Agenda / By Track

Tuesday, 13 August, 2019 12:15 PM|Tuesday, 13 August, 2019 01:30 PM
CISO Circle Lunch: Make the Business Case for Organizational Resilience by Applying Risk-Adjusted Leading Performance Indicators
Roberta Witty, VP Analyst, Gartner

Educating business managers on the value of organizational resilience is a challenge for many organizations. Often, this challenge arises because business managers don't understand or appreciate the value of availability and resilience risk information or their relationship to it, leading to no change in the level of resilience for the organization. This session will introduce how to craft risk-adjusted LPIs that will measure the organization's level of resilience.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Tuesday, 13 August, 2019 02:00 PM|Tuesday, 13 August, 2019 03:30 PM
CISO Circle Leadership Exchange: Get Ready to Respond to an International Data Breach
Bart Willemsen, VP Analyst, Gartner

Security and risk management leaders must develop strong incident response (IR) capabilities where personal data is compromised. Maturing legislation like EU's GDPR and Brazil's LGPD require organizations to be ready, soon. This workshop will use a scenario that highlights the impact of cross-border data flows and privacy management to help validate IR capabilities.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 12:15 PM|Wednesday, 14 August, 2019 01:15 PM
CISO Circle Lunch: The Role of Artificial Intelligence in Security and Risk Management
Augusto Barros, VP Analyst, Gartner

Organizations are experimenting with artificial intelligence in security. As evaluation procedures mature, the first disillusions happen. This session will review the state of AI and machine learning usage in various security and risk management areas, and give CISOs recommendations to:
1. Navigate towards AI marketing
2. Define evaluation principle for solutions adding new algorithmic approaches to existing security fields
3. Prepare to avoid or minimize the backlash when results are not up to expectations

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 02:00 PM|Wednesday, 14 August, 2019 02:45 PM
CISO Circle: How to Have an Engaging Conversation With Your CEO About Risk
Wam Voster, Sr Director Analyst, Gartner

Most CEOs are excellent problem solvers, but too often CISO’s seek approval rather than enable their CEO’s to participate in the decision making process. This causes disengagement, and is at the root of many of the challenges CISOs and IT leaders face. CISO’s need to use different tools to get their CEO to the table and keep them engaged so that they value the outcome of the decisions we ask for.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Tuesday, 13 August, 2019 11:45 AM|Tuesday, 13 August, 2019 12:15 PM
Articulating the Business Value of Information Security
Brian Reed, Sr Director Analyst, Gartner

The benefits of information/cybersecurity must be translated into business terminology. This presentation describes proven methods for linking the security to business value.
Key issues:
- What are proven strategies for obtaining business support?
- What is a practical model for communicating the value of a security program?
- What techniques can be used for justifying security projects?


Tuesday, 13 August, 2019 01:45 PM|Tuesday, 13 August, 2019 02:30 PM
Security Program Management 101: Frameworks, Controls and Process
Wam Voster, Sr Director Analyst, Gartner

Have you ever questioned the following?
- What Security Framework is appropriate for my enterprise?
- Can I just align and implement controls found in ISO27001, CIS CSC, HITRUST or NIST CSF?
- How do I begin to measure my progress in terms of Maturity?
- How do I map all of this back to my business needs? If so, you are not alone.

Security and Risk Management leaders are often faced with the continuous challenge of developing and (re)shaping their cybersecurity program strategy based on changing business needs and risk appetite. To complement this, leaders are often tasked with picking a defensible framework that aligns with an appropriate controls catalog based on repeatable and scalable processes. However, Gartner Research continues to show a cultural disconnect between foundational elements of program management and changing business needs. This presentation will define the basic elements of a security program, describe the differences between each layer, and tie them into an overall strategy planning process that will ensure a defensible security program that facilitates business needs.


Tuesday, 13 August, 2019 03:15 PM|Tuesday, 13 August, 2019 04:45 PM
Workshop: Women in IT — Leadership Without Formal Authority
Roberta Witty, VP Analyst, Gartner
Zaira Pirzada, Principal Analyst, Gartner
Katia Sanfins, Executive Partner, Gartner

Sustainable disruption brings relentless pressure to change and adapt, while keeping the spirit of a startup mindset. This session will address how emerging tech CEOs can enable organizational mechanisms by empowering disruptive thinkers and leaders without formal authority. This session will include an interactive project where attendees are asked to work together to create an object as a team and discover their own leadership style.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Tuesday, 13 August, 2019 03:45 PM|Tuesday, 13 August, 2019 04:30 PM
Why Privacy in Brazil Is Hard but Necessary
Bart Willemsen, VP Analyst, Gartner

Lawmakers have created the EU's GDPR, and now Brazil's LGPD. Is that the only reason to 'get privacy,' or are there more benefits and drivers for change? If so, what then are the core elements of a sustainable privacy management program? This presentation deals with real examples and the key focus points for security and risk management professionals working in Brazil.


