Conferences that solve current IT challenges

Enterprise Risk / Security Management

Strategies for reducing risk to the enterprise.

February 5, 2015


7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded


Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois


In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • Calculating Your Acceptable Level of Risk

  • 2014 Lessons Learned and Top Predictions for 2015

  • Reducing Risk: How to Leverage the Threat & Vulnerability Management Maturity Model

  • Control Who is Telling the InfoSec Story

  • How Security and the CSO Can Provide Business Value (Panel)

  • Breaches in 2015: How is this Affecting Your Security/Risk Strategy

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast



Calculating Your Acceptable Level of Risk

J. Wolfgang Goerlich, Security Strategist, CBI

With so many potential risks it can be difficult to determine which an enterprise can live with, which it can't, and which it can cope with when reduced to an acceptable level of risk.

Determining an acceptable level of risk needs to be undertaken when there is a significant change in a business' activities within the environment. Examples are updating policies and training or improving security controls and contingency plans, the risks need constant monitoring to ensure the right balance between risk, security and profit.

In this session attendees will learn how to build a framework to define an acceptable level of risk.

10:00am -10:30am - Refreshment Break



2014 Lessons Learned and Top Predictions for 2015

Terry Kurzynski, Senior Partner, ISO 27001 Auditor, CISSP, CISA, HALOCK Security Labs

2014 was a busy year in the cyber world. As Target, Home Depot, Jimmy Johns, and Sony were hacked. Malware like Shellshock, Heartbleed, and Regin were topping headlines. What can we learn from 2014 to shore up our data security? What can companies expect to see in 2015? This informative talk by Terry Kurzynski, Senior Partner at HALOCK Security Labs will take you through the lessons-learned of 2014 and offer some predictions for the coming year.



Reducing Risk: How to Leverage the Threat & Vulnerability Management Maturity Model

Eric Cowperthwaite, VP, Advanced Security and Strategy, Core Security

Threat and Vulnerability Management combines an understanding of an organization’s assets, information technology infrastructure and systemic vulnerabilities into a coherent whole. A formal TVM Program is a critical component of a robust information security program. It enables an organization to understand 1) how adversaries will take action 2) what vulnerabilities exist within the organization 3) how this combination puts critical assets at risk and 4) how to manage and mitigate that risk.

12:30pm - 1:30pm Luncheon



Control Who is Telling the InfoSec Story

Edward Marchewka, Enterprise Information Security and Server Operations Manager, Chicago Public Schools

As the Board is getting more involved with information security they want answers to questions like, "Are we secure?", and "What are we doing about compliance gaps?", and even "What is everyone else doing?" This talk will take a look at answering these questions by telling the information security story - tying measures and metrics to business outcomes and setting direction based on risk and effort. There will be practical take-always as well as tools to leverage to get the message out and build a culture of security.

2:30pm - 3:00pm - Refreshment Break








How Security and the CSO Can Provide Business Value (Panel)

Robert Cariddi, Vice President, SentinelOne
Victor Garcia, Global Security Officer, Global Treasury Services-Americas, BP
John Johnson, Global Security Strategist, John Deere
Roberta A. Hansen, Senior Manager, IT Risk Management, Abbott
Paul Bivian, CISO, Information Security Office, (DoIT), City of Chicago
Fred Kwong, Head of Privilege Access Control, Farmers Insurance
and other professionals from IT departments

In this session, attendees will learn from a panel of IT security executives as to the strategies they are leveraging to insure their efforts are in sync with business priorities.

Topics covered:

  • How to identify leverage the following areas of value: reputation, regulation, revenue, resilience, and recession for continued investment and security spending
  • How to assess, understand and define security’s current and future roles in the extended enterprise
  • Where are security investments being made on personnel, processes, and technologies







Breaches in 2015: How is this Affecting Your Security/Risk Strategy (Panel)

Wes Withrow, IT GRC Subject Matter Expert, TraceSecurity
Greg Bee, CISO, Country Financial
Mark Guth, Director of Security, AGL Resources/Nicor
Prasanna Ramakrishnan, VP – Information Risk Management, Career Education Corporation
Michael Davis, Chief Technology Officer, CounterTack
and other professionals from IT departments 

According to industry analysts, approximately 50% of organizations have had to reevaluate their information security standards as a result of recent well-publicized attacks.

In this session, attendees will learn from a panel of IT security executives as to how they are updating their security & risk strategies in the wake of massive security breaches.

Conference Price: $289.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)˛, Inc.


As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.