Gartner Security and Risk Mgmnt Summit 2013

Gartner Security & Risk Management Summit Summ it 2013 2 013 June 10 – 13 National Harbor, MD gartner.com/us/securityrisk

FIVE COMPLETE PROGRAMS • Chief Information Information Security Ofcer Ofcer (CISO) • IT Security • Business Continuity Continuity Management Management • Risk Management Management and Compliance • The Business Business of IT Security • Plus: New Industry Day Forums Forums

Reset Your Your World: The Evolving Role of Risk Management Manageme nt and Information Security

Reset Your World: The Evolving Role of Risk Discover the full spectrum of security and risk topics After nearly a decade of steady progress toward maturity, maturity, IT security and risk management have reached a tipping point. The Nexus of Forces — social, mobile, cloud and information — has unleashed a new wave of change and threats. Emerging markets and a jumble of international regulatory and compliance obligations have also increased the complexity of the business environment. In addition, the uncertainty of climate change — such as Superstorm Sandy — is making business continuity management (BCM) more important than ever. As these threats and changes transform markets and redefine competitive advantage, business leaders are recognizing the critical role IT security and risk management disciplines play in ongoing business growth and transformation. This year’s year’s Gartner Security & Risk Management Summit, June 10 – 13, in National Harbor, MD, delivers the essential tools and strategies CIOs, CISOs, CROs, CTOs and their teams need to identify and communicate emerging risks, manage them appropriately and enable the business to grow and prosper as securely as possible.

Key benefits of attending

Who should attend

• Reset your security and risk strategy strategy to focus on enabling business objectives

• CIOs, CSOs, CISOs, CTOs, CROs, CPOs

• Stay relevant in your role as the Nexus of Forces redefines IT security and risk

• Network managers, security executives and directors

• Implement BCM best practices to make the business more resilient to threats

• Enterprise architects and planners

• Understand, anticipate and mitigate the risks of new social collaboration tools • Craft a strategy to deal with emerging BYOD and mobile threats 2

• IT vice presidents, directors and managers • IT/IS directors and managers • Business continuity and IT disaster recovery recovery managers • Senior business executives • Risk managers • Finance, audit, legal risk and compliance managers Gartner Security & Risk Management Summit 2013

Reset Your World: The Evolving Role of Risk Discover the full spectrum of security and risk topics After nearly a decade of steady progress toward maturity, maturity, IT security and risk management have reached a tipping point. The Nexus of Forces — social, mobile, cloud and information — has unleashed a new wave of change and threats. Emerging markets and a jumble of international regulatory and compliance obligations have also increased the complexity of the business environment. In addition, the uncertainty of climate change — such as Superstorm Sandy — is making business continuity management (BCM) more important than ever. As these threats and changes transform markets and redefine competitive advantage, business leaders are recognizing the critical role IT security and risk management disciplines play in ongoing business growth and transformation. This year’s year’s Gartner Security & Risk Management Summit, June 10 – 13, in National Harbor, MD, delivers the essential tools and strategies CIOs, CISOs, CROs, CTOs and their teams need to identify and communicate emerging risks, manage them appropriately and enable the business to grow and prosper as securely as possible.

Key benefits of attending

Who should attend

• Reset your security and risk strategy strategy to focus on enabling business objectives

• CIOs, CSOs, CISOs, CTOs, CROs, CPOs

• Stay relevant in your role as the Nexus of Forces redefines IT security and risk

• Network managers, security executives and directors

• Implement BCM best practices to make the business more resilient to threats

• Enterprise architects and planners

• Understand, anticipate and mitigate the risks of new social collaboration tools • Craft a strategy to deal with emerging BYOD and mobile threats 2

• IT vice presidents, directors and managers • IT/IS directors and managers • Business continuity and IT disaster recovery recovery managers • Senior business executives • Risk managers • Finance, audit, legal risk and compliance managers Gartner Security & Risk Management Summit 2013

North America’s most important annual gathering of the IT security and risk community

Management and Information Security Five programs offer in-depth coverage of core areas of specialization When you join us at Gartner Security & Risk Management Summit 2013, you’ll have access to more than 50 Gartner analysts presenting the latest research covering the full spectrum of security and risk topics. From infrastructure security to identity and access management, governance to fraud to emerging risks, technology implementation to boardroom presentation, this is the singular opportunity each year to update every aspect of risk management and security based on the latest Gartner insight.

TABLE OF CONTENTS 4 Summit Programs 5 Industry Day Perspective Forums 6 Virtual and Vertical Industry Tracks 7 Keynote Sessions 8 Chief Information Security Officer (CISO) Program 9 CISO Agenda Tracks 10 CISO Invitational Program 11 IT Security Program

What’s new for 2013

13 IT Security Agenda

• Industry Day Perspective Forums with dedicated content and Gartner analysts for key industries

14 Business Continuity Management

• Advanced CISO Program that addresses strategic issues for success • More than 150 sessions, keynotes, workshops, tutorials and case studies

Program 15 BCM Agenda 16 Risk Management and Compliance Program

• Revamped agenda offering more types of sessions

17 Risk Agenda

• New Mastermind Interview keynote: Steve Bennett, CEO and Chairman of the Board, Symantec

18 The Business of IT Security Program Program

• New Super Roundtable Session — 20 roundtable discussions with your peers • Our Gartner for Technical Technical Professionals analysts explore architecture and planning considerations to protect information and build secure applications

19 Session Descriptions 35 Solution Showcase 38 Agenda at a Glance 41 Registration and Pricing

• Interaction with more than 120 vendors Vis it g ar artn tner.com er.com /us /us/sec /securi uri ty tyris ris k fo r agend ag end a up dat dates es a nd to t o re gis gister ter

3

SUMMIT SUMMIT PROGRAMS PROGRAMS

ANALYST-USER ANALYST -USER ROUNDTABLES These topic-driven end-user discussions are moderated by Gartner analysts. Learn what your peers are doing around particular issues and across industries (preregistration required).

MEET ONE-ON-ONE WITH A GARTNER ANAL ANALYST YST Private 30-minute consultations with a Gartner analyst provide targeted, personalized advice to help you plan proactively and invest wisely (preregistration required).

Five role-based programs for targeted insight Chaired by experts in each discipline, this year’s year’s summit offers five role-based agenda programs providing a more targeted learning and networking experience.

Program Descriptions Chief Information Security Officer (CISO) Program

This year the CISO program graduates from CISO basics to strategic and tactical planning. There are still too many things that should be done with too few resources. So how do you make use of the best information you have to set priorities and get things done, while moving toward those elusive strategic goals? IT Security Program

Cloud, social, mobile and big data drive new opportunities but challenge traditional approaches to IT security securit y. Their adoption for business operations requires security programs to mature rapidly. rapidly. This program provides insights on security management from Gartner for IT Leaders analysts, and on security technology management from Gartner for Technical Technical Professionals analysts. Risk Management and Compliance Program

Integrated performance and risk management is the next promising evolutionary step for risk management and compliance programs. But new regulatory and legal challenges continue to mount. Early detection and mitigation of emerging risks are critical. This program focuses on the technologies and strategies to improve governance, manage risk, ensure compliance and adhere to the letter and spirit of the law. Business Continuity Management (BCM) Program

Can your organization survive another Superstorm Sandy? The number of regional disasters is growing. How will your enterprise ensure continuing operations when a business interruption occurs? These sessions help organizations anticipate the unexpected, and reinforce a discipline of risk management and mitigation, response and recovery in the corporate culture. The Business of IT Security Program

This program examines the latest technologies and trends, and financial and strategic views, of the security and risk market. Find out how big the market is for software and services, which market leaders are succeeding, and why. Learn where the innovation is, and how Gartner analysts rate the leading security vendors.

4

Gartner Security & Risk Management Summit 2013

INDUSTRY DAY PERSPECTIVE FORUMS New! Industry Day Perspective Forums Aligning IT-specific initiatives to the industry’s business success is the focus of every IT professional. The challenge is how to illustrate IT’s impact on the business goals — whether to the bottom line, quality, expense control or client satisfaction. That’s why we are pleased to kick off our Monday program with special Industry Perspective Forums. Five sectors are covered in separate tracks that deliver targeted content and industry-specic perspectives for the following: Energy/Utilities, Government, Healthcare, Financial Services and Manufacturing. Industry Day Perspective Forum sessions include:

Government

Healthcare

IG1. Case Study: Advanced, Persistent and Threatening — Who Are the Attackers and What Are They Doing? Dave Monnier, Security Evangelist and Fellow, Team Cymru; Lawrence Pingree

IH1. Don’t Give Them the Keys to the Kingdom Until You Know Who They Are

IG2. Critical Infrastructure Protection Requirements Driving New Security Demand Ruggero Contu IG3. Best Practices for Mitigating Advanced Persistent Threats Lawrence Pingree

Barry Runyon

IH2. HIPAA Bites: Getting Ready for HIPAA Enforcement Wes Rishel IH3. Help Save Healthcare: Tackling Fraud and Abuse at an Enterprise Level Christina Lucero, Avivah Litan

Energy/Utilities and Manufacturing

Financial Services

IME1. Understand OT: The Emerging Risks From Advanced Automation

IF1. Case Study

Earl Perkins, Kristian Steenstrup

TBA

IF2. Do I Need Cyberinsurance? Juergen Weiss IF3. Strategic Road Map for Financial Services Enterprise Risk Management John A. Wheeler

IME2. Supply Chain IT Risk Challenges: What Exactly Is That Supplier Doing? Erik T. Heidt IME3. Securing the OT Environment Earl Perkins, Kristian Steenstrup IME4. Responsibility and Accountability of OT Systems Kristian Steenstrup

Vis it g artner.com /us/securi tyris k fo r agend a up dates a nd to re gister

5

VIRTUAL AND VIRTUAL ANDVERTICAL VERTICALINDUSTRY INDUSTRY TRACKS TRACKS Virtual and vertical industry tracks make it easy to follow a key trend, hot topic or address industry issues in relevant sessions pulled from across all five conference programs. To further customize any track, visit Age nda Builder at gartner.com/us/securityrisk.

Virtual Tracks

Vertical Industry Tracks

Mobility and Security

Financial Services

This track covers some of the business-critical system and data issues emerging from new wireless technologies.

Fighting fraud while keeping online banking seamless and efficient are just a few of the key issues covered at this year’s event. See what else is covered for those in the financial services industry.

Cloud Computing

This track explores this and more of the latest challenges associated with cloud security. IAM and Secure Business Enablement

This track features a wealth of presentations on current best practices and the latest issues and trends. Advanced CISO

Our CISO track contains best-practice and security program planning information. For those with more advanced needs, we have identified this curriculum as a suggested set of sessions. Technical Insights: Security Architecture

Explore the architecture and planning considerations for protecting information, building secure applications, understanding threats, auditing and monitoring activity, and managing risk associated with new devices and service hosting models. These sessions are delivered by Gartner for Technical Professionals (GTP) analysts. Cybersecurity

This track helps you separate the hype from the reality and highlights best practices for protecting your organization in a rapidly changing threat environment. Big Data

These sessions analyze the role that big data plays in security, and how it can enhance our defenses against targeted attacks and advanced persistent threats (APT).

Government

Government agencies are looking to develop cohesive national cybersecurity initiatives that are in partnership with consumers and the public sector. This is just one of the key issues covered at this year’s event. See what else is covered for those in government. Healthcare

Enterprises today are challenged to increase quality of service delivery, reduce compliance costs and anticipate healthcare reform while maintaining patient privacy and protecting intellectual property. This track covers this and more, specifically for the healthcare and pharmaceutical industries. Energy/Utilities

Establishing effective and efficient “smart grid” technology while combating for fraud, cyberattacks and the loss of control are just a few of the key issues covered at this year’s event. See what else is covered for those in energy/utilities. Manufacturing

Managing and optimizing increasingly interconnected and complex control networks while reducing costs and maintaining system integrity and protecting proprietary data are just some of the key issues covered at this year’s event. See what else is covered for those in the manufacturing sector.

Social and Security

This track shows you how security and risk teams contain the risks found in social media usage while maximizing the benefits of social-enabled work processes. Leadership/Professional Development

This track provides insights into the full range of skills and knowledge required to advance your capabilities as a security and risk manager.

6


KEYNOTE SESSIONS Guest keynotes The Intersection of National Security, Leadership and the Global Economy

Admiral Mike Mullen

Serving at a critical juncture in our nation’s history, Admiral Mike Mullen was a key influencer in shaping the security of our nation for decades to come. A man of unparalleled experience, vision and integrity, Mullen shares with audiences his belief that, “Our financial health is directly related to our national security,” and discusses how the key to the United States’ economic success in the next century is to create opportunity. With an eye on the horizon and to the threats that still lie ahead, Mullen discusses America’s greatest challenges — economic growth, infrastructure, education and foreign and military policy.

Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval Forces Europe/ Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet

Who’s Got Your Back: Creating and Developing Great Relationships

Keith Ferrazzi

As founder and CEO of Ferra zzi Greenlight, Keith Ferraz zi works to transform old behaviors that block global organizations from reaching strategic goals, into new behaviors that increase shareholder value. The firm’s Greenlight Research Institute has proven the correlation between positive relationships and business success, particularly in sales performance. Based on a decade of field engagements with iconic global organizations, Ferrazzi has perfected techniques of collaborative coaching and motivation of key constituencies that positively transform organizational behavior.

The Gartner Mastermind Interview Steve Bennett was named Symantec’s chief executive officer in July 2012. Prior to that, Bennett joined Symantec’s board of directors in February 2010 and became chairman in 2011. Bennett previously led Intuit serving as president and chief executive officer from 2000-2007. Under Bennett’s leadership Intuit grew its existing businesses while simultaneously expanding into new markets. Bennett joined Intuit after a 23-year career at General Electric, where he managed complex and diverse organizations from consumer appliances to financial services. He currently serves on boards at American Airlines and parent company AMR Corporation, along with Qualcomm.

CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone”

Steve Bennett CEO and Chairman of the Board, Symantec

Gartner keynotes Opening Global Keynote: Reset Paul E. Proctor, Vice President and Distinguished Analyst; Andrew Walls, Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director

Now is the time to break the inertia that blocks progress in security and risk management. The evolution of risk and security officer roles shows the way to reset your approach to security and risk management, and create and sustain significant security and risk benefits to your organization. (And it won’t hurt your career any either!)

