Filter your agenda by the key pillars that security and risk management executives must master to enable digital business in a world of escalating risk.

Agenda / By Track

Thursday, 30 August, 2018 09:00 AM|Thursday, 30 August, 2018 10:00 AM
Gartner Keynote: Scaling Trust and Resilience — Cut the Noise and Enable Action
Lawrence Orans, Research VP, Gartner
Rajpreet Kaur, Principal Analyst, Gartner
Sid Deshpande, Research Director, Gartner

Constant change in the threat landscape and compliance requirements present daily challenges that can feel overwhelming. Scaling security when facing a fast-paced IT innovation landscape involves choices, often at the expense of building trust and resilience. Three key questions drive strong decision making: What's important, what's dangerous and what's real? This session presents scenarios to demonstrate that ruthless prioritization in the answers helps us cut through the noise and enables action that changes our outlook from overwhelmed to empowered.


Thursday, 30 August, 2018 10:30 AM|Thursday, 30 August, 2018 11:15 AM
Pragmatic Steps for a Successful Security Strategy
Jeffrey Wheatman, Research VP, Gartner
Wam Voster, Sr Director Analyst, Gartner

CISOs are called on to fill the twin roles of operational expert and strategic planner. Many CISOs struggle when developing a strategy because they have not been exposed to this process. A few pragmatic steps can help ensure that your strategy is useful. This session will address the following: • What are the elements that you must consider? • What pragmatic steps can you take during its development to ensure success? • What safeguards do you need to support successful execution?


Thursday, 30 August, 2018 10:30 AM|Thursday, 30 August, 2018 11:15 AM
How to Approach Security in an Aligned IT/OT World
Wam Voster, Sr Director Analyst, Gartner

Business requirements drive organizations to connect their IT and OT. This alignment between IT and OT requires organizations to rethink their approach to securing the traditionally separate IT and OT worlds. This session will cover best practices on getting security governance right in an aligned IT/OT world, tips on how to deploy common teams and the role of the digital risk officer.

Please Note: based on availability and eligibility you may sign-up for this session via Events Navigator after you register for this event.

Thursday, 30 August, 2018 10:30 AM|Thursday, 30 August, 2018 12:00 PM
Workshop: Go Beyond Compliance — Anti-Money Laundering Programs That Changes the World
Danny Luong, Research Director, Gartner

Workshop to discuss the anti-money laundering market focusing on: Security and risk management leaders' understanding the need for efficiency but how to gain effectiveness in detecting suspicious activity without high operational overhead is still eluding the market, developing a new breed of AML experts/operators that are driven by a social mission and ideas for an AML black ops (best practices of the elite AML programs and teams).

Please Note: based on availability and eligibility you may sign-up for this session via Events Navigator after you register for this event.

Thursday, 30 August, 2018 11:30 AM|Thursday, 30 August, 2018 12:15 PM
Effectively Establish and Operate a Third-Party and Vendor Risk Management Program
Jie Zhang, Sr Director Analyst, Gartner

Vendors and third parties can create significant risks to business operations and performance. This session will provide an overview of the methods to efficiently reduce residual vendor risks. What are the current best practices for assessing, monitoring, remediating or mitigating vendor risks? What emerging practices are improving the value of vendor risk management programs?


Thursday, 30 August, 2018 01:30 PM|Thursday, 30 August, 2018 02:15 PM
Managing the Insider Threat: Why Employee Monitoring Is No Longer a Dirty Word
Jonathan Care, Sr Director Analyst, Gartner

Employee monitoring is one of those topics that most IT leaders don’t like to talk about. Blandishments like “We trust our people,” “We have a culture of openness,” are common. Yet, as Mark Twain said “The difference between a man and a dog is that if you feed a dog and take care of it, it will not bite you”. We examine how employee monitoring contributes not only to prevention and detection of internal malfeasance, but can also be used to safeguard employees and ensure safe working.