Wednesday, 14 August, 2019 08:30 AM|Wednesday, 14 August, 2019 09:00 AM
Creating a One-Page Cybersecurity Strategy That Actually Works
Wam Voster, Sr Director Analyst, Gartner

A one-page cybersecurity strategy has been the goal for CISOs forever and the effort always falls short. They are too technical and don't resonate with the business people, or are so "soft," technical staff doesn't know what to do with it.This session will show you how to craft a simple, easy to use one page strategy to propel your program to success.


Wednesday, 14 August, 2019 09:15 AM|Wednesday, 14 August, 2019 10:00 AM
Privacy Program: LGPD Requires You to Have One
Claudio Neiva, VP Analyst, Gartner

LGPD will be required in Brazil as of August 2020 and all companies need to be compliant by then. It is necessary to implement a privacy management program for the project. This session will present the important steps in the process of creating such programs and lessons learned from clients Gartner clients on how to implement LGPD in Brazil.


Wednesday, 14 August, 2019 12:15 PM|Wednesday, 14 August, 2019 01:15 PM
CISO Circle Lunch: The Role of Artificial Intelligence in Security and Risk Management
Augusto Barros, VP Analyst, Gartner

Organizations are experimenting with artificial intelligence in security. As evaluation procedures mature, the first disillusions happen. This session will review the state of AI and machine learning usage in various security and risk management areas, and give CISOs recommendations to:
1. Navigate towards AI marketing
2. Define evaluation principle for solutions adding new algorithmic approaches to existing security fields
3. Prepare to avoid or minimize the backlash when results are not up to expectations

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 02:00 PM|Wednesday, 14 August, 2019 02:45 PM
CISO Circle: How to Have an Engaging Conversation With Your CEO About Risk
Wam Voster, Sr Director Analyst, Gartner

Most CEOs are excellent problem solvers, but too often CISO’s seek approval rather than enable their CEO’s to participate in the decision making process. This causes disengagement, and is at the root of many of the challenges CISOs and IT leaders face. CISO’s need to use different tools to get their CEO to the table and keep them engaged so that they value the outcome of the decisions we ask for.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 02:00 PM|Wednesday, 14 August, 2019 02:45 PM
Roundtable: LGPD (Lei Geral de Proteção de Dados)
Claudio Neiva, VP Analyst, Gartner

Join this roundtable for a discussion on lessons learned that may facilitate the understanding and implementation of the LGPD (Lei Geral de Proteção de Dados).

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 02:00 PM|Wednesday, 14 August, 2019 02:45 PM
How Digital Society Impacts Privacy Risk and Your Digital Ethics
Bart Willemsen, VP Analyst, Gartner

Digital society is a fact, taking shape as we continue to develop our organizations and value propositions in communities, contact and collaboration. The changes ahead may be unforeseen, though must be guided and chosen deliberately to maintain universal human rights like privacy and freedom. Ethical dilemmas enable the conversation and provide the choices to be made to achieve the synergy needed between what your customer wants and what your technologies enable.


Wednesday, 14 August, 2019 04:00 PM|Wednesday, 14 August, 2019 04:45 PM
The Leadership Vision for Security and Risk Management, 2019
Brian Reed, Sr Director Analyst, Gartner

Digital transformation continues to challenge the conventions of information risk and security management. It requires a coherent digital security program based on a clear vision and strategy. This presentation will:
- Share a compelling vision for security and risk management.
- Identify the key 'digital differences' that must be integrated into the security program.


Wednesday, 14 August, 2019 04:00 PM|Wednesday, 14 August, 2019 04:45 PM
Ask the Expert: Everything You Always Wanted to Know About Privacy (but Were Afraid to Ask)
Bart Willemsen, VP Analyst, Gartner

In this session, attendees MUST bring questions, even when afraid. Although Gartner is not in the business of determining what is compliant and what is not, foundational privacy insights can be shared between participants. Questions will be dealt with like 'what's purposeful processing?,' 'what to mind when outsourcing?,' and 'where is privacy going in the world' are only suggestions. End users only, registration required

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Tuesday, 13 August, 2019 11:45 AM|Tuesday, 13 August, 2019 12:15 PM
Weaver or Slow Poke: All Drivers Need a Strategic Roadmap for Organizational Resilience
Roberta Witty, VP Analyst, Gartner

Organizational resilience must evolve with the changing needs of the modern digital world. Gartner offers a three- to five-year outlook and guidelines for security and risk management leaders to advance this discipline and achieve business outcomes. This presentation will discuss how to roll out an organizational resilience program that matches your organizational driving type.


