Feedback from
Attendees

Upcoming
Events:

Sep 21, 2010

Enterprise DR/BC -

HA/Resilient Infrastructure

Info

 

Sep 30, 2010

Project and Portfolio

Mgmt

Info

 

Oct 7, 2010

VDI / Desktop Virtualization

Strategies - Implementation

and Management

Info

 

Oct 21, 2010

e-Mail Archiving

Info

 

Nov 4, 2010

The CIO Agenda -

2011 and Beyond

Info

 

Nov 18, 2010

DR/BC
Data Protection

Strategies

Info

 

Dec 9, 2010

Business Intelligence/

Performance Mgmt

Strategies

Info

 

2011 Events

 

Feb 3, 2011

Ent Risk/Security Mgmt

Info

 

Feb 17, 2011

Project and Portfolio Mgmt

Info

 

March 3, 2011

Cloud Computing

Info

 

March 17, 2011

IT Architecture

Info

 

April 7, 2011

Ent DR/BC / Resiliency

Info

 

April 28, 2011

Desktop Virtualization

Strategies

Info

 

May 5, 2011

Business Intelligence and

Analytics

Info

 

May 19, 2011

e-Mail Archiving

Info

 

June 9, 2011

Ent Risk/Security Mgmt-LLM

Info

 

July 14, 2011

IT Leadership Strategies

Info

 

Sep 9, 2011

Enterprise DR/BC / HA

Info

 

Oct 6, 2011

Cloud Computing

Info

 

Oct 20, 2011

Desktop Virtualization

Info

 

Nov 3, 2011

CIO: IT Leadership

Strategies

Info

 

Nov 17, 2011

Ent DR/BC / Data

Protection

Info

 

Dec 8, 2011

Business Intelligence/MDM

Info

 

 

Home  |  Attending   |  Speaking  |  Sponsoring  |  About   |  Contact 

Conferences that solve current IT challenges

Enterprise Risk /Security Management - Leakage/Loss/Metrics

Strategies for adopting a comprehensive IT GRC (Governance/Risk Management/Compliance) approach to managing information adhering to business needs

June 10, 2010
9:00 a.m. to 5:00 p.m.

CPE/CEU/CISSP/PDU Credits Awarded

Donald E. Stephens Convention Center
Rosemont (O'Hare) Illinois

   Speaker BiographiesRegister


Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise.  A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources.  It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing data leakage, loss and prevention through risk management best practices.


 

 

What You Will Learn

 

In this one day conference attendees will learn:

  • Security Patterns: How to Make Security Architecture Easy to Consume

  • Risk Reduction: How to Use Tokenization to Reduce the Risk of Data Theft

  • Information Security Metrics…. (So Folks Outside of IT Understand & Care)

  • Ad-Hoc Communications: How to Reduce the Risk

  • How IT Security Organizations are Protecting Customer Data

  • Mitigating Insider Threats: Effective Strategies for Preventing Data Leakage
     


 

Conference Program
 

8:00am - 9:00am - Registration and Continental Breakfast

 

9:00am-10:00am

Johnson

Security Patterns: How to Make Security Architecture Easy to Consume
Jeff Johnson, Enterprise Security Architect, ING

A security pattern is a well thought out solution to a recurring information security and risk problem.  In this session, an experienced Enterprise Security Architect will share his strategies and tactics for success with security patterns and how it can help your enterprise.

Attendees will learn how to:

  • Design security patterns that aligned to your organization’s needs

  • Develop a security pattern framework

  • Make security easy to consume by developing security patterns that can be reused across the organization

  • Apply security patterns to data loss issues

  • Articulate to management the value the patterns have provided and the issues they have solved

 

10:00am - 10:30am - Refreshment Break

 

10:30am-11:30am

Palgon

Risk Reduction: How to Use Tokenization to Reduce the Risk of Data Theft
Gary Palgon, VP of Product Management, nuBridges

 

The risk of data theft remains high despite the best efforts of IT security officers. As organizations lock down sensitive and confidential data in one area, cybercriminals go after it in another. There is also the very real risk of internal theft or accidental loss.

 

To meet the more rigorous security challenges posed by protecting diverse types of information, a new data security model is beginning to gain traction – tokenization. Tokenization provides two distinct benefits that build on solid strong-encryption practices. First, it reduces the number of instances of sensitive data in an organization, and second, it reduces the scope of a PCI DSS audit.

