The Security Standard 2011
Monday, September 19, 2011
7:00 am - 8:00 amRegistration and Breakfast

Sponsored by HP Enterprise Security
8:00 am - 8:15 amOpening Remarks
Bob Bragdon, Publisher, CSO magazine
8:15 am - 9:15 amThe State of Cybercrime
Scott Borg, Director and Chief Economist, U.S. Cyber Consequences Unit

Cyber crime preys on the enterprise with a vengeance. Criminals work 24 hours a day, every day, and are getting more sophisticated despite our best enterprise defenses. Understand more about the cyber criminal’s objectives and learn what we’re up against in this session.

9:15 am - 9:35 amProtecting Against Modern Advanced Persistent Threats
Darren Guarino, Information Security Director, Tyco International
Is APT just another term for an old problem? What does it mean to my company? Is there any way to protect myself? These questions -- and all the associated media coverage related to APT -- have clouded the basic issues. Join us for this session as we address the basic differences between a typical “drive by” attack, versus an organization intent on stealing your IP. We’ll also discuss methods and processes you can use to assess if you’re facing a more routine challenge -- or a serious problem.
9:35 am - 9:55 amProtecting the Enterprise Technology Supply Chain
Vijay Viswanathan, Director & CISO, HD Supply
Stuxnet is a lesson for all. Are you aware of all of the entry points in your enterprise supply chain? Are all of the right hygiene checks in place? How it’s been done in the past may no longer be relevant. In this session, understand why looking at vulnerabilities should be your primary concern.
9:55 am - 10:15 amThreading CyberSecurity Measures Through the Protection Infrastructure: A Panel Discussion
Vijay Viswanathan, Director & CISO, HD Supply
Scott Borg, Director and Chief Economist, U.S. Cyber Consequences Unit
Darren Guarino, Information Security Director, Tyco International
Bob Bragdon, Publisher, CSO magazine

Effective cyberscurity requires CSOs to thread and operationlize their defenses through the overall security framework. Learn some of the top strategies from leading CSOs in this session.

10:15 am - 10:45 amNetworking Break in the Security Showcase
Visit the Security Standard Showcase to find valuable solutions to your most pressing challenges. Or, discover what's new, as sponsors each have a 10-minute open forum to educate attendees on current technologies and future solutions in the Security Showcase Classroom.
The Case for Smart Cards
Many companies are re-evaluating their strategy for end-user authentication for a variety of reasons, including increased awareness of risk associated with network perimeter erosion, weaknesses of traditional username / password for end-user authentication, and the potential compromise of privileged systems and accounts. In this session, we’ll evaluate modern approaches, including “The Case for Smart Cards,” as outlined in a recent white paper from Aberdeen Group.
Presented by ActivIdentity

Securing the Cloud – Building an Identity and Context Service as a Foundation
Moving to the cloud adds a significant layer of complexity to identity and access management. Specifically, distributed identity requires that you integrate disparate data sources so that employees, customers, and partners can securely access both enterprise and cloud-based applications.  Join us as Radiant Logic’s Dieter Schuller shows how virtualization can deliver identity and context as a common, interoperable service so that enterprises can streamline security for SSO and fine-grained authorization in the cloud, and build a complete profile of various constituents.
Presented by Radiant Logic

Secure Access for SaaS
As enterprises move strategic business services to the cloud, security teams will need a way to centrally manage access to both their on-premise and cloud-based applications.  Join for this session to learn about SafeNet’s solution for a unified authentication infrastructure, which allows users to access enterprise cloud services -- like or GoogleApps -- through their existing authentication mechanisms.
Presented by SafeNet 
10:45 am - 11:15 amCreating a Holistic Security Plan: An Executive Interview
Barmak Meftah, Chief Products Officer, Fortify Software, an HP Company
Bob Bragdon, Publisher, CSO magazine

Enterprise security risk is at an all time high today with increasing numbers of mobile users, all of which is compounded by the loss of visibility and control as more applications are moving to the cloud.   As IT groups scramble to add scanners, monitors and security and event management solutions to their operations, they continue to struggle with how to track and interpret information they collect.  How can enterprise security groups be empowered to successfully predict and reduce risk to their business?  How can they take a more holistic view as the attack surface grows and new services emerge to manage information?  Join us for this executive interview as we explore how organizations can adapt in an environment of so much change.

