EARLY-BIRD Discount Save $400 by 26 June Gartner Security & Risk Management Summit 2015 24 25 August Hilton Sydney gartner.com/ap/security Manage Risk and Deliver Security in a Digital World Hot topics Effective Cloud Security Management Mobile Security in the Digital Age Vendor Risk Assessment and Monitoring Security Awareness and Culture Change The New Relationship of Risk and Digital Business
Manage Risk and Deliver Security in a Digital World From the desk of Rob McMillan, and Summit Chair The recent spate of highly publicized, epic breaches across industries and government has made security and risk the hot topics of the day, as much in the public discourse as in the boardroom. Privacy, security and risk are no longer just IT concerns; they re core business strategy concerns. In the face of the ever increasing threats, security and risk leaders need to build resilient organizations that can withstand attacks and continue to attain enterprise objectives. Successful security and risk leaders must embrace new approaches to digital business while maintaining proven control architecture that mitigates enterprise risk. The annual Gartner Security & Risk Management Summit equips security and risk managers with the skills, knowledge, strategies and tactics that enable cost-effective security and risk management programs, support digital business and drive enterprise success. Get the tools you need to deliver secure digital business environments and ensure your organization can bounce back quickly from an attack or disruption. Looking forward to seeing you at the Summit! Rob McMillan and Summit Chair, Gartner Gartner Predicts By 2020, risk assessment will drive more spending than government regulation, despite increases in government regulation. 2 #GartnerSEC Gartner Security & Risk Management Summit 2015
Re-evaluate your security and risk strategies and investments for the digital age Digital business technologies and the Internet of Things (IoT) are creating new threats and risks as regulatory compliance and legal risks continue to escalate, and sophisticated cyberthreats challenge even the best security strategies. Every business is now a digital business, and every business must become profi cient at risk assessment and mitigation the foundation for success in the digital age. New for 2015 Increased number of regional and international Gartner analysts to provide greater coverage of topics including Vendor Management, Metrics and Incident Response New networking session formats, including Super Roundtables, to enable greater peer interaction onsite as well as Ask the Practitioner sessions to facilitate greater sharing of best practices New TechInsights track that takes a deep dive into the latest security architecture issues related to IT security and risk management Key benefits of attending Understand the implications of Digital Business on security and risk initiatives, as proven conventional practices will no longer be enough Gain role-specifi c strategies, approaches and tools to stay ahead of expanding scopes of responsibility and increasing threats Apply the latest techniques to tackle risks in cloud, operational technology (OT), the Internet of Things (IoT) and IT Build a culture that drives security performance through employee engagement and awareness Who should attend Senior business and IT professionals including: Chief Information Security Offi cer (CISO) Chief Risk Offi cer Information Security Program Manager Identity and Access Manager Privacy Offi cer and Chief Compliance Offi cer Network Manager Enterprise Architect IT Audit Leader Table of contents 4 Keynotes 5 Meet the analysts 6 Plan your experience 8 Agenda at a glance 10 Solution Showcase 11 Registration and pricing Visit gartner.com/ap/security for updates and to register! 3
Keynotes Guest keynotes Christine Nixon Dr Christine Nixon has 38 years of policing experience, rising to the position of Assistant Commissioner, New South Wales Police Force and Victoria Police Chief Commissioner in 2001.After the Black Saturday fires in 2009, she chaired the Victorian Bushfire Reconstruction and Recovery Authority. Today, Dr Nixon is Chair of the Board, Good Shepherd Microfinance, Chair of the Board Monash College and Deputy Chancellor, Monash University. Christine also teaches with the Australian and New Zealand School of Government and advises a variety of organizations on leadership and management. Christine fights for justice for women and minorities. Dealing with the Dark Side Policing can teach us much about strengthening systems and reducing risk. Drawing from experiences with organized crime, corruption and managing a remote workforce, Christine Nixon will offer new insights into strengthening security and managing risk. David Turner David Turner is a senior executive and trusted advisor with 18 years experience in the security and risk management industry, and is one of Australia s most respected risk management leaders. David has a unique blend of expertise across these diverse