The relationship between the CIO and CISO is critical to an effective enterprise information security program. In some cases, the objectives of the two executives do not align on the timing of systems priorities and business objectives. Without a well-disciplined, integrated and communicative strategy, the likelihood of failed program delivery and greater vulnerabilities to not only system operations, but also the business as a whole, only increases. This session with Mario Leone and Martin Mazor will include an overview of information assurance processes and supporting metrics, as well as reporting solutions that can help align potential risk and threats with a comprehensive IT strategy. It will also highlight how to address the combined goals into a single reporting package for board level discussions.

From advanced persistent threats, to cyber security legislation, to managing mobile security in the enterprise — CISOs are looking to one another to share their insights, lessons learned and benchmarks as they continue to lead their organizations into the future. In this interactive discussion, security leaders will talk about the issues that matter most to them. It will be an opportunity to discuss the hard problems that are plaguing the information security field and share how individuals and their teams are addressing these situations and whether they are, or are not, proving to be successful.

Today’s headlines are filled with reports of cyber attacks, breaches and data loss at our nation’s top organizations; unfortunately that’s often where the stories end. Ninety-nine percent of cyber attack cases are never prosecuted, often because of unawareness and misunderstanding surrounding the legal process and the actions that CISOs and their teams can take against the perpetrators. In this session, cyber law expert Matthew Yarbrough will discuss data breach law and the importance of establishing a strategic incident response team in the case of a cyber attack. He will share his insights on crisis management and how CISOs can take legal action against cyber attacks.

The standard desktop model is quickly becoming obsolete in today’s “always-on, always connected” workforce. The threat landscape now extends to mobile devices and traditional MDM products are still trying to address new risk and usability challenges. The business is demanding solutions and security leaders can’t say no — so how can CISOs protect this new perimeter and all its assets with current technology solutions? This Executive Boardroom offers the opportunity for CISOs to start new discussions on protecting your network, managing unsecured employee-owned devices and ways security leaders can offer a better and secure end-user experience.

The “N-th Year Itch” is a phenomenon that has been widely documented — whether in a relationship or at a job, there usually comes a time when the desire to try something new overwhelms the need for stability and familiarity. It’s not an easy decision to make, and oftentimes taking that leap out of your comfort zone can be a very scary proposition. This session will chronicle the story of one CISO who walked away from an established, mature information security organization to take on something new. We will discuss the process of starting a security program from scratch — getting grounded in the organization, building key relationships, establishing priorities and goals, setting up key metrics, demonstrating value, and keys to success in making it all happen.

Security breaches are part of the new norm and CISOs must have an actionable plan in place. The most successful outcomes come when security leaders and their teams proactively plan and partner with federal agencies who can lend their support and resources, but strategy and partnerships aren't as easy as they seem. Join Deron McElroy and YuLin Bingle with the U.S. Department of Homeland Security as they share how organizations can effectively work with agencies such as DHS before, during and after an incident. They will describe several opportunities to engage with DHS and lessons learned from their past experiences that have enabled them to become a strong strategic partner to the private sector.

In today’s information centric business world, protecting your organizations data is the key element of a CISOs role. Even though data is king, there are still many unknowns surrounding data protection and ensuring that the privacy of your company and customers is managed properly. In this interactive boardroom, Jim Koenig, director and leader of the identity theft practice at PwC will lead a discussion on the CISOs role in protecting their organizations data, maintaining the proper levels of privacy, and creating cost savings through effective data management.

Discussion topics:

• CISOs as a profit center
• Protecting data that is not in your control
• Privacy and data analytics

The threat landscape has shifted and what was once a safe place to peruse and share information is now trolled by hackers, bots and organized cyber-crime groups. In an age where information is power, how can security organizations stay ahead of the bad guys and protect the organizational assets? What should the CISO be worried about and what real approaches can people take to solve the information-leak challenge? In this session, Marc Maiffret will discuss what’s real and what’s hype in the world of cyberattacks. He will discuss how this new crime element utilizes social media, social engineering, advanced persistent threats and malware to compromise networks world-wide. Join Maiffret to get an idea of what the bad guys are up to and steps you can take to keep your organization protected.

When it comes to protecting your organization from security threats, your greatest and most important resource is often your company’s people. In this session, Josh Davis, director of information security and risk management
at Qualcomm will share how he is leveraging Qualcomm’s employees as security tools. He will provide insights into what it takes to develop a successful security awareness program and how, with the help of the organizations employees, he and his team are finding incidents that would have otherwise gone unnoticed.

Session discovery topics:

• Education and awareness as a deterrent
• Utilizing unconventional resources
• Establishing transparency to overcome Big Brother mentality

CISOs must completely re-think the way they do business by transforming from being reactive and focused on infrastructure to becoming proactive data-and risk-centric business leaders. Join James Robinson and Lamont Orange as they discuss new concepts for layering data controls alongside infrastructure controls to transform your security defenses. By examining these concepts and the framework and tools essential for enabling people, process and technology to collaborate and re-define a next generation security program, Robinson and Orange will provide actionable insights to recalibrate security defenses and protect company intellectual property.

Session discovery topics:

• New data-driven approaches to identifying, mitigating and combating threats
• Transforming your users — from greatest vulnerability to volunteer security team
• Evolving your threat model — from acceptable to amazing security

The escalation and sophistication of cyberattacks has a lot of security organizations wondering just how safe their network really is. The threat landscape is only getting more complex and CISOs are looking to quickly understand how this space is maturing. Zero-day threats, spear phishing, malware, all are security concerns, but with all the additional end-points and unknown security threats, how can security leaders get ahead of the game and stop playing catch-up? CISOs attending this executive boardroom should come prepared to discuss strategies and best practices on protecting your network from outsider threats.

Cybersecurity today goes well beyond compliance, and requires a strong understanding of how the long standing cultures of crime and war have been brought to the cyber world we live in today. This presentation will focus on inside stories of how cyber crimes are being carried out, and expose the critical motivations and inter-relationships between organized crime, government intelligence services, and non-state actors like terrorists and hacktivists that can be a choke point. We’ll touch on the risks and benefits of our ever expanding attack surfaces with the adoption of mobile and cloud, and cover the new currency of the realm that can be used to buy anything from a website take-down to murder, and now even some security. We will discuss what CISOs are doing to defend their enterprises and our way of life, including both defense and offense, and focus on what leading companies are doing today that have the most positive impact on their overall risk.