Track 3: A Strategic Vision for Security and Risk Management Leaders
Leading the information security or risk management function is a special responsibility, requiring a mix of technical, office political and social skills. Particular challenges include instilling security and risk management into the business; optimizing a limited budget; refining the security and risk organization; and reporting on risk and security activities in a way that business executives can easily grasp.
Sessions
Understanding and Managing SaaS and Cloud Computing Risks
Cloud Computing and SaaS bring unique data control, compliance and vendor viability risks that are difficult to assess and control. Organizations considering cloud-based services must understand the associated risks, defining acceptable use cases and necessary compensating controls before allowing them to be used for regulated or sensitive information. This presentation will examine the practices being carried out by today’s enterprise.
Report Risk to the Board — And Keep Your Job
Aligning risk and security activities to business strategy is necessary when reporting and communicating to business executives. Engaging business managers can facilitate necessary cultural change and provide business managers with the risk information they need in the proper context to make better business decisions. This session presents three case studies and two practical methods for communicating with executives.
Security and Risk Management as a Social Science
As technical security controls are increasingly integrated into the infrastructure fabric, the focus of CISOs will continue to shift towards the behaviors, attitudes and culture of the human stakeholders of the enterprise. This presentation will highlight how this will impact the role of information security leaders, the opportunities this present, and the actions that they should take to prepare for the challenge.
Social Media is not a Security Problem
Many security organizations have reacted to the novelty and popularity of social networks, blogs, wikis and micro-blogs by battening down the hatches and shutting off access. Ironically, the significant risks presented by social media cannot be mitigated by infrastructure controls and are not produced by the technology supporting social media. This presentation will debunk the security hysteria around social media and define an effective approach to assuring security across the changing landscape of social applications.
The Top Five Ways to Achieve PCI Compliance
This presentation will highlight the top five Gartner recommendations for enterprises to protect customer data and more easily demonstrate compliance with the PCI standard. It will also explore the future of payments security, and the fact that PCI, as we know it, will become an outdated standard in the next seven years.
Agenda Builder Tool
With a wealth of sessions, it is helpful to have a tool to build your own agenda focusing on your own needs. The online Agenda Builder helps you select and add them to your calendar, and to build in networking and reflection time into your schedule. You can follow one of the specific tracks, or sessions based on maturity of your projects, business or technology focused sessions or just simply mix and match!
Click here for the Agenda Builder tool.
More Event Info
Share
