June 7, 2011
11:00am - 7:00pm: Registration
11:30 AM : ISE Central Nominee Welcome Luncheon & Presentation *Invitation Only
Sponsored by
Brian Wrozek
IT Security Director
Texas Instruments Incorporated
ISE® Central Executive Award Winner 2008
Security 2.0: Productivity is as Important as Protection
Security threats to enterprises continue to become more sophisticated as applications have become the front line of business where threats typically either are embedded in an application, ride with on or target. With productivity being just as important as protection, it's no surprise that security executives are looking for innovative and cost-effective ways to protect corporate networks, data, customers and associates. Further, with the advancement of cloud computing and SaaS applications cutting across a myriad of industries, indiscriminateblocking of content is no longer an acceptable solution in today's businessenvironment, where 24x7 anytime anywhere access to the Web is imperative.
This presentation will provide the following insights and perspectives:
- How to capitalize on the productivity enhancements afforded by a new wave of Web 2.0 Internet-based applications,while also limiting exposure to the sophisticated network threats
- Garner improved visibility to identify and track applications that are trying to tunnel over from different ports
- Generate user-based visibility and control of applications for heightened security
- Cost-effective methods for securing multiple networks from business purposes to non-critical/guest usage
1:00 PM : Welcoming Remarks and Introductions
Marci McCarthy
CEO and President of T.E.N.
CEO and Chairman of ISE® Talent
Biography
1:15 PM : Keynote Address
Julie Talbot-Hubbard
Director of IT Risk and Security Management
Cardinal Health
ISE® Central Executive Award Winner 2010
Information Security in Emerging Markets
With developing countries enjoying a torrid pace of growth, U.S companies are expanding their presence and generating an-ever increasing part of their sales. While companies are embarking on these intiaitives, information security executives are challenged to revisit their information security strategies, approaches and techniques to ensure they are adequately protecting their companies information and meeting new regulatory requirements. Julie will relate an Information Security Executives journey as a company expands into emerging markets.
2:15 PM : Interactive Executive Roundtables
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.
Friending Social Media in the Workplace: Laissez Faire or Lockdown?
Gene Scriven
Chief Information Security Officer and Vice President
Sabre Holdings
ISE® Southeast People’s Choice Award Winner 2008
ISE® Southeast Executive Award Finalist 2008
Facebook, Twitter, LinkedIn, YouTube, MySpace. Love it or hate it, Web 2.0 and social networking is now an important part of the business scene and companies that fail to engage run the risk of being left behind. Social media empowers businesses to build a brand, expand their reach, connect with customers and partners and facilitate the “flow of business.”
Chances are several of your employees are among the 500 million active Facebook members using any number of the 550,000 applications and tweeting to any number of the 160 million members on Twitter. Employees toggling between “friending” on Facebook and “businessing” on corporate systems leave a company open to the exposure of personal data in the workplace; the release of corporate data to the public; the risk of identity fraud; and a host of security, governance and compliance challenges. Further, a perfect storm is brewing between the number of people using social media and the increasingly sophisticated malware attacks being launched to prey on the data. Now, with the proliferation of third-party applications for mobile devices, the complexity and diversity of security issues becomes even greater as users download unsecured applications and use mobile devices for personal reasons.
Not Your Father’s Identity and Access Management: Moving from IAM to IAI
Mark Chamberlain
Executive Director, IT Security Management
USAA
The internal corporate network is now a connected web of people and devices as more employees work remotely; and partners, customers and vendors are given access to corporate systems and sensitive data. This connected business model many times means managing access for users the company knows little about, and accommodating SSO and less intrusive authentication. To complicate matters, cloud-based applications are on the rise, bringing more challenges to managing user security. Layered on top of these business considerations is the requirement to meet industry-specific standards and comply with regulations such as HIPAA, SOX and PCI. Businesses must prove accountability around data access and management.
Intelligence, as one of the pillars of IAM, is receiving increasing attention. Focused on auditing, monitoring and analytics, Identity Access Intelligence (IAI) improves the performance of IAM activities, offers controls for activities beyond an organization’s direct control and can satisfy growing compliance, privacy, eDiscovery and regulatory requirements. IAM and compliance solutions form the cornerstone of an organization's governance, risk and compliance strategy and serve as a basis for transforming security into an enabling function. Implementing these programs can be complicated and time-consuming, but enterprises may be able to simplify the process and make tangible contributions to enterprise business goals if they consider vendors that are developing ways to integrate IAM offerings with other compliance solutions.
Advanced Persistent Threat: It Pays to be Paranoid
Julie Talbot-Hubbard
Director of IT Risk and Security Management
Cardinal Health
ISE® Central Executive Award Winner 2010
Insider threat. Social engineering. Spear phishing. Pervasive botnet infections. Legitimate websites hosting malware. Polymorphic malware. Blended threats. Multiple infection vectors. Command & control servers. Some of the biggest and best companies in the world are being targeted by criminal and nation-sponsored groups seeking to obtain information on intellectual property, legal activities, trade negotiations, customers, employees, credit card numbers and other financials, production information and schematics – and more.
