Security Patterns: How to Make Security Architecture Easy to Consume
Jeff Johnson, Enterprise Security Architect, ING

A security pattern is a well thought out solution to a recurring information security and risk problem.  In this session, an experienced Enterprise Security Architect will share his strategies and tactics for success with security patterns and how it can help your enterprise.

10:30am-11:30am

Risk Reduction: How to Use Tokenization to Reduce the Risk of Data Theft
Gary Palgon, VP of Product Management, nuBridges

The risk of data theft remains high despite the best efforts of IT security officers. As organizations lock down sensitive and confidential data in one area, cybercriminals go after it in another. There is also the very real risk of internal theft or accidental loss.

To meet the more rigorous security challenges posed by protecting diverse types of information, a new data security model is beginning to gain traction – tokenization. Tokenization provides two distinct benefits that build on solid strong-encryption practices. First, it reduces the number of instances of sensitive data in an organization, and second, it reduces the scope of a PCI DSS audit.

11:30am-12:30pm

Information Security Metrics…. (So Folks Outside of IT Understand & Care)  
Adam Hansen, Director, Information Security, Sonnenschein, Nath and Rosenthal

12:30pm - 1:30pm - Luncheon

1:30pm-2:30pm

Ad-Hoc Communications: How to Reduce the Risk

Bob Janacek, CTO, DataMotion

In today’s dynamic business environment achieving compliance and gaining visibility to all of your organization’s sensitive communications can be a daunting task. Whether it’s basic privacy, data security threats or meeting regulatory compliance requirements as mandated by HIPAA, GLBA, PCI DSS, FERPA, PIPEDA or the UK Data Protection Act, IT managers need to protect their company’s data and reputation.  Even the smallest compliance-related infractions can mean a damaged reputation, extensive audits, expensive financial penalties and litigation.   You already have consistent, secure and well defined processes for your structured data exchanges. But what about those ad-hoc, one-off unstructured exchanges?

How secure are they? And as you attempt to secure these exchanges, do they support the dynamic nature of today’s business or impede it?

This presentation explores the issues with ad-hoc communications, the security concerns of traditional solutions and ensuring those solutions meet your compliance and governance needs.

• Why ad-hoc communications are difficult to deal with from an IT perspective

• What are traditional solutions

• Why should you be concerned from a security perspective

• What can you do to ensure your exchanges are protected

3:00pm-4:00pm
How IT Security Organizations are Protecting Customer Data
Moderator: Yinal Ozkan, Principal Architect, Integralis

Panelists will include:

Marc Varner, Sr. Director, Global Information Security, McDonald's Corporation

Leilani Lauger, Information Security Officer, Loyola University of Chicago and other
Steven Young, MBA, IEM., IS Security Officer, IS Division, Rush University Medical Center
Michael Rodriguez, Chief Technology Security Officer, Western Illinois University

and other CISOs and Security Directors sharing experiences and lessons learned

Customer data is the lifeblood of every business.  Given the current climate, protection of this data takes on an even greater importance than ever before.  As organizations are preparing for the economic recovery, what should they be thinking about?

In this session attendees will learn from a panel of enterprise IT security and risk professionals.

 Topics that will be covered include:

• Market dynamics

• PCI and other regulatory drivers

• The risks of non-compliance

• How companies are protecting databases and applications

4:00pm-5:00pm

Mitigating Insider Threats: Effective Strategies for Preventing Data Leakage
Moderator: Greg Ross, Principal Consultant, Data Loss Prevention Services, CA
Panelists:
Steve Sullivan, Director, IT & Information Security Officer, Central DuPage Hospital
Scott Tompkins, Director, Information Security, Williams Lea

John Nootens, Director, Networking, American Medical Association
Fred Kwong, Security and Technology Lead, Zurich/CSC

and other professionals from IT departments

Data leakage can take many forms, and the reality is that it can be much more dangerous to an organization’s well being than the phrase implies. Many times it is unintentional, but, it is often the result of those who are trusted on the inside that for whatever reason may have something to gain by the loss or disposal of company sensitive information. 

How do you protect your confidential information?  How do you protect your organization’s reputation?

In this session attendees will learn from a panel of senior enterprise IT professionals as to how they are working through the challenges of mitigating insiders threats and preventing data leakage.

Conference Price: $219.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs.  CISSP is a registered certification mark of (ISC)², Inc.