areas with a focus on risk management of human behavior one of the more complex, dynamic and often over-looked areas of the industry. Human Risk Management The Key to Organizational Success In this keynote, David breaks down the cause of organizational risk by real examples, he explains the important role of corporate governance, how to prepare your culture for change management and how to effectively use crucial risk management elements immediately to add value and decrease risk within your organization, through the 8 key elements of risk mitigation. Gartner keynotes Gregg Kreizman Earl Perkins Tom Scholtz VP & Gartner Fellow Christian Byrnes Managing VP, Risk & Security, Gartner Gartner Opening Keynote: Manage Risk and Deliver Security in a Digital World Effective cybersecurity is the foundation of successful digital business. As organizations leverage new technology and business processes to deliver services and products to global markets, security and risk managers must support achievement of enterprise objectives while mitigating security risks to an acceptable level. In the face of increasing threats to IT, OT and IoT, security and risk leaders need to build resilient organizations that can withstand attacks and continue to attain enterprise objectives. Successful security and risk leaders embrace new approaches to digital business while maintaining proven control architecture that mitigates enterprise risk. Gregg Kreizman, Earl Perkins and Tom Scholtz Gartner Closing Keynote: Cybersecurity Scenario 2020 The Impact of Digital Business on Security Two years ago, Gartner provided a scenario covering the evolution of the threat environment through 2020. Now our senior analysts have assembled a picture of how digital business will impact the security practice in that same time frame. This is another key input to your long term strategic planning. You have heard about the Nexus of Forces from us for years. We have provided you with the story of Digital Business. Now see how this will change your business life in security and risk management. Christian Byrnes 4 #GartnerSEC Gartner Security & Risk Management Summit 2015
Meet the analysts Engage with our team of Gartner analysts through track presentations, a complimentary one-on-one meeting, analyst-facilitated workshops, roundtables and more. Christopher ambrose Christian Byrnes Managing VP Jonathan Care Vendor management; sourcing and vendor relationships leaders Information security program management; risk management Audit and compliance; privacy; information security technology and services; infrastructure and operations leaders; security and risk management leaders anton Chuvakin Jay Heiser Gregg Kreizman Audit and compliance; information security technology and services; risk management; security and risk management leaders; positioning and messaging Information security program management; risk management; cloud computing Identity and access management Craig Lawson Rob McMillan John Morency Information security technology and services Security and risk management leaders; information security program management; risk management; IT governance; information security technology and services Business continuity management; cloud computing; data center modernization and consolidation Earl Perkins Khushbu Pratap Principal Research Analyst anne Robins Security and risk management leaders; IT and operational technology alignment; information security technology and services; audit and compliance; smart grid Audit and compliance; risk management; security and risk management leaders; information security program management; privacy Identity and access management; information security program management; professional effectiveness for IT professionals; information security technology and services Tom Scholtz VP & Gartner Fellow Rob Smith Jeffrey Wheatman Information security program management; risk management; business continuity management; IT governance; information security technology and services Mobile enterprise strategy; IT strategic planning; professional effectiveness for IT professionals; audit and compliance; privacy Information security program management; security and risk management leaders; risk management John Wheeler Risk management; security and risk management leaders; IT governance; business value of IT; competitive advantage and business transformation Our community of more than 1,000 analysts engaged in over 215,000 oneto-one client interactions in the past year. Benefit from the collective wisdom of the attending analysts to develop your strategy and implement flawlessly. Visit gartner.com/ap/security for updates and to register! 5
