Risk Management & Security Track

Information Risk and Security continue to be top of mind for organizations. High-profile attacks continually demonstrate the capabilities of attackers and our limited ability to defend against them. All is not lost; many organizations have also begun to realize how to work smarter, not harder in their approach to information risk management and security, compliance, and IT governance. They are equipping themselves with the knowledge, resources, and tools to tip the balance of power away from the adversary and back to the defender.

The Risk Management & Information Security Track features both technologies and management practices. The information risk management-focused sessions will target areas including effective governance for BYOD and Social Networking activities and insider threat considerations. The technically focused sessions will discuss key technology advances such as next generation firewalls and emerging concern in traditional technologies.


Featured Risk Management & Information Security Sessions
A CISO's Perspective: Friend or Foe? Effectively Managing Third Party Information Security Risks
The use of third party vendors, service providers, and partners are a normal and growing part of many businesses operations today and are a growing concern for information risk and security professionals. An organization’s security posture is only as strong as it weakest link. While many information risk and security organizations are effective at managing information risk they have direct control over, third parties often challenge them due to their limited governance and oversight capabilities. In this session, Elliott Glazer, the CISO of Dun and Bradstreet will share his thoughts on how he is successfully navigating this challenge using a business focused, risk based, and process driven approach to manage third party risks.
Speaker: Elliott Glazer, CISO, Dun and Bradstreet

Cloudy With a Chance of Encryption
In this day and age, it's not only dangerous to use the cloud without secure encryption, it's downright neglectful. Ponemon's annual cloud encryption report recently noted that 50% of companies are still sending their data to and from the cloud unsecured. Today, securing data is only half of the issue for IT security teams. Modern data protection is about security and control. Whoever owns and maintains the encryption keys controls access to the data. If your cloud service provider manages the keys on behalf of your organization, they can still be obligated to share your data with government officials– without notifying your organization. In this session, cloud encryption expert and Vaultive CEO, Elad Yoran, will discuss the importance of persistent encryption—a method which secures data in all three states (at rest, in transit, and in use) so your information is never exposed to anyone, except your organization holding the encryption keys.
Speaker: Elad Yoran, CEO, Vaultive

Emerging Tools and Trends in Hacking
This lively and fast-paced presentation will examine the most recent developments in hacker tools, exploits, trends and legislation. Live demos for some of the newest tools will be given. The session aims to arm the participates with knowledge about the state-of-the-art in IT security to better equip the participant to defend against newer threats, identify new resources for auditing IT systems, and plan for coming trends and legislation. After completing this session, the participant will be able to: determine the appropriateness of using the latest free security tools as part of their security testing tool kit, evaluate if new threats apply to their situation and possible mitigation strategies, learn from current incidents to better evaluate their own defenses from similar attacks and raise awareness within their organization, enhance their own personal security (as well as the security of their organizations) by implementing (typically) free security tools or using enhanced settings in common software.
Speaker: David Rhoades, Senior Consultant, Maven Security Consulting, Inc.

Is Your Data Really Safe? A Security Checklist Everyone Must Implement
You probably consider your enterprise data safe, but have you really considered every possible security scenario to ensure its safety? Overall, in this session, you will learn what to look for in a cloud provider, including architectural considerations, and proper data procedures and compliance. You will also learn about the top five practices that can put your company data at risk and how to successfully combat those challenges to ensure the complete safety of your most sensitive information. Specifically, the session will explain what architectural features to look for in a cloud provider that ensure data privacy laws, such as where does client data reside in the full cloud stack as well understanding that data processing also applies to people accessing this data in a customer support capacity. Attendees will learn how data protection laws impact how your data is stored, and what to look for to confirm the architecture you're using is built to ensure those privacy and protection laws are not violated.
Speaker:
Mush Hakhinian, Chief Security Architect, Intralinks

