CISOs face crucial challenges in answering business demands for the ‘latest and greatest.’ For Alan Levine, ensuring a balance between business demands and practical security is the essential strategy of a successful security program and a secure enterprise. While security was once an academic exercise, it now represents our best response to tangible, potentially devastating threats which have morphed in complexity, tenacity and impact. Hear Levine’s proactive approach to protecting your organization from advanced persistent threats that seek to harm the things you care about most.

The security industry has demonstrated time and time again an enduring resiliency and ability to innovate that has made information technology safe enough to transform the world. But today we face harsh realities. Never have we witnessed so many high-profile cyber attacks than in the past year and never have the attacks been as targeted. So, what do we do now? Just as our adversaries have taken advantage of the sheer speed and availability of information on the Internet, we need to do the same. In this session, Tom Corn will explain how we can unearth the wealth of intelligence that is buried within those very same infrastructures — and use that intelligence to our advantage. He will discuss how we must change our conventional approach to security to an intelligence-driven approach in order to continue to build a trusted digital world.

Fundamentally, how do you do security without an identity program? How can you have security if you don’t know who is on your network? Without an identity program you can’t determine who has access to what assets you have existing on your network, so where do you start? At McGraw-Hill, Dennis Brixius has created a program called ‘A5’ to address the critical risks that can undermine a secure environment (Authentication, Authorization, Access, Accounting, Auditing). Brixius will discuss the ‘econometrics’ behind investing in an identity program and how you develop and maintain an identity life-cycle management procedures.

While access to your network, applications and equipment by vendors is inevitable, monitoring of that access; configuration management; and change management is vital. Giving vendors access creates vulnerabilities of external access so maintenance and protection of intellectual property and sensitive information should be priority one. What measures can be taken to ensure granular control of access to systems? What controls are in place to manage vendors’ staff accessibility? How are access credentials maintained by vendor? You are invited to join CISO discussion leaders and moderator John McCaffrey in this interactive, executive boardroom. We will discuss how you can safeguard your service level agreements to ensure process, policies, and recourse and the overall process and lifestyle of managing values.

Due to the format of the Executive Boardroom session, there are a limited number of seats available. Seating priority will be given to CISOs. To reserve your seat, please contact Warren Weaver at 503-808-9815, or warren.weaver@evanta.com. Sponsor participation is limited to Boardroom sponsor attendees only.

The threat landscape continues to get more diverse while being judicious with our control investments and resources remains a growing concern. How to balance the two? Security threats and potential exposures in the forefront of senior stakeholders’ minds is a positive first-step. However, the increased attention can potentially unravel a well-structured, forward looking security effort by building a culture which reacts to events and “bright shiny objects.” To keep the organization focused on systematic, risk based framework, security teams must proactively manage the message of what security efforts are focusing on and why.

Session discovery topics:

• The balance between hype and reality
• How to manage the message
• Partnering with your audit

Social media has become a positive influence in many of our lives: online customer service, personal health research, consumer savings, staying in touch, etc. Increased social media engagement has also opened the door to those who would leverage these forums to severely affect distribution, capture intellectual property or enact credible threats against our person or facilities. However, the ability to use social media to navigate web chatter makes it easier for the enterprise to reveal when a partner is working with your competitor or your organization has been secretly targeted for a confidential data leakage. Join us as we explore how social media has increased significant unforeseen risks and should be monitored for public safety, personal safety, fraud and many other concerns.

The domain of mobile technology is incessantly changing and CISOs are challenged with the task of finding the best way to leverage and secure these devices in the enterprise. CISOs must capitalize and anticipate innovative opportunities to discover new efficiencies while balancing the reality of security threats and requirements. This interactive session offers insights into managing the new era of mobile computing and mobile technology innovations.

Session discovery topics:

• Where to begin when building a roadmap for a secure mobile strategy
• Addressing potential vulnerabilities
• Determining your own strategy when one size does not fit all
• Critical drivers and stakeholders behind your mobility strategy

Due to the format of the Executive Boardroom session, there are a limited number of seats available. Seating priority will be given to CISOs. To reserve your seat, please contact Warren Weaver at 503-808-9815, or warren.weaver@evanta.com. Sponsor participation is limited to Boardroom sponsor attendees only.

In 2004, after half a decade of struggle, IT security started to demonstrate the consistent ability to protect their corporate networks. Eight years later and today’s bad guys are back in the driver’s seat — appearing more organized, frequently quite competent and often well financed. With more complex and porous infrastructures and business processes (and less of an appetite to maintain security discipline) the classic perimeter that’s protected the enterprise before is dead. Gene Hodges believes that with the right strategy and policy, CISOs can get back to winning the war. His new strategy draws the perimeter around the data object and controls policy by understanding every piece of content moving around or residing on our extended corporate network. This discussion will look specifically at mobility, CISOs toughest new challenge, and will then apply these new principals more broadly to today’s environment.

The technology landscape is always shifting and those in charge of application security are constantly re-aligning to secure exposed vulnerabilities. When it comes to implementing an effective application security program, a holistic approach to tools and solutions is necessary for success. How do you develop standards for internal audit review? How do you address issues surrounding hot-button technology like SaaS, cloud, and mobile? How do you navigate supplier/vendor contracted terms? Join panelists David Ritenour, Andrew Conte, Thien La and moderator Jerry Kowalski in this discussion surrounding how to design and implement a dexterous appsec program.

Session discovery topics:

• Automated vs. manual review — how you train and staff
• Outsourcing vs. insourcing — managing the balance
• Metrics and reporting — executive and technical reporting

Cyber attacks on information systems today are often aggressive, disciplined, well-organized, and in a growing number of documented cases, very sophisticated. Successful attacks on public and private sector information systems can result in serious or grave damage to the national and economic security interests of the United States. Given the significant and growing danger of these threats, it is imperative that leaders at all levels of an organization understand their responsibilities for achieving adequate information security and for managing information system-related security risks. Dr. Ron Ross, will talk about developing a dynamic approach to a security and risk management framework that will more effectively manage information system-related security risks in highly diverse environments of complex and sophisticated cyber threats, ever-increasing system vulnerabilities and rapidly changing missions.

You are invited to join CISO discussion leaders and moderator Wade Williamson in this interactive, executive boardroom. We will discuss how enterprise applications, users and their devices intersect with security, productivity as well as strategies for embracing new technologies without taking on new risk.

Session discovery topics:

• Keeping your enterprise productive while defending it from a new breed of sophisticated threats
• How internal users and external threats can skirt your security using enterprise applications
• The impact of the growing popularity of SSL to enterprise security and end-user privacy
• Practical security strategies to enable technologies while combating threats

Due to the format of the Executive Boardroom session, there are a limited number of seats available. Seating priority will be given to CISOs. To reserve your seat, please contact Warren Weaver at 503-808-9815, or warren.weaver@evanta.com. Sponsor participation is limited to Boardroom sponsor attendees only.

Risk appetite is the foundation of a security program and is set by the top leadership of the company. For the CISO, it is their job to deliver security solutions that match that appetite. What factors influence the amount of risk an organization will tolerate? What does a CISO need to balance in order to accommodate new technology? This presentation will explore the effects on security solutions based on the organization’s risk strategy. We will explore technology adoption with respect to risk appetite.

Session discovery topics:

• Innovation and collaboration vs. data protection
• Ease of use vs. strong protections
• Technology leaders vs. prudent use