Theft of information and electronic data at global companies has overtaken physical theft for the first time, with losses rising from $1.4m to $1.7m per billion dollars of sales, according to the 2010/2011 Kroll Annual Global Fraud Report. A study conducted by the Ponemon Institute reveals that 83% of respondents believe their organization was the target of advanced attacks, with 44% believing they were victims of frequent targets.
Many organizations unwittingly help the attackers by failing to: train security staff, conduct security awareness training, implement layered defenses, completely enable security technologies, perform adequate security monitoring and retain and analyze security logs. Adherence to regulatory compliance also comes into play, as organizations often fall into the trap of thinking that if they’re compliant, they’re also secure.
Data Like Digital Water: Plugging the Leaks
Brian Wrozek
IT Security Director
Texas Instruments Incorporated
ISE® Central Executive Award Winner 2008
Data leakage is virtually impossible to stop, but the problem often isn't technology. It's people. The WikiLeaks incident underscores the risks inherent in failing to compartmentalize and in granting employees inappropriate levels of access to data and IT resources. Disgruntled staff, tech-savvy contractors and dismissed employees may misuse privileged access, or gain unauthorized access, and exploit the data. On the other end of the spectrum, naïve employees and well-intentioned users inadvertently leak data through improper and insecure handling of sensitive data.
WikiLeaks shines a spotlight on the policy, education, technology and enforcement issues that must be addressed if a company is to protect its information. Haphazard privileged password management combined with a lack of internal controls, access restrictions, centralized management, accountability and strong policies all contribute to placing an organization at risk for data loss.
3:30 PM : Break
3:40 PM : Nominee Showcase Presentations
Kevin SwailesDirector Global IP Protection, COE (Center of Excellence)
General Electric Energy
DLP for IP Protection
The DLP for IP Protection project was undertaken to protect GE Energy’s investment in its innovative technologies and competitive advantage by protecting its intellectual property and trade secrets. This presentation will highlight the holistic approach taken to protect the company’s intellectual property and how DLP technology secured classified information from insider threat while enabling sensitive information to move freely across the global organization and enable business processes. This session will also discuss how the Digital Guardian Enterprise Information Protection platform serves as the cornerstone for a policy-driven solution that provides discovery, monitoring, prevention and deterrence capabilities to ensure trusted and privileged users cannot mishandle sensitive data.
John R. South
Chief Security Officer
Heartland Payment Systems
Post-Breach Recovery and Reclamation
Heartland is the fifth largest payment processor in the United States delivering credit/debit/prepaid card processing, gift marketing and loyalty programs, payroll, check management, and related business solutions to more than 250,000 business locations nationwide. This presentation will highlight how the company overcame its high-profile security challenges by tackling head-on a portfolio of diverse risks such as “phishing”, network/application vulnerabilities, data leakage and insecure coding practices in the software development lifecycle (SDLC). With the rapid advances in today’s threat models and many lessons learned, this presentation will also address how company partnered with leading solution providers and partners to provide guidance that delivered the security tools and support services that allowed Heartland to set new standards and reclaim its status as an industry leader.
Shammy RamaDirector SRM
Electronic Arts
BSOC – Business Security Operations Center – The Next Generation SOC
This presentation will share how Electronic Arts (EA) through its’ "Business Security Operation Center" (BSOC), created a new generation 24X7 operation providing security and quantifiable risk management services to all its global offices. Highlighted in this presentation will be the type of risk management services that went into the BSOC service portfolio and that it met a stringent criteria and ‘scoring’ system to include Revenue Generation, Business Expansion, Employee Mobility, Loss Mitigation and Business Innovation. Also included in this session, will be how EA implemented a new twist on a traditional Security Operations Center (SOC) by addressing key ‘business’ enabling security services by centralizing security from all different domains such as physical security (including supply chain), incident management, information security, intellectual property protection, fraud monitoring to name a few.
Lisa HodkinsonVP, Information Risk Management
Nationwide
Effective Business Management = Enabling the Business through Effective Risk Management
This presentation will highlight how Nationwide established the framework, process and tools to identify and prioritize the top IT risks for their organization by aligning with information needs of the business leaders. Also covered in this session is how the Nationwide Project Team applied the learning and methods followed in the insurance industry to create a prioritized risk structure and framework that correlated inputs from business objectives, current IT risks, industry trends and broader IT risk landscape which ultimately culminated into a multi-year program roadmap and resulted in their business leaders mitigating their risk over time.
4:45 PM: Late Afternoon Break
5:00 PM : VIP Reception (invitation only)
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM : Sponsor Pavilion and Dinner Buffet
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2014, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:30 PM : ISE® Central Awards Gala
Honoring and celebrating the ISE® Central Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.
9:00 PM : Champagne & Dessert Reception
Enjoy champagne and dessert while celebrating the winners, nominees and project teams. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.