Risk Management & Security Track

Information Risk and Security continue to be top of mind for organizations. High-profile attacks continually demonstrate the capabilities of attackers and our limited ability to defend against them. All is not lost; many organizations have also begun to realize how to work smarter, not harder in their approach to information risk management and security, compliance, and IT governance. They are equipping themselves with the knowledge, resources, and tools to tip the balance of power away from the adversary and back to the defender.

The Risk Management & Information Security Track features both technologies and management practices. The information risk management-focused sessions will target areas including effective governance for BYOD and Social Networking activities and insider threat considerations. The technically focused sessions will discuss key technology advances such as next generation firewalls and emerging concern in traditional technologies.


Featured Risk Management & Information Security Sessions
A CISO's Perspective: Friend or Foe? Effectively Managing Third Party Information Security Risks
The use of third party vendors, service providers, and partners are a normal and growing part of many businesses operations today and are a growing concern for information risk and security professionals. An organization’s security posture is only as strong as it weakest link. While many information risk and security organizations are effective at managing information risk they have direct control over, third parties often challenge them due to their limited governance and oversight capabilities. In this session, Elliott Glazer, the CISO of Dun and Bradstreet will share his thoughts on how he is successfully navigating this challenge using a business focused, risk based, and process driven approach to manage third party risks.
Speaker: Elliott Glazer, CISO, Dun and Bradstreet

Cloudy With a Chance of Encryption
In this day and age, it's not only dangerous to use the cloud without secure encryption, it's downright neglectful. Ponemon's annual cloud encryption report recently noted that 50% of companies are still sending their data to and from the cloud unsecured. Today, securing data is only half of the issue for IT security teams. Modern data protection is about security and control. Whoever owns and maintains the encryption keys controls access to the data. If your cloud service provider manages the keys on behalf of your organization, they can still be obligated to share your data with government officials– without notifying your organization. In this session, cloud encryption expert and Vaultive CEO, Elad Yoran, will discuss the importance of persistent encryption—a method which secures data in all three states (at rest, in transit, and in use) so your information is never exposed to anyone, except your organization holding the encryption keys.
Speaker: Elad Yoran, CEO, Vaultive

Emerging Tools and Trends in Hacking
This lively and fast-paced presentation will examine the most recent developments in hacker tools, exploits, trends and legislation. Live demos for some of the newest tools will be given. The session aims to arm the participates with knowledge about the state-of-the-art in IT security to better equip the participant to defend against newer threats, identify new resources for auditing IT systems, and plan for coming trends and legislation. After completing this session, the participant will be able to: determine the appropriateness of using the latest free security tools as part of their security testing tool kit, evaluate if new threats apply to their situation and possible mitigation strategies, learn from current incidents to better evaluate their own defenses from similar attacks and raise awareness within their organization, enhance their own personal security (as well as the security of their organizations) by implementing (typically) free security tools or using enhanced settings in common software.
Speaker: David Rhoades, Senior Consultant, Maven Security Consulting, Inc.

Is Your Data Really Safe? A Security Checklist Everyone Must Implement
You probably consider your enterprise data safe, but have you really considered every possible security scenario to ensure its safety? Overall, in this session, you will learn what to look for in a cloud provider, including architectural considerations, and proper data procedures and compliance. You will also learn about the top five practices that can put your company data at risk and how to successfully combat those challenges to ensure the complete safety of your most sensitive information. Specifically, the session will explain what architectural features to look for in a cloud provider that ensure data privacy laws, such as where does client data reside in the full cloud stack as well understanding that data processing also applies to people accessing this data in a customer support capacity. Attendees will learn how data protection laws impact how your data is stored, and what to look for to confirm the architecture you're using is built to ensure those privacy and protection laws are not violated.
Speaker:
Mush Hakhinian, Chief Security Architect, Intralinks

Joining the Intelligence-Led Revolution
The market for cyber threat intelligence may be young – but the work of intelligence collection, analysis and dissemination is not – it dates back to the earliest days of human conflict and, realizing that we are in the midst of cyber conflict, our model involves the application of those approaches to cyber. These forward leaning security practitioners realize that their adversaries gather intelligence on them on a daily basis – and they are turning to cyber threat intelligence in order to turn the tables. This discussion will be focused on the core fundamentals of building the business case for, implementing and sustaining a successful cyber threat intelligence program following the model executed by some of the largest and most sophisticated programs in the world.
Speaker: Stu Solomon, Vice President, iSIGHT Partners

Key Elements of a Vulnerability Management Program
Vulnerability management is essential to information risk management and security programs. However, many organizations’ vulnerability management processes are reactive and inefficient. Organizations that implement a comprehensive, proactive vulnerability management program will see a significant increase their success rates in protecting their business processes, information infrastructure, and data. This session will focus on the key elements in vulnerability programs as well as their dependencies and requirements. The most effective vulnerability management programs follow a structured lifecycle from the moment of vulnerability detection until the completion of its remediation report. The speaker will explore industry-leading methods and, practices of vulnerability management supported by case studies and real world examples.
Speaker: John Pironti, President, IP Architects LLC.

Next-Generation Firewalls: Results From the Lab
Next-generation firewalls promise more sophisticated attack detection and prevention without affecting network performance. Rob Smithers, President and CEO of Miercom, will provide a wealth of objective information on next-generation firewalls. Smithers will share validated results of Miercom’s performance testing of next-generation firewalls from WatchGuard, Cisco, Palo Alto, Check Point, Juniper and SonicWall. He’ll also share case studies that show which products have been the most effective. Mr. Smithers will also discuss Miercom’s experiences in deploying and troubleshooting next-generation firewalls in the private sector and government
Speaker: Robert Smithers, President and CEO, Miercom

Next Line of Defense: Internet of Things
With the Internet of Things, there has been exponential growth in the number of entry points into an organization. Any device connected to the Internet is an opportunity for entry that can be exploited. Managing this new line of defense requires security teams to redefine the scope of their security efforts beyond their present responsibilities to protect data. Kent will share the tenants of a successful mobile security program and how to build a secure program in the new interconnected state. Kent will cover how to address policy and processes while maintaining security and compliance in this new architectural foundation. By using a risk-based approach, organizations will be able to stay secure in a growing collaborative and connected world.
Speaker:
Kent Shuart, Network Security Product Manger, Dell SonicWall

Smart Policies for BYOD and Social Media
This session will help you design an information governance policy that’s worth the effort because it actually helps manage risk. We’ll cover the lifecycle of corporate information governance policies, from their purpose and creation through implementation. Sample policies will address essential subjects such as BYOD and social media. Attendees will learn the fundamental principles of information governance so that your policy can grow to handle whatever comes tomorrow. This session will also cover the proper implementation of policies, including technologies that might be of assistance.
Speaker:
Nolan Goldberg, Senior Counsel, Proskauer LLP


What’s Next? Emerging Trends in Information Risk Management and Security
Information risk management and security never stay still. Attackers find new ways to exploit software, hardware and people. The security industry rolls out new technology to address the latest threats. Now add to the mix the troubling revelations about government surveillance (breaking SSL, watering down encryption standards, tapping into Web and service provider communications and so on). Where do we go from here? This panel discussion will highlight emerging trends in information risk management and security from a business and technology perspective.
Speaker:
John Pironti, President, IP Architects LLC.

Mush Hakhinian, Chief Security Architect, Intralinks

How to Register

The following Interop passes will give you access to either one or two days of workshops: