gartner security and risk mgmnt summit 2013

Gartner Security & Risk Management Summit 2013June 10 – 13National Harbor, MDgartner.com/us/securityrisk

• ChiefInformationSecurityOfficer(CISO)

• ITSecurity

• BusinessContinuityManagement

• RiskManagementandCompliance

• TheBusinessofITSecurity

• Plus:NewIndustryDayForums

FIVE COMPLETE PROGRAMS

Reset Your World: The Evolving Role of Risk Management and Information Security

A

Sticky Note

Gartner Security & Risk Management Summit 20132


Discover the full spectrum of security and risk topics After nearly a decade of steady progress toward maturity, IT security and risk management have reached a tipping point. The Nexus of Forces — social, mobile, cloud and information — has unleashed a new wave of change and threats. Emerging markets and a jumble of international regulatory and compliance obligations have also increased the complexity of the business environment. In addition, the uncertainty of climate change — such as Superstorm Sandy — is making business continuity management (BCM) more important than ever.

As these threats and changes transform markets and redefine competitive advantage, business leaders are recognizing the critical role IT security and risk management disciplines play in ongoing business growth and transformation. This year’s Gartner Security & Risk Management Summit, June 10 – 13, in National Harbor, MD, delivers the essential tools and strategies CIOs, CISOs, CROs, CTOs and their teams need to identify and communicate emerging risks, manage them appropriately and enable the business to grow and prosper as securely as possible.

Key benefits of attending

• Resetyoursecurityandriskstrategytofocusonenablingbusiness objectives

• StayrelevantinyourroleastheNexusofForcesredefines IT security and risk

• ImplementBCMbestpracticestomakethebusinessmore resilient to threats

• Understand,anticipateandmitigatetherisksofnewsocial collaboration tools

• CraftastrategytodealwithemergingBYODand mobile threats

Who should attend

• CIOs,CSOs,CISOs,CTOs,CROs,CPOs

• ITvicepresidents,directorsandmanagers

•Networkmanagers,securityexecutivesanddirectors

• IT/ISdirectorsandmanagers

•Enterprisearchitectsandplanners

•BusinesscontinuityandITdisasterrecoverymanagers

•Seniorbusinessexecutives

•Riskmanagers

•Finance,audit,legalriskandcompliancemanagers

Visit gartner.com/us/securityrisk for agenda updates and to register 3


North America’s

most important

annual gathering

of the IT security

and risk

community

Five programs offer in-depth coverage of core areas of specializationWhen you join us at Gartner Security & Risk Management Summit 2013, you’ll have access to more than 50 Gartner analysts presenting the latest research covering the full spectrum of security and risk topics. From infrastructure security to identity and access management, governance to fraud to emerging risks, technology implementation to boardroom presentation, this is the singular opportunity each year to update every aspect of risk management and security based on the latest Gartner insight.

What’s new for 2013

• IndustryDayPerspectiveForumswithdedicatedcontentandGartneranalystsfor key industries

• AdvancedCISOProgramthataddressesstrategicissuesforsuccess

•Morethan150sessions,keynotes,workshops,tutorialsandcasestudies

•Revampedagendaofferingmoretypesofsessions

• NewMastermindInterviewkeynote:SteveBennett,CEOand Chairman of the Board, Symantec

•NewSuperRoundtableSession—20roundtablediscussionswithyourpeers

• OurGartnerforTechnicalProfessionalsanalystsexplorearchitectureandplanning considerations to protect information and build secure applications

• Interactionwithmorethan120vendors

4 Summit Programs

5 Industry Day Perspective Forums

6 Virtual and Vertical Industry Tracks

7 Keynote Sessions

8 Chief Information Security Officer (CISO) Program

9 CISO Agenda Tracks

10 CISO Invitational Program

11 IT Security Program

13 IT Security Agenda

14 Business Continuity Management Program

15 BCM Agenda

16 Risk Management and Compliance Program

17 Risk Agenda

18 The Business of IT Security Program

19 Session Descriptions

35 Solution Showcase

38 Agenda at a Glance

41 Registration and Pricing

TABLE OF CONTENTS


Chief Information Security Officer (CISO) Program This year the CISO program graduates from CISO basics to strategic and tactical planning. There are still too many things that should be done with too few resources. So how do you make use of the best information you have to set priorities and get things done, while moving toward those elusive strategic goals?

IT Security ProgramCloud, social, mobile and big data drive new opportunities but challenge traditional approaches to IT security. Their adoption for business operations requires security programs to mature rapidly. This program provides insights on security management from Gartner for IT Leaders analysts, and on security technology management from Gartner for TechnicalProfessionalsanalysts.

Risk Management and Compliance Program Integrated performance and risk management is the next promising evolutionary step for risk management and compliance programs. But new regulatory and legal challenges continue to mount. Early detection and mitigation of emerging risks are critical. This program focuses on the technologies and strategies to improve governance, manage risk, ensure compliance and adhere to the letter and spirit of the law.

Business Continuity Management (BCM) ProgramCan your organization survive another Superstorm Sandy? The number of regional disasters is growing. How will your enterprise ensure continuing operations when a business interruption occurs? These sessions help organizations anticipate the unexpected, and reinforce a discipline of risk management and mitigation, response and recovery in the corporate culture.

The Business of IT Security Program This program examines the latest technologies and trends, and financial and strategic views, of the security and risk market. Find out how big the market is for software and services, which market leaders are succeeding, and why. Learn where the innovation is, and how Gartner analysts rate the leading security vendors.

Program Descriptions

SUMMIT PROGRAMS

ANALYST-USER ROUNDTABLES

These topic-driven end-user discussions are moderated by Gartner analysts. Learn what your peers are doing around particular issues and across industries (preregistration required).

Private30-minuteconsultationswithaGartner analyst provide targeted, personalized advice to help you plan proactively and invest wisely (preregistration required).

MEET ONE-ON-ONE WITH A GARTNER ANALYST

Five role-based programs for targeted insight Chaired by experts in each discipline, this year’s summit offers five role-based agenda programs providing a more targeted learning and networking experience.

SUMMIT PROGRAMS


INDUSTRY DAY PERSPECTIVE FORUMS

GovernmentIG1. Case Study: Advanced, Persistent and Threatening — Who Are the Attackers and What Are They Doing?Dave Monnier, Security Evangelist and Fellow, Team Cymru; Lawrence Pingree

IG2. Critical Infrastructure Protection Requirements Driving New Security DemandRuggero Contu

IG3. Best Practices for Mitigating Advanced Persistent ThreatsLawrencePingree

Financial ServicesIF1. Case StudyTBA

IF2. Do I Need Cyberinsurance? Juergen Weiss

IF3. Strategic Road Map for Financial Services Enterprise Risk Management John A. Wheeler

HealthcareIH1. Don’t Give Them the Keys to the Kingdom Until You Know Who They AreBarry Runyon

IH2. HIPAA Bites: Getting Ready for HIPAA EnforcementWes Rishel

IH3. Help Save Healthcare: Tackling Fraud and Abuse at an Enterprise Level Christina Lucero, Avivah Litan

Energy/Utilities and ManufacturingIME1. Understand OT: The Emerging Risks From Advanced AutomationEarlPerkins,KristianSteenstrup

IME2. Supply Chain IT Risk Challenges: What Exactly Is That Supplier Doing?Erik T. Heidt

IME3. Securing the OT EnvironmentEarlPerkins,KristianSteenstrup

IME4. Responsibility and Accountability of OT SystemsKristianSteenstrup

New! Industry Day Perspective Forums Aligning IT-specific initiatives to the industry’s business success is the focus of every IT professional. The challenge is how to illustrate IT’s impact on the business goals — whether to the bottom line, quality, expense control or client satisfaction. That’swhywearepleasedtokickoffourMondayprogramwithspecialIndustryPerspectiveForums.Fivesectorsarecoveredinseparatetracksthatdelivertargetedcontentandindustry-specificperspectivesforthefollowing:Energy/Utilities,Government,Healthcare,FinancialServicesandManufacturing.IndustryDayPerspectiveForumsessionsinclude:


Virtual TracksMobility and SecurityThis track covers some of the business-critical system and data issues emerging from new wireless technologies.

Cloud ComputingThis track explores this and more of the latest challenges associated with cloud security.

IAM and Secure Business EnablementThis track features a wealth of presentations on current best practices and the latest issues and trends.

Advanced CISOOur CISO track contains best-practice and security program planning information. For those with more advanced needs, we have identified this curriculum as a suggested set of sessions.

Technical Insights: Security ArchitectureExplore the architecture and planning considerations for protecting information, building secure applications, understanding threats, auditing and monitoring activity, and managing risk associated with new devices and service hosting models. These sessions are delivered by Gartner forTechnicalProfessionals(GTP)analysts.

CybersecurityThis track helps you separate the hype from the reality and highlights best practices for protecting your organization in a rapidly changing threat environment.

Big DataThese sessions analyze the role that big data plays in security, and how it can enhance our defenses against targeted attacksandadvancedpersistentthreats(APT).

Social and SecurityThis track shows you how security and risk teams contain the risks found in social media usage while maximizing the benefits of social-enabled work processes.

Leadership/Professional DevelopmentThis track provides insights into the full range of skills and knowledge required to advance your capabilities as a security and risk manager.

Vertical Industry TracksFinancial ServicesFighting fraud while keeping online banking seamless and efficient are just a few of the key issues covered at this year’s event. See what else is covered for those in the financial services industry.

Government Government agencies are looking to develop cohesive national cybersecurity initiatives that are in partnership with consumers and the public sector. This is just one of the key issues covered at this year’s event. See what else is covered for those in government.

Healthcare Enterprises today are challenged to increase quality of service delivery, reduce compliance costs and anticipate healthcare reform while maintaining patient privacy and protecting intellectual property. This track covers this and more, specifically for the healthcare and pharmaceutical industries.

Energy/Utilities Establishing effective and efficient “smart grid” technology while combating for fraud, cyberattacks and the loss of control are just a few of the key issues covered at this year’s event. See what else is covered for those in energy/utilities.

Manufacturing Managing and optimizing increasingly interconnected and complex control networks while reducing costs and maintaining system integrity and protecting proprietary data are just some of the key issues covered at this year’s event. See what else is covered for those in the manufacturing sector.

VIRTUAL AND VERTICAL INDUSTRY TRACKS

Virtual and vertical industry tracks make it easy to follow a key trend, hot topic or address industry issues in relevant sessions pulled from across all five conference programs. To further customize any track, visit Agenda Builder at gartner.com/us/securityrisk.

VIRTUAL AND VERTICAL INDUSTRY TRACKS


KEYNOTE SESSIONS

Guest keynotesAdmiral Mike MullenChairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet

Keith FerrazziCEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone”

The Intersection of National Security, Leadership and the Global Economy

Serving at a critical juncture in our nation’s history, Admiral Mike Mullen was a key influencer in shaping the security of our nation for decades to come. A man of unparalleled experience, vision and integrity, Mullen shares with audiences his belief that, “Our financial health is directly related to our national security,” anddiscusseshowthekeytotheUnitedStates’economicsuccessinthenextcentury is to create opportunity. With an eye on the horizon and to the threats that still lie ahead, Mullen discusses America’s greatest challenges — economic growth, infrastructure, education and foreign and military policy.

Who’s Got Your Back: Creating and Developing Great Relationships

AsfounderandCEOofFerrazziGreenlight,KeithFerrazziworkstotransformold behaviors that block global organizations from reaching strategic goals,into new behaviors that increase shareholder value. The firm’s GreenlightResearch Institute has proven the correlation between positive relationshipsand business success, particularly in sales performance. Based on a decadeof field engagements with iconic global organizations, Ferrazzi has perfectedtechniques of collaborative coaching and motivation of key constituencies thatpositively transform organizational behavior.

KEYNOTE SESSIONS

Steve BennettCEO and Chairman of the Board, Symantec

SteveBennettwasnamedSymantec’schiefexecutiveofficerinJuly2012. Priortothat,BennettjoinedSymantec’sboardofdirectorsinFebruary2010andbecamechairmanin2011.BennettpreviouslyledIntuitservingaspresidentandchiefexecutiveofficerfrom2000-2007.UnderBennett’sleadership Intuit grew its existing businesses while simultaneously expanding intonewmarkets.BennettjoinedIntuitaftera23-yearcareeratGeneralElectric, where he managed complex and diverse organizations from consumer appliances to financial services. He currently serves on boards at American Airlines and parent company AMR Corporation, along with Qualcomm.

Opening Global Keynote: ResetPaul E. Proctor, Vice President and Distinguished Analyst; Andrew Walls, Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director

Now is the time to break the inertia that blocks progress in security and risk management. The evolution of risk and security officer roles shows the way to reset your approach to security and risk management, and create and sustain significant security and risk benefits to your organization. (And it won’t hurt your career any either!)

The Gartner Five-Year Security and Risk Scenario F. Christian Byrnes, Managing Vice President; Andrew Walls, Vice President and Conference Chair

Gartner’s research community for security and risk is composed of over 50 dedicated and numerous contributing analysts. This scenario represents their five-year projection of the state of security and risk. The intent is to provide a base for your long-term strategic planning.

Gartner keynotes

The Gartner Mastermind Interview


CHIEF INFORMATION SECURITY OFFICER (CISO) PROGRAM

Go beyond the CISO fundamentals to strategic and tactical planning Thisyear,forthefirsttime,theCISOProgramgoesbeyondfundamentalstoaddress enterprisewide strategy and tactical planning for chief information security officers. Too many things still need to be done with too few resources. We’ll look at how to use the best information available to set priorities and move toward strategic goals.

In addition to reporting lines, budgets, staffing, and governance, sessions will address how to act like and be seen as a business leader, understand and explain security concerns and technologies in business terms, and recognize what drives the behaviors at the root of many security failures — and how to change them with people-centric security strategies. This year’s program agenda features:

• 13CISO-focusedanalystsessions,plusanadditional16sessionscoveringall the issues CISOs face in today’s market

• AdvancedCISOProgramaddressingstrategicissuesforsuccessinyour role, including: strategic planning for information security, alignment of IT security to the business; governance and policy setting; creating a risk-aware culture; and process maturity

•ExclusiveCISOInvitationalProgramforqualifiedCISOs• Gartneranalysts,focusedonyourneedsintheCISOrole,availablefor

private one-on-one meetings • Workshop:SelectingSolutionsfortheControlandMonitoringofPublic

Social Media•VIPRoundtable:WorkingwiththeChiefLegalOfficer(CLO)

Meet the analysts Gartner analysts draw on the real-life challenges and solutions experienced by clients from over 13,000 distinct organizations worldwide.

• Strategicplanningforinformationsecurity

•Business/ITsecurityalignment•Governanceandpolicysetting• Businessvalueofinformation

security •Enterprisesecurityarchitecture•Creatingarisk-awareculture•Processmaturity

HOT TOPICS

F. Christian ByrnesManagingVicePresident andCISOProgramLead

Tom ScholtzVicePresidentandDistinguished Analyst

Andrew WallsVicePresident and Conference Chair

Paul E. ProctorVicePresidentandDistinguished Analyst

Rob McMillanDirector

John A. WheelerDirector

• CISOs,CIOs,CSOs,CROs,CTOsand IT vice presidents

• NewCISOswhowanttobuildtheirleadership role based on leading-edge Gartner research, insights and best practices

• ExperiencedCISOslookingtorefresh their understanding of the latest trends, tools, threats and technologies

• ITsecurityexecutivesonaCISOcareer track

WHO SHOULD ATTEND


CISO AGENDA TRACKS

Absolutely first rate conference! The best security event I have ever attended.Knowledgeablepresenters, timely and relevant content, great networking opportunities. 2012 conference attendee

MONDAY, JUNE 108:00 a.m. Event Orientation

8:15 a.m. K1a. Gartner Opening Global Keynote Reset AndrewWalls,VicePresidentandConferenceChair;PaulE.Proctor,VicePresidentandDistinguishedAnalyst;F.ChristianByrnes,ManagingVicePresident;JohnA.Wheeler,Director

9:05 a.m. K1b. Gartner Opening Remarks AndrewWalls,VicePresidentandConferenceChair9:45 a.m. IG1. CaseStudy:Advanced,PersistentandThreatening:WhoAretheAttackersandWhatAreTheyDoing?

