Transcription
GartnerSecurity & Risk ManagementSummit 2014June 23 – 26 National Harbor, MD events.gartner.com/go/sec20Agenda
Session KeyTracksTrack A The CISO ProgramTrack B The Security ProgramTrack C Technical Insights: Security ArchitectureTrack D The Risk & Compliance ProgramTrack E The Business Continuity Management ProgramTrack F The Marketplace for SecurityNavigational TagsFocus:StrategicMaturity ncedTechnicalExclusive SessionsREG E nd Users Only. Registration is Required.(Please proceed to the session room 15 minutes early join the wait list,if you have not had the opportunity to register in advance.) estricted to CISO Circle DelegatesR(For more information on this program, go to the Information Deskin the Convention Foyer)Agenda current as of June 4, 2014 and subject to change. Please see Events Navigator for full session and speaker details.
MonDAY, June 23Monday, June 23Location7:00 a.m. – 7:30 p.m.RegistrationConvention CenterPre-Function Foyer7:00 a.m. – 8:00 a.m.Continental BreakfastPotomac BallroomFoyer8:15 a.m. – 9:00 a.m.K1. Keynote: Smart Risk: Balancing Security & OpportunityAndrew Walls, John Girard and Paul Proctor, GartnerPotomac Ballroom9:00 a.m. – 9:15 a.m.K2. Opening Remarks Andrew Walls, GartnerPotomac Ballroom9:45 a.m. – 10:30 a.m.AA1. Evolution of Gartner’s Security and Risk Research AgendasChristian Byrnes, GartnerMaryland BBGS1. General Session: Architecting a New Approach for ContinousAdvanced Threat Protection Neil MacDonald, GartnerPotomac BCE1. How to Achieve Success with Cyber Risk Assessment andAnalysis Ben Tomhave, GartnerPotomac CEGS2. General Session: Reconstructing Risk ManagementRichard Steinberg, Steinberg Governance Advisors, Inc.;John Wheeler, GartnerPotomac DFJ1. Top Security Trends and Takeaways for 2014 and 2015Ray Wagner, GartnerPotomac AREGAUR1. Roundtable: Security Threat Intelligence Services – the What,the Who, the Why and the How Anton Chuvakin, GartnerChesapeake AREGVUR1. Dell: Achieve Deeper Network Security and Control WithoutCompromise Dmitriy Ayrapetov, Dell Network SecurityChesapeake BD9:45 a.m. – 11:15 a.m.REGW1. Workshop: Shall We Take Privacy Seriously?Carsten Casper, GartnerChesapeake C10:45 a.m. – 11:30 a.m.SPS1. AT&T, Inc.: The Evolution of Threat ManagementAndy Daudelin, AT&TPotomac 4SPS2. Dell SecureWorks: Your Earliest Possible Warning System –Understanding Endpoint Security Barry Hensley, Jon Ramseyand Tom Sammel, Dell SecureWorksPotomac CSPS3: RSA: Security Redefined – Operationalizing an Intelligence-DrivenSecurity Program Amit Yoran, RSA, Security Division of EMCPotomac D(Continued)
MonDAY, June 2310:45 a.m. – 11:30 a.m. (continued)SPS4. Intel Security: Dynamic Balanced Scorecards Influence Investment/IR in New Brunswick Jamie Rees, Government of New Brunswick;Bradon Rogers, McAfeePotomac 1SPS5. Palo Alto Networks: How to Build a Cyber Intelligence TeamRick Howard, Palo Alto NetworksPotomac BSPS6. Sourcefire: A Threat-Centric Security ApproachMartin Roesch, Cisco; Damon Rouse, Epsilon Systems SolutionsMaryland BSPS7. Symantec: Getting Beyond Standalone Antivirus to AdvancedThreat Protection Piero DePaoli, SymantecMaryland D11:45 a.m. – 12:30 p.m.AA2. Panel: Real World Case Studies in Big Data Analytics inCybersecurity Demetrios Lazarikos, Blue Lava Consulting;Larry Koskinen, United States Postal Service; Avivah Litan, GartnerPotomac BBB2. Nexus Forces Shaping Security Ruggero