Thursday, April 19, 2007
Westin City Center Hotel
Dallas, Texas
 

Do you have Advance Questions for a Guest Host Moderator?

If you would like to ask a Guest Host Moderator a question on their thought leadership topic in advance of the ISE Central Executive Forum, please send your question via email to iseCentral@infosecaward.com. Be sure to include in the Subject Line: Question for Guest Host Moderator at ISE Central Executive Forum. In the body of the email, please let us know the name of the guest host moderator, thought leadership topic and your question. We will send your question over to the Guest Host Moderator to be answered at the ISE Central Executive Forum. Thank you.

Getting Ahead of the Curve -Building Business Value and Mastering Enterprise Risk Management

Global Topic Led By: Eric Litt - Chief Information Security Officer, Chief Security Officer, General Motors Corporation

In today's business climate, enterprise risk management is no longer a theory - rather it has become a number one priority. In addition, new legislation and the best security practices set forth in BS7799 and ISO-17799 point to information risk analysis as the cornerstone of any program designed to safeguard information assets.

Enterprise Risk Management (ERM) is a structured and disciplined approach to managing risk. ISE Central and ISE National People's Choice Award Winner 2006, Eric Litt, will share with you how GM is aligning the organization's strategies, processes, technology and knowledge with the purpose of improving its ability to evaluate and manage risk on an enterprise-wide basis to create business value.

In an interactive format, Eric will lead the discussions on how to baseline the risk-sensitivity of your organization and reduce the inevitable functional, departmental and cultural barriers that exist in most organizations. He will also share how he is able to integrate a forward-looking and process-orientated approach to managing all key business risks and opportunities - not just financial ones - with the intent of maximizing value for the enterprise as a whole.

Led by:
Topic 3	Eric Litt Chief Information Security Officer General Motors Corporation ISE Central People's Choice Award Winner 2006 Biography >

Back to Top

Topic 4	Phil Agcaoili, CISSP, CISM Sr. Manager, Global Information Security and Compliance - Consulting Dell ISE Central Award 2007 Judge Biography >	Topic 5	Tom Boehm Director of IT Security and Risk Management Alcatel-Lucent ISE Tri-State Award Finalist 2006 Biography >
Topic 6	Eric W. Schmidt Chief Security Officer Indiana University School of Medicine on the Indiana University ISE Midwest Award Finalist 2005 Biography >	Topic 1	Paul Smocer Senior Vice President and Chief Information Security Officer Mellon Financial ISE Mid-Atlantic Finalist 2006 Biography >
Topic 2	Kimberly Van Nostern Chief Security Officer Allstate Insurance Company ISE Midwest Award Winner 2005; ISE Midwest People's Choice Award Winner 2005 Biography >

Taking your Organization to Proactive Mindset from a Reactive Risk Management Posture
Led by: Paul Smocer, Senior Vice President and Chief Information Security Officer , Mellon Financial

Today's enterprise faces a tough challenge in meeting requirements of a variety of technical standards, IT governance frameworks, and laws related to security administration. Complying with governance standards, frameworks like ISO 17799, and laws such as the Sarbanes-Oxley Act and Basel II is a major challenge-it is often hard to think about staying ahead of the curve. Furthermore, in an effort to meet compliance requirements, many organizations have deployed rudimentary policies with intentions of improving them at a later date. Discuss with your peers what processes and solutions you have implemented to-date and what your plans are for the future with compliance being an ongoing effort. And discuss how you can take your organization from a reactive risk management posture to a proactive mindset where you can adopt a stance that can help achieve good governance by implementing a best practices framework within the enterprise.

Discuss with your peers at this executive roundtable:

• How to define IT policy compliance at your organization
• Where the management of this function should go
• Effective ways to identify threats that can make your organization non-compliant

Back to Top

Information Management: Data Loss Prevention, Electronic Discovery and Audit
Led by: Kim Van Nostern, Chief Security Officer, Allstate Insurance Company

Optimal use of information can be a key differentiator for enterprises in today's business environment. However, the amount of electronic information being generated and stored in messaging and collaboration systems has increased and become more broadly distributed. IT and security organizations are increasingly impacted by governance mandates and content retention policies. In addition, a rapidly changing threat landscape and increased compliance and legal discovery requirements have created significant risks which enterprises must now manage more effectively. IT and security executives are playing a more dominant role in the e-discovery process than ever before. Furthermore, the loss of sensitive content such as customer data and intellectual property has become a significant risk as businesses become more collaborative and information is more broadly distributed. In addition, many enterprises face regulatory requirements to ensure sensitive information is protected.

Furthermore, ever since California passed SB1386 and other states passing similar laws, organization after organization have had to disclose that critical data banks have been compromised by hackers, couriers or consultants. The causes range from lost backup tapes to lost laptops to network hacks. What most of these cases have in common is the lack of strong technical measures to protect data that is by its nature highly sensitive. From these and other cases, we've learned that many companies seem to believe they can adequately protect their information with a combination of locked doors, firewalls and access controls but may ignore simple process and procedure. Or the problem can be more sophisticated ?where an attacker can bypass mechanisms and send raw commands written directly to a database server.

