Gartner Security & Risk Management Summit 2014 25 26 August Hilton Sydney, Australia gartner.com/ap/security Smart Risk Balancing Security and Opportunity Hot Topics People-Centric Security Governance Risk and Compliance Cloud Computing and Security Mobility and Security Identity and Access Management Visit gartner.com/ap/security for updates and to register! 1
Smart Risk Balancing Security and Opportunity From the desk of Rob McMillan, Summit Chair Define and achieve effective security and risk management programs to improve enterprise performance Successful security and risk leaders must learn to make smart decisions to captivate enterprise leaders and employees at all levels, and to instill the values of security risk mitigation to cultivate the pursuit of greater business opportunities. Now in its 3rd year, Gartner Security & Risk Management Summit 2014, 25-26 August in Sydney, Australia, provides you with the latest strategies and best practices for maintaining an effective balance between risk and opportunity to mitigate security threats, so you can achieve faster business processes and improved enterprise performance. Vet your strategy against your peers, identify areas for improvement, learn from new case studies and return to the office with a focused vision to advance your security and risk management programs. You ll learn how to strike a workable balance between security and business, assess associated risks, communicate the parameters of that balance to business leaders and guide user behavior. Join Gartner and your peers to gain the knowledge you ll need to combat today s threats and those that may exist several years from now, as well as the tools and the new technologies that are transforming the business. Rob McMillan Tatiana Wells and Summit Chair, Senior Director, Program Management, Gartner Research Gartner Events Table of contents 3 Tracks 4 Agenda at a glance 5 Summit features 6 See who s attending 7 Solution showcase and Build your agenda 8 Registration and pricing
Three Complete Programs Focusing on Your Role A Chief B Risk C IT Information Security Officer (CISO) Program Chief Information Security Officers (CISO s) must find and maintain a tricky balance between protection and productivity. The challenge is exacerbated by ongoing volatility in enterprises businesses, technology and threat environments. This year s CISO program explores the key capabilities, strategies and tactics that are essential for the contemporary security leader. Management and Compliance Program Risk management continues to be a work in progress. As organizations revisit their risk management approaches, many are discovering not only a lack of focus on the key risks, but also a lack of understanding of how key risks can impact corporate performance. This year s sessions will explore new strategies and real-world scenarios that will provide a blueprint for reconstructing risk management and compliance programs. Security Program As organizations accelerate adoption of new platforms in the digital age, bad actors develop methods to exploit these emerging platforms. Security programs must rapidly mature in the breadth and effectiveness of techniques and technologies to maintain appropriate levels of security for applications, data and infrastructure regardless of location. This year s sessions provide advice for effective security management as well as insights into security technology selection and management. Four Areas Focusing on Your Key Initiatives 1 Successful 2 Mobility 3 Identity 4 Technical Cloud Management Gartner clients tell us that the number one obstacle to adopting cloud computing is security. However, an automatic No from the security team is not the answer. As organizations explore the benefits of cloud computing, security professionals must be prepared to highlight the risks and the costs of mitigating these risks. and Security Mobile devices present a host of new security issues, with the BYOD phenomenon presenting the greatest challenge. IT organizations must adapt to this rapidly changing environment and implement new policies and new technologies to mitigate the risks of the mobile workplace. This track will help you navigate the mobile environment over a three-year horizon. and Access Management As business and organizations mature, they must manage volatile and rapid change, establish effective formal governance, and provide accountability through transparency. IAM can enable these evolutionary steps, but must itself evolve. It s time for your IAM program to grow up and display the right foundation, architecture, governance, and organization for delivering real value. The IAM track features presentations on current best practices and the latest issues and trends. Insights: Security Architecture Taking an architectural perspective to security technology and processes is critical to achieving a sustainable, flexible, and effective security program. These sessions explore the architectural and