Data protection and compliance
Nothing has become so important to today’s security professionals than protecting the corporations’ data and ensuring their enterprise is in compliance with various local, state, federal and international laws. Undertaking the right plan to accomplish these goals, however, can be daunting. The next SC Magazine IT Security Executive Forum may change that.
Offering attendees extensive educational and networking opportunities in a relaxed and informal setting, the SC Forum combines workshops run by industry experts, high-profile keynote speakers, and a schedule of meetings with leading vendors. And, new this year, SC Magazine has become a designated (ISC)2 Trusted CPE Provider, which means that attendees holding (ISC)2 credentials, such as the CISSP, CAP and SSCP, will be able to earn CPE credits toward re-certification. All workshops and keynote sessions, along with vendor meetings, qualify for CPE credit.
Set for May 15 to 17 at the Westin Resort in Hilton Head, S.C., the event will allow for work as well as play. The venue, which is situated right on the beach, can help attendees relax with the right activities — from tennis and golf to horseback riding or spa treatments.
As the sixth such event that SC Magazine has organized in the U.S., previous delegates have commented that the format made the very best use of their time, helping them to formulate and refine their future IT security strategies, understand current threats and laws, navigate some of the current product offerings, and gain ideas from their peers and industry experts.
Given the more intense focus on identity theft, privacy problems and compliance demands, sessions will zero in on issues closely related to these at May’s SC Forum. The event will be divided into five workshops.
Jerry Dixon, director of the Department of Homeland Security’s National Cyber Security Division’s US-CERT, will discuss how to plug the holes that cyber thieves often exploit. With the time between the knowledge of a vulnerability’s existence and the creation of an exploit to leverage it for illicit activity shrinking, CSOs and their staff must get a better sense of their options to deal with vulnerable systems. This session provides details that attendees will be able to put to good use.
Stephen Scharf, a member of the international board of directors for the Information Systems Security Association and director of security with a leading provider of market data and analytics, will discuss protecting corporate data that leaves the firm. Companies can be exposed to risks in many ways, but one way this is happening more frequently is when organizations outsource various business functions. This workshop will focus on how to ensure that outsourced functions are protected from significant risks through vendor audits and assessments.
Jody Westby, president and CEO of Global Cyber Risk, LLC, who is working with Carnegie Mellon University’s Cylab on privacy and other issues, will help attendees make sense of laws and guidelines. From Gramm-Leach-Bliley to Sarbanes-Oxley, the laws to which companies must comply are numerous. But attempting to do so only grows more complex when accounting for the varying state, federal and international laws. This session will provide a run-down of some of the more important mandates to which companies must comply, share ways of ensuring compliance without duplicating efforts, and review how to work with both internal and external auditors to benefit corporate security programs.
John Carlson, senior director of BITS, a CEO-driven technology and business strategy group and sister organization to The Financial Services Roundtable, will talk about how companies can extend stronger security to their customers. The Federal Financial Institutions Examination Council (FFIEC) recently released guidelines suggesting that by the end of 2006 financial organizations should have some customers using two-factor authentication methods to access certain online accounts. Many experts believe this is a warning that companies should start encouraging customers to enlist stronger security methods before yet another law comes to pass specifically demanding this. This session will discuss the tools available, what might and might not work, and what companies can do now to better protect their customers.
Rich Baich, former ChoicePoint CISO and current managing director with PricewaterhouseCoopers, will review the steps a CSO must take to prep for identity theft incidents, as well as review how a company should respond to customers, their shareholders and the public after such a crime occurs.
The vendors who attend the SC Forum are leaders in the industry. Attendees will receive a list of vendors before the event, so they will be able to choose which ones they would like to meet.
Each meeting will last 30 minutes and, since vendors are notified in advance of their meeting schedule, they will already know the basics about attendees’ companies, which will enable them to get down to business immediately.
Attendees can expect to sit down with vendors whose products are relevant to their needs, getting useful information and insight about solutions they would actually use. This means attendees can expect results — not irrelevant hard sells.
The SC Forum is all about networking — meeting people, exchanging ideas, connecting with industry experts. Attendees will have informal coffee breaks, lunches, dinners, drinks receptions and time at the spa or on the golf course. Plus, advice and insight will be flying during workshops and vendor meetings.
By the end of the event, attendees will have had the opportunity to really get to know each other — hopefully building professional ties that will help them in the future.
ARE YOU ELIGIBLE TO ATTEND?
If you are a senior manager with significant purchasing responsibility and an annual budget in excess of $250,000 per year, you are eligible to attend the Forum as a guest of SC Magazine completely free of charge.
For more information, please visit www.scmagazine.com or contact Liz Lockard at Liz.Lockard@haymarketmedia.com.
KEYNOTE: Will Pelgrin
Will Pelgrin, director of the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC), will present the main keynote speech at this spring’s SC Forum. As director of the CSCIC, Pelgrin is responsible for leading and coordinating New York’s efforts regarding cyber readiness, geographic information systems response, and information sharing on the state’s critical infrastructure.