Explore a comprehensive agenda featuring over 150 sessions across four agenda programs. Delve deep into practical, actionable insights to help you advance your goals. Find out what works when quantifying risk. Take the next steps toward greater agility. Understand how business leaders think.
Sunday, May 31, 2020 03:45 PM|Sunday, May 31, 2020 04:30 PM
David Mahdi, Sr Director Analyst, Gartner
An introduction for privileged access management. What value does PAM bring today to reduce your security risk? What do you need to know about PAM to build an outlook for the future? AM vs. IGA vs. PAM. Trending questions about PAM.
Monday, June 01, 2020 08:45 AM|Monday, June 01, 2020 09:45 AM
Katell Thielemann, VP Analyst, Gartner
Digital transformation has made security and risk top-of-mind issues for CEOs, CIOs and the board. As Security and Risk Management Leaders, you need to understand their perspective, concerns and expectations.
Each year, Gartner asks a broad sampling of top CIOs, CEOs and board members to identify what’s most important to them for the year ahead. This year, for the first time, we’re bringing together more than 1,600 data points from these carefully crafted surveys to present top themes and their implications for security and risk leaders. Using key takeaways from the surveys, Gartner experts will outline how aligning security decisions with business goals can have the greatest impact, and approaches to help you develop a roadmap for the next 12 to 36 months. You’ll hear insights that will help you communicate with business leaders, understand their perspective and anticipate their needs.
The best way to know what business leaders think about and expect from security is to ask. We did. Come find out what they had to say.
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
Peter Firstbrook, VP Analyst, Gartner
"Top trends" highlights ongoing strategic shifts in the security ecosystem that aren't yet widely recognized, but are expected to have broad industry impact and significant potential for disruption.
This presentation will describe the most significant trends in security and risk management and how leading organizations are taking advantage of these trends. Key issues explored will include:
- Top technological improvements in the security product landscape
- Trends in creating a top notch security organization
- Long-term trends that will influence security strategy
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
Nader Henein, Sr Director Analyst, Gartner
Privacy regulations across the globe have developed more over the past two years than they have in the preceding century. This has placed substantial pressure on organisations regarding how they store and handle personal information pertaining to their employees and their customers. This session focuses on the top three mistakes, top three capabilities and top three hacks learned through out two years in the trenches of the GDPR, the CCPA, the LGPD and many more.
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
Tom Scholtz, Distinguished VP Analyst, Gartner
There is no such thing as a perfect, universally appropriate model for security organizations. Every enterprise must develop its own model, taking into consideration basic principles, practical realities and the challenges of digital transformation. This presentation will address the following key issues:
- What are the trends and challenges in security organization design?
- What are the factors that influence security organization?
- What are the current best practices and contemporary conceptual design models for security organization?
Monday, June 01, 2020 10:30 AM|Monday, June 01, 2020 11:15 AM
Paul Furtado, Sr Director Analyst, Gartner
During this session we will look at the activities and processes that need to be part of a comprehensive incident response plan when your organization suffers a data breach. You’ll receive pragmatic guidance on containment, communication, remediation and future mitigation.
Monday, June 01, 2020 01:45 PM|Monday, June 01, 2020 03:15 PM
Claude Mandy, Sr Director Analyst, Gartner
Conducting a business impact analysis (BIA) is a critical step to determining the importance of IT systems to an organisation and ensuring that the systems are protected commensurate with their importance. Join us to learn how to adopt a more holistic approach to BIA's to meet the needs of security, risk and privacy functions outside of their normal usage in business continuity and disaster recovery planning
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Srinath Sampath, Sr Director Analyst, Gartner
Most security and risk management leaders fail to shape their security programs around the executive leaders’ risk appetite — and they usually cite ignorance of the latter. What’s worse is that organizations that have risk appetite statements find them too impractical to use. This session will cover best practices on how to influence key decisions through an actionable risk appetite framework.
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Frank Buytendijk, Distinguished VP Analyst, Gartner
Chris Howard, Distinguished VP Analyst, Gartner
Digital Ethics is at the peak of the hype. Many executives worry about the unintended consequences of the use of data and technology, particularly concerning AI. What are the latest developments in digital ethics? Which ethical principles are the most commonly cited around AI? How do we build a value system into AI systems?
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Khushbu Pratap, Sr Principal Analyst, Gartner
This session walks through the state of risk management practices across technology and information exposures that influence organizational resilience. The current and future role of risk management leadership will be laid out in this session.
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Dale Gardner, Sr Director Analyst, Gartner
DevOps, new deployment models and technologies pose an existential threat to application security programs. But all is not lost. In this session, we'll show how — by embracing the tenets of DevOps, adopting new approaches to application security, and leveraging evolving security technologies — it's possible to achieve success in DevSecOps, with lessons learned for all development styles.
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Brian Reed, Sr Director Analyst, Gartner
Security and risk management leaders should implement or improve upon these top 10 security projects in 2020. Any security project must be supported by technology, address the changing needs of cybersecurity and reduce risk by adopting a CARTA strategic approach with all security projects.
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Christie Struckman, VP Analyst, Gartner
Gender imbalance is stagnating if not getting worse in many IT organizations. The challenge is not just hiring more women, it’s also not losing them. Leaders can support the women in IT by creating, curating and managing a pipeline program. Creating an inclusive environment also means confronting behaviors that marginalize women.
Monday, June 01, 2020 02:15 PM|Monday, June 01, 2020 03:15 PM
Paul Furtado, Sr Director Analyst, Gartner
The biggest threat to any business walks through the front door every day! In this session, we will discuss how to combat the insider threat and what tools and tactics need to be used to secure the business. This session is ideal for organizations with minimal or immature insider threat mitigation programs.
Monday, June 01, 2020 03:30 PM|Monday, June 01, 2020 05:00 PM
Christie Struckman, VP Analyst, Gartner
Many leaders believe that they have a "frozen middle" layer of management in their organization, managers that are invested in keeping things the same. In this workshop we focus on how to unfreeze that layer so that your organization can achieve its objectives. You can turn your middle managers into the force multipliers they should be.
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Bernard Woo, Sr Director Analyst, Gartner
Privacy is not slowing! Consumers continue to demand that their privacy be protected, not just respected and legislators continue to react by enacting data protection laws. It is not sufficient (or efficient) to focus on baseline compliance. This session describes the latest developments in the landscape and steps to evolve the privacy management program from focusing on compliance only to value creation in the business.
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Jeremy D'Hoinne, VP Analyst, Gartner
This session covers why everyone speaks about how artificial intelligence might solve security and risk management challenges, but struggle when asked to provide a concrete example. It will show examples of what we call AI today, explain how it can be useful but also its limitations, and explain what to look for.
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Paul Proctor, Distinguished VP Analyst, Gartner
Cybersecurity should balance the needs to protect against the needs to achieve desired business outcomes. Risk and security professionals can attain this balance by optimizing risk, value, and cost in a business context through the lens of key stakeholder needs. Use the Gartner RVC optimization model to reset the conversation with your executives.
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Tom Scholtz, Distinguished VP Analyst, Gartner
Effective governance should be a cornerstone of security programs and ineffective governance is the most common cause of failure. Security and risk leaders need to implement governance capabilities that support accountability, authority, risk management and assurance. This presentation will share strategies for establishing effective, adaptive security governance to enable digital transformation.
