December 10 - 12, 2018
The Ritz-Carlton, Amelia Island, FL

Tuesday, December 11, 2018

8:00 am - 8:30 am Breakfast

8:30 am - 9:00 am Automating Security Controls Using Models and Security Orchestration

Many organizations have adopted machine learning and data analytics to help them identify security anomalies. However, mere identification isn’t good enough in a world where Petya and other modern attacks can take down 15,000 servers in a single organization in under two minutes. To combat these new types of malware, organizations need to be looking at Model-Driven Security Orchestration, where the security responses to emerging threats and attacks are automated and driven at machine speed. In this presentation, Aetna will provide an overview of our security orchestration program, including what worked, what didn’t and lessons learned.

Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

9:05 am - 9:35 am Privileged Access Management Automation- Securing Server-less Workloads

Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!

9:05 am - 9:35 am GDPR Leadership Business Analytics for the Information Security Function

9:40 am - 10:10 am Business Meetings

10:10 am - 10:40 am Business Meetings

10:40 am - 10:55 am Networking Break

BrainWeave

10:55 am - 11:40 am Strengthening Application Vulnerabilities
Remediating security vulnerabilities includes knowing how attackers compromise applications. Traditionally software developers write code and operations put the changes to code into place. Developers deploy code continually and quickly with new tools. DevOps is a working style that allows extremely fast code deployment, utilizing an integrated approach that joins agile development and operations together.  DevOps has a vital role in enterprise security with its ability to change approaches to security. DevOps and centralized security policies offer the opportunity to automate and streamline the manual tasks needed to configure systems and apps. 
•The evolving role of automation in security mitigation
•Scalable cloud security architecture utilizing DevOps
•Team use of innovative vulnerability management tools

Master Class

10:55 am - 11:40 am Digital Trust in the Age of Insecurity
Digital Trust is not about authentication. It’s a promise between a financial institution and its customers. It’s largely upon the CISO and their team to uphold that promise, but is a traditional SOC and GRC team enabled for that mission? Most are not. This is a discussion about fraud, security operations, and audit focused on two central use cases common in the financial sector designed to reinforce the importance of keeping your eye on the promise of Digital Trust, not just everyday security operations.


11:45 am - 12:30 pm Threat or Opportunity? The Evolving Internet of Everything

As the Internet of Things (IoT) continues to permeate all aspects of enterprise and personal existence, related security and privacy concerns continue to grow. IoT allows automation of some existing business processes along with the potential for transformation through new revenue sources and business models. With the transformational changes from IoT, come a greater level of engagement from the enterprise including in development and delivery to better align with business and technology needs. While there is much potential with IoT, the inherent insecurity of many devices offers another opportunity for attackers. Vague terms of use for the data captured by IoT adds to the treasure trove of information cyber criminals may try to access along with potential harm to users when IoT devices are embedded within industrial control systems and a hack could mean critical danger to a system or user.
In this session:
•Overcoming security challenges through convergence with AI, fog computing and blockchain
•Implementing a comprehensive strategy across the enterprise for IoT deployment
•Moving toward open architectures and interoperability

12:35 pm - 1:35 pm Networking Lunch

Roundtable Discussions- Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

1:40 pm - 2:45 pm Evolving IT/OT Security- Application Whitelisting

Roundtable Discussions- Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

1:40 pm - 2:45 pm Benchmarking Cybersecurity Maturity- Vendor Risk Management Insights

Roundtable Discussions- Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.

1:40 pm - 2:45 pm Implementing Global Multi-Factor Authentication with Single Sign-On

BrainWeave

2:50 pm - 3:35 pm Leveraging Deception to Stop Attacks
Deception seeks to protect critical corporate assets. The technology of deception combats advanced threats by uncovering the weakest link of the attack—the human element. In this session, explore how deception strategies can lessen the risk of fraud, help overtasked security teams and provide a more proactive approach.  Deception deceives and disrupts attacks proactively and does not require known attack paths. The discussion will include case studies of actual deployments.
In this session:
•Protecting legacy and proprietary applications and systems
•Managing risk during M&A and other business changes
•Automating incident response and shortening recovery

Master Class

2:50 pm - 3:35 pm Emerging Authentication Trends
Strengthening authentication, the first line of defense, is important as cyber crime continues to grow. Innovation and usability are keys to successful delivery of information security. Risk-based authentication also known as adaptive authentication uses behaviour and other factors to determine if a user has malicious intent.   The authentication tools limit a hacker’s access.  Attend this session to explore:
•Reducing the risks with de-centralization (shifting authentication and fortifying access)
•Addressing technological and user-experience challenges
•Navigating in an open-access environment with legacy applications, IoT and remote applications

In this session:
•Protecting legacy and proprietary applications and systems
•Managing risk during M&A and other business changes
•Automating incident response and shortening recovery

3:35 pm - 3:50 pm Networking Break

3:50 pm - 4:20 pm Business Meetings

4:20 pm - 4:50 pm Business Meetings

4:50 pm - 5:20 pm Business Meetings

5:20 pm - 6:00 pm Bringing Together the Best Qualities of Human and Machines

Collaborative internal and external partnerships are necessary to unite enterprise siloes. Close corporate cooperation creates teams utilizing robust, repeatable and scalable processes. Streamlining the human role in cyber security as digital transformation expands the ways to empower security resilience.
Join this session to learn how to:
•Balancing automation and expert human analysis
•Top-down focus on risk management
•Evolving roles of emerging technologies including Blockchain, advanced analytics, deep learning and chatbot protection

6:00 pm - 6:30 pm Networking Reception