Conferences that solve current IT challenges

Enterprise Risk / Security Management

Strategies for adopting a comprehensive IT GRC (Governance/Risk Management/Compliance) approach to managing information adhering to business needs.

October 2, 2014

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Bios

Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • Risk Strategy: How to Engage and Educate the Business for Buy-In

  • Hacking of the 3rd Kind – How to Reduce the Risk of the Data Breach

  • Reducing Your Risk: How to Implement an Effective Incident Response Plan

  • Cloud: Security, Control and Governance

  • Reducing the Risk of DDoS Threats: How to Build a Framework to Defend Against These Threats

  • Security/Risk Metrics: How IT Security/Risk Executives are Leveraging Metrics to Gauge Effectiveness of Their Efforts

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

Cronin

Hunt

9:00am-10:00am

Risk Strategy: How to Engage and Educate the Business for Buy-In

Chris Cronin, Principal Consultant, Halock
Steven Hunt, CEO, Hunt Business Intelligence

In this thought provoking session, attendees will learn effective strategies for gaining commitment for business leaders for your risk/security policy.

Attendees will walk away with unique strategies and tactics for building a strong relationship with business stakeholders.





10:00am -10:30am - Refreshment Break

Shteiman

10:30am-11:30am

Hacking of the 3rd Kind – How to Reduce the Risk of the Data Breach

Barry Shteiman, Director of Security Strategy, Imperva

Over the past years, many data breaches have resulted from companies mismanaging the risk with 3rd party software that is used throughout the organization's datacenter and in the cloud.

This talk will walk through defining the problem, show examples of hacking and provide you with sound advice on how to build a defensible strategy.








Thompson

11:30am-12:30pm

Reducing Your Risk: How to Implement an Effective Incident Response Plan

Kevin Thompson, Threat Analyst, FireEye

According to the latest FireEye/Mandiant MTrends report, the median number of days attackers were present on a victim network before they were discovered was 229 days. This presentation will discuss the latest techniques on how cyber actors stay hidden and why Incident Response is becoming critical for every enterprise.

  • Learn about the two most important reasons to include incident response in your security tool kit.
  • We will show which infection vector, web or email, was used most often by advanced attackers.
  • We discuss trends on how attackers are targeting various industries including: manufacturing, financial, healthcare, and more.





12:30pm - 1:30pm Luncheon

Osborne

1:30pm-2:30pm

Cloud: Security, Control and Governance

Robert A. Osborne, Director, Enterprise Technologists, Dell Software

As enterprises increase their use of public, private and hybrid clouds, the need for controls, security, governance and automation becomes more critical. To embrace the benefits of cloud while maintaining security controls should be the goal of every customer. Security is not simply encryption or blocking people from accessing your data. You must take a more comprehensive look at who has access, what do they have access to, how are you “securing” or “encrypting”; do you provide containers; how do you handle Drop Box, iDrive and such; do you have reporting as to any changes in your environment; do you have systems running in the “cloud” that you don’t need or use anymore; management of devices; integration of data sources without sharing your data. All of these are part of what is needed to mitigate and manage the risks and security needs of your business.

In this session we will discuss a few specific third party cloud provider scenarios and how you can secure your data with the same efficiency and flexibility in the allocation and use of resources that you do in your local data centers. We will outline methods to create a stronger systems management portfolio that enhances multi-cloud management which will allow you to integrate your data via the cloud without giving up the security, reporting, compliance and regulatory requirements of your business.











2:30pm - 3:00pm - Refreshment Break

Gates

3:00pm-4:00pm

Reducing the Risk of DDoS Threats: How to Build a Framework to Defend Against These Threats

Stephen Gates, Chief Security Evangelist and DDoS Subject Matter Expert, Corero

Today’s breed of DDoS Attacks and Cyber Threats are not only incredibly sophisticated and designed to wreak havoc on your business, they are challenging to identify, and defend against. Without the proper technology in place to inspect, analyze and respond; any online business is vulnerable to effects of a DDoS attack. This session examines key steps to consider in your DDoS protection plan to enhance your existing defense in depth security strategy and the benefit to a first line of defense approach against the evolving threat landscape.







Joel

Marchewka

Witek

Mock

Shi

4:00pm-5:00pm

Security/Risk Metrics: How IT Security/Risk Executives are Leveraging Metrics to Gauge Effectiveness of Their Efforts

Moderator:
Michael Joel, Security Sales, Dimension Data Americas
Panelists will include:
Edward Marchewka, Enterprise Information Security & Server Operations Manager, Chicago Public Schools
Neil Witek, VP, Information Security Governance, AIM Specialty Health
Kevin Mock, VP, Senior Manager, BMO Harris Bank
Joshua Shi, Head of IT Security, Ceannate Corp.
and other CISOs/Security Directors sharing experiences and lessons learned

In this session, CISOs and other security/risk executives will share they key risk-based security metrics used most often to help gauge the effectiveness of their overall risk/security efforts.
Areas that will be covered include:

  • How to use metrics oriented towards higher order outcomes
  • How to track proactive metrics
  • How to show a reduction in data breaches
  • How to articulate the reduction in unplanned system downtime
  • How to evaluate the length of time to contain security breaches and exploits

Conference Price: $279.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.