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Katell Thielemann, VP Analyst, Gartner
David Gregory, Sr Director Analyst, Gartner
The threat landscape is a moving target. Attack campaigns might hit multiple organizations, but each enterprise should analyze its own threat landscape. Security and risk management leaders should gain baseline knowledge on:
1. Optimizing Prediction and Prevention
2. Knowing When Detection is Required
3. Preparing to Respond When Things go Wrong
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 05:00 PM
Srinath Sampath, Sr Director Analyst, Gartner
Security and Risk Management leaders are exploring various methodologies in pursuit of quantification on information risk, many aiming for something similar to what one observes in the area of financial (liquidity, market, forex, interest rate, etc.) risk. Through this session, we intend to set the table for a discussion among peers on the cost-benefit trade-offs of information risk quantification.
Tuesday, June 02, 2020 07:15 AM|Tuesday, June 02, 2020 08:15 AM
Roberta Witty, VP Analyst, Gartner
Zaira Pirzada, Principal, Advisory, Gartner
The 2019 ITL Research Circle Survey indicates considerable variation in Diversity and Inclusion (D&I) programs across four regions: North America, Latin America, EMEA and APAC. This presentation will highlight findings from this survey to help security and risk management leaders avoid the pitfalls of D&I program development, implementation and evolution and develop effective programs.
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
Elizabeth Kim, Principal Analyst, Gartner
Legacy GRC technology providers only perform well at keeping the business “out of trouble” due to their compliance-driven focus. However, IRM technology providers provide a wider focus on the emerging technology risks associated with digital business, vendors/third-parties and business continuity. We will explore a new research initiative “Gartner Emerging Technology & Integrated Risk Management.”
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
David Mahdi, Sr Director Analyst, Gartner
IAM encompasses workforce, partner, citizen and customer identities and access, to manage risk and enable desired business outcomes. Decentralized identity, CARTA, fraud management and autonomous governance will drive opportunities and challenges for IAM leaders in 2020 and beyond.
Key Issues:
What does a successful IAM program look like in 2020?
How can IAM quickly deliver real business value, improve customer retention and support cyber defense against fraud?
How predictive and autonomous IAM governance will play a role in modern challenges in compliance and privileged access management?
How will passwordless and decentralized identity disrupt old business models for authentication and access management?
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
Paul Furtado, Sr Director Analyst, Gartner
A midsize guide to starting a formal cybersecurity program within your business. This session is tailored for midsize organizations who are starting or have immature security programs. It is a series of pragmatic advice that can be implemented to improve security awareness and a better security posture throughout the business.
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
Sam Olyaei, Director Analyst, Gartner
Security and risk management leaders are often treated as scapegoats when it comes to an incident or breach. Regardless of the effort, they are often blamed for matters beyond their control. By the same token, digital business has propelled security and risk to become a boardroom issue, business units have increased their expectations (and demand) of their leadership, and regulatory demands are often challenging. This presentation will shed light on the traits that aid in a successful and balanced approach between the demands of the business and the effectiveness of the leader.
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
Tom Scholtz, Distinguished VP Analyst, Gartner
Economics is called “the dismal science” because scarce resources mean not every need can be met. As a security and risk leader with unlimited challenges and limited resources, you face difficult decisions about what to prioritize. Is there a better way to balance digital business opportunity against cyber risk? What are the opportunity costs of your security investments? How can you articulate the business value of security? If you treat data as a financial asset, can economic models help you make more effective investment decisions? In this keynote, we’ll look at how looking at security and risk dilemmas through the lens of economics can help you make better decisions. We will also discuss trends in security spending, and introduce new tools, models and concepts to help you understand the impact of tradeoffs, improve cost optimization and evaluate where resources will have the greatest impact on security and the business.
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:45 AM
Mary Mesaglio, Distinguished VP Analyst, Gartner
Although women make up nearly half of the global workforce, women are only 31% of IT employees. Unlike other professions where women have made significant strides to reach leadership positions, only 22% of IT leaders are women. This Roundtable discussion will explore the questions:
1) What holds women back from attaining leadership roles in IT?
2) What keys to success can we learn from women CIOs and from female senior business executives in technology companies?
3) What changes are being tried to better attract, retain and promote women in IT?
Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:15 PM
Ruggero Contu, Sr Director Analyst, Gartner
This presentation will highlight a set of emerging technologies in security providing competitive differentiation and growth opportunities.
Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:15 PM
Srinath Sampath, Sr Director Analyst, Gartner
To succeed at digital business, organizations need to make bold & innovative business choices while simultaneously protecting their business outcomes. The culture of the organization - specifically as it relates to risk-taking - is a significant yet underutilized driver. This session will cover how to build a risk culture that powers your digital future.
Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:15 PM
Pete Shoard, Sr Director Analyst, Gartner
DevSecOps promises to at last deliver effective application security — but lasting ties to testing-oriented, gateway-focused approaches guarantee failure. The urgent question then, is what does "success" look like? In this session we'll examine the organizational, process, and tool changes needed to help ensure a successful DevSecOps program and robust application security.
Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:30 PM
Beth Schumaecker, Director, Advisory, Gartner
Securely enabling IT flexibility and speed-to-market requires a new division of accountability between corporate IT and information security. This session will explore how Northwestern Mutual’s security function aligned its model with the product line — aligned IT function to maximize speed and innovation in the digital business.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
Patrick Hevesi, Sr Director Analyst, Gartner
Steve Riley, Sr Director Analyst, Gartner
Have you stumbled down a rabbit hole as you are building and deploying your cloud security strategy. Terms like CASB, CSPM, CWPP and more are being thrown at you, with more coming everyday. Vendors are trying to sell you best of breed, while other large security vendors are buying and building for a more integrated cloud security solution. This session will discuss the right approach to build your cloud security strategy, give you insight to the ever changing vendor landscape and provide a roadmap on where to go as you navigate the wonderland that is cloud security.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
Daria Kirilenko, Director, Research, Gartner
This panel discussion will bring together heads of security and risk for a conversation on how senior leaders can use their power and influence to increase the representation of women in leadership positions. The panelists will explore the state of female representation in senior leadership ranks in the security and risk field and discuss practical solutions to bringing more women into the hiring pipeline as well as providing high performers with support and access to critical roles.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:30 PM
Brian Reed, Sr Director Analyst, Gartner
Both Security & Risk Management and I&O Leaders rank the collaboration between their teams as critical to their success, yet differing objectives and cultures can make working together challenging. Join other Security & Risk Management Leaders to discuss ways to strengthen the relationship with I&O to improve organizational resiliency and adaptability.
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Bernard Woo, Sr Director Analyst, Gartner
Modern day privacy tilts the business case for compliance, and losing customers is easier than ever before. GDPR in Europe, Brazil's LGPD, India's PDP and California's CCPA are only a few examples of over 60 jurisdictions worldwide. This brings privacy on the procurement table. Typical questions that might be asked in this “Ask the Expert” session include:
- How do I decide who to collaborate with?
- What should I mind when entering into a processing agreement?
Please note: Attendees should come prepared to ask questions and contribute to the discussion. Available to end users only, preregistration is required. Spaces are limited.
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
David Gregory, Sr Director Analyst, Gartner
The information security profession is growing at a rate of 37% through 2022. Organizations need to ensure that they recruit, develop and retain the right talent to keep up with this demand. This presentation explores how organizations will need to extend diversity, flex recruitment strategies and create the right organizational culture to recruit, grow and retain the best talent.
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Augusto Barros, VP Analyst, Gartner
Security monitoring and operations are rapidly evolving to keep up with a very dynamic threat landscape. Automation, advanced analytics and machine learning are some of the tools leveraged by security professionals to keep up with threats. This session will address these key issues:
(1) What trends are affecting security operations?
(2) What defines best-in-class security operations of 2020?
(3) What is the outlook for security monitoring and operations for the years ahead?
