Conferences that solve current IT challenges
Enterprise Risk - Security Management
June 19, 2008
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois
In today’s highly
regulatory environment it is essential
that you have a clear understanding of
risk across the enterprise. A risk
management framework can bring
visibility to key business and
compliance risks and enable a company to
make decisions on where to prioritize
its limited resources. It is through a
risk management framework that real
value to the business can be achieved.
With all of these challenges, how do you make this happen?
In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.
Who Should Attend:
What You Will Learn
In this one day conference attendees will learn:
- How to take control of your Risk Management Program
- How to drive Compliance issues instead of letting them drive you
- How to leverage the core disciplines of Risk Management to design an effective framework
- How to leverage Your Risk Management Program to reduce cost and risk through effective Prioritization and Processes
- The convergence of various risk and compliance topics in the context of enterprise risk management
- How to measure the success of your risk management approach through quantitative metrics
- How to measure the dollar value of Security & Risk Management
- How to articulate the value of Security & Risk Management in terms line executives can understand
- Best practices for managing compliance, security, disaster recovery and high availability
- How global governance and risk management trends are affecting corporate enterprises
8:00am - 9:00am - Registration and Continental Breakfast
How to Adopt a Comprehensive IT Governance, Risk Management and Compliance Approach (IT GRC)
Andy Reeder, CISSP, CISA, Director, HIPAA Privacy and Security, Rush University Medical Center
In the past IT Governance, Risk Management and
Compliance have existed in different silos.
Currently, many IT leaders view these areas as
having commonalities and interdependencies. By
having a unified approach IT leaders can
increase efficiencies, decrease costs and lessen
In this session attendees will learn:
- How to design an effective BI/PM framework
- How to make insightful decisions about significant changes in the business and markets
- How to develop and implement an effective BI Competency Center
- How to transform coarse data into actionable intelligence
- How to leverage BI to drive the decisions necessary for the recovery
- How to calculate baseline metrics for business intelligence
- How other IT organizations are helping to make business decisions for the extended enterprise
- How to make processes more agile with BI
10:00am -10:30am - Refreshment Break
How to Design and Improve a Holistic IT Risk/Security Management Plan
Joseph Agnew, CISSP, Vice President, Chief Information Security Officer, Follett Corporation
An effective risk management program takes into
account the needs of the extended enterprise in
addition to IT. Technology is involved, but
before any purchase decisions are made it is
imperative that your organization has policies
in place that will lay the foundation for your
In this session attendees will learn how to:
- Select IT Risk Assessment Methods
- Perform and IT Risk analysis
- Implement Policies and Procedures
- Involve Risk in Your Governance Framework
- Involve Compliance, Security, Disaster Recovery and High Availability in Your Risk Management Plan
How to Get Executive Buy-In for Your Risk/Security Management Program (panel discussion)
Moderator: Scott Allen, Security & Compliance Consultant, Laurus
Ken Watson, Director IT Risk Management, USG Corporation,
Adam Hansen, Director of Security, Sonnenschein, Nath & Rosenthal
Tim Burke, Information Security Manager, QBE The Americas,
Min Ju, Enterprise Security Architect, Symantec,
and other enterprise IT professionals
Since an effective Risk Management Plan is
holistic in nature and affects many different
areas of the company, there are therefore many
different stakeholders that will be involved.
Given all of the variables, what successful strategies should you use to obtain buy-in from other executives, stakeholders and business units?
In this session attendees will learn how to involve the following areas for purposes of getting buy-in and lessening risk to the enterprise:
12:30pm - 1:30pm Luncheon
How to Identify Which Technologies Can Best Support Your Risk/Security Policies
Michael Gabriel, CISSP, CISA, Corporate Information Security Officer, Career Education Corporation
After you determine your policies that will be
the foundation of your risk management program
you can then focus on the technologies that will
effectively support your program.
In this session, you will learn the pros and cons of the various technologies and which mix would be best for your organization. Topics for discussion will include:
- Identity and access management
- Security information and event management
- Configuration auditing.
- Content monitoring.
- Database activity monitoring.
- IT governance risk and compliance.
2:30pm - 3:00pm - Refreshment Break
Building and Managing Information Security Frameworks on ISO 27001/27002
Evan Tegethoff , CISSP, ISO 27001 Certified Lead Auditor Director of Compliance Services, Accuvant
Discover how organizations are building and
managing information security frameworks based
upon standards such as ISO 27001/ 27002, to more
effectively manage enterprise risk. This session
will focus onbuilding a long term, self
sustaining, pain free compliance strategy that
manages and mitigates enterprise risk.
Topics that will be covered include:
- What common frameworks are being deployed to leading security organizations?
- Overview of ISO 27001/27002 (17799)
- Understanding common compliance requirements and mapping them to a security framework and control sets
- Creating compliance metrics that measure the effectiveness and efficiency of an organization
- Adapting automated and preventive controls
- Strategies for intelligently assessing, monitoring, correlating, and reporting on all aspects of enterprise compliance and risk
How to Measure the Success of Your IT Risk Management Program through Metrics
Danny Harris, Manager of Information Security Policy and Awareness, The Aon Corporation
In this discussion, a seasoned IT Risk
professional will share his experiences on how
he has proven the success of his company's risk
management program through implementing metrics.
Topics that will be covered from both a strategic and tactical metrics perspective include:
- Asset and impact classification
- Vulnerabilities and threats
- Relationship between assets, vulnerabilities, network threats and controls
- Risk calculation factors
Conference price: $249 per person.
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
As is always the case at CAMP IT Conferences events, the talks will not include
product presentations. During the continental breakfast,
coffee breaks, and the luncheon break you will have the opportunity
to informally meet representatives from the following sponsoring
companies, who have solutions in the area of the conference.