Dave Monnier, Security Evangelist and Fellow, Team Cymru; Lawrence Pingree10:45 a.m. SolutionProviderSessions11:30 a.m. IG2. CriticalInfrastructureProtectionRequirementsDrivingNewSecurityDemandRuggero Contu G2:15p.m. IG3. BestPracticesforMitigatingAdvancedPersistentThreatsLawrence Pingree G

CISO4:30 p.m. A1. TransformYourSecurityandRiskProgramorFindAnotherJobPaul E. Proctor

5:30 p.m. A2. PreparingaSecurityStrategicPlanF. Christian Byrnes

6:15p.m. SolutionShowcaseEveningReceptionandTheaterPresentations

TUESDAY, JUNE 117:00a.m. PowerBreakfast:AboutGartnerandSecurity&RiskManagementResearchAndrewWalls,FrenchCaldwell;

RobertaJ.Witty;LawrenceOrans;RomanKrikken;F.ChristianByrnesHC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.)

8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy AdmiralMikeMullen,ChairmanoftheJointChiefsofStaff2007-2011;ChiefofNavalOperations;Commander,U.S.NavalForcesEurope/AlliedJointForceCommandNaples;ViceChiefofNavalOperations;Commander,U.S.SecondFleet

8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview SteveBennett,CEOandChairmanoftheBoard,Symantec

10:00 a.m. W6. Workshop:UseaBalancedScorecardtoDemonstrateSecurity’sValueRob McMillan

11:15 a.m. A3.OrganizingforSuccess:DevelopingProcess-centricSecurityTeamsTom Scholtz

2:00p.m. A4. Finding the Optimal Balance Between Behavioral and Technical Controls Andrew Walls

4:15 p.m. A5. MaverickResearch:TransformYourSecurityProgram—FromControl-centrictoPeople-centric Tom Scholtz

5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario AndrewWalls,VicePresidentandConferenceChair;F.ChristianByrnes,ManagingVicePresident

6:30p.m. Hospitality Suites

WEDNESDAY, JUNE 127:00a.m. HC2.HealthcareModeratedBreakfast:BYODBestPracticesinHealthcareBarry Runyon; Irma Fabular

(Registration required; end users only.)8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships

KeithFerrazzi,CEO,FerrazziGreenlight;Authorof“Who’sGotYourBack”and“NeverEatAlone”9:15 a.m. SolutionProviderSessions

10:30 a.m. A6. ThatFrighteningPhrase:“TheStandardofDueCare”Rob McMillan

11:30 a.m. A7. TheCareandFeedingofanEffectiveAwarenessProgramAndrew Walls

1:45 p.m. A8. UsingOutsideResources:SecurityConsultantsandThreatIntelligenceServicesRob McMillan

4:00 p.m. A9. TothePoint:TheRiskManagementMaturityPathwayRob McMillan4:30 p.m. A10. TothePoint:TheInformationSecurityMaturityPathwayRob McMillan

6:00p.m. SummitParty—VIPBoatCruise(Byinvitationonly)

THURSDAY, JUNE 13830 a.m. A11. Case Study TBA

9:30 a.m. A12. Panel:ResetYourIAMPlanning!LessonsFromtheVeteransGregg Kreizman, Earl Perkins

10:30 a.m. A13. Open Mic F. Christian Byrnes

11:30 a.m. K6. Gartner Closing Insights AndrewWalls,VicePresidentandConferenceChair;FrenchCaldwell,VicePresidentandDistinguishedAnalyst;RobertaJ.Witty,VicePresident;LawrenceOrans,Director;RomanKrikken,VicePresident;F.ChristianByrnes,ManagingVicePresident


CISO INVITATIONAL PROGRAM

An exclusive gathering of CISOs and Gartner analysts The Gartner Chief Information Security Officer (CISO) Invitational Program, heldconcurrentlywithGartnerSecurity&RiskManagementSummit2013,gathers a carefully screened group of CISOs for a chance to learn the current best practices, get updates on how peers are handling evolving challenges, and improve leadership skills. Admission is subject to approval and includes complimentary roundtrip airfare, accommodations, registration fee and access to session presentations online, including audio and slides.

If you qualify for this program, your day will be spent gaining valuable market intelligence from the world’s top technology providers as you participate in private boardroom presentations and select components of Gartner Security &RiskManagementSummit2013,whichinclude:

• CompleteCISOProgram,consistingofanalyst-ledsessions,interactiveworkshops, tutorials, case studies and more

•SpecialCISO-onlysessionsandnetworkingopportunities

•MoreadvancedsessionsforthosewithexperienceintheCISOrole

•FivekeynotesandgeneralsessionsandanewMastermindInterviewkeynote

•SolutionShowcasefeaturingmorethan120leading-edgesolutionproviders

We encourage you to submit your application for qualification today because seats are filling quickly. To apply, visit gartner.com/us/securityrisk/ciso.

•Directinteractionwithanalysts• Thelatestresearchontoppriorities

for CISOs• Boardroomcasestudy

presentations with leading solution providers

• AdvancedCISOvirtualtrackformore experienced CISOs

•C-level-onlyroundtablediscussions•ExclusiveCISOnetworkingevents• Keynotes,generalsessionsanda

Mastermind Interview •Securitymanagementworkshops

CISO INVITATIONAL PROGRAM FEATURES


IT SECURITY PROGRAM

• Advancedtargetedthreats(advancedpersistentthreatAPT)

•BYODsecurity•DDoSmitigation•Mobility•Datalossprevention(DLP)•Next-generationfirewalls•Next-generationintrusionprevention• Securityinformationandevent

management•Networkaccesscontrol•Anti-malware•Secureemail•SecureWeb•DNSsecurity

HOT TOPICS

The Nexus of Forces — social, mobile, cloud and information — is having a major impact on IT security, both on how it’s accomplished and with regard to new threats and vulnerabilities. In this comprehensive program, sessions will cover the breadth of today’s IT security priorities, from network, infrastructure and data protection to application security, identity and access management, privacy and mobile and cloud security.

Gone are the days when walling off intruders and controlling access was enough. Thanks to the cloud, social media and BYOD, the line of defense has blurred beyond recognition. Security’s new mandate is to focus on business objectives and find ways to enable new opportunities in a secure, trusted environment.

Featuring Technical Insights sessions from Gartner for Technical Professionals,theITSecurityProgramdeliversthetoolsandnextstepsto get things done today and understand where the technology is taking us tomorrow. The program agenda features:

•Morethan70sessions,workshopsandroundtablescoveringallofthelatest issues enterprises are faced with today

• 10TechnicalInsightssessionsbyGartnerforTechnicalProfessionalsanalysts that drill down on best practices in cloud, mobile and virtualization

• Tutorialsontopicsincludingtopsecuritytrendsandidentityandaccessmanagement

• Plus,10ITsecurity-focusedworkshops,12TothePointsessions,networking events, panels, analyst-user roundtables, and much more

• 25on-siteGartneranalystsfocusedonITsecurity,availableforprivateone-on-one meetings

Unparalleledopportunityto network at a national level. Great info on industry trends, tools and overall solutions.

