Post on 18-Nov-2014
description
• Mobileapplicationsandsecurity
• Advancedpersistentthreats
• Cloudcomputingandsecurity
• Consumerization
• Securingthevirtualizeddatacenter
Security and Risk Intelligence: The Next Step in Improved Business Performance
Early-bird savings Save$300whenyouregisterbyApril29
June 20 – 23 National Harbor, MD (Washington, D.C. area) gartner.com/us/securityrisk
Gartner Security & Risk Management Summit 2011
Intelligencefortoday’sbusiness-criticalsecurityfunction:
2 Register by April 29 and save $300.22
Prepare to benefit from new security intelligence capabilitiesThe Gartner Security & Risk Management Summit is the premier gathering for senior IT and business executives across the breadth of IT security and risk management, including privacy, compliance, business continuity management, IT disaster recovery and business resiliency.
Four complete programs—IT Security, Risk Management, Business Continuity Management and CISO—deliver:
• More than 100 drill-down sessions across four programs and eight virtual tracks.
• 15 analyst-led roundtable discussions, 8 workshops, keynotes, case studies and more.
• Analyst one-on-one meetings.
• CISO Invitational Program.
• NEW! CRO Invitational Program.
This year’s theme explores new business intelligence being generated by next-generation security programs—a new source of business value tied directly to the security function. Join us to identify your next steps toward a more secure and resilient enterprise, and improved business performance.
• Mobile applications and security
• Social media and security
• Consumerization
• Advanced persistent threats
• The future of national cybersecurity
• Cloud computing and security
• Securing the virtualized data center
• Critical infrastructure protection
• Fraud detection
• Endpoint security
• Data loss prevention
• Identity management
• Information security metrics
• CIO, CSO, CISO, CRO, CFO, CCO, CGO, CPO and CTOs
• IT vice presidents/directors
• Governance, risk, compliance, and privacy executives
• Senior business executives
• General counsel
• Finance, audit, legal risk and compliance and regulators
• Enterprise and operational risk managers
• Continuity of operations
• Crisis management
• Disaster recovery
• IT infrastructure, network and operation
Hot topics
Who should attend
Overview
3Visit gartner.com/us/securityrisk or call 1 866 405 2511.33
2 Overview
3 Benefits of Attending
4 Keynote Sessions
6 Meet the Analysts
8 Summit Highlights
9 Program Descriptions
10 Virtual Tracks
12 Agenda at a Glance
14 Solution Showcase
15 Registration
Leverage the global expertise of Gartner analystsThe Gartner Security and Risk Management Summit is unique in the industry. No other gathering brings together leading executives in IT security and risk management, Gartner analysts, and relevant solution providers for a comprehensive update on security, risk and BCM disciplines. Get the insight you need to:
• Architect an overall security, risk management and BCM strategy aligned to business needs and goals.
• Protect mission-critical infrastructure from sophisticated new threats and deliver a more agile and resilient enterprise.
• Benefit from new business intelligence being generated by risk, security and BCM programs.
• Evaluate new security risks presented by SaaS, cloud computing and virtualization.
• Understand the changing vendor universe and make the right investments.
• Keep the board and other business leaders informed by articulating security and risk strategy in business language.
• Use insights from BCM, risk and security programs for greater efficiency and improved business performance.
• Prepare for new regulatory, compliance, privacy and e-discovery requirements.
• Use the latest BCM models to identify critical data and processes and make your enterprise highly resilient.
• Create a more risk-aware organizational culture that supports risk management initiatives.
Attending the summit helps you advance your continuing professional education. Registered participants are eligible to earn CPE credits toward ISC2, ISACA, and DRII Certification programs. Learn more at gartner.com/us/securityrisk.
Table of contents
Earn CPE credits
Benefits of Attending
4 Register by April 29 and save $300.
Gartner keynotePresenter: Vic Wheatman, Managing Vice President, Gartner Research
Today’s information security and risk management programs are often based on a noncohesive set of technologies that lacks comprehensive knowledge management, analytics and planning capabilities. What is needed is a transformation to enterprise security intelligence (ESI), enabling correlation and impact analysis across all sources. We have learned how to collect information, but we have not excelled at applying knowledge. In this brief introduction, we will preview the ways in which the conference will bring together the pieces of information security and risk toward an ESI concept to improve organizational performance.
Just announced! Guest keynotesPresenter: Valerie Plame, “Outed” CIA operations officer and best-selling author of “Fair Game”
As a covert CIA operations officer, Valerie Plame worked to protect America’s national security and prevent the proliferation of weapons of mass destruction. In 2003, she found herself at the heart of a political firestorm when senior White House and State Department officials revealed her secret status to several national journalists—including a syndicated conservative newspaper columnist who published her name. Plame’s autobiography, “Fair Game: My Life as a Spy, My Betrayal by the White House,” became a New York Times bestseller and was recently made into a major motion picture.
Presenter: Joseph Wilson, Former U.S. ambassador, author of “The Politics of Truth”; chairman of the board, Symbion Power, Africa
Joseph Wilson’s historic career in international relations spans more than three decades, with service under five U.S. presidents: Ford, Carter, Reagan, Bush Sr. and Clinton. Widely recognized for his diplomatic leadership, Wilson was hailed as “a true American hero” by President George H. W. Bush for his efforts to free more than 100 American hostages in Iraq. The last American official to confront Saddam Hussein before the start of the Gulf War, Wilson served as the acting U.S. ambassador in Iraq throughout Operation Desert Shield.
