Gartner Security & Risk Management Summit

Opening Keynote: Strategy into Action – Roadmaps to Secure the Enterprise

The world is not getting safer. Advanced technology and the skills to use it –for good or ill- are increasingly available to everyone. More than ever, enterprise success depends on security and risk management. Security leaders must define multi-year strategic roadmaps and simultaneously drive tactical operations that respond effectively and efficiently to changing business needs and rapidly evolving threats. The Gartner Analyst Opening Keynote will explore what it means to translate strategy into action through a strategic roadmap that drives business success. Don’t miss this opportunity to experience the trends and insights that will allow you to meet these challenges and enhance the success your role, your team and your organization. - What are the trends in threats and business operations that effect information security? - Which infrastructure options and practices drive security success long term? - What are the most appropriate objectives and value of information security in its broadest definitions?

Welcome and Opening Remarks

Guest Keynote: The Art of Business Influence

It is more important than ever to influence multiple stakeholders: departments, teams, and the organization as a whole. Communication expert Mark Jeffries has a simple, yet vital message — communication excellence leads to increased credibility, more successful projects and higher profits. Mark presents a practical toolbox of innovative communication, networking and influence tools designed to give you a smart, proven, communication-based approach to the challenges you face every day — with your project sponsors, colleagues and within your teams. From networking to negotiation, from the power of words, to the behaviors of the “trusted advisor” - Mark presents a practical and entertaining session filled with valuable takeaways.

Guest Keynote: MasterMind Interview with Michael Dell, CEO, Dell

It’s been over a year since Dell acquired SecureWorks, a Managed Security Services Provider and made its move into information security. The transition from a stand-alone pure-play security provider to a unit of a large IT vendor often causes organizational integration issues or loss of focus but we’ve had a positive view. What’s on the roadmap for Dell, how does it see information security, and what are its prospects? President and CEO Michael Dell answers the analysts’ and your questions about Dell, security and risk.

Keynote: CyberSecurity: A View from the White House

Howard Schmidt is currently the CyberSecurity Coordinator at the White House, and former vice chair of the President’s Critical Infrastructure Protection Board and former Chief Information Security Officer at Microsoft and Ebay. Here he discusses the Obama Administration's effort to reduce cyber threats. This includes the Administration's legislative proposals and plans to protect critical infrastructure such as the electric grid, transportation systems, Wall Street, as well as protecting U.S. military defenses and businesses from cyber attacks

Guest Keynote: Information Security and Technology in General - Problem Solved. You're Welcome

Gartner Keynote: Closing Insights and a Review of AHA Moments

By the end of the conference attendees, sponsors and Gartner analysts each gain new insights, so we conclude the event by sharing what we have learned, or our “AHA Moments.” The session reveals valuable insights gathered during the week in interviews and from social media. Gartner analysts will each have a few minutes share their new insights, and then we’ll turn to the audience for an open discussion. It is a great way to crystalize ideas to take back to your team, coupled with a touch of humor to close the conference.

Workshop: ITScore for Privacy (Pre-registration required. For End Users Only.)

Privacy gets ever more complex. How do organizations know they are doing enough? How do they know they are not doing too much? Measuring privacy is an emerging discipline. In this workshop, we will introduce Gartner's ITScore assessment for privacy. Bring your laptop to run your own assessment. - Which are the relevant dimensions to describe an organization's privacy posture? - What is the privacy maturity level of my organization and how do I compare against others? - What steps does my organization have to take in order to reach the next level?

Workshop: IT Score For Security Management (Pre-registration required. For End Users Only.)

Balanced scorecards provide security teams with critical tools to demonstrate value by identifying and leveraging security's benefits across multiple business domains. This workshop discusses the building blocks for balanced scorecards for Information Security and how clients can avoid the hurdles. - What are the basic building blocks required for creating a balanced scorecard for Information Security? - How can clients avoid the common hurdles to developing a scorecard? - What does an example scorecard look like?

