CSO Perspectives 2010
Monday, April 5, 2010
1:00 pm - 5:00 pmState of the Art Negotiations: Workshop
Jonathan Richardson, Partner, The Black Swan Group, Ltd.

It has been said that you don't get what you deserve, you get what you negotiate. Presenting security initiatives during budget crunches only makes the process more difficult. In this session, renowned negotiator John Richardson will give you guidelines on negotiating the best possible outcome the next time you're faced with a CEO, a board of directors or any other potentially adversarial partner.

Tuesday, April 6, 2010
8:15 am - 9:15 amThe Changing Face of Security
Howard A. Schmidt CISSP, CSSLP, Special Assistant to the President and Cybersecurity Coordinator

President Obama has made Cybersecurity a policy priority within his Administration and on May 29th of last year the President made a historic speech stating that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on Cybersecurity.”  During that speech he also announced the release of his Cyberspace Policy Review, a top-to-bottom review of the federal government's efforts to defend our information and communications infrastructure.  Howard will discuss the Cyberspace Policy Review, the role of the private sector and the government in Securing Cyberspace.

9:15 am - 10:00 amState of the Art: Risk Management
Jeff M. Spivey CPP, President, Security Risk Management

It is essential to understand the role of Enterprise Risk Management within the entire scope of enterprise operations, as well as its relation to other security risks. This session will delve into this complex topic, as well as explore security's strategic and tactical perspective within private business and government agencies. Renowned security and risk expert Jeff Spivey will examine security's role within the larger scope of Enterprise Risk Management, and consider how best to leverage risk intelligence and collaborative technology to lower cost, develop effective risk management programs, and structure data to better manage security risk functions.
10:30 am - 11:30 amKeep an Eye on the World: Genzyme's State of the Art Security Operations Center
Jeff DiPrimio, Global Security Operations Manager, Genzyme
Bhayesh Patel, Senior Director, Global Risk and Business Resources, Genzyme

The Security Operations Center in Cambridge, Mass. run by biopharmaceutical company Genzyme is a state-of-the-art monitoring facility, from which company security executives can keep an eye on global operations. Genzyme executives will give you an in-depth inside look at how they keep an eye on their world.
11:30 am - 12:00 pmState of the Art Security
Roland Cloutier, VP and CSO, ADP

State of the Art security these days demands a flexible strategy and a changing infrastructure. Roland Cloutier, VP and CSO of payroll giant ADP, will discuss key concepts in leveraging your security footprint for maximum impact.
12:00 pm - 1:00 pmLunch with Discussion Topics

Look for the sign at certain tables during lunch, and you can join one of our lunch discussion groups, including:

Understanding Versatile Authentication and Its Benefits
Hosted by ActivIdentity

Join this lunch discussion and find out answers to key questions about an emerging class of identity and access management technologies that many industry analysts describe as "versatile authentication." Versatile authentication is becoming increasingly important as enterprises implement a greater variety of risk-appropriate authentication methods to meet the needs of different use cases.

Privilege Made Simple: Delegating Privileges with Certainty and Clarity
Hosted by BeyondTrust

In this lunch discussion, we will discuss how BeyondTrust solutions empower IT to eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and servers with globally proven solutions that increase security and compliance without impacting productivity. Key best practice guidelines and use case scenarios are presented to illustrate how enterprises can address complex privileged access and compliance requirements.

Protecting Your Business Against Emerging Network Threats
Hosted by Radware

Cybercrime has become a sophisticated and expensive business, as proven by the July 2009 attacks against the US and South Korea.  Learn how you can provide your network APSolute Immunity from evolving threats such as bots, malware, DDoS, and brute force attacks.

Application Security Maturity Model
Hosted by Cenzic

Discussion on what organizations are doing today to stay ahead of the hackers.

