2019 topic highlights

Leadership
Receive guidance on how to effectively communicate with senior executives and the board level.

Privacy
Determine privacy regulation needs, data compliance and relevant constraints.

Emerging security trends
Prepare for the Internet of Things (IoT), artificial intelligence (AI) and machine learning (ML).

Risk management
Accelerate digital business and build on risk management  strategies by influencing executives through increased awareness in IT risk management.

Skills and talent
Challenge your understanding of how to address the ongoing IT security and risk management talent shortage.

Cloud security
Advance cloud security architecture, cloud risk management, cloud application and container security.

View By:

A look back at 2019's agenda

Monday, 28 October, 2019 08:15 AM|Monday, 28 October, 2019 08:45 AM

Tutorial: Introducing the Gartner Information Security Function Operating Model

Wam Voster, Sr Director Analyst, Gartner

Security & Risk Management Leaders are challenged to continuously adapt their organizations to meet the needs of rapid changes in digital business. This presentation introduces the Gartner Operating Model for the Information Security Function to address this challenge. This operating model represents how it orchestrates its capabilities to deliver against its operational and strategic objectives.

Monday, 28 October, 2019 09:15 AM|Monday, 28 October, 2019 10:15 AM

Gartner Opening Keynote: From Managing Risk and Security to Enabling Value Creation

David Mahdi, Sr Director Analyst, Gartner

Katell Thielemann, VP Analyst, Gartner

Steve Riley, Sr Director Analyst, Gartner

As complexity continues to grow and risks, threats and vulnerabilities multiply with no end in sight, how can security and risk management leaders move beyond reacting? Attendees will learn how to think differently about their role in value preservation and value creation, and how finding sweet spots in a human to machine continuum can help. This is the security and risk management leaders’ new imperative.

Monday, 28 October, 2019 02:45 PM|Monday, 28 October, 2019 03:15 PM

Building Successful Business Metrics for Technology Risk

Jeffrey Wheatman, VP Analyst, Gartner

Metrics should inform better decision making. “Business alignment” is spoken about frequently, but execution is challenging throughout the Gartner client base. Key risk indicators (KRIs) should have defensible causal relationships to business impacts and present leading indicators to decision makers. Gartner has developed a methodology to integrate risk and corporate performance that helps achieve these goals.

Tuesday, 29 October, 2019 09:00 AM|Tuesday, 29 October, 2019 09:45 AM

Gartner Keynote: Mastering the Art of the Political Discussion

Jeffrey Wheatman, VP Analyst, Gartner

Security and risk management leaders often find themselves in political discussions,which can be high stakes,and challenging to successfully navigate. This session helps you know when you are in a political conversation,and provides practical techniques for managing the potential conflict and reaching a successful outcome.

Tuesday, 29 October, 2019 01:00 PM|Tuesday, 29 October, 2019 02:00 PM

Roundtable: Overcoming Cybersecurity Staffing and Skill Shortages in the GCC

Enterprises in the GCC are struggling to attract and retain cybersecurity talent. Join us for this peer-driven discussion on how to manage with a small team. How have you successfully overcome these constraints? When is a managed service the answer? What makes the most sense to keep in-house?

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Tuesday, 29 October, 2019 01:15 PM|Tuesday, 29 October, 2019 02:00 PM

Top Security and Risk Management Trends for 2019 and Beyond

Sam Olyaei, Director Analyst, Gartner

Brian Reed, Sr Director Analyst, Gartner

"Top" trends highlight ongoing strategic shifts in the security ecosystem that aren't yet widely recognized, but are expected to have broad industry impact and significant potential for disruption.
This presentation will describe the most significant trends in cybersecurity and how leading organizations are taking advantage of these trends.
Key issues explored will include:
Top technological improvements in the security product landscape
Trends in creating a top notch security organization
Strategic trends that will influence security strategy

Tuesday, 29 October, 2019 04:00 PM|Tuesday, 29 October, 2019 04:30 PM

Keeping Clouds Compliant: Top Five CSP Characteristics for Your Cloud Requisition Playbook

Cloud service providers may not always be ‘compliant’ with a regulation, although in some cases they do need to step up to specific requirements. The more mature a cloud service provider, the more help they can offer in demonstrating their compatibility with a regulation and in helping their customers understand how to use their offerings in a controlled and compliant way. This session addresses these common questions from risk, security, and procurement leaders. (1) How to contextualize security and privacy considerations for the cloud (2) How to gauge CSP's maturity in supporting compliance obligations (3) What tools to consider to better manage security and privacy compliance activities in the cloud.

