Staff Report

Not necessarily just the CISO's job, true risk management must be a practice accepted up and down an organization. Technical, situational and business understanding and, of course, a wide view of risk all play key roles to combat today's threats. How are companies integrating these practices to establish more proactive security and risk management programs? Speaker: Robert Parham, director information security practice, Marlabs

Privacy of data is an expectation held by many of your customers. Yet, it's also a concept they shun themselves when hitting their Facebook or Twitter pages. How are organizations marrying privacy expectations with their business's security practices, and how do they see customer demands in this area evolving?

A discussion of various research into policy approaches to cyber security worldwide, recently released by Ryerson University. Speaker: Avner Levin, director, privacy and cyber crime institute, Ted Rogers School of Management, Ryerson University

Pros weigh in on what they perceive to be the greatest group of threats facing organizations at the moment, noting that such threats change weekly.

When it comes to the integrity of code - the heart of application security - who's responsibility is it in the end? Software developers are clearly still not stepping up, so industry groups have been formed and security software companies are in place to help. But who is culpable and why?

It's not just about the malware or policies you might try to put in place as your company moves to new mobile platforms. Understanding the device and OS limitations, as well as new advances and mitigation strategies, is part of the key to successfully deploying these devices both corporate-owned and BYOD. Speaker: Faiza Kacem, manager, IT security and disaster recovery, operational security and DR stakes management, National Bank of Canada

Of course the network is secure, we are SOX compliant, PCI compliant, xyz compliant. We all know compliance does not mean secure. However, from the more technical view, how can we practice great technical security so we don't have to then jump through hoops when the auditor walks through the door? Speaker: Colin Adams, Canadian infomation security officer, Equifax

Many industry pundits consider the rash of hactivist attacks in 2011 a major distraction from focusing on more immediate cyber threats. But what is the difference in these threats versus organized crime or state-sponsored hits, and should defensive strategies be different? Speaker: Daniel Chervenka, lead, security & governance, business management & strategic planning information services, Husky Energy

From tainted mobile operating systems and hardware to backdoors in firewalls and everything in between, how pervasive is this threat and what can organizations do to protect themselves?

There's a dearth of trained, experienced security professionals. As a result, organizations are constantly stealing good help from other organizations. How are these changes negatively affecting the industry and what steps are being taken or need to be taken to overcome them?