Feedback from Attendees

Upcoming Events

Feb 15-16, 2012
IT Portfolio Management
Info

March 1, 2012
Enterprise IT Risk/Security Management
Info

March 15, 2012
Cloud Computing Strategies
Info

March 28, 2012
IT Infrastructure, Operations & Management
Info

April 12, 2012
Enterprise Mobility Strategies
Info

April 26, 2012
Disaster Recovery/Business Continuity - Resilient Infrastructure
Info

May 10, 2012
IT Leadership Strategies
Info

May 31, 2012
Desktop Virtualization Strategies
Info

June 14, 2012
BI/Big Data/Analytics
Info

June 21, 2012
Enterprise IT Risk/Security Management
Info

July 12, 2012
IT Infrastructure, Operations & Management
Info

Sep 6, 2012
Disaster Recovery/Business Continuity - Resilient Infrastructure
Info

Sep 24, 2012
Cloud Computing Strategies
Info

Oct 9-10, 2012
IT Portfolio Management
Info

Oct 25, 2012
Desktop Virtualization Strategies
Info

Nov 6, 2012
IT Leadership Strategies
Info

Nov 29, 2012
Disaster Recovery/Business Continuity - Data Protection
Info

Dec 13, 2012
BI/Big Data/Analytics
Info

(Click here to add any of our upcoming events to your calendar)

Conferences that solve current IT challenges

Enterprise Risk / Security Management - Governance / Risk / Compliance

Strategies to help protect and recover your organization's most critical data

June 10, 2010

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Bio   

Donald E. Stephens Convention Center  Rosemont (O'Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing data leakage, loss and prevention through risk management best practices.

What You Will Learn

In this one day conference attendees will learn:

• In this one day conference attendees will learn:
• Security Patterns: How to Make Security Architecture Easy to Consume
• Risk Reduction: How to Use Tokenization to Reduce the Risk of Data Theft
• Information Security Metrics…. (So Folks Outside of IT Understand & Care)
• Ad-Hoc Communications: How to Reduce the Risk
• How IT Security Organizations are Protecting Customer Data
• Mitigating Insider Threats: Effective Strategies for Preventing Data Leakage

Conference Program

8:00am - 9:00am - Registration and Continental Breakfast

Johnson

9:00am-10:00am

Security Patterns: How to Make Security Architecture Easy to Consume

Jeff Johnson, Enterprise Security Architect, ING

A security pattern is a well thought out solution to a recurring information security and risk problem. In this session, an experienced Enterprise Security Architect will share his strategies and tactics for success with security patterns and how it can help your enterprise.

Attendees will learn how to:

• Design security patterns that aligned to your organization’s needs
• Develop a security pattern framework
• Make security easy to consume by developing security patterns that can be reused across the organization
• Apply security patterns to data loss issues
• Articulate to management the value the patterns have provided and the issues they have solved

10:00am -10:30am - Refreshment Break

Palgon

10:30am-11:30am

Risk Reduction: How to Use Tokenization to Reduce the Risk of Data Theft

Gary Palgon, VP of Product Management, nuBridges

The risk of data theft remains high despite the best efforts of IT security officers. As organizations lock down sensitive and confidential data in one area, cybercriminals go after it in another. There is also the very real risk of internal theft or accidental loss.

To meet the more rigorous security challenges posed by protecting diverse types of information, a new data security model is beginning to gain traction – tokenization. Tokenization provides two distinct benefits that build on solid strong-encryption practices. First, it reduces the number of instances of sensitive data in an organization, and second, it reduces the scope of a PCI DSS audit.

Hansen

11:30am-12:30pm

Information Security Metrics…. (So Folks Outside of IT Understand & Care)

Adam Hansen, Director, Information Security, Sonnenschein, Nath and Rosenthal

The old adage holds –if you can’t measure it, you can’t manage it. But the concept of measuring risk, especially in information security risk, seems to be like opening pandora’s box resulting in a steady stream of “this is no longer relevant”, “what does that mean”, “how does this impact me” or worse yet, silence. During this session, we will discuss the concept of using metrics to not only measure and communicate the state of information security, but to do so in terminology most relevant to your constituents. This session will conclude with a review of several metrics/models that have proven successful over time and examples of how metrics can actually bolster funding and executive sponsorship.

12:30pm - 1:30pm Luncheon

Janacek

1:30pm-2:30pm

Ad-Hoc Communications: How to Reduce the Risk

Bob Janacek, CTO, DataMotion

In today’s dynamic business environment achieving compliance and gaining visibility to all of your organization’s sensitive communications can be a daunting task. Whether it’s basic privacy, data security threats or meeting regulatory compliance requirements as mandated by HIPAA, GLBA, PCI DSS, FERPA, PIPEDA or the UK Data Protection Act, IT managers need to protect their company’s data and reputation. Even the smallest compliance-related infractions can mean a damaged reputation, extensive audits, expensive financial penalties and litigation. You already have consistent, secure and well defined processes for your structured data exchanges. But what about those ad-hoc, one-off unstructured exchanges?

How secure are they? And as you attempt to secure these exchanges, do they support the dynamic nature of today’s business or impede it?

This presentation explores the issues with ad-hoc communications, the security concerns of traditional solutions and ensuring those solutions meet your compliance and governance needs.

• Why ad-hoc communications are difficult to deal with from an IT perspective
• What are traditional solutions
• Why should you be concerned from a security perspective
• What can you do to ensure your exchanges are protected

2:30pm - 3:00pm - Refreshment Break

Ozkan Varner Lauger Young Rodriguez

3:00pm-4:00pm

How IT Security Organizations are Protecting Customer Data

Moderator: Yinal Ozkan, Principal Architect, Integralis
Panelists will include:
Marc Varner, Sr. Director, Global Information Security, McDonald's Corporation
Leilani Lauger, Information Security Officer, Loyola University of Chicago and other
Steven Young, MBA, IEM., IS Security Officer, IS Division, Rush University Medical Center
Michael Rodriguez, Chief Technology Security Officer, Western Illinois University
and other CISOs and Security Directors sharing experiences and lessons learned

Customer data is the lifeblood of every business. Given the current climate, protection of this data takes on an even greater importance than ever before. As organizations are preparing for the economic recovery, what should they be thinking about?

In this session attendees will learn from a panel of enterprise IT security and risk professionals.

Topics that will be covered include:

• Market dynamics
• PCI and other regulatory drivers
• The risks of non-compliance
• How companies are protecting databases and applications

Ross Sullivan Tompkins Nootens Kwong

4:00pm-5:00pm

Mitigating Insider Threats: Effective Strategies for Preventing Data Leakage

Moderator: Greg Ross, Principal Consultant, Data Loss Prevention Services, CA
Panelists:
Steve Sullivan, Director, IT & Information Security Officer, Central DuPage Hospital
Scott Tompkins, Director, Information Security, Williams Lea
John Nootens, Director, Networking, American Medical Association
Fred Kwong, Security and Technology Lead, Zurich/CSC
and other professionals from IT departments

Data leakage can take many forms, and the reality is that it can be much more dangerous to an organization’s well being than the phrase implies. Many times it is unintentional, but, it is often the result of those who are trusted on the inside that for whatever reason may have something to gain by the loss or disposal of company sensitive information.

How do you protect your confidential information? How do you protect your organization’s reputation?

In this session attendees will learn from a panel of senior enterprise IT professionals as to how they are working through the challenges of mitigating insiders threats and preventing data leakage.

Conference price: $249 per person.

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.