Workshop: ITScore for IAM (Pre-registration required. For End Users Only.)

IAM leaders use this Gartner assessment to evaluate their IAM efforts against key maturity indicators. This helps determine which aspects of a maturity level are most important and how to advance. Immature programs are likely to be inefficient, ineffective and unable to deliver full business value. - What does maturity mean for an IAM program? - How does ITScore measure maturity of the IAM program? - How can enterprises use ITSCORE to assess the maturity of their IAM programs?

Workshop: Securing the Access Layer: Identifying the Right Authentication Strategy for BYOD, Contractors, Guests and Employees (Pre-registration required. For End Users Only.)

Network access needs change with mobility and new devices. Understanding usage, devices and risk profiles are first steps. This workshop helps build a strategy by outlining options associated with authentication to corporate, guest access or limited access networks. - How have enterprise connectivity dynamics shifted during the past two years? - How should enterprises rethink their approach to user authentication? - What is disruptive about network access requests when matrixed against the types of devices people want to use?"

Workshop: Implementing BCM Standards for BCM Maturity and Organizational Certification (Pre-registration required. For End Users Only.)

This three hours workshop will review and compare the most common BCM standards, provide best practices for using them for organization certification and then have attendees participate in a standards implementation exercise. - What are some common BCM standards? - How important is organizational certification relevant to BCM standards? - What are some best practices towards implementing BCM standards?

Workshop: Policy Critique(Pre-registration required. For End Users Only.)

In this workshop we will examine and discuss examples of actual policy text, looking for typical weaknesses, and deciding as a group whether the topic is one that is practical to address through policy, and whether the text is likely to be effective. Attendees are encouraged to bring their own examples for group review.

Workshop: Implementing CoBiT 5 (Pre-registration required. For End Users Only.)

COBIT 5 is a major strategic improvement providing the next generation of ISACA guidance on the governance and management of enterprise information and technology (IT) assets. Learn from ISACA's experts how to implement COBIT 5 in your enterprise.

Workshop: Creating Key Risk Indicators for your Company (Pre-registration required. For End Users Only.)

This 120 min workshop follows the concepts from the session “Using Key Risk Indicators to Influence Business Decision Making” to help you develop your own set of organization-specific KPIs and KRIs. - How can identify relative KPIs in the business? - How can I define a set of correlated and relevant KRIs? - What are the best practices for using KRIs and KPIs in executive communication?

Google: eDiscovery in the Cloud - Past, Present and Future

Preparing for lawsuits and performing eDiscovery is a challenge for enterprises today. In traditional IT environments, data is dispersed into many nooks and crannies and eDiscovery solutions have been costly and complex. Cloud computing offers enterprises a new approach to IT and to eDiscovery, enabling a common platform for data storage, policy application, preservation and discovery. We will discuss how the cloud is changing eDiscovery and how your company can take advantage of it.

IBM Corporation : IBM X-Force Declares 2011 the "Year of the Security Breach"

IBM X-Force Threat Intelligence expert Michael Montecillo will share research from the 2011 annual Trend & Risk Report. Although statistics demonstrate some improvement in 2011 in overall internet software security, attackers have been adapting new techniques. In addition, the emergence of cloud computing and the mobile device trend is creating additional challenges for enterprise security. IBM will discuss new attack activity, internet security progress and present new challenges to help you stay ahead of threats.

Dell SonicWALL: Next-Generation Firewalls for Profitability and Growth - US Cellular Case Study

US Cellular, one of the nation’s largest wireless carriers, is growing rapidly. Over the last 3 years, the data traversing their network has increased by over 3,000%. As a public company providing the highest quality of customer service, downtime was not an option. To support their rapid expansion, they turned to SonicWALL Next-Generation Firewalls to provide security and application control for their new national 4G-LTE network. Learn firsthand how they integrated this critical solution to support their business needs.

