[vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” text_align=”left” background_image=”348335″ box_shadow_on_row=”no”][vc_column css=”.vc_custom_1509976289581{padding-top: 200px !important;padding-bottom: 199px !important;}”][vc_column_text]
PAST EVENTS
[/vc_column_text][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”grid” text_align=”left” box_shadow_on_row=”no”][vc_column][vc_column_text css=”.vc_custom_1577997456878{padding-top: 25px !important;padding-bottom: 25px !important;}”]Enterprise Risk / Security Management
Strategies and techniques for leading and guiding a business driven risk/security approach during dynamic times.
February 20, 2020
8:30am-5:00pm
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois[/vc_column_text][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”grid” text_align=”left” box_shadow_on_row=”no”][vc_column width=”1/2″][vc_column_text]
[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_column_text]
[/vc_column_text][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”grid” text_align=”left” box_shadow_on_row=”no”][vc_column][vc_column_text css=”.vc_custom_1581964676321{padding-top: 25px !important;padding-bottom: 25px !important;}”]
Overview
In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real value to the business can be achieved.
With all of these challenges, how do you make this happen?
In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.
What You Will Learn
In this one day conference attendees will learn:
- 2020 and Beyond: Security and Risk Management Trends
- Is There Such a Thing as Reasonable Privacy?
- Streamlining Compliance: Effectively Incorporating Customer and Vendor Perspectives to Drive Efficiencies and Build Trust
- How CISOs are Building Successful Cyber Security Teams (CISO Panel Discussion)
- How to Ensure Your Suppliers are Meeting Your Security Requirements
- The Cybersecurity Department: Making Cybersecurity a Business Competency Through Key Risk Indicators
- Achieving Governance and Security through Cloud Management
- Managing Security Risk at the Speed of Business (CISO Panel Discussion)
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.
[/vc_column_text][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”grid” text_align=”left” box_shadow_on_row=”no” css=”.vc_custom_1513895163165{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_column][vc_column_text css=”.vc_custom_1582208511976{padding-top: 25px !important;padding-bottom: 25px !important;}”]
Conference Program
8:00am – 8:30am: Registration and Continental Breakfast
8:30am-9:20am: 2020 and Beyond: Security and Risk Management Trends
Laszlo S. Gonc, Founder and CEO, Next Era Transformation Group, LLC
First Senior Fellow, DivIHN Cybersecurity Center of Excellence
This presentation will describe the most significant trends in cybersecurity and how your organization needs to take advantage of these trends.
Key areas that will be covered include:
- The next generation of threats
- Trends in creating a top notch security organization
- Strategic trends that will influence security strategy
Gonc
9:20am-10:10am: Is There Such a Thing as Reasonable Privacy?
Chris Cronin, Principal/Partner, HALOCK
U.S.-based organizations are finding that new and emerging privacy regulations are difficult to comply with. In many ways those regulations change our relationships with our customers and the public, and makes us stewards of information that they own. Many new privacy requirements are straightforward to implement (such as requiring opt-in and opt-out policies, and processes to field consumer inquiries). But some requirements, such as the right to be forgotten, reasonably verifying the identify of consumer requestors, and using reasonable security safeguards create a potentially expensive and harrowing grey area.
During this session Chris Cronin will show a feature common among privacy regulations such as GDPR and CCPA that will help you clearly define what reasonable privacy controls are. By using Duty of Care Risk Analysis (DoCRA) your organization will be able to show that your controls are reasonable when you address your needs and the public’s needs as equally important.
Cronin
10:10am -10:40am: Refreshment Break
10:40am-11:30am: Streamlining Compliance: Effectively Incorporating Customer and Vendor Perspectives to Drive Efficiencies and Build Trust
Jason Lipschultz, Managing Director, Third Party Attestation, BDO
Brian Vazzana, Information Systems Assurance Partner, BDO
The market is changing at an accelerated pace, and organizations need to adapt swiftly and efficiently. Business is increasingly interconnected, integrated, and interdependent, particularly with increased reliance on third parties. Regulatory requirements are escalating, and industries are experiencing technological innovation and disruption like never before. This market transformation is real and requires a new level of trust to mitigate these risks.
We will take you beyond the traditional approach of risk management and compliance by exploring:
- How companies can consolidate and streamline compliance efforts across the enterprise through a more effective, balanced, and programmatic approach;
- How to maximize the benefits of working with third parties while minimizing the control risk; and
- How to stay ahead of emerging risks and regulatory and industry changes.
This will disrupt the status quo and require both internal and external stakeholder support, from the C-suite and the Board to the daily control operators and third parties themselves. While the challenge is real, the need to take action is paramount as companies are experiencing real audit fatigue and impact to their bottom line and are thirsting for a more collaborative and effective approach to risk management.
Lipschultz Vazzana
11:30am-12:20pm: How CISOs are Building Successful Cyber Security Teams (CISO Panel Discussion)
Moderator:
Steve Williams, Director, Remediant
Panelists:
Troy Mattern, Vice President for Product and Services Cybersecurity, Motorola Solutions
Greg Bee, Chief Information Security Officer, Pekin Insurance
John Germain, Chief Information Security Officer, Duck Creek Technologies
Stephenie Southard, Vice President, Chief Information Security Officer, BCU
Bob Duplessis, Senior Vice President / Information Security Officer, Old Second National Bank
and other CISOs/Information Security Executives sharing lessons learned
In this session, CISOs will share how they build culture, drive effective cross-team communication, leverage non-traditional hiring practices and programs to find extraordinary talent from across generations, geographies and genders.
