Enterprise Risk / Security Management: Chicago
Strategies for reducing risk to the enterprise.
May 31, 2018
9:00am-5:00pm
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
Overview
In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.
With all of these challenges, how do you make this happen?
In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.
What You Will Learn
In this one day conference attendees will learn:
Conference Program
8:00am – 9:00am: Registration and Continental Breakfast
9:00am-9:50am: AI: The Good, the Bad, and Reality
Paul Mazzucco, Chief Security Officer, TierPoint
TierPoint’s Paul Mazzucco discusses:
Mazzucco
9:50am -10:20am: Refreshment Break
10:20am-11:10am: Black Swans and White Rabbits—Threat Modeling Tools for Security Leaders
Rafal Los, VP, Solution Strategy, Armor
Enterprise security leaders struggle with budgeting even when they aren’t short on capital. Staffing, tools, services, and training are just some of the things on your budget to avoid the worst day of your security career. Except, at some point, we know that day will likely come. The secret to surviving that worst-case scenario is to build a healthy enterprise security program – which of course starts with a healthy budget, supported by a realistic threat model aligned to your business. Drawn from hundreds of CISOs and security leaders over the years, the speaker will provide effective knowledge one can leverage right away.
Attendees will learn:
Los
11:10am-12:00pm: Are you Protecting Enough, and Protecting Effectively Enough?
Robert Block, SVP Identity Strategy , SecureAuth
Today’s attackers are focused on all your mission critical applications (O365, Portals, etc) and not only has their focused increased but their tools and tactics continue to evolve.
Whether it is brute force attacking, account fraud, and / or account takeover via password reset, credentials are involved in almost every attack at some point. Are you effectively detecting anomalies and protecting access? Is it enough? Long gone are the days of securing remote access and thinking you are covered.
This discussion will focus on elements of a modern approach to solving these continually evolving challenges and how the industry must also evolve in order to be proactive and most effectively protect access.
Block
12:00pm – 12:50pm: OWASP Top 10 in Depth
Jerry Sanchez, Cloud, Security, and Technology, SoftServe
The OWASP Top 10 is a powerful awareness analysis for web application security. It represents a broad consensus about the most critical security risks to web applications. Contributors include a variety of security experts from around the world who have shared their expertise to produce the list. The presentation will cover each vulnerability in detail and mitigation strategies.
Sanchez
12:50pm – 1:50pm Luncheon
1:50pm-2:40pm: Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)
Moderator:
Jason Wankovsky, CTO & Vice President of Consulting Services, Mindsight
Panelists:
Jim Martin, Vice President of Security & Privacy, Maestro Health
Rick Gutierrez, Information Security Senior Manager, Option Care
Bob Duplessis, First VP & Information Security Officer, Old Second Bancorp
Lyn Vallow, Senior Manager, IT Risk and Compliance, US Cellular
and other enterprise CISOs and IT Security Executives sharing strategies, tactics and lessons learned
Topics that will be covered include:
Gutierrez Duplessis Vallow Wankovsky
2:40pm – 3:10pm: Refreshment Break
3:10pm-4:00pm: A Risk Adaptive Approach to Data Protection
Eric DeLisle, Senior Sales Engineer, Forcepoint
Every IT security department’s job, to protect data, has become more challenging as the security perimeter has dissolved with the adoption of cloud applications. The traditional threat-centric approach is to apply rigid policies to a dynamic environment and decide what is good or bad without context. This black and white approach results in frustrated users and overwhelmed admins. The reality is, everybody operates in the grey. Join us as we discuss a new human-centric approach to security, which considers the context of user behavior and adapts appropriately to help security teams make better decisions. We will explore how an effective data security system should cut through the noise of alerts and provide early warning signals to prevent the loss of important data.
DeLisle
4:00pm-5:00pm: Managing Security Risk at the Speed of Business (Panel discussion)
Moderator:
Annur Sumar, CTO, Maetech
Panelists:
Carlos Pero, AVP, Head of Cyber Application Security, Zurich Insurance
Paul Munsen, Director, Global Identity & Access Management, McDonald’s
Michael York, Director, Cloud Operations, Easterseals
Jody Schwartz, Director IT InfoSec & Compliance, Marsh ClearSight
and other enterprise CISOs and IT Security Executives sharing strategies, tactics and lessons learned
As a valued partner to the business, CISOs need to lead with business first execution.
In this session, attendees will learn from CISOs/Security Executives as to how they are:
Pero York Schwartz Sumar
Conference Price: $289.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Exhibits
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.