Featured InfoSec & Risk Management Sessions
A CISO's Perspective: Measuring and Communicating Information Security Progress
Information Security is clearly a hot topic. It is top-of-mind not only for CISOs and CIOs, but also CFOs, CEOs and BODs. Many CISOs today no longer have to beg for resources and help. In fact, offers for additional funding from executive leadership are coming at times without asking. So how does a CISO know when he/she has sufficient funding? Is it ever OK for a CISO to not accept additional budget? CISOs need to be able to demonstrate how well information security risk is being managed. It is only then can they effectively understand and communicate to various stakeholders when they need more resources or when resources are being optimally managed. Being able to have this conversation is what differentiates CISOs. By communicating information security risk in a structured and non-technical manner, CISOs become thought leaders within their organizations - impacting not only security but also business strategy. Learn how Caterpillar uses a strategy, a capability maturity model, and a program management office to prioritize investments, communicate progress, and ensure alignment for its 5-year Information Security Transformation.
Speaker: Mike Zachman - CIA, CISM, CGEIT -Deputy CISO, Caterpillar Inc.
Debate: Where are the Weakest Links in Cyber Security?
Security experts and vendors often spur fear and concern by stating that a particular vulnerability is the “weakest link” in enterprise security defense. The problem is that the “weakest link” differs depending on who’s talking. This makes life confusing for enterprise security professionals, who must prioritize their activities and seek to build comprehensive defenses. In this debate, a panel of experts will discuss the most troublesome vulnerabilities among enterprise defenses and choose the “weakest links,” aiding attendees to prioritize their upcoming security projects. Potential arguments could be made for: Insider threats, end users, applications, cloud vulnerabilities, mobile/endpoint devices, targeted/sophisticated attacks, next-generation malware, or other threats/vulnerabilities. Which should be the enterprise’s greatest concerns? You will hear the argument.
Moderator: Tim Wilson, Editor, Dark Reading
-Adam Ghetti, CEO, Ionic Security
-Eric Green, SVP, Business Development, Mobile Active Defense
-Jason Straight, Senior Vice President, Chief Privacy Officer, UnitedLex
-Robert Ragan, Senior Security Associate, Bishop Fox
Ending the Tyranny of Expensive Security Tools: A New Hope
A long time ago, in a galaxy far far away, AV was invented. Then firewalls and IDS and SIEM and NAC and DLP and on and on. With all these products, it seems like a career in information security is really more about managing tools than defeating a galactic empire of hackers and miscreants. But like the Rebel Alliance, you can take back your enterprise, because many of our existing monitoring systems and network devices also have security functionality. Moreover, there are many excellent open source applications that work just as well as commercial ones.
Speaker: Michele Chubirka, Senior Security Architect, Postmodern Security