9:00am-10:00am
Risk Reduction: How to Avoid Being the Next Data Breach Headline
Michael Gabriel, Director Data Protection Practice, Integralis; Former CISO, Career Education Corp.
Data breaches have a huge impact on the economy. Consumers and business get hurt, shareholders lose faith and suppliers question the viability of the company they are doing business with.
How do you protect your organization so that you are not the next data breach headline in the media?
In this session, an experienced CISO, Michael Gabriel will provide you with a framework that answers the following:
• How to determine which types of data pose the most risk
• How to assess your organization’s risk of a costly data breach
• How to develop a Data Protection Program to reduce your risk
• How to get executive buy-in for your Data Protection Program
10:00am -10:30am - Refreshment Break
10:30am-11:30am
How to Establish Effective Security Policies to Reduce Security Risks
Danny Harris, Manager, Information Security Policy and Awareness, Aon
To protect and organization’s information assets, a comprehensive security policy must be designed to addresses the problems of classifying the confidential information and identifying who the users are. To effectively protect this information, a policy must ask the following questions: What information should be protected? Who is going to have access to the information?
In this session, attendees will learn effective strategies and tactics from Danny Harris, Manager of Information Security Policy and Awareness as to how he has dealt with these challenges.
11:30am-12:30pm
Strategies for Aligning Security/Risk with the Business
Panelists will include:
Sarah Buerger, CIPP/IT, Director-Information Security Governance, CNA Insurance
Joseph Burkard, Director, IT Security & Risk Management, Baxter International Inc.
Drake Cody, Manager, Risk Management, Allstate
Mark Guth, Sr. Mgr., Info. Security, Nicor Gas
and other enterprise IT risk leaders
Many organizations have a difficult time attempting to articulate the value of security in terms that business leaders can understand. Business leaders do understand risk factors, but do not necessarily understand the true ROI of security investments. To best articulate the value of security/risk management to enterprise leaders, security executives need to think about the following:
- How to assess, understand and define security’s current and future roles in the extended enterprise
- Where are security investments being made on personnel, processes, and technologies
- What does security need to specifically achieve for the enterprise in terms of protecting current business processes and enhancing future revenue growth
In this session, attendees will learn from a panel of IT security executives as to the strategies they are leveraging to insure their efforts are in sync with business priorities.
12:30pm - 1:30pm Luncheon
1:30pm-2:30pm
Consumer Technology in the Enterprise: How to Manage Security Risks while Maximizing Productivity
John Germain, CISSP, Director, Information Security Architecture, Engineering & Operations, ITT Corporation
Paul Kunas, IT Security & Governance, Exelon
and other enterprise IT risk leaders will share their experiences and lessons learned
As employees become increasingly mobile through consumer technologies, IT systems and information become more vulnerable to security risks and breaches. The major challenge becomes how to effectively manage these risks while maximizing employee productivity.
In this session, attendees will learn from a group of seasoned IT security executives as to how they are handling these challenges.
2:30pm - 3:00pm - Refreshment Break
3:00pm-4:00pm
Cloud Initiatives: How Will You Need To Adjust Your Security Risk Program?
Cloud Computing is yet another disruptive technology that is promising to deliver huge benefits. But with any disruptive technology there are security and risk concerns that need to be addressed.
In this session attendees will learn how to adjust their security/risk programs to account for the following risk:
- Abuse and Misuse of Cloud
- Insecure APIs/Interfaces
- Insider Threats
- Shared Technology Issues
- Data Loss or Leakage
- Service & Account Hijacking
- Unknown Risks
- 4:00pm-5:00pm
How to Modify Your Security Risk Program for Social Networking
Panelists will include:
David Ogbolumani, Director, Global IT Security, Kellogg Company
and other enterprise IT risk leaders
Social networking seems to be everywhere in our professional and personal lives. It even pervades our offline conversations. But with the widespread appeal comes increased security risks.
How do modify your security risk programs to encompass the threats that social networking poses?
In this session, attendees will learn:
- How to avoid the seven deadly sins of social networking security
- How to protect yourself and individuals inside your organization against identify theft
- How to set effective guidelines with your organization as to an appropriate use of social networking while not minimizing the potential business value
Conference price: $249 per person.
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Click here to register