| Monday, September 19, 2011 | ||||
 7:00 am - 8:00 am | Registration and Breakfast Sponsored by HP Enterprise Security | |||
| 8:00 am - 8:15 am | Opening Remarks Bob Bragdon, Publisher, CSO magazine | |||
| 8:15 am - 9:15 am | The State of Cybercrime Scott Borg, Director and Chief Economist, U.S. Cyber Consequences Unit Cyber crime preys on the enterprise with a vengeance. Criminals work 24 hours a day, every day, and are getting more sophisticated despite our best enterprise defenses. Understand more about the cyber criminal’s objectives and learn what we’re up against in this session. | |||
| 9:15 am - 9:35 am | Protecting Against Modern Advanced Persistent Threats Darren Guarino, Information Security Director, Tyco International Is APT just another term for an old problem? What does it mean to my company? Is there any way to protect myself? These questions -- and all the associated media coverage related to APT -- have clouded the basic issues. Join us for this session as we address the basic differences between a typical “drive by” attack, versus an organization intent on stealing your IP. We’ll also discuss methods and processes you can use to assess if you’re facing a more routine challenge -- or a serious problem.  | |||
| 9:35 am - 9:55 am | Protecting the Enterprise Technology Supply Chain Vijay Viswanathan, Director & CISO, HD Supply Stuxnet is a lesson for all. Are you aware of all of the entry points in your enterprise supply chain? Are all of the right hygiene checks in place? How it’s been done in the past may no longer be relevant. In this session, understand why looking at vulnerabilities should be your primary concern. | |||
| 9:55 am - 10:15 am | Threading CyberSecurity Measures Through the Protection Infrastructure: A Panel Discussion Vijay Viswanathan, Director & CISO, HD Supply Scott Borg, Director and Chief Economist, U.S. Cyber Consequences Unit Darren Guarino, Information Security Director, Tyco International Bob Bragdon, Publisher, CSO magazine Effective cyberscurity requires CSOs to thread and operationlize their defenses through the overall security framework. Learn some of the top strategies from leading CSOs in this session. | |||
| 10:15 am - 10:45 am | Networking Break in the Security Showcase Visit the Security Standard Showcase to find valuable solutions to your most pressing challenges. Or, discover what's new, as sponsors each have a 10-minute open forum to educate attendees on current technologies and future solutions in the Security Showcase Classroom. The Case for Smart Cards Many companies are re-evaluating their strategy for end-user authentication for a variety of reasons, including increased awareness of risk associated with network perimeter erosion, weaknesses of traditional username / password for end-user authentication, and the potential compromise of privileged systems and accounts. In this session, we’ll evaluate modern approaches, including “The Case for Smart Cards,” as outlined in a recent white paper from Aberdeen Group. Presented by ActivIdentity Securing the Cloud – Building an Identity and Context Service as a Foundation Moving to the cloud adds a significant layer of complexity to identity and access management. Specifically, distributed identity requires that you integrate disparate data sources so that employees, customers, and partners can securely access both enterprise and cloud-based applications. Join us as Radiant Logic’s Dieter Schuller shows how virtualization can deliver identity and context as a common, interoperable service so that enterprises can streamline security for SSO and fine-grained authorization in the cloud, and build a complete profile of various constituents. Presented by Radiant Logic Secure Access for SaaS As enterprises move strategic business services to the cloud, security teams will need a way to centrally manage access to both their on-premise and cloud-based applications. Join for this session to learn about SafeNet’s solution for a unified authentication infrastructure, which allows users to access enterprise cloud services -- like Salesforce.com or GoogleApps -- through their existing authentication mechanisms. Presented by SafeNet | |||
| 10:45 am - 11:15 am | Creating a Holistic Security Plan: An Executive Interview Barmak Meftah, Chief Products Officer, Fortify Software, an HP Company Bob Bragdon, Publisher, CSO magazine Enterprise security risk is at an all time high today with increasing numbers of mobile users, all of which is compounded by the loss of visibility and control as more applications are moving to the cloud. As IT groups scramble to add scanners, monitors and security and event management solutions to their operations, they continue to struggle with how to track and interpret information they collect. How can enterprise security groups be empowered to successfully predict and reduce risk to their business? How can they take a more holistic view as the attack surface grows and new services emerge to manage information? Join us for this executive interview as we explore how organizations can adapt in an environment of so much change. Presented by HP Enterprise Security | |||
