| Wednesday, September 17 |
| 11:00 am–12:00 pm |
Conference Sessions
|
| 11:30 am–12:30 pm |
Conference Sessions
Security Knowledge Management From the InsideA current chief information security officer (CISO) with an industry leading information security program will share information on the implementation of a knowledge management process and capability that supports and enables core information security processes while also providing relevant artifacts for stakeholders, auditors and regulators. The knowledge management process achieves a reasonable balance between due diligence security practices and the demonstration of due diligence for multiple stakeholders. The CISO will draw upon experience from two financial service firms that have implemented this process; thus improving their productivity by significantly reducing staff time allocated to the preparation and completion of audit and regulatory work requirements. The knowledge management framework is a combination of core processes, work flows and a repository of artifacts that leverages a vendor-provided technology solution based on industry best practices, along with custom developed applications. Speaker - Jim Routh, Chief Information Security Officer, Depository Trust Clearing Corporation James Routh, CISM Chief Information Security Officer The Depository Trust & Clearing Corporation Jim Routh has over 20 years of experience in information technology and information security as a practitioner, management consultant and leader of technology functions and information security functions for global financial service firms. Jim designed and implemented an enterprise wide information security program for the Depository Trust and Clearing Corporation (DTCC) based on risk management best practice, COBIT and ISO 27001 standards. He implemented an information security risk assessment process and an innovative security program for application development and vendor management. Prior to joining DTCC he was the first CISO for American Express and responsible for the implementation of an enterprise wide implementation of GLBA specific controls and practices for two different banking entities in North America. Prior to that, he led a customer information management function within Risk Management for the US card businesses for American Express. Prior to that he led the information technology function for the Institutional Services and Investment Management businesses for American Express Financial Advisors. Mr. Routh was a management consultant in information technology for dozens of leading financial service firms for over 12 years.
|
| 2:00 pm–3:00 pm |
Conference Sessions
Security By Compliance - A Discussion of Information Risk Management's Greatest ChallengeWhen most organizations today think about information protection, compliance is at the top of that list. This new level of consciousness has become a great benefit to information security professionals as well as their greatest nightmare. The leadership of many organizations are now falling into the trap of "Security by Compliance", which has created a false sense of security for them. They believe that if they meet their legal and regulatory compliance requirements, they have fulfilled their requirements for information risk management and protection. This panel will discuss the challenge of taking advantage of the benefits created by new compliance requirements, while also overcoming the challenge of this new operating procedure. Moderator - John Pironti, Chief Information Risk Strategist, CompuCom John P. Pironti is the Chief Information Risk Strategist for CompuCom. He has designed and implemented enterprise wide electronic business solutions, information security programs, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, government, hospitality, aerospace and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and a Information Systems Security Management Professional (ISSMP). He is also a published author and writer, and a frequent speaker on electronic business and security topics at domestic and international industry conferences. Before joining CompuCom, Mr. Pironti was a Principal Enterprise Solutions Architect and Principal Security Consultant for Unisys, Inc. Prior to that he has held technical and management positions at AT&T and Genuity Inc. Mr. Pironti has a B.S. degree in imaging systems management from the Rochester Institute of Technology.
Speaker - Jennifer Mack, Vice President, MasterCard Worldwide, Payment System Integrity Jennifer Mack is a Vice President, in the MasterCard Worldwide Payment System Integrity group. In this role, she is responsible for developing and delivering a multi-faceted global approach for education and training based on the Payment Card Industry Data Security Standard. In addition to her MasterCard role, Ms. Mack is also Chairperson for the PCI Security Standards Council Marketing Working Group which is compromised of MasterCard and other leading payment brands. . Before joining MasterCard, she spent 12 years in the field of technology specializing in data security and is a subject matter expert within the Payment Card Industry where she held positions in product architecture and development, marketing, quality assurance and technical sales support. She has worked for major telecommunication and technology companies including Cybertrust/Verizon Business, TruSecure, and MCI Telecommunications.