2012 conference attendee


IT SECURITY AGENDA

Neil MacDonaldVicePresidentand Gartner Fellow

Eric MaiwaldVicePresident, Gartner for Technical ProfessionalsAnalyst

Rob McMillanDirector


Ant AllanVicePresident

Anton ChuvakinDirector, Gartner for Technical ProfessionalsAnalyst

Alan DayleyDirector

Mario de BoerDirector, Gartner for Technical ProfessionalsAnalyst

John GirardVicePresidentandDistinguished Analyst

Jay Heiser VicePresident

Gregg KreizmanVicePresident

Ramon KrikkenVicePresident, Gartner for Technical ProfessionalsAnalyst

Avivah LitanVicePresidentandDistinguished Analyst

Brian LowansPrincipalAnalyst

Joe FeimanVicePresident and Gartner Fellow

Peter FirstbrookVicePresident

Kelly M. KavanaghPrincipalAnalyst

Earl PerkinsVicePresident

Tom ScholtzVicePresidentandDistinguished Analyst

Ray WagnerManagingVicePresident

Mark NicolettManagingVicePresident

Lawrence OransDirector and IT Security ProgramLead

Eric OuelletVicePresident

Jeffrey WheatmanLeadershipPartner

Greg YoungVicePresident

IT SECURITY PROGRAM


IT SECURITY AGENDA



9:05 a.m. K1b. Gartner Opening Remarks AndrewWalls,VicePresidentandConferenceChair9:45 a.m. IF1. Case Study TBA IH1. Don’tGiveThemtheKeystothe

KingdomUntilYouKnowWhoTheyAreBarry Runyon H

IME1. UnderstandOT:TheEmergingRisks From Advanced Automation Earl Perkins, Kristian Steenstrup EU M

IME2. Supply Chain IT Risk Challenges: What Exactly Is That Supplier Doing? Erik T. Heidt GTP

10:45 a.m. SolutionProviderSessions11:30 a.m. IF2. Do I Need Cyberinsurance? Juergen Weiss

FIH2. HIPAABites:GettingReadyforHIPAAEnforcement Wes Rishel H

IME3. Securing the OT Environment Earl Perkins, Kristian Steenstrup EU

2:15p.m. IF3. Strategic Road Map for Financial Services Enterprise Risk Management John A. Wheeler F

IH3. Help Save Healthcare: Tackling Fraud and Abuse at an Enterprise Level Christina Lucero, Avivah Litan H

IME4. Responsibility and Accountability of OT Systems Kristian Steenstrup EU M

IT SECURITY4:30 p.m. B1.PracticingSafeSaaSJay Heiser C1. SecuringPrivate,PublicandHybrid

Cloud Computing Neil MacDonaldD1.Panel:GettingIAMGoing—BestPracticesforFormalizingYourIAMProgramAnt Allan, Earl Perkins, Ray Wagner

E1.BigDataDiscoveryUsingContent-AwareDataLossPreventionSolutions Eric Ouellet

W4. Workshop:BuildanEffectiveSecurityandRiskProgram Tom Scholtz, Rob McMillan, Jeremy D’Hoinne

W5. Workshop: Gartner Network Security Design Greg Young

5:30 p.m. B2. Cyberthreat Lawrence Orans C2.Panel:WhatIstheFutureofMobileManagement and Security? Peter Firstbrook, Neil MacDonald, John Girard

D2. Cost, Consequence and Value: The Economics of IAM Earl Perkins

E2. Cloud Encryption: Strong Security, Obfuscation or Snake Oil? Ramon Krikken GTP


TUESDAY, JUNE 117:00a.m. PowerBreakfast:AboutGartnerandSecurity&RiskManagementResearchAndrewWalls,FrenchCaldwell;RobertaJ.Witty;LawrenceOrans;RomanKrikken;F.ChristianByrnes

HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.)

10:00 a.m. W7. GettingValueOutofITSecurityandRiskMetricsProgramsRamon Krikken GTP11:15 a.m. B3.PresentingaHardTargettoAttackers:

Operationally Effective Vulnerability Management Mark Nicolett

C3. Top 10 Security Myths Jay Heiser D3. Town Hall: Access All Areas Ant Allan, Gregg Kreizman

E3. TBA

2:00p.m. B4.Panel:Real-WorldCaseStudiesinMobileBanking Security Moderator: Avivah Litan;, Dave Jevans, Chairman, Anti-Phishing Working Group, Marble Security; Vas Rajan, Chief Information Security Officer, CLS Bank; Tim Wainwright, Managing Director, CISSP, Security Risk Advisor

C4. How Can You Leverage Content-Aware DLPtoEnsureYourCorporatePoliciesandProcessesAreEffective? Eric Ouellet

D4. Your Cloud and Mobile Devices Broke My IAM Gregg Kreizman

E4.SecurityMonitoringofPublicCloud Anton Chuvakin GTP

4:15 p.m. B5. Mobile Device Security Exploits in Depth John Girard, Dionisio Zumerle

C5. Endpoint Security When the ConsumerIsKingPeter Firstbrook

D5. IAM for Applications and Data: The Rise of Data Access Governance in IAM Earl Perkins

E5.UsingManagedContainerstoProtectInformationonMobileDevices Eric Maiwald GTP



WEDNESDAY, JUNE 127:00a.m. HC2.HealthcareModeratedBreakfast:BYODBestPracticesinHealthcareBarry Runyon; Irma Fabular (Registration required; end users only.)

8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships KeithFerrazzi,CEO,FerrazziGreenlight;Authorof“Who’sGotYourBack”and“NeverEatAlone”

9:15 a.m. SolutionProviderSessions

10:30 a.m. B6. PreparingYourSecurityProgramforBYODEric Ahlm

C6. Cybersecurity! (The Biggest Scam SincethePonziScheme)Greg Young

D6. UsingBigDataAnalyticsforInformation Security Neil MacDonald

E6. Managing, Securing and Budgeting the Mobile Device Life Cycle John Girard

W10. Workshop: Meeting Business Needs for Mobility and Security Eric Maiwald

11:30 a.m. B7. Predictions:YourNetworkSecurity in2018Greg Young

C7. UserActivityMonitoringforEarlyBreach Detection Mark Nicolett

D7. Good Authentication Choices for Smartphones and Tablets John Girard, Eric Ahlm

E7. KeepingBadGuysOutofYourAccountsUsingFiveLayersofFraudPreventionAvivah Litan

1:45 p.m. B8. EncryptionPlanningMadeSimple!FollowtheData Brian Lowans

C8. Big Security Data Is Neither Big Security Nor Big Intelligence Joseph Feiman

D8. MobileDevicePolicyEssentials John Girard, Dionisio Zumerle

E8. Case Study: A Successful Implementation of the FICAM Guidelines TBA

W11. Workshop: Cloud Contracts — Develop Your Own Security and Risk Exhibits Gayla Sullivan

W12. Workshop: IT Risk Cloud Manifesto — Defining What Enterprises Need but Aren’t Getting! Erik T. Heidt

4:00 p.m. B9. TothePoint: The Database Security Manual — WhatYouNeedtoKnowBrian Lowans

C9. TothePoint: Deny Denial of Service Attacks Lawrence Orans

D9. Case Study TBA E9. TothePoint:RefreshVulnerabilityAssessment Kelly M. Kavanagh

4:30 p.m. B10. TothePoint: Cybersecurity for the Internet of Everything Earl Perkins

C10. TothePoint: PlayingChessWithAPTsAnton Chuvakin; Ramon Krikken GTP

D10. TothePoint:RevolutionandEvolution in Windows 8 Security Mario de Boer

E10. TothePoint:BestPracticesfor Securing Information During International Travel Dionisio Zumerle


THURSDAY, JUNE 138:30 a.m. B11. The Seven Dimensions of Context-Aware

Security Avivah LitanC11. Top Mobile Gear: Mobility Road Trip! Ant Allan, John Girard, Tom Scholtz

D11. Getting to Single Sign-on Securely Gregg Kreizman

E11. Facing Information Sprawl: Secure Synchronization of Data on Endpoints Mario de Boer GTP

W13. Workshop: Mobile Application Security Neil MacDonald

W14. Workshop: ITSecurity—PlanningaSelf-AuditKhushbu Pratap

9:30 a.m. B12. IsCloudEncryptionReadyforPrimeTime?Eric Ouellet

C12. Adapting the Secure Web Gateway Peter Firstbrook, Lawrence Orans

D12. Panel:AWorldWithoutPasswordsand Tokens Ant Allan, Avivah Litan, Ian Glazer

E12. DLPArchitectureandOperationalProcessesAnton Chuvakin GTP

10:30 a.m. B13. Software-Defined Networking and Its Impact on Security Eric Maiwald GTP

C13. Panel:HackersAreNotaThreattoSecurity — A Future of Internet Security Joseph Feiman, John Girard, Avivah Litan, Eric Ahlm, Neil MacDonald, Lawrence Pingree, Eric Ouellet, Peter Firstbrook

D13. Identity and Access Management Gets Social Ant Allan

E13. Web Application Firewalls: Features,Products,DeploymentandAlternatives Mario de Boer GTP



BUSINESS CONTINUITY MANAGEMENT PROGRAM

Did your organization survive Superstorm Sandy? Would it survive another Superstorm Sandy? What happens when your production and recovery sites are hit by the same outage? Do you know if your workforce can get to work to do their jobs? The number of regional disasters is on the rise. How does an enterprise ensure continuing business operations and systems availability in the event of a major business interruption?