Tuesday, 29 October, 2019 04:00 PM|Tuesday, 29 October, 2019 04:45 PM

The State of Network Security in the Cloud Era

Lawrence Orans, VP Analyst, Gartner

The rapid adoption of SaaS applications such as Microsoft’s O365, Salesforce and others is driving enterprises to rearchitect their networks, so that remote offices can achieve direct internet access with SD-WAN and other techniques. Enterprises will be purchasing more cloud-based security services and fewer appliances. Here, we will highlight best practices that enable a smooth transition to the adoption of cloud-based security services.

Tuesday, 29 October, 2019 05:00 PM|Tuesday, 29 October, 2019 05:30 PM

Learning From the State of the Threat Landscape in the GCC

Jon Amato, Sr Director Analyst, Gartner

Nader Henein, VP Analyst, Gartner

The threat landscape is a moving target. Attack campaigns might hit multiple organizations, but each enterprise should analyze its own threat landscape. Security and risk management leaders should gain baseline knowledge on:
1. Future trends more than statistics about the past
2. Potential threats more than attack patterns
3. Response options more than defense technologies

Tuesday, 29 October, 2019 05:00 PM|Tuesday, 29 October, 2019 05:30 PM

Security Organization Dynamics, 2019

Wam Voster, Sr Director Analyst, Gartner

There is no such thing as a perfect, universally appropriate model for security organizations. Every enterprise must develop its own model, taking into consideration basic principles, practical realities and the challenges of digital transformation. This presentation will address the following key issues:
- What are the trends and challenges in security organization design?
- What are the factors that influence security organization?
- What are the current best practices and contemporary conceptual design models for security organization?

Monday, 28 October, 2019 08:15 AM|Monday, 28 October, 2019 08:45 AM

Top 10 Security Projects for 2019

Brian Reed, Sr Director Analyst, Gartner

Security and risk management leaders should implement or improve upon these top 10 security projects in 2019. Any security project must be supported by technology, address the changing needs of cybersecurity and reduce risk by adopting a CARTA strategic approach with all security projects.

Monday, 28 October, 2019 11:00 AM|Monday, 28 October, 2019 11:30 AM

Outlook for Endpoint and Mobile Security 2019

Jon Amato, Sr Director Analyst, Gartner

Endpoints security challenges are rising to new levels of complexity as the definition blurs across clouds, BYO, workstations, mobile, wearable, “things” and pure software. This session will address:
1. How are endpoint security risks expanding?
2. What are the primary attack trends that will influence the strategic requirements for endpoint security?
3. Which technologies and practices will protect endpoints in 2025?

Monday, 28 October, 2019 11:00 AM|Monday, 28 October, 2019 11:30 AM

To the Point: IT/OT Considerations for the GCC

Wam Voster, Sr Director Analyst, Gartner

The increased use of commercial operating systems in industrial control systems means that OT is now susceptible to the same attacks as in the IT world. What should security and risk management leaders in the GCC region do to develop a coherent strategy to protect not just the organization’s information but also the OT. This round table will key challenges and solutions to securing the OT in the Oil and Gas sector in the GCC region.

Monday, 28 October, 2019 12:30 PM|Monday, 28 October, 2019 01:30 PM

Roundtable: The Key Challenges You Face When Securing OT

Initially security incidents only occurred in IT but the world has seen attacks in OT as well. Organizations need to implement security in OT to protect this domain from these attacks. This will ensure not only an uninterrupted operation, but also that no harm to people and the environment occurs. What are organizations doing to address this? Is the maturity of OT security at par with IT security?

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Monday, 28 October, 2019 02:45 PM|Monday, 28 October, 2019 03:15 PM

What to Know When Buying Incident Response and Data Breach Response Services

Brian Reed, Sr Director Analyst, Gartner

Buyers are increasingly adding incident response services but fewer are adding data-breach response services. These are distinct offerings but often confused as being the same service. In this session for S&RM leaders we explain the differences between the services, the questions to consider when determining if you need one or both and the provider landscape for these services.

