↓ Agenda Key
Visionary speaker presents to entire audience on key issues, challenges and business opportunities
Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.
Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics
Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.
Solution provider-led session giving high-level overview of opportunities
Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.
End user-led session in boardroom style, focusing on best practices
Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.
Interactive session led by a moderator, focused on industry issue
Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.
Overview of recent project successes and failures
Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.
Discussion of business drivers within a particular industry area
Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.
Analyst Q&A Session
Moderator-led coverage of the latest industry research
Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.
Several brief, pointed overviews of the newest solutions and services
Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.
Pre-determined, one-on-one interaction revolving around solutions of interest
Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.
Open Forum Luncheon
Informal discussions on pre-determined topics
Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.
Unique activities at once relaxing, enjoyable and productive
Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.
7:00 am - 7:55 am
8:00 am - 8:10 am
8:10 am - 8:40 am
There is an urgent need to innovate on the part of the business. The reality of today's business mandates a more agile and innovative approach to security. The old guard of draconian security focused on technology, compliance, and boundaries of protection is no longer effective and has prevented security from having a seat at the business table. All this, when a shift in the threat landscape, and a real impact to the bottom line have negatively affected most organizations. This presentation will deep dive into practical, attainable and effective methods to shift the mentality and allow security organizations to function at the speed of business. Such important topics include the use of practical lightweight risk management, the need for a dynamic workforce, and material shift in focus from technology to business alignment.
8:45 am - 9:15 am
While Information Security has existed for decades, Enterprise Risk Management (ERM), as a formal and holistic practice, is much newer yet already has taken pre-eminence over its forebear. What is the CISO, who in many ways has toiled in invisibility, infamy, or ignominy to do when faced with the issue of being supplanted by the Chief Risk Officer, just as enterprise demand for and focus on security has reached all-time heights? Savvy CISOs will recognize this new, broader need for holistic visibility into, and management of, overall enterprise risk and will position themselves for success by looking beyond traditional information security boundaries and engaging business partners around all enterprise risk.
9:20 am - 9:45 am
Knowing is half the battle when it comes to protecting applications and their sensitive data.
Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality - not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol.
A real-time, embedded solution like Prevoty's runtime application self-protection (RASP0 changes the game completely. Prevoty places an automated security mechanism at the front of the line - directly in the application's operating environment - to immediately lower risk and act as a compensating control at runtime. As such, Prevoty-enabled enterprises see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Prevoty RASP detects live production attacks and generates real-time security event longs and reports. Security teams can then correlate pre-production vulnerability scan results with Prevoty's runtime attack logs to go back, remediate based on actual risk - not just hypothetical threats. The result? Improved forensics.
9:50 am - 10:15 am
It may seem self-evident, but email is still the predominant form of business communication whether in B2B or B2C channels with business sending over 100 billion emails each and every day. Not all of this traffic is legitimate, desired, or safe however with estimates that as much as 90% of all email traffic can be considered spam or worse. In this environment businesses need to ensure that the email they send is viewed as trustworthy, and that the mail they receive is safe of threats. To do this email authentication is imperative and DMARC, Domain-based Message Authentication, Reporting, and Conformance is the gold standard. While DMARC policies are published to public DNS servers and already protect up to 60% of mailboxes for the most part these are public mailboxes from consumer email providers and many businesses are still on the outside looking in. Savvy IT Leaders know that they need to leverage commercial solutions that streamline DMARC management for their own email infrastructure to ensure they are protected from threats, and able to communicate with partners, clients, and prospects.
10:20 am - 10:30 am
10:35 am - 11:00 am
Of all the risk management issues that present themselves to the modern-day CISO, perhaps the most difficult to address is that of privacy. In and of itself, privacy is no different a challenge than protecting any other sensitive information, however the multi-jurisdictional impacts of the issue due to wildly differing laws between the US and European countries (as well as Canada, another country with strong privacy laws) make this an issue that is often times overwhelming to address. CISOs must work diligently to ensure that their privacy efforts conform with the standards of any jurisdiction with which they might work, where their data might be held and this is an almost overwhelming task.
