PAST EVENTS

Enterprise Risk / Security Management

Strategies and techniques for leading and guiding a business driven risk/security approach during dynamic times.

February 20, 2020

8:30am-5:00pm

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

What You Will Learn

In this one day conference attendees will learn:

• 2020 and Beyond: Security and Risk Management Trends
• Is There Such a Thing as Reasonable Privacy?
• Streamlining Compliance: Effectively Incorporating Customer and Vendor Perspectives to Drive Efficiencies and Build Trust
• How CISOs are Building Successful Cyber Security Teams (CISO Panel Discussion)
• How to Ensure Your Suppliers are Meeting Your Security Requirements
• The Cybersecurity Department: Making Cybersecurity a Business Competency Through Key Risk Indicators
• Achieving Governance and Security through Cloud Management
• Managing Security Risk at the Speed of Business (CISO Panel Discussion)

Conference Price: $299.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

Conference Program

8:00am – 8:30am: Registration and Continental Breakfast

8:30am-9:20am: 2020 and Beyond: Security and Risk Management Trends

Laszlo S. Gonc, Founder and CEO, Next Era Transformation Group, LLC
First Senior Fellow, DivIHN Cybersecurity Center of Excellence

This presentation will describe the most significant trends in cybersecurity and how your organization needs to take advantage of these trends.

Key areas that will be covered include:

• The next generation of threats
• Trends in creating a top notch security organization
• Strategic trends that will influence security strategy

Gonc

9:20am-10:10am:  Is There Such a Thing as Reasonable Privacy?

Chris Cronin, Principal/Partner, HALOCK

U.S.-based organizations are finding that new and emerging privacy regulations are difficult to comply with. In many ways those regulations change our relationships with our customers and the public, and makes us stewards of information that they own. Many new privacy requirements are straightforward to implement (such as requiring opt-in and opt-out policies, and processes to field consumer inquiries). But some requirements, such as the right to be forgotten, reasonably verifying the identify of consumer requestors, and using reasonable security safeguards create a potentially expensive and harrowing grey area.

During this session Chris Cronin will show a feature common among privacy regulations such as GDPR and CCPA that will help you clearly define what reasonable privacy controls are. By using Duty of Care Risk Analysis (DoCRA) your organization will be able to show that your controls are reasonable when you address your needs and the public’s needs as equally important.

Cronin

10:10am -10:40am: Refreshment Break

10:40am-11:30am: Streamlining Compliance: Effectively Incorporating Customer and Vendor Perspectives to Drive Efficiencies and Build Trust

Jason Lipschultz, Managing Director, Third Party Attestation, BDO
Brian Vazzana, Information Systems Assurance Partner, BDO

The market is changing at an accelerated pace, and organizations need to adapt swiftly and efficiently. Business is increasingly interconnected, integrated, and interdependent, particularly with increased reliance on third parties. Regulatory requirements are escalating, and industries are experiencing technological innovation and disruption like never before. This market transformation is real and requires a new level of trust to mitigate these risks.

We will take you beyond the traditional approach of risk management and compliance by exploring:

• How companies can consolidate and streamline compliance efforts across the enterprise through a more effective, balanced, and programmatic approach;
• How to maximize the benefits of working with third parties while minimizing the control risk; and
• How to stay ahead of emerging risks and regulatory and industry changes.

This will disrupt the status quo and require both internal and external stakeholder support, from the C-suite and the Board to the daily control operators and third parties themselves. While the challenge is real, the need to take action is paramount as companies are experiencing real audit fatigue and impact to their bottom line and are thirsting for a more collaborative and effective approach to risk management.