Symantec: How CISOs Balance Employee & Business Needs with Cloud, Mobile & Virtualization

The role of the Chief Information Security Officer requires a very delicate balance between keeping the business safe and keeping employees productive. The use of Cloud, advanced mobile devices and virtualization has changed the landscape of the enterprise increasing the complexity of implementing security. In this session Patricia Titus, Symantec’s CISO, will moderate a discussion with other CISOs to understand the challenges they face and how they address them to ensure the company and its information secure.

Trustwave: The Lifecycle of Cybercrime with the U.S. Secret Service and Trustwave SpiderLabs

Experts from Trustwave SpiderLabs and the U.S. Secret Service will highlight cybercrime trends from hundreds of forensics investigations compiled in Trustwave’s 2012 Global Security Report. This discussion will include the full lifecycle of the attacks including the criminal motivations that initiated the attacks, techniques used to infiltrate organizations, data aggregation methods, data exfiltration techniques, and the resulting financial gains obtained from the criminals who have succeeded in their exploits. This presentation will also include a number live demos of the custom tools utilized by these criminal organizations to visually illustrate the scenarios discussed.

Websense, Inc.: Web Security Gateway Effectiveness Against Advanced Threats and Data Theft

Advanced threats and data theft are forcing changes within security defenses, learn how Broadcom responded and the results they achieved with Websense® TRITON™ solutions for web and data security. Also learn about 10 new defenses specially for advanced threats and data theft integrated within TRITON solutions from Websense.

RSA, The Security Division of EMC: The Intelligence SOC

Today, most security breaches are discovered long after they’ve occurred. Organizations need to rethink their approach to security by concentrating on reducing attacker free-time to lessen the impact of a security breach vs. how to prevent them. This involves addressing people and technology to enable comprehensive visibility into networks and systems, gleaning intelligence from inside organizations and across industry peers and the security community at large, using technology to become more agile to respond quickly and effectively and hiring the right talent, and educating mainstream employees.

Secunia: How to Secure a Moving Target With Limited Resources

Secunia will present empirical results of correlating security information with typical corporate software portfolios. Patches are an effective means to escape the arms race with cybercriminals and the majority of vulnerabilities have patches ready on the day of disclosure. Secunia will quantify the dynamics of critical programs and compare patching strategies to maximize risk reduction with limited resources.

Verizon : Making Your Logs Work: The Convergence of SIEM and GRC

Increasingly, organizations are realizing that the continuous collection of logs and events is foundational for both a security risk management program and an effective compliance program. We will discuss how a fresh look at what your logs are telling you, combined with a more continuous approach to GRC assessment activities can produce more actionable information, providing timely views on your security landscape and a more pro-active approach then a traditional monitoring program .

Dell security solutions: Managing Threats & Vulnerabilities to Defend Against Cybercrime

Organizations must manage new risks beyond those traditionally covered by the information security management function, including external threats that come from the increasing sophistication of cybercrime and more activism moving online, including attacks on reputation. The truth is you can’t do it alone.

Oracle: Checkmate: Data is King

Leaving your king exposed is the surest way to lose in chess.The same is true for data, millions of records have been breached because organizations still leave their databases exposed. In chess, the king must be protected by layers of security including pawns, rooks, and knights carrying shields. Similarly, databases must be shielded on the outside and hardened with vaults on the inside. Attend this session to learn how to stay a move ahead.

Qualys, Inc. : Are You Already Compromised, and if so, How Do You Know?

In light of recent data breaches, c-level executives are asking themselves the questions: Have I already been compromised? How do we know if confidential data has already been breached? Where do we begin, and what should be considered in this process? Join this session featuring a panel of CISOs from leading global enterprises to get their perspective on these important questions. The panelists will answer your questions and share their views on best practices, tools and solutions to put in place to help prevent attacks, and how to become proactive about detecting data breaches.