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Paul Proctor, Distinguished VP Analyst, Gartner
Outcome-driven metrics are operational, cost, and business benefit metrics based on the value proposition of our controls. Their direct line of sight to levels of protection enable an organization to answer key emerging questions in a business context: how much security do we want? And how much are we willing to spend for that protection?
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Join fellow women in IT as Bonnie St. John shares her fresh and inspiring perspective on leadership she gained from a two-year journey with her teenage daughter into the lives, and life lessons of world renowned leaders.
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Paul Furtado, Sr Director Analyst, Gartner
Moving from on-premises to IaaS can introduce additional security risks. This session will discuss areas that midsize enterprises should be aware of and prepared to address when moving to the cloud. Preregistration is required. Seats are limited.
This session is a good fit for you if your organization has between five and 50 people in IT, and an IT budget between $5 million and $30 million. We prequalify attendees for midsize enterprise sessions based on annual revenue between $50 million and $1 billion.
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Roberta Witty, VP Analyst, Gartner
The challenges to security and risk management programs range from governmental/political intervention to digital business adoption to the impact of organizational culture of running a business. Security and risk management (SRM) leaders must develop a coherent program based on a clear vision and strategy. This presentation will address:
What constitutes an effective vision and strategy for SRM leaders?
What are the elements of a SRM program?
What are the drivers shaping SRM strategy in 2020-2021?
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:35 AM
Toby Bussa, VP Analyst, Gartner
This session will take a look at what security and risk management look like in 10 years. What will be the same? What will change? What will you need to start thinking about now to be prepared in the future?
Wednesday, June 03, 2020 11:45 AM|Wednesday, June 03, 2020 12:15 PM
Srinath Sampath, Sr Director Analyst, Gartner
Reporting risk and security to your board is challenging for every organization in the Gartner client base. Executives don’t know what they need. We offer these concrete examples that share all the necessary characteristics to satisfy non-IT executives and your board.
Wednesday, June 03, 2020 11:45 AM|Wednesday, June 03, 2020 12:15 PM
Michael Kelley, Sr Director Analyst, Gartner
After Facebook privacy scandals, and publicity around so many data breaches, consumers and the public opinion have pushed the industry to do the inconceivable: To entertain the idea that #thefutureisprivate. This session discusses how continuous adaptive risk and trust assessment (CARTA) for CIAM can help prevent internal fraud and achieve a more private future. Includes contexts for CIAM and internal fraud. Based on "Implications of Facebook’s Privacy Scandal: Key Takeaways and Next Steps" — using this in the context of CIAM, to leverage CARTA to prevent "internal" fraud.
Wednesday, June 03, 2020 11:45 AM|Wednesday, June 03, 2020 12:15 PM
Paul Furtado, Sr Director Analyst, Gartner
Ransomware continues to wreak havoc in businesses globally. This session provides some insights on how to best protect your business and how to recover in the event you are compromised. We will discuss best practices and some “no cost” activities to help thwart the bad actors.
Wednesday, June 03, 2020 11:45 AM|Wednesday, June 03, 2020 12:30 PM
Paul Proctor, Distinguished VP Analyst, Gartner
The strongest signal we have from regulators to appropriately address cybersecurity requirements is a reference to consistency, adequacy, reasonableness, and effectiveness of controls. Using a outcome-driven metrics and an outcome-driven approach we can ensure that our security capabilities are in line with expectations.
Wednesday, June 03, 2020 02:30 PM|Wednesday, June 03, 2020 03:15 PM
Jeffrey Wheatman, VP Analyst, Gartner
Everyone knows how important strategic planning is for success and yet it is an immense challenge … for pretty much everyone. Join us to learn a simple approach that can be used to create a simple story that links security program activities to business goals in a way the drives better decisions.
1. What makes a good strategy?
2. What kind of narratives work?
3. What does a sample strategy look like?
Wednesday, June 03, 2020 02:30 PM|Wednesday, June 03, 2020 03:15 PM
Wam Voster, Sr Director Analyst, Gartner
Many buildings have become Smart Buildings. Connected systems for air conditioning, heating, access control are now being connected to networks and the internet to allow for optimization, energy efficiency, and remote facility management. What would happen if these systems are infected with ransomware? What can SRM Leaders do to address this?
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:00 PM
David Gregory, Sr Director Analyst, Gartner
Roberta Witty, VP Analyst, Gartner
This session will present a 10 step process that organizations should be using to prepare for growing concern over the Coronavirus outbreak becoming an epidemic in-country and pandemic globally. Attendees will hear our latest advice for all roles to take within the organization, including: HR, supply chain, IT, CISO, BCM/crisis management, Finance, Corporate Communications and more.
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:00 PM
Khushbu Pratap, Sr Principal Analyst, Gartner
This session walks through requirements planning, decision making and stakeholder communication, and also discusses overlap with cybersecurity tools, compliance solutions, security operations, analysis and reporting tools as well as risk management capabilities available with cloud service providers.
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:00 PM
Srinath Sampath, Sr Director Analyst, Gartner
How do you ensure your technology risk report stands out from the dozens of other reports and recommendations that senior executives at your organizations receive regularly? This session will discuss best practices on how to reduce executives’ cognitive burden and enable action based on your risk report.
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:30 PM
Patrick Long, Assoc Principal Analyst, Gartner
Many midsize enterprises are struggling to attract and retain cybersecurity talent. Join us for this peer-driven discussion on how to manage with a small team. How have you successfully overcome these constraints? When is a managed service the answer? What makes the most sense to keep in-house? Where have you found your talent?
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
David Gregory, Sr Director Analyst, Gartner
Roberta Witty, VP Analyst, Gartner
This session is a continuation of Part 1: Pandemic Preparedness Briefing. IT will present a 10 step process that organizations should be using to prepare for growing concern over the Coronavirus outbreak becoming an epidemic in-country and pandemic globally. Attendees will hear our latest advice for all roles to take within the organization, including: HR, supply chain, IT, CISO, BCM/crisis management, Finance, Corporate Communications and more.
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
Jeffrey Wheatman, VP Analyst, Gartner
Useful and actionable security metrics continue to be elusive. Program leaders often share what they have rather than what they should. Maybe we have been going about it the wrong way. Maybe, the problem isn’t what you tell your stakeholders, but rather the way you tell them.
1. What are the biggest challenges in reporting security metrics?
2. Why context is more important than the actual metrics?
3. What can leaders do to provide the proper level of context and drive action?
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
Gorka Sadowski, Sr Director Analyst, Gartner
This presentation will address staffing retention issues organizations face with their security operations teams and talent. Questions this presentation will address:
1) Is burnout a real problem?
2) Are your expectations of candidates too high or misguided?
3) How much of an impact does the business' commitment to SecOps have on your staff?
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:30 AM
Bernard Woo, Sr Director Analyst, Gartner
Successful organizations do not just embed privacy into operations, they embody it in their culture. Learn how you can enhance the privacy culture in your organization by categorizing security incidents to find those trends, systemic issues and hidden risks that can derail the best of intentions.
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:30 AM
Michael Kranawetter, Sr Director Analyst, Gartner
Is my security standard fit for purpose? Internal security policies and standards provide a framework for managing risk introduced by technology development and operations. Poorly written standards don't provide the clarity needed when developing and deploying IT, leading to higher risk and poor compliance. This session shows how to build and use standards to provide effective security, improve compliance and reduce the need for exceptions.
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:30 AM
Patrick Hevesi, Sr Director Analyst, Gartner
As your cyber security strategy and architecture becomes more complex, the game of our security defense has changed. We used to play tic tac toe when defending our organizations, but now it is more like a game of tetris. Each of the products that organizations are buying need to integrate and fit precisely into line to ensure that our defenses against more and more advanced attacks are ready. This session will talk about the age old question about best of breed point products vs. the bigger security vendors that are trying to build a integrated single solution and the pros and cons of both.
