Feedback from
Attendees

Upcoming
Events:

Mar 18, 2010

Enterprise DR/BC -

Designing the Resilient

Framework

Info

 

Apr 1, 2010

IT Architecture:

2010 and Beyond

Info

 

Apr 22, 2010

VDI / Desktop

Virtualization Strategies

- Implementation

and Management

Info

 

May 6, 2010

Business Intelligence

and Analytics

Info

 

May 19, 2010

Managing Large IT

Projects

Info

 

Jun 10, 2010

Enterprise Risk/Security Mgmt -

Leakage/Loss/Metrics

Info

 

Jul 22, 2010

IT Leadership Strategies

Info

 

Sep 21, 2010

Enterprise DR/BC -

HA/Resilient Infrastructure

Info

 

Sep 30, 2010

Project and Portfolio

Mgmt

Info

 

Oct 7, 2010

e-Mail Archiving

Info

 

Oct 21, 2010

Virtualization/Consolidation

Strategies -Implementation

Strategies

Info

 

Nov 4, 2010

The CIO Agenda -

2011 and Beyond

Info

 

Nov 18, 2010

DR/BC
Data Protection

Strategies

Info

 

Dec 9, 2010

Business Intelligence/

Performance Mgmt

Strategies

Info

 

 

Home  |  Attending   |  Speaking  |  Sponsoring  |  About  |  Contact 

Conferences that solve current IT challenges

 

Enterprise Risk - Security Management

June 19, 2008
9:00 a.m. to 5:00 p.m.

CISSP Credits Awarded

Donald E. Stephens Convention Center
Rosemont (O'Hare) Illinois

Speaker BiographiesRegister

 

Overview

In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise.  A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources.  It is through a risk management framework that real value to the business can be achieved.

With all of these challenges, how do you make this happen?

In this one day conference, attendees will be provided with examples of approaches to managing information and compliance risk through a risk management framework.

Who Should Attend:
CIOs/CISOs
VPs/IT Directors
Security Managers/Architects
Network Managers

 


 

Conference Program

 

8:00am - 9:00am - Registration and Continental Breakfast

 

9:00am - 10:00am


Reeder

How to Adopt a Comprehensive IT Governance, Risk Management and Compliance Approach (IT GRC)
Andy Reeder, CISSP, CISA, Director, HIPAA Privacy and Security, Rush University Medical Center

In the past IT Governance, Risk Management and Compliance have existed in different silos.  Currently, many IT leaders view these areas as having commonalities and interdependencies.  By having a unified approach IT leaders can increase efficiencies, decrease costs and lessen risk.

 

In this session attendees will learn:

  • How these three areas are interdependent

  • How to gain efficiencies, lessen risk and costs through a unified approach

  • How to prevent data loss through decreased compliance deficiencies

  • How to synthesize different views, business impact, and policy across the enterprise

  • How to create a framework that is flexible in adapting to dynamic risk management priorities

  • How to leverage this discipline to give the business a more competitive edge

 

10:00am - 10:30am - Refreshment Break

 

10:30am - 11:30am 


Agnew

How to Design and Improve a Holistic IT Risk/Security Management Plan
Joseph Agnew, CISSP, Vice President, Chief Information Security Officer, Follett Corporation

 

An effective risk management program takes into account the needs of the extended enterprise in addition to IT.  Technology is involved, but before any purchase decisions are made it is imperative that your organization has policies in place that will lay the foundation for your program.

 

In this session attendees will learn how to:

  • Select IT Risk Assessment Methods

  • Perform and IT Risk analysis

  • Implement Policies and Procedures

  • Involve Risk in Your Governance Framework

  • Involve Compliance, Security, Disaster Recovery and High Availability in Your Risk Management Plan

11:30am - 12:30pm

Allen


Watson

Hansen

Burke

Ju

How to Get Executive Buy-In for Your Risk/Security Management Program (panel discussion)

Moderator: Scott Allen, Security & Compliance Consultant, Laurus Technologies

Panelists:

Ken Watson, Director IT Risk Management, USG Corporation,
Adam Hansen, Director of Security, Sonnenschein, Nath & Rosenthal 
Tim Burke,
Information Security Manager, QBE The Americas,

Min Ju, Enterprise Security Architect, Symantec,
and other enterprise IT professionals


 

Since an effective Risk Management Plan is holistic in nature and affects many different areas of the company, there are therefore many different stakeholders that will be involved.

