Tuesday, September 23, 2014 | ||||
8:00 am - 3:45 pm | Registration Open | |||
8:00 am - 9:00 am | Continental Breakfast & Networking | |||
9:00 am - 9:15 am | Opening Remarks Bob Bragdon, Publisher, CSO | |||
9:15 am - 10:00 am | How Well Do You Know Your Data? Eric Martin, CISO, eBay, Inc. Before you can truly protect your data and the privacy of those it represents, you need to understand it. Where does your data reside? How does it move? What state is it in when it’s at rest? When it’s in transit? What’s the security state of your data? Does your data have a single source of the truth? And — of critical importance — what’s your organization’s risk tolerance? You need to answer these questions and more before you can even begin to identify your organization’s overall risk footprint, profile, and holistic attack surface. Join us for this session to learn how to better understand your data for improved protection and privacy. | |||
10:00 am - 10:30 am | The Art and Science of Information Security Steven Schmidt, Vice President and Chief Information Security Officer, Amazon Web Services | |||
10:30 am - 11:00 am | Networking Break | |||
11:00 am - 11:30 am | Getting Back to Basics with Data Protection and Privacy: An Executive Interview Stephen Scharf, Global CISO, Experian Bob Bragdon, Publisher, CSO Despite the vast knowledge available to CISOs and their organizations on the latest hacking techniques and defensive strategies, many of today’s breaches could have been prevented simply through tried and true security practices that have been around for decades. Join us for this executive interview to understand how to bring your organization back to the basics that can prevent immeasurable harm. | |||
11:30 am - 12:15 pm | Protecting Data and Privacy in a World of Clouds and Third Parties Vincent Campitelli, Vice President, IT Risk Management, McKesson Corporation In today’s global business community, it's difficult for companies of any size to meet customer and marketplace expectations without relying upon an array of third party outsourcing, service or cloud providers. These relationships tend to transfer significant security, data protection and privacy responsibilities to the providers, yet ultimate accountability and reputational risk rest with the business. In the event of major negative events including data breaches, operational outages and lost or stolen IP attributable to a vendor, the costs of all types and magnitude are borne by the business owner. In these circumstances, what is the role of the CISO? What programs should be in place to manage the risks associated with reliance upon third parties? How do you design, develop and operate a program to effectively manage these processes? Join us for this session for answers to these questions and more. | |||
12:15 pm - 1:30 pm | Networking Lunch with Hosted Discussion Tables Join a discussion table to share strategies and connect with your peers to hear how they're resolving the same issues with which you grapple every day.
| |||
1:30 pm - 2:05 pm | Cyber Security Confab Sessions Ken Schneider, Vice President of Market and Technology Innovation, Symantec James Sortino, Regional Vice President and CISSP, Trend Micro You won’t want to miss these short format, rapid-fire presentations from thought leaders who will demonstrate how forward-thinking organizations are preparing for the future.
Today’s enterprise is built on disconnected islands of information that are often secured and managed in isolation. At the same time, information assets are increasingly stored in cloud infrastructures and accessed from an ever-growing array of devices. Join us for this session as we discuss a new approach that leverages security intelligence and an information fabric to deliver visibility, insights and control across modern technology landscapes. Respecting Data In Your Organization: A Cultural Shift Presented by Trend Micro As more and more organizations leverage tools like the cloud, they find themselves sitting on an ever-expanding trove of data. A vast array of technologies can help address the challenges of data growth, but a comprehensive strategy also includes a cultural shift in how your organization looks at the data. Join us to learn how to maximize the value you are getting out of your data and reducing the risk of managing it. | |||
2:05 pm - 2:35 pm | Creating an Effective Insider Threat Program - The Challenges and Opportunities: An Executive Interview Ahmad Douglas, Senior Director, Global Information Security, Visa Bob Bragdon, Publisher, CSO At the end of the day, your greatest threat comes from your most trusted users. Usually there’s little, if any, malicious intent, but the disasters that can originate from the “carbon units” in your business can expose your organization to crippling incidents. And what if there are those inside your business who are bad actors? There are ways to head them off before it hits the fan. Join us to understand how an effective insider threat program is critical to protecting your organization from tripping over itself. | |||
2:35 pm - 3:20 pm | Proactively Dealing with the Threat of Data Breach Ahmad Douglas, Senior Director, Global Information Security, Visa Miguel Gamiño, Acting CIO, City and County of San Francisco Michael R. Overly Esq., Partner, Foley & Lardner LLP Bob Bragdon, Publisher, CSO The legal requirements for breach notification have gone from historically reactive, starting with the 2003 California Security Breach Notification law, to largely proactive in newer forms of legislation, including recent Massachusetts regulations which require organizations to have a data compliance program in place. What are the advantages and challenges to this new way of staying prepared? Join us to hear panelists' perspectives on strategies for proactively positioning one's organization for dealing with a data breach. | |||
3:20 pm - 4:30 pm | What to Do — and Not to Do — When Breached: A Moderated Workshop Michael R. Overly Esq., Partner, Foley & Lardner LLP Bob Bragdon, Publisher, CSO So, in spite of all the things you’ve learned from today’s agenda, imagine that you still get breached. What does your incident and/or crisis response look like? Do you have a team designated to respond? Do you tabletop response on a regular basis? Do you have the relationships in place to tap into external resources during that response (law enforcement, legal counsel, technical counsel, communications, etc.). In this scenario-based workshop, we’ll get our hands dirty responding to a breach. | |||
4:30 pm | Recap, Takeaways and Closing Remarks Bob Bragdon, Publisher, CSO |