operational considerations for protecting information, building secure applications, understanding threats, logging and monitoring activity, and managing risk associated with new devices and service hosting models. Why attend Reset your IT security and risk strategy for success Stay relevant as IT security and risk are redefined Mitigate the risks in the new digital age Craft strategy for emerging BYOD and mobile threats Establish necessary cloud security measures Learn how to balance security, operational and business needs Who should attend Business and IT professionals involved in enterprise-wide security, risk management or business continuity: Chief Information Security Officers (CISO) Chief Security Officers Chief Risk Officers (CRO) Chief Privacy Officers VPs, Directors and Managers of IT Security Security Risk Manager/Risk Manager Compliance Manager/Fraud Manager Information Risk and Information Security Managers Earn CPE Credits Attending the Summit helps you advance your continuing professional education (CPE). Registered participants are eligible to earn CPE credits toward (ISC)2 and ISACA, programs. Learn more at gartner. com/ap/security. Visit gartner.com/ap/security for updates and to register! 3
Agenda at a glance Monday 25 August 2014 07:30 18:30 Registration 08:30 09:15 Tutorial: Top Security Trends and Takeaways for 2014 and 2015 Christian Byrnes Tutorial: How to Use Pace Layering to Create a GRC Application Strategy John Wheeler 09:30 10:15 Gartner Opening Keynote: Smart Risk Balancing Security and Opportunity John Girard, Paul Proctor and Andrew Walls 10:15 10:30 Welcome to the Gartner Security & Risk Management Summit 2014 Rob McMillan Tutorial: IAM for the Masses Felix Gaehtgens 10:30 11:00 Industry Panel Discussion 11:00 11:30 Refreshment Break in the Solution Showcase TRACK A Chief Information Security Officer (CISO) Program 11:30 12:00 To the Point: Developing the Key Competencies of the Contemprary Security Team Tom Scholtz TRACK B Risk Management and Compliance Program To the Point: How to Achieve Success with Cyber Risk Assessment and Analysis Anne Robins TRACK C IT Security Program To the Point: The Five Styles of Advanced Threat Defense Craig Lawson 12:15 13:00 Case Study: Check website for updates When Will We Reach "Peak Threat", And What Do We Do After? Paul Proctor Architecting a New Approach for Continous Advanced Threat Protection Craig Lawson 13:00 14:15 Lunch in the Solution Showcase 14:15 15:00 Aligning Information Security and Information Management Governance is the Key Tom Scholtz 15:15 15:45 Solution Provider Sessions 15:45 16:15 Refreshment Break in the Solution Showcase 16:15 16:45 To the Point: People-Centric Security Case Studies Tom Scholtz Case Study: Check website for updates To the Point: Using Organizational Change to Mitigate Operational Technology Risk Kristian Steenstrup Application and Data Security Roadmap Adam Hils To the Point: How to Securely Adopt Public Cloud Computing Adam Hils 17:00 17:45 Mastermind Keynote Interview Check website for updates 17:45 19:15 Networking Reception in the Solution Showcase Tuesday 26 August 2014 07:30 16:45 Registration 07:30 08:30 Industry Breakfast Financial Services: The Dark Side of Digitilization John Wheeler 08:30 09:15 Why Your Policy is Broken and How You Can Fix It Rob McMillan Industry Breakfast Government: The Myths of Authentication Anne Robins GRC Good Concept. Fixing Terrible Execution Paul Proctor Industry Breakfast Operational Technology Security for Manufacturing Automation and Control Earl Perkins How Bring Your Own is Shaping Mobile Security John Girard 09:30 10:00 Solution Provider Sessions 10:00 10:30 Refreshment Break in the Solution Showcase 10:30 11:15 Much Ado about Nothing IT Security and OT Security Aren't that Different Earl Perkins The Gartner Business Risk Model Paul Proctor Case Study: Check website for updates 11:30 12:00 Solution Provider Sessions 12:00 13:15 Lunch in the Solution Showcase 13:15 13:45 To the Point: Building a Secure User Andrew Walls To the Point: Now is the Time to Put Your Privacy Program Right Carsten Casper To the Point: Securing Cloud Services Anne Robins 14:00 14:45 Understanding the Spectrum of Metrics and Reporting Christian Byrnes Practical Insight on Embedding Risk Management in Technology Operations John Wheeler Case Study: Check website for updates 14:45 15:15 Refreshment Break in the Solution Showcase 15:15 16:00 Guest Keynote: Your Personal Brand, Your Reputation, Your Opportunity Sue Currie, Leading Personal Branding Expert 16:00 16:45 Gartner Closing Keynote: The CISO Agenda for 2014/5 Christian Byrnes 16:45 17:00 Closing Remarks Rob McMillan 4 Gartner Security & Risk Management Summit 2014
