Security metrics are often valuable in bridging the communication gap between IT security and the corporate boardroom. For more than a decade, the Ponemon Institute has conducted independent research on privacy, data protection and information security policy, often identifying major security vulnerabilities well before they were exposed. Join Ponemon Institute Founder, Dr. Larry Ponemon and former CEO & Founder of PGP Corporation, Phil Dunkelberger as they discuss the lessons that can be learned from a decade of security trends and how they still manifest themselves in today’s boardrooms across the world.

Session discovery topics:

• Global boardroom perspectives of the value of security data
• Managing data privacy and security in an increasingly Draconian regulatory landscape
• Not just ‘cost of breach’ — leveraging all the tools available

Never before have we seen such high-profile, targeted cyber-attacks than in the past year. The tumultuous threat landscape has many CISOs have operating as though the bad guys are already in. While intrusions are often fairly benign, every so often a massive, high-level breach occurs that causes the infosec world to ask, what do we do now?

In the wake of a massive data breach, what communication strategies will help you through the first 48 hours? What is the best approach for notifying key stakeholders? What support can you offer to customers and others compromised by the breach? Crisis planning experts provide essential guidance for managing public disclosures of security breaches. In this session, Brian Fitzgerald will share his first-hand lessons learned for crisis communication, handling ensuing legal liabilities and running reputation damage-control.

Like a chain’s weakest link, an organization’s information security program is not something that can be accomplished by a team of security professionals alone; it requires a broader organizational effort. The engagement of colleagues throughout the business is essential. This, however, is easier said than done. How do you get your entire organization rowing in the same direction?

Strengthen your organization’s chain by learning how Steve Jensen is successfully driving engagement at Ameriprise Financial on issues such as identity and access management, threat and vulnerability management and compliance.

With the hyperbolic growth curve that technology is on, the demands of information security leaders are similarly expanding. While securely enabling the enterprise technology strategy will continue to be the main function of an organization’s information security team, this rapid technological expansion poses a significant opportunity for infosec leaders to elevate themselves to true business leaders. Join Gary Eppinger in this Executive Boardroom session as he discusses ways that CISOs can become true business leaders.

Session discovery topics:

• Stepping out — stretch roles and developing your understanding of the business
• Translating risk into the right business context
• It’s all about the dialogue — keys to dynamic boardroom communication

Due to the format of the Executive Boardroom session, there are a limited number of seats available. Seating priority will be given to CISOs. To reserve your seat, please contact Mitch Evans at 503-972-4440, or mitch.evans@evanta.com. Sponsor participation is limited to Boardroom sponsor attendees only.

With each highly-publicized, high-profile data breach, the demand for greater enterprise network security grows. Adding fuel to the fire, Hacktivist groups such as Wikileaks and Anonymous have underscored the significance that the human element still plays in information security. While many CISOs feel that a combination of a data-centric and people-centric security program may be the ‘holy grail’ of security, few have been successfully implemented to date. Join Patrick Reidy as he shares lessons learned from the FBI and others’ data-centric models, best practices for controlling insider threat prevention and insights into the future of data protection.

Session discovery topics:

• Practical first steps to implementing IP protection
• Combating IP theft with data-centric security mechanisms
• Lessons learned from FBI’s data protection and insider threat programs

You are invited to join CISO discussion leaders Michael L. Kearn and Kathy Orner and moderator Wade Williamson in this interactive, Executive Boardroom. We will discuss how enterprise applications, users and their devices intersect with security and productivity, as well as strategies for embracing new technologies without taking on new risk.

Session discovery topics:

• Keeping your enterprise productive while defending it from a new breed of sophisticated threats
• How internal users and external threats can skirt your security using enterprise applications
• The impact of the growing popularity of SSL to enterprise security and end-user privacy
• Practical security strategies to enable technologies while combating threats

Due to the format of the Executive Boardroom session, there are a limited number of seats available. Seating priority will be given to CISOs. To reserve your seat, please contact Mitch Evans at 503-972-4440, or mitch.evans@evanta.com. Sponsor participation is limited to Boardroom sponsor attendees only.