The2013BusinessContinuityManagementProgramwillcoverthebreadth of BCM priorities, including how to make BCM an enterprise risk function, planning, strategy, availability risks in using cloud computing, plan developmentandexercising,thenewISO22301BCMstandard,supplier/third-party availability risk, crisis management and communications, metrics for success and reporting to the board and developments in BCM software and complementary technologies for enhanced situational awareness. These sessions help organizations anticipate the unanticipated and work to create a culture of risk management and business resilience.

The program agenda features:•19BCM-focusedanalystsessions,workshopsandroundtables•Workshopondevelopingeffectiveandefficientdisasterrecoveryplans•CasestudiesonBCMmetricsandBCMPimplementation•Tutorialonbestpracticesforcreatingemergencymessages•TothePointsessions,analyst-userroundtables,andmuchmore• Eighton-siteGartneranalystsfocusedonBCM,availableforprivate

one-on-one meetings

• BCMplanningtoolsand their implementation

• ISO22301implementation best practices

• Thenexusoftechnologytotakeyour BCM program to the next level

• IT-DRMarchitecturesandtechnologies for recovery, high-availability and exercising

•BIAbestpractices•Exercisingbestpractices•Supplier/third-partyrisk•BCMmetrics•Cloudserviceproviderrisk• Recoveryplan

development workshop

HOT TOPICS

BUSINESS CONTINUITY MANAGEMENT PROGRAM


BCM AGENDA


Leif Eriksen Director

John GirardVicePresidentandDistinguished Analyst

Gayla SullivanDirector

Belinda WilsonSenior Director, Gartner Consulting

Roberta J. WittyVicePresidentand BCMProgramLead

Donna ScottVicePresidentandDistinguished Analyst

Jay HeiserVicePresident

John P. MorencyVicePresident



9:05 a.m. K1b. Gartner Opening Remarks AndrewWalls,VicePresidentandConferenceChair9:45 a.m. PC2.ISO22301ImplementationSessionRoberta J. Witty; John P. Morency; Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting

10:45 a.m. SolutionProviderSessions11:30 a.m. T4. TBA 2:00p.m. W3. Workshop:SelectingSolutionsfortheControlandMonitoringofPublicSocialMedia Mario de Boer GTP2:15p.m. PC7. UsingMSSPsforEffectiveThreatManagementKelly M. Kavanagh

BCM4:30 p.m. H1. What Are the BCM Software Markets and How to Get the Most Out of Them Roberta J. Witty, John P. Morency, Leif Eriksen, John Girard

5:30 p.m. H2. What You Can and Cannot Do With Recovery Exercise Management Automation John P. Morency


TUESDAY, JUNE 117:00a.m. PowerBreakfast:AboutGartnerandSecurity&RiskManagementResearchAndrewWalls,FrenchCaldwell;RobertaJ.Witty;LawrenceOrans;RomanKrikken;

F. Christian ByrnesHC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.)



11:15 a.m. H3.CaseStudy:BusinessContinuityMetrics—FromProjecttoProgramtoIncidentManagementRoberta J. WittyBCM Metrics TBA

2:00p.m. H4.CloudServiceProviderRiskManagementDonna Scott, John P. Morency, Jay Heiser

4:15 p.m. H5. Managing Global Recovery and Continuity Risk John P. Morency, Roberta J. Witty





10:30 a.m. H6. WhatYouNeedtoKnowAboutTechnicalIT-DRMArchitecturesDonna Scott, John P. Morency

11:30 a.m. H7. Case Study TBA

1:45 p.m. H8. RecoveryExercisingBestPracticesBelinda Wilson

4:00 p.m. H9. TothePoint:BCMGrowsUp—HowaNexusofTechnologiesIsMovingBCMIntotheC-Suite Roberta J. Witty

4:30 p.m. H10. TothePoint:TheBusinessContinuityManagementPlanningMarketinDepthRoberta J. Witty, John P. Morency


THURSDAY, JUNE 138:30 a.m. H11. SupplierContingencyPlanning:WhatYouNeedtoKnowforSupplierRecoveryGayla Sullivan

9:30 a.m. H12. DesigningandArchitectingfor24/7AvailabilityDonna Scott

10:30 a.m. H13. How to Conduct an Effective BIA Belinda Wilson



RISK MANAGEMENT AND COMPLIANCE PROGRAM

As businesses transform themselves, push into new markets, pursue new capabilities and experience the immediacy and transparency of a mobile, social world, they face major new risk and compliance issues. Managing those risks effectively is essential to improved business performance. Integrated performance and risk is the next evolutionary step for governance, risk and compliance (GRC) programs.

Measuring and managing the impact of risk on business performance; complying with a variety of global rules, regulations and laws about financial transactions and privacy; and detecting early and mitigating emerging risks are all critical components of successful business and IT operations. The Risk ManagementandComplianceProgramfocusesonthetechnologiesandstrategies to improve governance and manage risk and compliance, as well as strategies to communicate the benefits of effective risk management to business leaders.

•EnterpriseandITriskmanagement• Integratedperformanceandrisk•Emergingrisks•Cloudrisks• Socialmediacomplianceand

risk management•Third-partyriskmanagement• Risk-AdjustedValue

Management™ (using risk to drive performance)

•Creatingkeyriskindicators• ITandcorporategovernance• Informationgovernance•E-discovery•ThefourthgenerationofGRC•Privacy• ITaudit

HOT TOPICS


RISK MANAGEMENT AND COMPLIANCE PROGRAM

French Caldwell VicePresidentand Gartner Fellow and RiskProgramLead

Carsten CasperVicePresident

Julie ShortDirector

Andrew WallsVicePresident and Conference Chair

Jeffrey WheatmanLeadershipPartner

Paul E. ProctorVicePresidentandDistinguished Analyst

Richard HunterVicePresidentandDistinguished Analyst

Jorge LopezVicePresidentandDistinguished Analyst

Khushbu PratapSenior Analyst

John A. WheelerDirector


RISK AGENDA

New Risk Management and Compliance Program features for 2013TheRiskManagementandComplianceProgramfeatures:

•Tutorialongovernance,riskandcompliance(GRC)

• Morethantwodozenrisk-and-compliance-focusedanalystsessions,TothePointsessions,case-studies,panels,debatesandGartnerforTechnicalProfessionals(GTP)sessions

• Threegeneralsessions:

– Duck and Cover: Preparing for Cyberwar Richard Hunter, Avivah Litan

– A Clash of Forces: Managing Emerging Risks of the Nexus French Caldwell, Andrew Walls, panelists

– Leadership, Governance and Risk David Marquet, Author of the Award-Winning book “Turn the Ship Around!”; French Caldwell

•Specialrisk-management-and-compliancenetworkingopportunities

• Gartneranalystsfocusedonriskmanagementandcompliance,availableforprivateone-on-onemeetings



9:05 a.m. K1b. Gartner Opening Remarks AndrewWalls,VicePresidentandConferenceChair9:45 a.m. W1. Workshop: Information Security Architecture 101 Tom Scholtz, Doug Simmons

10:15 a.m. T1.Tutorial:TopSecurityTrendsandTake-Awaysfor2013and2014Ray Wagner PC1. Sharing Data Without Losing It Jay Heiser10:45 a.m. SolutionProviderSessions11:30 a.m. PC4. SIEMArchitectureandOperationalProcessesAnton Chuvakin GTP PC5. Forget MDM: Extending Security and Identity to Mobile Apps Ramon Krikken GTP2:00p.m. W2. Workshop:HowtoDevelopEffectiveandEfficientDisasterRecoveryPlansBrian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty,

John P. Morency, Belinda Wilson2:15p.m. T3. Tutorial: IAM Myths and Monsters Ray Wagner PC6. End-UserCaseStudyTBA

RISK MANAGEMENT AND COMPLIANCE4:30 p.m. F1. /G1. GeneralSession:DuckandCover—PreparingforCyberwarRichard Hunter, Avivah Litan

