Conferences that solve current IT challenges

Enterprise Risk / Security Management

Strategies for adopting a comprehensive IT GRC (Governance/Risk Management/Compliance) approach to managing information adhering to business needs

June 20, 2013

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Register

Bios

Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

  • Shattered Railroads and Crashing Ships: The Surprising Story of Why Risk Management Dominates Information Security Requirements

  • Using the Top 20 Critical Controls as a Security/Risk Framework

  • How Security and the CSO Can Provide Business Value (Panel)

  • Threat Intelligence: How to Reduce the Business Risk By Understanding New Threats

  • Mobile Technology in the Enterprise: How to Manage Security Risks of BYOD (Panel)

  • Cloud Security: How to Manage the Risk When Utilizing Cloud Computing (Panel)

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

Cronin

9:00am-10:00am

**KEYNOTE**

Shattered Railroads and Crashing Ships: The Surprising Story of Why Risk Management Dominates Information Security Requirements

Chris Cronin, Principal Consultant, Halock

U.S. enterprises tend to think of information security and compliance as a cost that detracts from business. However, laws and regulations are actually designed to make business and security fit together perfectly. The misunderstood nature of the HIPAA Security Rule, 201 CMR 17, Gramm Leach Bliley and Federal Trade Commission rulings is explained in this presentation that weaves together 19th century business history with 20th century legal history and current day information security challenges.

Information security regulations are asking businesses to do nothing more than what we have always done; use our entrepreneurial spirit and business sense to find “reasonable and appropriate controls” to manage our risks. Through anecdotes, illustrations, political cartoons, case law and a thoughtful dissection of risk analysis, the audience will gain a well-informed understanding of how to match their information security compliance requirements with their business purpose.



10:00am -10:30am - Refreshment Break

Smith

10:30am-11:30am

Using the Top 20 Critical Controls as a Security/Risk Framework

Michael Smith, Security Consultant, ePlus Security

ISO 27000, COBIT and other security governance frameworks offer excellent guides for extending an intermediate or mature security program. Unfortunately, organizations with immature or weaker security programs may find implementing one of these frameworks intimidating, costly, and ultimately not worth the effort involved. For these organizations, an alternative exists to help create a functioning security governance program that can later evolve into a higher level security governance framework if desired. The Top 20 Critical controls are a public framework created by SANS through mapping to NIST 800-53. The controls enforce the notion that Prevention and Detection are critical in today's threat landscape and advocates using offensive knowledge to strengthen defense.

This talk uses a hypothetical case study to explain the Top 20 Critical Controls and their inclusion as the basis of a security/risk program. It will include running an assessment to identify implement gaps and thoughts on implementing the controls within an organization. Viewers will gain an understanding of the Top 20 Critical Controls and how they can implement the framework with their own organization.



Burkard

Lidz

Bandy

Tang

11:30am-12:30pm

How Security and the CSO Can Provide Business Value (Panel)

Moderator:
Joe Morin, Sr. Manager, Partner Enablement, Barracuda Networks
Panelists:
Joseph Burkard, Director, IT Security, Baxter International, Inc.
E. Larry Lidz, Director, Risk Management & Compliance, CNA Insurance
John Bandy, Information Services Security Officer, Memorial Health System
Randy Oppenborn, Director Information Security, DeVry
Oliver Tang, IT Compliance and Risk Manager, Ace Hardware Corporation
and other CISOs/Security Directors from Enterprise IT Departments

In this session, attendees will learn from a panel of IT security executives as to the strategies they are leveraging to insure their efforts are in sync with business priorities.

Topics covered:

  • How to identify leverage the following areas of value: reputation, regulation, revenue, resilience, and recession for continued investment and security spending
  • How to assess, understand and define security’s current and future roles in the extended enterprise
  • Where are security investments being made on personnel, processes, and technologies
  • What does security need to specifically achieve for the enterprise in terms of protecting current business processes and enhancing future revenue grow



12:30pm - 1:30pm Luncheon

Jonkman

1:30pm-2:30pm

Threat Intelligence: How to Reduce the Business Risk By Understanding New Threats

Matt Jonkman, CTO, Emerging Threats

It is important that the IT security professional understand the network tactics and general behavior of malware as well as the risks associated. Understanding and identifying these threats can challenge even the most experienced IT security professional.

Developing and implementing a strategic, comprehensive IT security plan is critically important to help mitigate these risks to not only effectively protect the network, but the reputation of the organization as well. However, even the most secure organizations can easily fall victim to a malicious attack without the proper threat intelligence.

In this presentation, Emerging Threats CTO Matt Jonkman will provide a look into threat detection and discuss some of the overlooked the indicators of a network compromised. Key elements of the presentation will include:

  • Examples of old and new malware Command and Control methods
  • What’s new with malware, as in what new we saw today
  • Identifying a malware compromise on the network
  • Best practices to prevent malware
  • Layered security
  • IDS/IPS/Firewalls
  • Threat Intelligence
  • New Open Source tools like Suricata
  • Malware prevention – what works, what doesn’t and what’s missing
  • Business risks - costs and loss of revenue along with loss of reputation (PR damage)



2:30pm - 3:00pm - Refreshment Break

Mullakrey

Miller

Syed

Devine 

Schmidt


3:00pm-4:00pm

Mobile Technology in the Enterprise: How to Manage Security Risks of BYOD (Panel)

Moderator:
Jeff Mullarkey, CEO and Co-Founder, RKON Technologies
Panelists:
Kevin Miller, Director, IT Risk Management, ULTA Inc.
Erik Devine, Chief Security Officer, Information Services, Riverside Medical Center
Asad Syed, Lead Security Architect & Technology Evangelist, OfficeMax
Nick Schmidt, Senior Manager, IT, CDW
and other CISOs/Security Directors from Enterprise IT Departments

As employees become increasingly mobile through consumer technologies, IT systems and information become more vulnerable to security risks and breaches. The major challenge becomes how to effectively manage these risks while maximizing employee productivity.

In this session, attendees will learn from a group of seasoned IT security executives as to how they are handling these challenges.



















Tamplin

Kwong

4:00pm-5:00pm

Cloud Security: How to Manage the Risk When Utilizing Cloud Computing (Panel)

Moderator:
Jason Adair, Area Director, NetIQ
Panelists:
Cliff Tamplin, VP, Information Technology and CISO, Hyatt Corporation
Fred Kwong, Senior Security Manager, U.S. Cellular
and other CISOs/Security Directors from Enterprise IT Departments

Cloud Computing is yet another disruptive technology that is promising to deliver huge benefits. But with any disruptive technology there are security and risk concerns that need to be addressed.

What questions should you be asking potential cloud providers? How should you modify your own security and risk procedures?

In this session attendees will learn how to adjust their security/risk programs to account for the following areas:

  • Abuse and Misuse of Cloud
  • Insecure APIs/Interfaces
  • Insider Threats
  • Shared Technology Issues
  • Data Loss or Leakage
  • Service & Account Hijacking
  • Unknown Risks
  • Customer information in the cloud
  • Managing Identities and authentication

Conference Price: $269.00 per person


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.