| | |
Tuesday
18:00 to 19:30 | |
Wednesday
07:30 to 20:00 | |
Wednesday
07:30 to 07:30 | |
Wednesday
07:30 to 07:35 | |
Wednesday
08:00 to 08:45 | |
| Vendor risk management has become a major issue for security and risk management professionals. Rules and regulations that require monitoring third party suppliers are proliferating, and effective ERM requires understanding TPS risk exposure as well. VRM helps prevent negative impacts on business performance from risks associated with service providers IT suppliers. Through oversight and prevention of problems, VRM can also help improve vendor performance and the vendor's value contribution to the business. |
Wednesday
08:00 to 08:45 | |
| Building an effective security awareness program requires communication, marketing and instructional design skills that are beyond the resources of most security teams. A broad range of vendors offer products and services that can be drawn on to supplement in-house efforts to build a more effective and cost-effective awareness program. |
Wednesday
09:00 to 09:15 | |
Wednesday
09:15 to 10:15 | |
| Business performance and risk management share a common underpinning: uncertainty. Critical uncertainties arising from globalization have triggered the perfect storm of regulatory failures, financial meltdown and lack of confidence. Dramatic shifts in business fortunes mean that enterprise risk management plays a critical role in helping business and IT leaders navigate the new normal. |
Wednesday
10:15 to 11:00 | |
| Where will security go in the next five years? What are the present-day trends and evidence that indicate what the future will hold for professionals in this field? In today’s interactive session senior strategists from key industry leading firms will present specific scenarios that they see are developing and that you, as an end user, will have to respond to. |
Wednesday
11:00 to 11:30 | |
Wednesday
11:30 to 12:30 | |
Wednesday
11:30 to 12:30 | |
| Your enterprise needs to ensure that the right people can use the right resources at the right time and for the right reasons. Identity and access management (IAM) is the security, risk management and business discipline that optimizes your efficiency and effectiveness in meeting this need. Your IAM technology projects can improve service levels and facilitate regulatory compliance, but to get the full value of IAM you need a governance approach that works from strategic principles to production operations. |
Wednesday
11:30 to 12:30 | |
| Information security is largely a translation function; converting business risk sensitivity into policies that technical and training staff can implement. The key to success is setting up an effective governance structure to manage policy. |
Wednesday
11:30 to 12:30 | |
| Cloud Computing and SaaS bring unique data control, compliance and vendor viability risks that are difficult to assess and control. Organizations considering cloud-based services must understand the associated risks, defining acceptable use cases and necessary compensating controls before allowing them to be used for regulated or sensitive information. This presentation will examine the practices being carried out by today’s enterprise. |
Wednesday
11:30 to 12:30 | |
| Good enough security can be an elusive goal. Not reaching "good enough" exposes enterprises to unacceptable risk level. Exceeding "good enough" hurts various aspects of business:
• Budget
• IT staff
• Users
"Good enough" security is different for everyone and is based on an organization’s risk profile. So how do you measure “good enough” security within the IT environment and how do you judge if you are making appropriate investments? This workshop looks at spending trends and gives you the opportunity to discuss with others what the best practices are in measuring security efficiency and effectiveness. |
Wednesday
12:30 to 13:45 | |
Wednesday
12:30 to 13:30 | |
| Invite only. Places are limited, please email melissa.welby@gartner.com to check availability.
Outlining the latest insights from the cutting edge of cloud security, Trend Micro will indicate how you can resolve key challenges in the deployment of virtualized or cloud-based solutions. With a full spectrum of solutions already in the market Trend Micro can provide you with the practical evidence that will allow you to provide comprehensive protection of your organization whilst minimising complexity, maximising gains for the business and ensuring you have control over your assets. |
Wednesday
12:30 to 13:30 | |
Wednesday
13:15 to 13:30 | |
Wednesday
13:45 to 14:45 | |
Wednesday
13:45 to 14:45 | |
Wednesday
13:45 to 14:45 | |
| Smartphones are like little PCs and they bring both old and new technological and opportunistic threats to the Enterprise. This presentation uses Gartner’s broad analysis of phone threats and technologies to chart a safe course through your mobile choices. |
Wednesday
13:45 to 14:45 | |
| Risk assessments are intended to identify threats and vulnerabilities and select controls. The BIA is most probably the most important aspect of the BCM planning process as it provides the foundation on which recovery requirements and objectives are built. This presentation will discuss different risk assessment approaches and give guidance on how best to conduct a BIA for BCM. |
Wednesday
13:45 to 14:45 | |
| Aligning risk and security activities to business strategy is necessary when reporting and communicating to business executives. Engaging business managers can facilitate necessary cultural change and provide business managers with the risk information they need in the proper context to make better business decisions. This session presents three case studies and two practical methods for communicating with executives. |
Wednesday
13:45 to 15:30 | |
| To reach adequate maturity in their information security controls, organizations must invest in a strategy for improving business alignment. The actions resulting from this strategy must be executed in conjunction with existing security projects. This workshop will share tactics and best practices for developing a strategy to improve alignment of information security with business requirements. |
Wednesday
15:00 to 15:30 | |
Wednesday
15:00 to 15:30 | |
| This session will look at how organizations can get the best of both worlds between on-premise Internet security solutions and cloud-based alternatives, compare reasons why organizations prefer one over the other, the advantages and disadvantages of both and then show how organizations can optimize their Email and Web security implementation. |
Wednesday
15:00 to 15:30 | |
| A vulnerability management program can help your organization demonstrate compliance and reduce risk levels...If the correct approach is adopted. In this presentation, you’ll learn how AIB met their business requirements by choosing a SaaS model for its flexibility, adapting to their dynamic business environment and automating the processes. |
