|
Conference Program
8:00am - 9:00am - Registration and
Continental Breakfast
9:00am - 10:00am
How to Adopt a Comprehensive IT
Governance, Risk Management and
Compliance Approach (IT GRC)
Andy Reeder, CISSP, CISA,
Director, HIPAA Privacy and
Security, Rush University Medical
Center
In the past IT Governance, Risk
Management and Compliance have
existed in different silos.
Currently, many IT leaders view
these areas as having commonalities
and interdependencies. By having a
unified approach IT leaders can
increase efficiencies, decrease
costs and lessen risk.
In this session attendees will
learn:
-
How these three areas are
interdependent
-
How to gain efficiencies, lessen
risk and costs through a unified
approach
-
How to prevent data loss through
decreased compliance
deficiencies
-
How to synthesize different
views, business impact, and
policy across the enterprise
-
How to create a framework that
is flexible in adapting to
dynamic risk management
priorities
-
How to leverage this discipline
to give the business a more
competitive edge
10:00am - 10:30am - Refreshment
Break
10:30am - 11:30am
How to Design and Improve a Holistic
IT Risk/Security Management Plan
Joseph Agnew, CISSP, Vice
President, Chief Information
Security Officer, Follett
Corporation
An effective risk management program
takes into account the needs of the
extended enterprise in addition to
IT. Technology is involved, but
before any purchase decisions are
made it is imperative that your
organization has policies in place
that will lay the foundation for
your program.
In this session attendees will learn
how to:
-
Select IT Risk Assessment
Methods
-
Perform and IT Risk analysis
-
Implement Policies and
Procedures
-
Involve Risk in Your Governance
Framework
-
Involve Compliance, Security,
Disaster Recovery and High
Availability
in Your Risk Management Plan
11:30am - 12:30pm
How to Get Executive Buy-In for Your
Risk/Security Management Program
(panel discussion)
Since an effective Risk Management
Plan is holistic in nature and
affects many different areas of the
company, there are therefore many
different stakeholders that will be
involved.
Given all of the variables, what
successful strategies should you use
to obtain buy-in from other
executives, stakeholders and
business units?
In this session attendees will learn
how to involve the following areas
for purposes of getting buy-in and
lessening risk to the enterprise:
-
How to Turn Corporate Threats
into Competitive Advantage
-
Budgeting strategies to help get
buy-in from the business side
-
How to help executives,
management and staff perceive
that changes will create
improvements
-
How to establish tremendous
commitment at the executive
level for your cause
-
How to ensure key influencers
are directly involved in all
aspects of the project
-
How to overcome resistance
-
How to stay on track and adhere
to well-defined schedule
-
How to design a plan for
training on technologies that
accompany changes
12:30pm - 1:30pm - Luncheon
1:30pm - 2:30pm
How to Identify Which Technologies
Can Best Support Your Risk/Security
Policies
Michael Gabriel,
CISSP, CISA, Corporate Information
Security Officer, Career Education
Corporation
|
Gabriel |
After you determine your policies
that will be the foundation of your
risk management program you can then
focus on the technologies that will
effectively support your program.
In this session, you will learn the
pros and cons of the various
technologies and which mix would be
best for your organization. Topics
for discussion will include:
-
Identity and access management
-
Security information and event
management
-
Configuration auditing.
-
Content monitoring.
-
Database activity monitoring.
-
IT governance risk and
compliance.
2:30pm - 3:00pm - Refreshment Break
3:00pm - 4:00pm
How to Implement IT Mission
Continuity Planning for Your IT
Assets
Enterprise Risk Management needs to
cover the extended enterprise, yet
at the same time have a strong focus
on the IT infrastructure that
supports the business.
In this session attendees will learn
how to implement and manage IT
Mission Continuity Planning through
several steps which include:
-
Identifying the Most Critical IT
Assets
-
Assessing risks and prioritizing
threats
-
Creating a response plan in the
event that IT assets are lost,
unavailable or corrupted
-
evaluate and reassessing
4:00pm - 5:00pm
|
Harris |
How to Measure the Success of Your
IT Risk Management Program through
Metrics
Danny Harris, Manager of Information
Security Policy and Awareness, The Aon Corporation
In this discussion, a panel of
seasoned IT Risk professionals will
share their experiences on how they
have proven the success of their
risk management program through
implementing metrics.
Topics that will be covered from
both a strategic and tactical
metrics perspective include:
-
Asset and impact classification
-
Vulnerabilities and threats
-
Relationship between assets,
vulnerabilities, network threats
and controls
-
Risk calculation factors
What You Will Learn
-
In this one day conference
attendees will learn:
-
How to take control of your Risk
Management Program
-
How to drive Compliance issues
instead of letting them drive
you
-
How to leverage the core
disciplines of Risk Management
to design an effective framework
-
How to leverage Your Risk
Management Program to reduce
cost and risk through effective
Prioritization and Processes
-
The convergence of various risk
and compliance topics in the
context of enterprise risk
management
-
How to measure the success of
your risk management approach
through quantitative metrics
-
How to measure the dollar value
of Security & Risk Management
-
How to articulate the value of
Security & Risk Management in
terms line executives can
understand
-
Best practices for managing
compliance, security, disaster
recovery and high availability
-
How global governance and risk
management trends are affecting
corporate enterprises
|