Boards are now taking a greater interest in security and risk. This means there is a greater onus on security to translate the work they're doing into a business context. Without the communication there is a misalignment between security and what's going on in the rest of the organization . This is when you see the rise of things like shadow IT.
With the alignment, the organization can stand or fall together, putting them in a better position than those who are siloed.
11:05 am - 11:30 am
Is mobility a cost? Or is it a key part of your strategy for business success? Many businesses are leveraging mobility to generate real and measurable returns and to increase their competitiveness. How? Join CDM Media and BlackBerry as we explore ways in which companies can strategically manage their mobility investments.
In our session we'll look at security - again from a strategic viewpoint. Security covers a wide range of issues in the modern enterprise. While protection of data is at the forefront, security involves many other aspects and issues from secure collaboration to the security and protection of employees in an increasingly tumultuous world. We'll deal not only with securing mobility, but how the strategic use of mobility can make you more secure.
11:35 am - 12:00 pm
Over the last few years, as cloud and mobile technologies have taken hold within the enterprise, the concept of the network perimeter has dissolved, and with it the concepts around traditional network security. The broad scale adoption of IoT technologies however will make this first phase of network disaggregation seem trivial in comparison as enterprises begin to connect to not just thousands but millions of disparate and divergent endpoints. To ensure appropriate security in such a dispersed networking world and entirely new paradigm to security will be required that encompasses not just wildly diverse types of devices in wildly diverse locations, but the threat of low-powered, low complexity endpoints that have no internal capacity for monitored and managed security capabilities.
Building security into your enterprise processes, and integrating it with your existing technology investments has never been more critical or complicated than it is in this era of decentralized computing, and ever-tightening compliance requirements. Furthering this complication is the impact that partnering deals can have since infrastructure, applications, and even data may now longer be under your direct control. To be able to ensure efficient and effective security capabilities you need to understand the nature of the threats that exist today, the impact a sourcing relationship can have on these threats, and the mitigation strategies and tools key industry leaders are using to address the challenge.
12:05 pm - 12:30 pm
Robots and automation systems are no longer limited by onboard resources in computation, memory, or software. "Cloud Robotics and Automation" is where robots and automation systems share data and code and perform computation via networks building on emerging research in cloud computing.
There is a definite need to rethink the future of identity management on the web. The ability to verify your identity is the lynchpin of financial transactions that happen online. In today's digital age, an individual's identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not limited to, name, age, financial history, work history, address history and social history. However, remedies for the security risks that come with web commerce are imperfect at best. IF Blockchain is the answer? how are you going to take it from being seen by senior management, as a futuristic solution to the way your organization may survive competition in the next five years.
12:35 pm - 1:20 pm
1:25 pm - 1:50 pm
For many years the CIO, has struggled with the concept of IT-Business alignment and finding ways to ensure that the IT department and the Lines of Business with which it integrates have a common understanding and ability to communicate. Now, as the CISO and the information security department grow out of the IT shadow, they increasingly find themselves in the same position. Their challenge however is greater in that the concepts of IT security are in many ways more abstract than those of generalist IT, and their activities often run counter to the goals of the rest of the organization. CISOs must learn for the trials and tribulations of the CIO and the IT department, and find common ground with the business, to ensure they can hear what their partners are saying, while communicating their own points in understandable terms.
In todays environment there can be no arguing that a comprehensive IT Security program is a de facto requirement for every organization. Such a program needs to address the full range of security threats that can be leveraged against an organization, needs to be integrated into whatever regulatory and governance requirements exist, but beyond that it needs to be accessible, consumable, and actionable by everyone that is influenced by it, or interacts with it. Building a program that is shared through social channels and relies on the collaborative input of employees and constituents for not only creation but enforcement will drive higher levels of adoption, responsiveness and, ultimately, protection.