| 11:15 am - 11:35 am | Next-Gen Security Awareness: Educating the Spectrum -- from Digital Natives through Baby Boomers Lee Parrish, CISO, Parsons Today’s attack vectors are increasing, and this requires advanced techniques to educate the enterprise workforce. For example, smart CISOs create safe phishing programs that target their own employees at varying levels of sophistication, capture metrics on who responds, and then use the results as an awareness tool. Similarly, they create interactive programs to enforce social networking policies. Learn how to put these and other dynamic — rather than static — awareness programs to work in your organization. | |||
| 11:35 am - 11:55 am | Safe Corporate Use of Social Networking: Enabling the Workforce While Minimizing Risks James Beeson, CISO, GE Capital - Commercial How do you enable the workforce while minimizing risks? How do you encourage practical use of social networking technologies, but with the security thought processes baked in from the beginning, rather than sprinkled on? Get expert advice on how to manage security in this constantly changing era of social networking. | |||
| 11:55 am - 12:15 pm | Taming the Chaos of Mobile Security and Consumerized IT: A Panel Discussion James Beeson, CISO, GE Capital - Commercial Lee Parrish, CISO, Parsons Bob Bragdon, Publisher, CSO magazine CSOs are up to their eyeballs with the onslaught of mobile devices. Employees want to open their iPads to corporate applications with 4-digit pin authentication. The pressure is turning security frameworks, end-user computing and application development worlds on their heads. Join us for an enlightening discussion on bringing order and reason to the brewing chaos. | |||
| 12:15 pm - 1:15 pm | Lunch with Discussion Topics Join one of these moderated discussion tables to share strategies and connect with your peers to hear how they're resolving the same issues with which you grapple every day. Single Credential Solutions for Physical and Logical AccessJoin us as we discuss how single credential solutions provide a cost effective way to protect both physical corporate facilities along with logical customer and employee information. Hosted by ActivIdentity Dynamic Attack Protection From DDoS to Wikileaks, the attack headlines keep coming. Join F5 for a discussion about the best protection against complex, multilayer security attacks. Hosted by F5 Networks Best Practices for Securing Data in the Cloud Just what are the best practices for security in the cloud? Join us for this discussion as we explore and analyze the Magnificent Seven principles outlined in a Forbes Tech article published in July. Hosted by SafeNet Preventing Breaches and Protecting Sensitive Data Cyber attacks are increasing, and as organizations are exposed to increasingly complex threats, IT security controls become critical to protecting and monitoring their assets. Join us as we discuss the challenges and solutions. Hosted by Tripwire | |||
| 1:15 pm - 2:30 pm | Breakout Sessions on CyberSecurity | |||
| 1:15 pm - 1:50 pm | The New Norm: A Resilient Defense – The Angelina Jolie (Lara Croft) Defense Jerry Archer, CISSP, Senior Vice President and Chief Security Officer, Sallie Mae Defending your enterprise in the face of advanced persistent threats and adversaries requires significant technical means. Understand just what we’re facing from a recognized expert in this session. | Your Security Policies are Probably Woefully Out of Date -- and Here’s Why Nick Akerman, Partner, Dorsey & Whitney LLP If your company falls victim to an insider threat or security breach, have you considered all of the new laws on the books that could help your company pursue criminal prosecution, and thereby inhibit future threats? Do your security policies reflect measures that would take advantage of these new laws? Find out what you may be missing in this session. | ||
| 1:55 pm - 2:30 pm | The Encryption Conundrum Daniel Srebnick, Chief Information Security Officer, NYC Department of Information Technology and Telecommunications From dictionary.com: 2. A question asked for amusement, typically one with a pun in its answer; a riddle. Security professionals and vendors have been promoting the idea of across-the-board encryption for data in transit and at rest for a number of years. On its face, this seems like a good strategy for data protection. But is it always the right strategy? Is it sometimes better not to encrypt than to encrypt? Does data encryption sometimes diminish the ability of security practitioners to achieve their objectives? Dan takes a critical look at the use of encryption in different contexts and asks whether some new thinking about encryption is in order. | Leveraging Event Management to Defend Against Threats David N. Kroening, Chief Information Security Officer, NY State Insurance Fund Logs have tremendous value in discovering and isolating potential breaches. While there are many ways to defend against threats, one of the most fruitful is in spending adequate time and resources on log management and analysis. Understand how to leverage event management to your advantage in this session. | ||