Keynote Sessions
5Visit gartner.com/us/securityrisk or call 1 866 405 2511.
Security, Risk and Crisis Management in the Coming DecadePresenter: Michael Chertoff, Former Secretary of Homeland Security, 2005-2009, Co-Founder and Managing Principal, The Chertoff Group
A senior official involved in managing major crises, Michael Chertoff will explore strategies for managing risk. Drawing upon the his experiences as head of the criminal division of the U.S. Department of Justice and as U.S. Secretary of Homeland Security, Mr. Chertoff’s experience spans managing responses from the 9/11 attacks, the Enron and other corporate accounting scandals and natural disasters, including Hurricane Katrina.
Mr. Chertoff will address the security challenges posed by foreign investment in sensitive domestic industries and will close with a focus on global vulnerabilities, including supply chain disruption and cyberwarfare. Mr. Chertoff will also describe lessons learned regarding preparedness as well as resiliency and response in exceptionally high-profile media environments.
Presenter: David Pogue, Tech
Columnist, The New York Times
As the tech columnist for The New York Times, David Pogue has a front-row seat for observing today’s blazing-fast torrent of new inventions. Hundreds of
technologies come down the pike every year—and plenty get lots of press—but sadly, much of it is junk and some of it carries potential security risks. Pogue will stick his neck out to predict which will actually cause major, disruptive changes. He’ll display, discuss and even demonstrate the technological advances—in personal entertainment, mobile technology, Web 2.0, security and more—that will have the most impact on society in the coming years.
Program Chairs
Vic WheatmanConference Chair, Managing Vice President
F. Christian Byrnes CISO, Managing Vice President
Ray WagnerIT Security, Managing Vice President
Lawrence OransIT Security, Director
French CaldwellRisk Management and Compliance, Vice President
Roberta J. WittyBusiness Continuity Management, Vice President
6 Register by April 29 and save $300.
Ken DulaneyVice President and Distinguished Analyst
John BaceVice President
Meet the Analysts
F. Christian ByrnesManaging Vice President
Jay HeiserVice President
Paul E. ProctorVice President and Gartner Fellow
French CaldwellVice President and Gartner Fellow
Carsten CasperDirector, Gartner Consulting
Tom ScholtzVice President and Distinguished Analyst
Dan BlumVice President and Distinguished Analyst
Ant AllanVice President
Perry CarpenterDirector
Joseph FeimanVice President and Gartner Fellow
Ken DulaneyVice President and Distinguished Analyst
Peter FirstbrookDirector
Trent HenryVice President
John GirardVice President and Distinguished Analyst
Kelly KavanaghPrincipal Research Analyst
Eric MaiwaldVice President
Neil MacDonaldVice President and Gartner Fellow
Rob McMillanDirector
John PescatoreVice President and Distinguished Analyst
Earl PerkinsVice President
Lawrence PingreeResearch Director
Vic WheatmanManaging Vice President
Jeffrey WheatmanVice President and Distinguished Analyst
Greg Young Vice President
Tim ZimmermanPrincipal Research Analyst
Gregg KriezmanDirector
Ramon KrikkenDirector
Avivah LitanVice President and Distinguished Analyst
Mark NicolettVice President and Distinguished Analyst
Lawrence OransDirector
Eric OuelletVice President
Ray WagnerManaging Vice President
Bob WalderDirector
Andrew WallsDirector
CISO IT Security
John P. MorencyVice President
Andrew WallsDirector
Rob McMillanDirector
Doug SimmonsVice President Consulting
Alice WangDirector Consulting
7Visit gartner.com/us/securityrisk or call 1 866 405 2511.
John BaceVice President
Michele CantaraVice President
French CaldwellVice President and Gartner Fellow
Andrew FrankVice President
Ken DulaneyVice President and Distinguished Analyst
John F. HagertyVice President and Distinguished Analyst
Dale KutnickSenior Vice President, Executive Programs
Jay HeiserVice President
Debra LoganVice President and Distinguished Analyst
Mark NicolettVice President and Distinguished Analyst
John P. MorencyVice President
Paul E. ProctorVice President and Gartner Fellow
Tom ScholtzVice President and Distinguished Analyst
Drue ReevesVice President and Distinguished Analyst
Steven StokesManaging Vice President
Andrew WallsDirector
Ken DulaneyVice President and Distinguished Analyst
Roberta J. WittyVice President
John GirardVice President and Distinguished Analyst
Jay HeiserVice President
Jeffrey ViningVice President
Tom ScholtzVice President and Distinguished Analyst
Donna ScottVice President and Distinguished Analyst
Risk Management and Compliance
Business Continuity Management
Sit down privately for 30 minutes with a Gartner analyst who specializes in the topic you’d like to discuss. To reserve your one-on-one session, visit the Agenda Builder at gartner.com/us/securityrisk or the one-on-one desk on-site at the conference.
Gartneranalystone-on-ones
Earl PerkinsResearch Vice President
Mark DriverResearch Vice President
Carsten CasperResearch Director
Andrew WallsDirector
8 Register by April 29 and save $300.
Summit Highlights
Networking that delivers valuable insightsIn addition to community networking breakfasts by industry and program, lunch and evening receptions, hospitality suites and roundtable discussions, this year’s summit includes a special event presenting the 2010 executive summary from Financial Executives International, plus an Executive Women’s Forum meet-and-greet.