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:45 AM
Mark Horvath, Sr Director Analyst, Gartner
A guiding principle in DevSecOps is to make the developer successful at security by matching resources to the developer environment. Coaches are an important but often overlooked part of the developer ecosystem. Share best practices about successful coaching for security and some of the ways to improve security outcomes.
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 12:15 PM
Jim Mello, Sr Director, Advisory, Gartner
Belinda Wilson, Sr Director Consulting, Gartner
This workshop is an opportunity for attendees to be trained to conduct a pandemic preparedness exercise within their own organization.
Thursday, June 04, 2020 11:45 AM|Thursday, June 04, 2020 12:30 PM
Brian Lowans, Sr Director Analyst, Gartner
Any business that creates, stores or processes data must identify, prioritize and mitigate business and financial risks. Security and risk management leaders must understand the economics of the business choices and risks that result. Orchestration of adequate security and privacy controls is critical to mitigate these risks.
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
Jay Heiser, VP Analyst, Gartner
Is your cloud solutions provider facilitating or resisting government surveillance? How can you know? You can't avoid the cloud by building a digital wall around your organization. Can any technology or law save you from the cloud? Will local providers come to your rescue? This provocative session will cut through the myths, so that your organization can stop wasting time solving problems that can't be fixed.
Monday, June 01, 2020 01:45 PM|Monday, June 01, 2020 03:15 PM
Nader Henein, Sr Director Analyst, Gartner
This workshop will focus on addressing both regulatory and ethical concerns when conducting marketing and behavioral analytics against big datasets. The session will cover different methodologies including differential privacy and multiparty computation to extract the most out of your data with least risk to consumer trust or regulatory oversight.
Monday, June 01, 2020 02:15 PM|Monday, June 01, 2020 03:15 PM
Patrick Long, Assoc Principal Analyst, Gartner
Join this discussion on security vendors that midsize enterprises love. Midsize enterprises are defined as organizations between $50 million and $1 billion in annual revenue and fewer than 1,000 employees. This session is a good fit for you if your organization has between five and 50 people in IT and an IT budget between $5 million and $30 million.
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Christopher Ambrose, VP Analyst, Gartner
Risk and security teams struggle to ensure the contractual clauses in SaaS agreements protect their organization or comply with internal policy and external regulation. This session will provide insight to help you identify the key contractual clauses that must be addressed to protect your organization:
● The challenges in negotiating SaaS agreements: What can realistically be achieved?
● What are the key contract clauses to protect your data and minimize risk?
● What provisions do we need to reduce risk at termination or transition to another supplier?
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 05:00 PM
Jay Heiser, VP Analyst, Gartner
SaaS is a self-service model that is mostly out of IT's control, which has lead to endless exposures of sensitive data, audit frustrations, and cost overrun. Who is in charge of SaaS governance, and what policies, processes and products can they use to help their organizations use SaaS more responsibly. This session will be an opportunity for attendees to share their experiences with what works, and what doesn't.
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
David Gregory, Sr Director Analyst, Gartner
BCMP, C/IM, EMNS, IRM oh my! The technologies available to BCM leaders are many, but selecting the set that works best for your organization can be daunting. In addition, the markets are merging together to deliver a single-pane-of-glass approach to managing a business disruption. This session will review the BCM software ecosystem markets and then compare them so that participants will have a methodology to use for product selection.
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
Chris Howard, Distinguished VP Analyst, Gartner
This is a cross-function session meant to bring IT and legal/risk closer together and co-create strategies for digital ethics. We know that each of these roles is thinking independently about today's ethical challenges, but they need to converge on strategies that both grow the business and keep people "safe."
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
Zaira Pirzada, Principal, Advisory, Gartner
Data loss prevention and enterprise digital rights management: Two complementary technologies to meet similar data security objectives but yet so different in their deployment, use case suitability and inherent complexity. What are the trends in usage and in the marketplace? How are these technologies used effectively individually or together? What are the most successful use cases?
Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:15 PM
Christopher Ambrose, VP Analyst, Gartner
Vendor risk management isn’t just required in highly regulated industries, its good practice in all industries. But today’s approaches are mired in lengthy and complex assessment surveys that span a variety of threats and risks. This session will discuss how to improve and enhance your model for managing vendor risks.
1) Why is vendor risk management important now?
2) What are the current best practices in a vendor risk-management life cycle?
3) How can we improve the efficiency and value of our vendor risk-management programs?
Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:15 PM
Jeffrey Wheatman, VP Analyst, Gartner
Security and risk leaders want to quantify risk. Our business stakeholders want us to quantify risk. What if it’s actually not possible. Maybe we should stop trying and instead focus on what we can do to talk about risk in a way that business stakeholders actually care about.
1. What do we mean by risk quantification?
2. Why doesn't risk quantification actually work?
3. What can we do instead?
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
David Gregory, Sr Director Analyst, Gartner
Continuous improvement of business continuity plans is essential to ensure that they continue to reflect the organizational needs and priorities. This session will show how to develop, grow and benchmark your resilience program.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
Jeremy D'Hoinne, VP Analyst, Gartner
The promise of zero trust architecture is appealing, but executing on the promise is hard enough for most projects to struggle at some point. This session will confront network segmentation dreams and reality, and highlight the core principles of successful segmentation projects in an world of hybrid-clouds and multiclouds.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:30 PM
Lawrence Orans, VP Analyst, Gartner
Compare notes with your peers on zero trust networks. Discuss your plans and objectives for 2020 and beyond. Contribute your perspective and learn from others that are well down the path of zero trust networks.
Wednesday, June 03, 2020 11:45 AM|Wednesday, June 03, 2020 12:15 PM
Akif Khan, Sr Director Analyst, Gartner
Consumers have unrelenting expectations for friction-free experiences when dealing with retailers and banks. This is often at odds with the various antifraud mechanisms that security leaders have implemented. A new approach is required to reduce tension between CX and fraud management, and instead blend a spectrum of technologies to deliver the fluid experience that most customers want and deserve.
Wednesday, June 03, 2020 02:30 PM|Wednesday, June 03, 2020 03:15 PM
Rob Smith, Sr Director Analyst, Gartner
The European Union's General Data Protection Regulation (GDPR) is now in effect and has been directly copied by countless other countries. Global organizations with Europe-based employees need to understand exactly what this legislation means for them especially in regards to employee devices such as smartphones and tablets. This session covers the implications of how GDPR impacts mobile and wearable technologies and offers suggestions on becoming compliant.
Wednesday, June 03, 2020 02:30 PM|Wednesday, June 03, 2020 03:15 PM
Patrick Long, Assoc Principal Analyst, Gartner
Midsize enterprise (MSE) IT leaders face significant security challenges when trying to deliver IT services with small IT teams (usually fewer than 30 people) and limited IT budgets (usually less than $20 million). Join us for a discussion of the top trends that MSE IT leaders responsible for security and risk management should prioritize to stay current and proactive in protecting the organization and managing risk effectively.
Wednesday, June 03, 2020 02:45 PM|Wednesday, June 03, 2020 03:15 PM
Katell Thielemann, VP Analyst, Gartner
As the U.S. Department of Defense rolls out its new CMMC approach, some view it as a revolutionary fix to contractor cybersecurity issues, while others see a bureaucratic folly that will further constrain DoD technology adoption. What is it? Why does it matter? What does it mean for security and risk management leaders everywhere?