| 2:30 pm - 3:00 pm | Networking Break in the Security Showcase Visit the Security Standard Showcase to find valuable solutions to your most pressing challenges. Or, discover what's new, as sponsors each have a 10-minute open forum to educate attendees on current technologies and future solutions in the Security Showcase Classroom. The Cyber Supply Chain Assurance Reference Model The flow of goods and services around the world from their origin to their completion — the global supply chain — has become inextricably intertwined with the global cyber infrastructure. In this session, SAIC will present a tour of their cyber supply chain assurance reference model. Presented by SAIC Case Study: Financial Institution Reduces Cost Per Investigation ArcSight is an enterprise grade SIEM platform, most often used to monitor and detect information security threats and respond appropriately. Join us for this session as we present a case study highlighting how ArcSight ESM was deployed to serve as a forensics investigations solution for a global financial institution resulting in a significant reduction in cost per investigation. Presented by HP Enterprise Security Virtualization, the Cloud, and the Future of IT Virtualization and the cloud are changing information technology -- and some are predicting a future without the kind of IT we know today. Many things will certainly change, but Mike Gable, AVP from Trend Micro is certain he’ll continue providing tech support for his extended family. Join us for this session to get a glimpse of what’s in store for us. Presented by Trend Micro | |||
| 3:00 pm - 4:15 pm | Breakout Sessions on Mobile Security | |||
| 3:00 pm - 3:35 pm | Securing Mobile Applications, Development and Distribution Robert Duran, Information Security & Privacy Officer, Time Inc. Hart Rossman, Vice President and Chief Technology Officer for Cyber Security Services & Solutions, SAIC Bob Bragdon, Publisher, CSO magazine As companies embrace tablets and handhelds, the user communities will increasingly demand more collaboration tools and workflow. How do you plan ahead to manage a secure environment going forward? Learn valuable strategies in this session. | Tying Together InfoSec, Business Continuity Planning, Privacy and Vendor Management John Logan, Chief Information Security and Privacy Officer, First Place Financial Corporation A multitude of benefits can be derived when CSOs knit key practice areas together. Understand how this can be done well in this session. | ||
| 3:40 pm - 4:15 pm | Adapting the Enterprise Security Framework to Secure an Increasingly Mobile Workforce Vijay Viswanathan, Director & CISO, HD Supply Every enterprise today is pressured to adopt tablets and handheld devices of countless flavors. In this session, get a handle on the best way to adapt your security framework to address the challenge. | How to Align Appropriate Security Across More Devices Lee Parrish, CISO, Parsons Gone are the days when you could manage enterprise mobile security through a simple and short list of approved devices. Today, companies must accommodate longer device lists and balance appropriate boundaries with personal information on those devices. Join us for this session as we explore the roles of key elements like centralized management solutions, password enforcement, native encryption, mobile policies and more. | ||
| 4:20 pm - 5:00 pm | New Technology Demonstrations See lightning-round demonstrations of new security products and services. | |||
| 5:00 pm - 5:20 pm | The Changing Balance of End User Accountability Roland Cloutier, Vice President and Chief Security Officer, ADP Since the advent of the public computing infrastructure, PC ownership accountability has been a focus for our profession. But the attacks against the general population of consumer PC and like device users has reached an unpredicted apex of capability v. reality. The fuzziness of the reasonability to the legal measurement of what a “reasonable and prudent person” should be held accountable to with regards to protection of their own computer is now being addressed by global law makers putting the onus back on technology vendors, service providers, and industry, yet little to no advances have been made to change technology, services, or industry to remove the decision making from the end user. Or has it? In this session Roland Cloutier will discuss gaps, opportunities, and advancements in this area and touch upon the social, legal, and technological components that will drive this progress in the coming years. | |||
