UPCOMING EVENTS

Enterprise Risk / Security Management: Chicago

 

Strategies for reducing risk to the enterprise.

 

October 3, 2018

 

9:00am-5:00pm

 

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

 

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

  


Overview

 

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.


What You Will Learn

 

In this one day conference attendees will learn:

  • Risk Reduction: Effective Enterprise Vulnerability Management/Security Incident Response
  • Digital Transformation and CyberSecurity: What CISOs Need to Know
  • Cybersecurity & Agility with Network Security Policy Orchestration
  • Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)
  • Key Steps to Reduce the Risk of Malicious Insiders, Over Privileged-Users and Compromised Third Parties
  • Breaches & Ransomware: How to Handle, How to Respond

 


 

Conference Price: $289.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.


Conference Program


8:00am – 8:30am: Registration and Continental Breakfast


8:30am-9:20am: Risk Reduction: Effective Enterprise Vulnerability Management/Security Incident Response

 

Derek Milroy, IS Security Architect, U.S. Cellular Corporation

 

This presentation is a detailed how-to for assessing, implementing, and maintaining a Vulnerability Management Program. It will also touch a bit on patch and configuration management as they are both remediation’s that typically result from running Vulnerability Management efforts. This presentation is not based on theory. It is based on experience in literally dozens of environments, some that were scanning over 90,000 live hosts per month. The presentation will also cover methods for working with systems administrators and application owners to get processes in place that are sustainable and will produce results. In addition, metrics and score-carding will be discussed with a focus on measuring what needs to be done and what work has been done.

 


Milroy


9:20am-10:10am: Cyber-Security Pushed to the Limit – 2018 ERT Report Primary 

 

David Hobbs, CyberSecurity Evangelist, Radware

 

Throughout 2017 and 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

Join the session to learn more about:

  • The threat landscape deep dive-the who, what and why of attacks
  • Potential impact on your business, including associated costs of different cyber-attacks
  • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
  • Emerging threats and how to protect against them
  • A look ahead – predictions and what to prepare for

 


Hobbs


10:10am -10:40am: Refreshment Break


10:40am-11:30am: Duty of Care Risk Analysis: “Getting consensus from legal, information security, and executive management.”

 

Jim Mirochnik, Governance & Compliance Principal, Senior Partner and CEO, Halock

 

This service philosophy has evolved into a process for risk assessments that is best known as Duty of Care Risk Analysis (“D.O.C.R.A.”). This unique process helps organizations develop criteria by which they can prioritize risk and develop consensus on acceptable risk between the business, legal and security. The process, when implemented correctly, allows organizations to defend their decisions to interested 3rd parties, regulators, and the courts. The Duty of Care Risk Analysis process will be adopted by standards bodies in 2018.

 


Mirochnik


11:30am-12:20pm: Cybersecurity & Agility with Network Security Policy Orchestration

 

Ronald Kehoe, CISSP, CISM, CISA, GCIH, Senior Solutions Engineer, Tufin

 

The agility of DevOps and scalability of the cloud is an incredible combination for the business. New products are brought to market faster than ever before, with infrastructure spun up or down in seconds. However, with this agility and business-created urgency, security is seen as an impediment and often falls by the wayside. Security needs to meet the agility of DevOps and avoid the manual misconfigurations during cloud deployments – the same mistakes that reach the headlines on a weekly basis.

It’s time for organizations to empower both IT and security teams through automation, and enhance the overall agility and security of the business.

Network Security Policy Orchestration enables an organization with agility while incorporating security through automation as a “shift left” solution. The cybersecurity team can meet the speed of the business and DevOps while ensuring continuous compliance with regulatory, internal audit, and corporate security policies.

 

 


12:20pm – 1:20pm Luncheon


1:20pm-2:10pm: Vendor Risk Management: How to Identify and Decrease Potential Risks When Leveraging 3rd Party Vendors (panel discussion)

 

Moderator:
George Harrison, Named Account Manager, Infoblox
Panelists:
Ricardo Lafosse, CISO, Morningstar, Inc.
Arlene Yetnikoff, Director, Information Security, DePaul University
Mike Wood, Vice President, IT, Wilton Brands, LLC
Brad Keller, JD, CTPRP, Sr. Director 3rd Party Strategy, Prevalent
Peter Van Loon, Senior Manager of Information Security, Discover Financial Services
and other Enterprise CISOs and InfoSec Executives sharing their experiences and lessons learned

 

Topics that will be covered include:

  • Contract outlining the business relationship between your organization and 3rd party vendor
  • How to monitor vendor performance to ensure that contractual obligations are being met
  • Guidelines regarding which party will have access to what information as part of the agreement
  • How to ensure that 3rd party vendors meet regulatory compliance guidelines for your industry

 

     
Yetnikoff     Wood


2:10pm – 2:50pm:


2:50pm-3:20pm: Refreshment Break


3:20pm-4:10pm: Key Steps to Reduce the Risk of Malicious Insiders, Over Privileged-Users and Compromised Third Parties

 

Jim Anthony, VP Cybersecurity, Cyxtera

 

Business leaders have embraced the concept of allowing employees and third-party contractors to work from remote locations. But remote workforce migration as well as some malicious insiders present new operational and security challenges that must be addressed by IT and Security leaders.

Attend this session and learn:

  • Best practices addressing remote worker access using the Software-Defined Perimeter
  • Methods of efficiently integrating security with existing business processes and security solutions
  • Reducing security complexity while improving the user experience all while saving money and resources

 


Anthony


4:10pm-5:00pm: Breaches & Ransomware: How to Handle, How to Respond

 

 

Moderator:
Dave Klein, Senior Director, Engineering & Architecture, GuardiCore
Panelists:
Mitch Christian, Director, Information Security, American Hotel Register Company
Riad Amro, CISM, Senior Information Security Officer, SISO, Director of Information Security, Total Administrative Services Corp (TASC)
Shayla Treadwell, Sr. Manager, Information Security, Corporate Risk Management, Discover Financial Services
Gary Patterson, Director, Information Security & IT Infrastructure, VIVIDSEATS
Jeff Roseman, Director, Infrastructure & Information Security, Wilton Brands LLC
and other Enterprise CISOs and InfoSec Executives sharing their experiences and lessons learned

 

In this session, attendees will learn from CISOs and Security Executives as to how they are working through the challenges of Data Breaches and Ransomware.

 

Attendees will walk away with shared strategies and tactics that other organizations are employing.

 

          
Christian     Amro       Klein


Conference Price: $289.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

 

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.


CONFERENCE CO-SPONSORS