1:00 pm - 2:00 pmState of the Art: Crisis Management at the Speed of the Internet
Francis D'Addario, Emeritus Faculty Lead, Security Executive Council; Principal, Crime Prevention Associates

How are companies faced with security breaches able to respond strategically? In this session, Francis D’Addario shares insights from the Security Executive Council report “Crisis Management at the Speed of the Internet,” including:
  • How companies that have faced threats to their brands have responded;
  • How security executives can drive preparation to mitigate the effects of a crisis if one occurs; and
  • The broader need for a comprehensive communication and crisis management plan that incorporates the dynamic nature of the Internet.
2:05 pm - 2:50 pmSecurity Roundtable Discussions
These facilitated discussion groups are set up to get the conversations rolling quickly and get the ideas flowing freely. Each session is moderated by a CSO staff member or partner. We'll fire off a few questions to get started, then guide the conversation and generate best practices and great ideas.
2:05 pm - 2:50 pmApplication Security and Secure Coding
Bill Brenner, Senior Editor, CSO magazine
Secure Virtualization
Bernard Golden, CEO, Hyperstratus and author, Virtualization for Dummies
The Role of Enterprise Encryption
Bob Bragdon, Publisher, CSO magazine
2:55 pm - 3:25 pmA Simple Approach to Infusing Business-Centricity into Your Security Program
Omar Khawaja, Global Product Management, Verizon Business

How can you construct and measure your security program so that business-owners readily understand it? We know that security is about risk. We know that managing security in the context of risk connects security to the business. Measuring risk sounds simple, but is not so easy when you start to actually do it: selecting threat scenarios, defining assets, establishing business impact and searching for data to establish the likelihood of an event's happening. This session will illustrate how data discovery can form a critical building block in the construction of your security management program, as well as how data discovery can cost-effectively enable a risk-based, business-centric approach to: application security, vulnerability management, and security operations, among other security areas.
Architecting Security for the Private Cloud
Todd Thiemann, Senior Director, Datacenter Security Marketing, Trend Micro Inc.

Established perimeter-focused security technologies are facing scrutiny as enterprises virtualize and plan for private cloud computing. Technologies that served well in the past are being reconsidered given the prospect of a dynamic datacenter and threats that can work around perimeter-focused countermeasures. This session discusses threats to the environment and solutions to mitigate those threats.
Changing the Culture of Application Security
Bob Maley, CISO (former), Commonwealth of Pennsylvania

(Sponsored by Core Security Technoloiges)

Application security, particularly Web application security, has become such a huge risk that today’s organizations must fundamentally change the way they design, test and defend these systems. From driving security processes deeper into the development process to testing applications on an ongoing basis to ensure they remain protected, organizations must advance the application security lifecycle to address the level of risk posed by sophisticated attackers. This session will detail the policy making process needed to make that happen, from initial creation of requirements through constituent education, training and eventual enforcement, including both technical and political aspects critical to the overall process.
3:45 pm - 4:15 pmState of the Art: Security Leadership
The 2010 CSO magazine Compass Awards Presentation
The CSO Compass Awards recognize leadership, innovative thinking and dedication to advancing security awareness and practices. Winners of this prestigious award exemplify complete business acumen, an extensive background in security policies and procedures, and expertise in risk management.

These are the innovators, the leaders, power brokers of the security industry. These security leaders from the public and the private sectors are writing the security industry's next chapter—in their own organizations and in the business world. They are the CSO Compass Award honorees, chosen for advancing the security profession – each raising the bar in their own way.

The CSO Compass Awards honor individuals who demonstrate excellence, achievement and leadership in security and drive business value for their organizations. The winners of the 2010 CSO Compass Awards are:
  • Roland Cloutier, VP and CSO, ADP
  • Richard Gunthner, VP of Global Security, MasterCard
  • Erin Jacobs, CSO, United Collection Bureau
  • Leslie Lambert, CISO, Sun Microsystems
  • Alan Nutes, Security Manager, City of Atlanta Dept of Watershed Management
  • Bruce Schneier, Chief Technology Security Officer, BT
4:15 pm - 5:00 pmState of the Art: Security Leadership
The 2010 CSO magazine Compass Award winners' panel discussion: Several of this year's CSO Compass Award winners discuss how to best insulate your organization not only from major breaches, but also the current financial turmoil. They'll discuss how to handle a major breach when and if it comes, and how to keep the wolves at bay during these turbulent times.