Thursday, 30 August, 2018 03:15 PM|Thursday, 30 August, 2018 03:45 PM
Impact Appraisal: Technologies Converge to Aid Transparency in Mobile Authentication
John Girard, Distinguished VP Analyst, Gartner

If you are still struggling with getting beyond passwords, better times are coming. The conjunction of increasing online use cases and competition for embedded biometrics in next-generation hardware is propelling opportunities for advanced authentication techniques. This presentation will chart a course for clever, subtle and transparent identity management.


Thursday, 30 August, 2018 04:45 PM|Thursday, 30 August, 2018 05:30 PM
Improve Your Enterprise Anti-Fraud Program by Implementing a Financial Crime Taxonomy
Danny Luong, Research Director, Gartner

Banks are experiencing a variety of attacks, but struggle to understand the modus operandi and correctly classify them to implement effective strategies to manage them. This presentation provides security and risk management leaders with a framework to deconstruct complex crimes and devise strategies to mitigate risk.


Friday, 31 August, 2018 01:45 PM|Friday, 31 August, 2018 02:15 PM
When the Going Gets Tough, the Business Blames the CISO
Wam Voster, Sr Director Analyst, Gartner

As long as business is doing well business leaders are applauded and rewarded, but the moment something bad happens the CISO is blamed for not properly protecting business information. How can security and risk management leaders ensure roles and responsibilities are clear? What can be done to ensure ownership of risk is well-defined. How much risk should the CISO actually own?


Friday, 31 August, 2018 02:30 PM|Friday, 31 August, 2018 03:15 PM
What Your Board Wants to Know
Jeffrey Wheatman, Research VP, Gartner
Eric Ouellet, VP, Analyst, Gartner

It is now common practice for a board of directors to require periodic reporting and event-based updates on the state of IT risk and information security. Risk and security leaders must provide board-relevant and business-aligned content. This presentation discusses what you need to present. Key Issues: • What is the role of the board and what do they care about? • What content do you need to cover? • How should you present this content?


Friday, 31 August, 2018 02:30 PM|Friday, 31 August, 2018 03:15 PM
Plan for Success With Identity Governance and Administration
Felix Gaehtgens, Sr Director Analyst, Gartner

IGA deployment initiatives are a potential minefield for many organizations that risk costly delays, difficult integration and lower overall value. Gartner has identified common anti-patterns for IGA adoption that range from the planning phase to the actual deployment and integration. Learn how to identify and avoid these common mistakes and plan for a successful IGA deployment by focusing on value and using Gartner's IGA deployment model.


Friday, 31 August, 2018 03:30 PM|Friday, 31 August, 2018 04:15 PM
What Security & Risk Leaders Need to Know About Blockchain
Jonathan Care, Sr Director Analyst, Gartner

Organizations are allocating funds for blockchain without defining use cases, putting security and risk management leaders in a bind. You need to support the adoption of blockchain, but manage the risks that result from relatively unproven tools. Come learn: ● How to trust distributed identity. ● How to trust unknown cryptographic service providers on blockchain and distributed ledgers. ● Recognize the can't-happen-don't-care state is more important than we think.


Friday, 31 August, 2018 03:30 PM|Friday, 31 August, 2018 04:15 PM
Ask the Analyst: How to Approach Security in an Aligned IT/OT World
Wam Voster, Sr Director Analyst, Gartner

Business requirements drive organizations to connect their IT and OT. This alignment between IT and OT requires organizations to rethink their approach to securing the traditionally separate IT and OT worlds. This interactive session will cover best practices on getting security governance right in an aligned IT/OT world, tips on how to deploy common teams and the role of the digital risk officer.

Please Note: based on availability and eligibility you may sign-up for this session via Events Navigator after you register for this event.

Friday, 31 August, 2018 04:45 PM|Friday, 31 August, 2018 05:30 PM
Gartner Keynote: Digital Business and Culture Clash — Surviving the Revolution
Jeffrey Wheatman, Research VP, Gartner
Eric Ouellet, VP, Analyst, Gartner
Sid Deshpande, Research Director, Gartner

Gartner research shows that success in the digital business revolution requires material culture changes inside and outside of IT. Organizations are limiting themselves through fear of technology, while the line between technology and business outcomes is disappearing. Non-IT executives treat security like a cost center and do not understand how to accept technology risks. A risk-aware culture must be developed and mature. Come hear about this groundbreaking research that links digital business success to culture and risk.