Tuesday, 13 August, 2019 12:15 PM|Tuesday, 13 August, 2019 01:30 PM
CISO Circle Lunch: Make the Business Case for Organizational Resilience by Applying Risk-Adjusted Leading Performance Indicators
Roberta Witty, VP Analyst, Gartner

Educating business managers on the value of organizational resilience is a challenge for many organizations. Often, this challenge arises because business managers don't understand or appreciate the value of availability and resilience risk information or their relationship to it, leading to no change in the level of resilience for the organization. This session will introduce how to craft risk-adjusted LPIs that will measure the organization's level of resilience.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Tuesday, 13 August, 2019 01:45 PM|Tuesday, 13 August, 2019 02:30 PM
The Future of Rights Management and Data Loss Prevention Within Microsoft Office 365
Zaira Pirzada, Principal Analyst, Gartner

Microsoft Office 365 is becoming the most significant provider of rights management software, while DLP within O365 is growing in significance. As businesses confront their data security gaps and pitfalls, knowledge on a combination of both solutions within O365 is imperative. These solutions will aid businesses in detecting sensitive data, and further applying restricted access to ensure the successful use and transit of business information. This session will discuss innovations, triggers, and pitfalls of the future of rights management and DLP software within Microsoft O365.


Tuesday, 13 August, 2019 02:00 PM|Tuesday, 13 August, 2019 03:30 PM
CISO Circle Leadership Exchange: Get Ready to Respond to an International Data Breach
Bart Willemsen, VP Analyst, Gartner

Security and risk management leaders must develop strong incident response (IR) capabilities where personal data is compromised. Maturing legislation like EU's GDPR and Brazil's LGPD require organizations to be ready, soon. This workshop will use a scenario that highlights the impact of cross-border data flows and privacy management to help validate IR capabilities.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Tuesday, 13 August, 2019 03:45 PM|Tuesday, 13 August, 2019 04:30 PM
Ask the Expert: Privileged Access Management Best Practices
Felix Gaehtgens, VP Analyst, Gartner

This session gives you an opportunity to ask questions about privileged access management (PAM), successful use cases and requirements needed to make your PAM efforts successful. Attendees should come prepared to ask questions.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Tuesday, 13 August, 2019 03:45 PM|Tuesday, 13 August, 2019 04:30 PM
What Are the Impacts and How to Comply With the BACEN Requirements for Using Cloud Services
Claudio Neiva, VP Analyst, Gartner

This session maps out security features that may be useful to comply with Regulation 4658 in the process of adopting Cloud-Based services.


Wednesday, 14 August, 2019 08:30 AM|Wednesday, 14 August, 2019 09:00 AM
Treat Data Loss Prevention as a Process to Get Value Out of Technology
Marc-Antoine Meunier, Sr Director Analyst, Gartner

Data Loss Prevention has a mixed reputation as a resource intensive technology for the level of prevention it provides. Yet, the visibility it provides can be a force in reshaping policy, processes, and data usage behavior and tuning the enterprise towards compliance and risk reduction. This presentation describes key organizational success factors for DLP implementation or rehabilitation.


Wednesday, 14 August, 2019 09:15 AM|Wednesday, 14 August, 2019 10:00 AM
The Five-Step Approach on How to Choose IAM Solutions
Felix Gaehtgens, VP Analyst, Gartner

Buying IAM solutions requires detailed analysis of vendors, solutions and alternatives. Learn to use this five-step approach to structure the evaluation process, derive your shortlist, choose a solution and negotiate the best price.


Wednesday, 14 August, 2019 11:30 AM|Wednesday, 14 August, 2019 12:15 PM
Plan for Success With Identity Governance and Administration
Henrique Teixeira, Sr Director Analyst, Gartner

IGA deployment initiatives are a potential minefield for many organizations that risk costly delays, difficult integration and lower overall value. Gartner has identified common anti-patterns for IGA adoption that range from the planning phase to the actual deployment and integration. Learn how to identify and avoid these common mistakes and plan for a successful IGA deployment by focusing on value and using Gartner's IGA deployment model.


