Spotlight Educational Sessions
Wednesday, 14 November 2012 5:15PM – 5:45PM
Creating a Flexible, Interconnected, Comprehensive IT GRC Framework to Drive Increases in Compliance Productivity
Presenter: Malcolm Lord, US Product Lead & Raef Meeuwisse, Functional Architect, C&F AdaptiveGRC™
Many companies seem to wait until they receive a penalty to ensure they have TRULY effective compliance management processes and tools in place. When a compliance failure leads to a company being fined, or worse, an Executive going to prison, your organization will be looking for someone to blame. You need to be able to DEMONSTRATE that you have worked wonders with the budget you have, and that you have managed things better than most could. Come hear how you can become a hero in your organization – Reports at the touch of a button, holistic or by regulation, region, department, you name it – More effective compliance management – Far less time spent on administrative tasks. We want to show you how evolutionary change done right will get you there – Stay Ahead, Way Ahead.
Integrated Risk Management: Providing an actionable view of IT and Operational Risk to the C-Suite
Presenters: Arti Raman, VP Int. Marketing and NA Sales & Portia Mills, Pre-Sales Engineer, Modulo Security, LLC
In this 30 minute session, Modulo will provide a step by step on how IT and Operational Risk Managers can conduct Risk Assessment using a standardized methodology and against a integrated set of controls. We will then provide insight into how results from different assessments can be pulled together, rationalized against the asset base, correlated with the business processes/departments they support, and presented in the form of actionable dashboards for the CISO. We will also discuss how these dashboards can go across other enterprise and BI systems to produce reports that demonstrate to the CIO/CFO/CRO, where IT Risk fits in with the rest of the overall business. We will include information on how such an integrated approach can include mobile devices and social media as both a data source as well as a source of risk.
Data Security and Compliance in an Evolving Data Center
Presenter: Derek Tumulak, VP Product Management, Vormetric
The increased adoption of new and disruptive technologies is allowing data to flow more freely across physical, virtual, and cloud infrastructures. This is generating new data security challenges and increasing the risks of data breaches. This presentation will cover technologies and best practices that are required to keep pace with the emerging threats and regulatory requirements in this new enterprise IT environment. He will also provide real-world examples on how leading organizations are addressing 21st century data security challenges using encryption, key management, and access policies.
Wednesday, 14 November 2012 6:00PM – 6:30PM
Putting “Risk Management” in GRC
Presenter: Chris Sullivan, VP of Product Planning, Courion Corporation
Companies are spending millions of dollars on Identity and Access Governance portfolios trying to lock things down, but actual breaches have been increasing exponentially for the last 3 years. Undeniably, these systems are insufficient.
What’s needed is Identity Management and Access Governance strategies that add automated intelligence and risk management in order to:
- Drive an efficient and effective set of preventative and protective controls
- Prevent data breaches
- Detect and settle threats as they occur
Measuring the Maturity of your Information Security Program. Impossible?
Presenter: Mark Carney, CRISC, Vice President of Strategic Services, Fishnet Security
A discussion that will explore information security program maturity models. This session will cover the benefits of these models how they are leveraged by CISOs. The session will take a closer look into one information security program maturity model and describe its model approach, structure, maturity categories, voting process, and executive dashboard reporting, along with providing a few comparisons to this model with other information security program maturity models available in the market today.
Automating IT Data Collection And Compliance For GRCM Controls
Presenter: Jason Creech, Director of Compliance Solutions, Qualys Inc.
Governance, Risk and Compliance Management solutions offer a platform to control risks that might adversely affect realization of an organization's business objectives. GRCM cover a broad range of risks typically entailing financial, information technology, and legal issues. The crucial value of GRCM is in controlling legal and regulatory compliance risks, for these can trigger substantial penalties and even threaten viability of a business. Control data is usually collected manually via questionnaires. The problem is that manually collecting detailed configuration data for thousands of IT assets in scope is impractical, and prevents maintaining an accurate asset repository and conformance with policy.
This presentation explains how companies can automate the "C" in GRCM by automatically scanning all IT assets, collecting operating system configuration and application access controls, mapping these to IT policy, and documenting compliance.
Thursday, 15 November 2012 5:15PM – 5:45PM
Optimize Your Data Loss Prevention Investment for Bottom Line Results
Presenter: Robert Eggebrecht, President, CEO, BEW Global
If pre-packaged, one size fits all data loss prevention (DLP) sounds too good to be true, it probably is. DLP applications that are deployed and then ignored don’t optimize your investment and create more work for your internal team. At BEW Global we call this the ‘drive-by DLP sale’, which we are often brought in to clean up after. To be effective, DLP solutions must be tailored to your business policies and processes, and continually monitored and tweaked based on your evolving business environment. Join BEW Global President & CEO, Robert Eggebrecht to learn how to continually improve your DLP system to reduce risk and improve operational efficiencies. BEW Global has deployed 400+ DLP projects and will share their experience in successful DLP program design and best practices including application management, policy governance, incident triage, event management and business analytics.
IT- OT Convergence Delivers True Security for Critical Infrastructure Protection
Presenter: Pan Kamal, Vice President, Marketing, Alert Enterprise, Inc.
Safeguarding our Critical Infrastructure and Key Resources is becoming a larger challenge as Stuxnet has opened the proverbial Pandora’s box. Managing security in the silos of IT and OT (Operational Technology) will not suffice to protect Utilities, Oil & Gas, Chemicals and Pharmaceutical Installations dependent on SCADA and Industrial Control Systems. Learn how security convergence technologies are bridging the gap and delivering true prevention of fraud, theft and malicious threats, including insider threat. AlertEnterprise utilizes a proactive approach to secure critical enterprises while simultaneously responding to real or perceived threats in real-time through Situational Intelligence and Incident Management and Response. AlertEnterprise solutions deliver true security by providing compliance automation for various standards across the utility, oil and gas, pharmaceutical/healthcare, airport and other industries.
Addressing the Risks of Privileged Accounts on a Global Enterprise Scale
Presenter: Bruce MacDonald, Senior IAM Solutions Architect, Hitachi ID Systems, Inc.
Large organizations have thousands of IT assets, each with at least one privileged account. These accounts are shared by IT staff, Windows services and applications which make them especially difficult to secure and audit. At the same time, privileged accounts represent a much higher business risk than regular user logins.
There are several commercial solutions available to secure access to privileged accounts which address control and audit requirements. These products create new types of risk: simultaneous compromise of every system and massive disruption to administrative access.
This session will discuss how to secure privileged accounts, how to scale up a solution and how to mitigate new risks introduced by centralizing trust in an enterprise credential vault. It will also touch on areas of active research in privileged access management.