Discuss with your peers at this executive roundtable:

• How to identify sensitive content and ensure that it does not leave the information environment inappropriately
• Time efficient techniques in getting through audits and sifting through large amounts of data
• Developing retention and archiving policies for email, instant messaging, portal content, files and documents
• The best approaches to collect sensitive data or debate whether or not to collect sensitive data at all
• Encryption techniques - i.e. Partial encryption, three-way encryption
• Technology solutions available today for data protection, electronic discovery, audit and encryption

Back to Top

Building Customer Confidence - Protecting Customers from the Next Generation of Threats Targeting Personal Information and Interactions
Led by: Eric Litt, Chief Information Security Officer, General Motors Corporation

The battleground for security is no longer just the computer, or even a corporate network. Protecting information and interactions online requires more sophisticated security processes and technologies. Businesses, government agencies and academic institutions are all at risk of data breaches. These breaches are often widely publicized and can damage an organization's reputation as well as expose millions of people to identity fraud. Consumers and enterprises alike need to feel confident that their information is safe and their interactions are secure. Discuss with your peers the latest solutions that you have implemented or are considering to utilize that provide real-time fraud and data leak detection as well as auditing capabilities.

Discuss with your peers at this executive roundtable:

• How organizations are addressing issues around identity theft and phishing to protect customer information and brand identity
• Opening and maintaining lines of communication with lines of business leaders, executive team, board of directors and other key stake holders about customer protection security practices and policies
• Effective methods for protecting customer data in systems that you have limited access to or do not own

Back to Top

Mitigating Risks and Vulnerabilities in Software, Enterprise and Web Applications
Led by: Phil Agcaoili, CISSP, CISM, Sr. Manager, Global Information Security and Compliance - Consulting, Dell

Security executives have an expertise in utilizing network security controls to protect corporate data and assets, including firewalls, intrusion prevention systems, and event monitoring software. However, many recent targeted attacks and widely publicized security breaches point to software vulnerabilities as a greater, but less understood, source of risk. These security vulnerabilities are at the center of many of the major data breaches that resulted in the theft of customer records.

Vulnerabilities in operating systems, software applications and websites render an otherwise secure environment insecure. Any operating system or application added to a secure environment that has exploitable security vulnerabilities affects the security of the whole environment. An otherwise secure system can be compromised easily if the system or application software on it, or on a linked system, has vulnerabilities. Therefore, it is critical that software on networked computer systems be free from security vulnerabilities. Discuss with your peers how security vulnerabilities in software can arise from a number of development factors where these vulnerabilities can be located from to poor software development practices, new modes of attacks, application misconfigurations, to unsecured links between systems. And once identified what can be done about them.

Discuss with your peers at this executive roundtable:

• What kinds of software security assessment instruments can aid in providing a greater level of assurance that software is not exposed to vulnerabilities as a result of defective software requirements, designs, code or exposures
• Assessing and assuring the security of software and web applications in the development and maintenance lifecycles

Back to Top

The Threat from the Inside --Protecting Your Data and Critical Transactions by Verifying User Identity and Managing Network Access
Led by: Tom Boehm, Director of IT Security and Risk Management, Alcatel-Lucent

Today there is no boundaries and limits on how businesses and consumers access technology but the expectations for a stable infrastructure, reliable information and secure interactions increase with each smart phone, laptop and Blackberry. The reality is people are the new network perimeter making it more even more challenging for security executives to find the right solutions for an ever changing digital landscape. Wherever they are and through whichever device they are accessing the network is where the line of defense must be drawn. And these lines are in constant motion as people connect from device to device and network to network.

With a defined perimeter becoming transparent if not blurred due to next generation and wireless networking technologies and for them to become a part of the infrastructure, networks and systems alike have become easily accessible to employees, partners, and customers. The insider threat has become top of mind for many enterprises-from business, government and higher education. The insider threat is now recognized as one of the greatest and most damaging of security risks. With that security executives are being asked to protect their crucial data without inhibiting the business and adding more staff. There are various ways of approaching data protection and managing the insider threat. It can be done at the network, at the end point, and with the user---or a combination of all three.

Discuss with your peers at this executive roundtable:

• Understanding the risk of the insider threat at your organization ?where it can come from and how
• How to build the business case for deploying solutions to address the threat from the inside
• Sharing of best practices for deploying identity management, anomaly detection, endpoint security and network access control technologies.
• Types of Acceptable Use Policies (AUP) to have in place at your organization
   

Back to Top

Keeping Security Transparent but Effective with the Advancement of IT
Led by: Eric Schmidt, Chief Security Officer, Indiana University School of Medicine on the Indiana University

There are a number of IT challenges today coming from all aspects of real life. It is not just security threats coming through your firewall or hackers attacking your wireless network. It is as simple as human error that occurs during a system patch update or a migration of servers or networks. We all know that much of this information flows through a Windows platform and t he need to protect information and systems remains a critical business challenge. And with the release of Vista, a whole new set of business and technology challenges can come into play.

Discuss with your peers at this executive roundtable:

• How the latest IT advances puts corporate information to be at risk
• What hardware, OS, Application and Data are at risk if our ability to reach, transact, confirm, validate and recover the information in real time is compromised.
• Share your plans on upgrading to Vista