End-user case studiesGartner invites a number of end users to personally present leading-edge case studies and answer questions. It’s a unique opportunity to hear detailed accounts of major implementations firsthand.
Solution provider showcaseMeet with today’s leading and most innovative solution providers across security and risk. Hear their case studies, get answers to your questions and create a shortlist of top vendors.
Hear how your colleagues from various industries tackle problems similar to yours. These small group discussions, moderated by an analyst, provide an informal setting for you and your peers to share insight, challenges and concerns on today’s hottest topics.
Analyst-userroundtables
CISO and CRO Invitational ProgramsConcurrent with the summit, CISO and CRO Invitational Programs provide a forum for the exploration of top-of-mind Ieadership, IT security, privacy and risk management issues for CISOs, CSOs and CROs. In these intensive programs, guest executives meet with leading technology providers to exchange ideas and strategies. Participation includes gratis travel, hotel and registration and is by invitation only on a first-come, first-served basis. To apply, visit gartner.com/us/securityrisk.
Greater breadth and deeper coverage of key topics
Richer in both breadth and depth, the 2011 summit presents more new research than ever before. The Risk Management and Compliance program and the IT Security program have each been expanded, with increased focus on: enterprise and operational risk, legal and compliance, infrastructure protection and secure business enablement. Expect:• New research, case studies, keynotes and
marketplace updates
• More preconference tutorials, workshops and networking by community
• Eight virtual tracks with in-depth coverage of key topics, including wireless, cloud, IAM and privacy
• Four complete programs plus a new track— Technical Insights: Security Architecture—that focuses on improving business intelligence and data management solutions
New for 2011
9Visit gartner.com/us/securityrisk or call 1 866 405 2511.
Program DescriptionsSummit Highlights
IT Security Program Today’s security is about business as much as technology. From the cloud to the network, enterprise data to remote computing, security has a direct impact on the bottom line. In this program, we’ll address evolving trends and challenges across security, among them:
• Mobile applications and consumerization• Cloud computing and virtualized data centers• Advanced persistent threats• NEW track: Technical Insights: Security Architecture
Risk Management and Compliance ProgramThis program focuses on the technologies and strategies to improve governance, manage risk and adhere to the letter and spirit of the law. Top priorities we’ll cover include:
• Answering to the board—risk and compliance in business terms• E-discovery and information governance• New risks in the IT supply chain• Risk-based approaches to privacy
CISO ProgramSuited to those new to the role as well as experienced leaders updating their knowledge base, the program addresses evolving challenges in:
• Enterprise security intelligence• Business-IT security alignment• Governance, policy and privacy• Corporate risk management
Business Continuity Management ProgramHow does the enterprise ensure continuing operations and system availability when something goes wrong? What is the IT disaster recovery plan? These sessions help organizations anticipate the unanticipated and work to reinforce a discipline of continuity in the corporate culture, a perspective that can yield added benefits in the form of business intelligence and greater efficiencies. Key topics include:
• Cloud, mobile and social software, and disaster recovery• Standards and certification• Ensuring 24/7 availability
Four complete programs deliver in-depth insight across key disciplines
10 Register by April 29 and save $300.
Virtual Tracks
Wireless and Security Wireless access is a factor in all future network and user device approaches, bringing both new and reinvented wireless security challenges. This track covers business-critical system and data issues emerging from new wireless technologies.
CybersecurityOrganized teams of hackers are coordinating their efforts not only to gain access to systems for purposes of data acquisition or sabotage, but to negate remediation efforts in an attempt to maintain that access. This track explores cybersecurity issues that impact both the private and public sectors.
Cloud Computing Cloud computing presents major security challenges as well as exciting new opportunities in security-as-a-service and cloud-based security services. In this track, we’ll explore the new imperative: know your risk profile, understand the risks cloud computing can create, minimize those risks, and move forward appropriately.
Privacy Everybody wants privacy, but nobody wants to pay for it. Privacy professionals have to tap into the technology pools
and budgets from adjacent security, application and risk management areas. These sessions address emerging technologies that have an impact on privacy, but also those that can help to protect personal information.
Identity and Access Management As businesses and institutions mature, they must manage volatile and rapid change, establish effective formal governance and provide accountability through transparency. IAM can enable these evolutionary steps, but must itself evolve. It’s time for your IAM program to grow up and display the right foundation, architecture, governance and organization for delivering real value; we’ll examine how.
Trend Watch The trend line tells us that the bad guys are getting smarter, the technology more evolved and business practices around security, risk and compliance keep moving towards more maturity. Here we forecast future trends in the domain to help you get, and keep, ahead of the curve.
Virtual tracks let you follow a key trend or topic with relevant sessions pulled from across the conference offerings. Through the online Agenda Builder, you can also customize any of these eight tracks to suit your own specific interests. Visit gartner.com/us/securityrisk on your PC or mobile device to get started.
11Visit gartner.com/us/securityrisk or call 1 866 405 2511.
Marketplace Review Mergers and acquisitions, new point solutions and the convergence of product functionality into integrated solutions all contribute to a dynamic security, risk and compliance marketplace. What does that mean for your investments and future buying decisions? Get the latest updates to help you anticipate marketplace changes.
