Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare), Illinois
Strategies for reducing risk to the enterprise.
October 3, 2023
9:00am-5:00pm
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
Overview
In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.
With all of these challenges, how do you make this happen?
In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.
What You Will Learn
In this one day conference attendees will learn:
- Navigating Cloud Security: Common Misconfigurations and Architectures in Public Cloud Environments
- Driving a Culture of Security Consciousness in Your Organization (Panel Discussion)
- How to Avoid the CISO Sucker Punch
- Russia’s War Against Ukraine Disrupts the Cyber Threat Landscape
- 2023 Cyber Hiring Trends, Hiring Top Talent and Retention (Panel Discussion)
- AI, CyberSecurity and the Risk to the Enterprise
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
CONFERENCE AGENDA
8:00am – 9:00am: Registration & Continental Breakfast
9:00am – 10:00am: Russia’s War Against Ukraine Disrupts the Cyber Threat Landscape
Alexander Leslie, Associate Threat Intelligence Analyst, Recorded Future
This session will explore the ways in which the cyber threat landscape has evolved over the last 18 months, in the context of Russia’s war against Ukraine. As the war enters into a period of protracted conflict, the overall security posture of an organization has to shift to address changes in cybercriminal tactics, victimology, and political motivations. This session will examine the long-term implications of mobilization, sanctions, and a protracted conflict on enterprise risk and security management.
Leslie
10:00am – 10:30am: Refreshment & Exhibit Break
10:30am – 11:30am: The New SEC Cyber Security Rule – What EVERY Company Needs to Do Now!
Jim Mirochnik, MBA, PMP, ISO 27001, CEO & Senior Partner, HALOCK Security Labs
Think of the New SEC Cyber Security Rule as Sarbanes-Oxley (SOX) for Cybersecurity.
It applies to public companies and goes into effect December 15 of 2023.
If any of your customers or vendors are publicly traded companies, it’s just a matter of time before they expect these capabilities from you, as part of their 3rd Party Security Assessments. Because of this, we will all need to comply with the major components of the SEC Cybersecurity rule.
So what are these major components and how can you build the capability to address all of them quickly?
This session will cover how you can gain the following five capabilities:
- Ensure your security program is legally defensible and compliant with the new SEC Cybersecurity Rule, published July 26, 2023.
- Define a “clear line of acceptable risk” below which you accept risks and above which you remediate. This “clear line” allows you to define your “materiality“ as required by the SEC Cyber Security rule.
- Understand the “known risk” to your organization (i.e., your risk FICO score).
- Provide the Board of Directors a roadmap for your cybersecurity program that reduces risk to an acceptable level.
- Communicate risks and justify expenditure requests in business terms.
Mirochnik
11:30am – 12:30pm: How to Avoid the CISO Sucker Punch
Josh Fazio, VP Solution Architects, SecurityScorecard
Larry Slusser, Sr. Director Cyber Risk, Resilience, & Incident Response, SecurityScorecard
As a CISO you can do things “correctly” from a cyber security perspective, and through no fault of your own your organization can still face a serious cyber attack or breach resulting in a ransomware attack, data exfiltration, or both.
With ever increasing attack surfaces, a growing population of sophisticated threat actors accessing artificial intelligence, the risks of operating in the digital environment have never been greater. Tools are no longer the only trusted solution when it comes to cyber security. In fact, the sheer number and complexity of cyber security tools currently available has become part of the problem.
SecurityScorecard Vice Presidents Josh Fazio and Larry Slusser present how you as a CISO can take measures to mitigate the many risks your company faces from its Cyber Environment, Employees, Vendors, and Zero Day Exploits to avoid the CISO SuckerPunch.
Fazio Slusser
12:30pm – 1:30pm: Lunch & Exhibit Break
1:30pm – 2:30pm: 2023 Cyber Hiring Trends, Hiring Top Talent and Retention (Panel Discussion)
In this session, attendees will learn from seasoned IT Security Leaders as to how they are handling hiring and retention in a challenging environment.
Moderated by: Dan Horwich, President & Executive Director, CAMP IT Conferences
Panelists include:
- James Mountain, Director of Information Security, Palmer College of Chiropractic
- Adam Kohnke, Information Security Manager, Charter Next Generation
- Victor Hsiang, CISO, GATX
- Michael Neuman, AVP, Security and Compliance, VelocityEHS
- Juliet DeVries, Director IT Security and Compliance, GTreasury
- Other CISOs and Information Security Executives sharing experiences and lessons learned
Horwich Mountain Kohnke Hsiang Neuman DeVries
2:30pm – 3:00pm: Refreshment & Exhibit Break
3:00pm – 4:00pm: Navigating Cloud Security: Common Misconfigurations and Architectures in Public Cloud Environments
Jeremiah Johnson, Regional Cloud Solutions Engineer, Fortinet
This presentation dives into the landscapes of cloud security, focusing on the prevalent misconfigurations that can jeopardize data integrity and user privacy in public cloud environments. We will explore industry shortcomings, shedding light on the most common pitfalls organizations encounter when managing their cloud security. Join us on this journey to enhance your understanding of cloud security and empower your organization to proactively safeguard its valuable assets in the cloud.
Johnson
4:00pm – 5:00pm: Driving a Culture of Security Consciousness in Your Organization (Panel Discussion)
The human firewall is the most frequent contributor to data breaches. Legacy approaches no longer effective. CIOs and CISOs must look beyond merely raising ‘security awareness’ and embed an overarching security culture in their organization.
In this this session CISOs and Information Security Executives will share how they continue to build and deliver an effective security behavior and culture change program.
Moderated by: Kevin Harvey, RSM, Devo
Panelists include:
- Lori Kevin, Vice President, Enterprise IT & Security, Intelligent Medical Objects
- Alex Dickson, CISO, GCM Grosvenor
- Tom Hardin, Vice President Information Security and Compliance, Project Lead The Way
- Justin Perry, Manager of IT Infrastructure, Operations and Security, TIDI Products
- Other CISOs and IT Security Leaders experiences, tactics, and lessons learned
Harvey Kevin Dickson Hardin Perry
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Exhibits
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.
CONFERENCE SPONSORS
