Feedback from Attendees

Upcoming Events

May 31, 2012
Desktop Virtualization Strategies
Info

June 14, 2012
Business Intelligence - Big Data & Analytics Strategies
Info

June 21, 2012
Enterprise IT Risk/Security Management
Info

July 12, 2012
IT Infrastructure, Operations & Management
Info

Sep 6, 2012
Disaster Recovery/Business Continuity - Resilient Infrastructure
Info

Sep 24, 2012
Cloud Computing Strategies
Info

Oct 9-10, 2012
IT Portfolio Management
Info

Oct 18, 2012
Enterprise Mobility Strategies
Info

Oct 25, 2012
Desktop Virtualization Strategies
Info

Nov 6, 2012
IT Leadership Strategies
Info

Nov 29, 2012
Disaster Recovery/Business Continuity - Data Protection
Info

Dec 13, 2012
BI/Big Data/Analytics
Info

(Click here to add any of our upcoming events to your calendar)

Conferences that solve current IT challenges

Enterprise IT Risk / Security Management

Strategies for adopting a comprehensive IT GRC (Governance/Risk Management/Compliance) approach to managing information adhering to business needs

March 1, 2012

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Bio

Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

• Understanding Threats in Order to Protect Your Business – Insight from the Trenches

• How to Design an Effective Risk Assessment

• How to Build a Solid Foundation for ITRM : Bridging the Gulf Between Technology Geek-Speak & Business communication

• How to Manage the Risk of Application Security

• Cloud Initiatives: How Will You Need To Adjust Your Security Risk Program?

• Mobile Technology in the Enterprise: How to Manage Security Risks of BYOD

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

9:00am-10:00am

Understanding Threats in Order to Protect Your Business – Insight from the Trenches

Colin Sheppard, Director of Incident Response, SpiderLabs, Trustwave

Did you know that the most common password used by businesses worldwide is “Password1”? Hackers know.
Did you know that anti-virus catches less than 12% of all malware? Targeted malware creators know.

Based on the Trustwave 2012 Global Security Report, the presentation will feature analysis and trends from over 16 billion emails, data from more than 300 investigations and 2,000 penetration tests conducted by Trustwave SpiderLabs for organizations around the world.

This presentation will give you insight to the most common vulnerabilities, trends in attacks, as well as recommendations on how you can protect your organization's business assets.

10:00am -10:30am - Refreshment Break

Cronin

10:30am-11:30am

How to Design an Effective Risk Assessment

Chris Cronin, Governance & Strategy Consultant, ISO 27001 Auditor, HALOCK Security Labs

Risk Assessments are now required by laws, regulations and standards (such as PCI DSS 2.0, HIPAA, CMR 17.00 and many others).
Many options exist in pursuing completion of a risk assessment and implementation of a risk management framework. In this session attendees will learn specifics of an asset-based Risk Assessment and identify how it can:

• Maximize effectiveness of IT Security spend
• Reduce or eliminate ad-hoc security and risk decisions being made out in the field
• Align Executive Management, IT Management, and IT Staff with common security goals and objectives
• Meet PCI DSS v2.0, section 12.1.2 compliance
• Meet HIPAA & CMR 17 risk assessment needs
• Provide the foundation for the PLAN Phase of an ISMS base on ISO 27001
• Provide a framework for evaluating risk of new business units, IT functionality, or company acquisitions and mergers
• Provide the Board of Directors specific business justification for IT spending
• Provide the foundation for a "right sized" Information Security Management System

Tiwari

11:30am-12:30pm

How to Build a Solid Foundation for ITRM : Bridging the Gulf Between Technology Geek-Speak & Business communication

Umesh Tiwari, Manager - IT Risk & Compliance, United States Cellular

Information Security professionals can alienate Business leaders and stakeholders by constantly speaking in "technology" terms, rather than business terms. As a result, they find themselves constantly struggling to gain attention of business leaders who must fund and sponsor initiatives that IT Security professionals can then use to secure IS systems and services.

In this session attendees will learn how: 

• IT Risk & Security professionals can better communicate with the business
• To articulate security and risk issues in terms that business leaders can understand
• How to gain funding for initiatives

12:30pm - 1:30pm Luncheon

Kirkwood

1:30pm-2:30pm

How to Manage the Risk of Application Security

John Kirkwood, CISO, Security Innovation; former CISO, American Express and Royal Ahold

Regulatory compliance activities, which have historically focused on network security as the primary means to protect data, are beginning to focus increasingly on application security. Why? Because insecure applications are the biggest threat to data – and the evidence supports this. Both Verizon Business and NIST reported that over 90% of data breaches occur at the application layer.

As a result, regulators and industry standards bodies have dutifully added explicit and implicit security requirements as they relate to application development practices. However, these requirements are often difficult to understand and the security activities that need to be introduced within the development process are not well known.

This talk will present a practical approach towards mapping application security practices to compliance requirements. Topics include:

• Aligning security and compliance policies with corporate requirements and translating these policies for application development and assessment teams
• Aligning application development processes and practices with security and compliance policies
• Creating an action plan that identifies and remediates gaps between current and best application security practices, and documents the use of these best practices for auditing purposes

2:30pm - 3:00pm - Refreshment Break

Czarnik Kwong Dolce

3:00pm-4:00pm

Cloud Initiatives: How Will You Need To Adjust Your Security Risk Program?  (panel)

Moderator: Tony Czarnik, Practice Manager, Savid Technologies 
Panelists will include:
John P. Dolce, Director of IT Security & Quality Assurance, True Value Company
Fred Kwong, Senior Infrastructure & Security Manager, U.S. Cellular
Matt Hollcraft, Information Security, Privacy & Risk Management Leader, PharMEDium Healthcare Corporation
Scott McCulley, Director, Information Technology, Firm58
and other CISOs/IT Security executives

Cloud Computing is yet another disruptive technology that is promising to deliver huge benefits. But with any disruptive technology there are security and risk concerns that need to be addressed.
In this session attendees will learn from a panel of CISOs and security executives as to how they are working through the following challenges:

• Abuse and misuse of cloud
• Insecure APIs/Interfaces
• Insider Threats
• Shared Technology Issues
• Data Loss or Leakage
• Service & Account Hijacking
• Unknown Risks

Ennis Novak Kirkwood Ogbolumani

4:00pm-5:00pm

Mobile Technology in the Enterprise: How to Manage Security Risks of BYOD (panel)

Moderator:
Douglas Ennis, BDM, Infoblox
Panelists will include:
Kevin A. Novak, Senior Vice President, CISO and Technology Risk Manager, The Northern Trust
John Kirkwood, CISO, Security Innovation; former CISO, American Express and Royal Ahold
David Ogbolumani, Director, Global IT Security, Kellogg Company
Dave Hodgson, Corporate IT Infrastructure Manager, Sparton Corporation
and other CISOs/IT Security executives

CISOs and security leaders will share their experiences and lessons learned
As employees become increasingly mobile through consumer technologies, IT systems and information become more vulnerable to security risks and breaches. The major challenge becomes how to effectively manage these risks while maximizing employee productivity.
In this session, attendees will learn from a group of seasoned IT security executives as to how they are handling these challenges.

Conference Price: $259.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.