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:00 PM
Akif Khan, Sr Director Analyst, Gartner
From account takeover to inventory theft, malicious bots pose serious challenges to financial institutions and digital commerce businesses. The challenge is made harder by the fact that no technical deficiencies are being exploited, the bots are simply abusing business logic. How can you protect your business without negatively impacting the CX for your good customers?
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
Bernard Woo, Sr Director Analyst, Gartner
A core tenet of privacy laws is a set of rights for individuals to exercise control over the processing of their personal information. Organizations that rely on manual processes to process such requests run the risk of suffering a "death by thousand cuts." Come join this session to discuss solutions that help bring consistency and automation to the subject rights management processes.
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
Brent Predovich, Assoc Principal Analyst, Gartner
Security and risk management leaders tasked with the reactive art of attack-damage mitigation, have struggled with budgets running wild. Understand how to set the expectations for your budget and advocate for a discretionary attack-damage mitigation budget.
Thursday, June 04, 2020 11:45 AM|Thursday, June 04, 2020 12:30 PM
Jie Zhang, Sr Director Analyst, Gartner
Digital transformation relies heavily on new technology adoptions. While organizations innovate and create values through digital business, a set of new risks are emerging. These emerging risks require security and risk leaders' special attention. This session equips you with a model to assess the emerging risks.
Thursday, June 04, 2020 11:45 AM|Thursday, June 04, 2020 12:30 PM
Roberta Witty, VP Analyst, Gartner
Recovery plans vary in quality and quantity based on their age ("We have a plan that is five years old"), the experience of the team developing the plan, the type of automation being used or not and more. This session will present best practices for developing recovery plans that actually work in a business disruption.
Sunday, May 31, 2020 03:45 PM|Sunday, May 31, 2020 04:30 PM
Jeremy D'Hoinne, VP Analyst, Gartner
Lawrence Orans, VP Analyst, Gartner
This session will give an overview of the network traffic analysis market:
- What did we learn about evaluating and deploying the technology from hundreds of client inquiries?
- What are the trends in the NTA vendor landscape?
- How to decide if it is worth the purchase?
Sunday, May 31, 2020 04:45 PM|Sunday, May 31, 2020 05:30 PM
Dionisio Zumerle, Sr Director Analyst, Gartner
Regulatory requirements on data protection and privacy management continue to increase in multitude and complexity. As much as organizations are willing to invest in mitigating these compliance risks, security and risk leaders can't guarantee a zero risk exposure. How an organization plans and responds to a compliance violation should be part of your risk management program.
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
Dionisio Zumerle, Sr Director Analyst, Gartner
Endpoints are becoming digital consumer experience enablers that are more tightly controlled and natively fortified against attacks. Security and risk management leaders must design long-term security and investment strategies that align with this technology trend.
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
Steve Riley, Sr Director Analyst, Gartner
Patrick Hevesi, Sr Director Analyst, Gartner
Cloud security remains a top priority. This presentation summarizes the problems, recommended processes, and new product types to address three key issues.
* What are the unique risks associated with public cloud service providers, and how can they be controlled?
* What are the unique security challenges of IaaS and how can they be mitigated?
* What are the unique control challenges of SaaS, and how can they be addressed?
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
David Mahdi, Sr Director Analyst, Gartner
There are many different ways to eliminate passwords to significantly improve UX/CX, enhance security or both, but technology constraints make a universal approach elusive. IAM must take pains to craft a cohesive strategy across key use cases.
● What are the key drivers for passwordless authentication?
● What options are available and what value do they provide?
● Is it possible to completely eliminate passwords – and if it is, is it always desirable?
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
Neil MacDonald, Distinguished VP Analyst, Gartner
Digital business is turning organizations inside out. More users, data, systems and applications will be outside of the enterprise than inside. This drives a need for cloud-based delivery of networking (notably SD-WAN) and security capabilities (notably SWG) to get closer to the users that need access to the internet and their data, systems and applications that are pretty much everywhere but a central office. Here, we introduce the secure access service edge where SD-WAN, FWaaS, SWG, CASB, WAF, DNS protection and ZTNA converge over the next several years creating significant disruption in the vendor landscape and opportunities for every organization.
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
Mario de Boer, VP Analyst, Gartner
Highly evasive attackers do not reuse artifacts. Security professionals can’t rely on threat intelligence alone to protect from such advanced threats. This session assesses core security techniques to protect against highly evasive attacks. Techniques discussed include moving target defense, content disarm, remote browsing and containment.
Monday, June 01, 2020 10:15 AM|Monday, June 01, 2020 11:00 AM
Sam Evans, Sr Director Analyst, Gartner
Gartner has been evolving its guidance on how to better run vulnerability Management, which is a foundational security process. This presentation will go over this new way of doing vulnerability more effectively.
- Why we made some significant changes to our guidance on this critical process?
- What does the new RBVM actually look like?
- How to bring this to life inside your own security programs?
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Ramon Krikken, VP Analyst, Gartner
CASB is to SaaS as the firewall is to the data center. Come learn how to best take advantage of CASBs as your business continues to migrate more services to the cloud. We will discuss the different use cases and best practices on how to deploy CASB, as well as the continuing evolution of security architecture through CASB and related technologies such as zero-trust network access (ZTNA).
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Nat Smith, Sr Director Analyst, Gartner
This session is for vendors. Zero trust is gaining momentum with SDP and ZTNA, but should it be applied in other areas of network security as well? Absolutely. Come and see (1) how zero trust is a natural evolution in digital transformation, (2) how many non-network disciplines already take advantage of it, and (3) how you, as a network security vendor, can come to terms with it.
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Mario de Boer, VP Analyst, Gartner
In 2020, machine learning is used by security vendors more than by attackers. This will change. Join this technical session to explore the limits of ML in security solutions and how ML will accelerate innovation in attacker methods.
Monday, June 01, 2020 02:00 PM|Monday, June 01, 2020 02:45 PM
Rob Smith, Sr Director Analyst, Gartner
Endpoints security challenges are rising to new levels of complexity as the definition blurs across clouds, BYO, workstations, mobile, wearable, “things” and pure software.
This session will address
1. The evolution of device security to a single Unified Endpoint Security (UES) solution
2. The evolution of network security from on-premise to cloud based since devices are frequently accessing cloud based services.
3. The evolution of modern data protection for devices including VDI, encryption, and DRM
Monday, June 01, 2020 02:15 PM|Monday, June 01, 2020 03:45 PM
Nader Henein, Sr Director Analyst, Gartner
Given our borderless digital society, controlling the country in which information resides seems counterintuitive; however, it’s a requirement of most emerging data protection laws. Come to the session where we will probe the reason behind data residency requirements and learn how to support business expansion inside geographic guardrails without breaking centralized store and compute models.
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Lawrence Orans, VP Analyst, Gartner
The cloud era is forcing network security professionals to adapt on several fronts. Enterprises are spending more on cloud-based security services, as a replacement for physical appliances in private data centers. Also, as enterprises move workloads to IaaS clouds, they are turning to micro-segmentation to secure key assets. This session will deliver key insights into these important trends.
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Augusto Barros, VP Analyst, Gartner
For years SIEMs have been the cornerstone of security operations centers and the primary security monitoring tool for many organizations. However, with the adoption of newer threat detection tools, massive migrations to cloud services and the increasing adoption of technologies such as IoT and mobile, does it still make sense to invest in a SIEM? This session addresses the role of the SIEM in a modern SOC, covering the following issues:
- Is the SIEM capable of detecting modern threats?
- Does the SIEM scale to address the volume of data generated by the cloud?
- Is it possible for a SOC to operate without a SIEM?