Plan your experience Agenda programs A. Chief Information Security Officer (CISO) Digital business is often at odds with conventional security strategies. While ongoing publicity regarding severe security incidents results in valuable executive support, CISO s cannot only depend on proven practices anymore. It is incumbent upon you to challenge convention. The CISO program will help you gain the leadership skills needed to make these diffi cult decisions. B. Risk Management and Compliance Digital risks are mounting as newer technologies are woven into the fabric of the business. According to Gartner s 2015 CIO survey, 89% of CIOs agree that new types of risks will be generated by digital business technologies. Yet, at the same time, regulatory compliance and legal risks continue to escalate for most enterprises. With continued economic and competitive uncertainty, early detection and mitigation of emerging risks are critical components of successful business and IT operations. This program will focus on practical methods to apply Gartner s three dimensions of risk management: Creating new frameworks to assess the widening array of risks; developing new metrics to analyze risk impacts on business outcomes; deploying new governance, risk and compliance (GRC) technologies to integrate and streamline risk management practices. Customize your agenda Gartner Events Navigator Gartner Events Navigator helps you organize, view and custom-create an agenda based on: Date and time Agenda tracks Analyst/speaker profi les Session descriptions Key initiatives Vertical industries Visit gartner.com/ap/security and click the agenda tab or download the Gartner Events mobile app (iphone, ipad and Android compatible) C. Security: Technology and Operations Digital business drives new opportunities for business success but also challenges traditional approaches to information security. Attacks and threats change and adapt as organizations adjust to the new realities of digital business, including Internet of Things (IoT). As organizations accelerate their adoption of these new platforms for business operations, your security program must also rapidly adapt to the new reality and assimilate new technologies as you also mature in your use of and the effectiveness of existing technologies. Mature in the breadth and effectiveness of techniques and technologies you use to maintain appropriate levels of security for applications, data and infrastructure regardless of location. The Security Program provides insights into effective security management from Gartner s IT Leader s group as well as insights into security technology management from Gartner s IT Professionals group. Key Initiatives Creating an Effective Cloud Security Program Reshaping Mobile Security in the Digital Age Initiating and Sustaining an Effective Identity & Access Management (IAM) Program TechInsights: Security Architecture 6 #GartnerSEC Gartner Security & Risk Management Summit 2015
i have had a great experience at the Security & Risk Summit and will take with me some very valuable insights and resources. i look forward to the next Summit and gaining more insights and knowledge in the realm of security and risk. Analyst interaction Analyst one-on-one meeting A complimentary consultation with a Gartner analyst of your choice Analyst-user roundtables* Moderated by Gartner analysts for exchanging ideas and best practices with your peers Ask the analyst roundtables* Debate with the analysts directly and learn from the questions posed by your peers Workshops* Small-scale and interactive; drill down on specifi c topics with a how-to focus * Space is limited and pre-registration is required. Limited to end-user organizations only. Network with peers End user case studies Learn about recent implementations fi rsthand, with an opportunity for Q&A with the IT and business executives leading the initiative Ask the Practitioner sessions Interact with your peers in this roundtable setting to discuss best practices and share experiences Solution Showcase reception Connect with peers in similar roles who face similar challenges, at the networking reception on the Solution Showcase designed to build relationships and facilitate the meaningful exchange of ideas and information Meet solution providers Solution Showcase Explore cutting-edge IT solutions from top providers Solution provider sessions Exhibitors share their insights on the latest products and services Visit gartner.com/ap/security for updates and to register! 7
Agenda at a glance Monday 24 August 2015 07:30 19:15 Registration 08:30 09:15 Tutorial: Use a Vendor Risk Management Framework to Mitigate Regulatory, Compliance, Security and Performance Issues Christopher Ambrose Tutorial: How To Build A Globally Legal and Successful BYOD Program Rob Smith 09:30 10:15 Gartner Opening Keynote: Manage Risk and Deliver Security in a Digital World Gregg Kriezman, Earl Perkins and Tom Scholtz 10:15 10:30 Welcome to the Gartner Security & Risk Management Summit 2015 Rob McMillan Tutorial: Secure Use of AWS and Azure Comparison and Best Practices Jay Heiser 10:30 11:00 Industry Panel Discussion Moderators: Anne Robins and Craig Lawson 11:00 11:30 Refreshment Break in the Solution Showcase Tracks A. Chief Information Security Officer Program (CISO) B. Risk Management and Compliance Program C. Security: Technology and