Agenda
The Leading Event for IT Security Specialists
As IT security and risk disciplines converge, it's increasingly important to architect a comprehensive strategy across roles. The summit features complete programs on Security, Risk Management, Business Continuity Management, and CISO roles. Each program offers a full track of analyst sessions, keynotes, roundtable discussions, case studies, workshops, and more. Build a custom agenda across all the tracks, or attend sessions in a single program.
Comprehensive Tracks and Sessions
The majority of the agenda is made up of Gartner analyst sessions — research-driven presentations that focus on the issues that matter most in IT today. Leveraging the latest research collected from organizations worldwide, analyst sessions provide real-world information that will help you make better decisions and drive more successful initiatives.
Our Agenda will feature comprehensive tracks to drill down on your hottest topics, with track sessions tagged to help you create a customized agenda based on your role, experience level and key focus.
- Governance Risk Compliance
- Cloud Computing and Recovery
- Security Architecture
- Mobile Applications and Security
- Security Threats and Vulnerabilities
Hot topics to be covered:
Special Sessions
In addition to our comprehensive tracks, our Agenda also features several special sessions providing opportunities to learn from and interact with Gartner analysts, industry experts and peers, and top solution providers:
-
Keynote Sessions
Typically presented by non-Gartner industry leaders, these plenary sessions are designed to be entertaining and thought-provoking.
-
Workshops
Presented by Gartner or guest experts, these intimate workshops provide an opportunity to drill down on specific "how to" topics in an extended, small group environment. Sessions designed for end users only. Registration required.
-
End-User Case Studies
Gartner invites a number of end users to personally present leading-edge case studies and answer questions.
-
Analyst One-on-Ones
Sit privately for 30 minutes with a Gartner analyst specializing in the topic you'd like to discuss. Many attendees tell us that a one-on-one session is worth the price of admission, all by itself.
-
Analyst-User Roundtables
Hear how your colleagues from various industries tackle problems similar to yours. These small group discussions provide an informal setting for you and your peers to share insight, challenges and concerns on today's hottest topics.
-
Solution Provider Sessions
In these moderated panels, vendors and end users share experiences and "lessons learned" from real implementations.
-
Summit Opening and Welcome Presentation:
-
Gartner Keynote I: Understanding the Transition From Security to Risk Management
"Information security is rapidly being accepted as an aspect of operational risk management in organizations that are maturing their overall risk management approach. The result is a clearer perspective on IT risk, increasing maturity in risk assessment and improved respect from the business community.
-
Premier Panel Session
-
Guest Keynote: How to Deliver the Bad Message and Not Get Killed
Delivering bad news is one of the trickier tasks in business as in ordinary life; doing so without getting shot is an art. Yet on countless occasions managers make a bad message worse through unforced errors in communication - either by unduly sugaring the pill or mismanaging expectations. With the aid of topical examples from the corporate world, former Financial Times Editor and crisis communications expert Andrew Gowers describes sets out some principles to follow and pitfalls to avoid.
-
Gartner Keynote: Using Risk to Improve Performance: The Gartner Key Risk Indicator Catalog
Mapping key risk indicators (KRI) into business centric key performance indicators (KPI) is an excellent way to link risk and security to corporate performance. However, developing KRIs that are directly related to KPIs is challenging. Gartner has developed a foundation catalog of both KPIs and KRIs to help risk officers develop their own set.
-
Security Expert Keynote: Security Strategy Development: How to Increase Security Capability and Functional Maturity
"Perceived as blockers and not adding value, information security is becoming increasingly important as business recovers from the economic turbulence of the past two years. This provides information security professionals with a platform to become listened to all the way up to the Board. Key to recognition as ""value-add,"" is the existence of a business aligned strategy, yet many CISOs seem unable to embrace this challenge and deliver success, concentrating on policy based tick-box compliance. Therefore, is our industry not at an inflection point that requires a change in thinking of the modern CISO?
-
Gartner Closing Keynote: The IAM Scenario: Embracing New Technologies, Driving Business Outcomes
IAM continues to be an important information security, risk management and – increasingly – business discipline. Mature IAM programs move beyond the “plumbing” for users’ identities and entitlements to provide robust processes and intelligence that inform governance and business decisions and foster desirable business outcomes.
