| | |
| |
Sunday
18:00 to 19:30 | |
Monday
07:30 to 20:00 | |
Monday
07:30 to 07:30 | |
Monday
08:00 to 08:45 | |
| Effective management of security risks requires that all employees know how to rapidly identify, mitigate and escalate risks. Constructing an effective staff awareness program can reduce the impact of security issues. |
Monday
08:00 to 08:45 | |
| Leading organizations understand that effective IT risk assessment depends on the ability to manage a toolbox of assessment techniques, and to apply the most appropriate technique on a case by case basis. This presentation provides practical advice on selecting RA methods and tools, and on optimizing the utilization of these tools/methods. |
Monday
09:00 to 09:15 | |
Monday
09:15 to 10:15 | |
| "Information security is rapidly being accepted as an aspect of operational risk management in organizations that are maturing their overall risk management approach. The result is a clearer perspective on IT risk, increasing maturity in risk assessment and improved respect from the business community. |
Monday
10:15 to 10:45 | |
Monday
10:45 to 11:15 | |
Monday
11:00 to 12:15 | |
| With many recent events dealing with the inappropriate disclosure of sensitive information, organizations are looking at how security can be leveraged to better address the existing and pending risks. |
Monday
11:15 to 12:15 | |
| Web 2.0 threats are forcing enterprises to reevaluate perimeter security, and secure Web gateways have emerged as the required defense mechanism. In this presentation, we highlight the risks inherent in today’s Internet. |
Monday
11:15 to 12:15 | |
| Corporate directors are under pressure to improve their risk management oversight. IT Leaders can adopt six risk management techniques that will improve the value of their risk management reporting to the board. |
Monday
11:15 to 12:15 | |
| Effective governance provide accountability, responsibility, authority and assurance. Security and risk governance consists of a set of processes and activities executed and overseen by appropriate governance bodies. The success of the governance initiatives depends on the effectiveness of the groups tasked with executing them. |
Monday
11:15 to 12:15 | |
| Risk assessments are an indispensable tool in IT security, focusing efforts and investment on those areas that pose the highest risk to the organization. Several risk assessment methodologies exist, each with its own strengths and weaknesses. This workshop will focus on how to apply each approach to specific risk scenarios.
Information Security Forum (ISF) Information Risk Assessment Methodologies
US National Institute of Standards and Technology (NIST) Special Publication 800-30, “Risk Management Guide for Information Technology Systems”,
Information Systems Audit and Control Association (ISACA) Risk IT, and Carnegie-Mellon University Operationally Critical Threat, Asset, and Vulnerability Evaluation and OCTAVE Allegro. |
Monday
11:30 to 12:15 | |
| "Whether integration with data loss prevention and encryption, improved identity and access management, or use of metadata for security tagging, SharePoint and its extended solution environment afford new protection options for enterprises. |
Monday
12:15 to 13:30 | |
Monday
12:30 to 12:45 | |
Monday
13:30 to 14:30 | |
| Many organizations struggle with the effective performance of security incident response. Auditors, regulators and other stakeholders require a clear approach with regard to the management of security incidents. |
Monday
13:30 to 14:30 | |
| 2011 is the year of the great cloud computing experiment. Recognizing the new risk characteristics, the global computing community spent two years developing new risk frameworks and assessment models. Although legal concerns about storage of regulated, business-sensitive or personal data in cross-jurisdictional clouds are still largely unanswered, enterprises have now begun to apply these new assessment methods through their cloud evaluation processes and vendor self-assessments. |
Monday
13:30 to 14:30 | |
| There are myriad ways to present security and risk related metrics and most of them don't tell the true story and more importantly they don’t show the significance of what security and risk leaders provide for their enterprises. Selecting what to capture, what to report, and how best to present to management can be challenging. This tutorial session will show the highlights of what, how and why or security metrics. |
Monday
13:30 to 14:30 | |
| Many security teams continue to worry about server virtualization security, from zoning, to protecting moving workloads, to managing malware and configuration of offline guests. Given the hypervisor’s role in internal clouds, such issues are no small matter. Fortunately, both the virtualization platforms and third-party ecosystem for securing virtual servers have matured mightily. However, internal clouds raise new questions about virtualization security. In this session, Research VP Trent Henry will reveal common problems and solutions that security teams grapple with as they help build internal clouds and learn to embrace (or at least tolerate) their virtual environments. |