Check Point Software Technologies: Collaboration in the Cloud: Using Real-time Intelligence to Stop Advanced Threats

The threat environment that organizations are facing today is very dynamic with new malware and attacks released constantly. New malware is being released at rates that are challenging our traditional threat prevention approaches. Preventing these attacks requires a more collaborative approach that can proactively collect, analyze and discover new threats to deliver protection in real-time, not days or weeks. Learn how Check Point ThreatCloud™, a cloud-driven security intelligence tool, can give organizations the advantage in preventing new attacks and outbreaks.

McAfee an Intel Company: Making the Most of Your Security Information

Security Information and Event Management has changed dramatically from the days of filtering firewall logs. Modern SIEM solutions can help an organization make sense of the deluge of information required to maintain high standards of security as well as comply with governmental and industry regulations. This session will cover how Bill Machen utilizes McAfee SIEM to meet his needs and the process he went through to get there.

Palo Alto Networks: Making a Difference: Enterprises Speak to Impact of Next-Generation Network Security

Tired of sitting through sales pitches? Join a conversation with four network security pros as they speak candidly about what next-generation network security has meant to them. Our panel will focus on distilling the improvements in visibility, security, productivity, and efficiency each of these enterprise IT organizations gained from updating their network security architecture, processes and policies. The panelists will also address needs specific to their respective industry sector: healthcare, energy, education and technology.

Solutionary, Inc.: Security Information and Event Management: Product? Service? How 'bout BOTH?!

Log management and security information management – done right – is challenging, critical, and continuous. It need not be painful and/or expensive. Have you invested in a SIEM product solution but need to get more out of it? How about SIEM as a SERVICE! Listen to the story of how a CISO successfully layered services over his SIEM solution to maximize the effectiveness and reporting, addressed compliance requirements, and contained costs.

Sourcefire Inc.: Information Superiority as an Enabler of Context-Aware Security

Network defenders need information superiority – a clear baseline of their environments – in order to protect them. This is difficult because there’s much to know about modern, rapidly changing network environments. The problem many defenders face is not securing environments, but gaining sufficient understanding of what they’re protecting. This session explores how to leverage information superiority to take a context-aware approach to security to achieve total network visibility, control without compromise and intelligent security automation.

Splunk: Beyond the Hyperbole: Big Data Security Success with Splunk

This session will demonstrate how Splunk customers achieve real world results by applying Big Data analytics to terabytes of data to uncover potential fraud and other security relevant patterns seen in ‘normal’ machine/IT data collected across the enterprise.

Veracode, Inc: Defending Beyond the Network: Building a Global Application Security Program

Today’s software applications have become the enterprise’s ‘‘new perimeter.’’ With better network-level security technology hardening the network perimeter, malicious attackers are focusing their efforts on the least defended and the hardest to defend gateway—the application. Chris Wysopal, CTO of Veracode, will discuss the application threat landscape and how organizations have built a comprehensive global application security program that focus on providing security at scale across a diverse portfolio of internal and external applications.

AT&T: The Challenges of Mobile Security

Mobile technology enables people to work anywhere, any time, creating new efficiencies for businesses, and new opportunities for hackers. We must act now to stay ahead of threats posed by malicious mobile applications. Employees can open an email or download an application, making the company vulnerable to spam, bots and worms and other security threats. As employees use smartphones to access enterprise applications, security features must move from the device to the network.

Cisco: The Anatomy of an Advanced Persistent Threat

Over the past year, Advanced Persistent Threats have captured the attention of security professionals and the media. While many security companies are still talking about perimeter and host technologies, security teams are acknowledging the new normal: compromises will happen. Join the leaders of Cisco’s Incident Response and Security Applications teams to discuss the network as the critical tool to hunt and contain internal threats, using specific examples from Cisco’s infrastructure and research labs.

Core Security Technologies: You Are Misunderstood, Hated or Depressed – Pick Two.

