Wednesday, December 12, 2018
8:00 am - 8:30 am Networking Breakfast
8:30 am - 8:35 am Chairperson's Opening Remarks
8:35 am - 9:15 am True Security Partnerships- Speaking the Language of Business and TechnologyBhavesh Advani - Head of IT Risk and Governance Dropbox, Inc.
Sherron Burgess - CISO BCD Travel
Jim Kelly - CISO Mission Health
Jeff Kennedy - CISO Regions Bank
Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data and privacy are all components of proactive security leadership. Leadership needs to be in the forefront translating and communicating risk in a way that resonates with the business stakeholders. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
Join this session to learn how to:
•Engaging, managing, and exceeding expectations
•Top-down focus on risk management
•Evolving roles of the CISO, CIRO, and CIOs
Bhavesh AdvaniHead of IT Risk and Governance
9:20 am - 9:50 am Integrating Zero Trust NetworksRandy Marchany - CISO Virginia Tech
Internet 1.0 servers and endpoints were static. Internet 2.0 servers were static and endpoints were mobile. In the Internet 3.0 world, servers utilizing cloud, containers and "serverless" apps and endpoints (mobile devices, tablets, IoT, etc.) are highly mobile. A new security architecture needs to be implemented to address these new requirements. The traditional perimeter-based security architecture used in various sectors (edu, gov, com, org, etc.) has basically failed to protect internal assets. New technologies such as IoT and mobile devices will force a new approach to network security architecture. Zero-trust networks (ZTNs) assume that the network is hostile, attackers are already inside the net, and segmentation isn't sufficient for determining trust among other characteristics. This talk will describe zero-trust network properties and how we are integrating this architecture with existing cybersecurity defense strategies. We believe all sectors will have to adopt this strategy in the near future.
9:55 am - 10:25 am Business Meetings
10:25 am - 10:55 am Business Meetings
11:00 am - 11:30 am Evolving Data Privacy in a Global World
Security executives need to be attuned to privacy language, global privacy laws, and how to integrate security and privacy when building a cyber security program. This session will explore emerging state cyber regulations, GDPR challenges, and the basics of privacy as it affects corporate risk programs.
In this session:
•Integrating privacy by design
•Encouraging stakeholder collaboration
•Empowering privacy in enterprise risk management
11:30 am - 12:00 pm Strengthening Third Party Risk Management
With the common practice of utilizing third parties in business transactions having a clear understanding of the risk of sharing data is necessary. Increased cross-industry collaboration. Business partners and suppliers must be carefully assessed to make sure they meet regulatory and compliance requirements especially with the European Union and other current and pending regulations. Non-compliance includes stiff fines and breach notification requirements. This session will explore the extended risk and attack vectors associated with vendor staff, products and services that originate outside of an enterprise’s defensive perimeter and offer best practices for assessing vendor compliance, including:
•Adjusting access levels for third parties user and system accounts
•Securing development of application integrations; including firewall configuration
•Increasing industry collaboration and engagement to prioritize security