Joining the Intelligence-Led Revolution
The market for cyber threat intelligence may be young – but the work of intelligence collection, analysis and dissemination is not – it dates back to the earliest days of human conflict and, realizing that we are in the midst of cyber conflict, our model involves the application of those approaches to cyber. These forward leaning security practitioners realize that their adversaries gather intelligence on them on a daily basis – and they are turning to cyber threat intelligence in order to turn the tables. This discussion will be focused on the core fundamentals of building the business case for, implementing and sustaining a successful cyber threat intelligence program following the model executed by some of the largest and most sophisticated programs in the world.
Speaker: Stu Solomon, Vice President, iSIGHT Partners

Key Elements of a Vulnerability Management Program
Vulnerability management is essential to information risk management and security programs. However, many organizations’ vulnerability management processes are reactive and inefficient. Organizations that implement a comprehensive, proactive vulnerability management program will see a significant increase their success rates in protecting their business processes, information infrastructure, and data. This session will focus on the key elements in vulnerability programs as well as their dependencies and requirements. The most effective vulnerability management programs follow a structured lifecycle from the moment of vulnerability detection until the completion of its remediation report. The speaker will explore industry-leading methods and, practices of vulnerability management supported by case studies and real world examples.
Speaker: John Pironti, President, IP Architects LLC.

Next-Generation Firewalls: Results From the Lab
Next-generation firewalls promise more sophisticated attack detection and prevention without affecting network performance. Rob Smithers, President and CEO of Miercom, will provide a wealth of objective information on next-generation firewalls. Smithers will share validated results of Miercom’s performance testing of next-generation firewalls from WatchGuard, Cisco, Palo Alto, Check Point, Juniper and SonicWall. He’ll also share case studies that show which products have been the most effective. Mr. Smithers will also discuss Miercom’s experiences in deploying and troubleshooting next-generation firewalls in the private sector and government
Speaker: Robert Smithers, President and CEO, Miercom

Next Line of Defense: Internet of Things
With the Internet of Things, there has been exponential growth in the number of entry points into an organization. Any device connected to the Internet is an opportunity for entry that can be exploited. Managing this new line of defense requires security teams to redefine the scope of their security efforts beyond their present responsibilities to protect data. Kent will share the tenants of a successful mobile security program and how to build a secure program in the new interconnected state. Kent will cover how to address policy and processes while maintaining security and compliance in this new architectural foundation. By using a risk-based approach, organizations will be able to stay secure in a growing collaborative and connected world.
Speaker:
Kent Shuart, Network Security Product Manger, Dell SonicWall

SESSION CHANGE: The Threat Within: Managing Insider Risks and Building a Culture of Security
Although media coverage of data breach incidents tends to focus on external malicious actors carrying out “hacking” attacks, it is insider-related vulnerabilities and threats that create the most serious risks for many organizations.  Whether it is a trusted insider abusing authorized access for personal gain or a well-intended but unaware employee falling victim to a social engineering attack such as spear phishing, insider risks cannot be overlooked.  This session will detail some recent statistics that emphasize the role of insiders in creating cyber security risk and will provide practical guidance on how to transform your biggest potential liability into a key asset of your information security program.  Achieving a true shift in attitudes and awareness and fostering a culture of security is not easy – but it can be done if there is commitment from the top.


What’s Next? Emerging Trends in Information Risk Management and Security
Information risk management and security never stay still. Attackers find new ways to exploit software, hardware and people. The security industry rolls out new technology to address the latest threats. Now add to the mix the troubling revelations about government surveillance (breaking SSL, watering down encryption standards, tapping into Web and service provider communications and so on). Where do we go from here? This panel discussion will highlight emerging trends in information risk management and security from a business and technology perspective.
Speaker:
John Pironti, President, IP Architects LLC.

Jason Straight, Senior Vice President, Chief Privacy Officer, UnitedLex

How to Register

The following passes will get you access to the Interop Conference program:

Track Sponsors


Track Chair

John Pironti

John Pironti

President, IP Architects, LLC

John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale.

John has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP).

John frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.