A security manager's responsibilities extend beyond the
technical aspects of the job. These days, effective governance and
compliance are just as essential.
This track explains how to build an effective compliance
program, define metrics to measure security's success and ensure
business continuity should the unexpected occur.
Sessions available for download (click title to download
slides) include:
Metrics for Security Investment
Speaker: Dr. Shawn Butler, cyLab's risk management interest
group.
Despite the proliferation of automated risk, security information
management tools and incident response teams, organizations have
terabytes of data that provide limited insight into how they should
invest. In order to answer the question "Did we make the right
security investment decisions," it is important to explicitly
identify the objectives and determine which metrics are needed to
support the spending process. This presentation examines ways to
improve your security metrics program by closing the gap between
the metrics you need and the metrics you are collecting.
For more information: Read
Metrics needed to guide application security
decisions
Making Information Security a Business
Issue
Speaker: Eric Holmquist, VP and director of risk management,
Advanta Bank Corp.
Too often information security is perceived, and even managed, as
IT's responsibility, when in fact it is the business that
ultimately owns the risk. However, positioning information security
correctly can have profound implications on budgets, senior
support, staff participation and the overall quality of the
program. This session explores strategies for positioning and
managing information security as a business issue rather than just
a technology one.
For more information: Read
Introduction to security governance
Lessons in Disaster Recovery: A 9/11 Survivor's
Story
Speaker: Donna Childs, founder and CEO, Childs Capital
LLC
Manmade and natural disasters are a constant threat to enterprises
big and small. Staying in business when your network's destroyed
and your employees are disbursed is something 9/11 survivor Donna
Childs knows all too well. The president and CEO of Childs Capital
was at the World Trade Center when terrorists struck. In this
session, Childs shares her strategies for staying up when
everything else is down and offers advice as how to effectively
plan for the unexpected and then cope once the unforeseen
hits.
For more information: Read
Disaster recovery success begins and ends with
the basics
Strategic Compliance: Continuous Process
Improvement
Speaker: Diana Kelley, VP and service director, security and
risk management strategies service, Burton Group.
This session enables security practitioners to extend the lessons
they learned in meeting regulations like Sarbanes-Oxley and Gramm
Leach Bliley, to a new crop of mandates. With a special focus on
the Payment Card Industry Standard and the Federal Financial
Institutions Examination Council authentication standards, it
investigates ways to build a strong compliance program that doesn't
require businesses to reinvent the wheel each time a new regulation
impacts them.
For more information: Visit SearchSecurity.com's
Compliance All-in-One Guide.
Go to the full listing of
sessions
Go to Track 1: Proven
Tactics to Repel Emerging Threats
Go to Track 2: Enhanced
Identity and Access Management
Go to Track 4: Snyder On
Security: An Insider's Guide to the Essentials