The Gartner Five-Year Security and Risk Scenario F. Christian Byrnes, Managing Vice President; Andrew Walls, Vice President and Conference Chair

Gartner’s research community for security and risk is composed of over 50 dedicated and numerous contributing analysts. This scenario represents their five-year projection of the state of security and risk. The intent is to provide a base for your long-term strategic planning. Vis it g artner.com /us/securi tyris k fo r agend a up dates a nd to re gister

7

CHIEF INFORMATION SECURITY OFFICER (CISO) PROGRAM Go beyond the CISO fundamentals to strategic and tactical planning HOT TOPICS • Strategic planning for information security • Business/IT security alignment • Governance and policy setting • Business value of information security • Enterprise security architecture • Creating a risk-aware culture • Process maturity

WHO SHOULD ATTEND • CISOs, CIOs, CSOs, CROs, CTOs and IT vice presidents • New CISOs who want to build their leadership role based on leadingedge Gartner research, insights and best practices • Experienced CISOs looking to refresh their understanding of the latest trends, tools, threats and technologies • IT security executives on a CISO career track

8

This year, for the rst time, the CISO Program goes beyond fundamentals to address enterprisewide strategy and tactical planning for chief information security officers. Too many things still need to be done with too few resources. We’ll look at how to use the best information available to set priorities and move toward strategic goals. In addition to reporting lines, budgets, staffing, and governance, sessions will address how to act like and be seen as a business leader, understand and explain security concerns and technologies in business terms, and recognize what drives the behaviors at the root of many security failures — and how to change them with people-centric security strategies. This year’s program agenda features:

• 13 CISO-focused analyst sessions, plus an additional 16 sessions covering all the issues CISOs face in today’s market • Advanced CISO Program addressing strategic issues for success in your role, including: strategic planning for information security, alignment of IT security to the business; governance and policy setting; creating a risk-aware culture; and process maturity • Exclusive CISO Invitational Program for qualied CISOs • Gartner analysts, focused on your needs in the CISO role, available for private one-on-one meetings • Workshop: Selecting Solutions for the Control and Monitoring of Public Social Media • VIP Roundtable: Working with the Chief Legal Ofcer (CLO)

Meet the analysts Gartner analysts draw on the real-life challenges and solutions experienced by clients from over 13,000 distinct organizations worldwide. F. Christian Byrnes

Rob McMillan

Managing Vice President and CISO Program Lead

Director

Paul E. Proctor

Tom Scholtz

Vice President and Distinguished Analyst


Andrew Wal ls

John A. Wheeler

Vice President and Conference Chair

Director


CISO AGENDA TRACKS MONDAY, JUNE 10 8:00 a.m. Event Orientation 8:15 a.m. K1a. Gartner Opening Global Keynote

Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst; F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director

9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair 9:45 a.m. IG1. Case Study: Advanced, Persistent and Threatening: Who Are the Attackers and What Are They Doing? Dave Monnier, Security Evangelist and Fellow, Team Cymru; Lawrence Pingree

10:45 a.m. Solution Provider Sessions 11:30 a.m. IG2. Critical Infrastructure Protection Requirements Driving New Security Demand Ruggero Contu 2:15 p.m. IG3. Best Practices for Mitigating Advanced Persistent Threats Lawrence Pingree G

G

CISO 4:30 p.m. A1. Transform Your Securit y and Risk Program o r Find Anoth er Job 5:30 p.m. A2. Preparing a Security Strategic Plan

Paul E. Proctor

F. Christian Byrnes

6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

TUESDAY, JUNE 11 7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular

Absolutely first rate conference! The best security event I have ever attended. Knowledgeable presenters, timely and relevant content, great networking opportunities. 2012 conference attendee

(Registration required; end users only.)

8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet 8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec

10:00 a.m. W6. Workshop: Use a Balanced Scorecard to Demonstrate Security’s Value 11:15 a.m. A3. Organizing for Success: Developing Process-centric Security Teams

Rob McMillan

Tom Scholtz

2:00 p.m. A4. Finding the Optimal Balance Between Be havioral and Technical Controls Andrew Wall s 4:15 p.m. A5. Maverick Research: Transform Your Security Program — From Control-centric to People-centric Tom Scholtz

5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President

6:30 p.m. Hospitality Suites

WEDNESDAY, JUNE 12 7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare

Barry Runyon; Irma Fabular (Registration required; end users only.) 8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone”

9:15 a.m. Solution Provider Sessions 10:30 a.m. A6. That Frigh tening Phras e: “The Standard o f Due Care”

Rob McMillan

11:30 a .m. A7. The Care and Feed ing of an Eff ective Awareness Pro gram Andrew Wall s 1:45 p.m. A8. Using Outside Resources: Security Consultants and T hreat Intelligence Services 4:00 p.m. A9. To the Point: The Risk Mana gement Matu rity Pathway Rob McMillan 4:30 p.m. A10. To the Point: The Inform ation Securi ty Maturi ty Pathway Rob McMillan

Rob McMillan

6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

THURSDAY, JUNE 13 830 a.m. A11. Case Study

TBA

9:30 a.m. A12. Panel: Reset Your IAM Planning! Lessons From the Veterans Gregg Kreizman, Earl Perkins 10:30 a.m. A13. Open Mic

F. Christian Byrnes

11:30 a .m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President


9

CISO INVITATIONAL PROGRAM

CISO INVITATIONAL PROGRAM FEATURES • Direct interaction with analysts • The latest research on top priorities for CISOs • Boardroom case study presentations with leading solution providers • Advanced CISO virtual track for more experienced CISOs • C-level-only roundtable discussions • Exclusive CISO networking events • Keynotes, general sessions and a Mastermind Interview • Security management workshops

An exclusive gathering of CISOs and Gartner analysts The Gartner Chief Information Security Officer (CISO) Invitational Program, held concurrently with Gartner Security & Risk Management Summit 2013, gathers a carefully screened group of CISOs for a chance to learn the current best practices, get updates on how peers are handling evolving challenges, and improve leadership skills. Admission is subject to approval and includes complimentary roundtrip airfare, accommodations, registration fee and access to session presentations online, including audio and slides. If you qualify for this program, your day will be spent gaining valuable market intelligence from the world’s top technology providers as you participate in private boardroom presentations and select components of Gartner Security & Risk Management Summit 2013, which include:

• Complete CISO Program, consisting of analyst-led sessions, interactive workshops, tutorials, case studies and more • Special CISO-only sessions and networking opportunities • More advanced sessions for those with experience in the CISO role • Five keynotes and general sessions and a new Mastermind Interview keynote • Solution Showcase featuring more than 120 leading-edge solution providers We encourage you to submit your application for qualification today because seats are filling quickly. To apply, visit gartner.com/us/securityrisk/ciso.

10


IT SECURITY PROGRAM The Nexus of Forces — social, mobile, cloud and information — is having a major impact on IT security, both on how it’s accomplished and with regard to new threats and vulnerabilities. In this comprehensive program, sessions will cover the breadth of today’s IT security priorities, from network, infrastructure and data protection to application security, identity and access management, privacy and mobile and cloud security. Gone are the days when walling off intruders and controlling access was enough. Thanks to the cloud, social media and BYOD, the line of defense has blurred beyond recognition. Security’s new mandate is to focus on business objectives and find ways to enable new opportunities in a secure, trusted environment. Featuring Technical Insights sessions from Gartner for Technical Professionals, the IT Security Program delivers the tools and next steps to get things done today and understand where the technology is taking us tomorrow. The program agenda features:

• More than 70 sessions, workshops and roundtables covering all of the latest issues enterprises are faced with today • 10 Technical Insights sessions by Gartner for Technical Professionals analysts that drill down on best practices in cloud, mobile and virtualization • Tutorials on topics including top security trends and identity and access management • Plus, 10 IT security-focused workshops, 12 To the Point sessions, networking events, panels, analyst-user roundtables, and much more • 25 on-site Gartner analysts focused on IT security, available for private one-on-one meetings

HOT TOPICS • Advanced targeted threats (advanced persistent threat APT) • BYOD security • DDoS mitigation • Mobility • Data loss prevention (DLP) • Next-generation rewalls • Next-generation intrusion prevention • Security information and event management • Network access control • Anti-malware • Secure email • Secure Web • DNS security

Unparalleled opportunity to network at a national level. Great info on industry trends, tools and overall solutions. 2012 conference attendee Vis it g artner.com /us/securi tyris k fo r agend a up dates a nd to re gister

11

IT SECURITY SECURITYPROGRAM AGENDA Meet the analysts Gartner analysts draw on the real-life challenges and solutions experienced by clients from over 13,000 distinct organizations worldwide. Ant Alla n

Anton Chu vakin

Alan Day ley

Vice President

Director, Gartner for Technical Professionals Analyst

Director

Mario de Boer

Joe Feiman

Peter Firstbrook

Director, Gartner for Technical Professionals Analyst

Vice President and Gartner Fellow

Vice President

John Girard

Jay Heiser

Kelly M. Kavanagh


Vice President

Principal Analyst

Gregg Kreizman

Ramon Krikken

Avivah Lit an

Vice President

Vice President, Gartner for Technical Professionals Analyst


Brian Lowans

Neil MacDonald

Eric Maiwald

Principal Analyst


Vice President, Gartner for Technical Professionals Analyst

Rob McMillan

Mark Nicolett

Lawrence Orans

Director

Managing Vice President

Director and IT Security Program Lead

Eric Ouellet

Earl Perkins

Tom Scholtz

Vice President

Vice President


12

Ray Wagner

Jeffrey Wheatman

Greg Young

Managing Vice President

Leadership Partner

Vice President


IT SECURITY AGENDA MONDAY, JUNE 10 8:00 a.m. Event Orientation 8:15 a.m. K1a. Gartner Opening Global Keynote

Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst; F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director 9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair

9:45 a.m. IF1. Case Study

TBA

10:45 a.m. Solution Provider Sessions 11:30 a.m. IF2. Do I Need Cyberinsurance? Juergen Weiss F

2:15 p.m. IF3. Strategic Road Map for Financial Services Enterprise Risk Management John A. Wheeler F

IH1. Don’t Give Them the Keys to the

IME1. Understand OT: The Emerging

IME2. Supply Chain IT Risk

Kingdom Until You Know Who They Are

Risks From Advanced Automation

Barry Runyon


Challenges: What Exactly Is That Supplier Doing? Erik T. Heidt GTP

H

IH2. HIPAA Bites: Getting Ready for HIPAA Enforcement Wes Rishel H IH3. Help Save Healthcare: Tackling

Fraud and Abuse at an Enterprise Level Christina Lucero, Avivah Litan

H

EU M

IME3. Securing the OT Environment Earl Perkins, Kristian Steenstrup EU IME4. Responsibility and Accountability of OT Systems Kristian Steenstrup EU M

IT SECURITY 4:30 p.m. B1. Practicing Safe SaaS Jay Heiser

C1. Securing Private, Public and Hybrid Cloud Computing Neil MacDonald

W4. Workshop: Build an Effective Security and Risk Program Tom Scholtz, Rob McMillan, Jeremy D’Hoinne 5:30 p.m. B2. Cyberthreat Lawrence Orans C2. Panel: What Is the Future of Mobile

Management and Security?

D1. Panel: Getting IAM Going — Best

E1. Big Data Discovery Using

Practices for Formalizing Your IAM Program Ant Allan, Ear l Perkins,

Content-Aware Data Loss Prevention Solutions Eric Ouellet

Ray Wagner W5. Workshop: Gartner Network Security De sign D2. Cost, Consequence and Value: The Economics of IAM Earl Perkins

Peter Firstbrook, Neil MacDonald, John Girard

Greg Young

E2. Cloud Encryption: Strong Security,

Obfuscation or Snake Oil? Ramon Krikken

GTP


TUESDAY, JUNE 11 7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.) 10:00 a.m. W7. Getting Value Out of IT Security and Risk Metrics Programs Ramon Krikken GTP C3. Top 10 Security Myths Jay Heiser 11:15 a.m . B3. Presenting a Hard Target to Attackers: Operationally Effective Vulnerability Management

D3. Town Hall: Access All Areas Ant Allan, Greg g Kreizma n

E3. TBA

D4. Your Cloud and Mobile Devices Broke My IAM Gregg Kreizman

E4. Security Monitoring of Public Cloud Anton Chuvakin GTP

D5. IAM for Applications and Data: The

E5. Using Managed Containers to

Rise of Data Access Governance in IAM Earl Perkins

Protect Information on Mobile Devices

Mark Nicolett

2:00 p.m. B4. Panel: Real-World Case Studies in Mobile Banking Security Moderator: Avivah Litan;, Dave Jevans, Chai rman, Anti-Phi shing Working Gro up, Marble Security; Vas Rajan, Chief Information Security Officer, CLS Bank; Tim Wainwright, Managing Director, CISSP, Security Risk Advisor 4:15 p.m. B5. Mobile Device Security Exploits in Depth John Girard, Dionisio Zumerle

C4. How Can You Leverage Content-Aware

DLP to Ensure Your Corporate Policies and Processes Are Effective? Eric Ouellet

C5. Endpoint Security When the Consumer Is King Peter Firstbrook

Eric Maiwald

GTP

5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President 6:30 p.m. Hospitality Suites

WEDNESDAY, JUN E 12 7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.) 8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone”

9:15 a.m. Solution Provider Sessions 10:30 a.m. B6. Preparing Your Security Program for BYOD Eric Ahlm

C6. Cybersecurity! (The Biggest Scam Since the Ponzi Scheme) Greg Young

W10. Workshop: Meeting Business Ne eds for Mobility and Security Eric Maiwald C7. User Activity Monitoring for Early 11:30 a.m. B7. Predictions: Your Network Security in 2018 Greg Young Breach Detection Mark Nicolett

1:45 p.m. B8. Encryption Planning Made Simple! Follow the Data Brian Lowans

C8. Big Security Data Is Neither Big

Security Nor Big Intelligence Joseph Fei man

W11. Workshop: Cloud Contracts — Develop Your Own Security and Risk Exhibits Gayla Sullivan 4:00 p.m. B9. To the Point: The Database Security Manual — C9. To the Point: Deny Denial of Service What You Need to Know Brian Lowans Attacks Lawrence Orans 4:30 p.m. B10. To the Point: Cybersecurity for the Internet of C10. To the Point: Playing Chess With APTs Anton Chuvakin; Ramon Krikken Everything Earl Perkins GTP

D6. Using Big Data Analytics for Information Security Neil MacDonald

E6. Managing, Securing and

Budgeting the Mobile Device Life Cycle John Girard

E7. Keeping Bad Guys Out of Your Accounts Using Five Layers of Fraud Prevention Avivah Litan John Girard, Eric Ahlm D8. Mobile Device Policy Essentials E8. Case Study: A Successful John Girard, Dionisio Zumerle Implementation of the FICAM Guidelines TBA W12. Workshop: IT Risk Cloud Manifesto — Defining What Enterprises Need but Aren’t Gettin g! Erik T. Heidt D9. Case Study TBA E9. To the Point: Refresh Vulnerability Assessment Kelly M. Kavanagh D10. To the Point: Revolution and E10. To the Point: Best Practices Evolution in Windows 8 Security for Securing Information During International Travel Dionisio Zumerle Mario de Boer D7. Good Authentication Choices for

Smartphones and Tablets


THURSDAY, JU NE 13 8:30 a.m. B11. The Seven Dimensions of Context-Aware Security Avivah Litan

C11. Top Mobile Gear: Mobility Road Trip! Ant Allan, John Girard, Tom Scholtz

D11. Getting to Single Sign-on Securely Gregg Kreizman

W13. Workshop: Mobile Application Security Neil MacDonald 9:30 a.m. B12. Is Cloud Encryption Ready for Prime Time? Eric Ouellet

W14. Workshop: IT Security — Planning a Se lf-Audit

E11. Facing Information Sprawl: Secure

Synchronization of Data on Endpoints Mario de Boer

10:30 a.m. B13. Software-Defined Networking and Its Impact on Security Eric Maiwald GTP

C12. Adapting the Secure Web Gateway Peter Firstbrook, Lawrence Orans C13. Panel: Hackers Are Not a Threat to

Security — A Future of Internet Security

GTP

Khushbu Pratap

D12. Panel: A World Without Passwords and Tokens Ant Allan, Avivah Litan, Ian Glazer D13. Identity and Access Management Gets Social Ant Allan

E12. DLP Architecture and Operational Processes Anton Chuvakin GTP E13. Web Application Firewalls:

Features, Products, Deployment and

Alternatives Mario de Boer GTP Joseph Feiman, John Girard, Avivah Litan, Eric Ahlm, Neil MacDonald, Lawrence Pingree, Eric Ouellet, Peter Firstbrook 11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice Pr esident


13

BUSINESS BUSINESSCONTINUITY CONTINUITYMANAGEMENT MANAGEMENT PROGRAM PROGRAM

HOT TOPICS • BCM planning tools and their implementation • ISO 22301 implementation best practices • The nexus of technology to take your BCM program to the next level • IT-DRM architectures and technologies for recovery, high-availability and exercising • BIA best practices • Exercising best practices • Supplier/third-party risk • BCM metrics • Cloud service provider risk • Recovery plan development workshop

14

Did your organization survive Superstorm Sandy? Would it survive another Superstorm Sandy? What happens when your production and recovery sites are hit by the same outage? Do you know if your workforce can get to work to do their jobs? The number of regional disasters is on the rise. How does an enterprise ensure continuing business operations and systems availability in the event of a major business interruption?