As a security professional, you know the challenges that come with effectively communicating what you and your team do to the rest of the business. In this session, Vickie Miller, Senior Director, Information Security at FICO, will discuss the challenges of connecting information security technology back to business risk. You’ll learn how demonstrating your organization’s Return on Security Investment can show business executives how your security investments and activities actually support overall business activities

Trend Micro Inc.: Advanced Persistent Response: Achieving Advanced Persistent Response

Join this interactive strategy discussion with Tom Kellermann, renowned security expert and advisor to the US Government and World Bank. Security defenses must evolve to support mobility and cloud while combating the sophisticated cyber kill chain. Rather than endorsing security models that drive us to construct additional defenses that have an increasingly slim chance of stopping advanced threats, the focus must shift to emphasize more aggressive, proactive self-assessment through which “offense can inform defense.”

Tripwire: Risk-Based Information Security Management Survey

Tripwire CTO Dwayne Melancon will share results from the 2012 “Risk-Based Security Management Study.” Learn how a risk-based approach to security can strengthen an organization’s security posture and bring value to the business. Discuss security controls professionals implement most frequently to successfully protect their sensitive data and systems. Learn top features of a risk-based approach to security that will be most effective in protecting, detecting and effectively responding to cyber-attacks and data breaches.

Good Technology: Develop a BYOD Program to Secure Corporate Data

A Bring Your Own Device (BYOD) program is new territory for many organizations, so some trepidation is understandable. This session will provide practical tips, from how best to keep company and employee apps and data separate, to whether or not to reimburse employees for BYOD. We’ll discuss a number of different customer case studies to demonstrate emerging best practices.

Juniper Networks: Hacker Interrupted - Detecting and Preventing Hackers on your Website

Learn how companies are using Mykonos Software (a Juniper Networks company) intrusion deception to prevent hackers from abusing its website. In this talk you will learn: • How to detect hackers using intrusion deception, before they attack. • How to track and profile attackers and measure the threat they pose. • How to respond to attackers in real time. • How intrusion deception changes the economics of hacking and makes hacking your site more costly and take longer. • And how anyone can understand how many attackers are on your site each week.

Kaspersky Lab: Mobile Security: Protecting Your Corporate Smartphones from Malware & Targeted Attacks

Malware and targeted attacks are an extremely serious threat to the security of SMBs and large enterprises. Targeted attacks generally follow predefined strategies and one of the possible vectors is to attack via a mobile device A successful targeted attack can seriously damage a company's intellectual property, confidential information and reputation. Attendees will learn about the new types of malware, how such attacks can be performed, and ways to protect their smartphones from being compromised.

Neustar: Of Black Holes, 0Days, and Gh0sts in the Night

Join Neustar SVP and Senior Technologist Rodney Joffe for a look into the professionalization of the art and science of misbehavior in cyberspace – and what that means for future IT security leaders. Rodney will showcase examples of attacks and mitigation efforts. He'll talk about real-world cyber crimes, from the perspectives of the underground perpetrators and how intelligence driven security solutions can protect enterprise and government networks against targeted threats, advanced malware and zero-day attacks.

Quest Software: Building a Secure IAM Infrastructure for Global Partnerships

Nexen, a Canadian-based energy company, has “mega” projects worldwide involving multiple third parties. Nexen will share how it manages third-party access to project documents – without violating critical security objectives. We’ll discuss: Nexen challenges (regulatory, legal, time and money); what the ideal solution looks like (robust, easy to manage and scalable); the process to address challenges (including a failed first attempt); and results from the final IAM solution (and how it’s handling issues not initially considered).

WhiteHat Security: Solving the Application Security Problem to Create Business Value

Application security is a critical component of reducing risk at this financial services provider. With billions of dollars flowing through the company daily, they needed a security vendor that could protect their intellectual property, customer data and reputation. In this case study, we will demonstrate how WhiteHat Security made application security a business differentiator, making security visible and comprehensible to their management teams, adding to their bottom line.