Presented by HP Enterprise Security

11:15 am - 11:35 amNext-Gen Security Awareness: Educating the Spectrum -- from Digital Natives through Baby Boomers
Lee Parrish, CISO, Parsons
Today’s attack vectors are increasing, and this requires advanced techniques to educate the enterprise workforce. For example, smart CISOs create safe phishing programs that target their own employees at varying levels of sophistication, capture metrics on who responds, and then use the results as an awareness tool. Similarly, they create interactive programs to enforce social networking policies. Learn how to put these and other dynamic — rather than static — awareness programs to work in your organization.
11:35 am - 11:55 amSafe Corporate Use of Social Networking: Enabling the Workforce While Minimizing Risks
James Beeson, CISO, GE Capital - Commercial
How do you enable the workforce while minimizing risks? How do you encourage practical use of social networking technologies, but with the security thought processes baked in from the beginning, rather than sprinkled on? Get expert advice on how to manage security in this constantly changing era of social networking.
11:55 am - 12:15 pmTaming the Chaos of Mobile Security and Consumerized IT: A Panel Discussion
James Beeson, CISO, GE Capital - Commercial
Lee Parrish, CISO, Parsons
Bob Bragdon, Publisher, CSO magazine

CSOs are up to their eyeballs with the onslaught of mobile devices. Employees want to open their iPads to corporate applications with 4-digit pin authentication. The pressure is turning security frameworks, end-user computing and application development worlds on their heads. Join us for an enlightening discussion on bringing order and reason to the brewing chaos.

12:15 pm - 1:15 pmLunch with Discussion Topics

Join one of these moderated discussion tables to share strategies and connect with your peers to hear how they're resolving the same issues with which you grapple every day.

Single Credential Solutions for Physical and Logical Access
Join us as we discuss how single credential solutions provide a cost effective way to protect both physical corporate facilities along with logical customer and employee information.  
Hosted by ActivIdentity

Dynamic Attack Protection
From DDoS to Wikileaks, the attack headlines keep coming. Join F5 for a discussion about the best protection against complex, multilayer security attacks.
Hosted by F5 Networks
Best Practices for Securing Data in the Cloud
Just what are the best practices for security in the cloud?  Join us for this discussion as we explore and analyze the Magnificent Seven principles outlined in a Forbes Tech article published in July.
Hosted by SafeNet

Preventing Breaches and Protecting Sensitive Data
Cyber attacks are increasing, and as organizations are exposed to increasingly complex threats, IT security controls become critical to protecting and monitoring their assets.  Join us as we discuss the challenges and solutions.
Hosted by Tripwire
1:15 pm - 2:30 pmBreakout Sessions on CyberSecurity
1:15 pm - 1:50 pmThe New Norm: A Resilient Defense – The Angelina Jolie (Lara Croft) Defense
Jerry Archer, CISSP, Senior Vice President and Chief Security Officer, Sallie Mae
Defending your enterprise in the face of advanced persistent threats and adversaries requires significant technical means. Understand just what we’re facing from a recognized expert in this session.
Your Security Policies are Probably Woefully Out of Date -- and Here’s Why
Nick Akerman, Partner, Dorsey & Whitney LLP
If your company falls victim to an insider threat or security breach, have you considered all of the new laws on the books that could help your company pursue criminal prosecution, and thereby inhibit future threats? Do your security policies reflect measures that would take advantage of these new laws? Find out what you may be missing in this session.
1:55 pm - 2:30 pmThe Encryption Conundrum
Daniel Srebnick, Chief Information Security Officer, NYC Department of Information Technology and Telecommunications


1. A confusing and difficult problem or question.

2. A question asked for amusement, typically one with a pun in its answer; a riddle.
Security professionals and vendors have been promoting the idea of across-the-board encryption for data in transit and at rest for a number of years. On its face, this seems like a good strategy for data protection. But is it always the right strategy? Is it sometimes better not to encrypt than to encrypt? Does data encryption sometimes diminish the ability of security practitioners to achieve their objectives? Dan takes a critical look at the use of encryption in different contexts and asks whether some new thinking about encryption is in order.

