many organizations - further compounded by the need for expertise in the techniques and practices of Big Data, or are the challenges much the same as with other data management techniques?

11:45am - 12:00pm

Concluding Remarks & Takeaways

Presented by Master of Ceremonies

12:00pm - 1:00pm

Networking Luncheon