Monday
13:30 to 14:45 | |
| The workshop will describe the components of a typical security program and provide insights into those key functions and processes needed to support the successful transition a security program into a cloud ready state. This session will incorporate emerging cloud services, at the application, platform and infrastructure levels. Participants will be asked to work together in small groups to determine the areas needing most attention, Gartner Consulting will provide leading insight to the discussions. The audience will then collectively discuss achievable strategies. |
Monday
13:45 to 14:30 | |
| To examine the customer experience with access programs that enable employee mobility, work-at-home, secure offshore development, vendor support, business continuity, and a variety of other kinds of partner relationships and device ownership models. |
Monday
14:45 to 15:15 | |
| The lack of a strategic approach to Consumerization creates security risks, financial exposure and management nightmare for IT. Rather than resist, organizations should embrace Consumerization, unlock its full business potential. In this presentation TrendMicro reveal the solutions and best practices for your company to turn consumerization into a competitive advantage. |
Monday
14:45 to 15:15 | |
| Security has become a C-level issue as the number and scope of breaches in the headlines every weekday indicates. Meanwhile, innovation driven by a planet that's becoming more intelligent, instrumented and interconnected has become a core business driver. How do you secure the enterprise in the Smarter Planet? |
Monday
14:45 to 15:15 | |
| A bold view of the current state of information security, proposing a refreshing, pragmatic approach for improving your organisation’s security. Don will discuss new threat actors and the increasingly complex security landscape. He will examine the failings in security technology spend which allow frequent breaches from known threats and vulnerabilities. |
Monday
14:45 to 15:15 | |
| Symantec’s session will cover what it takes to build a comprehensive strategy to help organizations develop and enforce IT policies, protect information, authenticate people appropriately, and protect the infrastructure.
|
Monday
15:15 to 15:50 | |
Monday
15:20 to 16:45 | |
| Balanced scorecards can provide security teams with a critical communication tool necessary for demonstrating value to their enterprises by identifying and leveraging the myriad benefits of security activities across multiple business domains. This workshop will discuss: What are the basic building blocks required for creating a balanced scorecard for Information Security? How can clients avoid the common hurdles to developing a scorecard? What does an example scorecard look like? |
Monday
15:45 to 16:30 | |
| Vendor risk management helps prevent negative impacts on business performance from risks associated with IT service providers. Through oversight and prevention of problems, VRM can also help improve vendor performance and the vendor's value contribution to the business. This session will address: What is a vendor management program? What vendor risks should you monitor? What risk management and compliance terms and conditions should you enforce with your vendors? |
Monday
15:45 to 16:30 | |
| This session will share some of the key milestones met by Standard Life as they brought together these teams. John will discuss some of the challenges faced when bringing specialist teams together as well as the benefits of integration. Examples will be shared where combined strengths have allowed for better results. John will also talk about some of the key projects currently being worked on by the new, combined department.
Light on theory, this session will cover the practical challenges faced since the creation of the new team, and will seek to share a number of "take-aways" to get you thinking when you arrive back in your office.
|
Monday
15:45 to 16:30 | |
| Enterprises are quickly adopting smartphones and tablets with broader access to corporate resources. Balancing security and ease of use proves challenging in regulated environments, especially with regards to sensitive application data and documents. This case study will focus on industry concerns when deploying and managing corporate and employee-liable devices. Discussion topics will include security considerations, application deployment and custom application development best practices, data leakage concerns with documents, and deployment scenarios for SaaS or on premise solutions. Key take-aways will be practical next steps to get started, traditional hurdles, potential roadmap strategies and value drivers to the business.