Wednesday
15:00 to 15:30 | |
| Crucial to tackling data breaches is the ability to recognise patterns and know where to focus your security efforts. Insight from Verizon's 2010 Data Breach Investigations Report, including contributions from the U.S. Secret Service, will help you learn from the mistakes of others so you can be better prepared. |
Wednesday
15:45 to 16:30 | |
Wednesday
15:45 to 16:30 | |
| The Office of Cyber Security has the substantial task of creating the framework around which the strategy for the UK government can be delivered. As one of the leaders of this strategy, Graham Wright will explore how they coordinate action across such a gargantuan organizational structure, the balance between strict regulation and incentives for behaviour, and the role of partnerships with the private sector in delivering effective security. |
Wednesday
15:45 to 16:30 | |
| Traditionally, funding for security has relied on engendering fear and uncertainty amongst one’s leaders — this is utterly inadequate if one is to move from fighting fires to a truly strategic security program; a risk-based approach involving the whole organization. What characteristics must the modern CISO develop in order to deliver real value to the business? |
Wednesday
15:45 to 16:30 | |
| Reducing the impact of risks by reducing your incident response time is the risk mitigation strategy many companies select to make the residual risk acceptable after implementing many technical controls. This session will cover:
Key elements to consider when selecting your SIEM strategy
Overview of the strategy and solution adopted
Best practices and lessons learned |
Wednesday
15:45 to 16:30 | |
| This presentation highlights how AkzoNobel structured its IT compliance framework, taking CObIT as a starting point and linking the existing requirements to it making it easy to explain the responsibilities of the different involved parties in the company. |
Wednesday
16:30 to 17:00 | |
Wednesday
17:00 to 17:45 | |
| So what does it mean to have a profitable information security policy? Information is an important business commodity which can be bought and sold, and like a currency, helps your business to make its profits, to invest in future business opportunities and to protect itself in the marketplace. A company is in the business of taking risks, to make profits, to be a viable market player and to be "best of its kind." Every time it makes an investment, makes a management decision to offer a new range of products, offer new services, to back new opportunities the company is taking a risk. A profitable information security policy should be able to help the company to take the business risks it needs to take whilst protecting its business information. And the lack of such a policy or policy ill suited to the business can be detrimental to the business, its hopes and vision, and its future business plans. |
Wednesday
17:45 to 18:30 | |
| This session will introduce and discuss four of the latest Gartner Magic Quadrants describing the trends, product differentiators and market positioning of the key players in the following markets: |
Wednesday
18:30 to 20:00 | |
Thursday
07:30 to 17:15 | |
Thursday
08:00 to 09:00 | |
| As technical security controls are increasingly integrated into the infrastructure fabric, the focus of CISOs will continue to shift towards the behaviors, attitudes and culture of the human stakeholders of the enterprise. This presentation will highlight how this will impact the role of information security leaders, the opportunities this present, and the actions that they should take to prepare for the challenge. |
Thursday
08:00 to 09:00 | |
| Selecting security products is a complex process that carries significant risks, because poorly chosen products can fail to protect against serious threats, cause serious performance problems for enterprise networks and waste scarce financial resources as companies overspend. Use testing procedures designed for your enterprise and your threat environment to determine the best in-line network security products for your enterprise and IT organization's needs. |
Thursday
08:00 to 09:00 | |
| Greater demands for IT governance, risk and compliance management (GRCM) call for adjacent, richer, and synergistic relationships with other IT management disciplines, including identity and access management (IAM). You need to understand how your IAM program can contribute to GRCM and how to manage your relationship with other GRCM stakeholders to effectually address your enterprise’s critical business challenges. |
Thursday
08:00 to 09:45 | |
| This workshop follows the concepts from the session “Build a KRI Catalog to Link Risk and Security to Corporate Performance” to help you develop your own set of organization-specific KPIs and KRIs. |
Thursday
09:15 to 09:45 | |
Thursday
09:15 to 09:45 | |
| Join Industry experts and Intel to learn about:
• Trends & Research on Data Breach and associated economic impact to business
• Real-life enterprise challenges in securing Mobile PC and Data
• Built-in theft and data protection in laptop hardware
|
Thursday
09:15 to 09:45 | |
| The threat landscape is evolving and the complete protection requirements organizations need to be addressing with it. Symantec’s Global Intelligence Network continuously monitors events and we’ve seen four stages of information breach repeated: Incursion, Discovery, Capture and Exfiltration. We’ll demonstrate the underlying causative factors and strategies to address them. |
Thursday
09:15 to 09:45 | |
| With cyber-security a key risk for 2010, HP will present a new benchmark tool you can use to assess cyber-readiness and conduct peer comparisons. You will learn the results of HP commissioned research gathering direct feedback from EMEA and US security leaders across the public and private sectors regarding their key risks and their approaches to managing those challenges. |
Thursday
09:55 to 10:40 | |
Thursday
09:55 to 10:30 | |
| Euroclear’s central position within international finance makes sound crisis management, resilient IT performance and service delivery vital to the business. This presentation will present learnings from a cross border systems failure simulation exercise, the improvements made to non-technical responses and the demonstrable importance of these elements to external perception of good incident management. |
Thursday
09:55 to 10:30 | |
| Organizations are facing the challenge to put existing policies and standards into practice. Especially the translation of the higher level control objectives and practices into secure configuration baselines is often a large gap, and represents a serious security risk.
The lack of a process, the diversity in ICT environments throughout large international organizations, the mixture of deployed tools and platforms adds extra complexity to the challenge of reducing vulnerabilities. |
