Conference: Governance, Risk and Compliance

Track Chair: John Pironti
Chief Information Risk Strategist
Getronics

Information security is quickly evolving into information risk management. The enterprise of today can no longer rely on technology alone to protect information and information infrastructure, and requires a business approach to information risk management, governance, and compliance to be successful. The growth in global regulatory and compliance requirements, lack of available resources and funding, and constant need to balance protection with the business needs of the organization is a great challenge for professionals in this area. The Governance, Risk, and Compliance track will focus on providing insights and guidance on key issues faced by enterprises today, as they mature their capabilities and transform a reactive and technologically focused approach to information security, into a proactive and risk based one.

Wednesday Thursday Friday

Open All Descriptions |

Close All Descriptions

Wednesday, September 17
11:00 am–12:00 pm	Conference Sessions Developing Metrics and Measures for Information Security Governance Information security has become a critical issue within organizations, and a key success factor for businesses. In order to effectively maintain the integrity and security of an organization's information infrastructure effective security metrics and measures must be developed, implemented, and monitored. This presentation will discuss the concept of enterprise security metrics and measures as well as the topics that must be considered when developing, implementing and monitoring them. These topics will include the identification of measurable points and activities, the development of meaningful metrics and measures, monitoring concepts, and reporting strategies. Case studies and scenarios will also be used to demonstrate operational scenarios for the benefits and challenges of this throughout the presentation. Speaker - John Pironti, Chief Information Risk Strategist, Getronics John P. Pironti is the Chief Information Risk Strategist at Getronics. He has designed and implemented enterprise wide electronic business solutions, information security programs, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, government, hospitality, aerospace and information technology. Mr. Pironti has a number of industry certifications including Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and a Information Systems Security Management Professional (ISSMP). He is also a published author and writer, and a frequent speaker on electronic business and security topics at domestic and international industry conferences.
Top of Page
Thursday, September 18
11:30 am–12:30 pm	Conference Sessions Security Knowledge Management From the Inside A current chief information security officer (CISO) with an industry leading information security program will share information on the implementation of a knowledge management process and capability that supports and enables core information security processes while also providing relevant artifacts for stakeholders, auditors and regulators. The knowledge management process achieves a reasonable balance between due diligence security practices and the demonstration of due diligence for multiple stakeholders. The CISO will draw upon experience from two financial service firms that have implemented this process; thus improving their productivity by significantly reducing staff time allocated to the preparation and completion of audit and regulatory work requirements. The knowledge management framework is a combination of core processes, work flows and a repository of artifacts that leverages a vendor-provided technology solution based on industry best practices, along with custom developed applications. Speaker - Jim Routh, Chief Information Security Officer, Depository Trust Clearing Corporation
2:00 pm–3:00 pm	Conference Sessions Security By Compliance - A Discussion of Information Risk Management's Greatest Challenge When most organizations today think about information protection, compliance is at the top of that list. This new level of consciousness has become a great benefit to information security professionals as well as their greatest nightmare. The leadership of many organizations are now falling into the trap of "Security by Compliance", which has created a false sense of security for them. They believe that if they meet their legal and regulatory compliance requirements, they have fulfilled their requirements for information risk management and protection. This panel will discuss the challenge of taking advantage of the benefits created by new compliance requirements, while also overcoming the challenge of this new operating procedure. Moderator - John Pironti, Chief Information Risk Strategist, Getronics John P. Pironti is the Chief Information Risk Strategist at Getronics. He has designed and implemented enterprise wide electronic business solutions, information security programs, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, government, hospitality, aerospace and information technology. Mr. Pironti has a number of industry certifications including Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and a Information Systems Security Management Professional (ISSMP). He is also a published author and writer, and a frequent speaker on electronic business and security topics at domestic and international industry conferences. Speaker - Jennifer Mack, Vice President, MasterCard Worldwide, Payment System Integrity Speaker - Jim Routh, Chief Information Security Officer, Depository Trust Clearing Corporation Speaker - Khalid Kark, Principal Analyst , Forrester Research Speaker - Paul Stamp, Senior Product Manager , RSA
Top of Page
Friday, September 19
9:00 am–10:00 am	Conference Sessions A Security Risk Management Maturity Model Over the years, there have been numerous advancements in IT security designed and built with the purpose of mitigating the emerging or newly identified attack vector. As the old Latin adage states "Mater Artium Necessitas" or as we more commonly refer to it: "Necessity is the Mother of Invention". Do we as IT security professionals - the guardians of the corporate jewels - ever stop and holistically look at the ever growing hodge-podge of security solutions deployed in our environments and think: has my security architecture been built on the "Necessity is the Mother of Invention" philosophy? Is there a better way to approach IT security? Here's the good news there is! Speaker - Carl Banzhof, Vice President and Chief Technology Evangelist, McAfee Carl Banzhof is vice president engineering for McAfee Avert Labs and chief technology evangelist, where he oversees software engineering for core enabling technologies such as the anti malware engine, research automation, Site Advisor core and advanced research departments. A security industry veteran with 20 years of experience, Banzhof serves as an appointee to the Open Vulnerability Assessment Language (OVAL) Board and the Information Technology Information Sharing and Analysis Center (IT-ISAC). He has also participated in federal government-led cyber security exercises including Cyber Storm I and II. Banzhof came to McAfee with the acquisition of Citadel Security Software, Inc., where he was chief technology officer for more than nine years. Banzhof has held leadership positions with other companies including Circuit Masters Software, where he was a founding partner and vice president of engineering, and Fluor Daniel Engineers, where he was responsible for network infrastructure and software development on numerous projects. Banzhof is a frequent speaker at various security conferences including RSA, InfoSec and SANS. In April 2005, InfoWorld magazine named him one of the Top 25 Most Influential CTOs.
11:30 am–12:30 pm	Conference Sessions The Business of Privacy Information privacy has become a major policy, technology, and business operations issue for organizations large and small in the corporate, government, financial, health care and retail, among other sectors. Compliance initiatives are not only complex, but can be very costly, cumbersome and confusing. As digital business communication continue to become more and more essential and ubiquitous, it is also contributing to a proliferation of personal customer data and information that organizations must protect. Clearly, corporations and technological developments haven't kept pace with data privacy needs. Information must be protected wherever it is collected, stored and used. This session will give audience members a 360-degree view of the privacy issues we face, and will inform audiences about how they can go beyond compliance to protect critical personal information while achieving greater business process efficiencies. Examples will be cited to illuminate key points. Speaker - Sathvik Krishnamurthy, President, Voltage Security
Top of Page

Return to Conference Overview