Mattern Bee Germain Southard Duplessis Williams
12:20pm – 1:10pm Luncheon
1:10pm-2:00pm: How to Ensure Your Suppliers are Meeting Your Security Requirements
Amy Buss, Information Security Contract Lead, U.S. Cellular
Even the greatest security programs could have hidden back doors when it comes to ensuing your suppliers are meeting your security requirements. In the growing trend of outsourcing more and more to cloud vendors, does your company have a process to ensure you are holding your suppliers accountable to your security best practices at a contractual level.
For example, it seems like common sense that your supplier would have good security practices around protecting your credentials and login to their cloud solution as well as have proactive monitoring/alerting for suspicious login. Have you confirmed they encrypt your passwords? Have you confirmed they require strong passwords and have appropriate password policies? If you have not specified that in your contract, you might be surprised what you find if you ask what they actually have in place.
Do you assume a supplier will meet your security requirements if they have a SOC II and can provide it to you yearly? Have you read their SOC II to see if they have a good/bad security program? Could their security program be designed to patch twice a year which they meet, thus pass their SOC II? Are you ok with that? Are you aware of that?
Buss
2:00pm – 2:50pm: The Cybersecurity Department: Making Cybersecurity a Business Competency Through Key Risk Indicators
Chris Cronin, Principal/Partner, HALOCK
Executives and Boards manage what they know, and stress about what they don’t know. And they stress over cybersecurity. Most organizations do not have cybersecurity specialists at their helm because their business has not relied on that capability until very recently. Cybersecurity has grown from the bottom-up in the hands of technicians, and from the top-down from regulators and engineers. But few organizations have articulated their cybersecurity objectives and risks in a manner that executives can engage with. This has resulted in alienating the people who approve our priorities, resources, and budgets.
Chris Cronin will explain the root causes of the breakdowns between executive leadership and cybersecurity practitioners and will show how DoCRA-based analytics help executives make informed decisions about priorities, resources, and budgets.
Cronin
2:50pm – 3:20pm: Refreshment Break
3:20pm-4:10pm: Achieving Governance and Security through Cloud Management
Annur Sumar, Chief Technology Officer, MaeTech
This session will explore the business challenges and issues related to security and management through various different standards and solutions. It will provide an analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, with a focus on hybrid IaaS and PaaS systems and how to achieve security and governance for successful adoption.
Sumar
4:10pm-5:00pm: Managing Security Risk at the Speed of Business (CISO Panel Discussion)
Moderator:
Jon Oppenhuis, Senior Advisor – Risk Management, Optiv
Panelists:
Brad Marr, Senior Director and CISO, Life Fitness
Elizabeth Ogunti, Senior Manager, IT Security and Compliance, JBT Corporation
Ron Versetto, Executive Director, IT, University of Illinois at Chicago
Nick Suttle, Director of Information Security and Compliance, Lippert Components, Inc.
Rozel Audric Kouadio, Information Security, The Kraft Heinz Company
and other CISOs/Information Security Executives sharing lessons learned
As a valued partner to the business, CISOs need to lead with business first execution.
In this session, attendees will learn from CISOs/Security Executives as to how they are:
- Leading a business first mentality
- Looking at every security risk decision through the lens of business impact
- How can security and IT operations can work together effectively to identify best cost actions that have the most meaningful impact on exposure to business compromise and impact
- Understand what Cloud/DevOps/Digital mean for your risk management program
Marr Ogunti Versetto Suttle Kouadio Oppenhuis
Conference Price: $299.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
Exhibits
As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.
[/vc_column_text][/vc_column][/vc_row][vc_section][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” text_align=”left” box_shadow_on_row=”no” css=””][vc_column][vc_column_text]
CONFERENCE CO-SPONSORS
[/vc_column_text][vc_empty_space image_repeat=”no-repeat”][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”grid” text_align=”left” box_shadow_on_row=”no”][vc_column width=”1/3″][vc_single_image image=”353910″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”http://www.armis.com”][/vc_column][vc_column width=”1/3″][vc_single_image image=”353911″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”https://www.bdo.com/”][/vc_column][vc_column width=”1/3″][vc_single_image image=”354074″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”https://bigid.com/”][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” text_align=”left” box_shadow_on_row=”no”][vc_column][vc_empty_space image_repeat=”no-repeat”][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”grid” text_align=”left” box_shadow_on_row=”no”][vc_column width=”1/3″][vc_single_image image=”352763″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”http://www.centripetalnetworks.com”][/vc_column][vc_column width=”1/3″][vc_single_image image=”353217″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”http://www.code42.com”][/vc_column][vc_column width=”1/3″][vc_single_image image=”353912″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”https://divihn.com/”][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” text_align=”left” box_shadow_on_row=”no”][vc_column][vc_empty_space image_repeat=”no-repeat”][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”grid” text_align=”left” box_shadow_on_row=”no”][vc_column width=”1/3″][vc_single_image image=”350433″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”http://www.halock.com”][/vc_column][vc_column width=”1/3″][vc_single_image image=”354059″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”https://www.remediant.com/”][/vc_column][vc_column width=”1/3″][vc_single_image image=”353995″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”http://www.spycloud.com”][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” text_align=”left” box_shadow_on_row=”no”][vc_column][vc_empty_space image_repeat=”no-repeat”][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” text_align=”left” box_shadow_on_row=”no”][vc_column width=”1/3″][/vc_column][vc_column width=”1/3″][vc_single_image image=”354005″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”http://www.varonis.com”][vc_single_image image=”354041″ img_size=”full” alignment=”center” onclick=”custom_link” img_link_target=”_blank” link=”http://www.optiv.com”][/vc_column][vc_column width=”1/3″][/vc_column][/vc_row][vc_row row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” text_align=”left” box_shadow_on_row=”no”][vc_column][vc_empty_space image_repeat=”no-repeat”][/vc_column][/vc_row][/vc_section]