Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare), Illinois

Strategies for reducing risk to the enterprise.

October 11, 2024

9:00am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

• Infosec FAILS are the best FAILS
• Managing Security Risk at the Speed of Business (Panel Discussion)
• The Risks of Enterprise AI
• Digital Risk Management –  A Balanced Approach to Achieving Business Goals
• Keeping Up with the Latest Security and Risk Management Trends
• How Security and the CSO Can Build Trust with the Business (Panel Discussion)

Conference Price: $299.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

CONFERENCE AGENDA

8:00am – 9:00am: Registration and Continental Breakfast

9:00am – 9:50am: Optimizing Risk Framework Assessments, Controls Assessments, and Risk Registers

Derek Milroy, Sr. Security Architect, Large Midwest Enterprise

Content that will be covered includes:

• Risk Register Journey – The journey from saved e-mails, to excel, and beyond!
• Risk Analysis Basics – Start with Qualitative, add a dash of Quantitative, and maybe some due care and diligence elements?
• Remediation and Road mapping fun.
• Reducing BIAS in Analyses, hopefully logical fallacies too.
• Threat Modeling Primer – Integrating Threat Intel into Risk Analysis processes and procedures.
• 3rd Party Risk Concerns, 4th Party Risk Concerns, everything’s a party!!!

Milroy

9:50am – 10:20am: Refreshment & Exhibit Break

10:20am – 11:10am: Keeping Up with the Latest Security and Risk Management Trends

Steve Scully, Systems Engineer, Stellar Cyber

What’s the best approach to enterprise security? The prevailing consensus in the industry has generally been threat-based or compliance-based approaches. However, many organizations that use these approaches struggle to strike the right balance between technical tools and practical outcomes.  The answer is to focus on reducing risk.

Join us to get an actionable roadmap for success, including:

• Examining 20 plus years of security paradigms — and learn why many of them fail
• Explore the increasing risks tied to digital transformation initiatives
• Understand how security intelligence helps teams make better decisions based on contextual data and metrics
• Discover a proven, comprehensive framework for cybersecurity that emphasizes risk over threats
• Learn how to create a persistent information advantage for better security — with a focus on being profitable

Scully

11:10am – 12:00pm: Techniques to Evolve Risk Governance: How Executives Make Informed Cyber Decisions

Chris Cronin, Principal/Partner, HALOCK

Regulators and standards bodies are requiring us to evolve cybersecurity governance. This session will help you understand how to make this work in your favor:

1. Understand what NIST and regulators mean by “governance.”
2. Help non-technical executives make informed cybersecurity decisions.
3. Use governance to your advantage.
4. Define a “clear line of acceptable risk” that everyone agrees to.
5. Justify your controls program, even after a breach.

Cronin

12:00pm – 12:40pm: Lunch & Exhibit Break

12:40pm – 1:30pm: Digital Risk Management –  A Balanced Approach to Achieving Business Goals

Larry A. Dunham, Digital Risk Officer, University of Illinois at Urbana-Champaign

Digital risk = all of the risk incurred by the organization from using technology in their business processes.

This session will cover:

• Risk Sources
• Risk Impacts
• Ethical Failures
• A balanced approach to risk
• Turn Risk Management from a Cost Center into a Profit Center

Dunham

1:30pm – 2:20pm: The Risks of Enterprise AI

Joe Gonzalez, Sales Engineer, Cyberhaven

This talk explores the pivotal challenges organizations encounter when integrating AI technologies into their operations. We will examine the risks associated with sensitive data flowing into AI tools, the impact of AI-generated data on your organization, and the emergence of Retrieval Augmented Generation AI tools. The discussion will underscore the critical role of data lineage in identifying and mitigating these data risks, ensuring a secure and compliant AI deployment.

Gonzalez

2:20pm – 2:50pm: Refreshment & Exhibit Break

2:50pm – 3:40pm: Managing Security Risk at the Speed of Business (Panel Discussion)

As a valued partner to the business, CISOs need to lead with business first execution.

In this session, attendees will learn from CISOs/Security Executives as to how they are:

• Leading a business first mentality
• Looking at every security risk decision through the lens of business impact
• How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on exposure to business compromise and impact
• Understand what Cloud/DevOps/Digital mean for your risk management program

Moderated by: Marty Kondziolka, Area Manager, AccessIT Group

Panelists will include:

• Anatoly Bodner, Global Head of IT Security Capabilities, The Kraft Heinz Company
• Jeffrey Deakins, CISO, Marmon Holdings, Inc.
• Stacy Estrada, Assistant Director, Enterprise Architecture & InfoSec, Montage Health
• Victor Hsiang, CISO, GATX
• Other CISOs and InfoSec Executives sharing strategies, tactics and lessons learned

Kondziolka             Bodner               Deakins                     Estrada                     Hsiang

3:40pm – 4:30pm: How Security and the CSO Can Build Trust with the Business (Panel Discussion)

In this session, attendees will learn from a panel of IT security executives as to the strategies they are leveraging to ensure their efforts are in sync with business priorities.

Topics covered:

1. How to identify leverage areas of value (reputation, regulation, revenue, resilience, and recession) for continued investment and security spending
2. How to assess, understand, and define security’s current and future roles in the extended enterprise
3. Where are security investments being made on personnel, processes, and technologies?

Moderated by: Scott Hunter, RSM, Snyk

Panelists will include:

• Fred Kwong, Ph.D., Vice President, Chief Information Security, DeVry University
• Mike Neuman, AVP, Security & Compliance, VelocityEHS
• Jody Schwartz, Director – Information Security Office – Card, Capital One
• Other CISOs and InfoSec Executives sharing strategies, tactics and lessons learned

Hunter                   Kwong                     Neuman              Schwartz

Conference Price: $299.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

CONFERENCE SPONSORS