The 2013 Business Continuity Management Program will cover the breadth of BCM priorities, including how to ma ke BCM an enterprise risk function, planning, strategy, availability risks in using cloud computing, plan development and exercising, the new ISO 22301 BCM standard, supplier/ third-party availability risk, crisis management and communications, metrics for success and reporting to the board and developments in BCM software and complementary technologies for enhanced situational awareness. These sessions help organizations anticipate the unanticipated and work to create a culture of risk management and business resilience. The program agenda features: • 19 BCM-focused analyst sessions, workshops and roundtables • Workshop on developing effective and efcient disaster recovery plans • Case studies on BCM metrics and BCMP implementation • Tutorial on best practices for creating emergency messages • To the Point sessions, analyst-user roundtables, and much more • Eight on-site Gartner analysts focused on BCM, available for private one-on-one meetings


BCM AGENDA Meet the analysts Gartner analysts draw on the real-life challenges and solutions experienced by clients from over 13,000 distinct organizations worldwide. Leif Eriksen

John Girard

Jay Heiser

Director


Vice President

John P. Morency

Donna Scott

Gayla Sullivan

Vice President


Director

Belinda Wilson

Roberta J. Witty

Senior Director, Gartner Consulting

Vice President and BCM Program Lead

MONDAY, JUNE 10 8:00 a.m. Event Orientation 8:15 a.m. K1a. Gartner Opening Global Keynote


9:45 a.m. PC2. ISO 22301 Implementation Session 10:45 a.m. Solution Provider Sessions 11:30 a.m. T4. TBA

Roberta J. Witty; John P. Morency; Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting

2:00 p.m. W3. Workshop: Selecting Solutions for the Control and Monitoring of Public Social Media 2:15 p.m. PC7. Using MSSPs for Effective Threat Management Kelly M. Kavanagh

Mario de Boer

GTP

BCM 4:30 p.m. H1. What Are the BCM Software Markets and How to Get the Most Out of Them

Roberta J. Witty, John P. Morency, Leif Eriksen, John Girard

5:30 p.m. H2. What You Can and Cannot Do With Recovery Exercise Management Automation John P. Morency


TUESDAY, JUNE 11 7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.) 8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet

8:45 a.m. K3. Guest Keynote

The Gartner Mastermind Interview

Steve Bennett, CEO and Chairman of the Board, Symantec

11:15 a.m. H3. Case Study: Business Continuity Metrics — From Project to Program to Incident Management

2:00 p.m. H4. Cloud Service Provider Risk Management

Roberta J. WittyBCM Metrics

TBA

Donna Scott, John P. Morency, Jay Heiser

4:15 p.m. H5. Managing Global Recovery and Continuity Risk John P. Morency, Roberta J. Witty 5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President


WEDNESDAY, JUNE 12 7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.) 8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone”

10:30 a.m. H6. What You Need to Know About Technical IT-DRM Architectures Donna Scott, John P. Morency 11:30 a .m. H7. Case Study TBA 1:45 p.m. H8. Recovery Exercising Best Practices Belinda Wilson 4:00 p.m. H9. To the Point: BCM Grows Up — How a Nexus of Technologies Is Moving BCM Into the C-Suite Roberta J. Witty 4:30 p.m. H10. To the Point: The Business Continuity Management Planning Market in Depth Roberta J. Witty, John P. Morency


THURSDAY, JUNE 13 8:30 a.m. H11. Supplier Contingency Plannin g: What You Need to Know for Supplier Recovery Gayla Sullivan 9:30 a.m. H12. Designing and Architecting for 24/7 Availability Donna Scott 10:30 a.m. H13. How to Conduct an Effective BIA Belinda Wilson 11:30 a .m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice P resident


15

RISK RISK MANAGEMENT MANAGEMENTAND ANDCOMPLIANCE COMPLIANCE PROGRAM PROGRAM

HOT TOPICS • Enterprise and IT risk management • Integrated performance and risk • Emerging risks • Cloud risks • Social media compliance and risk management • Third-party risk management • Risk-Adjusted Value Management™ (using risk to drive performance) • Creating key risk indicators • IT and corporate governance • Information governance • E-discovery • The fourth generation of GRC • Privacy • IT audit

16

As businesses transform themselves, push into new markets, pursue new capabilities and experience the immediacy and transparency of a mobile, social world, they face major new risk and compliance issues. Managing those risks effectively is essential to improved business performance. Integrated performance and risk is the next evolutionary step for governance, risk and compliance (GRC) programs. Measuring and managing the impact of risk on business performance; complying with a variety of global rules, regulations and laws about financial transactions and privacy; and detecting early and mitigating emerging risks are all critical components of successful business and IT operations. The Risk Management and Compliance Program focuses on the technologies and strategies to improve governance and manage risk and compliance, as well as strategies to communicate the benefits of effective risk management to business leaders.

Meet the analysts Gartner analysts draw on the real-life challenges and solutions experienced by clients from over 13,000 distinct organizations worldwide.

French Caldwell

Carsten Casper

Vice President and Gartner Fellow and Risk Program Lead

Vice President

Richard Hunter

Jorge Lopez



Khushbu Pratap

Paul E. Proctor

Senior Analyst


Julie Short

Andrew Wal ls

Director

Vice President and Conference Chair

Jeffrey Wheatman

John A. Wheeler

Leadership Partner

Director


RISK AGENDA MONDAY, JUNE 10 8:00 a.m. Event Orientation 8:15 a.m. K1a. Gartner Opening Global Keynote

Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst; F. Christian Byrnes, Managing Vice P resident; John A. Wheeler, Director 9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair

9:45 a.m. W1. Workshop: Information Security Architecture 101 Tom Scholtz, Doug Simmons 10:15 a.m. T1. Tutorial: Top Security Trends and Take-Aways for 2013 and 2014 Ray Wagner 10:45 a.m. Solution Provider Sessions 11:30 a.m. PC4. SIEM Architecture and Operational Processes Anton Chuvakin GTP

2:00 p.m. W2. Workshop: How to Develop Effective and Efcient Disaster Recovery Plans

PC1. Sharing Data Without Losing It Jay Heiser PC5. Forget MDM: Extending Security and Identity to Mobile Apps

Ramon Krikken GTP

Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty,

John P. Morency, Belinda Wilson

2:15 p.m. T3. Tutorial: IAM Myths and Monsters

PC6. End-User Case Study

Ray Wagner

TBA

RISK MANAGEMENT AND COMPLIANCE 4:30 p.m. F1./G1. General Session: Duck and Cover — Preparing for Cyberwar

Richard Hunter, Avivah Litan

5:30 p.m. F2. Linking Risk to Business Decision Making: Creating KRIs That Matter

Paul E. Proctor

G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRC

French Caldwell


TUESDAY, JUNE 11 7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management

Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes

HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10

Christina Lucero, Irma Fabular (Registration required; end users only.)

8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec


11:15 a.m. F3. Security and Risk Mana gement Technologies for Social Media Andrew Walls

2:00 p.m. F4. CEO Concerns 2013 and the IT Implications Jorge Lopez 4:00 p.m. W8. Workshop: TBA 4:15 p.m. F5./G5. General Session: A Clash of Forces — Managing Emerging Risks of the Nexus

G3. A New Way Forward: How to Create a Strategic Road Map for Compliance

John A. Wheeler

G4. Maverick Research: Crowdsource Your Management of Operational Risk Leif Eriksen, Paul E. Proctor W9. Workshop: IT Risk Management — Selecting the Best Assessment Methods and Tools Jeffr ey Wheatma n, Khushb u Pratap French Caldwell, Andrew Walls, panelists



WEDNESDAY, JUNE 12 7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare 8:00 a.m. K5. Guest Keynote

Barry Runyon; Irma Fabular (Registration required; end users only.)

Who’s Got Your Back: Creating and Developing Great Relationships

Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone” 10:30 a.m. F6./G6. Leadership, Governance and Risk David Marquet, Author of the Award-Winning Book, “Turn the Ship Around!”; French Caldwell 11:30 a.m. F7. Road Map for Intelligent Information Governance Alan Dayley G7. Defining Three Segments in the Audit Technology Market Khushbu Pratap

1:45 p.m. F8. Align Gove rnanc e to Your Organiza tion for Suc cess Julie Shor t

G8. Top 5 IT Audit Trends in 2012-2013 Khushbu Pratap

4:00 p.m. F9. To the Point: Working With the Board of Directors on Risk and Technology for Competitive Advantage Jorge Lopez 4:30 p.m. F10. To the Point: Conquering the Last Frontier of Governance With Enterprise Legal Management John A. Wheeler 6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

G9. To the Point: Is Your Business Keeping Up With the Changes and Best Practices for E-Discovery? Alan Dayley G10. To the Point: Anti-Bribery Fear and Hype — Limits and Uses of FCPA Solutions French Caldwell

THURSDAY, JUNE 13 8:30 a.m. F11. The Four Faces of Governance

French Caldwell, Julie Short

G11. Case Study TBA

W15. The Gar tner Net work Secu rity Arch itectur e Refere nce Mod el

9:30 a.m. F12. Ethics at the Nexus of Security, Privacy and Big Data Jay Heiser 10:30 a.m. F13. Shrink-Wrap Governance: A Guide to Understanding GRC Software and Services

G12. Why ERM and GRC Depend on Each Other to Succeed John A. Wheeler G13. Debate: Cyberinsurance — Evolution or Revolution? Paul E. Proctor, John A. Wheeler

French Caldwell

11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Kr ikken, Vice President; F. Christian Byrnes, Managing Vice President

New Risk Management and Compliance Program features for 2013 The Risk Management and Compliance Program features: • Tutorial on governance, risk and compliance (GRC) • More than two dozen risk-and-compliance-focused analyst sessions, To the Point sessions, case-studies, panels, debates and Gartner for Technical Professionals (GTP) sessions • Three general sessions: – Duck and Cover: Preparing for Cyberwar Richard Hunter, Avivah Litan – A Clash of Forces: Managing Emerging Risks of the Nexus

French Caldwell, Andrew Walls, panelists

– Leadership, Governance and Risk David Marquet, Author of the Award-Winning book “Turn the Ship Around!”; French Caldwell

• Special risk-management-and-compliance networking opportunities • Gartner analysts focused on risk management and compliance, available for private one-on-one meetings Vis it g artner.com /us/securi tyris k fo r agend a up dates a nd to re gister

17

THE BUSINESS OF IT SECURITY PROGRAM THE BUSINESS OF IT SECURITY PROGRAM Meet the analysts Gartner analysts draw on the real-life challenges and solutions experienced by clients from over 13,000 distinct organizations worldwide. Eric Ahlm

Research Director

David W. Cearley


What’s going on in today’s dynamic, competitive, complex security and risk marketplace? Where are leading companies putting their security dollars? Which startups captured the $650 million in venture capital invested in security and risk management startups last year?

The Business of IT Security Program offers CISOs, business and IT leaders an overview of the latest developments in the security and risk market, including market conditions and challenges, new technologies, mergers and acquisitions and trends shaping the future of secure business enablement. This year’s agenda features a panel of startup security company executives discussing advanced threats, new technologies and what lies ahead. Including Gartner ratings of leading security vendors, this financial and strategic overview is essential for those participating in the sale, purchase or valuation of security and risk-related technologies. MONDAY, JUNE 10 8:00 a.m. Event Orientation 8:15 a.m. K1a. Gartner Opening Global Keynote

Ruggero Contu

Director


9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair 9:45 a.m. PC3. Now What? How to Use Service Providers to Support SIEM Operations Kelly M. Kavanagh, Mark Nicolett 10:45 a.m. Solution Provider Sessions 11:30 a.m. T2. Tutorial: Tell Me, What’s IT GRC Again? (Solutions to Common Challenges) Erik T. Heidt GTP

2:15 p.m. PC8. Road Stories: Lessons Learnt (and Fingers Burnt) in IT Risk Management

Tom Scholtz

BUSINESS OF IT SECURITY Lawrence Pingree

Director and Business of IT Security Program Lead

4:30 p.m. J1. Global Security Markets: Where Are We Going From Here? Eric Ahlm, Ruggero Contu, Lawrence Pingree 5:30 p.m. J2. Survey Analysis: Examining the Gartner Global 2012 Security Conference Survey Results Eric Ahlm, Ruggero Contu, Lawrence Pingree

6:15 p.m. Solutio n Showcase Evening Reception and Theater Presentations

TUESDAY, JUNE 11 7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.)

8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen,

HOT TOPICS • Forecast report/analysis • Market share reports • User wants and needs survey • Key vendor SWOT analysis • MQ/trend analysis • Startup company panel

Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet 8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec 11:15 a.m. J3. User Survey Analysis: Security Services Market Trends Eric Ahlm

2:00 p.m. J4. Panel: Security Startups — Leading the Way to Success Ruggero Contu, Lawrence Pingree, Gaurav Banga,CEO, Bromiun; Mike Horn, CEO, NetCitadel; Pravin Kothari, CEO, CipherCloud; George Kurtz, CEO, Crowdstrike; Gordon Shevlin, CEO, Allgress

4:15 p.m. J5. Buyers Are From Mars, Vendors Are From Venus

Eric Ahlm, Rob McMillan



WEDNESDAY, JUNE 12 7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare

Barry Runyon; Irma Fabular (Registration required; end users only.) 8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone” 10:30 a.m. J6. Information Security: Process or Technology — Which Way Do We Go? Jeffrey Wheatman, Jay Heiser, Anton Chuvakin, Neil MacDonald, Tom Scholtz 11:30 a.m. J7. Management Still Doesn’t Get Security (And What You Can Do About That) Paul E. Proctor

1:45 p.m. J8. TBA 4:00 p.m. J9. To the Point: Security Specialist Career Guide — Prosper, Survive or Leave Joseph Feiman 4:30 p.m. J10. The Evolving Security Software Ecosystems: Gartner Predictions for the Market’s Future Ruggero Contu


THURSDAY, JUNE 13 8:30 a.m. J11. Top 10 Technology Trends for 2013: The Security Perspective David W. Cearley 9:30 a.m. J12. Gartner Security Market Magic Quadrant Reviews Avivah Litan, John Girard, Kelly M. Kavanagh, Neil MacDonald, Joseph Feiman, Mark Nicolett TBA

10:30 a.m. J13. Case Study

11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

18


SESSION DESCRIPTIONS GTP Sessions by Gartner for Technical Professionals analysts F Financial Services

G Government

TRACK A

The CISO A1. Transform Your Se curity and Risk Program or Find Anot her Jo b

Only about 30% of IT risk and security officers have truly risk-based programs. The other 70% continue to struggle with outdated security programs that are doomed to repeat the same failures. We have reached a tipping point where transformation is not just an option but a requirement to keep your job. Paul E. Proctor A2. Preparin g a Securit y Strategic Plan

The Gartner five-year security and risk scenario provides a target for where your security and risk program should be in 2018. This presentation explains how to create a strategic plan that can get you there. F. Christian Byrnes A3. Organ izing for Succes s: Developing Process-centric Security Teams

There is no such thing as a perfect, universally appropriate model for security organizations. Security organizations must reflect the political and cultural realities of the enterprise. Every enterprise must develop its own process-based model, taking into consideration basic principles and practical realities. Tom Scholt z

H Healthcare

EU Energy/Utilities M Manufacturing

A4. Findi ng th e Opti mal Ba lance Between Behavioral and

A7. The Care a nd Fee ding of an Effective Awareness Program

Technical Controls

User behavior controls the success of security operations, but many organizations fail to maintain an effective program for driving improvement in that behavior. This presentation provides an in-depth analysis of the structure and content of security awareness programs that actually produce results.

