Agenda
Security and Risk Intelligence: Next Steps in Improved Business Performance
As IT security and risk disciplines converge, it's increasingly important to architect a comprehensive strategy across roles. The summit features four complete programs on Security, Risk Management, Business Continuity Management, and CISO roles. Each program offers a full track of analyst sessions, keynotes, roundtable discussions, case studies, workshops, and more. Build a custom agenda across all four, or attend sessions in a single program.
Comprehensive Tracks and Sessions
The majority of the agenda is made up of Gartner analyst sessions — research-driven presentations that focus on the issues that matter most in IT today. Leveraging the latest research collected from organizations worldwide, analyst sessions provide real-world information that will help you make better decisions and drive more successful initiatives.
Our Agenda will feature comprehensive tracks to drill down on your hottest topics, with track sessions tagged to help you create a customized agenda based on your role, experience level and key focus.
- Governance Risk Compliance
- Cloud Computing and Recovery
- Security Architecture
- Mobile Applications and Security
- Security Threats and Vulnerabilities
Hot topics to be covered:
Special Sessions
In addition to our comprehensive tracks, our Agenda also features several special sessions providing opportunities to learn from and interact with Gartner analysts, industry experts and peers, and top solution providers:
-
Keynote Sessions
Typically presented by non-Gartner industry leaders, these plenary sessions are designed to be entertaining and thought-provoking.
-
Workshops
Presented by Gartner or guest experts, these intimate workshops provide an opportunity to drill down on specific "how to" topics in an extended, small group environment. Sessions designed for end users only. Registration required.
-
End-User Case Studies
Gartner invites a number of end users to personally present leading-edge case studies and answer questions.
-
Analyst One-on-Ones
Sit privately for 30 minutes with a Gartner analyst specializing in the topic you'd like to discuss. Many attendees tell us that a one-on-one session is worth the price of admission, all by itself.
-
Analyst-User Roundtables
Hear how your colleagues from various industries tackle problems similar to yours. These small group discussions provide an informal setting for you and your peers to share insight, challenges and concerns on today's hottest topics.
-
Solution Provider Sessions
In these moderated panels, vendors and end users share experiences and "lessons learned" from real implementations.
-
Workshop: IT Score For Security Management Workshop (Pre-registration required. For End Users Only.)
Balanced scorecards provide security teams with critical tools to demonstrate value by identifying and leveraging security's benefits across multiple business domains. This workshop discusses the building blocks for balanced scorecards for Information Security and how clients can avoid the hurdles. - What are the basic building blocks required for creating a balanced scorecard for Information Security? - How can clients avoid the common hurdles to developing a scorecard? - What does an example scorecard look like?
-
Workshop: ITScore for Privacy Workshop (Pre-registration required. For End Users Only.)
Privacy gets ever more complex. How do organizations know they are doing enough? How do they know they are not doing too much? Measuring privacy is an emerging discipline. In this workshop, we will introduce Gartner's ITScore assessment for privacy. Bring your laptop to run your own assessment. - Which are the relevant dimensions to describe an organization's privacy posture? - What is the privacy maturity level of my organization and how do I compare against others? - What steps does my organization have to take in order to reach the next level?
-
Workshop: ITScore for IAM (Pre-registration required. For End Users Only.)
IAM leaders use this Gartner assessment to evaluate their IAM efforts against key maturity indicators. This helps determine which aspects of a maturity level are most important and how to advance. Immature programs are likely to be inefficient, ineffective and unable to deliver full business value. - What does maturity mean for an IAM program? - How does ITScore measure maturity of the IAM program? - How can enterprises use ITSCORE to assess the maturity of their IAM programs?
-
Workshop: Securing the Access Layer: Identifying the Right Authentication Strategy for BYOD, Contractors, Guests and Employees (Pre-registration required. For End Users Only.)
