PAST EVENTS

Enterprise Risk / Security Management

 

Strategies for reducing risk to the enterprise.

 

May 27, 2021

 

9:00am-5:00pm CST; 10:00am-6:00pm EST

 

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

 

Conference location: ONLINE

      


Overview

 

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

 

With all of these challenges, how do you make this happen?

 

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.


What You Will Learn

 

In this one day conference attendees will learn:

  • Ransomware Threats and the Cost of Defense – Is XDR/EDR Actually Worth It?
  • 2021 and Beyond: Security and Risk Management Trends
  • Protecting your Data During and After a Pandemic
  • Making SOC Economics Work In Your Favor
  • CISO Perspective: How to Get Privileged Access Management Right
  • Managing Security Risk at the Speed of Business (Panel discussion)

 

Conference Price: $0.00 per person

 

Attendance is limited to enterprise IT executives, management and staff in companies with at least 25 employees. Registrants cannot be sales/marketing/business development professionals, nor executives, of companies that provide IT products or services to enterprises.

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.



9:00am-10:00am: Ransomware Threats and the Cost of Defense – Is XDR/EDR Actually Worth It?

 

Bruce Hembree, Cortex Field CTO, Palo Alto Networks

 

Join us as we discuss the average street prices of EDR and XDR defensive systems vs the actual ransom amounts we have seen demanded by threat actors in the wild. Then you can make the call on if it makes sense for your enterprise.

 


Hembree


10:00am -10:30am: Networking Break


10:30am-11:30am: Attendee Networking Breakout Sessions

 

Best Practices for Justifying Your Security Investments

  • Are there methodologies you are using?
  • How do you prioritize your investments?
  • How do we determine ROI?
  • Is there an ROI?
  • How do we partner with the business?
  • What is the risk of not doing something?

 

Building Strong Cyber Security Teams- Skills Needed; Learned or Taught?

  • How do we train our next generation of leaders?
  • How do we hire in the current environment?
  • How do we fend off our teams from being recruited away?
  • How do we retain talent?
  • What skills should we focus on?

 

How are You Planning for Return for Work?

  • Is there a timeframe?
  • How are you going to refine your policies and procedures?
  • What areas will you need to strengthen?
  • How does this impact Vendor Risk Management?

 

How IT Security Can Best Partner with the Business?

  • Should IT Lead the Charge? Should the Business?
  • How do your articulate IT Security in terms the business will appreciate?
  • How do show the value IT security is providing beyond security?
  • How can IT Security protect the business without inhibiting growth?

 

Strategies Governance, Security & Cloud

  • How do you plan for governance in the cloud?
  • What are best practices for securing applications and data in the cloud?
  • How does vendor risk management factor into this?
  • How do you partner with the business?
  • How do you make business counterparts aware of their responsibilities?

 

 


11:30am-12:30pm: Disaster Recovery as Part of Your Security Plans

 

Chad Stanfield, Practice Director of Modern Datacenter, Redapt

 

When a security disaster strikes, what’s your course of action? How will you notify your staff? How will you keep your lights on to ensure revenue doesn’t plummet far and fast?

 

Disaster recovery has become an even more critical part of security with the recent popularity of ransomware. For network administrators, a disaster recovery plan is essential.

 

Without a disaster recovery plan, organizations usually never recover from a disaster.

 

In this session, we’ll cover:

  • Security threats and the rise of data protection needs
  • Evaluating your data protection capabilities
  • Developing a data protection strategy
  • Getting started on your data protection plan

 


Stanfield


12:30pm – 1:30pm Lunch Break


1:30pm-2:30pm: Making SOC Economics Work In Your Favor

 

Gal Shafir, Global Director of Engineering, Siemplify

 

No matter the size or industry, company leaders recognize that minimizing external threats are of paramount importance. As a result, companies value their SOCs and consider them critical to their cybersecurity strategy, however, it is not always easy to quantify the ROI of these investments. In this session you will not only learn how to capture the ROI, but to improve it as well.

1. Understand the 1-10-60 rule and why it matters and how to measure against it
2. You will learn what is impacting overall ROI
3. Actionable tactics you can take to improve ROI
4. ROI isn’t only about money, but other factors impact the bottom line

 


Shafir


2:30pm – 3:00pm: Networking Break


3:00pm-4:00pm: CISO Perspective: How to Get Privileged Access Management Right

 

Moderator:
Christopher Hills, Deputy CTO, BeyondTrust
Panelists:
Brian Schrock, Information Security Officer/VP, CISSP / CISM, Premier Bank
Billy Heiser, Manager IT Security, The Lincoln Electric Company
Ken M. Shaurette, Director InfoSec and Audit, FIPCO
and other CISOs and IT Security Executives sharing strategies, tactics and lessons learned

 

Areas that will be covered include:

 

When you think of PAM as part of your security program, what does that mean to you and your organization?

 

How do you feel PAM has evolved over the last several decades, and why do you think PAM is important now?

 

We break PAM into 3 primary pillars, Privileged Password and Session Management, Endpoint Privileged Management, and Secure Remote Access. What is important to consider with:

 

• Privileged Password and Session Management
• Endpoint Privilege Management
• Secure Remote Access

 

As organization embrace remote working, what is important in regard to endpoint security, and why is it important to ensure you have complete endpoint security in place?

 

Is the traditional approach to endpoint security enough, aka Antivirus or NGAV?

 

How do you handle 3rd Party and Vendor access into your organization? Is it appropriate to still use technologies like VPN, have you considered some of the security implications for 3rd party and vendor access using VPN’s?

 

What are some parting thoughts for those that are new to PAM or just starting their journey with PAM?

 


Heiser


4:00pm-5:00pm:  Managing Security Risk at the Speed of Business (Panel discussion)

 

Moderator:
Annur Sumar, CTO, Maetech
Panelists:
Jonathan Kimmitt, CISO, University of Tulsa
Patrick Kinard, Sr. Enterprise Server Operations Manager, Chicago Public Schools
Mark Kaplan, Former Director of Technology, Barbri
and other enterprise CISOs and IT Security Executives sharing strategies, tactics and lessons learned

 

As a valued partner to the business, CISOs need to lead with business first execution.

 

In this session, attendees will learn from CISOs/Security Executives as to how they are:

  • Leading a business first mentality
  • Looking at every security risk decision through the lens of business impact
  • How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on exposure to business compromise and impact
  • Understand what Cloud/DevOps/Digital mean for your risk management program

 

             
Kimmitt     Kinard       Kaplan           Sumar


Conference Price: $0.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

 

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the breaks, you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.


CONFERENCE CO-SPONSORS