Register Today for Interop New York 2008

Conference: Governance, Risk and Compliance

Track Chair: John Pironti
Chief Information Risk Strategist
Getronics

Information security is quickly evolving into information risk management. The enterprise of today can no longer rely on technology alone to protect information and information infrastructure, and requires a business approach to information risk management, governance, and compliance to be successful. The growth in global regulatory and compliance requirements, lack of available resources and funding, and constant need to balance protection with the business needs of the organization is a great challenge for professionals in this area. The Governance, Risk, and Compliance track will focus on providing insights and guidance from experienced practitioners on key issues which enterprises are facing today as they mature their capabilities and from a reactive and technologically focused approach to information security into a proactive and risk based one.

Open All Descriptions |

Close All Descriptions

Governance, Risk and Compliance
Conference Sessions Developing Metrics and Measures for Information Security Governance Tuesday, November 30 - 4:00 pm–4:00 pm Information security has become a critical issue within organizations, and a key success factor for businesses. In order to effectively maintain the integrity and security of an organization's information infrastructure effective security metrics and measures must be developed, implemented, and monitored. This presentation will discuss the concept of enterprise security metrics and measures and the concepts and topics that must be considered when developing, implementing, and monitoring them. These topics will include the identification of measurable points and activities, the development of meaningful metrics and measures, monitoring concepts, and reporting strategies. Case studies and scenarios will also be used to demonstrate operational scenarios for the benefits and challenges of this concept throughout the presentation. Speaker - John Pironti, Chief Information Risk Strategist, Getronics John P. Pironti is the Chief Information Risk Strategist at Getronics. He has designed and implemented enterprise wide electronic business solutions, information security programs, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, government, hospitality, aerospace and information technology. Mr. Pironti has a number of industry certifications including Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and a Information Systems Security Management Professional (ISSMP). He is also a published author and writer, and a frequent speaker on electronic business and security topics at domestic and international industry conferences. The Business of Privacy Tuesday, November 30 - 4:00 pm–4:00 pm Information privacy has become a major policy, technology, and business operations issue for organizations large and small in the corporate, government, financial, healthcare, retail and other sectors. Compliance initiatives are not only complex, but can be very costly, cumbersome and confusing. As digital business communication continue to become more and more essential and ubiquitous, it is also contributing to a proliferation of personal customer data and information that organizations must protect. Clearly, corporations and technological developments haven't kept pace with data privacy needs. Information must be protected wherever it is collected, stored and used. This session will give audience members a 360-degree view of the privacy issues we face, and will inform audiences about how they can go beyond compliance to protect critical personal information while achieving greater business process efficiencies. Examples will be cited to illuminate key points. Speaker - Sathvik Krishnamurthy, President, Voltage Security Security Knowledge Management From the Inside Tuesday, November 30 - 4:00 pm–4:00 pm A current CISO with an industry leading information security program will share information on the implementation of a knowledge management process and capability that supports and enables core information security processes while also providing relevant artifacts for stakeholders, auditors and regulators. The knowledge management process achieves a reasonable balance between the due diligence security practices and the demonstration of due diligence for multiple stakeholders. The CISO will draw upon experience from two financial service firms that have implemented this process and improving their productivity by significantly reducing staff time allocated to the preparation and completion of audit and regulatory work requirements. The knowledge management framework is a combination of core processes, work flows and a repository of artifacts that leverages a vendor provided technology solution based on industry best practices along with custom developed applications. Speaker - Jim Routh, Chief Information Security Officer, Depository Trust Clearing Corporation A Security Risk Management Maturity Model Tuesday, November 30 - 4:00 pm–4:00 pm Over the years, there have been numerous advancements in IT security designed and built with the purpose of mitigating the emerging or newly identified attack vector. As the old Latin adage states "Mater Artium Necessitas" or as we more commonly refer to it "Necessity is the Mother of Invention". Do we as IT security professionals, the guardians of the corporate jewels, ever stop and holistically look at the ever growing hodge-podge of security solutions deployed in our environments and think, Has my security architecture been built on the Necessity is the Mother of Invention philosophy? Is there a better way to approach IT security? The good news there is! Speaker - Carl Banzhof, Vice President and Chief Technology Evangelist, McAfee Security By Compliance - A Discussion of Information Risk Management's Greatest Challenge Tuesday, November 30 - 4:00 pm–4:00 pm Compliance is top of mind in many organizations today when they think about information protection. This new level of consciousness has become a great benefit to information security professionals as well as their greatest nightmare. The leadership of many organizations are now falling into the trap of "Security by Compliance" which has created a false sense of security for them. They believe that if they meet their legal and regulatory compliance requirements the have fulfilled their requirements for information risk management and protection. This panel will discuss the challenge of taking advantage of the benefits created by new compliance requirements while also overcoming the challenge of this new operating procedure. Moderator - John Pironti, Chief Information Risk Strategist, Getronics John P. Pironti is the Chief Information Risk Strategist at Getronics. He has designed and implemented enterprise wide electronic business solutions, information security programs, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, government, hospitality, aerospace and information technology. Mr. Pironti has a number of industry certifications including Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and a Information Systems Security Management Professional (ISSMP). He is also a published author and writer, and a frequent speaker on electronic business and security topics at domestic and international industry conferences.
Top of Page

Governance, Risk and Compliance

Conference Sessions

Developing Metrics and Measures for Information Security Governance