 

Given all of the variables, what successful strategies should you use to obtain buy-in from other executives, stakeholders and business units?

 

In this session attendees will learn how to involve the following areas for purposes of getting buy-in and lessening risk to the enterprise:

  • How to Turn Corporate Threats into Competitive Advantage

  • Budgeting strategies to help get buy-in from the business side

  • How to help executives, management and staff perceive that changes will create improvements

  • How to establish tremendous commitment at the executive level for your cause

  • How to ensure key influencers are directly involved in all aspects of the project

  • How to overcome resistance

  • How to stay on track and adhere to well-defined schedule

  • How to design a plan for training on technologies that accompany changes

12:30pm - 1:30pm - Luncheon

 

1:30pm - 2:30pm 


Gabriel

How to Identify Which Technologies Can Best Support Your Risk/Security Policies
Michael Gabriel, CISSP, CISA, Corporate Information Security Officer, Career Education Corporation

 

After you determine your policies that will be the foundation of your risk management program you can then focus on the technologies that will effectively support your program.

 

In this session, you will learn the pros and cons of the various technologies and which mix would be best for your organization.  Topics for discussion will include:

  • Identity and access management

  • Security information and event management

  • Configuration auditing.

  • Content monitoring.

  • Database activity monitoring.

  • IT governance risk and compliance.

2:30pm - 3:00pm - Refreshment Break

 

3:00pm - 4:00pm 

Building and Managing Information Security Frameworks on ISO 27001/27002

Evan Tegethoff , CISSP, ISO 27001 Certified Lead Auditor Director of Compliance Services, Accuvant

 

Discover how organizations are building and managing information security frameworks based upon standards such as ISO 27001/ 27002, to more effectively manage enterprise risk. This session will focus onbuilding a long term, self sustaining, pain free compliance strategy that manages and mitigates enterprise risk.

 

Topics that will be covered include:

  • What common frameworks are being deployed to leading security organizations?

  • Overview of ISO 27001/27002 (17799)

  • Understanding common compliance requirements and mapping them to a security framework and control sets

  • Creating compliance metrics that measure the effectiveness and efficiency of an organization

  • Adapting automated and preventive controls

  • Strategies for intelligently assessing, monitoring, correlating, and reporting on all aspects of enterprise compliance and risk

 

4:00pm - 5:00pm 


Harris

How to Measure the Success of Your IT Risk Management Program through Metrics
Danny Harris, Manager of Information Security Policy and Awareness, The Aon Corporation

 

In this discussion, a seasoned IT Risk professional will share his experiences on how he has proven the success of his company's risk management program through implementing metrics.

 

Topics that will be covered from both a strategic and tactical metrics perspective include:

  • Asset and impact classification

  • Vulnerabilities and threats

  • Relationship between assets, vulnerabilities, network threats and controls

  • Risk calculation factors

 


 

 

What You Will Learn

  • In this one day conference attendees will learn:

  • How to take control of your Risk Management Program

  • How to drive Compliance issues instead of letting them drive you

  • How to leverage the core disciplines of Risk Management to design an effective framework

  • How to leverage Your Risk Management Program to reduce cost and risk through effective Prioritization and Processes

  • The convergence of various risk and compliance topics in the context of enterprise risk management

  • How to measure the success of your risk management approach through quantitative metrics

  • How to measure the dollar value of Security & Risk Management

  • How to articulate the value of Security & Risk Management in terms line executives can understand

  • Best practices for managing compliance, security, disaster recovery and high availability  

  • How global governance and risk management trends are affecting corporate enterprises


 

 

Register

 

Conference Price: $199.00 per person

 


Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs.  CISSP is a registered certification mark of (ISC)², Inc.


Exhibits

 

As is always the case at CAMP IT Conferences events, the talks will not include product presentations.  During the continental breakfast, coffee breaks, and the luncheon break you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

 

 


   

 

 

 

 


 

CAMP Conferences, Inc., 540 W. Frontage Rd., Ste. 2205, Northfield, IL  60093
Tel: (312) 527-2800  Fax: (847) 881-0747

Copyright © 2010 CAMP Conferences, Inc. All Rights Reserved.
CAMP IT is a registered trademark of
CAMP Conferences, Inc.