|
Monday
15:45 to 16:30 | |
| The case study will describe how risk management operated in HMRC and IMS and why there was a need to take it to the next level. It will describe how the Risk Tool is part of a portfolio of products that will provide managers across the organisation with better quality information for informed decision making. |
Monday
16:45 to 17:30 | |
| Delivering bad news is one of the trickier tasks in business as in ordinary life; doing so without getting shot is an art. Yet on countless occasions managers make a bad message worse through unforced errors in communication - either by unduly sugaring the pill or mismanaging expectations. With the aid of topical examples from the corporate world, former Financial Times Editor and crisis communications expert Andrew Gowers describes sets out some principles to follow and pitfalls to avoid. |
Monday
17:30 to 18:15 | |
| Mapping key risk indicators (KRI) into business centric key performance indicators (KPI) is an excellent way to link risk and security to corporate performance. However, developing KRIs that are directly related to KPIs is challenging. Gartner has developed a foundation catalog of both KPIs and KRIs to help risk officers develop their own set. |
Monday
18:15 to 20:00 | |
Tuesday
07:30 to 17:15 | |
Tuesday
08:00 to 09:00 | |
| Mobile devices pose ever-increasing variations, even within a supposedly single platform, bringing business processes into contact with applications and services never anticipated by traditional IT Planners. This presentation comprehensively analyzes the attack surface, risks and recommendations across all major consumer smartphone/tablet platforms. |
Tuesday
08:00 to 09:00 | |
| "European companies and especially financial services providers are facing many new regulations such as Solvency II, Basel III and SEPA. Several organizations struggle to cope with these challenges and create value out of their compliance efforts. This presentation will focus on the five most important regulations affecting financial services organizations and discuss their business and IT implications. |
Tuesday
08:00 to 09:00 | |
| While security budgets held up comparatively well during the recession, organizations are shifting their focus from survival to back growth mode. This requires investment of (still limited) financial resources into innovation and growth projects, resulting in increasing pressure on security budgets. |
Tuesday
08:00 to 09:00 | |
| In a world of managed diversity, what are the security architecture implications and trade-offs that enterprises will need to examine? Enterprises will need to examine how endpoint devices (both enterprise and employee-owned) will affect their future security and network architectures. Different use cases and different management postures create various options for the enterprise. This talk will examine the options and the associated trade-offs. |
Tuesday
08:00 to 09:15 | |
| Privacy is getting ever more complex. How do organizations know they are doing enough? How do they know they are not doing too much? What is the privacy maturity level of my organization and how do I compare against others? What steps does my organization have to take in order to reach the next level? In this workshop, we will introduce Gartner's ITScore assessment for privacy. Please bring your laptop to run your own assessment. |
Tuesday
08:00 to 08:30 | |
| Gartner ITScore Maturity Model Demo is a comprehensive set of assessments designed to help IT professionals evaluate the maturity of both the IT organization as a provider of IT services, and the enterprise as a consumer of information technology. Unlike other IT maturity assessments, Gartner ITScore measures your organization’s capabilities within the context of enterprise culture, behaviors and capacity for leadership—factors that dramatically impact IT’s effectiveness and its ability to contribute real business value.
*Session requirement - Attendees must bring personal laptops to participate.
|
Tuesday
08:15 to 09:00 | |
| Today’s IT department is increasingly being asked, or forced, to use externally provisioned services. The best practices for assessing the risk, evaluating vendor claims, specifying contract clauses, and managing the vendor relationship, are still evolving. This roundtable will be an opportunity for peers to have a frank discussion about their frustrations and successes, as we work towards a set of practical and defensible processes for new delivery models. |
Tuesday
09:15 to 09:45 | |
| We have recently seen a surge in targeted attacks against organizations worldwide. This session reviews the methods and tactics used including spear-phishing, blended threats and malicious email attachments. We look at how these attacks succeed, even against world-leading IT Security organizations, to identify potential holes in your organization’s security architecture. |
Tuesday
09:15 to 09:45 | |
| Millions of Londoners travel daily using infrastructure provided, managed or regulated by Transport for London (TfL). Its IT systems handle customer information, ticketing, congestion charges, and huge asset lists. TfL explains how it protects its IT networks, scans web applications to remediate vulnerabilities, and supports PCI DSS compliance. |
Tuesday
09:15 to 09:45 | |
| BGC Partners, Inc. is a leading global intermediary to the wholesale financial markets. To protect client transactions and financial data, BGC built a strong security foundation using next-generation firewalls from Palo Alto Networks. This session presents security challenges, requirements, and testing strategy, and summarizes key benefits and plans moving forward. |
Tuesday
09:15 to 09:45 | |
| Concerns over security and compliance have been intensified as the cloudtransforms the way IT is delivered to the business. Learn how security in acloud era is driving a rethink of traditional approaches and is becoming more robust,dynamic and flexible, allowing organisations to embrace the cloud with confidence. |
Tuesday
09:15 to 09:45 | |
| RSA, Sony, Barracuda and countless others have fallen prey to breaches resulting from commonly occurring vulnerabilities in their software infrastructure. With over 70% of attacks being targeted against applications, they are your new perimeter. Learn from real-world case studies what you can do to be resilient against these latest attacks. |