Security performance depends on a delicate balance between technical and behavioral controls. There are times when technology provides the best protection and others when the user is in control. Effective security needs to determine the a ppropriate control balance based on context and continuously optimize that balance based on results. Andrew Walls A5. M averick Research: Transform Your Security Program — From Control-centric to People-centric

The traditional “control” mindset of information security cannot keep pace with technological and behavioral change, resulting in policies and technologies that cause frustration and impede agility. A new approach is required — one that recognizes how the relationships between IT, the business and individuals have been transformed irrevocably. Tom Scholt z A6. Th at Frightening Ph rase: “The Standard of Due Care”

Most organizations are aware of their need to meet a standard of due care in their normal business operations. What this means is often not clear and usually only becomes clear when tested in court. In this presentation we look at what this means in the realm of IT security, highlighting a few examples along the way. Rob McMillan


Andrew Walls A8. Using Outs ide Re sourc es: Security Consultants and Threat Intelligence Services

Clients occasionally seek advice about the “leading security consulting firms” in a particular geography. Many factors determine whether a firm is right for the task at hand. Clients must assess the capabilities of a consultant or firm by looking beyond the brand and the marketing hype to seek answers to critical questions. Rob McMillan A9. To the Poi nt: The Risk Management Maturity Pathway

Improving risk management maturity is fundamental to improving the cost-effectiveness and business alignment of the enterprise’s risk activities. The Gartner ITScore for Risk Management is designed to help you achieve this. Take a brief tour to see what maturity levels 1 through 4 look like and where your organization may fit. Rob McMillan A10. To the Point: The Information Security Maturity Pathway

Improving information security maturity is fundamental to improving 19

SESSION DESCRIPTIONS the risk effectiveness and business alignment of the enterprise’s security activities. The Gartner ITScore for Information Security is designed to help you achieve this. Take a brief tour to see what maturity levels 1 through 4 look like, and where your organization may fit. Rob McMillan A11. Case St udy TBA A12. Pa nel: Reset Your IAM Planning! Lessons from the Veterans

Many enterprises have planned and implemented IAM systems — Now it’s your turn. Where to begin? What are the best practices? How do you measure IAM project success? What are the characteristics of a successful IAM solution? This panel of IAM veterans takes your questions and discusses details about their deployments. Gregg Kreizman, Earl Perkins A13. CISO Open Mic

Open opportunity for discussion and sharing among CIO participants. F. Christian Byrnes

20

THE CISO WORKSHOPS

TRACK B

W3. Selecting Solutions for the Control and Monitoring of Public Social Media

Public social media are used by enterprises and individuals within the enterprise. Security professionals must assess security and compliance risks, and understand the strengths and weaknesses of monitoring and control solutions. In this workshop you assess the risks to your organization, and select a set of technologies to mitigate these. Mario de Boer

B1. Practicing Sa fe SaaS

Most enterprises continue to struggle with the appropriate use of SaaS, but for most organizations, “no” is not the right answer. Standards and practices for risk assessment and use continue to evolve, but gaps still remain. This presentation provides guidance on the creation of a SaaS usage profiles. Jay Heiser

GTP W6. Use a Balanced Scorecard to Demonstrate Security’s Value

There is no standard set of industry-accepted security metrics. That’s because they are hard to do. The purpose of any credible security scheme must be twofold: Show how security is supporting business outcomes, and inform management about significant risks and their management. It is possible to achieve this. Learn how in this hands-on workshop. Rob McMillan

IT Security

B2. Cyberthreat Lawrence Orans B3. Presenti ng a Hard Target to Attackers: Operationally Effective Vulnerability Management

Today’s attackers are getting better at finding and exploiting security weaknesses. The first order of business is to present a hard target to the attacker. Vulnerability management needs to be e xtended to deal with emerging threats, and to accommodate the requirements of cloud services. This presentation


GTP Sessions by Gartner for Technical Professionals analysts F Financial Services

G Government

provides advice on how to extend vulnerability management to meet new requirements. Mark Nicolett B4. Panel: Real-World Case Studies in Mobile Banking Security

This panel will bring together two or three mobile security experts talk about their experiences and wish lists for future mobile securit y. What are the threats and attack vectors faced in mobile transac tions? How have organizations addressed these threats? What are future enhancements that are needed in mobile transaction security?” Moderator: Avivah Litan;, Dave Jevans, Chairman, Ant i-Phishing Working Group, Marble Security; Vas Rajan, Chief Information Security Officer, CLS Bank; Tim Wainwright, Managing Director, CISSP, Security Risk Advisor F

B5. Mobile Device Security Exploits in Depth

How can we stop worrying about mobile security? You can’t trust the OS or the apps, the user resists security practices, and your company doesn’t own the device. This presentation puts the inconvenient facts front and center with real examples, and offers a path forward to reduce risk while still taking user experience into consideration. John Girard, Dionisio Zumerle B6. Preparing Your Security Program for BYOD

Mobile devices are entering the enterprise network at alarming rates. As enterprises race to secure mobile devices, a new challenge

H Healthcare


faces them as they look to extend more applications and more trust to these mobile devices. This session discusses the greater challenge of BYOD beyond simply mobile device security. Eric Ahlm B7. Predict ions: Your Network Security in 2018

Gartner analyst Greg Young takes you ahead in time to what your network security will and won’t be like in the not-so-distant future of 2018 and points in between then and now. With many network security safeguards having five-year life span, the decisions you are making now are already impacting on 2018. Sorry, we still won’t be going to work via jetpack. Greg Young B8. Encryption Planning Made Simple! Follow the Data

B10. To the Point: C ybersecuri ty for the Internet of Everything

The Internet is expanding to include connections not only to people but to machines: automobiles, buildings, power grids — millions of sensors and control systems, all needing protection. How can enterprises that embrace the Internet of Everything (IoE) in their businesses prepare for threats to such systems? Earl Perkins B11. The Seven Dime nsions of Context-Aware Security

This session explains the benefits of context-aware security. It explores how to use the seven dimensions of context-aware computing to mitigate damage from largely invisible security threats. It also delves into organizational and process considerations as well as the business and IT risks.

Enterprises must balance a complex array of regulations, security controls and risk mitigation issues before realizing any benefits from data encryption. Here we look at the issues and encryption options to maximize its value.

Avivah Litan

Brian Lowans

Eric Ouellet

B9. To the Point: The Database

B13. Software-Defined Networking and Its Impact on Security

Security Manual — What You Need to Know

Enterprises are increasingly using databases in larger numbers and complexity. We describe how the growing security threats and regulatory requirements can be addressed by database security solutions. Brian Lowans


B12. Is Cloud Encryption Ready for Prime Time?

Organizations are beginning the process of considering leveraging cloud infrastructures with their most sensitive data.

SDN is being discussed as the future for data center networking. SDN impacts more than just the network infrastructure equipment. It impacts how enterprises implement network security controls. This session discusses how SDN impacts network security and provides recommendations to properly implement security controls within an SDN. Eric Maiwald

GTP 21

SESSION DESCRIPTIONS TRACK C IT Security

generic webinar/lunch and learn sessions. It’s no wonder you have poor compliance results and minimal reduction of risk even after all that effort.

C1. Securing Pri vate, Public and Hybrid Cloud Computing Neil MacDonald

Eric Ouellet

C2. Panel: What Is the Future of Mobile Management and

We are experiencing an unprecedented wave of endpoint innovation. This new wave is driven by consumer requirements, not business requirements. Apple and Samsung are the companies to watch — not HP and Microsoft. How will endpoint security be transformed by employee-owned tablets and mobile devices on mobile networks? Does Windows 8 change the game? Is application control a viable alternative to blacklist signature databases, and how will app stores transform security?

Security?

This debate tackles numerous strategic and tactical questions on the future of mobile security that a re vexing both vendors and clients alike. The analyst presents multiple scenarios and attempt to form a consensus understanding where the mobile security market is headed and how it will transform IT. Peter Firstbrook, Neil MacDonald, John Girard C3. Top 10 Security Myths

It is often said that ignorance is bliss — but only until the hack occurs. This presentation introduces some of the most common misconceptions about security, and concludes with best practices on how to improve your organization’s risk management culture. Jay Heiser C4. How Can You Leverage Content-Aware DLP to Ensure Your Corpor ate Policies and Processes Are Effective?

Your organization has expended significant effort creating the perfect policies and processes to address its risk management needs. Sadly, most organizations expect their staff and contractors to “automagically” learn and apply each of the policies in the exact context intended, based solely on a directive sent by email or via

22

C5. Endpoint Security: When the Consumer Is King

Peter Firstbrook C6. Cybersecurity! (The Biggest Scam Since the Ponzi Scheme)

intelligence and context about your users, assets and applications. User activity monitoring is essential for the early detection of targeted attacks, and has also become part of the standard of due care for a variety of regulations across all industry segments. This presentation provides advice on how to deploy security monitoring technologies such as security information and event management (SIEM), for user activity and resource access monitoring. Mark Nicolett C8. Big Security Data Is Neither Big Security nor Big Intelligence

There are fundamental flaws in the assumptions and expectations associated with big collections of security data: (1) that security intelligence [SI] is analogous to business intelligence [BI] and the big security data is an ultimate source for SI; and (2) that big security data is a key to security. Joseph Feiman

C9. To the Point: Deny Den ial of Gartner Vice President Greg Young presents an alternative view to the Service Attacks hype surrounding cybersecurity. What The changing nature of denial of is the real proposition of all things service (DoS) attacks presents new cyber? Is this the new approach to threats to enterprises. Attackers are tackling an aggressive threat the using innovative techniques to origins, or merely a repackaging of generate more powerful and current security approaches with sophisticated attacks, forcing the DoS mitigation market to evolve no net new benefit? Is “cyber” not only wasteful but dangerous to quickly. Security professionals must enterprise security? adapt to defend their organizations against high-profile DoS disruptions Greg Young in this new era. C7. User Activit y Monitoring for Early Breach Detection

Early detection of targeted attacks and security breaches has never been more important and more difficult to achieve. Your chances are vastly improved if your monitoring integrates security events with threat

Lawrence Orans C10. To the Point : Playing Che ss With APTs

Seeing your user accounts and endpoints (pawns) compromised, perimeters evaded and secrets taken? Survivors control the center



G Government

(the data), use security tools adeptly and stay a few moves ahead with advanced monitoring and threat intelligence. Attend this presentation and learn the best architectures for a sometimes-deadly cyberchessboard. Anton Chuvakin; Ramon Krikken

GTP

H Healthcare


Internet security over the next 5 to 10 years.

D2. Cost, Consequence and Value: The Economi cs of I AM

Joseph Feiman, Jo hn Gir ard,

How do we measure the value of IAM? For many, justifying IAM has been elusive. It remains a horizontal concern in the vertical world of business services, something shared by all business functions but owned by none. How can an IAM project be reconciled with the budgets of business?

Avivah Litan, Eric Ahlm, Neil MacDonald, Lawrence Pingree, Eric Ouellet, Peter Firstbrook

TRACK D

C11. Top Mobile Gear: Mobility Road Trip!

Time for a road trip. Gartner analysts head out to learn (and to race) ea ch other to find the truth about good mobile security practices. Improving the format of a popular TV show, our crews go forth to ask the people about their burning questions concerning life, mobility and happy commerce. And dodging flying vegetables as needed. Ant Allan, Jo hn Girard, Tom Scholtz C12. Adapting the Secure Web Gateway

The Internet is being rebooted with HTML5 and the rise of new operating systems and mobile device, not to mention the rise of “cloud” everything. How will the secure Web gateway adapt to keep up with both the evolving security threats and rapidly changing applications? What is the SWG role in adapting t o an employee owned device world?

IT Security

Earl Perkins D1. Panel: Getting IAM Goi ng — Best Practices for Formalizing Your IAM Pr ogram

Moving from an informal, unmanaged IAM program to a formal, managed, efficient and effective model program is a daunting task. This panel discusses where to start and best practices for creating a process catalog, assigning program roles and responsibilities, and implementing policy and technology for a successful maturation process. Ant Al lan, Ea rl Per kins, Ray Wagner

D3. Town Hall: Access A ll Areas

Authentication, federation and authorization in a mobile, cloudy world. Ant Allan, G regg Kreizman D4. Your Cloud and Mobile Devices Broke My IAM

Cloud computing and mobile endpoint adoption break e stablished IAM architectures and challenge security leaders to deliver secure access services to their enterprises. This session addresses the

Peter Firstbrook, Lawrence Orans C13. Panel: Hackers Are Not a Threat to Security — A Future of Internet Security

We explore the Internet evolution scenario: “Control, Freedom, Prot” and the security scenario: “Security Nirvana, Perpetual Arms Race, Security Engineering, and Chaos.” We point to the likeliest scenarios for


23

SESSION DESCRIPTIONS current and evolving solutions to these problems. Gregg Kreizman D5. IAM for Applications and Data: The Rise of Data Access Governance in IAM

Access to unstructured data has always been an enterprise concern. How can IAM provide administration, access, analytics capabilities for access to files, folders, and other data formats? How can data access governance truly become part of identity governance and administration? This presentation explores this trend in IAM Earl Perkins D6. Using Big Data Analytics for Information Security Neil MacDonald D7. Good Authen tication Choic es for Smartphones and Tablets

The price and complexity of traditional authentication is more than just unpopular with mobile users; many platforms simply do not support robust identity access methods. We offer a path for making strategic decisions about mobile authentication and answer the question “who benefits from good authentication?” John Girard, Eric Ahlm D8. Mobile Device Policy Essentials

Mobile devices, particularly consumer-level products, have trampled over the well-crafted policies that companies put in place for trusted work systems. Businesses must learn to prioritize the basic configuration and security policies that they will need to preserve. Attendees learn the notes and feedback collected in recent workshops and AURs. John Girard, Dionisio Zumerle

24

rapidly becoming key components in this process.

D9. Case Study TBA D10. To the Point: Revolution and Evolution in Windows 8 Security

Windows 8, which runs on desktops, laptops and various tablet platforms, improves on Windows 7 security and introduces new security features. This presentation focuses on Windows 8 security features and limitations, enabling security professionals to plan for the security of their desktop and mobile infrastructures. Mario de Boer D11. Getting to Single Sign-on Securely

The quest for single sign-on (SSO) is the result of disparate identity silos, increased password-related support costs, and user frustration. This session helps attendees make decisions regarding strategies and tools to achieve SSO securely. Gregg Kreizman D12. Panel: A World Without Passwords and Tokens Ant Al lan, Avivah Litan, Ia n Gla zer D13. Identity and Access Management Gets Social Ant Al lan

TRACK E IT Security E1. Big Data Discovery Using Content-Aware Data Loss Prevention (DLP) Solutions

Organizations large and small report that they face significant challenges in properly locating and identifying their sensitive data within their big data environments. This session discusses how content-aware DLP tools are

Eric Ouellet E2. Cloud Encryption: Strong Security, Obfuscation or Snake Oil?