Tuesday, 29 October, 2019 10:30 AM|Tuesday, 29 October, 2019 11:00 AM

The Role of Artificial Intelligence in Security and Risk Management

Mark Horvath, Sr Director Analyst, Gartner

Organizations are experimenting with artificial intelligence in security. As evaluation procedures mature, the first disillusions happen. This session will review the state of AI and machine learning usage in various security and risk management areas, and give CISOs recommendations to:
1. Navigate towards AI marketing
2. Define evaluation principle for solutions adding new algorithmic approaches to existing security fields
3. Prepare to avoid or minimize the backlash when results are not up to expectations

Tuesday, 29 October, 2019 01:15 PM|Tuesday, 29 October, 2019 02:00 PM

Outlook for Cloud Security 2019

Steve Riley, Sr Director Analyst, Gartner

Cloud security remains a top priority. This presentation summarizes the problems, recommended processes, and new product types to address three key issues:
What are the unique risks associated with public cloud service providers, and how can they be controlled?
What are the unique security challenges of IaaS and how can they be mitigated?
What are the unique control challenges of SaaS, and how can they be addressed?

Tuesday, 29 October, 2019 01:15 PM|Tuesday, 29 October, 2019 02:00 PM

Outlook for Application Security 2019

Mark Horvath, Sr Director Analyst, Gartner

Application security continues to be a significant challenge for many organizations. This session covers the current outlook for application vulnerabilities and application security programs, as well as the newest developments in application security practices and technologies.

Tuesday, 29 October, 2019 04:00 PM|Tuesday, 29 October, 2019 04:45 PM

Outlook for Data Security 2019

David Mahdi, Sr Director Analyst, Gartner

Security and risk management leaders need to develop security strategies that treat data as a pervasive asset (and liability). New data privacy laws and the continued growth of data breaches are increasing business risks. Data security governance is an emerging risk-based framework that will help plan and orchestrate policies across data security products that are siloed and do not integrate.

Tuesday, 29 October, 2019 05:00 PM|Tuesday, 29 October, 2019 05:30 PM

Focus More on the Realities of Cyber-Physical Systems Security Than on the Concepts of IoT

Katell Thielemann, VP Analyst, Gartner

Siloed IoT/OT implementation and management distract from the real security and safety implications of the convergence of digital technologies and physical assets. To be effective, security and risk management leaders must instead holistically address the needs of cyber-physical systems. This session will discuss the opportunities and challenges related to securing cyber-physical systems.

Monday, 28 October, 2019 01:45 PM|Monday, 28 October, 2019 02:30 PM

Ask the Expert: Lessons from GDPR and other Privacy regulations for the GCC

Regional and country-specific privacy mandates continue to increase. Mapping commonalities and managing risks for differences are crucial for security and risk leaders. In this session attendees will get insights from Gartner expert Nader Henein on what are some of the lessons that can be drawn from experiences that organizations have had in preparing and dealing with GDPR and other major privacy requirements.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Monday, 28 October, 2019 01:45 PM|Monday, 28 October, 2019 02:30 PM

Outlook for Risk: Technology, Information and Resilience 2019

Roberta Witty, VP Analyst, Gartner

This session provides an overview on the state of risk management planning, decisions, challenges, and solutions. This expands on the “State of Risk Management” from previous summits. In 2019, this outlook will converge three parallel risk conversations — digital transformation, information risk, and building and maintaining resilient organizations.

Monday, 28 October, 2019 01:45 PM|Monday, 28 October, 2019 02:30 PM

The Five-Step Approach on How to Choose IAM Solutions

Felix Gaehtgens, VP Analyst, Gartner

Buying IAM solutions requires detailed analysis of vendors, solutions and alternatives. Learn to use this five-step approach to structure the evaluation process, derive your shortlist, choose a solution and negotiate the best price.

Monday, 28 October, 2019 02:45 PM|Monday, 28 October, 2019 03:30 PM

Ask the Expert: Handling Privacy Risk in Analytics and Machine Learning

As privacy regulations evolve, SRM leaders with a focus on privacy are finding it harder to work with information, and almost impossible to combine multiple data sets, especially when working collaboratively with third parties. We will address your questions, and look at the techniques as well as relevant technologies that will allow you to develop a repeatable process to work with personal data. This session is meant to answer your questions when it comes to handling the risk of mining large data sets of personal information for the purpose of analytics, fraud prevention or undirected discovery.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Tuesday, 29 October, 2019 10:00 AM|Tuesday, 29 October, 2019 10:20 AM

Magic Quadrant for Privileged Access Management

Felix Gaehtgens, VP Analyst, Gartner

By 2020, 40% of medium-to-large enterprises will have deployed privileged access management (PAM) tools to address infrastructure as a service (IaaS) privileged security concerns.
There's a good reason for this expected jump in adoption. Privileged access management is one of the most critical security controls, particularly in today’s increasingly complex IT environment. Security and risk management leaders must use PAM tools in a long-term strategy for comprehensive risk mitigation.
This session will focus on the Magic Quadrant for Identity Governance and Administration the first in the market.

