We cannot solve security problems using the same kind of thinking we used when we created them – this event provides some of the new thinking required!
Haden Land, VP, Engineering & CTOLockheed Martin Corporation
“
The CISO Executive Summit provides a forum to exchange ideas and solutions to the issues and problems that different local, national and governments organizations are facing.
Chet Loveland, Global Info. Security & Privacy Officer MeadWestvaco Corporation
CISOs face increasing demands from the board, business leaders, employees, customers and shareholders. Chris Tignor will share how those demands are impacting the skill sets required to be an impactful CISO. He will also explore the qualities they will need as future leaders in the business.
Session discovery topics:
Diversity and intricacy in the CISOs landscape
Increased demands for innovation and integration into business units
Emerging trends that will influence the CISO position
The very words ‘data breach’ sends shivers down the spine of every executive and board member in the world. Yet in today’s information security space, recent trends indicate that data breaches reported are declining. The Open Security Foundation was inspired to address why this is happening through a research project called DataLossDB. Kouns will review findings that may suggest a contrary trend, talking through the collection and analysis of data breach notification letters sent to various jurisdictions in the United States. This session will dissect the many facets of breach notifications and discuss why a data breach component to your risk plan is imperative for your organization.
Session discovery topics:
Learning from the past – publicized breaches reviewed
Data breach laws and breach notifications research
Cost study – what is the real financial impact of data breaches?
In order for your information security strategy to be most effective and for you to be seen as a trusted business partner, you need to work with business leaders in many different parts of your organization. Stacey Halota will discuss how she works with business leaders to create a culture that will both enable the business and meet information protection goals.
Session discovery topics:
Forming and sustaining business relationships
Understanding critical business drivers in different parts of your organization that influence information protection
Making information security an integral part of business processes
Making decisions based on proven data will drive business success. Dr. Peter Tippett, an information security pioneer known for creating enterprise risk metrics and compliance management programs for large enterprises, will share from a very practical standpoint which security measures yield the best results. Running one of the largest investigative response teams in the world, his team has analyzed measurable outcomes for the last six years, spanning more than one thousand cases of computer crime involving actual events and real companies. Dr. Tippett will share data that today’s CISO can use to make better security decisions, which can in turn make a positive impact on the organization. He will also cover state-of-the-art thinking on risk-based thought experiments and decision-making frameworks.
The battle lines have been drawn for a long time, but the “bad guys” are using more sophisticated tools, are better organized and more persistent than ever. Robert Lentz, former CISO with the US Department of Defense, will share his views and insights on this growing trend of cyber attacks on public and private organizations. Lentz will discuss why and where these criminals are looking to exploit systems and networks by using state-of-the-art intrusion tools and tactics to gain access, information and intellectual capital.
Session discovery topics:
Separating the hype from reality – should you be paying attention
Why and how is malware evading current security technologies
What technologies and tactics can information security leaders use to combat the problem
In this session, Tim McKnight raises the questions ‘Does your board have the knowledge and experience to provide effective guidance on the risks inherent to IT?’ and ‘Does the board help or hinder the CISO’s workload?’ For McKnight, the journey of building a relationship with the board has been a long but rewarding experience. He has found, at first glance, that boards may not be equipped to manage the important resources that security officers offer, but once they spend time understanding risk and IT security investments, the value becomes apparent.
Session discovery topics:
Forming and sustaining boardroom relationships
Preparing a strategic conversation with the board – speaking their language
Predicting outcomes – expectations from the boardroom
Video
Slides (PDF)
