NA ISRM / IT GRC Megatrends and Spotlight Educational Sessions 



Wednesday, 14 November 2012 2:15PM – 3:15PM

McAfee Best Practices for Secure Access to Cloud Apps
Presenter: Vikas Jain, Director, Product Management, Mcafee, Inc.

After completing this session, you will be able to:

  • How to reduce risk of access to cloud applications from both on-premises and mobile devices
  • Understand the various categories of strong authentication that can be employed, ranging from on-chip protection to soft token and biometrics, as well as their strengths and challenges
  • Learn emerging opportunities to leverage enterprise-quality tools, such as security incident and event management or data loss prevention tools, with cloud application security systems

Friday, 16 November 2012 8:30AM – 9:30AM

Oracle Gone in 60 Seconds: Mitigating Database Security Risk
Presenter: Roxana Bradescu, Director of Product Management, Database Security, Oracle

After completing this session, you will be able to:

  • Learn how attacks lasting less than a minute have resulted in over 1B stolen records
  • Understand how to avoid 97% of data breaches through the use of basic controls
  • Reduce data security risks by adopting a defense-in-depth strategy
  • Identify basic controls to secure data at the source—the database

Oracle Lunch & Learn Session

Thursday, 15 November 2012 11:45AM – 1:00PM

Oracle Trends in Identity Management
Presenter: Mike Neuenschwander, Senior Product Development Director, Oracle Identity Management

Abstract: As enterprises embrace mobile and social applications, security and audit have moved into the foreground. The way we work and connect with our customers is changing dramatically, and this means re-thinking how we secure the interaction and enable the experience. Work is an activity not a place - mobile access enables employees to work from any device anywhere and anytime. Organizations are utilizing "flash teams"—instead of a dedicated group to solve problems, organizations utilize more cross-functional teams. Work is now social—email collaboration will be replaced by dynamic social media style interaction. In this session, we will examine these three secular trends, and discuss how organizations can secure the work experience and adapt audit controls to address the "new work order".

Spotlight Educational Sessions

Wednesday, 14 November 2012 5:15PM – 5:45PM

C&F AdaptiveGRC Creating a Flexible, Interconnected, Comprehensive IT GRC Framework to Drive Increases in Compliance Productivity
Presenter: Malcolm Lord, US Product Lead & Raef Meeuwisse, Functional Architect, C&F AdaptiveGRC™

Many companies seem to wait until they receive a penalty to ensure they have TRULY effective compliance management processes and tools in place. When a compliance failure leads to a company being fined, or worse, an Executive going to prison, your organization will be looking for someone to blame. You need to be able to DEMONSTRATE that you have worked wonders with the budget you have, and that you have managed things better than most could. Come hear how you can become a hero in your organization – Reports at the touch of a button, holistic or by regulation, region, department, you name it – More effective compliance management – Far less time spent on administrative tasks. We want to show you how evolutionary change done right will get you there – Stay Ahead, Way Ahead.

Modulo Integrated Risk Management: Providing an actionable view of IT and Operational Risk to the C-Suite
Presenters: Arti Raman, VP Int. Marketing and NA Sales & Portia Mills, Pre-Sales Engineer, Modulo Security, LLC

In this 30 minute session, Modulo will provide a step by step on how IT and Operational Risk Managers can conduct Risk Assessment using a standardized methodology and against a integrated set of controls. We will then provide insight into how results from different assessments can be pulled together, rationalized against the asset base, correlated with the business processes/departments they support, and presented in the form of actionable dashboards for the CISO. We will also discuss how these dashboards can go across other enterprise and BI systems to produce reports that demonstrate to the CIO/CFO/CRO, where IT Risk fits in with the rest of the overall business. We will include information on how such an integrated approach can include mobile devices and social media as both a data source as well as a source of risk.

Vormetric Data Security and Compliance in an Evolving Data Center
Presenter: Derek Tumulak, VP Product Management, Vormetric

The increased adoption of new and disruptive technologies is allowing data to flow more freely across physical, virtual, and cloud infrastructures. This is generating new data security challenges and increasing the risks of data breaches. This presentation will cover technologies and best practices that are required to keep pace with the emerging threats and regulatory requirements in this new enterprise IT environment. He will also provide real-world examples on how leading organizations are addressing 21st century data security challenges using encryption, key management, and access policies.

