December 10 - 12, 2018
The Ritz-Carlton, Amelia Island, FL

Wednesday, December 12, 2018

8:00 am - 8:45 am Networking Breakfast

8:45 am - 8:50 am Chairperson's Opening Remarks

8:50 am - 9:35 am True Security Partnerships- Speaking the Language of Business and Technology

Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data and privacy are all components of proactive security leadership. Leadership needs to be in the forefront translating and communicating risk in a way that resonates with the business stakeholders.  Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount.  CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn how to:
•Engaging, managing and exceeding expectations
•Top-down focus on risk management
•Evolving roles of the CISO, CIRO, and CIOs

9:40 am - 10:10 am Business Meetings

10:10 am - 10:40 am Business Meetings

10:40 am - 11:15 am Benefits and Risks of Managed Security Service Providers

The potential for managed security services as an option for some or all of enterprise information security needs is driven by the growing number of attacks, the expanding perimeter with BYOD, and growing regulatory requirements along with the growing talent gap of qualified security personnel.   
In this session: 
•Effectively managing security resources in multiple locations
•Selecting a MSSP for a particular function (e.g. Security Operations Center)
•Cost/Benefit analysis – what is the reason for outsourcing and how to avoid a degradation in services
•Achieving (and maintaining) an appropriate level of service

11:15 am - 12:00 pm Strengthening Third Party Risk Management

With the common practice of utilizing third parties in business transactions having a clear understanding of the risk of sharing data is necessary. Increased cross-industry collaboration. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements especially with the European Union and other current and pending regulations.  Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
•Adjusting access levels for third parties user and system accounts
•Securing development of application integrations; including firewall configuration 
•Increasing industry collaboration and engagement to prioritize security

12:00 pm - 12:30 pm Chairperson's Closing Remarks