At the Summit, please refer to the agenda in the event guide provided, for the most up to date session and location information. Summit features End-user case studies Gartner-invited end-users reveal their personal challenges, issues and lessons learned. Workshops RoundtableS Track sessions Presented by Gartner analysts, invited guest speakers and industry presenters, these sessions focus on the issues that matter most to you and provide real-world information that will help you make better decisions and drive successful results. Interactive Sessions 11:30 13:00 Workshop: Shall we take Privacy Seriously? Moderator: Carsten Casper Ask the Analyst Roundtables Analyst-User Roundtables Ask the Analyst: Security Threat Intelligence Services the What, the Who, the Why and the How Moderator: Rob McMillan Analyst-User Roundtable: Horror Stories Why IAM Programs Fail Moderator: Felix Gaehtgens To the Point sessions Sometimes you just want to hear the Top 5 Things You Want to Know about a trend, a technology or an approach. Gartner analysts provide top concepts, key trends or a quick overview of a particular topic, in a condensed format. 14:15 15:45 Workshop: What Do You Buy for the User Who Has (Access to) Everything? Moderator: Felix Gaehtgens Ask the Analyst: Managed Security Services in APAC Moderator: Andrew Walls Analyst-User Roundtable: Risk Awareness of Operational Technologies Moderator: Kristian Steenstrup Ask the Analyst: Check website for updates Workshops Presented by Gartner or guest experts, these workshops provide an opportunity to drill down on specific how to topics in an extended, small group session. The courses are designed for an intimate and interactive learning experience. Reserved for end-users only. Analyst-user roundtables Join us for a hosted peer group discussion with your end-user peers, along with a Gartner analyst lending his or her expertise to assist you. These should not be missed! 08:30 10:00 Workshop: Selecting Your IT Risk Assessment Methods and Tools Moderator: Chris Byrnes 10:30 12:00 Workshop: Got Metrics But Nobody Listens? Transform Them! Moderator: Rob McMillan Ask the Analyst: Implementing DLP What Works, What Doesn't Work Moderator: Rob McMillan Analyst-User Roundtable: Cyberinsurance A Great Idea But With a Few Challenges Moderator: Paul Proctor Analyst-User Roundtable: Security Training What Works, What Doesn't Work Moderator: Andrew Walls Analyst-User Roundtable: People-Centric Security Moderator: Tom Scholtz Ask the Analyst: Securing Cloud Computing Moderator: Adam Hils Analyst-User Roundtable: What's New in the World of Privacy Laws and Practices? Moderator: Carsten Casper Agenda correct as of 7 July 2014. Sessions subject to change. Ask the analyst Alongside the traditional Gartner analyst-user roundtables where you can speak to your peers in a moderated environment, there will also be a series of Q&A roundtables in which you can question the analyst directly and learn from the questions posed by your peers. Tutorial sessions These presentations are focused on layering the foundations for attendees understanding of a topic, trend or technology with basic 101 building block definitions and analysis. Technical insights NEW Looking for the in-depth technical view? We ve got it covered with Technical Insights sessions, presented by Gartner for Technical Professionals analysts. Focused on execution, these sessions offer how-to guidance on assessing new technologies at the technical level, developing architecture and design, evaluating products, creating an implementation strategy and managing overall project execution. Visit gartner.com/ap/security for updates and to register! 5
Meet the analysts Gartner keynotes Christian Byrnes Managing VP FOCUS AREAS: Information security program management; risk management Felix Gaehtgens Carsten Casper Research VP FOCUS AREAS: Privacy; information security program management; compliance; information security technology and services John Girard VP Distinguished Analyst Monday 25 August 09:30 Gartner Opening Keynote: Smart Risk Balancing Security and Opportunity John Girard, VP Distinguished Analyst; Paul Proctor, VP Distinguished Analyst; Andrew Walls, Research VP Tuesday 26 August 16:00 Gartner Closing Keynote: The CISO Agenda for 2014/5 Christian Byrnes, Managing VP FOCUS AREAS: Identity and access management Adam Hils FOCUS AREAS: Information security technology and services; information security program management; virtualization FOCUS AREAS: Mobile enterprise strategy; information security technology and services; identity and access management; integrating Apple into the enterprise; negotiating software contracts Craig Lawson FOCUS AREAS: Information security technology and services Guest keynote Tuesday 26 August 15:15 Your Personal Brand, Your Reputation, Your Opportunity Sue Currie, Leading Personal Branding Expert Robert McMillan Earl Perkins Research VP FOCUS AREAS: Security and risk management leaders; information security program management; risk management; it governance; information security technology and services Paul Proctor VP Distinguished Analyst FOCUS AREAS: Security and risk management leaders; it and operational technology alignment; information security technology and