Conferences that solve current IT challenges

Enterprise Risk / Security Management

Strategies for adopting a comprehensive IT GRC (Governance/Risk Management/Compliance) approach to managing information adhering to business needs.

October 24, 2013


7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois


In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • CISO: The Execution Game – How to Implement Measures for Success

  • Attack Mitigation using the 20 Critical Security Controls

  • How Security and the CSO Can Provide Business Value (Panel)

  • Advanced Persistent Threats: Who Are the Attackers, What Are They Doing and How Can You Mitigate

  • Cloud and Mobility: How to Build a Framework for Securing Disruptive Technologies

  • Data & Risk Classification: How to Involve the Business (Panel)

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast



CISO: The Execution Game – How to Implement Measures for Success

Greg Bee, CISO, Country Financial and Insurance

This presentation will cover the elements of an effective information security program and how they can be turned into measures of execution. Attendees will learn how the success of the program can be measured and portrayed showing the overall value of the program for an enterprise. Greg will discuss how he and his team are putting in measures of execution at COUNTRY (not just metrics) that help us drive what we feel is really important to accomplish.

Areas that will be covered include:

  • Characteristics of an effective information security governance program
  • Key CISO disciplines
  • Key information security program organizational and transformational aspects for an enterprise
  • Key information security business expectations and activities
  • Key information security metrics and measurements
  • Business alignment with information security
  • Key information security program disciplines

10:00am -10:30am - Refreshment Break



Attack Mitigation using the 20 Critical Security Controls

Michael Smith, Security Consultant, ePlus Security

Protecting your organization’s critical assets, such as data, people, and infrastructure, is one of the most important tasks facing Security professionals. The 20 Critical Security Controls are a public security framework designed to help organizations defend their critical assets against many of today’s most common security threats. Created by SANS and maintained through the Consortium of Cybersecurity Action (CCA), the controls enforce the notion that prevention and detection are critical in today's threat landscape and advocates using offensive knowledge to strengthen defense.

This talk looks at the 20 Critical Security Controls from the view point of an attack against a network. It takes the audience through four difference attack phases and shows how the controls help to mitigate the attack. Attendees are shown how the 20 Critical Security Controls can protect their organization and given advice on how to implement the 20 Critical Controls in their organization.
In this session, attendees will learn:

  • History of the 20 Critical Security Controls
  • What controls are included in the 20 Critical Security Controls
  • How the 20 Critical Security Controls can help protect your network
  • How the 20 Critical Security Controls help mitigate each attack phase
  • How to plan adoption of the 20 Critical Security Controls








How Security and the CSO Can Provide Business Value (Panel)

Eric Robinson, RSD - Identity and Security Management, Dell Software
Todd E. Petty, IT Security Program Manager, True Value
Todd Fitzgerald, Director of Information Security, Grant Thornton International Ltd.
Dr. John Johnson, Global Security Strategist, John Deere
Waqas Akkawi, Director Global Information Security, SIRVA Inc.
Prasanna Ramakrishnan, CISO - VP - IT Risk, Security & Compliance Management, Career Education
and other CISOs and Security Directors sharing experiences and lessons learned

In this session, attendees will learn from a panel of IT security executives as to the strategies they are leveraging to insure their efforts are in sync with business priorities.

Topics covered:

  • How to identify leverage the following areas of value: reputation, regulation, revenue, resilience, and recession for continued investment and security spending
  • How to assess, understand and define security’s current and future roles in the extended enterprise
  • Where are security investments being made on personnel, processes, and technologies
  • What does security need to specifically achieve for the enterprise in terms of protecting current business processes and enhancing future revenue growth

12:30pm - 1:30pm Luncheon



Malware and APTs; How Do We Defend Against These Modern Threats?

Jibran Ilyas, Incident Response Lead, Halock

The online world is becoming more troubling every day. The motivations of these attackers can be profit, ideology and nationalism. Beyond the reasons, what can you do to understand these threats and mitigate them before they cause significant damage to your enterprise?

In this session, attendees will learn:

  • Who are the attackers and why
  • What are the most common threats
  • Steps you can take to mitigate their actions
  • How to refine your security risk framework to plan for advanced persistent threats

2:30pm - 3:00pm - Refreshment Break



Cloud and Mobile: a Framework for Building and Deploying Secure Applications

Danny Harris, Senior Security Consultant, Security Innovation, Former Manager, Information Security Policy and Awareness, The Aon Corporation

Cloud and mobile technologies provide expanded features for your clients; but, there are security tradeoffs: less control of data, new vulnerability classes, unique threats, and compliance challenges. Although each platform offers some security functions and built-in defenses against attacks, there are unique threats to each platform that elevates your organization's risk profile.

This presentation will describe application security controls and methodologies that you can implement to ensure key threats are mitigated during development and deployment. Practical techniques and best practices will be discussed -- actionable security measures for executives to bring back to their organizations.

Topics covered:

  • Unique security challenges of each platform
  • Shields Up! Defending cloud and mobile applications from attack
  • Adopting a Secure Software Development Lifecycle (SDLC)
  • Building security in with design and defensive countermeasures
  • Leveraging the power of threat modeling as a low-investment, high-payoff effort for mobile and cloud security risk management






Data & Risk Classification: How to Involve the Business

Richard Thompson, Director, Professional Services, Guidance Software
Panelists will include:
Leilani Lauger, Information Security Officer, University of Chicago
Erik Devine, Chief Security Officer, Information Services, Riverside Medical Center
Mark Guth, Director of Security, AGL Resources/Nicor
and other CISOs sharing their experiences

In this session, attendees will learn from CISOs as to how they are implementing a Data & Risk Classification process to determine the risks of different types of data, who has ownership of it and how to make sense of the results.

Conference Price: $269.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)˛, Inc.


As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.