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Steve Riley, Sr Director Analyst, Gartner
Zero-trust network access (ZTNA), sometimes called software-defined perimeters (SDP), replaces traditional technologies and eliminates the need to extend excessive trust. Instead, it provides adaptive, identity-aware, precision access that improves flexibility, agility and scalability, while offering a consistent experience regardless of who the user is or where they are.
* What is ZTNA, exactly, and why is it suddenly so popular?
* What are the benefits and the common emerging use cases?
* What can we expect it to evolve into as it matures?
Monday, June 01, 2020 04:00 PM|Monday, June 01, 2020 04:45 PM
Michael Clark, Sr Director Analyst, Gartner
Many modern security tools include the ability to ingest threat intelligence without much direction on how to effectively use the capability. This presentation provides guidance to security operation technical professionals on how to leverage threat intelligence to improve their monitoring and response programs.
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
Anna Belak, Sr Principal Analyst, Gartner
Security organizations are flooded with AI/ML marketing from security vendors, but it is hard to understand how much of this is real and effective. This presentation will review many areas where AI/ML methods are attempted to be used for security and present a framework for judging their effectiveness in your environment.
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
Ramon Krikken, VP Analyst, Gartner
This session covers current trends and emerging topics in the area of data security. From databases to files, threats are rapidly evolving and countermeasures slowly follow. Planning a data-centric roadmap for security governance and security architecture is a critical component of any security and risk management program.
Tuesday, June 02, 2020 09:45 AM|Tuesday, June 02, 2020 10:30 AM
Steve Riley, Sr Director Analyst, Gartner
Securing Office 365 can be daunting — perhaps even overwhelming. Microsoft continues to add new security features at a blistering pace, and inquiry trends show that while some customers enjoy this, others struggle with finding the most relevant controls to meet security requirements. Come to this session to receive answers to your most pressing questions about Office 365 security.
* What are the most important controls to implement, and what is a reasonable sequence?
* Is it OK to go all-in with Microsoft, or are third-party products still necessary?
* What is Microsoft's overall direction for Office 365 security, and what does that mean for customers?
Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:15 PM
Richard Bartley, Sr Director Analyst, Gartner
Cloud workload protection platforms offer diverse capabilities to help customers security their deployments. Hear about different approaches to workload protection from vendors and cloud providers. Find out about how vendors are enhancing and adding new capabilities to keep ahead of evolving cloud requirements and threats.
Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:15 PM
Patrick Hevesi, Sr Director Analyst, Gartner
Come see how secure the latest versions of your mobile OSes and devices are against the current mobile attacks. This session will show which operating systems and devices you need to be using along with third-party solutions to protect your organization. We will demonstrate attacks and also discuss the right EMM/UEM, MTD and other mobile security solutions your should be using today.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
Eric Ahlm, Sr Director Analyst, Gartner
The market is buzzing with grand claims of how SOAR platform can completely automate security. This presentation takes a practical look at what is security automation and the limitation of a SOAR platform. A per usage example is given for security investigations, incident response, case management and threat hunting to show how SOAR can be applied.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
Anna Belak, Sr Principal Analyst, Gartner
Vulnerability management has a history that goes back more than a quarter of a century. Scanning, patching and mitigating are not new activities. However, IT has changed a lot in the past decades, but has your vulnerability management? This presentation learns from how the best organization perform vulnerability management around modern IT processes and tools.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
Neil MacDonald, Distinguished VP Analyst, Gartner
Most enterprises will have data centers for years to come and most have adopted a multi-cloud strategy by design. This presentation will outline strategies for the consistent management and security of a hybrid multi-cloud environment composed of physical machines, virtual machines, containers and serverless workloads.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
Pete Shoard, Sr Director Analyst, Gartner
Managed security services are a sensible and efficient choice for many organizations, large and small to enable or augment their security operations. Gartner presents their view on the range of core services available in the market, cutting through the jargon and aligning the needs of consumers with available service types and providing predictions on the future of the market.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
Ruggero Contu, Sr Director Analyst, Gartner
We will discuss some of the main trends and client initiatives behind market convergence. The discussion will highlight the challenges and opportunities faced by specialist stand alone OT/IoT players and those coming from the IT security side.
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 03:15 PM
Dale Gardner, Sr Director Analyst, Gartner
Security testing, software composition analysis, vulnerability scans, pen testing and other sources of software vulnerability data can quickly overwhelm DevOps teams responsible for ensuring the security and integrity of the apps they deliver. We'll examine emerging approaches that can aid teams in identifying the most critical issues for mitigation, while providing management with a risk-based view of applications.
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Nat Smith, Sr Director Analyst, Gartner
This session is for vendors. Most network security products – whether firewalls, web gateways, IDPS or even NTA – are sold as boxes. But SASE changes all of that. Come and find out (1) why the change to SASE is necessary, (2) what technical investments are necessary, and (3) which commercial practices will be impacted.
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Frank Catucci, Sr Director Analyst, Gartner
Organizations have embraced agile development methodologies and DevOps practices, and technical professionals must find ways to integrate application security into this world.
1) What are the ways to modernize secure design practices like threat modeling?
2) How can we perform continuous security testing as part of CI/CD?
3) How do you effectively leverage security controls external to code?
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Anna Belak, Sr Principal Analyst, Gartner
Containers and microservices architectures require DevSecOps, a protection strategy different from traditional VMs with monolithic applications. Technical professionals tasked with securing containers must harden the CI/CD pipeline so that everything that ran through it can be considered secure.
Wednesday, June 03, 2020 09:45 AM|Wednesday, June 03, 2020 10:30 AM
Sam Evans, Sr Director Analyst, Gartner
"Zero trust" has emerged as a popular buzzword for the security industry in 2020. Security and risk management leaders need help cutting through the vendor hype for practical advice on how to succeed including:
1) Practical implementations of zero trust.
2) What problems it solves, but more importantly, what it doesn't.
3) Real-world implementation feedback from clients.
Wednesday, June 03, 2020 11:45 AM|Wednesday, June 03, 2020 12:15 PM
Eric Ahlm, Sr Director Analyst, Gartner
SaaS SIEM options are starting to appear in the market, offering credible alternatives to on-premises SIEM. This research provides technical professionals with an overview of SaaS SIEM technology, its strengths and weaknesses and the emerging best practices for its deployment and operation.
Wednesday, June 03, 2020 11:45 AM|Wednesday, June 03, 2020 12:15 PM
Nat Smith, Sr Director Analyst, Gartner
I know how to set up security for my data center, but those techniques do not seem to work well in the cloud. Should I throw out everything I know and start over? Should I force what I know well to work in the cloud? Gartner, please (1) explain the differences and help me understand the right approach, (2) point me in the direction to help me leverage my existing investments, and (3) arm me to set up world class security in hybrid environments.
Wednesday, June 03, 2020 11:45 AM|Wednesday, June 03, 2020 12:15 PM
Jon Amato, Sr Director Analyst, Gartner
Adoption of the Internet of Things continues to accelerate (in the enterprise and at home), with as many as 18 billion devices in the field right now. But security maturity around IoT continues to lag — where it exists at all! In this session, we will examine the issues around securing the Internet of Things, what enterprise security administrators can do today to secure their enterprises against the flood of connected devices, and what we might expect to be able to do in the future.
Wednesday, June 03, 2020 11:45 AM|Wednesday, June 03, 2020 12:15 PM
Patrick Long, Assoc Principal Analyst, Gartner
Formal vulnerability management programs are the exception and not the rule in midsize enterprises. Because of this, it is more important than ever to be able to prioritize mitigating the vulnerabilities that can hurt your organization the most. Join us for this session on how to identify and prioritize the critical assets in your environment.