Roundtable: Where did I Leave My Privacy (Pre-registration required. For End Users Only.)

With mobile technologies and widespread surveillance, losing your privacy is easier than ever. Share lessons learned on location privacy with other participants. - How are location-based services impacting the security and privacy of citizens and enterprises? - What policies should organizations put in place about the use of mobile devices, particularly for international travel? - How can organizations leverage location-based services while protecting the security and privacy of their corporate assets and personnel?

Roundtable: Application Security Concerns (Pre-registration required. For End Users Only.)

Packaged and custom-developed applications often have vulnerabilities. Finding and mitigating weaknesses consumes time, effort, energy and money. Here security professionals, application developers and others discuss the risky business of relying on applications with potentially hidden problems. - What are the best tools and techniques to help in secure software development? - What services are available to certify the security and availability of packaged applications? - How can organizations cope with vulnerabilities in software?

Roundtable: Content Aware DLP for Organizations on the Move (Pre-registration required. For End Users Only.)

Data loss prevention has received attention as a way of keeping sensitive information from 'leaking' from an organization, but implementation has been more difficult than estimated. This is particularly true as mobility is introduced. Peers discuss their experiences in this facilitated round table. - How is DLP is creating false hopes and how do you bring the project back to reality? - What is the impact of increased mobility on the need to protect sensitive intellectual property and other information? - Are DLP tools and approaches viable in today's modern organization?

Roundtable: Lessons Learned from Securing My Home Network (Pre-registration required. For End Users Only.)

Share your “war stories” with other attendees about how you have secured your home network. Come prepared to whiteboard your design and discuss your favorite products and solutions. Who knows, you may even learn something that you can apply in your corporate network! - How does consumer grade and enterprise network equipment compare when it comes to implementing and maintaining secure connections? - What are the best designs for securing home networks? - What concerns should network security professionals have about work-at-home employees and the networking tools they use?

Roundtable: DMZ Design (Pre-registration required. For End Users Only.)

Dynamic trends such as virtualization, web services, XML firewalls and access to new mashups can open perimeter holes. The definition of the DMZ has changed. This group of peers will discuss design challenges and current thinking of how DMZs will be architected in the future. - Is the concept of a DMZ old-fashioned? - How will IPV6 change the way organizations design DMZs? - Which vendors are best positioned to support future DMZ designs?

Roundtable: Best Practices in Recovery Exercising (Pre-registration required. For End Users Only.)

How are organizations balancing the need for DRM with the increasing time and costs involved, calling for more efficiency. Participants share tools and methods used to emprove the scope, execution and rsults from this important activity. - Why is effective recovery exercise management a complex discipline?   - Which technologies and products are reducing the time and effort needed for exercise execution?    - What approaches are being taken by Gartner clients to streamline exercising time and cost while also improving its effectiveness?

Roundtable: Social Media in BCM (Pre-registration required. For End Users Only.)

How can new forms of social media assist in business continuity planning, both to anticipate events, and to work during and after them? Share your ideas here. - How have social media been helpful in BCM? - What kinds of information can be gleaned from social media to help organizations anticipate a business continuity event?

Roundtable: Supply Chain Risks (Pre-registration required. For End Users Only.)

With business uncertainty unabated, natural disasters, and new regulations, supply chains are under pressure. Share lessons learned with fellow participants. - How do organizations anticipate disruptions to their supply chains? - What aspects of supply chain management need hardening to protect sensitive shipping data? - What lessons were learned from disasters in the far east this past year impacting business critical inventory?

Roundtable: Security in the Public Sector (Pre-registration required. For End Users Only.)

Federal, State and Local governments face resource constraints, unfunded mandates, and pressures from consituents for safe and secure access to sensitive data. What are security and risk professionals doing to cope with this environment? -What new mandates are facing security managers in the public sector, and how are they addressing them? -What new security and privacy regulations impacting the public sector will have influence in the commercial sector? -What federal-state-local security event coordination is taking place, and is it enough?