Leveraging Event Management to Defend Against Threats
David N. Kroening, Chief Information Security Officer, NY State Insurance Fund
Logs have tremendous value in discovering and isolating potential breaches. While there are many ways to defend against threats, one of the most fruitful is in spending adequate time and resources on log management and analysis. Understand how to leverage event management to your advantage in this session.
2:30 pm - 3:00 pmNetworking Break in the Security Showcase
Visit the Security Standard Showcase to find valuable solutions to your most pressing challenges. Or, discover what's new, as sponsors each have a 10-minute open forum to educate attendees on current technologies and future solutions in the Security Showcase Classroom.
The Cyber Supply Chain Assurance Reference Model
The flow of goods and services around the world from their origin to their completion — the global supply chain — has become inextricably intertwined with the global cyber infrastructure.  In this session, SAIC will present a tour of their cyber supply chain assurance reference model.
Presented by SAIC
Case Study:  Financial Institution Reduces Cost Per Investigation
ArcSight is an enterprise grade SIEM platform, most often used to monitor and detect information security threats and respond appropriately.  Join us for this session as we present a case study highlighting how ArcSight ESM was deployed to serve as a forensics investigations solution for a global financial institution resulting in a significant reduction in cost per investigation.
Presented by HP Enterprise Security
Virtualization, the Cloud, and the Future of IT
Virtualization and the cloud are changing information technology -- and some are predicting a future without the kind of IT we know today.  Many things will certainly change, but Mike Gable, AVP from Trend Micro is certain he’ll continue providing tech support for his extended family.  Join us for this session to get a glimpse of what’s in store for us.
Presented by Trend Micro
3:00 pm - 4:15 pmBreakout Sessions on Mobile Security
3:00 pm - 3:35 pmSecuring Mobile Applications, Development and Distribution
Robert Duran, Information Security & Privacy Officer, Time Inc.
Hart Rossman, Vice President and Chief Technology Officer for Cyber Security Services & Solutions, SAIC
Bob Bragdon, Publisher, CSO magazine

As companies embrace tablets and handhelds, the user communities will increasingly demand more collaboration tools and workflow. How do you plan ahead to manage a secure environment going forward? Learn valuable strategies in this session.

Tying Together InfoSec, Business Continuity Planning, Privacy and Vendor Management
John Logan, Chief Information Security and Privacy Officer, First Place Financial Corporation
A multitude of benefits can be derived when CSOs knit key practice areas together. Understand how this can be done well in this session.
3:40 pm - 4:15 pmAdapting the Enterprise Security Framework to Secure an Increasingly Mobile Workforce
Vijay Viswanathan, Director & CISO, HD Supply
Every enterprise today is pressured to adopt tablets and handheld devices of countless flavors. In this session, get a handle on the best way to adapt your security framework to address the challenge.
How to Align Appropriate Security Across More Devices
Lee Parrish, CISO, Parsons
Gone are the days when you could manage enterprise mobile security through a simple and short list of approved devices. Today, companies must accommodate longer device lists and balance appropriate boundaries with personal information on those devices. Join us for this session as we explore the roles of key elements like centralized management solutions, password enforcement, native encryption, mobile policies and more.

4:20 pm - 5:00 pmNew Technology Demonstrations
See lightning-round demonstrations of new security products and services.
5:00 pm - 5:20 pmThe Changing Balance of End User Accountability
Roland Cloutier, Vice President and Chief Security Officer, ADP

Since the advent of the public computing infrastructure, PC ownership accountability has been a focus for our profession. But the attacks against the general population of consumer PC and like device users has reached an unpredicted apex of capability v. reality. The fuzziness of the reasonability to the legal measurement of what a “reasonable and prudent person” should be held accountable to with regards to protection of their own computer is now being addressed by global law makers putting the onus back on technology vendors, service providers, and industry, yet little to no advances have been made to change technology, services, or industry to remove the decision making from the end user. Or has it?