Thursday, 30 August, 2018 08:00 AM|Thursday, 30 August, 2018 08:30 AM
Tutorial: Do the Simple Things Well in Information Security
Prateek Bhajanka, Principal Analyst, Gartner

Good information security hygiene is a must, but many organizations lose focus on getting the basics right, leading to an unjustified level of confidence in risk posture. Join us and learn: • What are the key activities, capabilities and practices for organizations? • What are the activities that you can delay or even skip entirely? • Why doing the basics is more important than ever.


Thursday, 30 August, 2018 10:30 AM|Thursday, 30 August, 2018 11:15 AM
Manage Privileged Access to Reduce Security Risks and Increase Agility
Felix Gaehtgens, Sr Director Analyst, Gartner

Is your organization in need of a privileged access management (PAM) solution? If so, this session will serve as a good primer on the technology. Key issues covered include: • Introduction to privileged access management. • The PAM maturity model. • An overview of PAM tools and when and how to use them.


Thursday, 30 August, 2018 11:30 AM|Thursday, 30 August, 2018 12:15 PM
Windows 10 Security and Implementation Advice
Eric Ouellet, VP, Analyst, Gartner

Windows 10 is getting unprecedented rapid implementation in the enterprise. This session will: •Look at the most significant security improvements in Windows 10. •Compare and contrast optional Windows 10 security features to third-party solutions. •Provide implementation guidance to ensure that the security improvements are getting deployed. •Look a the future of Windows security in the enterprise.


Thursday, 30 August, 2018 01:30 PM|Thursday, 30 August, 2018 02:15 PM
How to Hunt for Security Threats
Mark Nicolett, Managing Vice President, Gartner

Threat hunting (TH) is very hot, but very few organizations actually do it. Attend this session to learn the basics of practical hunting and how to start your TH effort. Key issues covered in this session: • What is TH? • How do you incorporate TH into your SOC processes? • How do you develop a basic TH capability? • Where do you get ideas on what to hunt for? • How do you measure TH successes?


Thursday, 30 August, 2018 03:15 PM|Thursday, 30 August, 2018 03:45 PM
Tips for Selecting the Right Security Analytics Tools for Your SOC
Kelly Kavanagh, Principal Research Analyst, Gartner

When building a security operation center, or trying to improve the visibility over threats, an abundance of new technologies overwhelms security leaders with too many options. This session will highlight the benefits and compare the use cases for the most useful security analytics tools. Technologies covered in this session include SIEM, network traffic analysis, user behavior analytics, endpoint detection and response, intrusion detection, full packet capture and SOAR.


Thursday, 30 August, 2018 03:15 PM|Thursday, 30 August, 2018 03:45 PM
How to Adapt Application Security Practices for DevOps
Dale Gardner, Research Director, Gartner

Organizations are regularly adopting agile development methodologies and DevOps initiatives. Application security process and technology best practices are abundant, but not all of them fit in the world of rapid application development and delivery. This session will highlight some of the areas of opportunity for security automation as well as pitfalls that may inhibit application releases.


Thursday, 30 August, 2018 04:45 PM|Thursday, 30 August, 2018 05:30 PM
Alexa, Investigate This Incident
Mark Nicolett, Managing Vice President, Gartner

Security orchestration, automation and response (SOAR) tools have been growing in popularity as organizations try to introduce automation in their security operations practices. This session defines this emerging technology and presents emerging deployment and operations practices. Questions covered: • What is SOAR • Do I need it? Who does? • How are organizations using SOAR tools? • What are the best practices in deployment and use of SOAR tools?


Friday, 31 August, 2018 10:15 AM|Friday, 31 August, 2018 10:45 AM
In a Hybrid World, a Single Brand of Firewall Is Still a Best Practice
Rajpreet Kaur, Principal Analyst, Gartner

With private cloud, public cloud and SaaS becoming pervasive across enterprises, the relevance of third-party security controls is in question. Infrastructure and application owners ask whether third-party firewalls are necessary to secure business data in these new environments. A single brand of firewall is the best approach to regulating access to — and security within — hybrid networks.


