| | |
Sunday
12:00 PM to 06:00 PM | |
Sunday
01:00 PM to 04:00 PM | |
| Cyber security is all about managing, controlling, and mitigating risk to your critical assets. In almost every organization, your critical assets are composed of data or information. Whether it is a customer list, research plans, intellectual property, classified information, or a marketing plan, this data represents the life line of your organization and must be properly protected. Perimeters are still important and critical, but we are moving away from a fortress model and moving towards a focus on data. This is based primarily on the fact that our networks are becoming more porous, and our data is more portable.
Information no longer solely resides on your servers where properly configured access controls list can limit access and protect our information. The same intellectual property that is protected on a server behind a strong perimeter can now be copied to laptops (i.e. portable servers) and be plugged into networks (i.e. hotels, airports and coffee shops) that have no firewalls or security devices in place. This means the data must be able to be protected no matter where it resides, since a compromise of sensitive data will have an impact to the company, no matter how it was stolen.
Building a strong perimeter defense is a critical first step, but focusing in on protecting and controlling critical data from loss is another key step in building a strong preventive measure. Proactive security must be put in place to make sure critical information is properly protected and exposure is minimized.
Topics Covered:
-Risk Management
-Calculating and understanding risk
-Building proper risk mitigation plans
-Applying proactive risk management processes
-Understanding insider threat
-Data Classification
-Key aspects on deploying and implementing classification of critical information
-Staged role out of classifying new and existing information
-Managing and maintaining portable data classification
-Digital Rights Management
-Understanding what digital rights are
-Balancing digital rights with data classification
-Managing access across the enterprise
-Data Loss Prevention (DLP)
-Identifying requirements and goals for preventing data loss
-Peeling through the hype of DLP
-Identifying practical DLP solutions that work
-Managing, evaluating, implementing, and deploying DLP |
Sunday
03:00 PM to 04:00 PM | |
| One of the most frequently-asked questions by Gartner clients is whether or not there are sample requests for proposal (RFPs) for IAM products and services available to use as a starting point in their efforts. An RFP template can be valuable in helping to identify which product and/or service features can fulfill the specific requirements enterprise users have for IAM. This tutorial session explores a basic template for different IAM technologies to aid in that planning effort. It will address issues such as:
What is the structure of an effective IAM RPF document?
What are the questions everyone asks of IAM vendors in an RFP?
What is the best IAM RFP process to ensure successful results? |
Sunday
04:15 PM to 05:15 PM | |
| The past few years have seen a huge increase in the range and variety of authentication methods and the emergence of authentication platforms supporting the use of multiple methods.
IAM and information security leaders must be fully aware of their options before making authentication technology choices.
|
Sunday
04:15 PM to 05:15 PM | |
| Vendor management and assessing proposals for security products. This session will present the best practices for deciphering and assessing proposals for security equipment and offerings, and the associated discounts you should be getting. And what about all your security spending – is there a way to manage it as a portfolio?
• What are the best practices for assessing security proposals?
• How to manage your security portfolio
• What are the elements in good and bad proposals?
• What are the best and worst practices in security vendor management?
|
Sunday
06:00 PM to 07:30 PM | |
| Come and meet your peers for a fun, informal networking opportunity at the IAM Summit Orientation/Welcome Reception.
|
Monday
07:00 AM to 08:00 AM | |
Monday
07:00 AM to 06:30 PM | |
Monday
07:00 AM to 08:00 AM | |
Monday
08:00 AM to 08:15 AM | |
Monday
08:15 AM to 09:15 AM | |
| Our personal identity is being changed as technology becomes the architect of our intimacies, redrawing boundaries between solitude and socialization. Our use of technological identities drives us ironically to be too busy communicating to connect in ways that really matter. Understanding the impact of our digital personas (i.e. the “persona in the machine”) on our real lives is the first step to re-balancing the way we interact as people. |
Monday
09:30 AM to 10:30 AM | |
| The IAM Scenario introduces many of the themes, trends, and technologies in the IAM Market in 2011-2012, as well as providing a general overview of the Gartner research in Identity and Access Management.