Tuesday, 29 October, 2019 10:30 AM|Tuesday, 29 October, 2019 12:00 PM

Workshop: Creating Cloud Policy

As cloud becomes more significant, it becomes more formalized, driving more interest in written policies. The attendees in this workshop will discuss their cloud policy thoughts, hopes, and dreams--and will share practical experience in the form, content, dissemination and enforcement of cloud policy.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Tuesday, 29 October, 2019 03:00 PM|Tuesday, 29 October, 2019 03:30 PM

Manage Privileged Access to Reduce Security Risks and Increase Agility

Felix Gaehtgens, VP Analyst, Gartner

Is your organization in need of a Privileged Access Management (PAM) solution? If so, this session will serve as a good primer on the technology.
Key issues covered include:
* Introduction to privileged access management
* An overview of PAM tools

Tuesday, 29 October, 2019 03:00 PM|Tuesday, 29 October, 2019 03:30 PM

Third-Party Risk Management Is Now a Must-Have Discipline

Roberta Witty, VP Analyst, Gartner

Third party risk management isn’t just required in highly regulated industries, its good practice in all industries. But today’s approaches are mired in lengthy and complex assessment surveys that span a variety of threats and risks. This session will discuss how to improve and enhance your model for managing third party risks. 1) Why is third party risk management important now? 2) What are the current best practices in a third party risk management life cycle? 3) How can we improve the efficiency and value of our third party risk management programs?

Tuesday, 29 October, 2019 04:00 PM|Tuesday, 29 October, 2019 04:45 PM

The State of Privacy 2019-2020

Nader Henein, VP Analyst, Gartner

Privacy has come to be acknowledged as a fundamental human right, worldwide. Increasingly, regulatory pressure to enhance control over personal data affects how we look at our analytic activities, customer's rights and the CX, project development and outsourcing activities. Organizations need to establish a risk-based approach to handle personal data to mature privacy protection and deliver customer trust and satisfaction.

Tuesday, 29 October, 2019 04:00 PM|Tuesday, 29 October, 2019 05:30 PM

Workshop: Improve Your Incident Response to an International Data Breach

Security and risk management leaders must develop strong incident response (IR) capabilities where personally identifiable information (PII) is compromised. This workshop will use a scenario that highlights the impact of cross-border data flows and privacy management to help validate IR capabilities.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Monday, 28 October, 2019 08:15 AM|Monday, 28 October, 2019 08:45 AM

Tutorial: Gartner's Strategic Vision for Vulnerability Management

Rajpreet Kaur, Sr Principal Analyst, Gartner

Earlier this year we published updated guidance on how to better run this foundational security process. This presentation will go over this new way of doing vulnerability more effectively.
- Why we made some significant changes to our guidance on this critical process?
- What does the new RBVM actually look like?
- How to bring this to life inside your own security programs?

Monday, 28 October, 2019 11:00 AM|Monday, 28 October, 2019 11:30 AM

Cloud Security 201: CASB, CSPM, CWPP — What Does It All Mean?

Steve Riley, Sr Director Analyst, Gartner

As more security vendors target your hybrid and cloud SaaS, IaaS and PaaS solutions, we are getting lost in too many acronyms. This session will help decipher the acronym soup and provide prescriptive guidance on what your organization needs to protect your cloud infrastructure and applications. We will also discuss best practices on implementations and how to evaluate and build shortlist for your vendor selections.

Monday, 28 October, 2019 11:00 AM|Monday, 28 October, 2019 12:00 PM

Roundtable: The Role of Network Traffic Analysis in Today's Threat Environment

This session will highlight the latest trends in network-based advanced threat detection, including new techniques for anomaly detection. We will address challenges such as the growing percentage of encrypted traffic and its impact on threat detection. Attendees will learn about the key vendors in the market.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Monday, 28 October, 2019 01:45 PM|Monday, 28 October, 2019 02:30 PM

Outlook of Security Operations

Rajpreet Kaur, Sr Principal Analyst, Gartner

Modern security operations are evolving. They heavily rely on foundational technologies such as SIEM to accomplish their mission, and also adopt various analytics approaches. They struggle with more automation — of both thinking and acting — that promises to relieve humans from the routine tasks, but sometimes adding more work to the overworked security teams. This session will address these key issues: (1) What defines best-in-class security operations of 2019? (2) What trends are affecting security operations? (3) What will the future bring?