Operations Program 11:30 12:15 Top Trends and Takeways for Cybersecurity Earl Perkins 12:30 13:00 People-Centric Security Experiences and Lessons Learned Tom Scholtz 13:00 14:15 Lunch in the Solution Showcase 14:15 15:00 End-User Case Study Please refer to website for updates Digital Business and Your New Relationship with Risk Christian Byrnes Challenging Decisions Third Party Security Assurance Landscape Khushbu Pratap What's New and Hot in GRC? John Wheeler Mobile Security Threats and Trends, 2015 Rob Smith Leveraging Social Identities to Enable Digital Business Anne Robins Security Incident Response in the Age of the APT Anton Chuvakin 15:15 15:45 Solution Provider Sessions 15:45 16:15 Refreshment Break in the Solution Showcase 16:15 16:45 Pragmatic Policy Making Your Security Policy Useful Rob McMillan The Availability Implications for Digital Business John Morency The Cyber Kill Chain Craig Lawson 17:00 17:45 Guest Keynote: Dealing with the Dark Side Christine Nixon 17:45 19:15 Networking Reception in the Solution Showcase Tuesday 25 August 2015 07:30 16:45 Registration 08:30 09:15 Be Agile Not Fragile Use Threat Intelligence Services to Defend Yourself Rob McMillan 09:30 10:00 Solution Provider Sessions 10:00 10:30 Refreshment Break in the Solution Showcase Winning the Data Breach War with User Behavioral Analytics Jonathan Care Future-Proofing IAM Gregg Kreizman 10:30 11:15 The Path to High Impact Security Awareness Rob McMillan End-User Case Study Please refer to website for updates Gartner's Adaptive Security Achitecture New Approaches for Advanced and Insider Threats Craig Lawson 11:30 12:00 Solution Provider Sessions 12:00 13:15 Lunch in the Solution Showcase 13:15 13:45 Protecting Your House on the Prairie Security Strategy for the SMB Enterprise Tom Scholtz and Rob McMillan The State of E-Discovery in 2015 and Beyond Jonathan Care Operational Technology Security is Not Just for Industries Anymore Earl Perkins 14:00 14:45 The New CISO's Crucial First 100 Days Tom Scholtz The Gartner Risk Treatment Model Fixing Accountability and Risk Sign-off Jay Heiser End-User Case Study Please refer to website for updates 14:45 15:15 Refreshment Break in the Solution Showcase 15:15 16:00 Guest Keynote: Human Risk Management The Key to Organizational Success David Turner 16:00 16:45 Gartner Closing Keynote: Cybersecurity Scenario 2020 The Impact of Digital Business on Security Christian Byrnes 16:45 17:00 Closing Remarks Rob McMillan 8 #GartnerSEC Gartner Security & Risk Management Summit 2015
Tutorial: Mind the SaaS Security Gaps Craig Lawson When attending this event, please refer to the agenda handout provided or the Gartner Events mobile app for the most up to date session and location information. Agenda as of 5 May 2015, and subject to change Agenda key Each Gartner session has been identified with icons to help you locate the sessions that give you the most value. Maturity Level Foundational: Offers the necessary understanding and first steps to those in the early stages of initiatives Workshops, Analyst-User Roundtables, Ask the Analyst Roundtables and Ask the Practitioner Sessions 11:30 13:00 Workshop: Information Security Metrics: Building from the Business Down Facilitator: Jeffrey Wheatman Roundtable: Threat Intelligence Whys and Hows Facilitator: Anton Chuvakin Ask the Analyst: Cloud-Based Recovery Management DRaaS Facilitator: John Morency Advanced: Uses complex concepts requiring foundational knowledge and prior experience to take initiatives to the next level Focus Tactical: Provides tactical information that can be used straightaway, with a focus on how-to s, do s and don ts and best practices 14:15 15:45 Workshop: Building a Constituent- Aware IAM Infrastructure Facilitator: Gregg Kreizman Roundtable: Information Security Metrics Facilitator: Jeffrey Wheatman Roundtable: What Risks are Microvendors Introducing to Your Enterprise? Facilitator: Christopher Ambrose Roundtable: Securing Mobile Payments and Mobile Wallets Facilitator: Rob Smith Strategic: Focuses on the strategic insight supporting the development and implementation of an action plan Perspective Ask the Analyst: Changing User Behaviour Challenges and Best Practices Facilitator: Chris Byrnes Ask the Practitioner Business: Targets business leaders or IT professionals who need to understand the challenges and opportunities from a business organizational or cultural perspective 08:30 10:00 Workshop: I ve Already Invested in PKI How can I Reuse it for Mobility and Internet of Things? Facilitator: Anne Robins Roundtable: Third Party Security Audits A Slippery Slope? Facilitator: Khushbu Pratap Technology: Aids IT professionals who need to understand the challenges and opportunities from a technology perspective 10:30 12:00 Workshop: IT Security Planning a Self Audit Facilitator: Khushbu Pratap Roundtable: Comparing Best Practices for Cloud Risk Management Facilitator: Jay Heiser Roundtable: Developing an Information Security and Risk Management Strategy Facilitator: Jeffrey Wheatman Roundtable: Why Social Media Risks Are Skyrocketing and What You Can Do To Protect Your Organization Facilitator: John Wheeler Ask the Analyst: Never Waste a Crisis Facilitator: Christian Byrnes Ask the Practitioner Roundtable: How Do You Know When Your Security and Risk Program is Failing? Facilitator: John Wheeler Roundtable: Managed Services Solution Providers (MSSP) Success and Failure Tips Facilitator: Anton Chuvakin Visit gartner.com/ap/security for updates and to register! 9
