Conferences that solve current IT challenges

Enterprise Risk / Security Management

Strategies for reducing risk to the enterprise.

October 6, 2016

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Register

Bios

Conference location: Donald E. Stephens Convention Center Rosemont (O'Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.


Early confirmed speakers from IT departments include:

Greg Bee, CISO, Country Financial

Todd Covert, CISO & Director of IT Infrastructure, Northwest Community Healthcare

Wayne Pierce, Information Security Officer, Aspirus

Keith Conlee, CISO, College of DuPage

Paul Bivian, Director - IT Security Technology & Analysis, United Airlines

Fawaz Rasheed, CISO, Johnson Controls

Ric Reisenauer, Director - Information Risk Management, Northwestern Mutual





What You Will Learn

In this one day conference attendees will learn:

  • Cyber Crime Unmasked – How to Leverage Defense Best Practices Against Ransomware

  • Use Your Metrics to Tell a Story

  • IT Risk & Social Engineering: Establishing Metrics to Manage the Human Layer

  • CISO Strategy: How to Build Trust and Resilience with the Business

  • Adversary Analysis and Applied Defenses Using Domain and DNS OSINT

  • Managing the Politics— How to Protect and Grow Your Security Budget (Panel Discussion)

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

Muniz

9:00am-10:00am

Cyber Crime Unmasked – How to Leverage Defense Best Practices Against Ransomware

Joey Muniz, Consultant and Security Researcher, Cisco Systems

This session will cover how real world threats work focusing on a case study of ransomware that will include defense best practices. Attendees will walk leave the session with steps they can take to reduce the risk.











10:00am -10:30am - Refreshment Break

Marchewka

10:30am-11:30am

Use Your Metrics to Tell a Story

Edward Marchewka, Director of Information Technology, Information and Technology Services, Gift of Hope Organ & Tissue Donor Network

This session will discuss the CISOs role in telling a story to their myriad of audiences in order to provide status updates, get results, and drive performance. We’ll take a journey together and address topics including:

  • Why stories?
  •  Andragogy
  • What story to tell
  • Using the right pictures












Gutierrez

11:30am-12:30pm

Cyber Lessons Learned: The Four Most Common Failures to Protecting Your Resources

Der'ly M Gutierrez III, CISSP,CEH, NSA, MISM/MBA, BSITM, FEMA, PAN, BC, Strategic Security Solutions Architect Lead, OnX Enterprise Solutions

Any organization with critical data should be concerned about the recent incidents around data breaches. Within last five years, some of the largest attacks on information systems ever reported have occurred.

If you are thinking this kind of incidents are rare, you are sorely mistaken…especially in the specific industries with PII, PHI, and trade secrets. A simple Google search for hacks reveals articles on the latest organization who have suffered from embarrassing breaches in security.

After review of a few reports about these attacks and during my personal experience throughout the last five years of assessing environments there are continuously four areas that are lacking in maturity in most organizations. These gaps cause significant issues for organizations around the Globe.












12:30pm - 1:30pm Luncheon

1:30pm-2:30pm

Gordon

Pierce

Conlee

Bivian

Rasheed

Reisenauer

CISO Strategy: How to Build Trust and Resilience with the Business

Moderator:
Douglas Gordon, SVP, Strategy and Product Marketing, Intralinks
Panelists:
Wayne Pierce, Information Security Officer, Aspirus
Keith Conlee, CISO, College of DuPage
Paul Bivian, Director - IT Security Technology & Analysis, United Airlines
Fawaz Rasheed, CISO, Johnson Controls
Ric Reisenauer, Director - Information Risk Management, Northwestern Mutual
and other CISOs sharing strategies, tactics and lessons learned 

CISOs need to build relationships based on risk and trust. To establish credibility, IT executives must effectively relate IT risk and security to business outcomes and engage business side executives. Trust will be built when decision making effectively balances appropriate levels of security and IT risk without interfering with normal business operations.

In this session, attendees will learn how prominent CISOs are achieving this balance.























2:30pm - 3:00pm - Refreshment Break

Helming

3:00pm-4:00pm

Adversary Analysis and Applied Defenses Using Domain and DNS OSINT

Tim Helming, Director, Product Management, DomainTools

This session illustrates new ways to investigate—and get ahead of--threat actors, using OSINT (Open Source Threat Intelligence) such as domain registration data, IP address data, MX records, geolocation, and more. Using examples from high-profile cybercrime/espionage cases, Tim Helming of DomainTools will demonstrate how threat actors can be identified or accurately profiled, and how their webs of connected holdings can be mapped for defensive (or offensive) purposes. The techniques shown are used effectively by leading-edge private sector, government, and law enforcement experts to fight cybercrime globally. Effective adversary analysis pays off in all phases of a continuous security model, from monitoring to detection to response to prevention.

From this session, attendees will be able to:

  1. See how domain-based OSINT has helped investigators glean important information about attackers in high-profile as well as routine threat triage and investigations.
  2. Identify fruitful sources of open source intelligence (OSINT) to conduct adversary analysis during known or suspected breaches or attempts--and apply the findings to all phases of the continuous security model.
  3. Create forensic domain maps--conceptual maps of threat actor infrastructure (domains and IP addresses) that can help the security pro defend against current and future attacks from a given threat actor.
  4. Use easily-discoverable information about threat actors to triage indicators of compromise (IoC) during known or suspected breach activity.
  5. Learn how to “look back in time” and discover dwell time of malicious actors by correlating previously-seen with currently-seen domains (from the forensic domain map), thereby detecting earlier interactions that may have looked innocuous at the time; and how to use monitoring of threat actors to defend against new attack infrastructure.











4:00pm-5:00pm

Sumar

Bee 

Covert

Kinard

Managing the Politics— How to Protect and Grow Your Security Budget (Panel discussion)

Moderator:
Annur Sumar, CTO, MaeTech
Panelists:
Greg Bee, CISO, Country Financial
Todd Covert, CISO & Director of IT Infrastructure, Northwest Community Healthcare
Patrick Kinard, Sr. Enterprise Server Operations Manager, Chicago Public Schools
and other CISOs sharing strategies, tactics and lessons learned

Budgets are always under pressure and being scrutinized. Given the constant threats, CISOs are always fighting to grow their budget. How can you best defend your budget while asking for more? In this session, attendees will learn from prominent CISOs as to strategies they are using to achieve this.


Conference price: $289 per person.


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.