Wednesday, June 03, 2020 02:30 PM|Wednesday, June 03, 2020 03:15 PM
Brian Lowans, Sr Director Analyst, Gartner
Protecting data and privacy is creating complex choices for enterprises as the number and variety of security products are multiplying. This requires careful assessment of the business attractiveness balanced against the business risks.
Wednesday, June 03, 2020 02:30 PM|Wednesday, June 03, 2020 03:15 PM
Neil MacDonald, Distinguished VP Analyst, Gartner
Changes in the threat landscape and ineffectiveness of current security architectures has driven an explosion of interest in zero trust security architectures. This presentation will build on the concepts of zero-trust networking and extend to operating systems, applications (including development), users and data. Topics will include the new NIST draft standard for zero trust as well as technologies and vendors providing solutions.
Wednesday, June 03, 2020 02:45 PM|Wednesday, June 03, 2020 03:15 PM
Richard Bartley, Sr Director Analyst, Gartner
Cloud security posture management services are now offered by cloud providers, CASB service vendors, firewall vendors, as well as dedicated vendors. Which is the right set of services for you and your cloud implementation? This session takes a look across these capabilities and discusses priorities and technical directions.
Wednesday, June 03, 2020 02:45 PM|Wednesday, June 03, 2020 03:30 PM
Rajpreet Kaur, Principal Analyst, Gartner
With growing business applications critical for business continuity their security has become ever so most important. With the growing dependencies of these applications with different entities across hybrid networks, the security teams fail to discover the interconnections and in turn fail to secure them enough. This presentation will discuss the idea of discovering application dependencies and segmenting them using micro segmentation techniques to make them more secure.
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:00 PM
Mark Horvath, Sr Director Analyst, Gartner
Tools play a crucial role in DevSecOps, but even the best tool is no good if no one uses it. This session goes over five cultural practices the most successful teams use to move from DevOps to DevSecOps, without slowing everything down.
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:00 PM
Dennis Xu, Sr Director Analyst, Gartner
Inadequate planning, lack of well-defined cloud security use cases and service outage can lead to project execution risk and in-secured cloud usage. Security and risk management technical professionals responsible for CASB initiatives must adopt best practices to achieve optimal outcomes and avoid common pitfalls.
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:00 PM
Tim Zimmerman, VP Analyst, Gartner
Organizations must recognize the differing networking requirements for IoT use cases in order to deploy the correct network and security architecture and ecosystem, otherwise they will fail. This presentation reviews different market segments and analyzes usage scenarios to identify the network strategy needed to properly implement IoT solutions.
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:00 PM
Michael Isbitski, Sr Director Analyst, Gartner
Technical professionals are confronted with attacks that target web applications and APIs and they struggle to find the appropriate mix of security controls. This session examines:
- What are the common attack patterns?
- What technologies are useful in mitigating each type of attack?
- What adjustments must be made for cloud-native application development?
Wednesday, June 03, 2020 04:30 PM|Wednesday, June 03, 2020 05:30 PM
Mitchell Schneider, Principal Analyst, Gartner
Vulnerability management is still not a standard practice for many organizations, even though it should be a foundational practice of good security hygiene. This can be a bigger issue for resource challenged organizations. This roundtable will help participants understand what has worked and not worked for their peers, across people, processes and technologies, when implementing a vulnerability management program.
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
Privacy initiatives are leading organizations to institute processes that align with data management and security best practices. What is the logical progression? What is the overlap? How can you leverage your privacy investments for security and vice versa?
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
David Mahdi, Sr Director Analyst, Gartner
In a world of cloud, does infrastructure security matter? As organizations move more services to the cloud, the problem shifts to managing user access and data. Attend this session to learn about emerging trends on the convergence of cloud, identity and data security, as well as best practices regarding cloud security, that you can leverage now.
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
Dale Gardner, Sr Director Analyst, Gartner
The nearly ubiquitous presence of open source software within applications and their supporting infrastructure introduces an array of risks, and has led to some of the most damaging security incidents on record. This session will deliver guidance on the necessary policies, processes, and tools — including software composition analysis and vulnerability assessment — necessary to identify and manage these risks.
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
Richard Bartley, Sr Director Analyst, Gartner
Should I just use my on-premises endpoint protection (EPP) in the cloud? EPP and cloud workload protection platforms (CWPP) are two technologies that have both substantial overlap and substantial divergence in terms of functionality. In this session, we will look at the security challenges of cloud IaaS environments for workloads. We will examine when you should use an endpoint tool in your cloud environments, and when only a CWPP will fill the need.
Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
Pete Shoard, Sr Director Analyst, Gartner
During this session, we will cover the different deception deployment models, the benefits and limitations of deception products and services and how do you need to have your deception technology managed. Attendees will better understand deception as part of a wider security strategy, availability of products on the market and how service providers are adopting this technology.
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:30 AM
Anna Belak, Sr Principal Analyst, Gartner
The focus of most breach and attack simulation tools is testing preventive controls; however, some also help with detection technologies and processes. Initial use cases include chief security officer testing of the infrastructure, testing versus "threats of the day" and activity testing after exploitation. How can BAS help your organization improve its security posture?
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:30 AM
Mitchell Schneider, Principal Analyst, Gartner
Security operations center (SOC) models are not a "one-size-fits-all" approach. The evolving threat landscape, along with the shift in security defense from just prevent to a more comprehensive approach has prompted a renewed interest in SOC implementation by a wider user base. Attend this session to identify which model is a perfect fit for your organization.
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:30 AM
Michael Clark, Sr Director Analyst, Gartner
This research provides guidance to security and risk management technical professionals implementing an incident response program. There are three stages to a successful incident response program: Plan, prepare and practice. Each of the three topics will be discussed in depth.
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:30 AM
Dionisio Zumerle, Sr Director Analyst, Gartner
Applications drastically change with serverless, mobile and single page applications being only a few examples. Yet most organizations still protect their applications with the same traditional defenses leaving applications undefended. The recent wave of Magecart credit card skimming attacks are an example that includes some very highly visible names among their victims. Applications need to learn to defend themselves, and security leaders can teach them to do so. In this session we will review cutting-edge techniques such as in-app protection and monitoring, interactive application security testing, runtime application self-protection, obfuscation and illustrate how they solve real-world application threats to provide value to the enterprise and its customers.
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:30 AM
Dale Gardner, Sr Director Analyst, Gartner
APIs have emerged as the basis for countless organizations' digital transformation efforts. But existing application security testing processes don't fully address APIs, leading to a false sense of confidence and potential risks. In this session, we'll examine tools and techniques for properly testing APIs in DevOps — and more traditional — development environments.
Thursday, June 04, 2020 10:45 AM|Thursday, June 04, 2020 11:30 AM
AWS, GCP and Azure have many new native security features to protect deployed workloads in the cloud. Learn about what capabilities you need to be using in these three cloud providers to ensure you are getting the most security for your workloads.
What are the top security controls you need to be using in AWS, GCP and Azure?
What are the gaps in the native cloud provider’s security?
Thursday, June 04, 2020 11:45 AM|Thursday, June 04, 2020 12:30 PM
Neil MacDonald, Distinguished VP Analyst, Gartner
Security considerations and best practices for securing containers and Kubernetes Docker containers are not inherently unsecure, but are being deployed unsecurely, driven by developers and a need for agility in service development and deployment. Security and risk management leaders must address container and Kubernetes security issues around vulnerabilities, visibility, compromise and compliance. This session will provide specific best practices for secure container and Kubernetes deployments.