-
Transforming a Security Organization
This session will share some of the key milestones met by Standard Life as they brought together these teams. John will discuss some of the challenges faced when bringing specialist teams together as well as the benefits of integration. Examples will be shared where combined strengths have allowed for better results. John will also talk about some of the key projects currently being worked on by the new, combined department. Light on theory, this session will cover the practical challenges faced since the creation of the new team, and will seek to share a number of "take-aways" to get you thinking when you arrive back in your office.
-
Pragmatic Approach to Deploying Mobile Devices in a Regulated Environment
Enterprises are quickly adopting smartphones and tablets with broader access to corporate resources. Balancing security and ease of use proves challenging in regulated environments, especially with regards to sensitive application data and documents. This case study will focus on industry concerns when deploying and managing corporate and employee-liable devices. Discussion topics will include security considerations, application deployment and custom application development best practices, data leakage concerns with documents, and deployment scenarios for SaaS or on premise solutions. Key take-aways will be practical next steps to get started, traditional hurdles, potential roadmap strategies and value drivers to the business.
-
Improving Decisions Using Risk Management Tools
The case study will describe how risk management operated in HMRC and IMS and why there was a need to take it to the next level. It will describe how the Risk Tool is part of a portfolio of products that will provide managers across the organisation with better quality information for informed decision making.
-
Turning Information Security Into Information Risk Management
Shell traditionally has a strong emphasis on securing their information. In the late eighties Shell’s Information Security Policy Manual formed the foundation of the industry standard BS7799, however a lot has changed in the world of protecting business information since then. More and more business dependency of ICT and new technology required a strong need to focus on a cost-effective way to protect information. Hence solid information risk assessment to identify what really matters and selecting proper counter measures are key to be successful in the area, today. This case study will share with you how since 2009, Shell moved its Information Security model into an Information Risk Management (IRM) model, providing an inside look on the transformation approach and how their IRM process is now working to deal with today’s threats.
-
Using Effective Governance to Reduce Information Security Risk
The workshop will describe the governance structures and best practices deployed by the Intellectual Property Office with the assistance of Gartner Consulting, which successfully embedded information risk management within the business; ensured that Information Asset Owners fulfilled their roles effectively and efficiently, enabled the implementation of stringent security and risk management standards set by UK Government; and in turn increased the effectiveness of the security team through close integration with the business.
-
IT Security Transformation — Creating the Strategy, Developing the Approach and Transformational Need, Activities Initiated (within BAT), Lessons Learnt
The presentation will focus on aligning security with the business, ensuring the need for change is understood and establishing the program to transform the business.
-
Roundtable: From Jeers to Cheers: The Role of SharePoint in Information Protection
"Whether integration with data loss prevention and encryption, improved identity and access management, or use of metadata for security tagging, SharePoint and its extended solution environment afford new protection options for enterprises.
-
Roundtable: Customer Experience With New Work Models and Flexible Device Ownership
To examine the customer experience with access programs that enable employee mobility, work-at-home, secure offshore development, vendor support, business continuity, and a variety of other kinds of partner relationships and device ownership models.
-
Roundtable: Managing the Risks of Your Vendors
Vendor risk management helps prevent negative impacts on business performance from risks associated with IT service providers. Through oversight and prevention of problems, VRM can also help improve vendor performance and the vendor's value contribution to the business. This session will address: What is a vendor management program? What vendor risks should you monitor? What risk management and compliance terms and conditions should you enforce with your vendors?
-
Roundtable: Dealing With the Security Risks of Clouds and Services
Today’s IT department is increasingly being asked, or forced, to use externally provisioned services. The best practices for assessing the risk, evaluating vendor claims, specifying contract clauses, and managing the vendor relationship, are still evolving. This roundtable will be an opportunity for peers to have a frank discussion about their frustrations and successes, as we work towards a set of practical and defensible processes for new delivery models.
-
Roundtable: Mobile Technologies in Disaster Recovery
Remote access will play a critical but erratic role during business disruptions. In this roundtable, we will discuss technologies available and their readiness to help with each phase of a disruption. Supporting work practices to be considered include integration of Telework with EMNS, use of personal and ad hoc equipment, and VPN scalability.
-
Roundtable: Best Practices for Interacting With the ERM Program
One of the consequences of the re-regulation of the European Financials Services industry is that IT leaders need to better become aware of the requirements of their business counterparts. Establishing a mutually beneficial relationship between IT and risk management/compliance departments is key. This roundtable will focus on practical guidelines to bridge the gap between the two departments.