|
Monday
09:30 AM to 10:30 AM | |
| Enterprises have been working to bring internal identity and access management under control. Outsourcing applications, using SaaS, and supporting mobile endpoint platforms can create new identity islands, add complexity and introduce security vulnerabilities. |
Monday
09:30 AM to 10:30 AM | |
| Identity vetting for credentialing and strong authentication of users once you issue credentials just isn’t sufficient anymore to protect enterprise systems. Indeed, the bad guys have beaten most identity proofing and authentication systems, and enterprises should not kid themselves into thinking their systems are sufficiently protected with just these measures. Instead a Trust but Verify approach is warranted, where users are ‘continually authenticated’ and their transactions continuously monitored.
|
Monday
09:30 AM to 10:30 AM | |
| Many organizations are considering the adoption of encryption solutions to protect their sensitive data. With a myriad of approaches available each with their own benefits and deployment issues, organizations need to clearly understand how to select the right solution for their needs. This session will look at. |
Monday
09:30 AM to 10:30 AM | |
| Potential IAM buyers need practical advice about how to select IAM vendors for their enterprise. The planning process for that effort should be structured and account for prioritized requirements, while balancing this with cost. This Q&A session allows attendees to ask questions and discuss issues such as the following. |
Monday
10:45 AM to 11:45 AM | |
| This session will focus on the recent headline making breaches and crimes, and the key role that unmanaged privileged access and accounts played in allowing insiders and external players to perpetratethese breaches.
Leveraging these cautionary tales, the session discusses the expanding scope, depth and breadth of the Privileged Challenge and the correlating imperative for organizations to address these Privileged Account Activity Management (PAAM) challenges, or risk continuing to be vulnerable to similar, pernicious attacks.
|
Monday
10:45 AM to 11:45 AM | |
| Identity and access management responsibilities are often run with a discrete set of applications or even as out-of-band processes —with little to no visibility from line of business managers. What if application and network access was just another item to provision, like a security card or a computer from a storefront? What if a fault-tolerant, Trusted Identity Fabric™ transcended the network and applications managing all resources? With the human activity reduced to a series of approvals. Hear how MillerCoors and Avatier are redefining enterprise IAM. |
Monday
10:45 AM to 11:45 AM | |
| If you could start anew, what would your ideal IAM solution look like? Forget frameworks that require rigid and costly customization. Ignore approaches that only solve specifics tasks on specific systems. Abandon manually intensive solutions requiring heavy IT involvement. Listen as real-world companies share a better way to improve security, compliance and efficiency with an integrated, modular and future-proofed approach. One that favors simplicity over complexity, configuration over customization, and business needs over IT limitations. |
Monday
11:45 AM to 01:45 PM | |
Monday
01:45 PM to 02:45 PM | |
| For decades IT has been focused on developing solutions that make IT administrative functions easier; however, the tides have shifted. Today, IT is tasked with delivering solutions that provide real business value, and identity and access management solutions are no exception to this rule. |
Monday
01:45 PM to 02:45 PM | |
| As the energy and utilities market evolves, operational technology (e.g. industrial control systems) and information technology are converging. Compliance regulations are being actively applied internationally to create levels of assurance around IAM and security. This round table brings together end-users from oil and gas, refining, electric and water utilities (to name a few) to discuss the current state of IAM in their respective enterprises and requirements for the future. |
Monday
01:45 PM to 02:45 PM | |
| It’s a reality: many organizations want Active Directory to be the identity hub of their ecosystem. Join us as we explore when this is-or-is-not a reasonable expectation, and to discuss the tools, technologies, and methods that can be used to best leverage Active Directory as a core critical component in your organization’s identity strategy and infrastructure. |
Monday
01:45 PM to 02:45 PM | |
| User activity monitoring is essential for the early detection of targeted attacks, and has also become part of the standard of due care for a variety of regulations across all industry segments. Recent attacks and successful breaches point to the importance of early detection as a last line of defense. Fortunately, many organizations receive funding for security monitoring technology deployment in order to meet compliance requirements. This presentation provides advice on how to deploy security monitoring technologies such as Security Information and Event Management (SIEM), for privileged user and resource access monitoring. |