5:30 p.m. F2.LinkingRisktoBusinessDecisionMaking:CreatingKRIsThatMatterPaul E. Proctor G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRC French Caldwell






11:15 a.m. F3. Security and Risk Management Technologies for Social Media Andrew Walls G3. A New Way Forward: How to Create a Strategic Road Map for Compliance John A. Wheeler

2:00p.m. F4.CEOConcerns2013andtheITImplicationsJorge Lopez G4. Maverick Research: Crowdsource Your Management of Operational Risk Leif Eriksen, Paul E. Proctor

4:00 p.m. W8. Workshop: TBA W9. Workshop: IT Risk Management — Selecting the Best Assessment Methods and Tools Jeffrey Wheatman, Khushbu Pratap

4:15 p.m. F5./G5. General Session: A Clash of Forces — Managing Emerging Risks of the Nexus French Caldwell, Andrew Walls, panelists





10:30 a.m. F6./G6. Leadership, Governance and Risk David Marquet, Author of the Award-Winning Book, “Turn the Ship Around!”; French Caldwell11:30 a.m. F7. Road Map for Intelligent Information Governance Alan Dayley G7. Defining Three Segments in the Audit Technology Market Khushbu Pratap

1:45 p.m. F8. Align Governance to Your Organization for Success Julie Short G8. Top5ITAuditTrendsin2012-2013Khushbu Pratap

4:00 p.m. F9. TothePoint:WorkingWiththeBoardofDirectorsonRiskandTechnologyforCompetitive Advantage Jorge Lopez

G9. TothePoint:IsYourBusinessKeepingUpWiththeChangesandBestPracticesforE-Discovery? Alan Dayley

4:30 p.m. F10. TothePoint:ConqueringtheLastFrontierofGovernanceWithEnterpriseLegalManagement John A. Wheeler

G10. TothePoint:Anti-BriberyFearandHype—LimitsandUsesofFCPASolutions French Caldwell


THURSDAY, JUNE 138:30 a.m. F11. The Four Faces of Governance French Caldwell, Julie Short G11. Case Study TBA

W15. The Gartner Network Security Architecture Reference Model

9:30 a.m. F12. EthicsattheNexusofSecurity,PrivacyandBigDataJay Heiser G12. Why ERM and GRC Depend on Each Other to Succeed John A. Wheeler

10:30 a.m. F13. Shrink-WrapGovernance:AGuidetoUnderstandingGRCSoftwareandServicesFrench Caldwell

G13. Debate: Cyberinsurance — Evolution or Revolution? Paul E. Proctor, John A. Wheeler



THE BUSINESS OF IT SECURITY PROGRAM

What’s going on in today’s dynamic, competitive, complex security and risk marketplace? Where are leading companies putting their security dollars? Whichstartupscapturedthe$650millioninventurecapitalinvestedinsecurityand risk management startups last year?

TheBusinessofITSecurityProgramoffersCISOs,businessandITleadersanoverview of the latest developments in the security and risk market, including market conditions and challenges, new technologies, mergers and acquisitions and trends shaping the future of secure business enablement. This year’s agenda features a panel of startup security company executives discussing advanced threats, new technologies and what lies ahead. Including Gartner ratings of leading security vendors, this financial and strategic overview is essential for those participating in the sale, purchase or valuation of security and risk-related technologies.

•Forecastreport/analysis•Marketsharereports•Userwantsandneedssurvey•KeyvendorSWOTanalysis•MQ/trendanalysis•Startupcompanypanel

HOT TOPICS

David W. Cearley VicePresidentand Gartner Fellow

Lawrence PingreeDirector and Business of ITSecurityProgramLead

Ruggero ContuDirector


THE BUSINESS OF IT SECURITY PROGRAM

Eric Ahlm Research Director



9:05 a.m. K1b. Gartner Opening Remarks AndrewWalls,VicePresidentandConferenceChair9:45 a.m. PC3.NowWhat?HowtoUseServiceProviderstoSupportSIEMOperationsKelly M. Kavanagh, Mark Nicolett

10:45 a.m. SolutionProviderSessions11:30 a.m. T2. Tutorial: Tell Me, What’s IT GRC Again? (Solutions to Common Challenges) Erik T. Heidt GTP2:15p.m. PC8. Road Stories: Lessons Learnt (and Fingers Burnt) in IT Risk Management Tom Scholtz

BUSINESS OF IT SECURITY4:30 p.m. J1. Global Security Markets: Where Are We Going From Here? Eric Ahlm, Ruggero Contu, Lawrence Pingree5:30 p.m. J2.SurveyAnalysis:ExaminingtheGartnerGlobal2012SecurityConferenceSurveyResultsEric Ahlm,

Ruggero Contu, Lawrence Pingree6:15p.m. SolutionShowcaseEveningReceptionandTheaterPresentations





11:15 a.m. J3.UserSurveyAnalysis:SecurityServicesMarketTrendsEric Ahlm

2:00p.m. J4.Panel:SecurityStartups—LeadingtheWaytoSuccessRuggero Contu, Lawrence Pingree, Gaurav Banga,CEO, Bromiun; Mike Horn, CEO, NetCitadel; Pravin Kothari, CEO, CipherCloud; George Kurtz, CEO, Crowdstrike; Gordon Shevlin, CEO, Allgress

4:15 p.m. J5. Buyers Are From Mars, Vendors Are From Venus Eric Ahlm, Rob McMillan




(Registration required; end users only.)8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships KeithFerrazzi,

CEO,FerrazziGreenlight;Authorof“Who’sGotYourBack”and“NeverEatAlone”10:30 a.m. J6. InformationSecurity:ProcessorTechnology—WhichWayDoWeGo?Jeffrey Wheatman, Jay Heiser,

Anton Chuvakin, Neil MacDonald, Tom Scholtz11:30 a.m. J7. Management Still Doesn’t Get Security (And What You Can Do About That) Paul E. Proctor

1:45 p.m. J8. TBA

4:00 p.m. J9. TothePoint:SecuritySpecialistCareerGuide—Prosper,SurviveorLeaveJoseph Feiman4:30 p.m. J10. TheEvolvingSecuritySoftwareEcosystems:GartnerPredictionsfortheMarket’sFutureRuggero Contu


THURSDAY, JUNE 138:30 a.m. J11. Top10TechnologyTrendsfor2013:TheSecurityPerspectiveDavid W. Cearley

9:30 a.m. J12. Gartner Security Market Magic Quadrant Reviews Avivah Litan, John Girard, Kelly M. Kavanagh, Neil MacDonald, Joseph Feiman, Mark Nicolett

10:30 a.m. J13. Case Study TBA



SESSION DESCRIPTIONS

TRACK A

The CISO

A1. Transform Your Security and Risk Program or Find Another JobOnly about 30% of IT risk and security officers have truly risk-based programs.Theother70%continue to struggle with outdated security programs that are doomed to repeat the same failures. We have reached a tipping point where transformation is not just an option but a requirement to keep your job.

Paul E. Proctor

A2. Preparing a Security Strategic PlanThe Gartner five-year security and risk scenario provides a target for where your security and risk program shouldbein2018.Thispresentationexplains how to create a strategic plan that can get you there.

F. Christian Byrnes

A3. Organizing for Success: Developing Process-centric Security TeamsThere is no such thing as a perfect, universally appropriate model for security organizations. Security organizations must reflect the political and cultural realities of the enterprise. Every enterprise must develop its own process-based model, taking into consideration basic principles and practical realities.

Tom Scholtz

A4. Finding the Optimal Balance Between Behavioral and Technical ControlsSecurity performance depends on a delicate balance between technical and behavioral controls. There are times when technology provides the best protection and others when the user is in control. Effective security needs to determine the appropriate control balance based on context and continuously optimize that balance based on results.Andrew Walls

A5. Maverick Research: Transform Your Security Program — From Control-centric to People-centricThe traditional “control” mindset of information security cannot keep pace with technological and behavioral change, resulting in policies and technologies that cause frustration and impede agility. A new approach is required — one that recognizes how the relationships between IT, the business and individuals have been transformed irrevocably.

Tom Scholtz

A6. That Frightening Phrase: “The Standard of Due Care”Most organizations are aware of their need to meet a standard of due care in their normal business operations. What this means is often not clear and usually only becomes clear when tested in court. In this presentation we look at what this means in the realm of IT security, highlighting a few examples along the way.