In this session Roland Cloutier will discuss gaps, opportunities, and advancements in this area and touch upon the social, legal, and technological components that will drive this progress in the coming years.
5:20 pm - 5:45 pmDigital Natives: How Do They View Information Security?
Bob Bragdon, Publisher, CSO magazine
Roland Cloutier, Vice President and Chief Security Officer, ADP

Digital natives are those who have grown up with technology. In this panel of high school and college students along with a recent job-force entrant, we’ll explore how today’s generation views information security, privacy and more. You won’t want to miss this unique glimpse into the realities of your new and future IT users.

5:45 pm - 6:45 pmNetworking Reception in the Security Showcase

Sponsored by HP Enterprise Security

Tuesday, September 20, 2011
7:45 am - 8:45 amRegistration and Breakfast
8:45 am - 8:50 amOpening Remarks
Bob Bragdon, Publisher, CSO magazine
8:50 am - 9:30 amThe Global State of Information Security: An Exclusive Survey Preview
Bob Bragdon, Publisher, CSO magazine
Fred Rica, Principal – Advisory Services, PricewaterhouseCoopers
Join us for this exclusive preview of the industry’s pre-eminent, annual survey on security -- the 2012 Global State of Information Security, conducted by CSO magazine and PwC. You’ll learn how your peer security executives are focusing their spending in this climate and what their top priorities are for the coming year — along with a range of other trends critical to securing the enterprise in the years ahead.
9:30 am - 9:50 amAligning Security to the Business
Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, Visa
The most successful CSOs realize that aligning security to the business is an essential component to unlocking security value and creating competitive advantage. In this session, participants will learn the latest techniques and methodologies for creating, managing and communicating a mission-aligned security strategy -- and associated performance measures -- to maximize business value.
9:50 am - 10:10 amAligning Risk Management with Business Unit Performance: A Panel Discussion
Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, Visa
Fred Rica, Principal – Advisory Services, PricewaterhouseCoopers
Bob Bragdon, Publisher, CSO magazine

How do you tie business unit performance and risk management together so that risk indicators can help avoid problems with business performance? Does the business understand the risks of consumerized IT and social media? And can a third-party successfully be the hub for risk information? As more CSOs are becoming critical risk advisors to the business, get the latest insights in this discussion.

10:10 am - 10:40 amNetworking Break in the Security Showcase
Visit the Security Standard Showcase to find valuable solutions to your most pressing challenges. Or, discover what's new, as sponsors each have a 10-minute open forum to educate attendees on current technologies and future solutions in the Security Showcase Classroom.
Security Risk Management: Using Security Intelligence to Better Manage IT Risk
Collecting the best information needed to reduce risk and improve security has been an ongoing challenge.  In this discussion, we’ll illustrate how to deliver better management of risk and compliance operations, and how to focus and optimize security countermeasures through automated security intelligence.
Presented by McAfee
Protecting and Monitoring Assets Against Complex Threats
Cyber attacks are increasing and breaches -- if discovered -- go undetected for months as evidenced by the Verizon Business Data Breach Investigation Report (DBIR). More and more exploits are now focused on where the actual data resides – at the file, database and web application servers – not at the perimeter where organizations have historically focused their security investment. As organizations are exposed to increasingly complex threats, IT security controls become critical to protecting and monitoring their assets.  Join us as we discuss how to successfully face these new challenges.
Presented by Tripwire
10:40 am - 11:00 amManaging the Risks of Clouds, Consumerized IT, Social Media, and Diversified Devices
Jeffrey Garonzik, Information Assurance Architect, Central Intelligence Agency
It wasn’t many years ago that we began thinking technology was becoming ubiquitous. And that was before consumerized IT, social media and clouds hit the enterprise. Does the larger business understand what new risks it’s taking? Learn how to educate and inform the business in this session.
11:00 am - 11:20 amNavigating Privacy, Security and Compliance in the Cloud
Shukri Khader, CISO, Avon Products
When you manage cloud data, you need to consider a wide range of variables, not of the least of which are changing privacy laws, PCI compliance and more. Learn how to assess these variables in this session.
11:20 am - 11:40 amSecuring the Cloud -- A Legal Perspective
Josh Konvisser, Partner, Pillsbury Winthrop Shaw Pittman LLP
The first step in securing anything in the cloud is negotiating the right contract terms. Get critical advice from a top legal resource in this session.
11:40 am - 12:00 pmAdapting Your Security Infrastructure for Mobile, Social and Cloud Initiatives: A Panel Discussion
Jeffrey Garonzik, Information Assurance Architect, Central Intelligence Agency
Shukri Khader, CISO, Avon Products
Josh Konvisser, Partner, Pillsbury Winthrop Shaw Pittman LLP
Bob Bragdon, Publisher, CSO magazine

With more mobile, social and cloud services coming online, your security infrastructure is being challenged to accommodate. Get tips and strategies in this discussion.

