PAST EVENTS
Enterprise Risk / Security Management: Chicago (Rosemont/O’Hare), Illinois
Strategies for reducing risk to the enterprise.
October 6, 2022
9:00am-5:00pm
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
Overview
In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.
With all of these challenges, how do you make this happen?
In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.
What You Will Learn
In this one day conference attendees will learn:
- Risk Registers and Risk Analysis Evolutions
- A Proven Methodology to Secure the Budget You Need
- The “Real” Dark Web and How the Underground Economy Works
- How Do You Perform Your Best in a World with a Seemingly “No Fail” Mission?
- Key Strategies for CISO Effectiveness (CISO Panel Discussion)
- Manage Compliance Risks for External Content Communication
- How to Effectively Manage the Cyber Risks of the Cloud: A CISO’s Perspective (CISO Panel Discussion)
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
9:00am-9:50am: Risk Registers and Risk Analysis Evolutions
Derek Milroy, IS Security Architect, U.S. Cellular
Join Derek Milroy of US Cellular as he covers:
- Risk Register Journey – Where to start, where to evolve to
- Risk Analysis Basics – Start with Qualitative, maybe move to or add quantitative analysis later?
- Eliminating BIAS in Analyses
- Threat Modeling Primer – Integrating Threat Intel into Risk Analysis processes and procedures
- 3rd Party Risk Concerns
Milroy
9:50am-10:20am: Refreshment Break
10:20am-11:10am: A Proven Methodology to Secure the Budget You Need
Jim Mirochnik, CEO & Senior Partner, HALOCK Security Labs
Securing the budget you require in a transforming world is more difficult than ever. This session will cover the four major questions budget approvers need answered and how utilizing the Duty of Care Risk Analysis (DoCRA) methodology will help you deliver the information to secure the budget you really need.
Mirochnik
11:10am-12:00pm: The “Real” Dark Web and How the Underground Economy Works
Byron Rashed, Vice President, Centripetal
The Dark Web is where the underground economy marketplace is the main source of selling and trading published leaked. The volume of the breached data available on the Dark Web exceeds 1.5 billion records, which is close to 50% of the number of Internet users on the planet.
The proactive analysis of the leaked data may create unique value for modern security community in terms of additional mechanisms for risk scoring and customers safety improvements. More and more businesses and organizations in various vertical markets started to use leaked data analysis in their security operations, protecting their enterprise, partners, employees and customers from potential network infiltration and data exfiltration, or more significant targeted threats.
This session will show actual examples of Dark Web forums and marketplaces from actual breaches and how threat actors leverage this data to monetize, blackmail, trade, and parse data to buyers, and verified sources (IP addresses and domains) containing context may help in investigations and bad actor attribution if a breach occurs. Threat intelligence and incident response units may also extract valuable information about attack patterns and additional meaningful indicators to help safeguard potential attacks.
Rashed
12:00pm-12:50pm: How Do You Perform Your Best in a World with a Seemingly “No Fail” Mission?
Steve Shelton, CEO, Green Shoe Consulting
Cyber Security is a high-stress and high turnover industry with a seemingly ‘no-fail’ mission. There are countless complexities to manage.
How do you manage the complexities and expectations of your role? How do you find a work life balance? How do you give presentations to a board or other executives when you’re an introvert? How do you deal with difficult team members? How do you effectively manage your time? How do you build a positive, innovative culture?
This discussion will highlight how to develop the mental skills needed to manage these complexities effectively and perform your best.
Shelton
12:50pm-1:30pm: Lunch Break
1:30pm-2:20pm: Key Strategies for CISO Effectiveness (CISO Panel Discussion)
IT Security and risk management Executives are often blamed in cases of breach. At the same time, digital business has propelled security and risk to become an executive boardroom topic, and business units have increased their expectations IT leadership, and reg.
In this session, learn how CISOs are balancing the challenging needs of their peer executives, business units and at the same time keeping their IT security teams motivated.
Moderator: Cliff Hieronymus, Regional Manager, Corelight, Inc.
Panelists include:
- Paul Kunas, Executive Director, Information Security Governance Risk and Compliance, Accenture
- Michael Neuman, Chief Information Security Officer, Backstop Solutions Group
Hieronymus Kunas Neuman
2:20pm-2:50pm: Refreshment Break
2:50pm-3:40pm: Manage Compliance Risks for External Content Communications
Bob Ertl, Sr. Director, Kiteworks
Learn how organizations are using private content networks to unify protection, control, and tracking when they communicate compliance-sensitive content with partners, regulators, and customers.
- Unify protection and governance for email, file sharing, SFTP, and automated file transfers
- Send protected health information (PHI) to state agencies, insurers, and outsourcers in compliance with HIPAA
- Ensure GDPR and CCPA compliance when sending personally identifiable information (PII) and financial data to customers, collection agencies, and other outsourcers
- Securely automate statement and invoice delivery to customers
- Save time preparing for HIPAA, GDPR, and other audits
Ertl
3:40pm-4:20pm: How to Effectively Manage the Cyber Risks of the Cloud: A CISO’s Perspective (CISO Panel Discussion)
Cloud adoption has grown exponentially over the last several years but not without its risks.
In this session, learn how CISOs/IT Security Executives are managing the cyber risks in cloud with the continuous risks of being breaches on a regular basis.
Moderator: Steve Shelton, CEO, Green Shoe Consulting
Panelists include:
- Neba Ambe, Director of Information Systems, City of Chicago
- Other CISO’s/Executive Directors sharing strategies, tactics, and lessons learned
Shelton Ambe
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Exhibits
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.