Thursday, June 04, 2020 11:45 AM|Thursday, June 04, 2020 12:30 PM
Michael Kelley, Sr Director Analyst, Gartner
As a security framework, all elements of CARTA can be applied to any technology. For access management, this includes concepts like continuous authentication and continuous authorization, applying dynamic (always being evaluated) approaches to access management. In this approach, adaptive and contextual authentication, as well as leveraging session management as a control plane, and UEBA as for visibility, will allow a near-real-time response to a variety of AM issues, including credential theft, session hijacking and others.
Thursday, June 04, 2020 11:45 AM|Thursday, June 04, 2020 12:30 PM
Gorka Sadowski, Sr Director Analyst, Gartner
SOC in the cloud? SOC for the cloud? Hybrid clouds? Multiclouds? How are clouds impacting SOCs today, how are SOC evolving to leverage and scope clouds?
Thursday, June 04, 2020 11:45 AM|Thursday, June 04, 2020 12:30 PM
Michael Isbitski, Sr Director Analyst, Gartner
Organizations are increasingly using cloud-native technology and adopting microservices architecture patterns as they integrate or build enterprise applications. The end result is a sprawling landscape of web APIs that practitioners must secure. In this session, you'll learn about security best practices for design, discovery, monitoring and protection of web APIs.
Thursday, June 04, 2020 11:45 AM|Thursday, June 04, 2020 12:30 PM
Frank Catucci, Sr Director Analyst, Gartner
This session on secrets management will revolve around application security and best practices.
Thursday, June 04, 2020 11:45 AM|Thursday, June 04, 2020 12:30 PM
Rajpreet Kaur, Principal Analyst, Gartner
With mostly all security vendors pitching the idea of a security platform and selling it under ELA, the clients are somehow getting blinded by the real value behind the so-called security platform the vendor is selling, and are they actually saving any money or overspending? This presentation will discuss how the modern security platforms are coming up, what kind of licensing is available, and are they helping you save money and reduce the risk.
Tailored to the specific needs and perspective of chief information security officers (CISOs), the Gartner CISO Circle* brings together senior security and risk leaders for incisive discussions on what matters in security now and what changes lay ahead. *Application required.
Sunday, May 31, 2020 02:30 PM|Sunday, May 31, 2020 05:30 PM
Christopher Mixter, VP, Advisory, Gartner
Majority of business decisions today have information risk implications. Without clear guidance, enterprise decision-makers may open themselves up to expensive remediation or create exposure broader than their initiative. The volume, variety and unpredictability of these decisions makes CISOs' aspirations to "facilitate" and "consult" on them impossible.
Join your peers in this interactive three-hour session to learn how to identify and execute on opportunities to drive information risk accountability out to the true owners of those risks.
The discussion will focus on answering the following questions:
- How should CISOs navigate information risk accountability when the volume and variety of business decisions with information risk implications are growing exponentially?
- How can CISOs take advantage of new IT development methodologies to identify and enable accountability by the true owners of information risk?
- What does the information security organization that effectively stewards information risk accountability look like?
Monday, June 01, 2020 07:30 AM|Monday, June 01, 2020 08:30 AM
Tatiana Wells, Sr Program Director, Gartner
This orientation session is designed to help attendees make Security and Risk Summit the most productive experience. It will provide you with tips on how to navigate your way through the CISO Circle Program and overall conference and give you a chance to meet your fellow CISOs. Topics will include a review of the agenda, interactive sessions, networking and much more with plenty of time for Q&A.
Monday, June 01, 2020 02:15 PM|Monday, June 01, 2020 03:45 PM
Beth Schumaecker, Director, Advisory, Gartner
Supporting the business during the digital era requires that Information Security staff possess a much more diverse set of skills than in the past. This Information Security Strategic Workforce Planning workshop will focus on building out the inputs we need to orient our planning around the skills and competencies essential for success.
Tuesday, June 02, 2020 07:15 AM|Tuesday, June 02, 2020 08:15 AM
Sam Olyaei, Director Analyst, Gartner
It is now common practice and in certain cases mandated by regulation, for a board of directors to require periodic reporting and event-based updates on the state of security and risk management in an enterprise. Developing and communicating an effective message that balances the need to protect with the need to run your business is critical to success. However, there is a big disconnect between what security and risk leaders are presenting to the board and what the board actually cares about. Join us in this session as Gartner experts showcase five actionable narratives that you can use to communicate with your board.
Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:15 PM
Jeffrey Wheatman, VP Analyst, Gartner
Security and risk leaders want to quantify risk. Our business stakeholders want us to quantify risk. What if it’s actually not possible. Maybe we should stop trying and instead focus on what we can do to talk about risk in a way that business stakeholders actually care about.
1. What do we mean by risk quantification?
2. Why doesn't risk quantification actually work?
3. What can we do instead?
Tuesday, June 02, 2020 02:30 PM|Tuesday, June 02, 2020 04:00 PM
Leigh McMullen, Distinguished VP Analyst, Gartner
Whether it's in the board room or the big stage at an event like symposium, having great is just part of the equation. This session is about how to TELL your story. how to structure it for different audiences and different formats, and how to make sure your message sticks!
Wednesday, June 03, 2020 07:15 AM|Wednesday, June 03, 2020 08:15 AM
Khushbu Pratap, Sr Principal Analyst, Gartner
Risk quantification is perceived to bring more visibility and confidence in cybersecurity decision making — but does it? This session will deep dive into use cases articulating reasonable and unreasonable application of quantification approaches from the viewpoint of different security and risk management stakeholders.
Wednesday, June 03, 2020 12:15 PM|Wednesday, June 03, 2020 01:15 PM
Leigh McMullen, Distinguished VP Analyst, Gartner
The internet now reaches more than half the world’s population. Conventional wisdom suggests that solutions that served the first half will trickle down and serve the second. The conventional wisdom is dead wrong. People living in the “second half” have different problems and seek different solutions. The second half presents the greatest blue ocean market opportunity the world has ever seen. It also will challenge the status quo in unexpected ways.
Wednesday, June 03, 2020 02:30 PM|Wednesday, June 03, 2020 05:30 PM
Christopher Mixter, VP, Advisory, Gartner
Majority of business decisions today have information risk implications. Without clear guidance, enterprise decision-makers may open themselves up to expensive remediation or create exposure broader than their initiative. The volume, variety and unpredictability of these decisions makes CISOs' aspirations to "facilitate" and "consult" on them impossible.
Join your peers in this interactive three-hour session to learn how to identify and execute on opportunities to drive information risk accountability out to the true owners of those risks.
The discussion will focus on answering the following questions:
- How should CISOs navigate information risk accountability when the volume and variety of business decisions with information risk implications are growing exponentially?
- How can CISOs take advantage of new IT development methodologies to identify and enable accountability by the true owners of information risk?
- What does the information security organization that effectively stewards information risk accountability look like?
Thursday, June 04, 2020 09:45 AM|Thursday, June 04, 2020 12:45 PM
Christopher Mixter, VP, Advisory, Gartner
Majority of business decisions today have information risk implications. Without clear guidance, enterprise decision-makers may open themselves up to expensive remediation or create exposure broader than their initiative. The volume, variety and unpredictability of these decisions makes CISOs' aspirations to "facilitate" and "consult" on them impossible.
Join your peers in this interactive three-hour session to learn how to identify and execute on opportunities to drive information risk accountability out to the true owners of those risks.
The discussion will focus on answering the following questions:
- How should CISOs navigate information risk accountability when the volume and variety of business decisions with information risk implications are growing exponentially?
- How can CISOs take advantage of new IT development methodologies to identify and enable accountability by the true owners of information risk?
- What does the information security organization that effectively stewards information risk accountability look like?