Wednesday, April 7, 2010
8:10 am - 8:50 amState of the Art: Strategic Planning for Security
Eric Cowperthwaite, CSO, Providence Health & Services

Formulating a strategic plan is an essential part of every CSO's job. Veteran CSO Eric Cowperthwaite, who recently completed this challenging exercise, will share his experience creating the roadmap that will guide his organization for next several years. How did he account for as-yet unidentified threats? Who did he involve, and how did he get buy-in? Learn this and more in this compelling session.
9:00 am - 10:00 amState of the Art: Cloud Security
Ed Bellis, CISO, Orbitz
Jim Reavis, co-founder, Cloud Security Alliance
Derek Slater, Editor in Chief, CSO magazine
Jeff M. Spivey CPP, President, Security Risk Management
Keith Waldorf, COO, Doctor Dispense

This panel discussion will feature top cloud computing experts and some early CSO and CISO cloud adopters. The discussion will focus on the security risks of moving storage, applications or any part of your infrastructure and operations to the cloud, and how you can best go about mitigating those risks.
10:30 am - 11:00 pmFireside Chat: Cloud Security
Bob Bragdon, Publisher, CSO magazine
Punit Minocha, SVP Corporate Development, Datacenter Solutions and Cloud Computing, Trend Micro Inc.

The cloud security conversation continues as CSO publisher Bob Bragdon discusses the topics and concerns raised during the morning panel with Trend Micro executive Punit Minocha, SVP Corporate Development, Datacenter Solutions and Cloud Computing. Are panelists’ concerns on target? What really is coming down the pike in terms of both threats and solutions for the pubiic cloud? What are the latest best practices for cloud data protection? Learn this and more in this frank fireside chat, plus Punit's insights on the erosion of the traditional corporate security perimeter and how to establish a new perimeter "fit for the cloud."
11:00 am - 11:45 amState of the Market
Bob Bragdon, Publisher, CSO magazine
Sam Curry, Vice President, Product Management and Strategy, RSA, The Security Division of EMC
Bob Maley, CISO (former), Commonwealth of Pennsylvania
Tim Matthews, Senior Director , PGP Corp.
Mark Small, VP, Enterprise Sales, Websense

Join industry leaders for this spirited and informative panel discussion on the current state of the security market -- what's hot, what's coming down the pike, and what should you be watching for in the next year.
11:50 am - 12:20 pmWhy Unified Content Security is More Important Than Ever
Mark Small, VP, Enterprise Sales, Websense
Modern threats (such as the Aurora attack) create huge risks for today’s enterprise. Yet defending against these threats while also meeting company mandates to reduce capital and operational costs requires a new approach. Learn how unified content security, with a hybrid architecture, is the key to both addressing these modern threats and reducing total cost of ownership. Join us to learn more.
Practical Steps for Data Protection in the Cloud
Tim Matthews, Senior Director , PGP Corp.
The cloud -- private, public or hybrid – is here, it’s inescapable and it’s creating a seminal shift in the IT landscape.  But attacks on data are on the increase; 56% of the malware written today is designed to steal data; 42% of today’s data breaches involve a third party (a service provider or a consultant); and the cost of a data breach is at a new high -- almost $7 million per incident. So as data moves to the cloud, what practical steps can security professionals take to protect it?  How do you deploy key management and encryption technologies now but still provision for future growth?  Ultimately, how do you balance the combined pressures of greater accountability and growing IT complexity while protecting the security of your enterprise’s data at rest and in motion?   PGP Corp. will share some of the practical steps and best practices many of its Fortune 500 customers are taking to meet the challenges of data protection in the cloud, wherever that cloud may be.
1:30 pm - 2:30 pmState of the Art: Fraud Detection
Michael Theis, Executive Director of Insider Threat Strategies, Raytheon

The state of electronic fraud has become more serious with the global economic crisis and available technology. Those perpetrating fraud have become smarter, so you have to be smarter as well in preparing and executing your defenses. Electronic fraud expert Michael Theis will take us through his state of the art fraud detection, classification and mitigation techniques.