Roundtable: Healthcare Roundtable (Pre-registration required. For End Users Only.)

Federal, State and Local governments face resource constraints, unfunded mandates, and pressures from consituents for safe and secure access to sensitive data. What are security and risk professionals doing to cope with this environment? - What new mandates are facing security managers in the public sector, and how are they addressing them? - What new security and privacy regulations impacting the public sector will have influence in the commercial sector? - What federal-state-local security event coordination is taking place, and is it enough?

Roundtable: Technical Insights: Application Security Testing (Pre-registration required. For End Users Only.)

Complex software security testing can be challenging as every SAST, DAST and IAST vendor purports to cover the OWASP top 10, and claim their products are more accurate and easier to use than others. In this facilitated session, we look at which tools are strong and weak, and how they are best used. - What are the pros and cons of various testing tools and services? - How can tools and/or services be combined (or not) to increase efficacy? - How are automation and people combined to create a sound testing practice?"

Roundtable: Audit Horror Stories (Pre-registration required. For End Users Only.)

What's your most outrageous auditor demand. Sit around the campfire with fellow participants, share audit horror stories, and lessons learned on negotiating with auditors. - What are auditors demanding regarding risk and how are organizations responding? - What is the best type of auditor to work with, and what is the worst? - How can organizations work more collaboratively with auditors to avoid conditional reports?

Roundtable: Security in Utilities & Energy (Pre-registration required. For End Users Only.)

As part of the critical infrastructure, utilities and energy companies have unique responsibilities. Enterprise security for business systems is as important to these entities as it is to any, but there are special requirements associated with SCADA networks and other parts of operational technologies used that need a specific focus. Here industry peers share their perspectives and findings.

Roundtable: IT Availability (Pre-registration required. For End Users Only.)

In this roundtable discussion, Gartner clients will share their experiences and learn from each other in the broad arena of IT resiliency. Topics may include best practices and critical success factors in the areas of continuous application availability, measuring availability, service-level agreements, disaster recovery testing, data center resiliency strategy and failover/failback.

Roundtable: Critical Issues Today’s CISOs Face (Pre-registration required. CISO or equivalent will be admitted)

This session is restricted to attendees with a CISO or equivalent tile, or other C-level or senior management role related to Information Security. This is an discussion session. - What critical issues are facing CISOs? - How important is the CISO role within specific enterprises? - How does a typical CISO convey security and risk information to the board?

Roundtable: Secure Web Gateways (Pre-registration required. For End Users Only.)

With new platforms such as consumer devices, and new computing models, such as the cloud, access to enterprise applications, messaging and data is becoming more complicated. One way to make it secure is by using Secure Web Gateways. Here we discuss architectures, approaches and vendors. - How have Secure Web Gateways enabled new applications? - What are best practices for implementing and managing Secure Web Gateways? - Which vendors provide Secure Web Gateways?

Roundtable: Outsourcing Security (Pre-registration required. For End Users Only.)

Organizations often outsource a security functions to managed security service providers and other outsourcers. How far can they go in handing off critical defensive mechanisms, and which should they maintain in house? Join a group of peers in addressing this ongoing question. - How do organizations evaluate security outsourcing providers? - Which functions can be safely handed off to outside services, and what expertise should be maintained internally? - How much effort is involved in managing outsourced security functions?

Roundtable: Dealing with Cloud Risks (Pre-registration required. For End Users Only.)

As new audit standards go into effect, it's harder than ever to know whether cloud vendors have adequate controls. Learn from fellow participants what their best practices are for managing cloud risks. - How important are security and risk factors to organizations considering cloud-based services? - What methods and standards are available to evaluate the security and risk profiles of cloud providers? - How do government agencies and commercial entities compare when it comes to dealing with cloud risk?