June 9, 2010
11:00am: Registration
1:00 PM : Welcoming Remarks and Introductions
Marci McCarthy
CEO and President
T.E.N.
Biography
1:15 PM : Keynote Address
Phil Agcaoili
Chief Information Security Officer
Cox Communications
ISE® Central Executive Award Winner 2009
The Shifting Tide of the Economy and the Impact on Information Security
Phil has been an influential leader in the Information Security industry for over 19 years and has established world class security organizations through his visionary, pragmatic, entrepreneurial, and goals-oriented approach and is responsible for Information Security at Cox Communications.
He was responsible for Dell’s Global Information Security Assurance and Consulting organization. Phil won the 2009 Information Security Executive of the Year Central Award.
2:15 PM : Interactive Executive Roundtables
The Interactive Executive Roundtables brings together ISE® Nominees, industry leaders, invited guests, and sponsor delegates to meet each other and join in interactive discussions on key industry issues as well as share best practices. The interactive roundtable discussions are hosted by our ISE® Judges and Nominees.
The Dark Side of Industry Consolidation: Mapping a Safe Path Through Vendor Consolidation
Gene Scriven
Chief Information Security Officer and Vice President
Sabre Holdings
ISE® Southeast People’s Choice Award Winner 2008
ISE® Southeast Executive Award Finalist 2008
The security technology industry is consolidating due to mergers and acquisitions, resulting in fewer but larger players. While there are many drivers that attract one company to buy another, a common force currently driving consolidation is that larger vendors are looking for ways to provide broader, end-to-end solutions that go beyond what they can assemble in-house. Acquisition offers a way to leverage the trend toward a greater user preference for best-of-breed components while defending their positions as end-to-end solution providers.
While these are clear benefits, vendor consolidation is not without its dark side. What may happen to the acquired vendor and its technology is often an open question. Vendor consolidation impacts vendor relationships, technology direction and customer support; elevates concerns about the safety of existing and new investments; and adds uncertainty and risk that is best to be avoided.
Trends In Identity and Access Management: Transforming Security into an Enabling Function
Director, IT Security & Support Services
Williamson-Dickie Mfg. Co.
The digital world is dramatically altering the way business gets done, resulting in numerous security challenges for organizations. The internal corporate network is now a connected web of people and devices as more employees work remotely; and partners, customers and vendors are given access to corporate systems and sensitive data. This connected business model many times means managing access for users the company knows little about. To complicate matters, cloud-based applications are on the rise, bringing more challenges to managing user security. Layered on top of these business considerations is the requirement to meet industry-specific standards and comply with regulations such as HIPAA, SOX and PCI. Businesses must prove accountability around data access and management.
As businesses mature, they must be able to manage rapid change, establish effective formal governance, and provide accountability through transparency. Identity and access management and compliance solutions form the cornerstone of an organization's governance, risk and compliance strategy and serve as a basis for transforming security into an enabling function. Implementing these programs can be complicated and time-consuming, but enterprises may be able to simplify the process and make tangible contributions to enterprise business goals if they consider vendors that are developing ways to integrate IAM offerings with other compliance solutions.
Secure Social Networking: Is there an App for That?
Cynthia Whitley
Chief Information Security Officer
Allstate
ISE® Central Finalist 2008
Facebook, Twitter, LinkedIn, YouTube, MySpace. Love it or hate it, social media is part of the business world and it’s here to stay. Social media empowers businesses to build a brand, expand their reach, connect with customers and partners and facilitate the “flow of business.” While leveraging online communities presents great opportunities, many security executives express frustration over the dilemma of how to make social media available for business reasons without exposing themselves to unnecessary security risks.
Employees toggling between “friending” on Facebook and “businessing” on corporate systems leaves a company open to the exposure of personal data in the workplace; the release of corporate data to the public; the risk of identify fraud; and a host of security, governance and compliance challenges. A perfect storm is brewing between the number of people using social media and the increasingly sophisticated malware attacks being launched to prey on the data. Now, with the proliferation of third-party applications for mobile devices, the complexity and diversity of security issues become even greater as users download unsecured applications and use mobile devices for personal reasons. Financial firm USAA, for example, allows customers to deposit a check from their mobile phones by using a "remote capture" of an image of the check.
Outsourced or Outsmarted: How to Avoid the "Gotchas" in Outsourcing
Brian Wrozek
IT Security Director
Texas Instruments Incorporated
ISE® Central Executive Award Winner 2008
It seems like a win-win: Outsource that non-critical function, save money, increase efficiency, tap into deep expertise and reap the rewards of having your IT teams focus on mission-critical work. But along with the benefits comes the need to provide outsourcers with access to sensitive corporate assets.