Encryption is often used as a primary means to protect data. But does encryption work in the cloud? Maybe it does for all of it, or maybe just for some of it … and this does matter, because incorrect use of encryption can result in a complete lack of security. Understanding algorithm and architecture options, and knowing which ones work and which ones don’t, is critical to keeping your data safe in the public cloud. Ramon Krikken

GTP E3. TBA E4. Security Monitoring of Public Cloud

Cloud security monitoring is an afterthought for most organizations, and as cloud usage expands and new risks emerge, it can be left behind altogether. However, security monitoring must be deployed across public clouds, private clouds and traditional infrastructure — and enterprises, not the providers, own that responsibility. Organizations should push their providers for more data feeds and telemetry, and plan their monitoring architectures. Anton Chuvakin

GTP E5. Using Managed Containers to Protect Information on Mobile Devices

Managed containers are a mechanism to protect enterprise information on the mobile device while separating it from employee data. Enterprises should consider



G Government

container technology but there are downsides. This talk shows how containers can be used to meet enterprise needs and how enterprises can benefit from the technology. Eric Maiwald

GTP E6. Managing, Securing and Budgeting the Mobile Device Life Cycle

Any mobile device, whether it is owned by the company or the employee, has a measurable life cycle impact on your company’s business processes. This presentation provides attendees with a strategic road map to get both cost and quality of mobile IT under control as a first step to realizing genuine productivity benefits. John Girard E7. Keeping Bad Guys Out of Your Accounts Using Five Layers of Fraud prevention

This session looks at internal and external threats against the enterprise and how criminals are circumventing common solutions in place today. It delves into five layers of fraud prevention and identity proofing needed to mitigate these threats, prevent account takeover and new account fraud.

H Healthcare


them. This presentation describes new capabilities available from VA tools, and explores how they can fit into your portfolio of security controls. Kelly M. Kavanagh E10. To the Point : Best Prac tices for Securing Information During International Travel

International travelers face increasing risks of data loss and compromise, both to government officials and to criminals. Attendees sharing experiences based on travel experiences that can be compared to Gartner’s established best practices can help enterprises protect traveling employees and sensitive mobile data. Dionisio Zumerle E11. Facing Informat ion Sprawl: Secure Synchronization of Data on Endpoints

Organizations increasingly allow the use of multiple endpoints for business purposes. If no enterprise solution is provided, users are creative in synchronizing data to each of their devices, increasing information sprawl. Learn about the latest synchronization solutions, their security and deployment challenges.

E12. DLP Architecture and Operational Processes

Data loss prevention (DLP) is an essential data security technology, but it suffers from deployment and operations challenges. This presentation reveals a guidance framework that offers a structured approach for planning, architecting and operating a DLP technology at a large enterprise. Anton Chuvakin

GTP E13. Web Applicat ion Firewalls: Features, Products, Deployment and Alternatives

In the absence of ubiquitous security in software, Web application firewalls are the technology of choice to protect Web applications against external attacks. This technology overview focuses on the latest features of leading Web application firewalls, existing products, deployment options and alternative technologies. Mario de Boer

GTP

Mario de Boer

GTP

Avivah Litan E8. Case Study: A Successful Implementation of the FICAM Guidelines TBA E9. To the Point: Ref resh Vulne rability Assessment

Network vulnerability assessment is a mature market. Vendors have steadily added capabilities to their VA scanning products to differentiate Vis it g artner.com /us/securi tyris k fo r agend a up dates a nd to re gister

25

SESSION DESCRIPTIONS IT SECURITY PRECONFERENCE SESSIONS PC3. Now What? How to Use Service Providers to Support SIEM Operations

Gartner customers increasingly request external services to support their operational SIEM deployments. In this presentation, we address the best opportunities for external support, and assess the capabilities of several types of providers to deliver operational support. Kelly M. Kavanagh, Mark Nicolett PC4. SIEM Architecture and

PC5. Forget MDM: Extending Security and Identity to Mobile Apps

Mobile brings up old and new security concerns. Three important elements of the application architecture — the platform, clientside application and back end — affect and are affected by security and other requirements. Understanding the most critical challenges and solutions around identity and security for each of these elements is the foundational knowledge from which to build mobile apps that are both secure and delightful to use.

Operational Processes

Ramon Krikken

Security information and event management (SIEM) is a key technology that provides security visibility, but it suffers from challenges with operational deployments. This presentation reveals a guidance framework that offers a structured approach for architecting and running an SIEM deployment at a large enterprise or evolving a stalled deployment.

GTP

Anton Chuvakin

GTP

PC7. Using MSSPs for Ef fective Threat Management

IT SECURITY WORKSHOPS W1. Information Security Arch itecture 101

Information security architecture is a foundational element of any security program. However, the term “architecture” means different things to different people, resulting in confusion about the role of security architecture. Gartner experts facilitate a structured discussion on the elements and success criteria of security architecture practice. Tom Scholt z W4. Build an Effective Security and Risk Program

Security and risk management is maturing. Creating and formalizing a program is relatively inexpensive, but developing a mature program requires support, a strategic approach and adequate time. Modern enterprises must transform their programs to align with business need and address cultural gaps with the non-IT parts of the business.

Selecting an MSSP for effective threat management, beyond compliancefocused or due-diligence monitoring, requires asking the right questions. It also means adjusting internal processes to take advantage of the MSSPs capabilities. This presentation tells you what to look for in evaluating Tom Scholtz, Ro b McMillan, Jeremy D’Hoinne MSSPs and how to make effective use of the relationship. W5. Gartner Network Kelly M. Kavanagh

Security Design

This workshop highlights elements of modern technical network security architecture. These elements are drawn from principles of the Gartner Network Security Reference Model. The majority of the workshop is focused on examining participants’ architecture and design issues. Greg Young W7. Getti ng Value Out of IT Security and Risk Metrics Programs

Security and risk metrics are subjects of never-ending discussions. In this

26



G Government

analyst-led collaborative workshop we review a practical approach to developing security and risk metrics, and then break into small groups to develop an example metrics list, metrics dashboard, and/or metrics program plan. The results are then socialized with the whole group, so that all participants can use this knowledge in developing or enhancing their metrics programs. Ramon Krikken

GTP W10. Meeting Business Needs for Mobility and Security

At the root of the mobile strategy is the information users need and for which risk of disclosure needs to be managed. BYOD adds another dimension to the problem. This workshop examines the conflicts and trade-offs between security and other use case requirements along with decision logic to help navigate through them. Eric Maiwald W11. Cloud Cont racts: Develop Your Own Securi ty and Risk Exhibits

This workshop covers key areas to include as a part of a standard boilerplate exhibit that security and risk management teams can share with procurement/vendor management. We discuss key areas such as disaster recovery, audit rights, privacy, confidentiality, backup, SLAs and security requirements. Gayla Sullivan W12. IT Risk Cloud Manifesto: Defining What Enterprises Need but Aren’t Getting!

Adoption of cloud services has lagged expectations. In part this is because

H Healthcare


cloud vendors aren’t addressing the IT risk issues associated with hosting restricted data or critical business services. This workshop facilitates creating a “voice of the enterprise” set of common and prioritized requirements that cloud vendors need to address.

to satisfy business requirements. In this roundtable, compare notes with your peers on BYOD initiatives and discuss critical success factors and lessons learned. Lawrence Orans

Erik T. Heidt

IT SECURITY INDUSTRY DAY SESSIONS

W13. Mobile Application Security

IG1. Case Study: Advanced,

Neil MacDonald

Persistent and Threatening — Who Are the Attackers and What Are They Doing?

W14. IT Security: Planning a Self-Audit

Stop depending on the internal audit team. Reset expectation — conduct self-audits for all IT security processes and technology. Rely on internal audit for independent insights, not compliance violations, not routine corrections. Khushbu Pratap

IT SECURITY ANALYSTUSER ROUNDTABLES AUR2. Government Iden tity: Providing Constituents With Secure Access to Government Services

Governments continue to grapple with providing online, convenient citizen-facing services that require higher levels of identity assurance while keeping costs low. This roundtable will provide a facilitated opportunity to share best practices and emerging trends for meeting these challenges Gregg Kreizman AUR4. BYOD Security

The BYOD phenomenon presents security risks, operational challenges and the need for new policies. IT must be flexible, but not too flexible,


Dave Monnier, Security Evangelist and Fellow, Team Cymru; Lawrence Pingree IG2. Critical Infrastructure Protection Requirements Driving New Security Demand

Government-led cybersecurity initiatives and private sector critical infrastructure protection activities are pushing for greater industry specific focus on security. This session discusses how growing pressure to protect from cyberthreat will drive spend and strategies toward information security. Ruggero Contu

G IG3. Best Practices for Mitigating Advanced Persis tent Threa ts

Advanced threats have increased in recent years taking on much more destructive characteristics than in the past. This presentation covers recommended best practices for mitigating the risks associated with advanced targeted attacks and teach Gartner clients practical things they can do. Lawrence Pingree

G IF1. Case Study TBA 27

SESSION DESCRIPTIONS IH1. Don’t Give Them The Keys to the Kingdom U ntil You Know Who They Are

This presentation outlines and underscores the increasing importance of identity management/ user provisioning within the healthcare provider. Barry Runyon

H IH3. Help Save Healthcare: Tackling Fraud and A buse at an Enterprise Level

This session discusses the drivers that make fraud and abuse such a growing concern for the industry. Most organizations focus on point solutions and rely on “pay and chase” methods of fraud recovery. It is important to take an enterprise approach to combat fraud using newer technology and practices to stop losing money on bad claims and wrong practices. Christina Lucero; Avivah Litan

changing. Each change brings new threats and breaks old security processes. This session reviews the hot trends in security for 2013 and beyond while providing a road map to the summit and relevant Gartner research. Ray Wagner T3. IAM Myths and Monsters

The phrase “identity and access management” can raise feelings both of great hope and of great fear. Horror stories abound. At the same time, many people hold out great hope for the promises of what IAM can accomplish. Join us as we explore IAM’s myths and monsters. Ray Wagner

Andrew Walls F4. CEO Concerns 2013 and the IT Implications

Based on our global CEO survey and informed by other research sources, we explain how CEOs see in the road ahead for 2013, what they think about you, and how both will shape your agenda. This session is a high-level view of opportunities and risks be considered. Jorge Lopez F7. Road Map for Intelligent Information Governance

TRACK F Risk Management and Compliance

H IME3. Securing the OT Environment

F2. Linking Risk to Business Decision Making: Creating

As the complexity of OT systems increases, and the connectivity to them becomes more ubiquitous, the risk from vulnerabilities increases. What used to be “security through obscurity” can no longer be the case, as OT systems move to Microsoft, Linux and Unix platforms. This session explores the vulnerabilities and how to contain them.

The term key risk indicator (KRI) has come to mean “our most important metrics,” but the criteria for “most important” usually falls short of “most useful.” The definition varies greatly across different organizations, so there are no standards. Good KRIs should be tied to business impact and influence business decision making.


potential benefits of “social” and identify specific strategic and tactical opportunities for security program improvement and risk management.

KRIs That Matter

Paul E. Proctor

With the influx of types and volume of unstructured data, organizations are struggling with how to manage the governance and compliance issues associated with this data. This session reviews (1) the scope of the problem with all the unstructured “dark” data, (2) what the best policies are to implement to govern this data and (3) what technologies/tools are available to implement the policies. Alan Dayley F8. Align Governance to Your Organization for Success

IT governance must be tailored for every organization. But many governance efforts continue to fail because they are not aligned to the organization itself. Governance has to align with the culture, structure and politics of the organization. Understand your organization and design and implement governance for success.

EU

F3. Security and Risk Management Technologies for Social Media

IT SECURITY TUTORIALS

It’s all about social these days. Whether it is social media, user behavior or the Julie Short interplay of society and your organization, there are new risk and security variables that must be assessed and managed. This panel of analysts will examine the risks and

T1. Top Securit y Trends and Take-Aways for 2013 and 2014

With the Nexus of Forces driving continuing trends in cloud, consumerization, mobility and big data, the way IT is delivered is 28



G Government

F9. To the Point: Working With the Board of Directors on Risk and Technology for Competitive Advantage

This presentation discusses how to take advanced technology concepts and make them presentable for the board of directors for investment decisions. Risk and competitive advantage are the focal points in this approach. Jorge Lopez F10. To the Point: Conquering the Last Frontier of Governance With Enterprise Legal Management

As companies look to improve corporate governance practices in the wake of the global financial crisis, the corporate legal department is at the forefront of change. To be successful, legal professionals need better tools to conquer the evolving governance challenges. This session explores how enterprise legal management applications can help. John A. Wheeler F11. The Four Faces of Governance

Governance is one of the most critical leadership disciplines required to enable organizations to execute on their operational and strategic goals. To help CIOs, CROs and IT leaders to achieve targeted business outcomes, Gartner clarifies the four faces of governance: accountability, investment, compliance and risk management. French Caldwell, Julie Short F12. Ethics at the Nexus of Security, Privacy and Big Data Jay Heiser

H Healthcare


F13. Shrink-Wrap Governance: A Guide to Understanding GRC Software and Services

G4. Maverick Research: Crowdsource Your Management of Operational Risk

The Hype Cycle for GRC Technologies has over three dozen technologies and services markets represented. With so many vendors and service providers claiming to do GRC, it’s critical to understand what really forms the core of this marketplace and how to execute GRC programs in your enterprise.

Traditional approaches to managing operational risk are delivering diminishing returns as the pace of business accelerates. Crowdsourcing techniques can change the way risk is managed and decisions are made. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner’s official positions.)

French Caldwell

Leif Eriksen, Paul E. Proctor

TRACK G

G7. Defining Three Segments in the Audit Technology Market

Risk Management and Compliance

This session introduces the three segments in the audit technologies market: audit analytics, audit management and continuous auditing.

G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRC

GRC vendors have a lot of catching up to do. Most vendors have yet to offer effective third generation GRC, which focuses on performance, much less apply fourth generation GRC, which focuses on decision making. However, risk managers can help push the envelope on what will be within the art of the possible for the fourth generation of GRC. French Caldwell G3. A New Way Forward: How to Create a Strategic Road Map for Compliance

Senior IT and business leaders face an increasing number of compliance requirements and a continued rise in associated costs. In this session, you learn how to create a strategic road map for compliance highlighting key initiatives that promote a risk-aware compliance culture and leads to real business value.

Khushbu Pratap G8. Top 5 IT Audit Trends in 2012-2013 Khushbu Pratap G9. To the Point: Is Your Business Keeping Up With the Changes and Best Practices for E-Discovery?

As information compliance and regulatory requirements mature, so does the need for organizations to hone e-discovery best practices and implementations. This session discusses changes in the e-discovery market and how you can best adhere to these changes. Alan Dayley G10. To the Point: Anti-Bribery Fear and Hype — Limits and Uses of FCPA Solutions French Caldwell G11. Case Study TBA

John A. Wheeler Vis it g artner.com /us/securi tyris k fo r agend a up dates a nd to re gister

29

SESSION DESCRIPTIONS G12. Why ERM and GRC Depend on Each Other to Succeed

This session defines and explores the symbiotic relationship between enterprise risk management (ERM) and governance, risk and compliance (GRC). Today, companies are challenged with finding better ways to understand and analyze risk. Some may look to ERM and others may focus on GRC. To be truly effective, however, companies need both. John A. Wheeler G13. Debate: Cyberinsurance — Evolution or Revolution?