Friday, 31 August, 2018 11:45 AM|Friday, 31 August, 2018 12:30 PM
Endpoint Security: The Convergence of EPP and EDR
Eric Ouellet, VP, Analyst, Gartner

Over the past 18 months, EPP solutions and EDR solutions have been converging however not all capabilities are available from the offerings. - What can you expect to see from this convergence in the short term and longer term? - What are the missing pieces that you need to be aware of? - How should you plan your future initiatives in light of this convergence


Friday, 31 August, 2018 01:45 PM|Friday, 31 August, 2018 03:15 PM
Workshop: Starting a Security Monitoring, Detection and Response Initiative
Mark Nicolett, Managing Vice President, Gartner

We can't prevent all threats, but it doesn't mean people working on security monitoring and operations can't start detecting and responding. But how do you do it without breaking the bank? How should you start with detection and response? This workshop will go through a structured approach to find out: (1) What are the basic processes and tools to get right? (2) How do you succeed with a small team? (3) How do you use third parties gracefully and effectively?

Please Note: based on availability and eligibility you may sign-up for this session via Events Navigator after you register for this event.

Friday, 31 August, 2018 02:30 PM|Friday, 31 August, 2018 03:15 PM
How to Evolve Your Mobile Security Strategy in 2018
John Girard, Distinguished VP Analyst, Gartner

Mobile attacks continue to surface. Do you have all the right mobile security solutions in place? Come learn how to build a defense in-depth strategy for your ever growing mobile workforce. We will also discuss how UEM, MTD and mobile OS/HW security solutions continue to improve.


Friday, 31 August, 2018 03:30 PM|Friday, 31 August, 2018 04:15 PM
Navigating the Technology Landscape of Web Application Protection
Dale Gardner, Research Director, Gartner

Protecting modern web applications requires an appropriate mix of technologies for client-side and server-side components. Microservice design patterns, web API adoption, mobilization and cloud integration increase the complexity further. This session will cover the various protective technologies that are available to organizations and provide recommendations on how to leverage them effectively.


Thursday, 30 August, 2018 08:00 AM|Thursday, 30 August, 2018 08:30 AM
Tutorial: State of Endpoint and Mobile Security, 2018
John Girard, Distinguished VP Analyst, Gartner

Endpoint and mobility use cases continuously transform business processes and challenge established security best practices. Integrity comes down to personal discretion. We provide IT leaders with a path to introduce agility and tolerance into critical infrastructure. Concerns include technology trends, emerging exploits and the sheer enormity of data protection in an interconnected workplace.


Thursday, 30 August, 2018 10:30 AM|Thursday, 30 August, 2018 11:15 AM
Wait! What? Someone Spoofed Our Email and We Lost $1M?
Jonathan Care, Sr Director Analyst, Gartner

Emails get spoofed. Sometimes it's a prank but increasingly it's the vector for fraudulent criminal gangs. Impact can be loss of confidential data, actual financial losses through fraud or blackmail and extortion. Email has remained the dominant B2B communication channel for years and is likely to be so for the foreseeable future. Let's look at how we can fix it — not just for ourselves but for our customers, supply partners and employees.


Thursday, 30 August, 2018 11:30 AM|Thursday, 30 August, 2018 12:15 PM
State of the Threat Landscape, 2018
Pete Shoard, Sr Director Analyst, Gartner

When it comes to the threat landscape, it can be challenging to understand how you should act to protect your business. Gartner presents a methodology to help organisations understand what really matters when looking at the latest threats. This session will cover the importance of understanding risk, patch and vulnerability management as well as applying some key issues of the 2018 threat landscape to a core methodology.


Thursday, 30 August, 2018 01:30 PM|Thursday, 30 August, 2018 02:15 PM
If You Thought Securing Your IT Was Difficult, Try Securing Your OT
Wam Voster, Sr Director Analyst, Gartner

The world has seen an increase in security incidents. The use of commercial operating systems in industrial control systems means that OT is now susceptible to the same attacks as in the IT world. What should security and risk management leaders do to develop a coherent strategy to protect not just the organization’s information but also the OT? This presentation will address topics like processes, architecture and controls.