Contu, GartnerPotomac DBC2. Debate: Farewell to Firewalls: Stop Protecting your Applicationsand Data! Greg Young and Joseph Feiman, GartnerPotomac CBD2. Counseling for Midsized Organizations and Network Security:Repairing a Dysfunctional Relationship Adam Hils, GartnerPotomac 1AE2. Maverick Research: Ethics at the Center of Nexus of ForcesDebra Logan, GartnerPotomac 4DF2. The Dark Side of Digitalization in Financial ServicesJuergen Weiss, GartnerMaryland DDG2. The Top Risks for Public Cloud Jay Heiser, GartnerPotomac AEH2. Supplier Contingency Planning: What You Need to Know forSupplier Recovery Christopher Ambrose, GartnerMaryland BREGAUR2. Roundtable: How Do You Secure BYOD?Claudio Neiva and Lawrence Orans, GartnerChesapeake AREGVUR2. Verizon: Building a Cyber Intelligence Program to RecognizeAdvanced Threats More Quickly James Tomlinson, VerizonChesapeake B12:30 p.m. – 1:15 p.m.SLA1. IBM: 4 Undeniable Truths About Advanced Threat ProtectionPatrick Vandenberg, IBMNational Harbor 1012:30 p.m. – 1:30 p.m.Focus:Attendee LunchPrince George’sHall ECC1. CISO Circle Lunch Presentation: Managing Risk in the 21st Century(Restricted to CISO Circle Delegates) Jim Nelms, Mayo Clinic;Christian Byrnes and Tom Scholtz, GartnerChesapeake 1-3StrategicTacticalMaturity nical
Solution Showcase Dessert ReceptionPrince George’sHall C1:00 p.m. – 1:25 p.m.TH1. Trend Micro Incorporated: Advanced Threat Protection – Know BeforeYou Buy Kevin Faulkner, Trend Micro Inc.Theater ATH2. Splunk: Battle Malware/APTs Using the Kill Chain Method andSplunk Software Robert Ma, Splunk Inc.Theater B1:35 p.m. – 2:00 p.m.TH4. Qualys, Inc: Prevent Breaches with a Sustainable Continuous SecurityProgram Corey Bodzin, Qualys, Inc.Theater ATH5. WEBROOT: Catch Me If You Can: Using Real-Time Threat IntelligenceChip Witt and Dave Dufour, WEBROOTTheater B2:10 p.m. – 2:35 p.m.TH7. MaaS360 by Fiberlink, an IBM Company: Tackling Mobile Securitywith a Layered Defense David Lingenfelter, Fiberlink, an IBM CompanyTheater ATH8. Okta, Inc.: SSO Without Casualties Mark Morris and GeorgeHegedus, Rosetta StoneTheater BTH9. Juniper: Combining Firewalls and Tar Traps to Create a Hacker’sWorst Nightmare Rebecca Lawson, Juniper NetworksTheater C2:45 p.m. – 3:30 p.m.AA3. Tutorial: Why Your Policy is Broken and How You Can Fix ItJay Heiser, GartnerPotomac ABB3. Step 1: Assume SDN Includes Security. Step 2: Get Hacked andLook For New Job Greg Young, GartnerChesapeake DBC3. Securing Telephony with Voice Biometrics and DeviceFingerprinting Shawn Hall, E*TRADE Clearin; Avivah Litan, GartnerPotomac 4BD3. How Bring Your Own is Shaping Mobile SecurityDionisio Zumerle, GartnerPotomac BCE3. The Security, Privacy and Ethics of Big DataRamon Krikken, GartnerPotomac DDF3. Risk Awareness of Operational TechnologiesKristian Steenstrup, GartnerPotomac CDG3. Managing Litigation and Regulatory Risks of Big DataGarth Landers, GartnerMaryland DEH3. It’s Saturday at 10 pm: Do You Know Where Your Employees Are?Julie Viscardi and Roberta Witty, GartnerPotomac 1FJ3. With Increased Security Visibility, Comes Great ResponsibilityEric Ahlm, GartnerMaryland BREGAUR3. Roundtable: Curing the Data Residency Headaches in Big Dataand Cloud Brian Lowans and Felix Gaehtgens, GartnerChesapeake AREGVUR3. Dell SecureWorks: 1 1 3 and Other Myths of Security EventCorrelation Mark Wood, Dell SecureWorksChesapeake BMonDAY, June 2312:30 p.m. – 2:45 p.m.