Social Media New social media tools aid collaboration, build brand awareness and facilitate off-the-record communications. These often bypass corporate filters, meaning that official correspondence is beyond enterprise control. Meanwhile, corporate and personal privacy is increasingly being put at risk. What can be done about the risks of emerging social media and how do they balance against the opportunities?
New track for IT security practitionersTechnical Insights: Security ArchitectureProviding in-depth technical research and decision support tools, these sessions explore the architecture and planning considerations for protecting information, building secure applications, understanding threats, auditing and monitoring activity, and managing risk associated with new devices and service hosting models. Session topics include:
• Developing a cloud computing security strategy• Consumerization and security architecture• Designing security monitoring architectures• Application security programs
Dive into hands-on specifics in workshops covering 10 hot topics, from creating key risk indicators to assessing your organization’s privacy posture.
AW1. Creating a Balanced Scorecard for Information Security Jeffrey Wheatman, Rob McMillan (8:30 a.m.)
BW1. IAM Program Maturity Assessment Ant Allan, Gregg Kreizman, Perry Carpenter, Earl Perkins, Ray Wagner (8:30 a.m.)
FW1. BCM MaturityJohn P. Morency, Roberta J. Witty (8:30 a.m.)
GW1. Creating Key Risk Indicators for Your Company Paul E. Proctor (8:30 a.m.)
AW2. CRO (10:20 a.m.)
BW2. SEC Foundational Building Blocks of a Data Loss Prevention Strategy Alice Wang (10:20 a.m.)
FW2. KRI Development John P. Morency, Roberta J. Witty (10:20 a.m.)
For complete details visit gartner.com/us/securityrisk.
Thursday workshop series
12 Register by April 29 and save $300. 13Visit gartner.com/us/securityrisk or call 1 866 405 2511.
Monday, June 20
11:30 a.m. Tutorial 1. Developing Next-Generation Security Metrics Jeffrey Wheatman
B S F
Tutorial 2. Choosing the Right BCM Consultant for the Job John P. Morency, Roberta J. Witty
FBP
Tutorial 3. Fathoming the Jellyfish: Understanding the Gartner IAM Taxonomy and Capability Models Ant Allen
S T F
Tutorial 4. Security Markets Worldwide Lawrence Pingree B F
Tutorial 5. Top Security Trends and Take-Aways for 2011-2012 Ray Wagner
S T F
10:00 a.m. Welcome Address Vic Wheatman, Managing Vice President and Conference Chair
10:15 a.m. Opening Keynote Michael Chertoff, Secretary of Homeland Security, 2005-2009
Infrastructure Protection
Secure Business Enablement The CISO
Enterprise and Operational Risk Management
Managing Legal and Compliance Risks
SecurityTechnical Insights:
Security Architecture CISO Risk Compliance BCM Analyst-User Roundtables
11:30 a.m. B1. From Security Silos to Enterprise Security Intelligence Joseph Feiman
B S A
C1. Defending the Homeland: The Future of National Cybersecurity Andrew Walls
T S A
D1. The Identity and Access Management Scenario Gregg Kreizman
B A S
E1. Emerging Technologies for Mobile Security John Girard, Ant Allan
T A
TI1. Dangerous Times: Shared Intelligence Plays a Vital Role Dan Blum
P A
A1. Defining the Information Security Program F. Christian Byrnes, Mark A. Margevicius
B S F
G1. Selecting IT Risk Assessment Methods and Tools: A Use Case Approach Tom Scholtz
P H1. The End of the Beginning and What’s Next in Compliance John Bace, French Caldwell
S A
F1. Operations Resilience: How Achievable Will It Be? John P. Morency, Donna Scott
S B
AUR1. Emerging Trends in Security and Risk Management Ray Wagner
AUR2. Tablet Security Supporting iPads in the Enterprise Bob Walder
12:30 p.m. Attendee Lunch and Solution Showcase Dessert Reception, Theater Showcase Presentations
2:30 p.m. B2. Adaptive, Context-Aware Security Infrastructure and Intelligence Neil MacDonald
S A
C2. Cyberwar and APT: Hype and FUD Bob Walder
T S A
D2. Improving IAM Processes Is a Business Imperative Earl Perkins
B F S
E2. Best Practices for Owning Your Airwaves to Provide Security, Maximize Performance and Mitigate Interference Tim Zimmerman
T P A
TI2. Managing the Risk of Using SaaS Eric Maiwald
S A T
A2. Risk Assessment 101 Jay Heiser
F B S
G2. The KRI Catalog Paul E. Proctor
B P F
H2. The Future of Privacy Carsten Casper, Andrew Walls, John Bace
B S A
F2. Building Resilience Into the Development Life Cycle Roberta J. Witty, John P. Morency
P T
AUR3. Enterprise Security Intelligence Roundtable Joseph Feiman
AUR4. Cloud Concerns Roundtable Lawrence Pingree
3:45 p.m. Solution Provider Sessions
5:00 p.m. Guest Keynote Fair Game: Intelligence, Integrity, Security and Counterproliferation Valerie Plame, “Outed” CIA Operative; and Former Ambassador Joseph Wilson
6:00 p.m. Solution Showcase Evening Reception
Tuesday, June 21 7:00 a.m. Breakfast
8:15 a.m. B3. Content-Aware Data Loss Prevention Trends for 2011 and Beyond Eric Ouellet
