It’s an evolving world – and an ever-evolving “threatscape” with which you have to contend. Staying on top of the latest technological security concerns like securing storage and applications in the cloud, new Botnets, rootkits and phishing scams, as well as physical security threats like defending against disgruntled former employees and the forces of global terrorism, is a huge challenge. But security risk is not the only risk that organizations are managing as part of their enterprise risk initiatives. It's an exciting time to be managing security risk and now that security is back on the board room agenda the primary question becomes "How do CSOs keep security risk front and center when competing with so many other risk initiatives such as product, quality, environmental, supply chain, and health risk?" This session will provide a perspective on trends in gloabl risk management and the linkages with security risk initiatives, detail warning signs that your program might be "at risk" and demonstrate methods for how to keep the CSO agenda relevant and in sync with the Directors and Executive Officers agenda.

Richard Gunthner, CSO of Payment Services giant MasterCard, and Roland Cloutier, CSO of Payroll Services giant ADP, provide a unique look into the intersection of technology with crime, fraud, and the global security issues that threaten your businesses and employees every day. These two experts will provide insight to a complex world of threats, controls, threat actors, and intelligence — all of which cross the boundaries between cyber protection and the physical world. Through discussion and demonstration of real world incidents, detection techniques, and everyday control capabilities, Richard and Roland will provide tangible techniques that will help you build and defend your corporate fortress.

In today’s social, mobile and cloud oriented world, attacks are becoming more and more sophisticated — and this is shifting the complexity of security challenges across the organization.  With this shift, security concerns are now finding their way into CEO offices and board rooms, causing some CSOs to report to the highest levels of management.  With accountability to so many business leaders, how does the CSO communicate the value of the least understood aspect of security — software security?  In this keynote presentation, Fortify’s Founder and CTO Roger Thornton will discuss how today’s security leaders across industries — from financial services to insurance to communications to government and defense — are tracking and communicating the ROI on securing code in mission-critical applications.  Join us to learn more about how CSOs can communicate ROI in terms that all business leaders will not only understand, but appreciate.

Whether your organization uses — or plans to use -- software or infrastructure hosted by third party providers, keeping your data secure will be one of your top priorities. Learn how to conduct rigorous due diligence of cloud providers -- from the security of their data centers to their tiers of infosec protection to the contractual terms that are must-haves. Whether you have or plan to use software-, platform- or infrastructure as a service, you won’t want to miss this session.

Explore the cutting edge tactics, techniques and procedures being developed and implemented to securely filter cloud-based services for advanced persistent threats, zero-day exploits and social engineering attacks targeted at your sensitive intellectual property.

Without a Governance, Risk and Compliance (GRC) Framework, organizations have a difficult time getting their arms around their governance, risk and compliance strategies.  In this session, learn how Sallie Mae’s senior leadership not only achieved improved situational awareness with their GRC framework, but also discovered key operational efficiencies.

Standard service agreements don’t go far enough in protecting your data and your organization in the event of security incidents or outages at cloud providers. In this session, learn how to negotiate the right terms and penalties to get the protection you need from your cloud provider, from identity management to business continuity, incident response plans and more.

So you’re happy with your SaaS or cloud infrastructure contract and your providers’ supposed guarantees. Should you stop there, or do some verification of your own? What are the rules around trying to break into your providers’ systems or hiring a third party to do some monitoring so you can find out some of the activity hitting their perimeter? Learn what’s accepted practice when you don’t have access to your providers’ logs but want assurance that events aren’t going unnoticed.

As public companies work to address a growing list of compliance requirements, their IT organizations must partner and collaborate with the business on both the strategy and implementation of an identity and governance framework. In this session, you’ll hear actionable advice about how to best engage business managers to create sustainable compliance processes for identity management.

There are three major challenges to successful identity management in the cloud: Accurately judging trust, right-sizing permissions, and effectively monitoring. We will discuss and demonstrate some of the proven techniques in assuring those three areas are successful and secure in any enterprise.

Effective identity and access management comes from deploying the right technology and embedding IAM processes throughout the organization. In this session, learn how to develop an effective IAM strategy across your organization, no matter how siloed, geographically dispersed or decentralized your operations are.

Sponsored by:

Filling security gaps is more important than ever as risks faced by organizations grow more varied and complex each day. Modeled after IDG's successful DEMO events, companies showcasing and judged in this session are given just five minutes to demonstrate how their product fills a critical need, and another 10 minutes of Q&A from our panel of judges -- just the companies, the technologies and the judges.  Join us for this rapid-fire session as we cut right to the chase.

Judges: John Kirkwood, VP and Global Information Security Officer, Ahold; Paul De Graaff, Global Information Security Officer, AIG; Warren Axelrod, Research Director for Financial Services, The United States Cyber Consequences Unit; Derek Slater, Editor in Chief, CSO magazine

Join us for this exclusive preview of the industry’s pre-eminent, annual survey on security -- the 2011 Global State of Information Security, conducted by CSO magazine and PwC. You’ll learn how your peer security executives are focusing their spending in this climate and what their top priorities are for the coming year — along with a range of other trends critical to securing the corporate fortress.

As states across the country adopt legislation designed to protect personally identifiable information, organizations must put rigor into their policies, practices and training to ensure compliance. In this session, hear how GE approached the privacy challenge from the chief privacy officer on down, plus how it governed the areas where privacy and security meet.

History proves that cataclysmic risk is inevitable -- whether it comes from natural or man-made disaster, or is brought about by malicious attack. Preparing for risk -- and minimizing exposure -- requires acceptance that readiness is a board-level priority. The board’s security initiatives then need to be mapped against the strategic plan so that risks are considered over both the short and long term. The Security Executive Council’s Security 2020 initiative aims to continuously improve risk and security measures industry-wide by providing security executive leadership training, advancing technology innovation through test beds, and creating a trusted process that examines how technologies can interoperate. Learn more about what the Security Executive Council’s research is finding — and how this initiative can help you — in this session.

Even with the tightest security and most well-conceived policies, breaches happen, whether a company executive leaves a laptop in a cab or you discover stealth moves by a crime syndicate. Is your incident response plan ready? Hear from someone put to the test about their seminal moments, the proactive measures they've put in place, and what proved most valuable during their times responding to breach issues.

Organizations’ networks today reach across the globe and encompass many types of devices, from laptops to smartphones. Hear how leading edge companies are securing all these endpoints and the lessons learned from quick rev mobile cycles, among other challenges.

Encryption comes in many flavors and formats: from full-disk encryption to file encryption. Matching your encryption strategy to your business processes is the best way to ensure protection, access and performance across the organization. This session will take you through various factors to consider in implementing encryption across the enterprise.

This discussion will examine some of the major standards in the identity world today -- like OpenID, SAML, OAuth, and the Trusted Platform Module -- and provide advice on understanding the relative pros and cons of each. Which are likely to emerge as the dominant standards, and why?

Strong data protection strategies involve policy development and enforcement combined with smart technology deployment. Learn about the latest, most effective practices for organizational education and follow-through to protect data from inadvertent or malicious data loss -- including training especially designed to spot social engineering.

CSOs and their teams can’t make every information risk go away, but they can take some very simple steps to minimize it. How can you work most effectively with your legal, HR and compliance counterparts to reduce risk? What proactive steps can you take in advance to be prepared to respond to a data breach? In this session, get fresh tips on this and more from an information security legal expert.

Virtualizing and isolating servers by function (such as e-mail or web services) has security benefits, but there are other potential loopholes to virtualization. This session will help you examine those security risks, like system complexity, potential duplication of malicious code and artifacts left in memory, and determine how to best mitigate those risks.