          
Lipschultz      Vazzana

11:30am-12:20pm: How CISOs are Building Successful Cyber Security Teams (CISO Panel Discussion)

Moderator:
Steve Williams, Director, Remediant
Panelists:
Troy Mattern, Vice President for Product and Services Cybersecurity, Motorola Solutions
Greg Bee, Chief Information Security Officer, Pekin Insurance
John Germain, Chief Information Security Officer, Duck Creek Technologies
Stephenie Southard, Vice President, Chief Information Security Officer, BCU
Bob Duplessis, Senior Vice President / Information Security Officer, Old Second National Bank
and other CISOs/Information Security Executives sharing lessons learned

In this session, CISOs will share how they build culture, drive effective cross-team communication, leverage non-traditional hiring practices and programs to find extraordinary talent from across generations, geographies and genders.

                                  
Mattern       Bee             Germain      Southard      Duplessis      Williams

12:20pm – 1:10pm Luncheon

1:10pm-2:00pm:  How to Ensure Your Suppliers are Meeting Your Security Requirements

Amy Buss, Information Security Contract Lead, U.S. Cellular

Even the greatest security programs could have hidden back doors when it comes to ensuing your suppliers are meeting your security requirements. In the growing trend of outsourcing more and more to cloud vendors, does your company have a process to ensure you are holding your suppliers accountable to your security best practices at a contractual level.

For example, it seems like common sense that your supplier would have good security practices around protecting your credentials and login to their cloud solution as well as have proactive monitoring/alerting for suspicious login. Have you confirmed they encrypt your passwords? Have you confirmed they require strong passwords and have appropriate password policies? If you have not specified that in your contract, you might be surprised what you find if you ask what they actually have in place.

Do you assume a supplier will meet your security requirements if they have a SOC II and can provide it to you yearly? Have you read their SOC II to see if they have a good/bad security program? Could their security program be designed to patch twice a year which they meet, thus pass their SOC II? Are you ok with that? Are you aware of that?

Buss

2:00pm – 2:50pm: The Cybersecurity Department: Making Cybersecurity a Business Competency Through Key Risk Indicators

Chris Cronin, Principal/Partner, HALOCK

Executives and Boards manage what they know, and stress about what they don’t know. And they stress over cybersecurity. Most organizations do not have cybersecurity specialists at their helm because their business has not relied on that capability until very recently. Cybersecurity has grown from the bottom-up in the hands of technicians, and from the top-down from regulators and engineers. But few organizations have articulated their cybersecurity objectives and risks in a manner that executives can engage with. This has resulted in alienating the people who approve our priorities, resources, and budgets.

Chris Cronin will explain the root causes of the breakdowns between executive leadership and cybersecurity practitioners and will show how DoCRA-based analytics help executives make informed decisions about priorities, resources, and budgets.

Cronin

2:50pm – 3:20pm: Refreshment Break

3:20pm-4:10pm: Achieving Governance and Security through Cloud Management

Annur Sumar, Chief Technology Officer, MaeTech

This session will explore the business challenges and issues related to security and management through various different standards and solutions. It will provide an analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, with a focus on hybrid IaaS and PaaS systems and how to achieve security and governance for successful adoption.

Sumar

4:10pm-5:00pm: Managing Security Risk at the Speed of Business (CISO Panel Discussion)

Moderator:
Jon Oppenhuis, Senior Advisor – Risk Management, Optiv
Panelists:
Brad Marr, Senior Director and CISO, Life Fitness
Elizabeth Ogunti, Senior Manager, IT Security and Compliance, JBT Corporation
Ron Versetto, Executive Director, IT, University of Illinois at Chicago
Nick Suttle, Director of Information Security and Compliance, Lippert Components, Inc.
Rozel Audric Kouadio, Information Security, The Kraft Heinz Company
and other CISOs/Information Security Executives sharing lessons learned

As a valued partner to the business, CISOs need to lead with business first execution.

In this session, attendees will learn from CISOs/Security Executives as to how they are:

• Leading a business first mentality
• Looking at every security risk decision through the lens of business impact
• How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on exposure to business compromise and impact
• Understand what Cloud/DevOps/Digital mean for your risk management program

                      
Marr          Ogunti       Versetto       Suttle        Kouadio      Oppenhuis

Conference Price: $299.00 per person

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.