S A T
C3. Securing the Virtualized Data Center: From Private Cloud to Public Cloud Neil MacDonald
S A
D3. The Future of Access Management: the End of Point Solutions Gregg Kreizman
T A P
E3. Next-Generation Architectures for Infrastructure Guest Access Tim Zimmerman
P A
TI3. Develop a Cloud Computing Security Strategy Dan Blum
S A T
A3. Report Risk to the Board…and Keep Your Job Paul E. Proctor
B P F
G3. Analytics’ Role in Managing Risk John F. Hagerty
P A
F3. Standards Comparison: BS 25999, NFPA 1600 and ASIS SPC.1-2009 Don Byrnes
B P F
AUR5. Talkin’ Bout My Next G-g-g-generation Firewall Greg Young
AUR6. Crisis Management John P. Morency, Donna Scott
P B
9:30 a.m. Solution Provider Sessions
10:45 a.m. B4. Critical Infrastructure Protection, Smart Grid and Next-Generation Threats Earl Perkins
S A
C4. How to Use the Cloud and Stay Secure John Pescatore
P A
D4. Security Information and Event Management Drives Enterprise Security Intelligence Mark Nicolett
P A
E4. New Trends in Fraud Detection: Grappling With the Enemies Within and Without Avivah Litan
P A
TI4. Consumerization and Security Architecture Eric Maiwald
A4. An Introduction to Information Security Architecture Tom Scholtz
F G4. Driving Performance and Improving Risk Management With BPM Michele Cantara
P F
H4. Understanding the Foundations and Components of Compliance John Bace
F P
F4. Social Software and Recovery Andrew Walls, Roberta P. Witty
A B
AUR7. Achieving Your IT Resilience Goals John P. Morency, Donna Scott
T AUR8. Network Access Control Experiences Lawrence Orans
11:45 a.m. Solution Showcase Lunch and Exhibits Theater Presentations
2:00 p.m. B5. iPad Data Safety Bob Walder
P A
C5. Secure Web Gateways: Intelligently Defending Against the Web 2.0 Threat Peter Firstbrook, Lawrence Orans
P A
D5. Looking Forward: Best Practices for User Administration Perry Carpenter
B F S
E5. The Enterprise Social Platform: The Newer Attack Vector Alice Wang
R S A
One Giant D-L-P for Your Security Architecture Trent Henry
A5. Building an Effective Security Awareness Program Andrew Walls
P F
G5. Ensuring Cloud Assurance Jay Heiser
S A
H5. Intelligent Information Governance 2011 Debra Logan
P F
F5. Uptime All the Time Donna Scott
A T
AUR9. TBA
3:15 p.m. Solution Provider Sessions
4:30 p.m. BN1. Net IT Out: Tips for Vendor Proposals Greg Young
P F
CN1. Net IT Out: Cloud Performance and Security Bob Walder
P A
DN1. Net IT Out: Business Continuity Management Planning BCMP Jeff Vining, Roberta J. Witty
EN1. Net IT Out: Choosing User Provisioning Vendors Perry Carpenter
P F
AN1. Privacy Policy: Structure and Content Carsten Casper
S F
GN1. Net IT Out: Operational Technology Governance, Risk Management and Compliance Earl Perkins
S F
HN1. Net IT Out: Choosing Enterprise GRC Vendors French Caldwell, Paul E. Proctor
S F
FN1. BCM Software Marketplace Review: Emergency Mass Notification Services and BCMP John Girard, Tom Scholtz
P T
DN1. Business Continuity Management Planning (BCMP) Jeff Vining, Roberta J. Witty
4:55 p.m. BN2. Net IT Out: E-Mail Encryption Eric Ouellet
P A
CN2. Net IT Out: Log Management as a Service: Alternatives to SIEM Kelly M. Kavanagh
P A
EN2. Net IT Out: Choosing Fraud Detection Vendors Avivah Litan
P A
AN2. Managing Relationships With Internal and External Auditors John P. Morency
P F
GN2. Net IT Out: Understanding the E-Discovery Market Debra Logan
F S
HN2. Net IT Out: Choosing IT GRC Management Vendors Mark Nicolett
P F
5:30 p.m. Keynote: TBA
6:30 p.m. Hospitality Suites
Wednesday, June 22 7:30 a.m. Breakfast With the Analysts
8:30 a.m. B6. Building the Intelligent Endpoint Protection Platform Peter Firstbrook
S A
C6. The Mobile Security Brothers Traveling Roadshow John Pescatore, John Girard
D6. One Ring to Rule Them All: Intelligent Security Management With Active Directory Andrew Walls
P F
E6. The State of Enterprise Data Collaboration for Internal and External Needs With EDRM, DLP, Encryption and Portals Eric Ouellet
T F S
TI6. IT1 Presentation: Designing Security Monitoring Architectures Ramon Krikken
A6. The Care and Feeding of Security Policies Jay Heiser
F S
G6. Enterprise and Operational Risk Management: Directors Roundtable, What the Board Wants Dale Kutnick, French Caldwell
B S
H6. Supply Chain Risks in a Changing World Stephen Stokes
P F6. Case Study: A Modern Approach to Business Resiliency Management at Lockheed Martin Corporation Nader Mehravari
S B
AUR10. Enterprise Fraud Management Roundtable Avivah Litan
9:45 a.m. Solution Provider Sessions
11:00 a.m. B7. The Glass House of Data Center Security Greg Young
P A
C7. How to Avoid Having a Really Bad Day: Preparing For and Managing Security Incidents in a Controlled Way Rob McMillan
P A
D7. Improving IAM. Value Through Identity and Access Intelligence Earl Perkins
T A S
