Conferences that solve current IT challenges

Enterprise IT Risk / Security Management

Strategies for adopting a comprehensive IT GRC (Governance/Risk Management/Compliance) approach to managing information adhering to business needs

June 21, 2012

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Bio

Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • Risk Reduction: How to Avoid Being the Next Data Breach Headline

  • The "Right-Sized" Information Security Management System

  • How Security and the CSO Can Provide Business Value (Panel)

  • How to Manage the Risk of Application Security

  • Consumer Technology in the Enterprise: How to Manage Security Risks while Maximizing Productivity (Panel)

  • Cloud Security: How to Manage the Risk When Utilizing Cloud Computing (Panel)

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

Sabaj

9:00am-10:00am

Risk Reduction: How to Avoid Being the Next Data Breach Headline

Tony Sabaj, Regional Engineering Specialist, Data Loss Prevention, Check Point Software

Data breaches have a huge impact on the economy. Consumers and business get hurt, shareholders lose faith and suppliers question the viability of the company they are doing business with.

How do you protect your organization so that you are not the next data breach headline in the media?

In this session, attendees will be provided with a framework that answers the following:

  • How to determine which types of data pose the most risk
  • How to assess your organization's risk of a costly data breach
  • How to develop a Data Protection Program to reduce your risk
  • How to get executive buy-in for your Data Protection Program

10:00am -10:30am - Refreshment Break

Cronin

10:30am-11:30am

The "Right-Sized" Information Security Management System

Chris Cronin, Principal Consultant, Halock Security Labs

 Identifying, evaluating, and treating information security risk is now required by many laws, regulations, and standards (such as PCI DSS 2.0, HIPAA, CMR 17.00, and others). And for good reason. Risk management helps organizations achieve due diligence and reduce their liability even before they meet full compliance However, many organizations attempt compliance without understanding how risk management works, making compliance costly and difficult to maintain over time. Further, while the ISO 27001 Information Security Management System provides the gold standard, it often proves to be too challenging for many organizations. How can an organization make managing information security risks easier without taking on ISO 27001?

In this session, attendees will:

  • Learn why risk management has become the standard requirement for information security laws and regulations
  • Gain an understanding of what an information security management system is and how it functions
  • Understand the fundamentals of identifying, assessing and managing risks
  • Learn how to address compliance requirements by using risk management tools
  • See how risk oversight works to measure and reduce risks to meet legal requirements
  • Be exposed to tools that help management reduce risks and oversee compliance
  • Receive a high-level roadmap for building an information management system

Diaz

Schaufenbuel

Yetnikoff

11:30am-12:30pm

How Security and the CSO Can Provide Business Value (Panel)

Moderator: Che Bhatia, Solutions Engineering Manager, Nexum, Inc.
Panelists:
Rafael Diaz, CISO, State of Illinois
Bradley J. Schaufenbuel, CISSP, CISM, Director of Information Security, Midland States Bank
Arlene Yetnikoff, Director-Information Security, DePaul University
Mahesh Babu, VP - Sr. Manager, Privacy, HSBC
and other CISOs/Security Directors from Enterprise IT Departments

In this session, attendees will learn from a panel of IT security executives as to the strategies they are leveraging to insure their efforts are in sync with business priorities.

Topics covered:

  • How to identify leverage the following areas of value: reputation, regulation, revenue, resilience, and recession for continued investment and security spending
  • How to assess, understand and define security’s current and future roles in the extended enterprise
  • Where are security investments being made on personnel, processes, and technologies
  • What does security need to specifically achieve for the enterprise in terms of protecting current business processes and enhancing future revenue growth

12:30pm - 1:30pm Luncheon

Tillett 

1:30pm-2:30pm

Threat Management: The Holistic Security Landscape and New Methods of Protection to Thwart the Threats

Brian J. Tillett, CISSP, CCSK, IKMJ, Chief Security Strategist, Symantec Public Sector

Content that will be covered in this session:

  • An understanding of our adversaries and some of their tactics.
  • How to address the Digital Native as they enter the workforce.
  • An understanding of the range of Mobile Devices, the risks they introduce; and technology spaces to address them.
  • Changing the game from defensive security practices to offensive security strategies across all aspects of security: endpoint, information, network, application, system, and associated.

2:30pm - 3:00pm - Refreshment Break

Kwong

Shi

Covert

Kern

3:00pm-4:00pm

Consumer Technology in the Enterprise: How to Manage Security Risks while Maximizing Productivity

Moderator: James Trethaway, Business Solutions Director, AdvizeX Technologies
Panelists:
Fred Kwong, Senior Security Manager, US Cellular
Joshua Shi, Lead, Information Security Sourcing / Vendor Management, Walgreen Co.
Todd Covert, IT Security, Risk and Compliance, Baxter Healthcare Corporation
Michael Kern, IT Manager, WitteBros Exchange
and other IT risk leaders will share their experiences and lessons learned

As employees become increasingly mobile through consumer technologies, IT systems and information become more vulnerable to security risks and breaches. The major challenge becomes how to effectively manage these risks while maximizing employee productivity.

In this session, attendees will learn from a group of seasoned IT security executives as to how they are handling these challenges.








Rushing

Zoline

Reva

4:00pm-5:00pm

Cloud Security: How to Manage the Risk When Utilizing Cloud Computing (Panel)

Moderator: Jeff Mullarkey, CEO, RKON
Panelists:
Richard Rushing, CISO, Motorola Mobility
Kenneth Zoline, Global Security Program Manager, IBM
Nikita Reva, Global Security Assessment Specialist, Mars Information Services-Chicago
and other professionals from IT departments

Cloud Computing is yet another disruptive technology that is promising to deliver huge benefits. But with any disruptive technology there are security and risk concerns that need to be addressed.

What questions should you be asking potential cloud providers? How should you modify your own security and risk procedures?

In this session attendees will learn how to adjust their security/risk programs to account for the following areas:

  • Abuse and Misuse of Cloud
  • Insecure APIs/Interfaces
  • Insider Threats
  • Shared Technology Issues
  • Data Loss or Leakage
  • Service & Account Hijacking
  • Unknown Risks
  • Customer information in the cloud
  • Managing Identities and authentication

Conference Price: $259.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)˛, Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.