MonDAY, June 232:45 p.m. – 4:15 p.m.W2. Workshop: Building the IT Service Resilience Business CaseDonna Scott and John Morency, GartnerREGChesapeake C3:45 p.m. – 4:30 p.m.SPS9. Check Point Software Technologies: Tackling a Complex ThreatLandscape with Software-Defined ProtectionPotomac 4SPS10. Cisco Systems, Inc.: Operational Threat Response: Acting onSecurity Intelligence During an Attack Bret Hartman, CiscoPotomac CSPS11. Dell: Security is a Many Splendored Thing Marc Potter andChris Lange, Dell; Iain Paterson, Trillium Health Partners; Matt Chambers,Asurion; Robert Keng, ComcastPotomac DSPS12. IBM: IBM Security Intelligence: Integrated Tools. More Intelligence.Kevin Skapinetz, IBMPotomac 1SPS13. Verizon: Security Incident Patterns: Verizon 2014 Data BreachInvestigations Report Marc Spitler, VerizonPotomac BSPS14. VMware: Micro-Segmentation Through VMware NSXRod Stuhlmuller, VMwareMaryland BSPS15. Websense, Inc.: All Roads Lead to Data TheftJeff Debrosse, WebsenseMaryland DSPS16. Zscaler: Flying in the Clouds: How United Airlines Moved to a CloudBased Security Model Robert Mitera, UnitedChesapeake D4:45 p.m. – 5:30 p.m.AA4. Aligning Information Security and Information Management:Governance is the Key (CISO Circle Session)Christian Byrnes and Tom Scholtz, GartnerPotomac CBB4. Panel: Network vs. Endpoint vs. Application - How to BestProtect from Advanced Threats?Greg Young, Joseph Feiman and Neil MacDonald, GartnerPotomac DBD4. Fighting APTs with Policy and Continuous Infection MonitoringPeter Firstbrook, GartnerMaryland BCE4. Five Practical Steps for Securing Data in the Public CloudRamon Krikken, GartnerMaryland DDF4. The Gartner Business Risk ModelPotomac ADG4. Why do Risk & Compliance Professionals Need to Know or CareAbout ITAM? Victoria Barber, GartnerPotomac 4EH4. The Third Monday in April: Responding to the Boston MarathonBombings Meg Femino, Beth Israel Deaconess Medical CenterPotomac 1REGAUR4. Roundtable: Geeks Comparing Notes on Advanced ThreatDefense Solutions Claudio Neiva and Lawrence Orans, GartnerChesapeake AREGVUR4. WEBROOT: Threat Data vs. Threat Intelligence: Why It MattersHal Lonas, WEBROOTChesapeake BGS3. The Administration’s Priorities for Cybersecurity: Flipping theEconomics of Cyberspace Michael Daniel, the White HousePotomac BFocus:StrategicTacticalMaturity Level:Paul Proctor, hnical
Solution Showcase Evening ReceptionPrince George’sHall C5:45 p.m. – 6:10 p.m.TH10. Lieberman Software Corporation: The Common Credentials DilemmaRichard Weeks, Lieberman SoftwareTheater ATH11. Rsam: Rsam & CNA: The Journey from GRC to Enterprise RiskGreg Allen, CNA Insurance; Vivek Shivananda, RsamTheater BTH12. BT: The Art of Protecting A Connected Business Scott Behm andDan Reis, BTTheater CMonDAY, June 235:30 p.m. – 7:30 p.m.6:20 p.m. – 6:45 p.m.TH13. Tenable Network Security: Without a Plan, There is Only the Illusionof Security Jack Daniel, Tenable Network Security, Inc.Theater ATH14. NSFOCUS: Case Study: The Latest DDoS Trends and the BestProtection Practices Terence Chong, NSFOCUS; George Becerra,Psychz NetworksTheater BTH15. NetIQ: Reduce Risk to Data Assets with Identity-Based SecurityMonitoring Martin Fuentes, Level 3 CommunicationsTheater C6:55 p.m. – 7:20 p.m.TH16. Proofpoint: Rapid Response: Stopping Threats Using SecurityContext & Automatic Containment Mike Horn, ProofpointTheater ATH17. ITRenew: Innovative Approach to Secure Data Decommissioningin a Digital World Aidin Aghamiri, ITRenew, Inc.Theater BGartner Events On DemandHave you missed a session,or would you like to see those“aha” moments again?All full-conference attendees receivefree online streaming access to availablesessions from this event for one year!High-quality recordings featuresynchronized video, audio and slides.gartnereventsondemand.com/event/sec20vt 140 EOD 2.0 BusinessCards R1.indd 17/23/13 12:00 P
Tuesday, June 24Location7:00 a.m. – 5:45 p.m.RegistrationConvention CenterPre-Function FoyerTuesDAY, June 247:00 a.m. – 8:15 a.m.REGED1. Education Breakfast: Bearing Down on BreachesKevin Kampman, GartnerChesapeake CHC1. Healthcare Breakfast: A Conversation on Security & RiskManagement for Health Delivery OrganizationsKenny Chu, Mt. Sinai Health Systems; Dan Beckett, GartnerChesapeake 6REGPB1. Power Breakfast: Overcoming Political Landmines to AccelerateChange (Restricted to CISO Circle Delegates) Christian Byrnes andTina Nunno, GartnerChesapeake 1-37:15 a.m. – 8:15 a.m.General Breakfast – By IndustryPrince George’sHall E8:30 a.m. – 9:15 a.m.K3. Keynote: A Road Map to Freedom: The Strategy of EffectiveCyber Security General Keith Alexander, CommanderPotomac Ballroom9:45 a.m. – 10:30 a.m.Focus:SPS17. AirWatch by VMware: FBI and AirWatch Share Best Practicesfor Mobile in Government Alan Dabbiere, AirWatch by VMware;David Rubin, FBIPotomac CSPS18. Bromium: A New Architecture: Redefining Endpoint Security in theEra of Cloud and Mobility Simon Crosby, Bromium; Ken Baylor, PivotalPotomac 1SPS19. Fortinet, Inc.: NSS Labs: It’s Not The 98% You Catch, It’s The2% You Miss!Potomac DSPS20. Qualys, Inc: Rapid Response to Heartbleed : A CISO PanelDiscussion Wolfgang Kandek, Qualys, Inc; Trace Ridpath, State ofColorado; Mike Curry, State Street BankPotomac BSPS21. Solutionary, an NTT Group Security Company: Yale UniversityCase Study: Next-Gen Firewall ImplementationRichard Mikelinich, Yale UniversityPotomac 4SPS22. Splunk: Zappos Moves Beyond SIEM to Security Analyticswith Splunk David Hannigan, Zappos Family of Companies;Haiyan Song, SplunkMaryland BSPS23. Trend Micro Incorporated: The FBI on Combatting MajorCybercrime: The Power of Public/Private CollaborationJD Sherry, Trend Micro Inc.Maryland DSPS24. WEBROOT: Traditional Antivirus IS Dead. What is the NextGeneration? Mike Malloy, WEBROOTChesapeake DStrategicTacticalMaturity nical
10:45 a.m. – 11:30 a.m.A5. Building a Secure User Andrew Walls, GartnerPotomac ABB5. Herding Cats and Securing the Internet of Things – Made EasyEarl Perkins, GartnerPotomac DBC5. Machine Readable Threat Intelligence Craig Lawson, GartnerMaryland BBD5. Preparing for Advanced Threats and Targeted AttacksKelly Kavanagh, GartnerPotomac CCE5. SIEM Architecture and Operational ProcessesAnton Chuvakin, GartnerPotomac BDGS4. General Session: The Push and Pull of Information Duringthe Boston Marathon Bombings Response Meg Femino, Beth IsraelDeaconess Medical CenterMaryland DFJ5. Gartner Clients: Under the Network Security KimonoAdam Hils, GartnerChesapeake DREGAUR5. Roundtable: Combating Insider Threats Avivah Litan, GartnerChesapeake AREGVUR5. Cisco Systems, Inc.: A New Security Model for