E7. Case Study: Ensuring Privacy—Intelligently Protecting Patient EMR and Medical Identity Information Saikat Maiti, Head, Information Security and Data Privacy, Varian Medical Systems
TI7. IT1 Presentation: Making Progress in Application Security Programs Ramon Krikken
A7. Articulating the Business Value of Information Security Tom Scholtz
P F
G7. Future Scenarios for Privacy, Advertising and Online Social Identity Andrew Frank
S A
H7. Which Regulations Apply to Me French Caldwell
F P
F7. Disaster in the Cloud Jay Heiser
A T
AUR11. Security Metrics Roundtable Jeffrey Wheatman
AUR12. TBA
12:00 p.m. Solution Showcase Lunch and Exhibits Theater Presentations
1:30 p.m. B8. Hey Boss, I Need Another Network Security Tool Lawrence Orans, John Pescatore
P A
C8. Vulnerability Management for Emerging Threats and Technologies Mark Nicolett
S A
D8. Improving Identity Assurance: Best Practices for User Authentication Ant Allan
T F P
E8. Embrace Emerging IAM Administration and Intelligence Trends to Improve Time-to-Value Perry Carpenter
A P
TI8. Stop Worrying and Embrace SharePoint Security Features Trent Henry
A8. What to Do When a Lawyer Is Not Around John Bace
P F
G8. Critical Strategies to Manage Risk and Maximize Business Value of Open Source Within the Enterprise Mark Driver
S F
H8. Negotiating and Managing Cloud Legal and Liability Issues Drue Reeves
P A
F8. Modernizing Recovery Into Resilience John P. Morency
A T
AUR13. Mobile Applications and Recovery Roberta J. Witty, John Girard T
2:45 p.m. Solution Provider Sessions
4:00 p.m. B9. Case Study: Oil Company Builds Security Program Using Tools and Governance Doug Simmons, Gartner Consulting
S A
C9. Data Encryption for Compliance and Information Governance Eric Ouellet
P F
D9. Assessing Risks in Social Collaboration Software Andrew Walls
P A
E9. Managing Identity in the Cloud Greg Kreizman
T F P
A9. The Future of GRC French Caldwell
S A
G9. Case Study: Best Practices in E-Discovery Debra Logan
P F
H9. Managing Vendors and Their Risks to Your Business French Caldwell
P F
F9. Case Study: Mobile Technologies in Disaster Recovery John Girard
P T
AUR14. TBA AUR15. TBA
5:15 p.m. Guest Keynote Disruptive Tech: What’s New, What’s Coming, How It Will Change Everything and Is It Secure? David Pogue, Technology Columnist, The New York Times
Thursday, June 23 9:00 a.m. GS1. Pocket Power: Reap the Benefits of Mobile Evolution While Managing Risk Ken Dulaney
10:20 a.m. GS2. Col. Lindley Johnson, NASA’s Near-Earth Objects Observations Program Executive
11:45 a.m. Closing Keynote
12:15 p.m. Conference Ends
Create your own customized agenda online
Don’t miss that must-see session! Use our online Agenda Builder to customize your summit experience prior to the event. Build your agenda on your PC or mobile device, sign up for RSS alerts and more at gartner.com/us/securityrisk.
Agenda at a Glance
B Business T Technology S Strategic P Practical A Advanced F Foundational
See page 11 for our Thursday Workshop Series or visit gartner.com/us/securityrisk for complete details.
Solution Showcase
Today’s leading solution providers and top innovators in the security, risk management and business continuity management space will be on-site with their most informed representatives, ready to answer your questions. Get the research, ask your questions, streamline the vetting process, and leave with a shortlist you can act on immediately.
Premier Sponsors
Google’s cloud computing solutions allow you to dramatically lower IT costs and increase productivity, security and reliability. Google Apps is a 100% web suite of applications that includes Gmail, Google Calendar, Google Docs and Spreadsheets, Google Sites, and more. Google Postini services help make email systems more secure, compliant and reliable by blocking spam and malware before they reach your networks, by providing encryption and archiving to help meet compliance requirements, and by offering email continuity.
Verizon Business, a unit of Verizon Communications, is a global leader in communications solutions. We combine professional expertise with one of the world’s most connected IP networks to deliver award-winning communications, IT, information security and network solutions. We securely connect today’s enterprises - enabling them to increase productivity and efficiency. Many of the world’s largest businesses—including 96% of the Fortune 1000—rely on our professional and managed services and network technologies.
CIPHER is a global solution provider in Information Security. It is committed to delivering excellence and innovation through Consulting, System Integration and Managed Security Services (MSS) provided by modern 24x7 Security Operations Centres (SOC). CIPHER has over 10 years of experience, it is a highly accredited company including ISO 20000 and ISO 27001 certification and a pioneer in obtaining PCI-QSA and PCI-ASV certificates.