Wednesday, 14 November 2012 6:00PM – 6:30PM

Courion Corporation Putting “Risk Management” in GRC
Presenter: Chris Sullivan, VP of Product Planning, Courion Corporation

Companies are spending millions of dollars on Identity and Access Governance portfolios trying to lock things down, but actual breaches have been increasing exponentially for the last 3 years. Undeniably, these systems are insufficient.
What’s needed is Identity Management and Access Governance strategies that add automated intelligence and risk management in order to:

  • Drive an efficient and effective set of preventative and protective controls
  • Prevent data breaches
  • Detect and settle threats as they occur

Measuring the Maturity of your Information Security Program. Impossible?
Presenter: Mark Carney, CRISC, Vice President of Strategic Services, Fishnet Security

A discussion that will explore information security program maturity models. This session will cover the benefits of these models how they are leveraged by CISOs. The session will take a closer look into one information security program maturity model and describe its model approach, structure, maturity categories, voting process, and executive dashboard reporting, along with providing a few comparisons to this model with other information security program maturity models available in the market today.

Qualys Automating IT Data Collection And Compliance For GRCM Controls
Presenter: Jason Creech, Director of Compliance Solutions, Qualys Inc.

Governance, Risk and Compliance Management solutions offer a platform to control risks that might adversely affect realization of an organization's business objectives. GRCM cover a broad range of risks typically entailing financial, information technology, and legal issues. The crucial value of GRCM is in controlling legal and regulatory compliance risks, for these can trigger substantial penalties and even threaten viability of a business. Control data is usually collected manually via questionnaires. The problem is that manually collecting detailed configuration data for thousands of IT assets in scope is impractical, and prevents maintaining an accurate asset repository and conformance with policy.

This presentation explains how companies can automate the "C" in GRCM by automatically scanning all IT assets, collecting operating system configuration and application access controls, mapping these to IT policy, and documenting compliance.

Thursday, 15 November 2012 5:15PM – 5:45PM

Optimize Your Data Loss Prevention Investment for Bottom Line Results
Presenter: Robert Eggebrecht, President, CEO, BEW Global

If pre-packaged, one size fits all data loss prevention (DLP) sounds too good to be true, it probably is. DLP applications that are deployed and then ignored don’t optimize your investment and create more work for your internal team. At BEW Global we call this the ‘drive-by DLP sale’, which we are often brought in to clean up after. To be effective, DLP solutions must be tailored to your business policies and processes, and continually monitored and tweaked based on your evolving business environment. Join BEW Global President & CEO, Robert Eggebrecht to learn how to continually improve your DLP system to reduce risk and improve operational efficiencies. BEW Global has deployed 400+ DLP projects and will share their experience in successful DLP program design and best practices including application management, policy governance, incident triage, event management and business analytics.

Alert Enterprise IT- OT Convergence Delivers True Security for Critical Infrastructure Protection
Presenter: Pan Kamal, Vice President, Marketing, Alert Enterprise, Inc.

Safeguarding our Critical Infrastructure and Key Resources is becoming a larger challenge as Stuxnet has opened the proverbial Pandora’s box. Managing security in the silos of IT and OT (Operational Technology) will not suffice to protect Utilities, Oil & Gas, Chemicals and Pharmaceutical Installations dependent on SCADA and Industrial Control Systems. Learn how security convergence technologies are bridging the gap and delivering true prevention of fraud, theft and malicious threats, including insider threat. AlertEnterprise utilizes a proactive approach to secure critical enterprises while simultaneously responding to real or perceived threats in real-time through Situational Intelligence and Incident Management and Response. AlertEnterprise solutions deliver true security by providing compliance automation for various standards across the utility, oil and gas, pharmaceutical/healthcare, airport and other industries.

Hitachi ID Systems Addressing the Risks of Privileged Accounts on a Global Enterprise Scale
Presenter: Bruce MacDonald, Senior IAM Solutions Architect, Hitachi ID Systems, Inc.

Large organizations have thousands of IT assets, each with at least one privileged account. These accounts are shared by IT staff, Windows services and applications which make them especially difficult to secure and audit. At the same time, privileged accounts represent a much higher business risk than regular user logins.

There are several commercial solutions available to secure access to privileged accounts which address control and audit requirements. These products create new types of risk: simultaneous compromise of every system and massive disruption to administrative access.

This session will discuss how to secure privileged accounts, how to scale up a solution and how to mitigate new risks introduced by centralizing trust in an enterprise credential vault. It will also touch on areas of active research in privileged access management.