PAST EVENTS

Enterprise Risk / Security Management: Chicago

Strategies for reducing risk to the enterprise.

October 3, 2018

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

• Risk Reduction: Effective Enterprise Vulnerability Management/Security Incident Response
• Digital Transformation and CyberSecurity: What CISOs Need to Know
• The Industry Risk Assessment Dilemma and the Solution
• Cybersecurity & Agility with Network Security Policy Orchestration
• Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)
• Striking the Right Balance: Managed Security Services vs. Your Own Security Team
• Key Steps to Reduce the Risk of Malicious Insiders, Over Privileged-Users and Compromised Third Parties
• Breaches & Ransomware: How to Handle, How to Respond

Conference Price: $289.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Conference Program

8:00am – 8:30am: Registration and Continental Breakfast

8:30am-9:20am: Risk Reduction: Effective Enterprise Vulnerability Management/Security Incident Response

Derek Milroy, IS Security Architect, U.S. Cellular Corporation

This presentation is a detailed how-to for assessing, implementing, and maintaining a Vulnerability Management Program. It will also touch a bit on patch and configuration management as they are both remediation’s that typically result from running Vulnerability Management efforts. This presentation is not based on theory. It is based on experience in literally dozens of environments, some that were scanning over 90,000 live hosts per month. The presentation will also cover methods for working with systems administrators and application owners to get processes in place that are sustainable and will produce results. In addition, metrics and score-carding will be discussed with a focus on measuring what needs to be done and what work has been done.

Milroy

9:20am-10:10am: Cyber-Security Pushed to the Limit – 2018 ERT Report Primary 

David Hobbs, CyberSecurity Evangelist, Radware

Throughout 2017 and 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

Join the session to learn more about:

• The threat landscape deep dive-the who, what and why of attacks
• Potential impact on your business, including associated costs of different cyber-attacks
• Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
• Emerging threats and how to protect against them
• A look ahead – predictions and what to prepare for

Hobbs

10:10am -10:40am: Refreshment Break

10:40am-11:30am: The Industry Risk Assessment Dilemma and the Solution

Jim Mirochnik, Senior Partner, Halock

There is a disconnect between traditional Risk Assessments and what our legal system is asking us to do. A standard has recently emerged, Duty of Care Risk Analysis (DoCRA), that bridges this gap. DoCRA helps organizations develop criteria by which they can prioritize risk and develop consensus on acceptable risk between business, legal and information security. The standard, when implemented correctly, allows organizations to articulate and defend their decisions to interested 3rd parties, regulators, and the courts.

Mirochnik

11:30am-12:20pm: Cybersecurity & Agility with Network Security Policy Orchestration

Ronald Kehoe, Senior Solutions Engineer, Tufin

The agility of DevOps and scalability of the cloud is an incredible combination for the business. New products are brought to market faster than ever before, with infrastructure spun up or down in seconds. However, with this agility and business-created urgency, security is seen as an impediment and often falls by the wayside. Security needs to meet the agility of DevOps and avoid the manual misconfigurations during cloud deployments – the same mistakes that reach the headlines on a weekly basis.

It’s time for organizations to empower both IT and security teams through automation, and enhance the overall agility and security of the business.

Network Security Policy Orchestration enables an organization with agility while incorporating security through automation as a “shift left” solution. The cybersecurity team can meet the speed of the business and DevOps while ensuring continuous compliance with regulatory, internal audit, and corporate security policies.

Kehoe

12:20pm – 1:10pm Luncheon

12:40 – 1:10 Luncheon discussion  The Hitchhiker’s Guide to Data Breaches

Josh Bryant, Director of Technical Account Management, Tanium

The results are in, you’ve been breached. It’s officially the worst day of your career. How will you handle what comes next? Are you prepared to navigate the long road to recovery? Where do you even begin? Come, hitch a ride with me, I’ll show you the way. Lessons learned from dozens of compromise recoveries across a variety of industries from around the world. Advice on evicting your adversary, answering to Executives, and recovering from the trauma of a cyberattack, to help you better prepare for the inevitable breach. Turn your worst day around, just don’t forget your towel!

Bryant

1:10pm-2:00pm: Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)

Moderator:
George Harrison, Named Account Manager, Infoblox
Panelists:
Ricardo Lafosse, CISO, Morningstar, Inc.
Arlene Yetnikoff, Director, Information Security, DePaul University
Mike Wood, Vice President, IT, Wilton Brands, LLC
Brad Keller, JD, CTPRP, Sr. Director 3rd Party Strategy, Prevalent
Peter Van Loon, Senior Manager of Information Security, Discover Financial Services
and other Enterprise CISOs and InfoSec Executives sharing their experiences and lessons learned

Topics that will be covered include:

• Contract outlining the business relationship between your organization and 3rd party vendor
• How to monitor vendor performance to ensure that contractual obligations are being met
• Guidelines regarding which party will have access to what information as part of the agreement
• How to ensure that 3rd party vendors meet regulatory compliance guidelines for your industry

                         
Yetnikoff     Wood     Van Loon     Lafosse         Keller         Harrison

2:00pm – 2:50pm: Striking the Right Balance: Managed Security Services vs. Your Own Security Team

George Quinlan, Senior Security Consultant, Netrix LLC

It can be a challenge to develop a large enough internal security team to keep up with the pace of threats. When does it make sense to invest in your own people versus leveraging outside assistance? How have hybrid models worked for companies that use both? This presentation will review how to strike the right balance between managed services and internal security support.

Quinlan

2:50pm-3:20pm: Refreshment Break

3:20pm-4:10pm: Key Steps to Reduce the Risk of Malicious Insiders, Over Privileged-Users and Compromised Third Parties

Jim Anthony, VP Cybersecurity, Cyxtera

Business leaders have embraced the concept of allowing employees and third-party contractors to work from remote locations. But remote workforce migration as well as some malicious insiders present new operational and security challenges that must be addressed by IT and Security leaders.

Attend this session and learn:

• Best practices addressing remote worker access using the Software-Defined Perimeter
• Methods of efficiently integrating security with existing business processes and security solutions
• Reducing security complexity while improving the user experience all while saving money and resources

Anthony

4:10pm-5:00pm: Breaches & Ransomware: How to Handle, How to Respond

Moderator:
Dave Klein, Senior Director, Engineering & Architecture, GuardiCore
Panelists:
Mitch Christian, Director, Information Security, American Hotel Register Company
Riad Amro, CISO, Grant Thornton
Shayla Treadwell, Sr. Manager, Information Security, Corporate Risk Management, Discover Financial Services
and other Enterprise CISOs and InfoSec Executives sharing their experiences and lessons learned

In this session, attendees will learn from CISOs and Security Executives as to how they are working through the challenges of Data Breaches and Ransomware.

Attendees will walk away with shared strategies and tactics that other organizations are employing.

               
Christian     Amro       Klein         Treadwell

Conference Price: $289.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.