Cyberinsurance should be a great idea, but Gartner sees challenges for the industry and for the insured. There is an evolution of cyberinsurance that will make it a worthy vehicle for risk transfer by 2016, but today it is more of a gamble. This debate covers the pros and cons of cyberinsurance so you can make an informed decision. Paul E. Proctor, John A. Wheeler

RISK PRECONFERENCE SESSIONS PC1. Sharing Data Without Losing It

Today’s security managers are struggling to meet the growing demands to share enterprise data with personal devices and external parties. This pitch will provide a use case model for the choice of collaborative systems with data protection technology that matches business needs for data protection. Jay Heiser PC8. Road Stories: Lessons Learnt (and Fingers Burnt) in IT Risk Management

Risk management is more art than science. The best way to learn risk management is to practice it. The approach must suit the culture of the 30

organization. This presentation shares experiences, pitfalls and best practices encountered by Gartner analysts during their regular interactions with clients.

Only companies that embrace this change will retain the agility and resilience needed to compete moving forward. Oh, by the way, it’s happening anyway.

Tom Scholt z

David Marquet, Author of the AwardWinning Book “Turn the Ship Around!”; French Caldwell

RISK GENERAL SESSIONS F1./G1. General Session: Duck and Cover — Preparing for Cyberwar

Cyberwar is a reality, and current defenses are inadequate for new classes of massive coordinated cyberattack. This presentation discusses recent developments in massive coordinated geopolitical and criminal cyberattacks, and offers advice to public — and private-sector enterprises on how to protect systems in an era of cyberwar. Richard Hunter, Avivah Litan F5./G5. General Session: A Clash of Forces — Managing Emerging Risks of the Nexus

Industry experts and analysts share insights on risk and compliance issues emerging from the Nexus of Forces, their impacts and how to manage them. Topics for discussion include social media compliance, ethics and anti-bribery, vendor risk management, operational technology, legal and cloud risks. French Caldwell, Andrew Walls, panelists F6./G6. Leadership, Governance and Risk

David Marquet speaks about the relationship between leadership, governance and risk with a focus on decision making and the decisionmaking architecture in your organization. From a leadership perspective, he advocates “moving authority to information” as opposed to moving information to authority.

RISK WORKSHOPS W3. Selecting Solutions for the Control and Monitoring of Public Social Media

Public social media are used by enterprises and individuals within the enterprise. Security professionals must assess security and compliance risks, and understand the strengths and weaknesses of monitoring and control solutions. In this workshop you assess the risks to your organization, and select a set of technologies to mitigate these. Mario de Boer

GTP W8. Workshop TBA W9. IT Risk Management: Selecting the Best Assessment Methods and Tools

This workshop focuses on the best effort to select the an appropriate IT risk assessment method. Jeffrey Wheatman, Khushbu Pratap W15. The Gartner Network Security Architecture Reference Model TBA

RISK ANALYST-USER ROUNDTABLES AUR6. Supply Chain Risks Leif Eriksen AUR9. Auditor’s Role in Emerging Risks

Internal auditors are sometimes the



G Government

H Healthcare


torch bearers for emerging risks that the board always wants be informed about. Where do internal auditors help, what do they currently consider? Are internal auditors responsible for managing emerging risks?

think of where IT can contribute to better manage OT. We explore the RACI model applied to OT to determine where IT can have a supporting role.

Khushbu Pratap

EU M

RISK INDUSTRY DAY SESSIONS

IF2. Do I Need Cyberinsurance?

IME1. Understand OT: The Emerging Risks From Advanced Automation

Operational technology is hardware and software that detects or causes a change of state, through the direct monitoring and/or control of physical devices, processes and events in the enterprise. While this promises better access to data and visibility, it also creates a portfolio of complex products that need to be managed. Earl Perkins, Kristian Steenstrup

EU M IME2. Supply Chain IT Risk Challenges: What Exactly Is That Supplier Doing?

Many enterprises are under greater regulatory pressure to demonstrate comprehensive and effective IT risk controls not only with their primary suppliers, but also throughout the supply chain. We explore the risk management challenges enterprises face when their vendors leverage vendors, as well as discussing solutions. Erik T. Heidt

GTP IME4. Responsibility and Accountability of OT Systems

There is a temptation to respond to OT issues by assigning the problem to the IT department. In some cases, the response is to build walls around operations. The best approach is to

Kristian Steenstrup

Following a number of significant data privacy breaches and websites attacks, there is a growing interest in cyberinsurance coverage. In this workshop you can discuss the potential benefits of cyberinsurance and assess whether this insurance is relevant for your organization. Juergen Weiss

F IF3. Strategic Road Map for Financial Services Enterprise Risk Management

This presentation explains the state of risk and compliance management in the BIS industry, and how market forces are driving risk management transformation and will illuminate the technology implications for financial institutions for enabling more agile and responsive risk management. John A. Wheeler

F IH2. HIPAA Bites: Getting Ready for HIPAA Enforcement

This is a hot topic, with healthcare provider spending on security going up due to HIPAA enforcement. Healthcare organization attendance at the last U.S. conference was large enough to ensure an interested audience. Probable topics include risk-based assessment, encryption, “meaningful use” requirements and patient/member engagement considerations. Wes Rishel

H


RISK TUTORIALS T2. Tell Me, What’s IT GRC Again? (Solutions to Common Challenges)

IT GRC programs continue to be a catch-all for policy, risk and compliance activities. No clear and complete vision of IT GRC has emerged, and GRC activities tend to be matrixed across the enterprise. Here a summary of current research on IT GRC programs will be reviewed, including recommendations for planning and executing IT GRC programs. Erik T. Heidt

GTP

TRACK H Business Continuity Management (BCM) H1. What Are the BCM Software Markets and How to Get the Most Out of Them

The BCM software market is a subset of the broader response and recovery marketplace for business and IT disruptions. This session provides the latest market analysis of these tools so that organizations can make the right tool choice for their needs. It also discusses complementary markets to ensure better operational resilience. Rober ta J. Witt y, John P. Morency, Leif Eriksen, John Girard H2. What You Can and Cannot Do With Recovery Exercise Management Automation

Exercising IT DRM plans is a “must do,” not a “would like to do” activity. However, increasing time and resource costs demand more efficient and effective approaches. This session discusses recovery 31

SESSION DESCRIPTIONS exercise automation software, its associated strengths and weaknesses and how it can be used to improve exercise scope, execution and results. John P. More ncy H3. Case Study: Business Continuity Metrics — From Project to Program to Incident Management Roberta J. Witty BCM Metrics H4. Cloud Service Provider Risk Management

trade-offs of critical technologies such as data replication/synchronization, clustering and disaster recovery orchestration. Donna Scott, John P. Morency H7. Case Study: Using the Fusion Framework to Implement and Manage BC/DR Program-Related Activities Roberta J. Witty

TBA

H8. Recovery Exercising Best Practices Belinda Wilson

plans so that supplier risk mitigation, response, recovery and restoration efforts are more successful. We discuss how to determine which suppliers require BCM and the activities required in ongoing risk management, and evaluate the viability of supplier contingency plans. Gayla Sullivan H12. Designing and Architecting for 24/7 Availability

Globalization and cost management increase the need for continuous availability for mission-critical applications. Cloud computing raises the visibility of designing for continuous multisite availability. This presentation looks at architecture and management strategies to reduce or eliminate planned and unplanned application downtime.

When IT acquires public cloud services, H9. To the Point: BCM Grows Up— it must assure that the supplier will How a Nexus of Technologies Is deliver to contracted SLAs. This Moving BCM Into the C-Suite presentation discusses the approach There are a number of technologies to assess cloud service provider risk for that are making BCM a C-suite topic architecture/design, availability, because they provide management performance, data protection, recovery, with an entirely new and complete security, operational controls and other picture of their organization. This Donna Scott contract terms and conditions. session discusses what these Donna Scott, John P. Morency, H13. How to Conduct an technologies are and how they can be Effective BIA Jay Heiser used for expanded risk management The Risk assessment and business and improved business and operational H5. Managing Global Recovery impact analysis are the most important resilience. and Continuity Risk activities in the BCM planning process. The challenge of orchestrating efficient, Roberta J. Witty They provide the foundation on which effective and sustainable business H10. To the Point: The Business all recovery startegies and solutions are continuity across a global organization Continuity Management Planning built. This presentation discusses requires addressing difficult people, Market in Depth different risk assessment approaches process and technology issues. This Organizations are realizing that and gives guidance on how best to session discusses how to develop the managing recovery plans using office conduct a BIA for BCM. structures and procedures to reduce management software is not feasible. Belinda Wilson operating risk across different Some firms have over 1,000 plans; geographies, time zones and therefore automation is required. This BCM PRECONFERENCE operating cultures. session presents the BCMP software SESSIONS John P. Morency, Roberta J. Witty market Magic Quadrant and discuss PC2. ISO 22301 Implementation best practices for implementing and H6. What You Need to Session using the tool for most effectiveness Know About Technical Roberta J. Witty; John P. Morency; within the organization. IT-DRM Architectures Brian Zawada, ISO TC 223 U.S. Few things are more technical than Roberta J. Witty, John P. Morency Representative, Avalution Consulting automating application failover and H11. Supplier Contingency failback for resilience and disaster PC6. End-User Case Study Planning: What You Need to Know recovery. The session discusses how TBA for Supplier Recovery to make better architectural decisions This session covers how BCM teams by addressing the technical details and can implement supplier contingency 32



G Government

BCM WORKSHOPS W2. How to Develop Effective and Efficient Disaster Recovery Plans

Regardless of size, industry or location, every organization needs a BCM program with a variety of recovery plans. This workshop presents the steps and processes required to develop effective recovery plans. In addition, participants are given a method to assess their existing plans for improvement once back at the office. Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty, John P. Morency, Belinda Wilson

BCM ANALYST-USER ROUNDTABLES AUR5. BCM Metrics: What Works, What Doesn’t

An increased focus on governance and transparency is requiring many BCM programs to provide timely and meaningful program status information to management on a regular (monthly) basis. This roundtable will allow participants to discuss how they have best implemented, managed and reported on BCM program metrics. Roberta J. Witty AUR7. How Does BCM Fit Into the Enterprise Risk Management Program?

Many organizations are integrating many risk domains under one management umbrella — in a virtual or direct reporting management arrangement. This roundtable allows conference participants to discuss what works and doesn’t work for their organizations in regard to integrating BCM into the

H Healthcare


organizational or enterprise risk management program. Roberta J. Witty AUR8. IT-DRM Man ageme nt Autom ation Roundta ble

This roundtable allows conference participants to discuss their experience in using IT-DRM planning, implementation and exercise management automation software. The focus is on the time and cost required to implement the software products, as well as the related efficiency, effectiveness and cost reduction benefits that were achieved. John P. More ncy

BCM TUTORIALS T4. TBA

TRACK J The Business of IT Security J1. Global Security Markets: Where Are We Going From Here?

This presentation covers the security markets worldwide and details the market dynamics that are changing the future of information security globally. Gartner Invest clients and technology providers must understand market competitive dynamics in order to compete into the future.

global security and risk summits. Attendees walk away with a better understanding of the major technology priorities, buying behaviors and budgeting trends. Eric Ahlm, Ruggero Contu, Lawrence Pingree J3. User Survey Analysis: Security Services Market Trends

In 2012, Gartner conducted a survey of users in the U.S. and EMEA to discover the trends and buying behaviors for consulting, managed and cloud services providers. This session discusses the key findings to help security service providers better understand the market direction. Eric Ahlm J4. Panel: Security Startups — Leading the Way to Success

Leaders from emerging startup companies participate in a discussion so that you can better understand the direction of the latest techniques used by attackers, the latest security technologies and how these leaders view their future success in today’s challenging technology market. Ruggero Contu, Lawrence Pingree, Gaurav Banga,CEO, Bromiun; Mike Horn, CEO, NetCitadel; Pravin Kothari, CEO, CipherCloud; George Kurtz, CEO, Crowdstrike; Gordon Shevlin, CEO, Allgress J5. Buyers Are From Mars, Vendors Are From Venus

The art of successful negotiation often hinges on the ability of each side to understand what drives the other. J2. Survey Analysis: Examining the Parties can often talk at crossGartner Global 2012 Security purposes because they do not Conference Survey Results understand the culture, language and This session examines the results goals of the other. This presentation of survey data from Gartner’s tells you what you need to know to Eric Ahlm, Ruggero Contu, Lawrence Pingree


33

SESSION DESCRIPTIONS work efficiently and successfully on your next deal. Eric Ahlm, Rob McMillan J6. Information Security: Process or Technology — Which Way Do We Go?

J8. TBA J9. To the Point: Security Specialist Career Guide — Prosper, Survive or Leave

Cloud is a transformational phenomenon that changes our businesses and our IT organizations. Will cloud transform IT workforce? Will it threaten people’s job security?

J12. Gartner Security Market Magic Quadrant Reviews

Participate in an exciting review of the leaders, challengers, visionaries and niche players in Web fraud detection, mobile device management, managed security services, endpoint protection, data masking, application security testing and security information and event management.

The information security market is huge and continually growing. Client organizations have spent billions of Joseph Feiman dollars on technology to solve the Avivah Litan, John Girard, Kelly M. information security problem; yet when J10. The Evolving Security Kavanagh, Neil MacDonald, Joe we speak to clients they don’t really Software Ecosystems: Gartner Feiman, Mark Nicolett feel any safer now than they did five or Predictions for the Market’s Future J13. Case Study 10 years ago. Maybe throwing tools at The security market is being TBA the problem is not the way to go! transformed by new end-user Maybe the key to success is building requirements as a result changes scalable, repeatable patterns of brought by social, mobile, cloud and behavior. This panel of analysts big data. While consolidation remains discusses why process might be a an important factor shaping the better point of focus than technology. marketplace, regeneration and Jeffrey Wheatman, Jay Heiser, innovation introduced by constant Anton Chuvakin, Neil MacDonald, influx of startup players continues also Tom Scholtz to be an influencer in this market. This presentation analyzes the market-share J7. Management Still Doesn’t Get dynamics that have been shaping the Security (And What You Can Do security ecosystem and discusses About That) potential future developments across Many management teams just don’t different segments. get it. Security and IT risk become priorities (for a while) after a failure but after long periods without visible failures they go back to not caring. A modern security and IT risk program needs continuously engaged decision makers. Learn how to engage executive management teams and keep them continuously engaged. Paul E. Proctor

Ruggero Contu J11. Security: A Financial Perspective

In the presentation we will look at the growth trends of the overall sector and the growth trends of the sector’s sub-segments. The presentation will also assess the vendors’ respective positions in the market. Finally, the vendors will be assessed from a financial perspective using the Gartner financial rating methodology as well as other relevant financial metrics. Frank Marsala

