Home | About Us | Contact Us | FAQ  
Infomation Security Executive of the Year Award   Executive Alliance, Inc
Infomation Security Executive of the Year Award
ISE AwardNominationsSponsorshipArchivesPress / Media
Home > ISE Central Executive Forum 2009
ISE Central Home
About the ISE Award
Special Guests
Nominations
Executive Nominees
Project Nominees
Judges
Sponsorship
Central Sponsors
Testimonials
Schedule of Events
Executive Forum
 
ISE Central Executive Forum

Thursday, April 2, 2009
Westin Park Central Hotel
Dallas, Texas
2:00 PM
 

Back to Top

Guest Host Moderator
Phil Agcaoili
 Phil Agcaoili, CISSP, CISM
Senior Manager, Global Information Security Assurance & Consulting
Dell Corporation
ISE Central Awards 2009 Nominee
Biography >
  
Richard Burk
 Richard Burk
Vice President, IT Operations
AmerisourceBergen
ISE Central Project of the Year 2009 Executive Sponsor
Biography >
 Topic 2: Security beyond Compliance: Strategies for a Proactive and Customized Security Framework
Adrian Butler
 Adrian Butler
Vice President, IT-Telecommunications & Support Services
Accor North America
ISE Central Executive of the Year 2009 Nominee
Biography >
 		  
James Carpenter
 James Carpenter, MSIA, CISSP
Chief Security Officer
Parkland Health & Hospital System
ISE Central Executive of the Year 2009 Nominee
Biography >
 		  
Cynthia R. Whitley
 Cynthia R. Whitley, CISSP, CISM
Chief Information Security Officer
Allstate Insurance Company
ISE Central Executive of the Year 2008 Nominee
Biography >		  


Thought Leadership Topic One:

Pioneering Innovative and Value-Added Customer Driven Security Programs in a Challenging Economy

With the recent worldwide economic challenges, many organizations are now pushing the envelope with the “Do More with Less” approach to controlling IT security costs. While continuing to optimize existing processes and resources can lead to short-term gains, the reality is that today’s economic challenges are not short term.. Security strategies must now be re-evaluated to support the core-competencies of the business and ultimately, the needs of the customers that drive the bottom line. In order to achieve success in today’s environment, security organizations must be able to position themselves with capabilities to pioneer innovative and better ways to create value for their customers as value is the strategic driver that can be utilized to differentiate programs that your customers are willing to invest in for the future.
Dive deeper into the discussions and share your ideas with your executive peers:

  • Understanding new customer choices and where they are seeking value in today’s economy.
  • Examining technology security investments that provide value-add for the customer – data leakage protection, software assurance management, identity management, endpoint protection, authentication, vulnerability management, data encryption, etc. Discuss how these technologies and which ones can provide this value.
  • Strengthening communications to position customers to develop shared goals and be active champions of your innovative security programs.
  • Measuring and managing customer expectations in this tough economy.

Back to Top

Thought Leadership Topic Two:

Security beyond Compliance: Strategies for a Proactive and Customized Security Framework

Information Security Executives (ISEs) are facing more complex regulatory and compliance programs for their organizations. Whether FISMA, HIPAA, GLBA, SOX or PCI DSS, these standards serve to provide a baseline for implementing and managing security, but the need for compliance with these guidelines is not enough to keep enterprises safe. And simply, they are often guidelines that are open to interpretation. Most of these standards were created well over six years ago, and their purpose was to provide a minimal level of security to protect sensitive information, not an in-depth strategy to address all enterprises risks.

To stay ahead of evolving threats, today’s ISE must take a more proactive approach by developing a security framework specific to their business strategies. Such a framework should focus beyond compliance guidelines to encompass several other basic principles, including defense through diversity, proactive security strategies, addressing layer 8 (users), and defining the framework.

Dive deeper into the discussions and share your ideas with your executive peers:

  • As complexity of managing the IT security portfolio continues , what are the key areas an ISE needs to review in their specific organizational infrastructures to create a unique security framework that stretches beyond compliance mandates to address unique infrastructure issues.
  • In today’s environment, what has changed on how assets should be prioritized and and resources allocated based on risk assessment results
  • How to develop potential scenario-based incidents to craft preplanned actions
  • Whento recalculate priorities and resources based on scenario assessments
  • Once an organization's customized security framework is in place, how should this framework serve as the basis for allocation of security resources, not just to meet baseline requirements of compliance standards – and how it should be maintained over time?
  • What are today’s types of proactive and defense in depth security solutions that can solidify a sound security framework and help drive key compliance mandates – like patch management, anti-virus, email security, vulnerability management, database monitoring & audit, software assurance management, etc.

