Create Custom Schedule

View all sessions and create your custom schedule

Conference: Governance, Risk and Compliance

Track Chair:
John P. Pironti
CGEIT, CISA, CISM, CISSP, ISSAP, ISSMP
President
IP Architects, LLC

Information security is quickly evolving into information risk management. The enterprise of today can no longer rely on technology alone to protect information and information infrastructure, and requires a business-aligned approach to information risk management, governance, and compliance to be successful. The growth in global regulatory and compliance requirements, lack of available resources and funding, and constant need to balance protection with the business needs of the organization is a great challenge for professionals in this area. The Governance, Risk, and Compliance track will focus on providing insights and guidance from experienced practitioners on key issues which enterprises are facing today as they mature their capabilities and transform a reactive and technologically focused approach to information security into a proactive approach to information risk management.

Open All Descriptions |

Close All Descriptions

Wednesday, November 18
11:00 am–12:00 pm	Business Resiliency: Are You Really Prepared? (Location: 1E08) Business Resiliency is the maturation and amalgamation of the individual processes of Crisis Management, Incident Response, Business Continuance, and Disaster Recovery into one succinct set of processes and capabilities that work collectively instead of independently. This combination allows organizations to have minimal disruption in the event of a business-impacting incident that affects the entire organization instead of one that involves specific information infrastructure areas. When evaluating these capabilities, it is important to understand that they only are as effective as the proactive planning and considerations that go into their development. Too often, planning accounts for only the most obvious considerations and does not incorporate crucial and essential considerations that have the most impact. This session will discuss the key elements of business resiliency and the considerations that should be made when developing or maturing this capability. Speaker - John Pironti, Chief Information Risk Strategist, Archer Technologies John P. Pironti is the Chief Information Risk Strategist for Archer Technologies. In this role, John consults with Fortune 1000 executives on IT-GRC and information security issues and initiatives, evangelizes product concepts in the marketplace to gather feedback, and collaborates with Archer's product experts to translate industry needs into technology solutions. John has been designing and implementing highly secure, mission-critical, globally oriented enterprise information infrastructure solutions for more than 18 years. He has worked extensively on a global basis in the aerospace, financial services, government, healthcare, hospitality, insurance, publishing, media and entertainment and telecommunications industries. He is a frequent speaker at industry conferences, both domestic and international, on electronic business and information security topics, and is also a published author and writer.
4:00 pm–5:00 pm	Privacy in the Clouds: A Governance Storm is Brewing (Location: 1E08) Cloud computing is predicted as a natural extension of Web 2.0 with emphasis on openness, interoperability, and better IT economics. There is also an increasingly dark lining to this silver cloud in the form of personal data privacy risk and new business liabilities as a result of cloud dependence. This session not only helps draw the cloud as a business movement but illustrates the inherent data risks of even being there. The session will also highlight the growing global compliance risks and costs as they consider Web 2.0 and cloud computing for their enterprise. Speaker - Drew Bartkiewicz, Vice President of Cyber Risk and New Media Markets, The Hartford Drew Bartkiewicz, serves as Vice President of Technology and New Media Markets, of The Hartford. Drew has 18 years in the Software, Social Media, and Business Risk fields with companies such as BroadVision, salesforce.com, The Hartford, and United Technologies. Drew has written and lectured extensively on Internet and technology business trends over the past decade. He was a participating author in the Brookings Institution book on technology and economics, Unseen Wealth (published in 2001). He is currently a board member of the Online Reputation Management Association and is an active writer / speaker in the area of IT risk, laws, and governance. During the Web 1.0 and Personalization decade of the Internet, Drew worked extensively with the following organizations' e-commerce initiatives: GE Capital, Home Depot, UBS, Barclays, Walmart, Bank of America, Blue Cross, Nike, Maidenform, Time Warner, Fox, MTV, Telecom Italia, Primedia, GE Supply, Citigroup, e-Trade, Bear Stearns, and Credit Suisse. During the Web 2.0 evolution Drew has already underwritten the risks of emerging areas such as social networks, video advertising, internet and data privacy liability. Drew is a graduate of the United States Military Academy at West Point and has an MBA from the Yale School of Management. He is currently working on the book, Unseen Liability, The Economics of Technology Risk and Information Malpractice, due in 2010.
Top of Page
Thursday, November 19
10:15 am–11:15 am	Mining for Value in the Data Log Fire Hose: Top Five Governance, Risk and Compliance Metrics in Logs (Location: 1E08) Logging has quickly become an important requirement for governance risk and compliance and information security management. Unfortunately most organizations are overwhelmed by both the volume of logs they are examining and data included in them. In order to be an effective tool, an organization has to try to make sense of and derive business and technical value from their logs. If you could only choose five log-based metrics to assess the health of your information security, risk, and compliance posture, what would they be? This session will describe which logs and what log metrics will tell you the most and how to derive knowledge and value from them - even if you look for nothing else. Speaker - Paul Stamp, Senior Product Manager, RSA Paul Stamp is the Senior Manager of Product Marketing for the Information and Event Management Group at RSA. In this role, Paul is responsible for reinforcing RSA's position as a market leader in the Security Information and Event Management space. Paul has been active in the information security industry for the past 11 years, and is regularly featured in the media, including NPR Marketplace, Wall Street Journal, New York Times, Washington Post and a host of industry publications. Prior to joining RSA, Paul was Principal Analyst for Forrester Research, covering security information and event management and data security, and a security architect with Unisys Corporation. Paul holds an MA (Oxon) in Mathematics from Oxford University.
Top of Page