Enterprise Risk / Security Management: Chicago
Strategies for reducing risk to the enterprise.
October 3, 2018
9:00am-5:00pm
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
Overview
In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.
With all of these challenges, how do you make this happen?
In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.
What You Will Learn
In this one day conference attendees will learn:
Conference Price: $289.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Conference Program
8:00am – 8:30am: Registration and Continental Breakfast
8:30am-9:20am: Risk Reduction: Effective Enterprise Vulnerability Management/Security Incident Response
Derek Milroy, IS Security Architect, U.S. Cellular Corporation
This presentation is a detailed how-to for assessing, implementing, and maintaining a Vulnerability Management Program. It will also touch a bit on patch and configuration management as they are both remediation’s that typically result from running Vulnerability Management efforts. This presentation is not based on theory. It is based on experience in literally dozens of environments, some that were scanning over 90,000 live hosts per month. The presentation will also cover methods for working with systems administrators and application owners to get processes in place that are sustainable and will produce results. In addition, metrics and score-carding will be discussed with a focus on measuring what needs to be done and what work has been done.
Milroy
9:20am-10:10am: Cyber-Security Pushed to the Limit – 2018 ERT Report Primary
David Hobbs, CyberSecurity Evangelist, Radware
Throughout 2017 and 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.
Join the session to learn more about:
Hobbs
10:10am -10:40am: Refreshment Break
10:40am-11:30am: The Industry Risk Assessment Dilemma and the Solution
Jim Mirochnik, Senior Partner, Halock
There is a disconnect between traditional Risk Assessments and what our legal system is asking us to do. A standard has recently emerged, Duty of Care Risk Analysis (DoCRA), that bridges this gap. DoCRA helps organizations develop criteria by which they can prioritize risk and develop consensus on acceptable risk between business, legal and information security. The standard, when implemented correctly, allows organizations to articulate and defend their decisions to interested 3rd parties, regulators, and the courts.
Mirochnik
11:30am-12:20pm: Cybersecurity & Agility with Network Security Policy Orchestration
Ronald Kehoe, Senior Solutions Engineer, Tufin
The agility of DevOps and scalability of the cloud is an incredible combination for the business. New products are brought to market faster than ever before, with infrastructure spun up or down in seconds. However, with this agility and business-created urgency, security is seen as an impediment and often falls by the wayside. Security needs to meet the agility of DevOps and avoid the manual misconfigurations during cloud deployments – the same mistakes that reach the headlines on a weekly basis.
It’s time for organizations to empower both IT and security teams through automation, and enhance the overall agility and security of the business.
Network Security Policy Orchestration enables an organization with agility while incorporating security through automation as a “shift left” solution. The cybersecurity team can meet the speed of the business and DevOps while ensuring continuous compliance with regulatory, internal audit, and corporate security policies.
Kehoe
12:20pm – 1:10pm Luncheon
12:40 – 1:10 Luncheon discussion The Hitchhiker’s Guide to Data Breaches
Josh Bryant, Director of Technical Account Management, Tanium
The results are in, you’ve been breached. It’s officially the worst day of your career. How will you handle what comes next? Are you prepared to navigate the long road to recovery? Where do you even begin? Come, hitch a ride with me, I’ll show you the way. Lessons learned from dozens of compromise recoveries across a variety of industries from around the world. Advice on evicting your adversary, answering to Executives, and recovering from the trauma of a cyberattack, to help you better prepare for the inevitable breach. Turn your worst day around, just don’t forget your towel!
Bryant
1:10pm-2:00pm: Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)
Moderator:
George Harrison, Named Account Manager, Infoblox
Panelists:
Ricardo Lafosse, CISO, Morningstar, Inc.
Arlene Yetnikoff, Director, Information Security, DePaul University
Mike Wood, Vice President, IT, Wilton Brands, LLC
Brad Keller, JD, CTPRP, Sr. Director 3rd Party Strategy, Prevalent
Peter Van Loon, Senior Manager of Information Security, Discover Financial Services
and other Enterprise CISOs and InfoSec Executives sharing their experiences and lessons learned
Topics that will be covered include:
Yetnikoff Wood Van Loon Lafosse Keller Harrison
2:00pm – 2:50pm: Striking the Right Balance: Managed Security Services vs. Your Own Security Team
George Quinlan, Senior Security Consultant, Netrix LLC
It can be a challenge to develop a large enough internal security team to keep up with the pace of threats. When does it make sense to invest in your own people versus leveraging outside assistance? How have hybrid models worked for companies that use both? This presentation will review how to strike the right balance between managed services and internal security support.
Quinlan
2:50pm-3:20pm: Refreshment Break
3:20pm-4:10pm: Key Steps to Reduce the Risk of Malicious Insiders, Over Privileged-Users and Compromised Third Parties
Jim Anthony, VP Cybersecurity, Cyxtera
Business leaders have embraced the concept of allowing employees and third-party contractors to work from remote locations. But remote workforce migration as well as some malicious insiders present new operational and security challenges that must be addressed by IT and Security leaders.
Attend this session and learn:
Anthony
4:10pm-5:00pm: Breaches & Ransomware: How to Handle, How to Respond
Moderator:
Dave Klein, Senior Director, Engineering & Architecture, GuardiCore
Panelists:
Mitch Christian, Director, Information Security, American Hotel Register Company
Riad Amro, CISO, Grant Thornton
Shayla Treadwell, Sr. Manager, Information Security, Corporate Risk Management, Discover Financial Services
and other Enterprise CISOs and InfoSec Executives sharing their experiences and lessons learned
In this session, attendees will learn from CISOs and Security Executives as to how they are working through the challenges of Data Breaches and Ransomware.
Attendees will walk away with shared strategies and tactics that other organizations are employing.
Christian Amro Klein Treadwell
Conference Price: $289.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Exhibits
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.