Threat-CentricSecurity CP Morey, CiscoChesapeake BTuesDAY, June 24A10:45 a.m. – 12:15 p.m.REGW3. Workshop: Selecting Your IT Risk Assessment Methodsand Tools Tom Scholtz, GartnerChesapeake C11:30 a.m. – 12:15 p.m.SLA2. FireEye, Inc.: Pacific Northwest National Laboratory:Protecting Scientific Innovation from Advanced ThreatsTom Hankins, Pacific Northwest National LaboratoryNational Harbor 1011:30 a.m. – 12:30 p.m.Attendee LunchPrince George’sHall E11:30 a.m. – 1:45 p.m.Solution Showcase Dessert ReceptionPrince George’sHall C12:00 p.m. – 12:25 p.m.TH19. Shape Security, Inc.: Web Security Without SignaturesWade Williamson, Shape SecurityTheater ATH20 : iboss Network Security: The High Cost of Hidden Ports: Why PortVisibility is Critical Paul Martini, iboss Network SecurityTheater BTH21. Websense, Inc.: Breaking the Threat Kill ChainBob Hansmann, WebsenseTheater C12:35 p.m. – 1:00 p.m.TH22 : Imperva: Protecting Data Assets: From Data Center to the CloudEdgard Capdevielle, ImpervaTheater ATH23. Absolute Software Corp.: Managing and Securing Devices and Datain a Regulated Landscape Tim Williams, Absolute SoftwareTheater B(Continued)
11:30 a.m. – 1:45 p.m. (continued)Solution Showcase Dessert ReceptionPrince George’sHall C12:35 p.m. – 1:00 p.m. (continued)TuesDAY, June 24TH24. Wombat Security Technologies: Social Engineering Kryptonite:Creating SuperUsers to Counter the Threat Joe Ferrara, Wombat SecurityTechnologies, Inc. and Tom Sammel, Dell SecureWorksTheater C1:10 p.m. – 1:35 p.m.TH26 : ERP Maestro: Best Practices for SAP Access Control RiskJody Paterson, ERP MaestroTheater BTH27. Verizon: Effective Security Data Analytics: Big Lessons in Small DataWade Baker, VerizonTheater C1:30 p.m. – 5:00 p.m.Solution Showcase – New Extended Hours!Prince George’sHall C1:45 p.m. – 2:30 p.m.AA6. Organizational Data Classification and Labeling – Fact or Fiction?Eric Ouellet, GartnerPotomac CBB6. Women in Security & Risk Management (limited to women only)Avivah Litan, Roberta Witty and Tina Nunno, GartnerMaryland DBC6. 2014 Top 10 Technologies for Information SecurityNeil MacDonald, GartnerPotomac ABD6. Malware Incident Response, Recovering from APTsPeter Firstbrook, GartnerPotomac DCE6. Security in a DevOps World Ben Tomhave, GartnerMaryland BDF6. Building Advanced KRIs: Risk Metrics that Influence BusinessDecisions Paul Proctor, GartnerPotomac BDG6. Panel: The Legal and Regulatory Technology ScenarioDebra Logan, French Caldwell, John Wheeler, Lew Schwartz, GartnerPotomac 1EH6. Prioritizing Recovery Investment Using Gartner’s IT DRM MarketClock John Morency, GartnerChesapeake DFJ6. Evolving Security Market: Gartner’s Predictions for the Market’sFuture Ruggero Contu, GartnerPotomac 4REGAUR6. The March Towards Externalized and Finer-GrainedAuthorization Brian Iverson and Felix Gaehtgens, GartnerChesapeake AREGVUR6. RSA: The Critical Incident Response Maturity JourneyRob Sadowski, RSA, Security Division of EMCChesapeake B1:45 p.m. – 3:15 p.m.REGFocus:W4. Workshop: Vendor Risk ManagementChristopher Ambrose, GartnerStrategicTacticalMaturity Level:FoundationalChesapeake CAdvancedPerspective:BusinessTechnical