Rob McMillan

A7. The Care and Feeding of an Effective Awareness ProgramUserbehaviorcontrolsthesuccess of security operations, but many organizations fail to maintain an effective program for driving improvement in that behavior. This presentation provides an in-depth analysis of the structure and content of security awareness programs that actually produce results.

Andrew Walls

A8. Using Outside Resources: Security Consultants and Threat Intelligence ServicesClients occasionally seek advice about the “leading security consulting firms” in a particular geography. Many factors determine whether a firm is right for the task at hand. Clients must assess the capabilities of a consultant or firm by looking beyond the brand and the marketing hype to seek answers to critical questions.

Rob McMillan

A9. To the Point: The Risk Management Maturity PathwayImproving risk management maturity is fundamental to improving the cost-effectiveness and business alignment of the enterprise’s risk activities. The Gartner ITScore for Risk Management is designed to help you achieve this. Take a brief tour to see what maturity levels 1 through 4 look like and where your organization may fit.

Rob McMillan

A10. To the Point: The Information Security Maturity PathwayImproving information security maturity is fundamental to improving

GTP Sessions by Gartner for Technical Professionals analysts EU Energy/Utilities

F Financial Services G Government H Healthcare M Manufacturing

















(Registration required; end users only.)8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships KeithFerrazzi,

CEO,FerrazziGreenlight;Authorof“Who’sGotYourBack”and“NeverEatAlone”10:30 a.m. J6. InformationSecurity:ProcessorTechnology—WhichWayDoWeGo?Jeffrey Wheatman, Jay Heiser,

Anton Chuvakin, Neil MacDonald, Tom Scholtz11:30 a.m. J7. Management Still Doesn’t Get Security (And What You Can Do About That) Paul E. Proctor

1:45 p.m. J8. TBA



THURSDAY, JUNE 138:30 a.m. J11. Top10TechnologyTrendsfor2013:TheSecurityPerspectiveDavid W. Cearley





the risk effectiveness and business alignment of the enterprise’s security activities. The Gartner ITScore for Information Security is designed to help you achieve this. Take a brief tour to see what maturity levels 1 through 4 look like, and where your organization may fit.

Rob McMillan

A11. Case StudyTBA

A12. Panel: Reset Your IAM Planning! Lessons from the VeteransMany enterprises have planned and implemented IAM systems — Now it’s your turn. Where to begin? What are the best practices? How do you measure IAM project success? What are the characteristics of a successful IAM solution? This panel of IAM veterans takes your questions and discusses details about their deployments.

Gregg Kreizman, Earl Perkins

A13. CISO Open MicOpen opportunity for discussion and sharing among CIO participants.

F. Christian Byrnes

THE CISO WORKSHOPSW3. Selecting Solutions for the Control and Monitoring of Public Social MediaPublicsocialmediaareusedbyenterprises and individuals within the enterprise. Security professionals must assess security and compliance risks, and understand the strengths and weaknesses of monitoring and control solutions. In this workshop you assess the risks to your organization, and select a set of technologies to mitigate these.

Mario de BoerGTP

W6. Use a Balanced Scorecard to Demonstrate Security’s ValueThere is no standard set of industry-accepted security metrics. That’s because they are hard to do. The purpose of any credible security scheme must be twofold: Show how security is supporting business outcomes, and inform management about significant risks and their management. It is possible to achieve this. Learn how in this hands-on workshop.

Rob McMillan

TRACK B

IT Security

B1. Practicing Safe SaaSMost enterprises continue to struggle with the appropriate use of SaaS, but for most organizations, “no” is not the right answer. Standards and practices for risk assessment and use continue to evolve, but gaps still remain. This presentation provides guidance on the creation of a SaaS usage profiles.

Jay Heiser

B2. Cyberthreat

Lawrence Orans

B3. Presenting a Hard Target to Attackers: Operationally Effective Vulnerability ManagementToday’s attackers are getting better at finding and exploiting security weaknesses. The first order of business is to present a hard target to the attacker. Vulnerability management needs to be extended to deal with emerging threats, and to accommodate the requirements of cloud services. This presentation

SESSION DESCRIPTIONSSESSION DESCRIPTIONS


provides advice on how to extend vulnerability management to meet new requirements.

Mark Nicolett

B4. Panel: Real-World Case Studies in Mobile Banking Security

This panel will bring together two or three mobile security experts talk about their experiences and wish lists for future mobile security. What are the threats and attack vectors faced in mobile transactions? How have organizations addressed these threats? What are future enhancements that are needed in mobile transaction security?”

Moderator: Avivah Litan;, Dave Jevans, Chairman, Anti-Phishing Working Group, Marble Security; Vas Rajan, Chief Information Security Officer, CLS Bank; Tim Wainwright, Managing Director, CISSP, Security Risk Advisor

F

B5. Mobile Device Security Exploits in DepthHow can we stop worrying about mobile security? You can’t trust the OS or the apps, the user resists security practices, and your company doesn’t own the device. This presentation puts the inconvenient facts front and center with real examples, and offers a path forward to reduce risk while still taking user experience into consideration.

John Girard, Dionisio Zumerle

B6. Preparing Your Security Program for BYODMobile devices are entering the enterprise network at alarming rates. As enterprises race to secure mobile devices, a new challenge

faces them as they look to extend more applications and more trust to these mobile devices. This session discusses the greater challenge of BYOD beyond simply mobile device security.

Eric Ahlm

B7. Predictions: Your Network Security in 2018Gartner analyst Greg Young takes you ahead in time to what your network security will and won’t be like in the not-so-distant future of 2018andpointsinbetweenthenand now. With many network security safeguards having five-year life span, the decisions you are making nowarealreadyimpactingon2018. Sorry, we still won’t be going to work via jetpack.

Greg Young

B8. Encryption Planning Made Simple! Follow the DataEnterprises must balance a complex array of regulations, security controls and risk mitigation issues before realizing any benefits from data encryption. Here we look at the issues and encryption options to maximize its value.

Brian Lowans

B9. To the Point: The Database Security Manual — What You Need to KnowEnterprises are increasingly using databases in larger numbers and complexity. We describe how the growing security threats and regulatory requirements can be addressed by database security solutions.

Brian Lowans

B10. To the Point: Cybersecurity for the Internet of EverythingThe Internet is expanding to include connections not only to people but to machines: automobiles, buildings, power grids — millions of sensors and control systems, all needing protection. How can enterprises that embrace the Internet of Everything (IoE) in their businesses prepare for threats to such systems?

Earl Perkins

B11. The Seven Dimensions of Context-Aware SecurityThis session explains the benefits of context-aware security. It explores how to use the seven dimensions of context-aware computing to mitigate damage from largely invisible security threats. It also delves into organizational and process considerations as well as the business and IT risks.

Avivah Litan

B12. Is Cloud Encryption Ready for Prime Time?Organizations are beginning the process of considering leveraging cloud infrastructures with their most sensitive data.

Eric Ouellet

B13. Software-Defined Networking and Its Impact on SecuritySDN is being discussed as the future for data center networking. SDN impacts more than just the network infrastructure equipment. It impacts how enterprises implement network security controls. This session discusses how SDN impacts network security and provides recommendations to properly implement security controls within an SDN.

Eric MaiwaldGTP




TRACK C

IT Security

C1. Securing Private, Public and Hybrid Cloud ComputingNeil MacDonald

C2. Panel: What Is the Future of Mobile Management and Security? This debate tackles numerous strategic and tactical questions on the future of mobile security that are vexing both vendors and clients alike. The analyst presents multiple scenarios and attempt to form a consensus understanding where the mobile security market is headed and how it will transform IT.

Peter Firstbrook, Neil MacDonald, John Girard

C3. Top 10 Security MythsIt is often said that ignorance is bliss — but only until the hack occurs. This presentation introduces some of the most common misconceptions about security, and concludes with best practices on how to improve your organization’s risk management culture.

