Summit Chair
Stephen Fried, CISSP, CISM
Chief Information Security Officer
People's United Bank
Message From The Chair, Stephen Fried:
The 1990s called. They want their security program back.
It’s 2015, yet many CISOs today are working with ten-year-old tools to protect 20-year-old technology. How much of the security tools and techniques you use today was developed to protect modern business concerns like mobile devices, XaaS platforms, increasing and changing compliance requirements from government and customers, and the “Internet of Things?” Most likely, very little. As an industry we’re rapidly falling behind in our ability to keep up.
The MIS Training Institute’s annual CISO Summit is designed to change that balance. The CISO Summit gives information security executives a clear picture of factors they need to address, and offers expert advice on how best to control prevailing risks. The CISO Summit will make you smarter, sharper, and more diversified than ever. Today’s CISO needs to understand such diverse areas as risk management, technology advancements, organizational behavior, legal and regulatory changes, effective communications, and financial management, but is often at a loss on where to get actionable information on how to address these areas. In short, you need answers from experts. The CISO Summit is the place to hear and interact with security and risk experts and your peers across multiple industries to gain and sharpen all these skills and more.
Sunday, March 22, 2015
7:00 AM – 8:00 AM Continental Breakfast
8:00 AM - 8:05 AM Opening Remarks Stephen Fried, CISSP, CISM, Chief Information Security Officer, People's United Bank
8:05 AM - 8:15 AM Paladion Sponsor Spotlight
Sachin Varghese, EVP North America, Paladion
8:15 AM - 9:15 AM Risk Management Approach to Enterprise Lifecycle Management
Connie Barrera, MCSE, CCNA, CCA, PCIP, CRISC, CISA, CISSP, CCP-M, Director Information Assurance, CISO, Information Technology, Jackson Health System
•
Define Risk Management Enterprise Lifecycle Management
Define Risk Management Enterprise Lifecycle Management•Key elements of Enterprise Lifecycle Management
Key elements of Enterprise Lifecycle Management•Establishing a robust program to address both on-prem and cloud environments
Establishing a robust program to address both on-prem and cloud environments•Operationalizing the program
Operationalizing the program•Analytics/metrics and scorecards to measure the effectiveness of the program
Analytics/metrics and scorecards to measure the effectiveness of the program•Audit considerations
Audit considerations9:15 AM – 9:45 AM Solve My Problem
Struggling with a challenge or need help with your security program? Let a room full of CISO’s help solve your problem! Email your problem to Maria Power at [email protected]. We'll choose the most challenging and interesting problems and email them to the attendees before the conference so all can bring their ideas for what worked, what didn't, and new ideas for tackling your issue. Prizes will be awarded for great questions and solutions, so get your problems in fast!
9:45 AM – 10:00 AM Refreshment Break
10:00 AM – 12:00 PM Sometimes You Gotta Say No
Tim Callahan, Vice President, Chief Information Security Officer, Aflac Worldwide Headquarters
George J. Dolicker, CISA, CISSP, Chief Information Security Officer, INC Research
Join CISOs Tim, and George, in a lively Point-Counterpoint discussion of if, when, and should a CISO ever say "No". In the evolving role of the CISO, Tim submits there are times and circumstances you have to, while George maintains you can achieve everything you need to without ever saying “no”.
Point
The CISO’s role is to support the business enterprise of a company or organization. In this role, the CISO must finds ways to enable business objectives, while securing the information assets of the company. In most cases, there is a reasonable spot of risk acceptance for a business end. But, what are those instances where the risks are so egregious the CISO must drive a stake. This lively discussion will examine:
•What does “Business Risk” really mean in practice?
What does “Business Risk” really mean in practice?•Who is the right entity to accept business risk?
Who is the right entity to accept business risk?•Who are all the stakeholders that must be considered?
Who are all the stakeholders that must be considered?•What does it mean to be a corporate “Officer” and the fiduciary responsibility of the CISO?
What does it mean to be a corporate “Officer” and the fiduciary responsibility of the CISO?•Is there ever a circumstance where “No” is the only answer and how to say “NO”
Is there ever a circumstance where “No” is the only answer and how to say “NO”Counterpoint
The CISO’s function, similar to that of brakes on a car, is to allow the business to drive faster… safely. The CISO must allow the business to leverage their information assets for the competitive advantage, and that means driving creative capabilities while keeping risk within the board’s appetite. Ultimately responding to a request by saying “No” is a power-play the CISO will not win more than once, while saying “Yes, and…” makes it a business decision.