2:45 p.m. – 3:30 p.m.Potomac BSPS26. Lieberman Software Corporation: Next Generation TechnologyApproaches to Manage Privileged Identities, Users and ApplicationsPhilip Lieberman, Lieberman SoftwarePotomac CSPS27. SilverSky: Navigating the Threat Landscape with Pragmatic Dataand Analysis Andrew Jaquith, SilverSkyPotomac DSPS28. Sonatype: Application Security Panel: Strategies to Ban AvoidableOpen Source Risk Wayne Jackson, SonatypePotomac 1SPS29. Tripwire, Inc.: Overcoming Internal Barriers to Adopt Cyber SecurityJane Holl Lute,Council on Cyber Security; Jeff Franklin, State of Iowa;Elizabeth Ireland, TripwirePotomac 4SPS30. Veracode, Inc.: Boeing Case Study: How to Secure the SoftwareSupply Chain John Martin, The Boeing CompanyMaryland BSPS31. Voltage Security: Case Study: Reputation Is Everything – ProtectYour Data, Your Brand Tim Masey, AAA Michigan;Sudeep Venkatesh, Voltage Security, Inc.Maryland DSPS32. World Wide Technology, Inc.: Cyber Analytics: The New SecurityDimension Mario Balakgie, World Wide Technology, Inc.Chesapeake D3:30 p.m. – 5:00 p.m.W5. The Super Skills of the Socially Centered LeaderDebra Logan, GartnerREGChesapeake C3:45 p.m. – 4:30 p.m.AA7. IAM Program Management and Governance: Building FirmFoundations for Future Success Brian Iverson and Steve Krapes, GartnerPotomac BBB7. Case Study: FedRampPotomac 1BC7. How to Securely Adopt Public Cloud ComputingNeil MacDonald, GartnerMaryland BBD7. The Cyber Threat Landscape Lawrence Orans, GartnerPotomac ACE7. Network and Endpoint Visibility for Incident ResponseAnton Chuvakin, GartnerPotomac DDF7. The NSA, Google and Radically Redefining Privacy for the21st Century Carsten Casper and French Caldwell, GartnerPotomac CDG7. How to Maximize The Value and Minimize The Risk Of OpenSource Software Mark Driver, GartnerMaryland DEH7. Smart Cities Andrew Walls and Bettina Tratz-Ryan, GartnerPotomac 4FJ7. How to Evaluate Netsec Technologies for Your Own Benefits(Performance, Security, Price) Craig Lawson, GartnerChesapeake DREGAUR7. Roundtable: Combatting Chronic Firewall Ruleset IndigestionAdam Hils, GartnerChesapeake AREGVUR7. Symantec: Cons, Frauds and Flimflam – An Examination of SocialMedia and Mobile Application Scams Kevin Haley, SymantecChesapeake BMaria Roat, General Services Administration5:00 p.m. – 5:45 p.m.K4. Keynote: Exponential Technologies Causing Disruptive InnovationPeter Diamandis, X-Prize FoundationPotomac BallroomTuesDAY, June 24SPS25. FireEye, Inc.: Reimagining Security Against Today’s AdvancedAttacks Tim Hankins, Pacific Northwest National LaboratoryManish Gupta, FireEye, Inc.
5:45 p.m. – 8:45 p.m.TuesDAY, June 24Hospitality SuitesFocus:StrategicTacticalHS2. Solutionary: Come Away A Hero – and Fit to Boot!National Harbor 2HS3. Dell: Dell Security Mixology LoungeNational Harbor 3HS4. Lieberman Software Corporation: An Evening of MagicNational Harbor 4HS5. Dell SecureWorks: All Aboard! Join Us On Deck for aChampagne Toast!National Harbor 5HS6. FireEye: FireEye’s Advanced Persistent Racing SeriesNational Harbor 6HS7. WEBROOT: A Night in Shining ArmorNational Harbor 7HS8. Fortinet: Racing LoungeNational Harbor 8HS10. Qualys, Inc.: Safari on the SerengetiNatio
SPS15. Websense, Inc.: all Roads Lead to data Theft Jeff Debrosse, Websense Maryland d SPS16. Zscaler: Flying in the Clouds: How united airlines Moved to a Cloud Based Security Model Robert Mitera, United Chesapeake d 4:45 p.m. – 5:30 p.m. A a4. aligning information Security and