Solution Showcase Explore cutting-edge IT solutions from top providers; plus, participate in solution provider sessions, networking reception and more. Premier sponsors Sponsorship opportunities For further information about sponsoring this event: Dan Giacco Tel: +61 438 874 149 Email: daniel.giacco@gartner.com Maria Kamberidis Tel: +61 427 327 222 Email: maria.kamberidis@gartner.com Platinum sponsors Silver sponsors Pavilion Media partners Sponsors as of 5 May 2015, and subject to change 10 #GartnerSEC Gartner Security & Risk Management Summit 2015
Registration and pricing Early-bird discount Save $400 before 26 June Early-bird price: A$2,475 exc. gst Standard price: A$2,875 exc. GST Public sector price*: $2,375 exc. GST *Public-Sector: National Government, State and Local Government, Public Administration 3 ways to register Web: gartner.com/ap/security Email: apac.registration@gartner.com Phone: +61 2 8569 7622 Gartner event tickets We accept one Gartner Summit ticket for payment. If you are a client with questions about tickets, please contact your sales representative or call +61 2 8569 7622 Early-bird offer Secure Early Bird Research: The Legality and Ethics of IoT and Employee Monitoring by Andrew Walls, Managing VP, Gartner Gartner events deliver what you need In addition to four tracks of the latest Gartner analyst research, keynote speakers and case studies, your Summit registration fee includes complimentary access to these special features: One analyst one-on-one Workshops Analyst-user roundtables Solution Showcase Networking breakfasts, lunches and receptions Year-round access to videotaped analyst sessions from the North America event* Online pre-registration is required for one-on-ones, workshops and roundtables. Reserve your place early, as space is limited. Earn CPE Credits Registered participants can earn CPE credits towards our association partners certifi cation programs. Certifi cates will be available at the event to complete. Please see the website for further details. Summit venue Hilton Sydney 488 George Street Sydney, NSW 2000, Australia Phone: +61 2 9266 2000 www.hilton.com/sydney Gartner hotel room rate: $299 per night at the Hilton Sydney Money-back guarantee If you are not completely satisfi ed with this Gartner conference, please notify us in writing within 15 days of the conference and we will refund 100% of your registration fee. Group Rate Discount Maximize learning by participating together in relevant sessions or splitting up to cover more ground, sharing your session take-aways later. Complimentary registrations 1 for every 3 paid registrations 2 for every 5 paid registrations 3 for every 7 paid registrations For more information, email apac.registration@gartner.com or contact your Gartner account manager. Event Approval Tools For use pre-event, on-site and post-event, our Event Approval Tools make it easy to demonstrate the substantial value of your Gartner event experience to your manager. They include a customizable letter, cost-benefi t analysis and more. Visit gartner.com/ap/security for details. Gartner Events On Demand Online access for one year *Provides year-round access to videotaped analyst sessions. For details, visit gartnereventsondemand.com Visit gartner.com/ap/security for updates and to register! 11
Gartner Security & Risk Management Summit 2015 24 25 august Hilton Sydney gartner.com/ap/security 3 ways to register Web: gartner.com/ap/security Email: apac.registration@gartner.com Early-bird discount Register now and save $400 Early-bird discount expires 26 June Telephone: +61 2 8569 7622 Gartner Security Summits around the globe Gartner Security & Risk Management Summit 8 11 June National Harbor, MD United Kingdom 14 15 September Gartner Security & Risk Management Summit 13 15 July Tokyo, Japan United States 7 9 December United States 8 11 June Dubai 2 3 November Japan 13 15 July Gartner Security & Risk Management Summit 10 11 August Sao Paulo, Brazil Gartner Security & Risk Management Summit 14 15 September London, U.K. Brazil 10 11 August Australia 24 25 August Gartner Security & Risk Management Summit 2 3 November Dubai, U.A.E. Gartner Identity & Access Management Summit 7 9 December Las Vegas, NV Join the conversation! Gartner Security & Risk Management Summit is on Twitter and LinkedIn. #GartnerSEC Gartner Security & Risk Management (Xchange) 2015 Gartner, Inc. and/or its affi liates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affi liates. For more information, email info@gartner.com or visit gartner.com.