•Teasing the “what I need to do” from “and here’s how I want to do it” requests
Teasing the “what I need to do” from “and here’s how I want to do it” requests•Every security decision in clear business terms
Every security decision in clear business terms•Understanding the value of your information assets
Understanding the value of your information assets•Focusing on the positives instead of the negatives
Focusing on the positives instead of the negatives •Making the easy way the secure way
Making the easy way the secure way12:00 PM – 1:15 PM Networking Luncheon
Luncheon Presentation: Is the SIEM Still Relevant? White Knight or White Elephant?
Thomas McDonald, VP Enterprise Engagements, Paladion
1:15 PM – 2:00 PM Influencing Change using Metrics, Sticks & Cookies
Ed Pollock, CISSP-ISSMP, CISM, Chief Information Security Officer, STERIS Corporation
•Learn from the success and failures of a company’s IT Security metrics program
Learn from the success and failures of a company’s IT Security metrics program•See how Lean Manufacturing techniques were used to improve IT
See how Lean Manufacturing techniques were used to improve IT•Real life examples and lessons learned to take back and use in your programs
Real life examples and lessons learned to take back and use in your programs•Metrics are great but how do you change behavior
Metrics are great but how do you change behavior•How to compare your security to other companies and who cares
How to compare your security to other companies and who cares2:00 PM – 3:00 PM Short Words and Sock Puppets: Communicating Security Information to Management
Stephen Fried, Senior Vice President, Information Security, QBE insurance NA
As the leader of your organization’s security program people will be looking to you to explain everything from why the firewall/anti-virus/vulnerability scanning/log management system is slowing down all the network traffic (it isn’t) to whether there should be panic about the latest Internet security threat they heard about on CNBC this morning (no). Your job is to answer all this and more in a manner that is clear, accurate, and - most importantly – understandable. This session will explain how you can communicate security information to all levels in the organization, from the Board of Directors to the most technical developers in IT, all by understanding who you are communicating with, how they process messages, and how to deliver those messages to the best effect. Important points will include:
•The difference between management communication and security awareness (hint: there is no difference)
The difference between management communication and security awareness (hint: there is no difference)•Understanding the audience for your message
Understanding the audience for your message•Accurately conveying risk information
Accurately conveying risk information•Sending the right (and the wrong) messages
Sending the right (and the wrong) messages•The importance of credibility
The importance of credibility3:00 PM – 3:30 PM Solve My Problem
Struggling with a challenge or need help with your security program? Let a room full of CISO’s help solve your problem! Email your problem to Maria Power at [email protected]. We'll choose the most challenging and interesting problems and email them to the attendees before the conference so all can bring their ideas for what worked, what didn't, and new ideas for tackling your issue. Prizes will be awarded for great questions and solutions, so get your problems in fast!
3:30 PM – 3:45 PM Refreshment Break
3:45 PM – 4:45 PM Growing a Security Team from Inside Your Organization
Chad Spitters, Chief Information Security Officer, Legg Mason
•Who is the best fit for a security team?
Who is the best fit for a security team?•What is the best approach for transitioning team members?
What is the best approach for transitioning team members?•How do you train your Team?
How do you train your Team?•How can you create a single team in diverse regions?
How can you create a single team in diverse regions?•Trusting your security team – how do you get to that point?
Trusting your security team – how do you get to that point?4:45 PM – 5:15 PM Wrap up panel
Connie Barrera, MCSE, CCNA, CCA, PCIP, CRISC, CISA, CISSP, CCP-M, Director Information Assurance, CISO, Information Technology, Jackson Health System
Tim Callahan, Vice President, Chief Information Security Officer, Aflac Worldwide Headquarters
George J. Dolicker, CISA, CISSP, Chief Information Security Officer, INC Research
Stephen Fried, Senior Vice President, Information Security, QBE insurance NA
Ed Pollock, CISSP-ISSMP, CISM, Chief Information Security Officer, STERIS Corporation
Chad Spitters, Chief Information Security Officer, Legg Mason
The day’s almost over, but the information just keeps coming! Join a panel of experts from the day’s presentations for a lively discussion on the most important ideas presented during the Summit (including, perhaps, some dissenting opinions), hear a few last thoughts, and answer any questions from the audience. A great way to wrap-up a great day!
5:15 PM - 6:15 PM Networking Reception
Top-notch training. Compelling speakers. Meaningful interactions.
CISO Summit Sponsor
Join the conversation using #InfoSecWorld
Contact Us
Registration/General Inquiries:
Customer Service
(508) 879-7999 ext. 501
Speaking Opportunities:
Katherine Teitler
Director of Content Development
[email protected] or (508) 532-3624
Exhibit Sales:
Vendors A-L
CJ Oliveri
Director of Sales, Conference Division
[email protected] or (508) 532-3609
Vendors M-Z
Howard Weinman
Director of Sales, Conference Division
[email protected] or (508) 532-3652
