Conferences that solve current IT challenges
Enterprise Risk / Security Management - Governance / Risk / Compliance
Strategies to help protect and recover your organization's most critical data
June 10, 2010
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois
In today’s highly regulatory environment
it is essential that you have a clear
understanding of risk across the
enterprise. A risk management framework
can bring visibility to key business and
compliance risks and enable a company to
make decisions on where to prioritize
its limited resources. It is through a
risk management framework that real
value to the business can be achieved.
With all of these challenges, how do you make this happen?
In this one day conference, attendees will be provided with examples of approaches to managing data leakage, loss and prevention through risk management best practices.
What You Will Learn
In this one day conference attendees will learn:
- In this one day conference attendees will learn:
- Security Patterns: How to Make Security Architecture Easy to Consume
- Risk Reduction: How to Use Tokenization to Reduce the Risk of Data Theft
- Information Security Metrics…. (So Folks Outside of IT Understand & Care)
- Ad-Hoc Communications: How to Reduce the Risk
- How IT Security Organizations are Protecting Customer Data
- Mitigating Insider Threats: Effective Strategies for Preventing Data Leakage
8:00am - 9:00am - Registration and Continental Breakfast
Security Patterns: How to Make Security Architecture Easy to Consume
Jeff Johnson, Enterprise Security Architect, ING
A security pattern is a well thought out solution to a recurring information security and risk problem. In this session, an experienced Enterprise Security Architect will share his strategies and tactics for success with security patterns and how it can help your enterprise.
Attendees will learn how to:
- Design security patterns that aligned to your organization’s needs
- Develop a security pattern framework
- Make security easy to consume by developing security patterns that can be reused across the organization
- Apply security patterns to data loss issues
- Articulate to management the value the patterns have provided and the issues they have solved
10:00am -10:30am - Refreshment Break
Risk Reduction: How to Use Tokenization to Reduce the Risk of Data Theft
Gary Palgon, VP of Product Management, nuBridges
The risk of data theft remains high despite the
best efforts of IT security officers. As
organizations lock down sensitive and
confidential data in one area, cybercriminals go
after it in another. There is also the very real
risk of internal theft or accidental loss.
To meet the more rigorous security challenges posed by protecting diverse types of information, a new data security model is beginning to gain traction – tokenization. Tokenization provides two distinct benefits that build on solid strong-encryption practices. First, it reduces the number of instances of sensitive data in an organization, and second, it reduces the scope of a PCI DSS audit.
Information Security Metrics…. (So Folks Outside of IT Understand & Care)
Adam Hansen, Director, Information Security, Sonnenschein, Nath and Rosenthal
The old adage holds –if you can’t measure it, you can’t manage it. But the concept of measuring risk, especially in information security risk, seems to be like opening pandora’s box resulting in a steady stream of “this is no longer relevant”, “what does that mean”, “how does this impact me” or worse yet, silence. During this session, we will discuss the concept of using metrics to not only measure and communicate the state of information security, but to do so in terminology most relevant to your constituents. This session will conclude with a review of several metrics/models that have proven successful over time and examples of how metrics can actually bolster funding and executive sponsorship.
12:30pm - 1:30pm Luncheon
Ad-Hoc Communications: How to Reduce the Risk
Bob Janacek, CTO, DataMotion
In today’s dynamic business environment
achieving compliance and gaining visibility to
all of your organization’s sensitive
communications can be a daunting task. Whether
it’s basic privacy, data security threats or
meeting regulatory compliance requirements as
mandated by HIPAA, GLBA, PCI DSS, FERPA, PIPEDA
or the UK Data Protection Act, IT managers need
to protect their company’s data and reputation.
Even the smallest compliance-related infractions
can mean a damaged reputation, extensive audits,
expensive financial penalties and litigation.
You already have consistent, secure and well
defined processes for your structured data
exchanges. But what about those ad-hoc, one-off
How secure are they? And as you attempt to secure these exchanges, do they support the dynamic nature of today’s business or impede it?
This presentation explores the issues with ad-hoc communications, the security concerns of traditional solutions and ensuring those solutions meet your compliance and governance needs.
- Why ad-hoc communications are difficult to deal with from an IT perspective
- What are traditional solutions
- Why should you be concerned from a security perspective
- What can you do to ensure your exchanges are protected
2:30pm - 3:00pm - Refreshment Break
How IT Security Organizations are Protecting Customer Data
Moderator: Yinal Ozkan, Principal Architect,
Panelists will include:
Marc Varner, Sr. Director, Global Information Security, McDonald's Corporation
Leilani Lauger, Information Security Officer, Loyola University of Chicago and other
Steven Young, MBA, IEM., IS Security Officer, IS Division, Rush University Medical Center
Michael Rodriguez, Chief Technology Security Officer, Western Illinois University
and other CISOs and Security Directors sharing experiences and lessons learned
Customer data is the lifeblood of every
business. Given the current climate, protection
of this data takes on an even greater importance
than ever before. As organizations are preparing
for the economic recovery, what should they be
In this session attendees will learn from a panel of enterprise IT security and risk professionals.
Topics that will be covered include:
- Market dynamics
- PCI and other regulatory drivers
- The risks of non-compliance
- How companies are protecting databases and applications
Mitigating Insider Threats: Effective Strategies for Preventing Data Leakage
Moderator: Greg Ross, Principal Consultant, Data
Loss Prevention Services, CA
Steve Sullivan, Director, IT & Information Security Officer, Central DuPage Hospital
Scott Tompkins, Director, Information Security, Williams Lea
John Nootens, Director, Networking, American Medical Association
Fred Kwong, Security and Technology Lead, Zurich/CSC
and other professionals from IT departments
Data leakage can take many forms, and the
reality is that it can be much more dangerous to
an organization’s well being than the phrase
implies. Many times it is unintentional, but, it
is often the result of those who are trusted on
the inside that for whatever reason may have
something to gain by the loss or disposal of
company sensitive information.
How do you protect your confidential information? How do you protect your organization’s reputation?
In this session attendees will learn from a panel of senior enterprise IT professionals as to how they are working through the challenges of mitigating insiders threats and preventing data leakage.
Conference price: $249 per person.
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
As is always the case at CAMP IT Conferences events, the talks will not include
product presentations. During the continental breakfast,
coffee breaks, and the luncheon break you will have the opportunity
to informally meet representatives from the following sponsoring
companies, who have solutions in the area of the conference.