Back to Top

Thought Leadership Topic Three:

The Business and Security Impact of Social Computing (Social Networking)

Social computing enhances the often unstructured interactions between individuals. Social computing means communities are going global—breaking the constraints of geography and expanding their reach and influence. Leveraging these online communities present both great business opportunities and potentially many unchartered security challenges for enterprises. The corporate use of social-software services like Facebook, LinkedIn, U-Tube, Twitter and MySpace create exposure of personal data in the workplace, the release of corporate data to the public and the risk of identify fraud as well as a host of other security, governance and compliance challenges. Furthermore, with increased usage of social-software services comes the onset of more malware as it often resides in the trusted and popular Web sites that your users visit frequently thus creating potential endpoint and network security risks.

Discuss with your peers in this roundtable how organizations, executives, security teams and vendors are developing technologies and best practices that are preventing the inappropriate exposure and exploitation of personal and corporate data through social computing.

Dive deeper into the discussions and share your ideas with your executive peers:

  • What are the key drivers for developing a strategy for an organization around social networking
  • Gaining an understanding of social-application governance. And how to build a social governance program that fits your organization’s culture and industry.
  • What are the types of policies to build into your secure web gateway program—from application white listing, content filtering, etc.
  • What are the best ways to optimize employee productivity with web application and filtering controls.
  • Discuss best practices for methods to prevent information leaks and data loss

Back to Top

Thought Leadership Topic Four:

Effective Methods of Securing Data in Mobile, High Speed and Third-Party Environments

In 2008, according to the Identity Theft Resource Center, there were 656 reported data breaches, an increase of 47% from the 2007 total of 446. The breaches were reported in the following sectors: business (240), education (131), government/military (110), health/medical (97), and financial/credit (78).

While organizations everywhere now rely on high-speed networks and mobile computing to more easily share and access information, this wide open world also presents new challenges for information security executives - how to prevent the loss of the most sensitive data.

With breaches of personal data reaching epidemic proportions, the loss of intellectual property poses a real threat to every business. Security solutions, designed to protect the network or limit information access, simply do not address the fundamental questions of where sensitive information is stored, how it is used, and how best to prevent its loss.
Security practitioners have always dealt with data leakage issues from email, IM, and other Internet channels, but now with the proliferation of mobile technology, it's easier than ever for data loss to occur, whether accidentally or maliciously. Protecting data on laptops and other mobile devices such as USB keys, Bluetooth devices, or removable CD drives presents a huge challenge.

Enterprise security executives, now more than ever, understand how critical it is to discover and protect data wherever it is stored, as well as monitor and prevent it from being used inappropriately across multiple channels.

Dive deeper into the discussions and share your ideas with your executive peers:

  • The latest innovations among enabling technologies that will put pressure on organizations in securing their data
  • Developing strategies that position your organization to further support mobility as a core requirement of the enterprise
  • What are the “gotchas” to look out for in developing strategies for ensuring your data is safe when exchanged with third-party providers
  • What are the successful processes and solutions that you have implemented to deal with endpoint security
  • What are the technologies that you have implemented to help prevent data leakage
  • How will organizations stay on top of identifying sensitive data, evaluating risk, and apply data classification standards as new technologies are introduced

Back to Top

Thought Leadership Topic Five:

Cloud Computing ESmart CISOs Asking the Tough Questions

Join in the discussions on the obvious solutions and the clear disconnects associated with the strategies and the deployment of cloud computing capabilities and its impact on information security. The premise of the majority of the cloud computing infrastructures going into 2009 consists of reliable services delivered through data centers and built on servers with different levels of virtualization technologies. The services are accessible anywhere in the world, with “The Cloud” appearing as a single point of access for all the computing needs of consumers.

Gartner reports that 63% of organizations they surveyed planned to increase use their use of cloud computing, likely as a result of the economic downturn, as this technology holds many promises; the ability to increase capacity and add new capabilities without additional data center capital expenditures, the reduction of training costs, and the reduction of the costs and maintenance associated with software development. So why are organizations struggling with deploying this environment?

Dive deeper into the discussions and share your ideas with your executive peers:

  • How are organizations working their way through the “loss of control” issues as information is moved to a third party provider
  • What is the expectation of privacy issues as your sensitive data gets handed off in the cloud
  • What are the tough questions that CISOs are asking about data integrity and recovery
  • What is the impact of e-discovery, regulatory compliance, and auditing on the capability to move your organization to this environment
  • What are the clear benefits and successes that organizations are seeing

Back to Top
Privacy Policy  |   Security Policy  |   Purchase Policy © 2003 - 2009 Executive Alliance, Inc. All rights reserved.