As a world-leading information technology company, HP applies new thinking and ideas to create more simple, valuable and trusted experiences with technology. Our focus is to continuously improve the way our customers live and work through technology products and services, form the individual consumer to the largest enterprise. More information can be found at www.hp.com
Platinum Sponsors
as of March 11, 2011
Dell Inc. (NASDAQ: DELL) listens to customers and delivers worldwide innovative technology and business solutions they trust and value. Recognized as an industry leader by top analysts, Dell SecureWorks provides world-class information security services to help organizations of all sizes protect their IT assets, comply with regulations and reduce security costs. www.dellsecureworks.com
AT&T Inc. is a global leader in communications, with operating subsidiaries providing services under the AT&T brand. AT&T is a recognized leader in Business-related voice and data services, including global IP services, hosting, applications, and managed services. In the United States, AT&T is a leader in Mobile voice and data, as well as IP, Yellow Pages and advertising services, and provides Wi-Fi service in over 20,000 hotspots.
Qualys, Inc. <http://www.qualys.com/> is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing an immediate, continuous view of security and compliance postures. The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 47 of the Fortune Global 100, and performs more than 500 million IP audits per year.
Symantec is a global leader in providing security, storage and systems management solutions to help our customers – from consumers and small businesses to the largest global organizations – secure and manage their information-driven world against more risks at more points, more completely and efficiently. Our software and services protect completely, in ways that can be easily managed and with controls that can be enforced automatically – enabling confidence wherever information is used or stored. www.symantec.com
Cisco security balances protection and power to deliver highly secure collaboration. With Cisco security, customers can connect, communicate, and conduct business securely while protecting users, information, applications, and the network. Cisco pervasive security can help minimize security and compliance IT risk, reduce IT administrative burden, and lower TCO. Information about Cisco security can be found at www.cisco.com/go/security
Websense, Inc., a global leader in unified Web security, email security, and data loss prevention (DLP) solutions, delivers the best content security for modern threats at the lowest total cost of ownership to tens of thousands of organizations worldwide. Distributed through global channel partners and delivered as software, appliance and Security-as-a-Service (SaaS), Websense helps organizations leverage Web 2.0 and cloud communication, while protecting from advanced persistent threats, preventing confidential data loss and enforcing security policies.
Core Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers gain real visibility into their security standing, real validation of their security controls, and real metrics for more effective information security.
Intel is a world leader in computing innovation. The company designs and builds the essential technologies that serve as the foundation for the world’s computing devices. Laptops with Intel® Anti-Theft Technology provide you with intelligent security for lost or stolen laptops. Because the technology is built into the hardware, Intel AT provides local protection that works even if a thief reimages the OS, changes the boot order, installs a new hard-drive, or stays off the Internet. Additional information is available at http://anti-theft.intel.com.
McAfee is the world’s largest dedicated security technology company. McAfee relentlessly tackles the world’s toughest security challenges. With nearly 350 patents, our award-winning research team and engineers develop solutions that make businesses more powerful to protect their systems, networks, and data, while also helping them optimize complex risk and compliance issues. At home, we help consumers secure every aspect of their digital life—PC, mobile phone, and internet—with solutions that auto-update and are easy to install and use.
Through world-class solutions that address risk across the enterprise, IBM Security Solutions enable organizations to build a strong security posture that helps reduce costs, improve service, manage risk, and enable innovation. For more information on how to address today’s biggest risks please visit us at ibm.com/security.
14 Register by April 29 and save $300.
Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content—by user, not just IP address—at up to 10Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications—regardless of port, protocol, evasive tactic or SSL encryption—and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. For more information, visit www.paloaltonetworks.com.
Solutionary reduces the information security and compliance burden, delivering flexible managed security services that align with client goals, enhancing organizations’ existing security program, infrastructure and personnel. The company’s services are based on experienced security professionals, actionable threat intelligence and the ActiveGuard service platform that provide expert security and compliance management. This client focus and dedication to customer service has enabled Solutionary to boast one of the highest client retention rates in the industry.
Guided by its vision of Dynamic Security for the Global Network, SonicWALL develops advanced intelligent network security and data protection solutions that adapt as organizations evolve and as threats evolve. Trusted by small and large enterprises worldwide, SonicWALL solutions are designed to detect and control applications and protect networks from intrusions and malware attacks through award-winning hardware, software and virtual appliance-based solutions. For more information, visit http://www.sonicwall.com/.
Sourcefire, Inc. (Nasdaq:FIRE) is a world leader in intelligent cybersecurity solutions. Sourcefire is transforming the way Global 2000 organizations and government agencies manage and minimize network security risks. Sourcefire’s Next-Generation IPS™, Next-Generation Firewall™, virtual, and anti-virus/malware solutions equip customers with an efficient and effective layered security defense - protecting network assets before, during and after an attack. Today, the name Sourcefire has grown synonymous with innovation and cybersecurity intelligence. For more information: http://www.sourcefire.com
Trend Micro provides leading Internet content security solutions for businesses and consumers. We protect against malware, spam, data leaks, and the newest Web threats designed to steal digital information. Our unique solutions stop these threats where they first emerge - in the Internet - before they can attack corporate networks and PCs. Founded in 1988, Trend Micro operates globally and protects hundreds of millions of users in the office, at home and on the go.
Tripwire is a leading global provider of IT security and compliance automation solutions. Tripwire VIA™, the comprehensive suite of industry-leading file integrity, policy compliance and log and event management solutions, is the way organizations proactively achieve continuous compliance, mitigate risk, and ensure operational control through Visibility, Intelligence and Automation.