services; compliance; smart grid Anne Robins FOCUS AREAS: Risk management; information security program management; information security technology and services; compliance; it governance Tom Scholtz VP and Gartner Fellow FOCUS AREAS: Information security program management; risk management; business continuity management; it governance; information security technology and services Andrew Walls Research VP FOCUS AREAS: Information security program management; information security technology and services; privacy; security and risk management leaders; business gets social FOCUS AREAS: Risk management; identity and access management; information security program management; information security technology and services Kristian Steenstrup VP and Gartner Fellow FOCUS AREAS: It and operational technology alignment; business value of it; it strategic planning; competitive advantage and business transformation John Wheeler FOCUS AREAS: Risk management; security and risk management leaders; it governance; business value of it; compliance Gartner analyst one-on-one meetings Gartner Events give you more than what your normal industry event offers. Meeting face-to-face with a Gartner analyst is one of the key benefits of attending a Gartner Summit. Personalize your 30 minute private appointment to discuss your specific issue and walk away with invaluable, tailor-made advice that you can apply to your role and your organization straight away. 6 Gartner Security & Risk Management Summit 2014
Solution showcase Develop a shortlist of technology providers who can meet your particular needs. We offer you exclusive access to some of the world s leading technology and service solution providers in a variety of settings. premier sponsor Build your agenda powerful tools to navigate manage and decide To get the most out of your Summit experience, we ve created a range of tools to help you manage your goals and objectives of attending. platinum sponsors silver sponsors Gartner events navigator We re excited to introduce a new and enhanced agenda planning tool which replaces our previous Agenda Builder tool. Gartner Events Navigator allows you to plan your personal event experience and gain the most from your time on-site. Organize, view and customize your agenda using the following criteria: Gartner analyst and speaker profi les Gartner analyst one-on-one meetings Session details including tracks, date, time, etc. Your Gartner analyst-user roundtable or workshop reservations Daily activities and networking sponsorship opportunities For further information about sponsoring this event contact: Gartner events navigator Mobile App Manage your agenda on your mobile device! Get up-to-the-minute event updates Integrate social media into your event experience Access session documents and add your notes Available for iphone, ipad and Android Dan Giacco Telephone: +61 438 874 149 Email: daniel.giacco@gartner.com Media partners Maria Kamberidis Telephone: +61 427 327 222 Email: maria.kamberidis@gartner.com event Approval tools For use pre-event, on-site and post-event, our Event Approval Tools make it easy to demonstrate the substantial value of your Gartner event experience to your manager. They include a customizable letter, cost-benefi t analysis, top reasons to attend and more. Visit gartner.com/ap/security for details. Visit gartner.com/ap/security for updates and to register! 7
Group rate discount Gartner Security & Risk Management Summit 2014 25 26 August Hilton Sydney, Australia gartner.com/ap/security 3 easy ways to register Web: gartner.com/ap/security Attend as a group discounts available Gartner Events has designed an experience that will help teams of 4 to 25 maximize their Summit experience while on-site and long after the event concludes. Summit group rate discount offers: 4 for the price of 3 7 for the price of 5 10 for the price of 7 For more information visit gartner.com/ap/security Email: apac.registration@gartner.com Telephone: +61 2 8569 7622 Venue Pricing Pricing and Date is subject to change Standard Price: $2,795 exc. GST Public Sector Price: $2,295 exc. GST Gartner clients A Gartner ticket covers both days of the Summit. Contact your account manager or email apac.events@gartner.com to register using a ticket. GARTNER HOTEL ROOM RATE $300 per night at Hilton Sydney 488 George Street Sydney NSW 2000 Phone: + 61 9266 2000 Join the conversation! Gartner Security & Risk Management Summit 2014 is on Twitter and LinkedIn. #GartnerSEC Gartner Security & Risk Management XChange By 2016, 40% of large companies will integrate IT risk measurements with corporate performance, doubling from 20% in 2013. 2014 Gartner Predicts 100% Money-Back Guarantee If you are not completely satisfied with this Gartner conference, please notify us in writing within 15 days of the conference and we will refund 100% of your registration fee. 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. For more information, email info@gartner.com or visit gartner.com.