 

11:30am-12:30pm

Hansen

Information Security Metrics…. (So Folks Outside of IT Understand & Care)  
Adam Hansen, Director, Information Security, Sonnenschein, Nath and Rosenthal

 

The old adage holds –if you can’t measure it, you can’t manage it.  But the concept of measuring risk, especially in information security risk, seems to be like opening pandora’s box resulting in a steady stream of “this is no longer relevant”, “what does that mean”, “how does this impact me” or worse yet, silence.  During this session, we will discuss the concept of using metrics to not only measure and communicate the state of information security, but to do so in terminology most relevant to your constituents.  This session will conclude with a review of several metrics/models that have proven successful over time and examples of how metrics can actually bolster funding and executive sponsorship.

12:30pm - 1:30pm - Luncheon

1:30pm-2:30pm

Janacek

Ad-Hoc Communications: How to Reduce the Risk

Bob Janacek, CTO, DataMotion

 

In today’s dynamic business environment achieving compliance and gaining visibility to all of your organization’s sensitive communications can be a daunting task. Whether it’s basic privacy, data security threats or meeting regulatory compliance requirements as mandated by HIPAA, GLBA, PCI DSS, FERPA, PIPEDA or the UK Data Protection Act, IT managers need to protect their company’s data and reputation.  Even the smallest compliance-related infractions can mean a damaged reputation, extensive audits, expensive financial penalties and litigation.   You already have consistent, secure and well defined processes for your structured data exchanges. But what about those ad-hoc, one-off unstructured exchanges?

 

How secure are they? And as you attempt to secure these exchanges, do they support the dynamic nature of today’s business or impede it?

 

This presentation explores the issues with ad-hoc communications, the security concerns of traditional solutions and ensuring those solutions meet your compliance and governance needs.

  • Why ad-hoc communications are difficult to deal with from an IT perspective

  • What are traditional solutions

  • Why should you be concerned from a security perspective

  • What can you do to ensure your exchanges are protected

 

2:30pm - 3:00pm - Refreshment Break

Ozkan

Varner

Lauger

Young

Rodriguez

 

3:00pm-4:00pm
How IT Security Organizations are Protecting Customer Data
Moderator: Yinal Ozkan, Principal Architect, Integralis

Panelists will include:

Marc Varner, Sr. Director, Global Information Security, McDonald's Corporation

Leilani Lauger, Information Security Officer, Loyola University of Chicago and other
Steven Young, MBA, IEM., IS Security Officer, IS Division, Rush University Medical Center
Michael Rodriguez, Chief Technology Security Officer, Western Illinois University

and other CISOs and Security Directors sharing experiences and lessons learned

 


Customer data is the lifeblood of every business.  Given the current climate, protection of this data takes on an even greater importance than ever before.  As organizations are preparing for the economic recovery, what should they be thinking about?

   

In this session attendees will learn from a panel of enterprise IT security and risk professionals.

 

 Topics that will be covered include:

  • Market dynamics

  • PCI and other regulatory drivers

  • The risks of non-compliance

  • How companies are protecting databases and applications

 

 

4:00pm-5:00pm

Ross

Sullivan

Tompkins

Nootens

Kwong

Mitigating Insider Threats: Effective Strategies for Preventing Data Leakage
Moderator:
Greg Ross, Principal Consultant, Data Loss Prevention Services, CA
Panelists:
Steve Sullivan, Director, IT & Information Security Officer, Central DuPage Hospital
Scott Tompkins, Director, Information Security, Williams Lea

John Nootens, Director, Networking, American Medical Association
Fred Kwong, Security and Technology Lead, Zurich/CSC

and other professionals from IT departments



Data leakage can take many forms, and the reality is that it can be much more dangerous to an organization’s well being than the phrase implies. Many times it is unintentional, but, it is often the result of those who are trusted on the inside that for whatever reason may have something to gain by the loss or disposal of company sensitive information. 

How do you protect your confidential information?  How do you protect your organization’s reputation?

In this session attendees will learn from a panel of senior enterprise IT professionals as to how they are working through the challenges of mitigating insiders threats and preventing data leakage.

 

 

 

 

 

 

 

Register

 

Conference Price: $219.00 per person

 


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs.  CISSP is a registered certification mark of (ISC)², Inc.


Exhibits

 

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

 

 

 

 

 


 

CAMP Conferences, Inc., 540 W. Frontage Rd., Ste. 2205, Northfield, IL  60093
Tel: (312) 527-2800  Fax: (847) 881-0747

Copyright © 2010 CAMP Conferences, Inc. All Rights Reserved.
CAMP IT is a registered trademark of
CAMP Conferences, Inc.