Silver Sponsors
the network security companytm
RELEVANT . INTELLIGENT . SECURITY
Platinum Sponsors
Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. Trustwave has helped thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
Splunk is software used for monitoring, reporting and analyzing IT data. This data is generated by all applications, systems and infrastructure - located on-premise or in the cloud. IT data is massive in scale, unstructured and contains a definitive record of transactions, systems, applications and user activity. It’s also largely unused, trapped in rigid, silo-based systems. Only Splunk lets you capture and analyze real-time and historical IT data from one place, so you can unlock its value.
21st Century Software3MAbsolute SoftwareAccessData GroupAgiliance Inc.AirWatchAlertEnterprise Inc.AlgoSecArcSight an HP CompanyAuthenWare CorporationBeta Systems SoftwareBeyondTrust SoftwareBit9, Inc.Blue Coat Systems, Inc.
Bradford NetworksBWiseCentrifyClearwell COOP SystemsCyber-Ark SoftwareCyveillance, Inc., A QinetiQ North America CompanyDamballaDataguise, Inc.DeviceLock, Inc.Fischer International Identity
Hitachi ID Systems, Inc.Identity Finder, LLCInDorse TechnologiesLogRhythm, Inc.LumensionM86 SecurityMENTIS Software SolutionsMetricStreamModulonCirclenuBridges, Inc.PricewaterhouseCoopers, LLP
Rapid7RioRey, Inc.RsamSailPointSmarsh, IncSunGard Availability ServicesTenable Network Security, Inc.Tufin TechnologiesVeracode, Inc.Verdasys
Oracle Corporation (NASDAQ: ORCL) is the world’s largest enterprise software company, providing database, middleware, and collaboration products; enterprise business applications; application development tools; and professional services for businesses and organizations worldwide. For more information, visit oracle.com.
15Visit gartner.com/us/securityrisk or call 1 866 405 2511.
Register by April 29 and save $300!
Early-birdsavings
3 easy ways to registerWeb: gartner.com/us/securityriskE-mail: us.registration@eventreg.comPhone: 1 866 405 2511
Don’t miss this year’s in-depth coverage of security and wireless technologies, security and the cloud, and sophisticated new security threats. There’s no better way to update your IT security insights!
Silas ManteAccount Manager+1 203 316 3778silas.mante@gartner.com
Sponsorship Opportunities
Gaylord National Hotel and Convention Center201 Waterfront StreetNational Harbor, MD 20745Phone: +1 301 965 4000
A limited block of rooms has been reserved for attendees at this rate until May 23, 2011. To obtain the group rate of $230, indicate that you are attending the Gartner Security & Risk Management Summit when making your reservation.
Special Gartner hotel room rate: $230 (plus tax and $15 resort fee) for single or double occupancy
Registration
Bring the team and save!
John ForcinoAccount Manager+1 203 316 6142john.forcino@gartner.com
Conference registration fee includes conference attendance, documentation and planned functions.Standard price: $2,150Public-sector price: $1,750
Interested in becoming a Gartner client?Phone: +1 203 316 1111E-mail: client.info@gartner.com
Team discounts on registration rates:4 for the price of 37 for the price of 512 for the price of 8
Team benefits include:• Team meeting with a Gartner analyst (end users only)• Optional team meeting(s) with select executives from vendor organizations• Advice and support on building personalized agendas• 10+ free multimedia sessions from Gartner Events on Demand• Complimentary team lounge and meeting space• Concierge service, pre-event and on-site
For more information, e-mail us.teamsend@eventreg.com or contact your Gartner account manager.
David SorkinSr Account Manager+1 203 316 3561david.sorkin@gartner.com
© 2
011
Gar
tner
, Inc
. and
/or
its a
ffilia
tes.
All
right
s re
serv
ed. G
artn
er is
a re
gist
ered
trad
emar
k of
Gar
tner
, Inc
. or
its a
ffilia
tes.
Fo
r m
ore
info
rmat
ion,
e-m
ail i
nfo@
gart
ner.c
om o
r vi
sit g
artn
er.c
om. P
rodu
ced
by M
arke
ting
Com
mun
icat
ions
3 ea
sy w
ays
to re
gist
erW
eb: g
artn
er.c
om/u
s/se
curit
yris
kE
-mai
l: us
.regi
stra
tion@
even
treg
.com
P
hone
: 1 8
66 4
05 2
511
Prio
rity
code
:
Gar
tner
Sec
urity
& R
isk
M
anag
emen
t S
umm
it 20
11Ju
ne 2
0 –
23 •
Nat
iona
l Har
bo
r, M
D (W
ashi
ngto
n, D
.C. a
rea)
g
artn
er.c
om
/us/
secu
rity
risk
Pre
sort
edS
tand
ard
U.S
. Pos
tage
PAID
Gar
tner
56T
opG
alla
ntR
oad
PO
Box
102
12S
tam
ford
,CT
0690
4-22
12
Ear
ly-b
ird
sav
ing
sR
egis
ter
by A
pril
29 a
nd s
ave
$300
!
Nea
rly 5
0 se
curit
y se
ssio
ns c
over
ing
priv
acy,
mob
ility,
cl
oud,
com
plia
nce,
IAM
, crit
ical
infra
stru
ctur
e, b
usin
ess
enab
lem
ent a
nd m
ore
• M
obilit
y, c
loud
and
virt
ualiz
atio
n•
Con
sum
eriz
atio
n an
d co
mpl
ianc
e•
Crit
ical
infra
stru
ctur
e•
Bus
ines
s en
able
men
t•
Priv
acy,
IAM
and
mor
e