Wednesday, 14 August, 2019 11:30 AM|Wednesday, 14 August, 2019 12:15 PM
Ask the Expert: DCAP and DLP — The Market Differences and Complements
Zaira Pirzada, Principal Analyst, Gartner

DCAP solutions and DLP solutions differ greatly, with the latter solution focused on the prevention of data leakage outside of an organization and the former solution focused on the protection and monitoring of data usage inside of an organization. Yet still, many clients finds themselves lost in the mix. Understanding the relationship between DCAP and DLP capabilities is critical to building an effective data security governance framework. Hence, this "Ask The Analyst" will serve to explain the market differences, compliments and ultimately right solutions for your organization.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 01:15 PM|Wednesday, 14 August, 2019 02:45 PM
Workshop: How to Define Metrics for Your IAM Program
Henrique Teixeira, Sr Director Analyst, Gartner

This workshop will help IAM leaders develop metrics that can help them to communicate more effectively about the state of their IAM programs and, ultimately, manage those programs better.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 02:05 PM|Wednesday, 14 August, 2019 02:25 PM
Magic Quadrant for Enterprise Network Firewalls
Adam Hils, Sr Director Analyst, Gartner

This session will discuss how to use the enterprise network firewalls Magic Quadrant to highlight strengths and weaknesses of competitive solutions. As well as dive into which firewall vendors an organization should consider.


Wednesday, 14 August, 2019 04:00 PM|Wednesday, 14 August, 2019 04:45 PM
Outlook for Risk: Technology, Information and Resilience 2019
Roberta Witty, VP Analyst, Gartner

This session provides an overview on the state of risk management planning, decisions, challenges and solutions. This expands on the "State of Risk Management" from previous summits. In 2019, this outlook will converge three parallel risk conversations — digital transformation, information risk, and building and maintaining resilient organizations.


Tuesday, 13 August, 2019 11:45 AM|Tuesday, 13 August, 2019 12:15 PM
Outlook for Data Security 2019
Zaira Pirzada, Principal Analyst, Gartner

Security and risk management leaders need to develop security strategies that treat data as a pervasive asset (and liability). New data privacy laws and the continued growth of data breaches are increasing business risks. Data security governance is an emerging risk-based framework that will help plan and orchestrate policies across data security products that are siloed and do not integrate.


Tuesday, 13 August, 2019 11:45 AM|Tuesday, 13 August, 2019 12:15 PM
How to Adapt Application Security Practices for DevOps?
Michael Isbitski, Sr Director Analyst, Gartner

Organizations have embraced agile development methodologies and DevOps practices, and technical professionals must find ways to integrate application security into this world.
1) What are the ways to modernize secure design practices like threat modeling?
2) How can we perform continuous security testing as part of CI/CD?
3) How do you effectively leverage security controls external to code?


Tuesday, 13 August, 2019 01:45 PM|Tuesday, 13 August, 2019 02:30 PM
Roundtable: Evolving a Vulnerability Managing Program Beyond the Basics
Augusto Barros, VP Analyst, Gartner

Participants should bring their experiences on vulnerability management and the challenges they face to make it an effective security measure. The Roundtable will focus on experiences related to moving vulnerability management programs beyond the basic “scan and patch” first steps, and how deal with the challenges brought by new trends such as cloud and devops.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Tuesday, 13 August, 2019 01:45 PM|Tuesday, 13 August, 2019 02:30 PM
Mitigating Phishes That Your Email Gateway Misses
Mario de Boer, VP Analyst, Gartner

Email gateways are the most deployed control against phishing. However, prevention is far from perfect. In this session, we discuss the human role in both phishing detection as well as phishing response.

● How can we best change user behavior?

● What are the best practices for security operations when dealing with phishing?

● Which emerging solutions can support with phishing detection and response?


Tuesday, 13 August, 2019 01:45 PM|Tuesday, 13 August, 2019 02:30 PM
Roundtable: Identity Governance and Administration Deployments Challenges and Lessons Learned
Henrique Teixeira, Sr Director Analyst, Gartner

Identity Governance and Administration (IGA) is frequently the largest investment that organizations will make in their identity and access management (IAM) programs. Join this roundtable for a discussion on typical challenges, strategies and lessons learned that may facilitate the adoption of IGA initiatives.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Tuesday, 13 August, 2019 03:45 PM|Tuesday, 13 August, 2019 04:30 PM
Your IaaS Provider Offers Everything to Secure Your Workloads
Richard Bartley, Sr Director Analyst, Gartner

Cloud service providers have been busy enhancing and deploying increasingly more capable security services. What workload security services are currently available to cover your most pressing concerns? Workload security begins in development and build – learn how cloud provider’s automation services can help tighten deployments along with necessary run-time capabilities.