34


SOLUTION SHOWCASE PREMIER SPONSORS Cisco offers one of the largest portfolios of security solutions available. With these solutions, organizations can embrace new market transformations, protect assets, empower employees, and accelerate business. Cisco takes a comprehensive approach by integrating security into all parts of the network, and simplifies security challenges, such as: An increase of mobile devices on the network; a move to a cloud-based infrastructure; and hackers that pose sophisticated and persistent threats to the network. Dell SecureWorks uses cyber threat intelligence to provide predictive, continuous and responsive protection for thousands of organizations worldwide. Enriched by intelligence from our Counter Threat Unit research team, Dell SecureWorks’ Information Security Services help organizations predict threats, proactively fortify defenses, continuously detect and stop cyber-attacks, and recover faster from security breaches. To learn more, visit www.secureworks.com. Dell Software makes it easy to securely manage and protect applications, systems, devices and data to help organizations of all sizes fully deliver on the promise of technology. Our simple yet powerful software – combined with Dell hardware and services – provide scalable, end-to-end solutions to drive value and accelerate results. Whether it’s Windows infrastructure, the cloud and mobile computing, or networks, databases and business intelligence, we dramatically reduce complexity and risk to unlock the power of IT. www.dell.com/software HP provides complete information security solutions that protect the hybrid Enterprise. Our proactive approach to information security optimizes your investment and improves your risk posture, thus enabling you to achieve better business results. HP’s unrivalled capabilities spanning security consulting, managed security services and market-leading products from HP ArcSight, HP Fortify, HP Atalla, and HP TippingPoint deliver integrated security solutions to manage risk, deliver actionable security intelligence and integrated security operations. HP is a trusted partner to thousands of global enterprise and government clients; We work with you to dene and implement a holistic, risk-based security strategy that supports your unique business requirements balancing risk with opportunity. www.hp.com Lieberman Software provides award-winning privileged identity management and security management products to more than 1200 active customers worldwide, including 40% of the Fortune 50. By automatically discovering and managing privileged accounts throughout the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. Lieberman Software products scale to the largest enterprises in the world and deploy in minutes. Qualys is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, and partnerships with leading managed service providers and consulting organizations worldwide. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance, delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and Web applications. RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps organizations solve their most complex and sensitive security challenges by bringing visibility and trust to millions of user identities, the transactions they perform and the data that is generated. RSA delivers identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services. www.RSA.com Symantec is a global leader in providing security, storage and system management solutions to help our customers – from consumers and small businesses to the largest global organizations – secure and manage their information-driven world against more risks at more points, more completely and efficiently. Our software and services protect completely, in ways that can be easily managed and with controls that can be enforced automatically – enabling confidence wherever information is used or stored. Trend Micro is celebrating 25 years of innovation security and sharing our vision for a data-centric security framework. In our booth you’ll see the Trend Micro™ Custom Defense Solution against advanced persistent threats (APTs). You will earn what we mean by complete end user protection. And, you’ll understand how our virtualization and cloud customers are winning in the data center with integrated, agentless security. Websense, Inc. (NASDAQ: WBSN), is a global leader in unified web security, email security, mobile security and data loss prevention (DLP). The company’s proven best-in-class information security solutions are available as appliance-based software or SaaS-based cloud-based services. The Websense® TRITON™ unified security solutions help organizations securely leverage traditional, social media and cloud-based communications, while protecting from advanced threats, preventing loss of confidential information, and enforcing Internet use and security policies. Verizon Enterprise Solutions creates global connections that help generate growth, drive business innovation and move society forward. With industry-specific solutions and a full range of global wholesale offerings provided over the company’s secure mobility, cloud, strategic networking and advanced communications platforms, Verizon Enterprise Solutions helps open new opportunities around the world for innovation, investment and business transformation. Visit verizon.com/enterprise. Verizon Enterprise Solutions can help safeguard your information from tomorrow’s threats and provide secure access where and when you need it. Access our dedicated security solutions site to get the latest information, including insightful blogs from our engineers and consultants, plus in-depth papers, video snapshots and our flagship Data Breach Investigations Report (DBIR), the most comprehensive review of security incidents available. www.verizonenterprise.com/us/solutions/security/

PLATINUM SP ONSORS AirWatch is the leader in enterprise-grade mobility management and security solutions. Our highly scalable solution provides a real-time view of an entire fleet of corporate and employee-owned Apple iOS, Android, Windows, BlackBerry and Symbian devices. As the largest MDM provider, AirWatch offers the most comprehensive mobility management solution. Akamai is the leading cloud platform for helping enterprises provide secure, high-performing user experiences on any device, anywhere. Our Intelligent Platform™ removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud – Akamai accelerates innovation in our hyperconnected world. AT&T Inc. is a global leader in communications and a recognized leader in Business-related voice and data services, including global IP services, hosting, applications, and managed services. Businesses all over the world, deploy AT&T services to improve productivity, manage overall costs, and position themselves to take advantage of future technology enhancements. Check Point Software Technologies Ltd. the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. www.checkpoint.com The Citrix® Mobile Solutions Bundle, which is comprised of XenMobile™ MDM and CloudGateway™, offers a complete enterprise mobility management solution. It gives IT a comprehensive set of tools that make it easy to manage and secure devices, apps, and data. It allows users to access any app from any device, giving them the freedom to experience work and life their way. Fasoo has been successfully building its worldwide reputation as a leading enterprise DRM solution provider with the best-in-class solutions and services. Fasoo has successfully retained its leadership in the enterprise DRM market by deploying solutions for more than 1,100 organizations in enterprise-wide level, securing more than 2 million users.

SOLUTION SHOWCASE PLATINUM SPONSORS CONTINUED FireEye is the leader in stopping today’s new breed of cyber attacks such as zero-day and APT attacks that bypass traditional defenses and compromise over 95% of networks. The FireEye solution is the world’s only signature-less protection against multiple threat vectors. FireEye solutions are deployed by more than 25% of the Fortune 100. Fortinet, a global provider of IT security, delivers customer-proven solutions that provide organizations with the power to protect and control their IT infrastructure. Our customers rely on our technologies, solution architecture, and global security intelligence to block threats and gain control of their network, data, and users. IBM Security offers one of the world’s broadest, most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research and development, provides the security intelligence to help holistically protect people, infrastructure, data and applications for protection against advanced threats in today’s hyper-connected world. McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. We are relentlessly focused on constantly finding new ways to keep our customers safe. MetricStream is the market leader for integrated Governance, Risk, Compliance (GRC) Management Solutions, which includes solutions for IT Risk & Compliance Management, Information Security Risk Management, Business Continuity Management, IT Disaster Recovery Management, Audit Management, Policy Management, Supplier/Vendor Governance and Quality Management. Palo Alto Networks is the network security company. Its next-generation rewalls enable unprecedented visibility and granular policy control of applications and content at up to 20Gbps with no performance degradation regardless of port, protocol, evasive tactic or SSL encryption. Secunia is the leading provider of IT security solutions that help businesses and private individuals globally manage and control vulnerability threats and risks across their networks and endpoints. This is enabled by Secunia’s award-winning Vulnerability Intelligence, Vulnerability Assessment, and Patch Management solutions that ensure optimal protection of critical information assets. SilverSky is the expert provider of cloud security services. The company delivers the industry’s only advanced Security-as-a-Service platform that’s simple to deploy and transformational to use. By tirelessly safeguarding corporate communications and infrastructure, SilverSky enables growth-minded leaders to pursue their business ambitions without security worry.

RELEVANT . INTELLIGENT . SECURITY

Solutionary reduces the information security and compliance burden, providing flexible managed security and compliance services that work the way clients want; enhancing existing initiatives, infrastructure and personnel. Our patented technology, systems and process, and our actionable threat intelligence make our clients smarter. We call this relevant, intelligent security Sonatype CLM fixes the risk in open source. Security teams and application developers rely on Sonatype CLM across the software lifecycle to identify risky open source components, enforce policy, and fix flaws. http://www.sonatype.com/ Sourcefire®, Inc. is world leader in intelligent cybersecurity solutions. Trusted by organizations and government agencies in more than 180 countries, Sourcefire’s solutions, including industry-leading next-generation network security appliances and advanced malware protection, provide customers with Agile Security® for continuous protection in a world of continuous change. Stonesoft delivers software-based network security to secure information flow and simplify security management. The company’s products include next generation rewalls, intrusion prevention systems, and SSL VPN solutions. Stonesoft has the highest customer retention rate in the industry due to low TCO, ease of management, and prevention of advanced evasion techniques. Tripwire is a leading global provider of IT security solutions for enterprises, government agencies and service providers who need to protect their sensitive data on critical infrastructure from breaches, vulnerabilities, and threats. Thousands of customers rely on Tripwire’s critical security controls like security configuration management, file integrity monitoring, and log and event management. Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances. Trustwave has helped hundreds of thousands of organization manage compliance and secure their network infrastructures, data communications and critical information assets. For more information, visit https://www.trustwave.com. Veracode provides the world’s leading Application Risk Management Platform. Veracode’s patented and proven cloud-based capabilities allow customers to govern and mitigate software security risk across a single application or an enterprise portfolio with unmatched simplicity. Veracode was founded with one simple mission in mind: to make it simple and cost-effective for organizations to accurately identify and manage application security risk. VMware is the global leader in virtualization and cloud infrastructure solutions that enable businesses to thrive in the Cloud Era. With more than 400,000 customers and 55,000 partners, organizations of all sizes rely on VMware to help them transform the way they build, deliver and consume Information Technology resources in a manner that is evolutionary and based on their specific needs. Voltage Security®, Inc. is the leading data protection provider, delivering secure, scalable, and proven data-centric encryption solutions, enabling our customers to effectively combat new and emerging security threats. Our data protection solutions allow any company to seamlessly secure all types of sensitive information, while efficiently meeting compliance and privacy requirements. WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk. WhiteHat Sentinel, the company’s flagship product family, is the most accurate and cost-effective website vulnerability management solution available, delivering the visibility, flexibility, and control that organizations need to prevent website attacks. www.whitehatsec.com.

36


SOLUTION SHOWCASE SILVER SPONSORS Absolute Software Corp.

Blue Coat Systems

EventTracker

Lancope

PhishMe, Inc.

Thycotic Software, Ltd.

AccessData

Bradford Networks

F5 Networks

LANDesk Software

Proofpoint, Inc.

TITUS

Adobe Systems Inc.

Brinqa

Fiberlink

LockPath

Radiant Logic, Inc.

TrustSphere

AgeTak

Bromium

FireHost

LogRythm

Rapid7

Tufin Technologies

Agiliance

Centrify

FireMon

Mandiant

RedSeal Networks

Venafi, Inc.

AhnLab

Core Security

Marble Security, Inc.

Rsam

Verdasys

AlertEnterprise Inc.

Courion Corporation

Fischer International Identity

Modulo

SailPoint

Vormetric, Inc.

Appthority, Inc.

Coverity, Inc.

FishNet Security

NetIQ

Sath Technologies

WatchDox

General Dynamics Fidelis Cybersecurity Solutions

Neustar

SecureAuth SOA Software

WatchGuard Technologies, Inc.

Aveksa

Critical Watch

Axis Technology

Cyber-Ark Software

HID Global

Norman AS

Axway

CYBEROAM

Hitachi ID Systems

NSFOCUS

Software AG

Bay Dynamics, Inc.

Damballa

Identropy

NuData Security

Splunk

BeyondTrust

Digital Defense, Inc.

Imperva

Okta

Integralis

OpenTrust

SSH Communications Security

Juniper Networks

Oracle

Bit9 Bloomberg Vault

DriveSavers Data Recovery

Wontok Xceedium, Inc. ZixCorp Zscaler

Tenable Network Security

MEDIA PARTNERS

BECOME A SPONSOR Jason Bonsignore Account Manager +1 203 316 6050 [email protected]

Sponsors as of March 12, 2013, and subject to change

Silas Mante Account Manager +1 203 316 3778 [email protected] John Forcino Account Manager +1 203 316 6142 [email protected] David Sorkin Sales Director +1 203 316 3561 [email protected] Krista Way Account Manager +1 203 316 6763 [email protected]


37

AGENDA AT A GLANCE Agenda as of April 25, 2013, and subject to change



9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair 9:45 a.m. IG1. Case Study: Advanced, Persistent and Threatening — Who Are the Attackers and What Are They Doing?

Dave Monnier, Security Evangelist and Fellow, Team Cymru;

Lawrence Pingree

10:45 a.m. Solution Provider Sessions 11:30 a.m. IG2. Critical Infrastructure Protection Requirements Driving New Security Demand Ruggero Contu 2:15 p.m. IG3. Best Practices for Mitigating Advanced Persistent Threats Lawrence Pingree G

G

CISO 4:30 p.m. A1. Transform Your Securit y and Risk Program o r Find Anoth er Job 5:30 p.m. A2. Preparing a Security Strategic Plan

Paul E. Proctor

F. Christian Byrnes






10:00 a.m. W6. Workshop: Use a Balanced Scorecard to Demonstrate Security’s Value

Rob McMillan

11:15 a.m. A3. Organizing for Success: Developing Process-centric Security Teams Tom Scholtz 2:00 p.m. A4. Finding the Optimal Balance Between Be havioral and Technical Controls Andrew Wall s 4:15 p.m. A5. Maverick Research: Transform Your Security Program — From Control-centric to People-centric

Tom Scholtz




9:15 a.m. Solution Provider Sessions 10:30 a.m. A6. That Frigh tening Phras e: “The Standard o f Due Care”

Rob McMillan

11:30 a .m. A7. The Care and Feed ing of an Eff ective Awareness Pro gram Andrew Wall s 1:45 p.m. A8. Using Outside Resources: Security Consultants and T hreat Intelligence Services 4:00 p.m. A9. To the Point: The Risk Mana gement Matu rity Pathway Rob McMillan 4:30 p.m. A10. To the Point: The Inform ation Securi ty Maturi ty Pathway Rob McMillan 6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

Rob McMillan

THURSDAY, JUNE 13 7:00 a.m. HC3. HIPPA Security (Registration required; end users only.) 8:30 a.m. A11. Case Study

Irma Fabular, Wes Rishel, Alice Wang

TBA

9:30 a.m. A12. Panel: Reset Your IAM Planning! Lessons From the Veterans Gregg Kreizman, Earl Perkins 10:30 a.m. A13. Open Mic

F. Christian Byrnes

11:30 a .m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice P resident

GTP Sessions by Gartner for Technical Professionals analysts EU Energy/Utilities

F Financial Services

G Government

H Healthcare

M Manufacturing

AGENDA AT A GLANCE MONDAY, JUNE 10 8:00 a.m. Event Orientation 8:15 a.m. K1a. Gartner Opening Global Keynote


9:45 a.m. IF1. Case Study

TBA

10:45 a.m. Solution Provider Sessions 11:30 a.m. IF2. Do I Need Cyberinsurance? Juergen Weiss F

2:15 p.m. IF3. Strategic Road Map for Financial Services Enterprise Risk Management John A. Wheeler F

IH1. Don’t Give Them the Keys to the

IME1. Understand OT: The Emerging

IME2. Supply Chain IT Risk

Kingdom Until You Know Who They Are

Risks From Advanced Automation

Barry Runyon


Challenges: What Exactly Is That Supplier Doing? Erik T. Heidt GTP

H

IH2. HIPAA Bites: Getting Ready for HIPAA Enforcement Wes Rishel H IH3. Help Save Healthcare: Tackling

Fraud and Abuse at an Enterprise Level Christina Lucero, Avivah Litan

H

EU M

IME3. Securing the OT Environment Earl Perkins, Kristian Steenstrup EU IME4. Responsibility and Accountability of OT Systems Kristian Steenstrup EU M

IT SECURITY 4:30 p.m. B1. Practicing Safe SaaS Jay Heiser

C1. Securing Private, Public and Hybrid Cloud Computing Neil MacDonald

W4. Workshop: Build an Effective Security and Risk Program Tom Scholtz, Rob McMillan, Jeremy D’Hoinne 5:30 p.m. B2. Cyberthreat Lawrence Orans C2. Panel: What Is the Future of Mobile

Management and Security?