Speaker - Jim Routh, Chief Information Security Officer, Depository Trust Clearing Corporation James Routh, CISM Chief Information Security Officer The Depository Trust & Clearing Corporation Jim Routh has over 20 years of experience in information technology and information security as a practitioner, management consultant and leader of technology functions and information security functions for global financial service firms. Jim designed and implemented an enterprise wide information security program for the Depository Trust and Clearing Corporation (DTCC) based on risk management best practice, COBIT and ISO 27001 standards. He implemented an information security risk assessment process and an innovative security program for application development and vendor management. Prior to joining DTCC he was the first CISO for American Express and responsible for the implementation of an enterprise wide implementation of GLBA specific controls and practices for two different banking entities in North America. Prior to that, he led a customer information management function within Risk Management for the US card businesses for American Express. Prior to that he led the information technology function for the Institutional Services and Investment Management businesses for American Express Financial Advisors. Mr. Routh was a management consultant in information technology for dozens of leading financial service firms for over 12 years.
Speaker - Khalid Kark, Principal Analyst , Forrester Research Khalid is a leading expert in the areas of information security services, strategy and IT GRC (Governance Risk and Compliance). Khalid's research focuses on building and maintaining effective security programs and making (CISOs) Chief Security Officers more successful in their role. . His research focuses on the strategies, operational processes, and organizational structures for developing and maintaining effective security programs. Khalid covers information risk management, information security strategy, best practices and metrics. He also covers security governance topics such as roles and responsibilities, policies, awareness, training and reporting for the security organization. Khalid has been widely quoted in the press, including such media outlets as Boston Globe and the Wall Street Journal. Khalid is a frequent keynote speaker at national and international executive conferences. During his career, Khalid has worked in both the consulting and enterprise sectors. Prior to joining Forrester, he worked for a global insurance company where he provided leadership and direction for the information security program. Previously, Khalid consulted organizations in healthcare, finance, entertainment and communication industries on information security strategy and architecture. Khalid holds a master's degree in telecommunications management from University of Pennsylvania and a bachelor's degree in business and economics from University of Texas at Austin. Khalid is also a Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM), and a Certified Information Security Auditor (CISA).
Speaker - Paul Stamp, Senior Product Manager , RSA
| | Friday, September 19 |
|
| 9:00 am–10:00 am |
Conference Sessions
A Security Risk Management Maturity ModelOver the years, there have been numerous advancements in IT security designed and built with the purpose of mitigating the emerging or newly identified attack vector. As the old Latin adage states "Mater Artium Necessitas" or as we more commonly refer to it: "Necessity is the Mother of Invention". Do we as IT security professionals - the guardians of the corporate jewels - ever stop and holistically look at the ever growing hodge-podge of security solutions deployed in our environments and think: has my security architecture been built on the "Necessity is the Mother of Invention" philosophy? Is there a better way to approach IT security? Here's the good news there is! Speaker - Charles Ross, Director, Sales Engineering Public Sector, McAfee Charles Ross is the Director of Sales Engineering for the Public Sector for McAfee. Prior to holding this position, Charles was Senior Manager of Risk Management for McAfee, responsible for IT security engineering, application security, risk analysis/mitigation, threat assessment, forensics and vulnerability management. He reports directly to McAfee's Chief Security Officer and speaks from an internal corporate security professional's perspective. He is a strong proponent of building a sustainable lifecycle around risk activities that is both measurable and continuously improving. He is a passionate security professional with over 6 years experience keeping McAfee secure. Prior to joining McAfee, he worked for 2 years as a Senior Consultant in the Deloitte & Touche Enterprise Risk Services group based in San Francisco. At D&T, he consulted with Fortune 500 companies to deploy world-class security programs. When he is not in the office, he is engaging with current and potential McAfee customers and partners to discuss how McAfee utilizes its best-in-breed security technologies to protect its computing environment. Charles holds a Bachelors of Science Degree in Accounting from the University of Florida.
|
| 11:30 am–12:30 pm |
Conference Sessions
The Business of PrivacyInformation privacy has become a major policy, technology, and business operations issue for organizations large and small in the corporate, government, financial, health care and retail, among other sectors. Compliance initiatives are not only complex, but can be very costly, cumbersome and confusing. As digital business communication continue to become more and more essential and ubiquitous, it is also contributing to a proliferation of personal customer data and information that organizations must protect. Clearly, corporations and technological developments haven't kept pace with data privacy needs. Information must be protected wherever it is collected, stored and used. This session will give audience members a 360-degree view of the privacy issues we face, and will inform audiences about how they can go beyond compliance to protect critical personal information while achieving greater business process efficiencies. Examples will be cited to illuminate key points. Speaker - Ahmad Wasim, Vice President, Marketing , Voltage Security
|
|