Wednesday, 14 August, 2019 08:30 AM|Wednesday, 14 August, 2019 09:00 AM
Using ELK for Security Use Cases
Augusto Barros, VP Analyst, Gartner

The Elasticsearch, Logstash and Kibana (ELK) stack has become popular as a cheaper alternative to more complex and expensive solutions for centralized log management or even SIEM. ELK is often used as a first step when organizations decide to "do something about the logs." Is it really a good option for security? Can I replace a SIEM with ELK? What are the best practices for adopting it?


Wednesday, 14 August, 2019 09:15 AM|Wednesday, 14 August, 2019 10:00 AM
AI as a Target and Tool: An Attacker’s Perspective on ML
Mario de Boer, VP Analyst, Gartner

The increased use of AI in security has not gone unnoticed by attackers. In this session, we explore the attacker’s perspective on machine learning, covering adversarial as well as nefarious ML.

● How attackers may attack security solutions based on ML at training and at prediction stages

● How ML may accelerate innovation in attacker techniques.


Wednesday, 14 August, 2019 09:15 AM|Wednesday, 14 August, 2019 10:45 AM
Workshop: No LGPD Headaches? Do a Privacy Impact Assessment Quick Scan First!
Bart Willemsen, VP Analyst, Gartner
Marcus Pinheiro, Sr Executive Partner, Gartner

A PIA (privacy impact assessment) can be a documentation burden sometimes. Still, it is imperative that organizations understand how privacy compliance enables business outcomes, and how to improve control over their privacy operation in general. This workshop guides attendees through a quick scan approach, and allows for comparative discussion among peers. Relevant for your ROPAs, outsourcing instructions, DPIA and security requirements.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 11:30 AM|Wednesday, 14 August, 2019 12:15 PM
Approaches for Securing Modern Application Architecture and Containerized Workloads
Michael Isbitski, Sr Director Analyst, Gartner

As the practice of cloud-native application design gains momentum, technical professionals must secure the underlying workloads and containers that power the resulting applications.
1- What are the relevant threats throughout the container lifecycle?
2 - What controls are effective for securing containers during build phases?
3 - What controls are effective for securing containers in runtime?


Wednesday, 14 August, 2019 11:30 AM|Wednesday, 14 August, 2019 12:15 PM
Ask the Expert: SIEM and monitoring
Gorka Sadowski, Sr Director Analyst, Gartner

Join this session to ask questions about the latest in SIEM and monitoring and hear and learn from your peers' questions on this topic.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 02:00 PM|Wednesday, 14 August, 2019 02:45 PM
Roundtable: How Can PAM Technology Support DevOps?
Felix Gaehtgens, VP Analyst, Gartner

DevOps methodologies use continuous integration/continuous deployment pipelines to speed up the time from inception to production. When credentials are copied, mishandled or exposed, this creates major security problems. Support for DevOps in PAM tools is emerging to support these agile environments and to secure the DevOps toolchain.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 02:00 PM|Wednesday, 14 August, 2019 02:45 PM
Improving Vulnerability Management With Effective Vulnerability Prioritization
Augusto Barros, VP Analyst, Gartner

Many vulnerability management programs fail to properly prioritize vulnerabilities for remediation, overloading the IT teams responsible for patching and testing systems. This sessions covers what organizations must do to properly prioritize vulnerabilities identified by vulnerability assessments. How to go beyond CVSS? How to expand prioritization to incorporate asset and threat context?


Wednesday, 14 August, 2019 04:00 PM|Wednesday, 14 August, 2019 04:45 PM
Ask the Expert: Endpoint security
Mario de Boer, VP Analyst, Gartner

Join this session to ask questions about the latest in Endpoint Security and hear and learn from your peers' questions on the same topic.

Please Note: based on availability and eligibility you may sign-up for this session via Conference Navigator after you register for this event.

Wednesday, 14 August, 2019 04:00 PM|Wednesday, 14 August, 2019 04:45 PM
Cloud Workload and Posture Management Security Tools and When to Use Them
Richard Bartley, Sr Director Analyst, Gartner

Cloud Workload Protection Platforms (CWPP), Cloud Access Security Brokers (CASB), and Cloud Security Posture Management (CSPM) tools have features which overlap but don’t fully take on the capabilities of each other’s groupings. Come and hear about these types of cloud tools and learn about the sorts of risks they address and architectural considerations which influence their fit into cloud security deployments.