Network access needs change with mobility and new devices. Understanding usage, devices and risk profiles are first steps. This workshop helps build a strategy by outlining options associated with authentication to corporate, guest access or limited access networks. - How have enterprise connectivity dynamics shifted during the past two years? - How should enterprises rethink their approach to user authentication? - What is disruptive about network access requests when matrixed against the types of devices people want to use?"
-
Workshop: Implementing BCM Standards for BCM Maturity and Organizational Certification (Pre-registration required. For End Users Only.)
This three hours workshop will review and compare the most common BCM standards, provide best practices for using them for organization certification and then have attendees participate in a standards implementation exercise. - What are some common BCM standards? - How important is organizational certification relevant to BCM standards? - What are some best practices towards implementing BCM standards?
-
Workshop: Policy Critique Workshop (Pre-registration required. For End Users Only.)
Everybody brings a page of their policy document with them, and we all critique each other’s document.
-
Workshop: Implementing CoBiT 5 (Pre-registration required. For End Users Only.)
COBIT 5 is a major strategic improvement providing the next generation of ISACA guidance on the governance and management of enterprise information and technology (IT) assets. Learn from ISACA's experts how to implement COBIT 5 in your enterprise.
-
Workshop: Creating Key Risk Indicators for your Company(Pre-registration required. For End Users Only.)
This 120 min workshop follows the concepts from the session “Using Key Risk Indicators to Influence Business Decision Making” to help you develop your own set of organization-specific KPIs and KRIs. - How can identify relative KPIs in the business? - How can I define a set of correlated and relevant KRIs? - What are the best practices for using KRIs and KPIs in executive communication?
-
Roundtable: Where did I Leave My Privacy (Pre-registration required. For End Users Only.)
With mobile technologies and widespread surveillance, losing your privacy is easier than ever. Share lessons learned on location privacy with other participants. - How are location-based services impacting the security and privacy of citizens and enterprises? - What policies should organizations put in place about the use of mobile devices, particularly for international travel? - How can organizations leverage location-based services while protecting the security and privacy of their corporate assets and personnel?
-
Roundtable: Application Security (Pre-registration required. For End Users Only.)
Packaged and custom-developed applications often have vulnerabilities. Finding and mitigating weaknesses consumes time, effort, energy and money. Here security professionals, application developers and others discuss the risky business of relying on applications with potentially hidden problems. - What are the best tools and techniques to help in secure software development? - What services are available to certify the security and availability of packaged applications? - How can organizations cope with vulnerabilities in software?
-
Roundtable: Content Aware DLP for Organizations on the Move (Pre-registration required. For End Users Only.)
Data loss prevention has received attention as a way of keeping sensitive information from 'leaking' from an organization, but implementation has been more difficult than estimated. This is particularly true as mobility is introduced. Peers discuss their experiences in this facilitated round table. - How is DLP is creating false hopes and how do you bring the project back to reality? - What is the impact of increased mobility on the need to protect sensitive intellectual property and other information? - Are DLP tools and approaches viable in today's modern organization?
-
Roundtable: Lessons Learned from Securing My Home Network (Pre-registration required. For End Users Only.)
Share your “war stories” with other attendees about how you have secured your home network. Come prepared to whiteboard your design and discuss your favorite products and solutions. Who knows, you may even learn something that you can apply in your corporate network! - How does consumer grade and enterprise network equipment compare when it comes to implementing and maintaining secure connections? - What are the best designs for securing home networks? - What concerns should network security professionals have about work-at-home employees and the networking tools they use?
-
Roundtable: DMZ Design (Pre-registration required. For End Users Only.)
Dynamic trends such as virtualization, web services, XML firewalls and access to new mashups can open perimeter holes. The definition of the DMZ has changed. This group of peers will discuss design challenges and current thinking of how DMZs will be architected in the future. - Is the concept of a DMZ old-fashioned? - How will IPV6 change the way organizations design DMZs? - Which vendors are best positioned to support future DMZ designs?
