November 2, 2016
Registration Opens at 8:00 a.m.
Conference Hours: 9:00 a.m.-5:00 p.m.
Non Members: $99
(Fee includes continental breakfast and lunch)
Managing the Risk in Your Enterprise
As the calendar turns to 2016, organizations are finding that managing risk within their organization becomes more complex each passing day. From moving applications and data to the cloud to securing mobile workers and keeping up with the various compliance and governance guidelines, security departments have their plates full.
8:00 a.m.- Registration Opens
9:00 -9:30 a.m.- Coffee Talk- Default-Deny” Endpoint Security a Reality, With No Usability or Deployment Challenges-All it takes is a single user infected with unknown, zero day malware to cause serious damage and a breach at your organization. Comodo Advanced Endpoint Protection provides a lightweight, scalable Default Deny Platform with a unique endpoint security approach, which results in complete protection and enterprise visibility. The app based platform eliminates complexity and solution overlap. Provisioned in minutes, Comodo Advanced Endpoint Protection also includes unified IT and security management console, that through an app enabled platform reduces the effort of managing your Android, iOS, OSX, Linux, and Windows devices, on every segment of your physical and virtual networks. Join us for a discussion on how both legacy and advanced products fail, and demonstrate how Comodo Advanced Endpoint Protection defeats unknown, zero day malware, while reducing solution overhead. Comodo
9:30 a.m. 10:15 a.m. - How Secure is Your Business: Protecting Your Data in the New Environment.-How secure is your company against technology & cybersecurity fraud? How well protected is your data? How can you protect your company from inside and outside forces? What happens if there is a breach? This talk will cover insightful information regarding security strategies, mindsets, and approaches, common threat models, cloud considerations, and incident response. Eric Browning, CISSP, CRISC, CEH, CISA, PCI-QSA-Principal Security Engineer, SecureWorks
10:15-10:45 – Break
10:45- 11:30 - Business Resiliency for the Information Security Professional – the need for Business Resiliency affects every process and function within an organization, but has special importance to the functions in Information Technology and Security. Contrary to popular belief, there are factors outside of the traditional scope of IT Risk that need to be considered by Information Security leaders. In this session, we’ll see a new model for measuring Residual Resiliency risk, how it applies to NIST and ISO standards, and how the financial sector is leading the way toward best practice by combining traditional Business Continuity Risk with Cyber Vulnerability and 3rd party Technology Service Provider Risk. We’ll see how the risks generate findings and how those findings can either work toward mitigation or be risk accepted based on Risk Committee oversight. Dan Minter CBCP, MBCI RSA Archer Sr. Systems Engineer-RSA Archer GRC
11:30- 12:15 p.m..- Risk Based Security Doesn't Work- Define Rick Based Security Analyze Risk Data Prove how Risk Based Security makes data breaches inevtiable Define Threat Based Security Explore Threat Based Security What data do you store Classify each data set as Low, Medium, High Define data masking Define attack vectors Develop a security model for an example company using Threat Based Security Explore how Apple Pay is using the future of security No credit number means no data breach Protect companies from lawsuits The future of Information Security is a combination of removing high data and modeling the security program after Threats rather than Risk.- Michael Spurgeon, Founder | Cyber Security Architect | Information Risk Consultant
12:15- 1:30 p.m.- Lunch- Mitigating your biggest security risks and meeting IT compliance step by step- From understanding the risks to implementing a PAM solution, this presentation will highlight the best practices to manage privileged access to a company’s sensitive assets, illustrated by a high level client case study. Grant Burst will share his practical insight from years of experience liaising with companies facing cybersecurity issues. - Grant Burst, Pre-Sales Manager North America, Wallix
1:30 -2:15 p.m.- Ransomware: Enough Already-Ransomware has been causing trouble since sometime between Wargames and Hackers, so why is it that we’ve just begun looking harder at this family of exploits? In this session, we’ll discuss a few broad lessons that the industry has learned with the introduction of Cryptolocker regarding the haphazard prevalence of local admin rights as well as a reactive approach to application control. We will also discuss how Privileged Account Security trends have evolved and what organizations can do to better protect against external and internal threats specific to local admin rights, password hashes and least privilege. Brandon Traffanstedt, CyberArk
2:15- 2:30- Break
2:30 – 3:15 p.m.- Defend Against Attacks From the Inside-Data is an organization’s most valuable asset. In order to be effective, employees need access to company data. When internal users become compromised, are careless or carry out malicious activity, enterprise data is put significantly at risk. In the past year the majority of security professionals reported a rise in insider threats attributed mostly to insufficient data protection strategies. During this informative session featuring Jim Hanson of Imperva, you will: - Become more informed on the rise of the insider threat problem - Learn why insider threats are tough to detect, even when monitoring technologies are in place - Understand what to look for in a solution. Jim Hanson, Senior Sales Engineer, Imperva
3:15- 4:00 p.m.- Surviving Cyber Issues –One of the many challenges of cybersecurity is that only very large organizations have the resources to effectively survive a major breach. Most smaller organizations simply disappear immediately after a breach due to regulatory, brand and legal issues. The key to surviving a significant cybersecurity issue is your level of preparation prior to the event. This session will walk you through the specific steps that organizations have to undertake in order to be prepared for a “cyber event”, how to manage it once it happens to you and define what post breach success looks like for your organization. Peter Clay, Zeneth Tech Partners
Wednesday, November 2, 2016 9:00 AM - 5:00 PM
Hilton Garden Inn Atlanta, Downtown275 Baker StreetAtlanta, Georgia 30313USA