D1. Panel: Getting IAM Going — Best

E1. Big Data Discovery Using

Practices for Formalizing Your IAM Program Ant Allan, Ear l Perkins,

Content-Aware Data Loss Prevention Solutions Eric Ouellet

Ray Wagner W5. Workshop: Gartner Network Security De sign D2. Cost, Consequence and Value: The Economics of IAM Earl Perkins

Peter Firstbrook, Neil MacDonald, John Girard

Greg Young

E2. Cloud Encryption: Strong Security,

Obfuscation or Snake Oil? Ramon Krikken

GTP


TUESDAY, JUNE 11 7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.) 10:00 a.m. W7. Getting Value Out of IT Security and Risk Metrics Programs Ramon Krikken GTP C3. Top 10 Security Myths Jay Heiser 11:15 a.m . B3. Presenting a Hard Target to Attackers: Operationally Effective Vulnerability Management

D3. Town Hall: Access All Areas Ant Allan, Greg g Kreizma n

E3. TBA

D4. Your Cloud and Mobile Devices Broke My IAM Gregg Kreizman

E4. Security Monitoring of Public Cloud Anton Chuvakin GTP

D5. IAM for Applications and Data: The

E5. Using Managed Containers to

Rise of Data Access Governance in IAM Earl Perkins

Protect Information on Mobile Devices

Mark Nicolett

2:00 p.m. B4. Panel: Real-World Case Studies in Mobile Banking Security Moderator: Avivah Litan;, Dave Jevans, Chai rman, Anti-Phi shing Working Gro up, Marble Security; Vas Rajan, Chief Information Security Officer, CLS Bank; Tim Wainwright, Managing Director, CISSP, Security Risk Advisor 4:15 p.m. B5. Mobile Device Security Exploits in Depth John Girard, Dionisio Zumerle

C4. How Can You Leverage Content-Aware

DLP to Ensure Your Corporate Policies and Processes Are Effective? Eric Ouellet

C5. Endpoint Security When the Consumer Is King Peter Firstbrook

Eric Maiwald

GTP

5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President 6:30 p.m. Hospitality Suites

WEDNESDAY, JUN E 12 7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.) 8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone”

9:15 a.m. Solution Provider Sessions 10:30 a.m. B6. Preparing Your Security Program for BYOD Eric Ahlm

C6. Cybersecurity! (The Biggest Scam Since the Ponzi Scheme) Greg Young

W10. Workshop: Meeting Business Ne eds for Mobility and Security Eric Maiwald C7. User Activity Monitoring for Early 11:30 a.m. B7. Predictions: Your Network Security in 2018 Greg Young Breach Detection Mark Nicolett

1:45 p.m. B8. Encryption Planning Made Simple! Follow the Data Brian Lowans

C8. Big Security Data Is Neither Big

Security Nor Big Intelligence Joseph Fei man

W11. Workshop: Cloud Contracts — Develop Your Own Security and Risk Exhibits Gayla Sullivan 4:00 p.m. B9. To the Point: The Database Security Manual — C9. To the Point: Deny Denial of Service What You Need to Know Brian Lowans Attacks Lawrence Orans 4:30 p.m. B10. To the Point: Cybersecurity for the Internet of C10. To the Point: Playing Chess With APTs Anton Chuvakin; Ramon Krikken Everything Earl Perkins GTP

D6. Using Big Data Analytics for Information Security Neil MacDonald

E6. Managing, Securing and

Budgeting the Mobile Device Life Cycle John Girard

E7. Keeping Bad Guys Out of Your Accounts Using Five Layers of Fraud Prevention Avivah Litan John Girard, Eric Ahlm D8. Mobile Device Policy Essentials E8. Case Study: A Successful John Girard, Dionisio Zumerle Implementation of the FICAM Guidelines TBA W12. Workshop: IT Risk Cloud Manifesto — Defining What Enterprises Need but Aren’t Gettin g! Erik T. Heidt D9. Case Study TBA E9. To the Point: Refresh Vulnerability Assessment Kelly M. Kavanagh D10. To the Point: Revolution and E10. To the Point: Best Practices Evolution in Windows 8 Security for Securing Information During International Travel Dionisio Zumerle Mario de Boer D7. Good Authentication Choices for

Smartphones and Tablets


THURSDAY, JU NE 13 8:30 a.m. B11. The Seven Dimensions of Context-Aware Security Avivah Litan

C11. Top Mobile Gear: Mobility Road Trip! Ant Allan, John Girard, Tom Scholtz

D11. Getting to Single Sign-on Securely Gregg Kreizman

W13. Workshop: Mobile Application Security Neil MacDonald 9:30 a.m. B12. Is Cloud Encryption Ready for Prime Time? Eric Ouellet

W14. Workshop: IT Security — Planning a Se lf-Audit

E11. Facing Information Sprawl: Secure

Synchronization of Data on Endpoints Mario de Boer

10:30 a.m. B13. Software-Defined Networking and Its Impact on Security Eric Maiwald GTP

C12. Adapting the Secure Web Gateway Peter Firstbrook, Lawrence Orans C13. Panel: Hackers Are Not a Threat to

Security — A Future of Internet Security

GTP

Khushbu Pratap

D12. Panel: A World Without Passwords and Tokens Ant Allan, Avivah Litan, Ian Glazer D13. Identity and Access Management Gets Social Ant Allan

E12. DLP Architecture and Operational Processes Anton Chuvakin GTP E13. Web Application Firewalls:

Features, Products, Deployment and

Alternatives Mario de Boer GTP Joseph Feiman, John Girard, Avivah Litan, Eric Ahlm, Neil MacDonald, Lawrence Pingree, Eric Ouellet, Peter Firstbrook 11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice Pr esident




9:45 a.m. PC2. ISO 22301 Implementation Session 10:45 a.m. Solution Provider Sessions 11:30 a.m. T4. TBA

Roberta J. Witty; John P. Morency; Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting

2:00 p.m. W3. Workshop: Selecting Solutions for the Control and Monitoring of Public Social Media 2:15 p.m. PC7. Using MSSPs for Effective Threat Management Kelly M. Kavanagh

Mario de Boer

GTP

BCM 4:30 p.m. H1. What Are the BCM Software Markets and How to Get the Most Out of Them

Roberta J. Witty, John P. Morency, Leif Eriksen, John Girard

5:30 p.m. H2. What You Can and Cannot Do With Recovery Exercise Management Automation John P. Morency


TUESDAY, JUNE 11 7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.) 8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec


11:15 a.m. H3. Case Study: Business Continuity Metrics — From Project to Program to Incident Management

2:00 p.m. H4. Cloud Service Provider Risk Management

Roberta J. WittyBCM Metrics

TBA

Donna Scott, John P. Morency, Jay Heiser

4:15 p.m. H5. Managing Global Recovery and Continuity Risk John P. Morency, Roberta J. Witty 5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President



10:30 a.m. H6. What You Need to Know About Technical IT-DRM Architectures Donna Scott, John P. Morency 11:30 a .m. H7. Case Study TBA 1:45 p.m. H8. Recovery Exercising Best Practices Belinda Wilson 4:00 p.m. H9. To the Point: BCM Grows Up — How a Nexus of Technologies Is Moving BCM Into the C-Suite Roberta J. Witty 4:30 p.m. H10. To the Point: The Business Continuity Management Planning Market in Depth Roberta J. Witty, John P. Morency


THURSDAY, JUNE 13 8:30 a.m. H11. Supplier Contingency Plannin g: What You Need to Know for Supplier Recovery Gayla Sullivan 9:30 a.m. H12. Designing and Architecting for 24/7 Availability Donna Scott 10:30 a.m. H13. How to Conduct an Effective BIA Belinda Wilson 11:30 a .m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice P resident



G Government

H Healthcare

M Manufacturing




9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair 9:45 a.m. W1. Workshop: Information Security Architecture 101 Tom Scholtz, Doug Simmons 10:15 a.m. T1. Tutorial: Top Security Trends and Take-Aways for 2013 and 2014 Ray Wagner PC1. Sharing Data Without Losing It Jay Heiser 10:45 a.m. Solution Provider Sessions 11:30 a.m. PC4. SIEM Architecture and Operational Processes Anton Chuvakin GTP PC5. Forget MDM: Extending Security and Identity to Mobile Apps

2:00 p.m. W2. Workshop: How to Develop Effective and Efcient Disaster Recovery Plans John P. Morency, Belinda Wilson 2:15 p.m. T3. Tutorial: IAM Myths and Monsters

Ramon Krikken GTP

Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty, PC6. End-User Case Study

Ray Wagner

TBA

RISK MANAGEMENT AND COMPLIANCE 4:30 p.m. F1./G1. General Session: Duck and Cover — Preparing for Cyberwar

Richard Hunter, Avivah Litan

5:30 p.m. F2. Linking Risk to Business Decision Making: Creating KRIs That Matter Paul E. Proctor

G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRC French Caldwell






11:15 a.m. F3. Security and Risk Management Technologies for Social Media Andrew Walls

2:00 p.m. F4. CEO Concerns 2013 and the IT Implications Jorge Lopez 4:00 p.m. W8. Workshop: TBA 4:15 p.m. F5./G5. General Session: A Clash of Forces — Managing Emerging Risks of the Nexus

G3. A New Way Forward: How to Create a Strategic Road Map for Compliance John A. Wheeler G4. Maverick Research: Crowdsource Your Management of Operational Risk Leif Eriksen, Paul E. Proctor W9. Workshop: IT Risk Management — Selecting the Best Assessment Methods and Tools Jeffr ey Wheatma n, Khushb u Pratap French Caldwell, Andrew Walls, panelists




10:30 a.m. F6./G6. Leadership, Governance and Risk David Marquet, Author of the Award-Winning Book, “Turn the Ship Around!”; French Caldwell 11:30 a .m. F7. Road Map for Intelligent Information Governance Alan Dayley G7. Defining Three Segments in the Audit Technology Market

Khushbu Pratap

1:45 p.m. F8. Align Gove rnanc e to Your Organiza tion for Suc cess Julie Shor t

G8. Top 5 IT Audit Trends in 2012-2013 Khushbu Pratap

4:00 p.m. F9. To the Point: Working With the Board of Directors on Risk and Technology for Competitive Advantage Jorge Lopez 4:30 p.m. F10. To the Point: Conquering the Last Frontier of Governance With Enterprise Legal Management John A. Wheeler 6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

G9. To the Point: Is Your Business Keeping Up With the Changes and Best Practices for E-Discovery? Alan Dayley G10. To the Point: Anti-Bribery Fear and Hype — Limits and Uses of FCPA Solutions French Caldwell

THURSDAY, JUNE 13 8:30 a.m. F11. The Four Faces of Governance

French Caldwell, Julie Short

W15. The Gar tner Net work Secur ity Arch itectur e Refere nce Mod el 9:30 a.m. F12. Ethics at the Nexus of Security, Privacy and Big Data Jay Heiser

G11. Case Study TBA G12. Why ERM and GRC Depend on Each Other to Succeed John A. Wheeler

G13. Debate: Cyberinsurance — Evolution or Revolution? 10:30 a.m. F13. Shrink-Wrap Governance: A Guide to Understanding Paul E. Proctor, John A. Wheeler GRC Software and Services French Caldwell 11:30 a .m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Kri kken, Vice President; F. Christian Byrnes, Managing Vice President



G Government

H Healthcare

M Manufacturing




9:45 a.m. PC3. Now What? How to Use Service Providers to Support SIEM Operations Kelly M. Kavanagh, Mark Nicolett 10:45 a.m. Solution Provider Sessions 11:30 a.m. T2. Tutorial: Tell Me, What’s IT GRC Again? (Solutions to Common Challenges) Erik T. Heidt GTP 2:15 p.m. PC8. Road Stories: Lessons Learnt (and Fingers Burnt) in IT Risk Management Tom Scholtz

BUSINESS OF IT SECURITY 4:30 p.m. J1. Global Security Markets: Where Are We Going From Here? Eric Ahlm, Ruggero Contu, Lawrence Pingree 5:30 p.m. J2. Survey Analysis: Examining the Gartner Global 2012 Security Conference Survey Results Eric Ahlm, Ruggero Contu, Lawrence Pingree


TUESDAY, JUNE 11 7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management

Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes

HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10

Christina Lucero, Irma Fabular (Registration required; end users only.)

8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec


11:15 a.m. J3. User Survey Analysis: Security Services Market Trends Eric Ahlm 2:00 p.m. J4. Panel: Security Startups — Leading the Way to Success Ruggero Contu, Lawrence Pingree, Gaurav Banga,CEO, Bromiun; Mike Horn, CEO, NetCitadel; Pravin Kothari, CEO, CipherCloud; George Kurtz, CEO, Crowdstrike; Gordon Shevlin, CEO, Allgress

4:15 p.m. J5. Buyers Are From Mars, Vendors Are From Venus

Eric Ahlm, Rob McMillan



WEDNESDAY, JUNE 12 HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.) 8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone”

10:30 a.m. J6. Information Security: Process or Technology — Which Way Do We Go? Jeffrey Wheatman, Jay Heiser, Anton Chuvakin, Neil MacDonald, Tom Scholtz 11:30 a .m. J7. Management Still Doesn’t Get Security (And What You Can Do About That)

Paul E. Proctor

1:45 p.m. J8. TBA 4:00 p.m. J9. To the Point: Security Specialist Career Guide — Prosper, Survive or Leave Joseph Feiman 4:30 p.m. J10. The Evolving Security Software Ecosystems: Gartner Predictions for the Market’s Future Ruggero Contu


THURSDAY, JUNE 13 8:30 a.m. J11. Security: A Financial Perspective Frank Marsala 9:30 a.m. J12. Gartner Security Market Magic Quadrant Reviews Avivah Litan, John Girard, Kelly M. Kavanagh, Neil MacDonald, Joseph Feiman, Mark Nicolett 10:30 a.m. J13. Case Study

TBA

11:30 a .m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice P resident



G Government

H Healthcare

M Manufacturing

REGISTRATION AND PRICING Gartner events deliver what you need We’ve developed conference essentials to ensure that your time at a Gartner summit results in real value and delivers everything you need — efficiently and effectively.

3 WAYS TO REGISTER Web: gartner.com/us/securityrisk Email: [email protected] Phone: 1 866 405 2511

REGISTER TODAY Standard price: $2,375

Gartner event tickets

Team Attendance Program:

Leverage more value across your organization Knowledge creates the capacity for effective action. Imagine the impact on your organization when knowledge multiplies: common vision, faster responses, smarter decisions. That’s the Gartner Team Attendance effect. You’ll realize it in full when you attend a Gartner event as a group. Maximize learning by participating together in relevant sessions. Split up to cover more ground, sharing your session take-aways later. Leverage the expertise of a Gartner analyst in a private group meeting.

Team benefits • Team meeting with a Gartner analyst (end users only) • Role-based agendas • On-site team support: Work with a single point of contact for on-site team deliverables • Complimentary registrations

We accept one Gartner summit ticket or one Gartner Catalyst ticket for payment. If you are a client with questions about tickets, please contact your sales representative or call +1 203 316 1200.

Complimentary registrations 1 for every 3 paid registrations 2 for every 5 paid registrations 3 for every 7 paid registrations

For more information, email [email protected] or contact your Gartner account manager.

Event Approval Tools For use pre-event, on-site and post-event, our Event Approval Tools make it easy to demonstrate the substantial value of your Gartner event experience to your manager. They include a customizable letter, cost-benefit analysis, top reasons to attend and more. Visit gartner.com/us/securityrisk for details.

EARN CPE CREDITS Attending the summit helps you advance your continuing professional education (CPE). Registered participants are eligible to earn CPE credits toward (ISC)2, ISACA, DRII, and IAPP certification programs. Learn more at gartner.com/us/securityrisk.


SPECIAL GARTNER HOTEL ROOM RATE

$247 per night (plus tax) at Gaylord National Resort and Convention Center 201 Waterfront Street National Harbor, MD 20745 Phone: +1 301 965 4000 gaylordhotels.com

43

Gartner Security and Risk Mgmnt Summit 2013

Recommend Documents