Thursday, 30 August, 2018 01:30 PM|Thursday, 30 August, 2018 03:00 PM
Workshop: Crisis Communications After a Security Incident
Jie Zhang, Sr Director Analyst, Gartner

From the likes of WannaCry, Petya and others, cyberattacks are more frequently and more significantly disrupting business operations. This workshop presents crisis communication and coordination best practices so that attendees will gain valuable experience in ensuring a strong crisis communications position.

Please Note: based on availability and eligibility you may sign-up for this session via Events Navigator after you register for this event.

Thursday, 30 August, 2018 04:45 PM|Thursday, 30 August, 2018 05:30 PM
The State of Cloud Security 2018
Sid Deshpande, Research Director, Gartner

This presentation tells the current story of cloud security, providing an overview of the unique risks of the various forms of public cloud computing, so that the security professional can help the rest of their organization fully understand and address cloud risks. The unique security challenges of IaaS and SaaS are discussed and viewers are provided with a summary of current- and near-term products and practices that can be used to monitor and control the use of public cloud computing.


Friday, 31 August, 2018 10:15 AM|Friday, 31 August, 2018 10:45 AM
Monitor User Activity With Data or Prepare for a Breach
Deborah Kish, Sr Principal Analyst, Gartner

Enterprises have had a wake-up call over the last few years as their data assets have been increasingly plundered, with increasing financial liabilities. Users need access to data to do their jobs, but not all data. Data-centric audit and protection tools must be applied to detect potential malicious activity before it results in a breach.


Friday, 31 August, 2018 11:45 AM|Friday, 31 August, 2018 12:30 PM
State of Risk Management 2018
Jie Zhang, Sr Director Analyst, Gartner

Risk management continues to be an area of growing maturity and investment for most organizations, as the risk landscape becomes increasingly complex and interconnected. As a result, new technology solutions are emerging to increase the collaborative nature of risk management to support data-driven decision making, both within and external to an organization. This session explores how integrated risk management (IRM) will help improve risk management practices.


Friday, 31 August, 2018 11:45 AM|Friday, 31 August, 2018 12:45 PM
Roundtable: Lessons Learned When Deploying Privileged Access Management Technology
Felix Gaehtgens, Sr Director Analyst, Gartner

PAM tools are not difficult to install, but it can be a challenge ensuring that all gaps are being covered. In this roundtable, we will share experience on how organizations have overcome political, technical and cultural pitfalls to use these tools in a way that enables the organization.

Please Note: based on availability and eligibility you may sign-up for this session via Events Navigator after you register for this event.

Friday, 31 August, 2018 01:45 PM|Friday, 31 August, 2018 02:15 PM
Data Classification 101
Deborah Kish, Sr Principal Analyst, Gartner

Increasing regulatory and security threats are pushing a lot of security and risk management leaders to start a data classification initiative or revisit a previously unsuccessful one. This session provides a practical approach to implement data classification: 1) What policies and standards do you need? 2) How do you implement data classification successfully? 3) What role do tools play?


Friday, 31 August, 2018 01:45 PM|Friday, 31 August, 2018 02:30 PM
Ask the Analyst: State of Fraud Prevention and Payment Security
Danny Luong, Research Director, Gartner

Fraud prevention leaders have mastered the art of detecting and preventing fraudulent account activity and payment events in many verticals and use cases, but as customers change the way they interact with each other and their expectations of their service providers, banks, retailers, healthcare teams and governments, the old ways have failed to evolve. Please note: Preregistration required. Reserved for end user organizations.

Please Note: based on availability and eligibility you may sign-up for this session via Events Navigator after you register for this event.

Friday, 31 August, 2018 03:30 PM|Friday, 31 August, 2018 04:15 PM
GDPR the Day After: 3 Myths and 6 Key Capabilities Discussed
Nader Henein, Sr Director Analyst, Gartner

After ample preparation time in anticipation of the GDPR, Gartner has observed a few misconceptions on privacy as well as a number of key functions for a mature privacy management program. We will address the lessons learned and the necessary capabilities to protect privacy, including the role of security, program ownership, and what the market is and should be doing.


Start planning your agenda now.