From offshore to near shore, front office to back office, network monitoring to HR, security challenges surface whenever business processes are moved outside of the confines of the firewall. Whether it be legal liability, compliance issues, brand risk or customer concern, the more eyes and hands you have on your data, the greater the risk of something going wrong. This problem is magnified by the fact that your data may be stored on many different computers and the people accessing your data may well be on the other side of the world.
Data risks and security challenges are an inherent problem for companies that outsource. While most outsourcing firms are trustworthy and responsible, some aren't. As the saying goes, “you can outsource anything except your liability.” So how do you align your outsourcing effort with business goals while protecting the data?
Securing The Cloud: Is it Possible?
Matthew Archibald
Managing Director and CISO
Applied Materials, Inc.
The benefits of cloud computing—accessing your data and applications stored on remote hardware by way of the Internet instead of keeping it all in your local workstation—still requires a leap of faith for many. But now that a workstation can go anywhere as a smart phone, a stripped-down Net Book or even an e-book reader, it's practically a virtual desktop operating in conjunction with a virtual server. If the user can be anywhere, so can the source for data and applications. Cloud computing represents a significant opportunity for enterprises to increase flexibility, gain access to best-of-breed applications, add capacity on demand and boost infrastructure resources – all at negligible cost.
As more information on individuals and companies is placed in the cloud, attention must be turned to how safe an environment it is and how we assess security and perceive risk. In the cloud, it’s difficult to physically locate where data is stored. While the cloud provider is the custodian, the data owner is still legally responsible for protecting the privacy and integrity of that data. Further, the “richer the pot of data,” the more attractive it is to cyber crooks. Security processes, once visible, are now hidden behind layers of abstraction. Even the most basic tasks, such as applying patches and configuring firewalls, may become the responsibility of the cloud operator, not the end user. While the intent of security remains the same - to ensure the confidentiality, integrity and availability of information - cloud computing shifts control over data and operations.
3:30 PM : Break
3:40 PM : Nominee Showcase Presentations
Jack Key
Vice President, Chief Information Security Officer
and Chief Privacy Officer
USAA
USAA’s Info Sec Authentication Program
In this presentation, Jack Key will discuss how USAA was able to provide its mobile user community faster, more secure mobile logon access to their banking, insurance and investment accounts through its new quick logon and authentication security software for its popular USAA Mobile App which allows bank deposit functionality from the iPhone and Androids platforms. Almost 1.3 million of USAA's 7.4 million members access USAA's mobile platforms to conduct financial transactions.
Download Presentation (ppt)
Lee Parrish
Director, Information Assurancee
Northrop Grumman
GRC – Governance, Risk and Compliance
Lee Parish will present how the Northrop Grumman team created a GRC: governance, risk, and compliance group within the Information Systems Sector and why. The team crafted a suite of risk management services for the InfoSec service catalog and developed processes for doing onsite risk assessments and stood up a robust automated GRC platform to enhance their service capabilities. Lastly, he will present how the team reached out to other business units to assist in their GRC solutions.
Download Presentation (pptx)
Christopher Holm
Director, IT Risk, Security & Controls
TXU Energy
GRC – TXU Energy Roles Rebuild
In this presentation, Chris Holm will discuss how the how the Roles Rebuild team successfully completed rebuilding individual user roles for SAP security for IT and then every functional organization at TXU Energy. The endeavor touched every employee at TXU Energy and was completed on schedule and within budget. In addition, Role Security Rule sets were developed for Segregation of Duties analysis and compliance for every Role, resolving IT controls deficiencies to achieve the highest controls effectiveness rates in company history.
Download Presentation (ppt)
Bridget Campbell
Manager Technology Security/Identity Management
Southwest Airlines
Self-Service Based Password Management
Bridget will present the design and implementation of a self-service based password management solution that provides a consistent, intuitive end user experience for setting and resetting passwords regardless of where and how it is accessed.
Download Presentation (ppt)
4:45 PM : Late Afternoon Break
5:00 PM : VIP Reception (invitation only)
ISE® Nominees, sponsors and special guests will have the opportunity to network in a private setting with beverages and appetizers.
6:00 PM : Sponsor Pavilion and Dinner Buffet
Guests enjoy gourmet dinner while networking and meeting the sponsors. Honoring and celebrating the award nominees for 2014, this exciting occasion will bring together top security executives to recognize the individuals who have made significant and positive impact on their organizations through exemplary performance.
7:30 PM : ISE® Central Awards Gala
Honoring and celebrating the ISE® Central Award Nominees, this exciting occasion will bring together top security executives to recognize the individuals and the project teams who have made significant and positive impact on their organizations through exemplary performance.
9:00 PM : Champagne & Dessert Reception
Enjoy champagne and dessert while celebrating the winners, nominees and project teams. Don't miss the Passport for Prizes drawing and a chance to win outstanding gifts from our ISE® sponsors.