-
Roundtable: Best Practices in Recovery Exercising (Pre-registration required. For End Users Only.)
How are organizations balancing the need for DRM with the increasing time and costs involved, calling for more efficiency. Participants share tools and methods used to emprove the scope, execution and rsults from this important activity. - Why is effective recovery exercise management a complex discipline? - Which technologies and products are reducing the time and effort needed for exercise execution? - What approaches are being taken by Gartner clients to streamline exercising time and cost while also improving its effectiveness?
-
Roundtable: Social Media in BCM (Pre-registration required. For End Users Only.)
How can new forms of social media assist in business continuity planning, both to anticipate events, and to work during and after them? Share your ideas here. - How have social media been helpful in BCM? - What kinds of information can be gleaned from social media to help organizations anticipate a business continuity event?
-
Roundtable: Supply Chain Risks (Pre-registration required. For End Users Only.)
With business uncertainty unabated, natural disasters, and new regulations, supply chains are under pressure. Share lessons learned with fellow participants. - How do organizations anticipate disruptions to their supply chains? - What aspects of supply chain management need hardening to protect sensitive shipping data? - What lessons were learned from disasters in the far east this past year impacting business critical inventory?
-
Roundtable: Healthcare Roundtable (Pre-registration required. For End Users Only.)
Federal, State and Local governments face resource constraints, unfunded mandates, and pressures from consituents for safe and secure access to sensitive data. What are security and risk professionals doing to cope with this environment? - What new mandates are facing security managers in the public sector, and how are they addressing them? - What new security and privacy regulations impacting the public sector will have influence in the commercial sector? - What federal-state-local security event coordination is taking place, and is it enough?
-
Technical Insights Roundtable: Application Security Testing (Pre-registration required. For End Users Only.)
This session is restricted to attendees with a CISO or equivalent tile, or other C-level or senior management role related to Information Security. This is an discussion session. - What critical issues are facing CISOs? - How important is the CISO role within specific enterprises? - How does a typical CISO convey security and risk information to the board?
-
Roundtable: Utilities and Energy RT (Pre-registration required. For End Users Only.)
What's your most outrageous auditor demand. Sit around the campfire with fellow participants, share audit horror stories, and lessons learned on negotiating with auditors. - What are auditors demanding regarding risk and how are organizations responding? - What is the best type of auditor to work with, and what is the worst? - How can organizations work more collaboratively with auditors to avoid conditional reports?
-
Roundtable: CISO Only Roundtable(Pre-registration required. For End Users Only.)
-
Roundtable: IT Availability (Pre-registration required. For End Users Only.)
In this roundtable clients share experiences about IT resiliency. Topics include best practices and critical success factors in continuous application availability, measuring availability, service-level agreements, disaster recovery testing, data center resiliency strategy and failover/failback. - Does the criticality of IT availability vary by industry, and if so, how? - How can organizations go about testing for the organizations ability to be resilient in a variety of conditions? - What tools and techniques exist for demonstrating the organizations ability to respond to a disaster?
-
Roundtable: Outsourcing Security (Pre-registration required. For End Users Only.)
Organizations often outsource a security functions to managed security service providers and other outsourcers. How far can they go in handing off critical defensive mechanisms, and which should they maintain in house? Join a group of peers in addressing this ongoing question. - How do organizations evaluate security outsourcing providers? - Which functions can be safely handed off to outside services, and what expertise should be maintained internally? - How much effort is involved in managing outsourced security functions?
-
Roundtable: Dealing with Cloud Risks (Pre-registration required. For End Users Only.)
As new audit standards go into effect, it's harder than ever to know whether cloud vendors have adequate controls. Learn from fellow participants what their best practices are for managing cloud risks. - How important are security and risk factors to organizations considering cloud-based services? - What methods and standards are available to evaluate the security and risk profiles of cloud providers? - How do government agencies and commercial entities compare when it comes to dealing with cloud risk?