Monday
01:45 PM to 02:45 PM | |
| We will present evaluation criteria for cloud security services; analyze whether cloud services have a good chance to be reasonably secure; and review future of security jobs: will they stay or evaporate in the cloud. |
Monday
01:45 PM to 02:45 PM | |
| Molson Coors Brewing Company (MCBC) strategy and direction has changed the needs of the technology needed to support these efforts. In recent years Molson Coors has increased joint ventures, partnerships, cross brewing relationships and has entered into greater collaboration with third parties. The company has also started heavily using SaaS applications, business processing outsourcing models and has placed greater reliance on a large contingent workforce. With these changes, MCBC needed to change its identity and access management strategy as the current system had inconsistencies across IT, inflexible with the rate of change within the and was becoming progressively more expensive to change with a staff under qualified to complete the complex IAM tasks. Come hear how MCBC researched and implemented IAM software without the complexity and cost of implementing the software on-premise. |
Monday
01:45 PM to 03:15 PM | |
| This interactive workshop session allows participants to work together, facilitated by a Gartner analyst, to assess their organizations' IAM program maturity using the Gartner ITScore for Identity and Access Management maturity assessment methodology and a workbook based on the ITScore diagnostic tool. |
Monday
03:00 PM to 04:00 PM | |
| Certifying user access for thousands of users across hundreds of applications for compliance audits is undeniably complicated, time consuming and error prone. Hear first-hand from a panel of end users the key components required to ease the certification process and manage the scale and scope of it. And hear Amit Jasuja, Oracle Vice President, detail how these insights helped shape the game changing Oracle Identity Analytics 11gPS1. |
Monday
03:00 PM to 04:00 PM | |
| A recent KPMG survey revealed that mature SOCs have procedures in place for standard incidents – not for Advanced Attacks. During this session we will discuss requirements for the next generation SOC with sensors that detect the subtle hints of APTs, context for added intelligence and “smart” controls that enable on-demand countermeasures. |
Monday
03:00 PM to 04:00 PM | |
| Hear how CUNA Mutual Group, a leading provider of financial services to credit unions, improved the accuracy and efficiency of access controls and automated their compliance and provisioning processes with SailPoint. By taking a governance-based approach to identity management, CUNA Mutual is effectively managing access risk while increasing administrative effectiveness. CUNA’s project overview will describe key success factors, including automating access request and certification processes, involving business managers, and future project plans. |
Monday
04:15 PM to 05:15 PM | |
| Effective governance provides accountability, responsibility, authority and assurance. Governance consists of a set of processes and activities executed and overseen by appropriate governance bodies. The success of the governance initiatives depends on the effectiveness of the groups tasked with executing them. |
Monday
04:15 PM to 05:15 PM | |
| IAM business justification remains a problem for many enterprises—it is often difficult to express IAM benefits in meaningful business terms. This results in reduced program scopes and in some cases an inability to address original business requirements for IAM. This round table allows end-users to share experiences, both successes and failures, in justifying IAM to the business. |
Monday
04:15 PM to 05:15 PM | |
| A growing number of organizations are deploying software as a service (SaaS) applications that run critical business processes and contain sensitive data. Security, compliance, and user administration are major challenges for organizations running SaaS applications. Many organizations are manually provisioning and de-provisioning user accounts in the SaaS environment. This is a cumbersome process that is subject to error. This session will: |
Monday
04:15 PM to 05:15 PM | |
| Attestation of users, devices and even data is increasingly critical to managing and securing highly transactional and virtualized environments. With the externalization and consumerization trends such as Any Device, Cloud, Collaboration and Workforce Mobility, we must look beyond legacy identity challenges of the enterprise, resist simply externalizing internal identity processes and develop a direction where identity becomes the true network perimeter.