Monday, 28 October, 2019 02:45 PM|Monday, 28 October, 2019 03:05 PM

Magic Quadrant: Market Guide for Endpoint Detection and Response

Jon Amato, Sr Director Analyst, Gartner

EDR is being considered by organizations irrespective of the size and the industry that they belong to. With the recent development and convergence in the EPP and EDR markets, clients are left confused about what approach to take. SRM leaders responsible for security of endpoint must understand:
1. The applicability and use of EDR
2. Benefits and challenges associated with EDR deployment and operations
3. EDR vendor landscape and market direction

Tuesday, 29 October, 2019 10:30 AM|Tuesday, 29 October, 2019 11:00 AM

Further Evolution of Modern SOC: Automation, Delegation, Analytics

Rajpreet Kaur, Sr Principal Analyst, Gartner

This presentation presents a structured approach to plan, establish and efficiently operate a modern SOC. Gartner clients with successful SOCs put the premium on people rather than process and technology. People and process overshadow technology as predictors for SOC success or failure.

● Do I need a SOC and can I afford it?

● Where can I rely on automation and where do I need to outsource or delegate?

● Can SOAR tools really automate my SOC?

Tuesday, 29 October, 2019 03:00 PM|Tuesday, 29 October, 2019 03:20 PM

Magic Quadrant for Security Information and Event Management

Rajpreet Kaur, Sr Principal Analyst, Gartner

SIEM solutions continue to evolve to address a variety of persistent challenges — how to keep up with changing external and internal threats; increases in the volume, velocity and variety of data sources; and how to effectively implement, manage and use the solutions as expertise and resources become more constrained. New entrants have emerged from the UEBA space, and primarily emphasize a user-based approach to monitoring for threats, compared to the more traditional approach of event-based monitoring oriented around IP addresses and hostnames. SIEM technologies are also adopting more advanced incident response capabilities through the addition (either natively, via acquisition or integrations) of functions that add SOAR capabilities. Organizations looking to shorten the deployment cycle and transfer responsibility for managing a SIEM tool's platform are leveraging SaaS or hosted SIEM solution options.

Monday, 28 October, 2019 11:00 AM|Monday, 28 October, 2019 11:30 AM

CISO Circle: Quantum Is the New AI

Mark Horvath, Sr Director Analyst, Gartner

Like AI before it, quantum computing and related quantum technologies like quantum key exchange, quantum random number generation and homomorphic encryption are poised to make huge changes to the technology landscape as they mature.
- What are the important quantum computing technologies that will impact your business?
- How will long-established security tools like RSA change?

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Monday, 28 October, 2019 01:45 PM|Monday, 28 October, 2019 02:15 PM

CISO circle: Five Questions on Security and Risk That You Must Be Prepared to Answer at Your Board Meetings!

It is now common practice, and in certain cases mandated by regulation, for a board of directors to require periodic reporting and event-based updates on the state of security and risk management in an enterprise. Developing and communicating an effective message that balances the need to protect with the need to run your business is critical to success. However, in many cases, Security and Risk Leaders are left frustrated and/or unable to answer elementary questions that the Board asks. This presentation will discuss: 1) What is the role of the board and what do they care about?
2) What are some of the most common questions that Board Members Ask? (and a talk track for these questions)
3) How can Security and Risk Leaders flip the conversation to educate the Board on issues that they need to know about?

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Tuesday, 29 October, 2019 10:30 AM|Tuesday, 29 October, 2019 12:00 PM

Workshop: CISO Circle Leadership Exchange — Creating a One-Page Cybersecurity Strategy That Actually Works

A one-page cybersecurity strategy has been the goal for CISOs forever and the effort always falls short. They are too technical and don’t resonate with the business people, or are so “soft,” technical staff doesn’t know what to do with it.
Join us for this engaging workshop on how to craft a simple, easy to use one-page strategy to propel your program to success

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this conference.

Want to stay informed?

Get conference email updates.
Contact Information

All fields are required.

  • Step 2 of 2