| 5:20 pm - 5:45 pm | Digital Natives: How Do They View Information Security? Bob Bragdon, Publisher, CSO magazine Roland Cloutier, Vice President and Chief Security Officer, ADP Digital natives are those who have grown up with technology. In this panel of high school and college students along with a recent job-force entrant, we’ll explore how today’s generation views information security, privacy and more. You won’t want to miss this unique glimpse into the realities of your new and future IT users. | |||
| 5:45 pm - 6:45 pm | Networking Reception in the Security Showcase Sponsored by HP Enterprise Security | |||
| Tuesday, September 20, 2011 | |||||||
| 7:45 am - 8:45 am | Registration and Breakfast | ||||||
| 8:45 am - 8:50 am | Opening Remarks Bob Bragdon, Publisher, CSO magazine | ||||||
| 8:50 am - 9:30 am | The Global State of Information Security: An Exclusive Survey Preview Bob Bragdon, Publisher, CSO magazine Fred Rica, Principal – Advisory Services, PricewaterhouseCoopers Join us for this exclusive preview of the industry’s pre-eminent, annual survey on security -- the 2012 Global State of Information Security, conducted by CSO magazine and PwC. You’ll learn how your peer security executives are focusing their spending in this climate and what their top priorities are for the coming year — along with a range of other trends critical to securing the enterprise in the years ahead. | ||||||
| 9:30 am - 9:50 am | Aligning Security to the Business Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, Visa The most successful CSOs realize that aligning security to the business is an essential component to unlocking security value and creating competitive advantage. In this session, participants will learn the latest techniques and methodologies for creating, managing and communicating a mission-aligned security strategy -- and associated performance measures -- to maximize business value. | ||||||
| 9:50 am - 10:10 am | Aligning Risk Management with Business Unit Performance: A Panel Discussion Jamil Farshchi, Senior Business Leader of Strategic Planning and Initiatives, Visa Fred Rica, Principal – Advisory Services, PricewaterhouseCoopers Bob Bragdon, Publisher, CSO magazine How do you tie business unit performance and risk management together so that risk indicators can help avoid problems with business performance? Does the business understand the risks of consumerized IT and social media? And can a third-party successfully be the hub for risk information? As more CSOs are becoming critical risk advisors to the business, get the latest insights in this discussion. | ||||||
| 10:10 am - 10:40 am | Networking Break in the Security Showcase Visit the Security Standard Showcase to find valuable solutions to your most pressing challenges. Or, discover what's new, as sponsors each have a 10-minute open forum to educate attendees on current technologies and future solutions in the Security Showcase Classroom. Security Risk Management: Using Security Intelligence to Better Manage IT Risk Collecting the best information needed to reduce risk and improve security has been an ongoing challenge. In this discussion, we’ll illustrate how to deliver better management of risk and compliance operations, and how to focus and optimize security countermeasures through automated security intelligence. Presented by McAfee Protecting and Monitoring Assets Against Complex Threats Cyber attacks are increasing and breaches -- if discovered -- go undetected for months as evidenced by the Verizon Business Data Breach Investigation Report (DBIR). More and more exploits are now focused on where the actual data resides – at the file, database and web application servers – not at the perimeter where organizations have historically focused their security investment. As organizations are exposed to increasingly complex threats, IT security controls become critical to protecting and monitoring their assets. Join us as we discuss how to successfully face these new challenges. Presented by Tripwire | ||||||
| 10:40 am - 11:00 am | Managing the Risks of Clouds, Consumerized IT, Social Media, and Diversified Devices Jeffrey Garonzik, Information Assurance Architect, Central Intelligence Agency It wasn’t many years ago that we began thinking technology was becoming ubiquitous. And that was before consumerized IT, social media and clouds hit the enterprise. Does the larger business understand what new risks it’s taking? Learn how to educate and inform the business in this session. | ||||||
| 11:00 am - 11:20 am | Navigating Privacy, Security and Compliance in the Cloud Shukri Khader, CISO, Avon Products When you manage cloud data, you need to consider a wide range of variables, not of the least of which are changing privacy laws, PCI compliance and more. Learn how to assess these variables in this session. | ||||||
