Feedback from Attendees

Upcoming Events

May 31, 2012
Desktop Virtualization Strategies
Info

June 14, 2012
Business Intelligence - Big Data & Analytics Strategies
Info

June 21, 2012
Enterprise IT Risk/Security Management
Info

July 12, 2012
IT Infrastructure, Operations & Management
Info

Sep 6, 2012
Disaster Recovery/Business Continuity - Resilient Infrastructure
Info

Sep 24, 2012
Cloud Computing Strategies
Info

Oct 9-10, 2012
IT Portfolio Management
Info

Oct 18, 2012
Enterprise Mobility Strategies
Info

Oct 25, 2012
Desktop Virtualization Strategies
Info

Nov 6, 2012
IT Leadership Strategies
Info

Nov 29, 2012
Disaster Recovery/Business Continuity - Data Protection
Info

Dec 13, 2012
BI/Big Data/Analytics
Info

(Click here to add any of our upcoming events to your calendar)

Conferences that solve current IT challenges

Enterprise IT Risk / Security Management

Strategies for adopting a comprehensive IT GRC (Governance/Risk Management/Compliance) approach to managing information adhering to business needs

June 21, 2012

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Register

Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

• Risk Reduction: How to Avoid Being the Next Data Breach Headline

• How to Design an Effective Risk Assessment

• How Security and the CSO Can Provide Business Value (Panel)

• How to Manage the Risk of Application Security

• Consumer Technology in the Enterprise: How to Manage Security Risks while Maximizing Productivity (Panel)

• Cloud Security: How to Manage the Risk When Utilizing Cloud Computing (Panel)

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

Sabaj

9:00am-10:00am

Risk Reduction: How to Avoid Being the Next Data Breach Headline

Tony Sabaj, Regional Engineering Specialist, Data Loss Prevention, Check Point Software

Data breaches have a huge impact on the economy. Consumers and business get hurt, shareholders lose faith and suppliers question the viability of the company they are doing business with.

How do you protect your organization so that you are not the next data breach headline in the media?

In this session, attendees will be provided with a framework that answers the following:

• How to determine which types of data pose the most risk
• How to assess your organization's risk of a costly data breach
• How to develop a Data Protection Program to reduce your risk
• How to get executive buy-in for your Data Protection Program

10:00am -10:30am - Refreshment Break

Cronin

10:30am-11:30am

How to Design an Effective Risk Assessment

Chris Cronin, Principal Consultant, Halock Security Labs

The "Right-Sized" Information Security Management System Identifying, evaluating, and treating information security risk is now required by many laws, regulations, and standards (such as PCI DSS 2.0, HIPAA, CMR 17.00, and others). And for good reason. Risk management helps organizations achieve due diligence and reduce their liability even before they meet full compliance However, many organizations attempt compliance without understanding how risk management works, making compliance costly and difficult to maintain over time. Further, while the ISO 27001 Information Security Management System provides the gold standard, it often proves to be too challenging for many organizations. How can an organization make managing information security risks easier without taking on ISO 27001?

In this session, attendees will:

• Learn why risk management has become the standard requirement for information security laws and regulations
• Gain an understanding of what an information security management system is and how it functions
• Understand the fundamentals of identifying, assessing and managing risks
• Learn how to address compliance requirements by using risk management tools
• See how risk oversight works to measure and reduce risks to meet legal requirements
• Be exposed to tools that help management reduce risks and oversee compliance
• Receive a high-level roadmap for building an information management system

Schaufenbuel Yetnikoff

11:30am-12:30pm

How Security and the CSO Can Provide Business Value (Panel)

Panelists:
Rafael Diaz, CISO, State of Illinois
Bradley J. Schaufenbuel, CISSP, CISM, Director of Information Security, Midland States Bank
Arlene Yetnikoff, Director-Information Security, DePaul University
and other CISOs/Security Directors from Enterprise IT Departments

In this session, attendees will learn from a panel of IT security executives as to the strategies they are leveraging to insure their efforts are in sync with business priorities.

Topics covered:

• How to identify leverage the following areas of value: reputation, regulation, revenue, resilience, and recession for continued investment and security spending
• How to assess, understand and define security’s current and future roles in the extended enterprise
• Where are security investments being made on personnel, processes, and technologies
• What does security need to specifically achieve for the enterprise in terms of protecting current business processes and enhancing future revenue growth

12:30pm - 1:30pm Luncheon

1:30pm-2:30pm

How to Manage the Risk of Application Security

 

Regulatory compliance activities, which have historically focused on network security as the primary means to protect data, are beginning to focus increasingly on application security. Why? Because insecure applications are the biggest threat to data – and the evidence supports this. Both Verizon Business and NIST reported that over 90% of data breaches occur at the application layer.

As a result, regulators and industry standards bodies have dutifully added explicit and implicit security requirements as they relate to application development practices. However, these requirements are often difficult to understand and the security activities that need to be introduced within the development process are not well known.

This talk will present a practical approach towards mapping application security practices to compliance requirements. Topics include:

• Aligning security and compliance policies with corporate requirements and translating these policies for application development and assessment teams
• Aligning application development processes and practices with security and compliance policies
• Creating an action plan that identifies and remediates gaps between current and best application security practices, and documents the use of these best practices for auditing purposes

2:30pm - 3:00pm - Refreshment Break

Covert

3:00pm-4:00pm

Consumer Technology in the Enterprise: How to Manage Security Risks while Maximizing Productivity

Panelists:
Todd Covert, IT Security, Risk and Compliance, Baxter Healthcare Corporation
and other IT risk leaders will share their experiences and lessons learned

As employees become increasingly mobile through consumer technologies, IT systems and information become more vulnerable to security risks and breaches. The major challenge becomes how to effectively manage these risks while maximizing employee productivity.

In this session, attendees will learn from a group of seasoned IT security executives as to how they are handling these challenges.

Zoline

4:00pm-5:00pm

Cloud Security: How to Manage the Risk When Utilizing Cloud Computing (Panel)

Panelists:
Kenneth Zoline, Global Security Program Manager, IBM
Nikita Reva, Global Security Assessment Specialist, Mars Information Services-Chicago
and other professionals from IT departments

Cloud Computing is yet another disruptive technology that is promising to deliver huge benefits. But with any disruptive technology there are security and risk concerns that need to be addressed.

What questions should you be asking potential cloud providers? How should you modify your own security and risk procedures?

In this session attendees will learn how to adjust their security/risk programs to account for the following areas:

• Abuse and Misuse of Cloud
• Insecure APIs/Interfaces
• Insider Threats
• Shared Technology Issues
• Data Loss or Leakage
• Service & Account Hijacking
• Unknown Risks
• Customer information in the cloud
• Managing Identities and authentication

Conference Price: $259.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.