ISE Mid-Atlantic Executive Forum Global and Thought Leadership Topics and Guest Host Moderator Assignments

Date: Thursday, May 17, 2007
Time: 2:30 PM - 5:00 PM
JW Marriott Hotel Pennsylvania Avenue
Washington, DC
 

	Elisa R. Cruz, IAM Director, IT Security U.S. Department of Homeland Security, Preparedness Directorate Information and Technology Division ISE Mid-Atlantic Nominee 2007 Biography >	Topic 1. Taking your Organization to Proactive Mindset from a Reactive Risk Management Posture
	Jane Scott Norris, CISSP, CISM, CAP DEAN, School of Applied Information Technology, Foreign Service Institute U.S. Department of State ISE National Award Finalist 2004 and 2005 Biography >	Topic 2. Building Customer Confidence - Protecting Customers from the Next Generation of Threats Targeting Personal Information and Interactions
	Kathy Memenza Vice President, Technology Planning & Technology Security Marriott International, Inc. ISE Mid-Atlantic Award Winner 2006 Biography >	Topic 3. Mitigating Risks and Vulnerabilities in Software, Enterprise and Web Applications
	Aurobindo "Robin" Sundaram Vice President, Information Security ChoicePoint Alpharetta, GA ISE Southeast Award Finalist 2007 Biography >	Topic 4. Deep Dive: Pros and Cons of Using a Managed Security Service Provider (MSSP)
	David Vordick Chief Information Officer USEC, Inc ISE Mid-Atlantic Award Nominee 2006 Biography >	Topic 5. Keeping Security Transparent but Effective with the Advancement of IT

Getting Ahead of the Curve -Building Business Value and Mastering Enterprise Risk Management

Global Topic Led By: Kathy Memenza - Vice President, Technology Planning & Technology Security, Marriott International, Inc., ISE Mid-Atlantic Award Winner 2006

In today's business climate, enterprise risk management is no longer a theory - rather it has become a number one priority. In addition, new legislation and the best security practices set forth in BS7799 and ISO-17799 point to information risk analysis as the cornerstone of any program designed to safeguard information assets.

Enterprise Risk Management (ERM) is a structured and disciplined approach to managing risk. ISE Mid-Atlantic Winner 2006, Kathy Memenza, will share with you how Marriott International is aligning the organization's strategies, processes, technology and knowledge with the purpose of improving its ability to evaluate and manage risk on an enterprise-wide basis to create business value.

In an interactive format, Kathy will lead the discussions on how to baseline the risk-sensitivity of your organization and reduce the inevitable functional, departmental and cultural barriers that exist in most organizations. He will also share how he is able to integrate a forward-looking and process-orientated approach to managing all key business risks and opportunities - not just financial ones - with the intent of maximizing value for the enterprise as a whole.

Back to Top

Taking your Organization to Proactive Mindset from a Reactive Risk Management Posture
Led by: Elisa R. Cruz, Director, IT Security , U.S. Department of Homeland Security, Preparedness Directorate Information and Technology Division

Today's enterprise faces a tough challenge in meeting requirements of a variety of technical standards, IT governance frameworks, and laws related to security administration. Complying with governance standards, frameworks like ISO 17799, and laws such as the Sarbanes-Oxley Act and Basel II is a major challenge-it is often hard to think about staying ahead of the curve. Furthermore, in an effort to meet compliance requirements, many organizations have deployed rudimentary policies with intentions of improving them at a later date. Discuss with your peers what processes and solutions you have implemented to-date and what your plans are for the future with compliance being an ongoing effort. And discuss how you can take your organization from a reactive risk management posture to a proactive mindset where you can adopt a stance that can help achieve good governance by implementing a best practices framework within the enterprise.