1:55 pm - 2:20 pm
As with all things in life, the focus on how to conduct enterprise security ebbs and flows between varying degrees of reactivity and proactivity. In the old school Security 1.0 world, where the focus was almost completely on network security, efforts were in general proactive in nature with firewalls and anti-malware seeking to prevent threats before they even occurred. This didn't work so well and so Security 2.0 focused on reactivity, wrapping things like encryption around the data so that even if a breach occurred, the loss would be mitigated. Yet breaches, and losses, continue to occur. So if primarily proactive security doesn't work, and if primarily reactive security also doesn't work, how then do we find the right balance between the two to find a security posture that does work?
2:25 pm - 2:50 pm
More and more C-level executives are realizing that cyber security is not just an IT function given the far-reaching and direct impact that cyber security threats can have on current and future business operations. As is evidenced in recent reports from security providers such as Mendicant, McAfee, SentinelOne and others, cyber espionage attacks by APT actors are breaching organizations both large and small, public and private. Whether the objective is Intellectual Property (IP), M&A information, financial records, or other business-sensitive protected data losses can result in significant brand, reputation, and financial impacts. To counter these risks, CISOs need to realize that traditional security techniques are insufficient, and that a new tier of security solutions are required to defend against the APT attack.
Volume, variety, velocity, veracity; all four of the hallmarks of Big Data have a clear fit in the world of security as the number of threats grows, their natures diverge, the speed with they are encountered (and subsequently have to be dealt with) accelerates, and the need to be ever more accurate enhances. As enterprises have made significant investments in Big Data programs and analytics platforms, they are beginning to reap real benefits in terms of business efficiency and innovation. The time then has come to begin applying those same principles and platforms to the security challenges facing enterprises to allow for faster, more effective overall security.
2:55 pm - 3:20 pm
For years the security focus of the enterprise was to build a hardened perimeter at the edge of the network, an impenetrable shell that kept the good out and the bad in. Over the last few years this model has fallen by the wayside. Technologies such as Cloud and Mobility have pushed the enterprise beyond its traditional perimeter while increased levels of partnership have created inroads through that shell. As a result, infrastructure based security is no longer sufficient or appropriate and enterprises everywhere are having to make the shift to a new security paradigm, one that is centered on the data itself, not on the infrastructure that houses it.
3:25 pm - 3:35 pm
3:40 pm - 4:05 pm
4:10 pm - 4:35 pm
Like death and taxes, IT outages are an inevitability whether as the result of power loss, telecommunications outage, or any one of a myriad other potential technical and non-technical issues. In this environment, the savvy CIO knows that what matters most is preparation â?" being ready for that next outage with an IT infrastructure that is both resilient and flexible and Disaster Recovery procedures that allow for efficient and effective recovery, balancing Recovery Time and Recovery Point objectives with appropriate cost. Disasters happen but with proper planning they don't have to be disastrous to your business.
Social media is the least hyped and potentially least adopted of the so-called disruptive technologies, at least by enterprises in general. This doesn't mean that employees are embracing these tools personally however, nor does it mean that enterprises should continue to avoid them. The fact of the matter is social platforms allow for incredible levels of interaction that when harnessed can lead to significant creativity and productivity gains allowing enterprises that adopt and encourage the use of social collaboration platforms to be more successful than their non-social peers. But every newly adopted technology brings with it unique problems and so it is the CISOs job to provide the secure landscape within which this social collaboration, both internal and external, sanctioned and not, can occur.
4:40 pm - 5:20 pm
The role of the modern IT Executive is more complex than it has ever been before, not just because the technology landscape has become more complex, but also because increasingly IT execs have had to become a business-focused executive, not just a technologist. Long have we talked about the CIO and CISO getting a seat at the table but modern businesses are now demanding that their technology impresario join them and leverage his deep and rich technical acumen to allow the organization as a whole to better position itself for market-place success. To be successful, CxOs need to invest in themselves, in their personnel, and in the right technologies to allow them to position the IT department to proactively address business needs as an innovator and driver, rather than order-taker and enabler.
5:00 pm - 6:30 pm
5:20 pm - 5:30 pm