With more than 1 billion mobile endpoints currently in service and an estimated 20 billion coming within the decade, it’s no wonder business leaders view social media, smartphones, tablets and iDevices as a potential goldmine. But perhaps CISOs weren’t altogether wrong when playing the ‘no police’ with regard to embracing mobility.

Join Author and Security Futurist Winn Schwartau as he provides a controversial view of the future of business and technology and how intelligent mobile endpoints will become weaponized by small time crooks, hacktivists, organized criminal organizations, nation-states and others. Through a six millenia tale of humanity, technology, power, influence and weaponization, up to the present and into the future, Schwartau will provide some unpopular insights into what we as business leaders must do to defend against this onslaught.

Those responsible for APT target intellectual property across government and industry literally every minute. The difference between normal malware and APT is the intruder’s perseverance, significant financial resources and time. Intruders create malware that circumvents common information security safeguards or use undisclosed vulnerabilities to penetrate networks and computers. Attackers refine and escalate their tools, methods and techniques as a targeted company’s response improves. It’s a very high-stakes chess match.

McAfee CSO Brent Conran will discuss the rapidly evolving threat landscape and how highly customized malware code or APT is being used by sophisticated and organized cyber intrusion teams to steal information from compromised computers.
He will also introduce a security architecture that scales to meet enterprise business realities and helps keep your intellectual property protected.

As technology becomes more essential for citizens and state employees, demand is growing for easier, more seamless access to government systems. As technology use increases, so do the efforts of cyber criminals who are using increasingly advanced tactics. Therefore, the need for security systems, such as IAM, have become part of fast-growing, evolving efforts to meet the needs for both easy access and protection for citizen data and for state data and systems. Join Chris Buse, CISO for the State of Minnesota, as he shares the successes, challenges and lessons learned in implementing a state-wide, federated IAM program and the enterprise and business benefits that it provides.

Session discovery topics:

• Lessons learned in building a state-wide IAM program
• Leveraging SICAM — supporting trust, interoperability, security and process improvement
• Enterprise benefits of IAM — from cost-savings to security compliance, data-privacy to patching

How do you define ‘high’ risk? At what point does this ‘high’ risk change to ‘critical’ or ‘medium’ risk and what factors go into that change? Chances are very likely that every CISO will have at least slightly different answers to these questions. If information security leaders do not have a well-defined concept of risk, how can they expect business leaders to understand, appreciate, and plan IT initiatives appropriately? All too often, risk management models are ineffective because they are comprised of arbitrary inputs and designations assigned by ‘experts’ based on their own personal confidence in assessing risk. In this Executive Boardroom, Miles Edmundson will facilitate a discussion on fundamental risk assessment topics that are pervasive across industries. In addition to common definitional questions, come prepared to discuss how you know your risk assessment and risk management programs are working.

Due to the format of the Executive Boardroom session, there are a limited number of seats available. Seating priority will be given to CISOs. To reserve your seat, please contact Mitch Evans at 503-972-4440, or mitch.evans@evanta.com. Sponsor participation is limited to Boardroom sponsor attendees only.

Knowledge is power, and the vast amount of information made available by the explosion of connected technologies has organizations collecting and storing unprecedented amounts of information. Though this information may be invaluable to the business, the rapid expansion of these data-stores and the access to them is creating serious challenge for CISOs to protect. Join Daniel Burks and Robert Kellner as they discuss emerging areas of focus in ensuring information privacy and the strategic advantages that eGRC frameworks can provide in managing information risk in complex organizations.

Session discovery topics:

• Drivers of the changing landscape and emerging opportunities in information privacy
• Behavioral marketing, social media and other emerging information producers and privacy touch points
• Safeguarding information in complex, innovative organizations