Discuss with your peers at this executive roundtable:

• How to define IT policy compliance at your organization
• Where the management of this function should go
• Effective ways to identify threats that can make your organization non-compliant

Back to Top

Building Customer Confidence - Protecting Customers from the Next Generation of Threats Targeting Personal Information and Interactions
Led by: Jane Scott Norris, Dean, School of Applied Information Technology, Foreign Service Institute, U.S. Department of State

The battleground for security is no longer just the computer, or even a corporate network. Protecting information and interactions online requires more sophisticated security processes and technologies. Businesses, government agencies and academic institutions are all at risk of data breaches. These breaches are often widely publicized and can damage an organization's reputation as well as expose millions of people to identity fraud. Consumers and enterprises alike need to feel confident that their information is safe and their interactions are secure. Discuss with your peers the latest solutions that you have implemented or are considering to utilize that provide real-time fraud and data leak detection as well as auditing capabilities.

Discuss with your peers at this executive roundtable:

• How organizations are addressing issues around identity theft and phishing to protect customer information and brand identity
• Opening and maintaining lines of communication with lines of business leaders, executive team, board of directors and other key stake holders about customer protection security practices and policies
• Effective methods for protecting customer data in systems that you have limited access to or do not own

Back to Top

Mitigating Risks and Vulnerabilities in Software, Enterprise and Web Applications
Led by: Kathy Memenza, Vice President, Technology Planning & Technology Security, Marriott International, Inc.

Security executives have an expertise in utilizing network security controls to protect corporate data and assets, including firewalls, intrusion prevention systems, and event monitoring software. However, many recent targeted attacks and widely publicized security breaches point to software vulnerabilities as a greater, but less understood, source of risk. These security vulnerabilities are at the center of many of the major data breaches that resulted in the theft of customer records.

Vulnerabilities in operating systems, software applications and websites render an otherwise secure environment insecure. Any operating system or application added to a secure environment that has exploitable security vulnerabilities affects the security of the whole environment. An otherwise secure system can be compromised easily if the system or application software on it, or on a linked system, has vulnerabilities. Therefore, it is critical that software on networked computer systems be free from security vulnerabilities. Discuss with your peers how security vulnerabilities in software can arise from a number of development factors where these vulnerabilities can be located from to poor software development practices, new modes of attacks, application misconfigurations, to unsecured links between systems. And once identified what can be done about them.

Discuss with your peers at this executive roundtable:

• What kinds of software security assessment instruments can aid in providing a greater level of assurance that software is not exposed to vulnerabilities as a result of defective software requirements, designs, code or exposures
• Assessing and assuring the security of software and web applications in the development and maintenance lifecycles

Back to Top

Deep Dive: Pros and Cons of Using a Managed Security Service Provider (MSSP)
Led by: Aurobindo "Robin" Sundaram, Vice President, Information Security, ChoicePoint

Securing information assets from internal and external threats has become a highly complex IT function, demanding significant investment in expertise, systems, infrastructure, and 24/7 oversight. The challenge of retaining resources and running a 24x7 environment on your own may not be cost effective for your organization. One of the solutions to this challenge is employing a managed security service provider (MSSP). Discuss with your peers, the considerations, pros and cons of utilizing a MSSP. Also, discuss the advantages and disadvantages of part of your security operations being outsourced to an MSSP and other parts managed by internal resources.

Discuss with your peers at this executive roundtable:

• Types of attacks seen and how one has become aware of them
• Solutions that are able to detect and prevent sophisticated online fraud and identity theft attacks
• Communication and education best practices for customers, management, employees and other key stakeholders
• Compensation for the victim
• The impact on the brand and company's reputation

Back to Top

Keeping Security Transparent but Effective with the Advancement of IT
Led by: David Vordick, Chief Information Officer, USEC, Inc

There are a number of IT challenges today coming from all aspects of real life. It is not just security threats coming through your firewall or hackers attacking your wireless network. It is as simple as human error that occurs during a system patch update or a migration of servers or networks. We all know that much of this information flows through a Windows platform and t he need to protect information and systems remains a critical business challenge. And with the release of Vista, a whole new set of business and technology challenges can come into play.

Discuss with your peers at this executive roundtable:

• How the latest IT advances puts corporate information to be at risk
• What hardware, OS, Application and Data are at risk if our ability to reach, transact, confirm, validate and recover the information in real time is compromised.
• Share your plans on upgrading to Vista

Back to Top