Day Two: Monday, September 23, 2019
7:40 am - 8:10 am Breakfast
8:10 am - 8:15 am Chairperson's Opening Remarks
8:15 am - 9:00 am A Lesson in Survival: Transforming Culture By Preparing for a Crisis
Is your team prepared for the uncertainty and chaos of a security incident? How rapidly can your organization band together during a crisis? Who do you need to navigate a major security event and have you trained them to identify and support their stakeholders?
In this talk, we will show how key personalities, including "fire fighters" and "bridge builders", emerge during the pandemonium of a major security event, and how these roles are core to the effectiveness of the security program long before a crisis ever happens. We will demonstrate how identifying, developing, and empowering these team members will allow you to not just survive a major event, but proactively build trust with your stakeholders and transform your security culture.
9:00 am - 9:30 am The Changing Cloud Threat Factor with the Increase of Attack Vectors
Move to cloud in some form, is nearly inevitable. For Financial institutions, this may increase your threat surface and invite more attacks from a greater number of vectors. The solution is not always regulation. Recent events have even shown that well prepared organizations with no apparent security gaps can still be at risk. This short subject will open the doors on a number of talking points to help establish a mature security posture.
•Defining perimeters with cloud technologies
•Evolving threat landscape
•Changing delivery of security for cloud
Sponsored by: IBM Security
Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!
Ignite Session
9:30 am - 9:50 am The Seven Habits of Highly Effective Hackers and How to Defend Against ThemWhat are the tactics, techniques and procedures used by today’s most advanced hackers, and how are they changing? In this talk, the heads of Nettitude’s offensive and defensive security teams will discuss the most common practices of today’s best hackers, and how organizations can defend themselves against each of them, including live demonstrations.
Ignite Session
9:30 am - 9:50 am How Real-Time Asset Intelligence Enables Full Posture ControlIn order to understand the business risk associated with critical systems and applications one needs to understand the state of controls within the ecosystem. This means absolute knowledge of physical and virtual devices on the network inclusive of access, configuration and protective controls. Forescout provides a continuous, real-time, and extendable device visibility platform to enable posture consistency and measurement from campus to datacenter to cloud. Key learnings you will take away from this session include:
· How to achieve continuous control of inventory – real-time, reconciled, and trusted CMDB accuracy
· Why 100% compliance to basic posture configurations should be the goal
· How to coordinate dynamic, unified network segmentation planning and enforcement
Sponsored by: Forescout
9:50 am - 10:00 am Networking Break
10:00 am - 10:30 am Business Meetings
10:30 am - 11:00 am Business Meetings
11:00 am - 11:30 am Business Meetings
Brainweave
11:35 am - 12:20 pm Redefining Personal Data Protection and PrivacySome organizations lack dedicated resources that help them track and govern their data at scale. How can CISOs work to combat this problem and ensure their data is properly managed and secured in the era of increasing privacy regulations such as GDPR and CCPA?
During this peer conversation, you will uncover:
- Advances in automated processes that will improve efficiency
- Strategies to map and govern data
How to ensure data compliance
Sponsored by: BigID
Masterclass
11:35 am - 12:20 pm Insider Threats or Allies? Building Security in Your Workforce in the Age of DisruptionNew technologies and regulations, like blockchainand GDPR, are changing the way we do business. Successful implementations and compliance require a skilled, security-conscious workforce. In this age of disruption, are you confident your employees aren't insider threats and instead are allies, working to safeguard your systems, data, and customers? If you can't emphatically answer "yes", this informative session will offer pathways to increase your workforce's security IQ so you can transform your organization and create a security mindset/culture.
Placeholder for Champlain
Kathleen Hyde
Chair, Cybersecurity & Digital Forensics Programs, and Assistant ProfessorChamplain College Online
12:20 pm - 1:20 pm Networking Lunch
1:25 pm - 2:05 pm Proactive Partnerships- Speaking the Language of Business and Technology
Cyber security needs to be aligned with the business with accountability across the organization and with the customers. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront - translating and communicating risk in a way that resonates with the business stakeholders and translates to what customers are seeking. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instill security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn:
- Engaging, managing, and exceeding expectations
- Top-down focus on risk management
- Evolving roles of the CISO, CIRO, and CIOs
2:05 pm - 3:05 pm Practitioner Roundtables
Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement.
3:00 pm - 3:30 pm Business Meetings
3:30 pm - 4:00 pm Business Meetings
4:00 pm - 4:30 pm Business Meetings
4:30 pm - 5:00 pm Networking Break
5:00 pm - 5:30 pm Innovating Third Party Risk Management (TPRM) in a Transformation World
Organizations are gravitating quickly to transformation (cloud, agile, RPA, etc). The goal of these activities is to improve customer service, increase revenue, reduce cost and operate more agile to name a few. This process requires TPRM activities to keep up with the transformative process.
In this session:
•Appropriate access levels for third parties user and system accounts
•Secure development of application integrations; including firewall configuration
•Sectioning internal networks to limit third party needs