| 11:20 am - 11:40 am | Securing the Cloud -- A Legal Perspective Josh Konvisser, Partner, Pillsbury Winthrop Shaw Pittman LLP The first step in securing anything in the cloud is negotiating the right contract terms. Get critical advice from a top legal resource in this session. | ||||||
| 11:40 am - 12:00 pm | Adapting Your Security Infrastructure for Mobile, Social and Cloud Initiatives: A Panel Discussion Jeffrey Garonzik, Information Assurance Architect, Central Intelligence Agency Shukri Khader, CISO, Avon Products Josh Konvisser, Partner, Pillsbury Winthrop Shaw Pittman LLP Bob Bragdon, Publisher, CSO magazine With more mobile, social and cloud services coming online, your security infrastructure is being challenged to accommodate. Get tips and strategies in this discussion. | ||||||
| 12:00 pm - 1:00 pm | Lunch with New Technology Demonstration Awards Recognition | ||||||
| 1:00 pm - 1:30 pm | Dessert Reception in the Security Showcase | ||||||
| 1:30 pm - 2:45 pm | Breakout Sessions on Cloud Security | ||||||
| 1:30 pm - 2:05 pm | Creating a Cloud Security Roadmap Jeffrey Garonzik, Information Assurance Architect, Central Intelligence Agency Mike Gable, AVP, Strategic Sales, Trend Micro Bob Bragdon, Publisher, CSO magazine As projects to move IT operations and applications to the cloud take shape, IT and security executives must document what is moving where, how it’s being secured, and what additional security layers might be needed. Get key advice on how to build your roadmap in this session. | What is the Patriot Act, and How Does It Impact Your Cloud Security? David Black, CISO, Aon eSolutions While you may have heard of the Patriot Act signed into law in 2001, you may not know that the “USA PATRIOT” Act acronymn stands for “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.” For companies with international operations involving cloud computing, the Patriot Act has important implications. Get an understanding of them from an expert in this session. | |||||
| 2:10 pm - 2:45 pm | Managing Identity in the Cloud JT Jacoby, Chief Security Officer, NYC Housing Authority Dieter Schuller, VP, Business Development, Radiant Logic Bob Bragdon, Publisher, CSO magazine Whether your organization is planning more moves to the cloud, or already has a solid cloud footprint, you need to leverage your existing investments in your identity infrastructure and take your steps methodically. In this panel discussion, moderated by CSO magazine publisher Bob Bragdon, we’ll talk with key experts about how to leverage your existing identity infrastructure to manage security and risk in the cloud -- and will explore the strategies to take, and obstacles to avoid, based on their knowledge and experience. | Assessing Risks in the Cloud Jason Witty, SVP, International Information Security Executive, Global Information Security, Bank of America Corporation Security remains one of the top worries (if not the top concern) of organizations considering cloud implementations. In this session, a key member of the Cloud Security Alliance will delve into the range of risks when using cloud-based platforms -- from data protection to performance and more -- and will offer critical strategies to mitigate them. | |||||
| 2:50 pm - 4:05 pm | Breakout Sessions on Governance, Risk and Compliance | ||||||
| 2:50 pm - 3:25 pm | Preparing Your Company and Budgets for Consumerized IT Dave Malcom, CISO, Hyatt Hotels Corporation As PC shipments slow and tablets and handhelds proliferate, how can you prepare for things like mobile malware threats and the fragility of cellular networks? Are SLAs up to the task? And what about all those “bring your computer to work” programs we’re hearing about? Are they successful? Get insights in this session to plan ahead. | Re-aligning Security and Risk Management Patrick D. Howard, CISO, U.S. Nuclear Regulatory Commission For many organizations, the link between the mission and specific information security needs is nebulous or non-existent. Get tips and strategies for creating an enterprise risk management approach to align security with actual business requirements. | |||||
| 3:30 pm - 4:05 pm | How to Integrate IT Infrastructure and GRC Platforms Gene Fredriksen, CISO, Tyco International Dave Anderson, Senior Director of Security and Risk Management, McAfee Bob Bragdon, Publisher, CSO magazine Creating an ecosystem of technologies that detect, defend, deter and report together is essential to integrating GRC to the security and overall IT framework. Understand how this is done in this session. | PCI Zen: How To Be Compliant By Not Being Compliant Andy Ellis, CSO, Akamai Technologies The efficacy of the PCI DSS standard, among other compliance regimes, has been questioned by pundits and practitioners alike. Learn how to achieve a new state of security; one in which we understand the true goals of security, and deploy practices and technologies that achieve a secure state of practice without following the checklist. In fact, we'll throw the checklist out. | |||||
| 4:05 pm | Conference Concludes | ||||||
 |