12:00 pm - 1:00 pmLunch with New Technology Demonstration Awards Recognition
1:00 pm - 1:30 pmDessert Reception in the Security Showcase
1:30 pm - 2:45 pmBreakout Sessions on Cloud Security
1:30 pm - 2:05 pmCreating a Cloud Security Roadmap
Jeffrey Garonzik, Information Assurance Architect, Central Intelligence Agency
Mike Gable, AVP, Strategic Sales, Trend Micro
Bob Bragdon, Publisher, CSO magazine

As projects to move IT operations and applications to the cloud take shape, IT and security executives must document what is moving where, how it’s being secured, and what additional security layers might be needed. Get key advice on how to build your roadmap in this session.

What is the Patriot Act, and How Does It Impact Your Cloud Security?
David Black, CISO, Aon eSolutions
While you may have heard of the Patriot Act signed into law in 2001, you may not know that the “USA PATRIOT” Act acronymn stands for “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.” For companies with international operations involving cloud computing, the Patriot Act has important implications. Get an understanding of them from an expert in this session.
2:10 pm - 2:45 pmManaging Identity in the Cloud
JT Jacoby, Chief Security Officer, NYC Housing Authority
Dieter Schuller, VP, Business Development, Radiant Logic
Bob Bragdon, Publisher, CSO magazine

Whether your organization is planning more moves to the cloud, or already has a solid cloud footprint, you need to leverage your existing investments in your identity infrastructure and take your steps methodically. In this panel discussion, moderated by CSO magazine publisher Bob Bragdon, we’ll talk with key experts about how to leverage your existing identity infrastructure to manage security and risk in the cloud -- and will explore the strategies to take, and obstacles to avoid, based on their knowledge and experience.

Assessing Risks in the Cloud
Jason Witty, SVP, International Information Security Executive, Global Information Security, Bank of America Corporation
Security remains one of the top worries (if not the top concern) of organizations considering cloud implementations. In this session, a key member of the Cloud Security Alliance will delve into the range of risks when using cloud-based platforms -- from data protection to performance and more -- and will offer critical strategies to mitigate them.
2:50 pm - 4:05 pmBreakout Sessions on Governance, Risk and Compliance
2:50 pm - 3:25 pmPreparing Your Company and Budgets for Consumerized IT
Dave Malcom, CISO, Hyatt Hotels Corporation
As PC shipments slow and tablets and handhelds proliferate, how can you prepare for things like mobile malware threats and the fragility of cellular networks? Are SLAs up to the task? And what about all those “bring your computer to work” programs we’re hearing about? Are they successful? Get insights in this session to plan ahead.
Re-aligning Security and Risk Management
Patrick D. Howard, CISO, U.S. Nuclear Regulatory Commission
For many organizations, the link between the mission and specific information security needs is nebulous or non-existent. Get tips and strategies for creating an enterprise risk management approach to align security with actual business requirements.
3:30 pm - 4:05 pmHow to Integrate IT Infrastructure and GRC Platforms
Gene Fredriksen, CISO, Tyco International
Dave Anderson, Senior Director of Security and Risk Management, McAfee
Bob Bragdon, Publisher, CSO magazine

Creating an ecosystem of technologies that detect, defend, deter and report together is essential to integrating GRC to the security and overall IT framework. Understand how this is done in this session.

PCI Zen: How To Be Compliant By Not Being Compliant
Andy Ellis, CSO, Akamai Technologies
The efficacy of the PCI DSS standard, among other compliance regimes, has been questioned by pundits and practitioners alike. Learn how to achieve a new state of security; one in which we understand the true goals of security, and deploy practices and technologies that achieve a secure state of practice without following the checklist. In fact, we'll throw the checklist out.
4:05 pmConference Concludes

New Registration