In this case study we will review:
• The history of IAM at GE
• Tipping point of IAM in the enterprise
• Extending IAM inside and outside the enterprise
|
Monday
04:15 PM to 05:15 PM | |
| U.S. merchants spend an average of $1.7 million on becoming PCI compliant, and maintaining payment card data security requires persistent and continuous efforts. Many lessons on data protection have been learned over the past 5 years since the PCI Data Security standard was established, which can lower costs for enterprises protecting payment card or other sensitive data. This session looks at the challenges and opportunities of data protection, as learned through implementation of the PCI DSS. |
Monday
04:15 PM to 05:15 PM | |
| Cloud computing has reached such levels of hype that it’s difficult for most enterprise decision makers to know what is real vs. what is not real, particularly when it comes to IAM’s ability to secure access to, from, and for cloud applications. Without more certainty regarding the ability to adequately secure cloud computing services, its adoption remains at risk. This Q&A session allows attendees to ask questions and discuss issues such as the following. |
Monday
04:15 PM to 05:15 PM | |
| Both IT and the Business are adding new technology platforms, services, and applications at an exponential rate. There are many access management challenges that presents, and one of the most acute is making sure the administrative access to these new technologies is accounted for, controlled, and properly tracked. Join this round table to discuss where the challenges have been, how both you and others have crafted solutions, and where this is all headed next. |
Monday
05:30 PM to 06:15 PM | |
| The next seven years will see as much change in IT, security and IAM organizations as we experienced in the client/server revolution. Your career could be impacted, even totally changed. The early signs are there for us to see and analyze. This keynote will look at cloud computing and the GRC movement to project where you should plan to be in four years so that you can still be employed in seven years. |
Monday
06:15 PM to 08:00 PM | |
Monday
07:45 PM to 09:45 PM | |
Tuesday
07:00 AM to 06:00 PM | |
Tuesday
07:15 AM to 08:15 AM | |
Tuesday
07:15 AM to 08:15 AM | |
Tuesday
07:15 AM to 08:15 AM | |
Tuesday
08:15 AM to 09:15 AM | |
| Pattern based intelligence, based on entity link analysis, enables discovery and analytics of fraud rings and collusive activities. It is very useful for catching internal corruption, terrorist activity, homeland security threats, account takeover, welfare and government benefits fraud, pharmaceutical fraud, insurance claims fraud and the like. For security and fraud management to be effective against rapidly evolving threats, pattern seeking must occur both within an organization (to discover internal threats, data breaches and compromised accounts) and also outside the organization (to learn of emerging threats and erect proactive defenses). Entity link analysis can combine internal and external data, both structured and unstructured, to find hidden fraud patterns by discovering relationships that would not be obvious otherwise. This has tremendous potential in many industries. For instance in the insurance industry, such analysis could uncover fake doctors setting up fake clinics and billing for fake lab tests using stolen patient insurance cards and IDs.
This session brings together a group of panelists from various industries to look at how pattern based intelligence help their organizations uncover fraud or otherwise unauthorized activity.
|
Tuesday
09:30 AM to 10:30 AM | |
| With the increased range and variety of authentication methods and platforms now available, it is more likely that there is a “best fit” authentication solution for each and every enterprise use case. At the same time, it is harder for IAM and information security leaders to find that solution among a plethora of options.
|
Tuesday
09:30 AM to 10:30 AM | |
| International federal, state, and local government has vital IAM needs for employees, citizens, and partners. This round table brings together end-users from the public sector to discuss IAM issues and concerns, deployment lessons and practices, and organizational impacts as a result of IAM use. |
Tuesday
09:30 AM to 10:30 AM | |
| Effective identity and access governance requires a good foundation of data about identities and access. It also needs a way to record the events and activities surround access and identity administration. Existing identity repositories and logging systems may need to be ‘cleansed’ to be effective. This presentation explores the following.
|
Tuesday
09:30 AM to 10:30 AM | |
| In the presentation, we’ll discuss the evolution of directory services, from classic LDAP, to virtual directories, to the new crop of directory synchronization products that can extend enterprise identity management to Cloud applications with minimal effort. We’ll also discuss the synergistic consolidation of additional identity management capabilities into directory services, including federation and finer-grained authorization. This Q&A session allows attendees to explore these questions. |
Tuesday
09:30 AM to 10:30 AM | |
| Modern data centers are the repositories of all we hold valuable and need to run our businesses. Web Application Firewalls? Next Generation Firewalls? Fabric Based Infrastructure? Virtualization? In this session analyst Greg Young will leave no stone unturned in presenting how access and security can and can’t be achieved and presents the ‘5 Fingers of Data Center Security Death’. |