Jay Heiser

C4. How Can You Leverage Content-Aware DLP to Ensure Your Corporate Policies and Processes Are Effective?Your organization has expended significant effort creating the perfect policies and processes to address its risk management needs. Sadly, most organizations expect their staff and contractors to “automagically” learn and apply each of the policies in the exact context intended, based solely on a directive sent by email or via

generic webinar/lunch and learn sessions. It’s no wonder you have poor compliance results and minimal reduction of risk even after all that effort.

Eric Ouellet

C5. Endpoint Security: When the Consumer Is KingWe are experiencing an unprecedented wave of endpoint innovation. This new wave is driven by consumer requirements, not business requirements. Apple and Samsung are the companies to watch—notHPandMicrosoft.Howwill endpoint security be transformed by employee-owned tablets and mobile devices on mobile networks? Does Windows 8 change the game? Is application control a viable alternative to blacklist signature databases, and how will app stores transform security?

Peter Firstbrook

C6. Cybersecurity! (The Biggest Scam Since the Ponzi Scheme)GartnerVicePresidentGregYoungpresents an alternative view to the hype surrounding cybersecurity. What is the real proposition of all things cyber? Is this the new approach to tackling an aggressive threat the origins, or merely a repackaging of current security approaches with no net new benefit? Is “cyber” not only wasteful but dangerous to enterprise security?

Greg Young

C7. User Activity Monitoring for Early Breach DetectionEarly detection of targeted attacks and security breaches has never been more important and more difficult to achieve. Your chances are vastly improved if your monitoring integrates security events with threat

intelligence and context about your users,assetsandapplications.Useractivity monitoring is essential for the early detection of targeted attacks, and has also become part of the standard of due care for a variety of regulations across all industry segments. This presentation provides advice on how to deploy security monitoring technologies such as security information and event management (SIEM), for user activity and resource access monitoring.

Mark Nicolett

C8. Big Security Data Is Neither Big Security nor Big IntelligenceThere are fundamental flaws in the assumptions and expectations associated with big collections of security data: (1) that security intelligence [SI] is analogous to business intelligence [BI] and the big security data is an ultimate source for SI;and(2)thatbigsecuritydataisakey to security.

Joseph Feiman

C9. To the Point: Deny Denial of Service AttacksThe changing nature of denial of service (DoS) attacks presents new threats to enterprises. Attackers are using innovative techniques to generate more powerful and sophisticated attacks, forcing the DoS mitigation market to evolve quickly. Security professionals must adapt to defend their organizations against high-profile DoS disruptions in this new era.

Lawrence Orans

C10. To the Point: Playing Chess With APTsSeeing your user accounts and endpoints (pawns) compromised, perimeters evaded and secrets taken? Survivors control the center



(the data), use security tools adeptly and stay a few moves ahead with advanced monitoring and threat intelligence. Attend this presentation and learn the best architectures for a sometimes-deadly cyberchessboard.

Anton Chuvakin; Ramon Krikken GTP

C11. Top Mobile Gear: Mobility Road Trip!Time for a road trip. Gartner analysts head out to learn (and to race) each other to find the truth about good mobile security practices. Improving the format of a popular TV show, our crews go forth to ask the people about their burning questions concerning life, mobility and happy commerce. And dodging flying vegetables as needed.

Ant Allan, John Girard, Tom Scholtz

C12. Adapting the Secure Web GatewayThe Internet is being rebooted with HTML5 and the rise of new operating systems and mobile device, not to mention the rise of “cloud” everything. How will the secure Web gateway adapt to keep up with both the evolving security threats and rapidly changing applications? What is the SWG role in adapting to an employee owned device world?

Peter Firstbrook, Lawrence Orans

C13. Panel: Hackers Are Not a Threat to Security — A Future of Internet SecurityWe explore the Internet evolution scenario:“Control,Freedom,Profit”and the security scenario: “Security Nirvana,PerpetualArmsRace,Security Engineering, and Chaos.” We point to the likeliest scenarios for

Internet security over the next 5 to 10 years.

Joseph Feiman, John Girard, Avivah Litan, Eric Ahlm, Neil MacDonald, Lawrence Pingree, Eric Ouellet, Peter Firstbrook

TRACK D

IT Security

D1. Panel: Getting IAM Going — Best Practices for Formalizing Your IAM ProgramMoving from an informal, unmanaged IAM program to a formal, managed, efficient and effective model program is a daunting task. This panel discusses where to start and best practices for creating a process catalog, assigning program roles and responsibilities, and implementing policy and technology for a successful maturation process.

Ant Allan, Earl Perkins, Ray Wagner

D2. Cost, Consequence and Value: The Economics of IAMHow do we measure the value of IAM? For many, justifying IAM has been elusive. It remains a horizontal concern in the vertical world of business services, something shared by all business functions but owned by none. How can an IAM project be reconciled with the budgets of business?

Earl Perkins

D3. Town Hall: Access All AreasAuthentication, federation and authorization in a mobile, cloudy world.

Ant Allan, Gregg Kreizman

D4. Your Cloud and Mobile Devices Broke My IAMCloud computing and mobile endpoint adoption break established IAM architectures and challenge security leaders to deliver secure access services to their enterprises. This session addresses the




current and evolving solutions to these problems.

Gregg Kreizman

D5. IAM for Applications and Data: The Rise of Data Access Governance in IAMAccess to unstructured data has always been an enterprise concern. How can IAM provide administration, access, analytics capabilities for access to files, folders, and other data formats? How can data access governance truly become part of identity governance and administration? This presentation explores this trend in IAM

Earl Perkins

D6. Using Big Data Analytics for Information Security

Neil MacDonald

D7. Good Authentication Choices for Smartphones and TabletsThe price and complexity of traditional authentication is more than just unpopular with mobile users; many platforms simply do not support robust identity access methods. We offer a path for making strategic decisions about mobile authentication and answer the question “who benefits from good authentication?”

John Girard, Eric Ahlm

D8. Mobile Device Policy EssentialsMobile devices, particularly consumer-level products, have trampled over the well-crafted policies that companies put in place for trusted work systems. Businesses must learn to prioritize the basic configuration and security policies that they will need to preserve. Attendees learn the notes and feedback collected inrecentworkshopsandAURs.

John Girard, Dionisio Zumerle

D9. Case Study

TBA

D10. To the Point: Revolution and Evolution in Windows 8 Security Windows 8, which runs on desktops, laptops and various tablet platforms, improvesonWindows7securityandintroduces new security features. This presentation focuses on Windows 8 security features and limitations, enabling security professionals to plan for the security of their desktop and mobile infrastructures.

Mario de Boer

D11. Getting to Single Sign-on SecurelyThe quest for single sign-on (SSO) is the result of disparate identity silos, increased password-related support costs, and user frustration. This session helps attendees make decisions regarding strategies and tools to achieve SSO securely.

Gregg Kreizman

D12. Panel: A World Without Passwords and Tokens

Ant Allan, Avivah Litan, Ian Glazer

D13. Identity and Access Management Gets Social

Ant Allan

TRACK E

IT Security

E1. Big Data Discovery Using Content-Aware Data Loss Prevention (DLP) SolutionsOrganizations large and small report that they face significant challenges in properly locating and identifying their sensitive data within their big data environments. This session discusses howcontent-awareDLPtoolsare

rapidly becoming key components in this process.

Eric Ouellet

E2. Cloud Encryption: Strong Security, Obfuscation or Snake Oil? Encryption is often used as a primary means to protect data. But does encryption work in the cloud? Maybe it does for all of it, or maybe just for some of it … and this does matter, because incorrect use of encryption can result in a complete lack of security.Understandingalgorithmand architecture options, and knowing which ones work and which ones don’t, is critical to keeping your data safe in the public cloud.

Ramon KrikkenGTP

E3. TBA

E4. Security Monitoring of Public CloudCloud security monitoring is an afterthought for most organizations, and as cloud usage expands and new risks emerge, it can be left behind altogether. However, security monitoring must be deployed across public clouds, private clouds and traditional infrastructure — and enterprises, not the providers, own that responsibility. Organizations should push their providers for more data feeds and telemetry, and plan their monitoring architectures.

Anton ChuvakinGTP

E5. Using Managed Containers to Protect Information on Mobile DevicesManaged containers are a mechanism to protect enterprise information on the mobile device while separating it from employee data. Enterprises should consider



container technology but there are downsides. This talk shows how containers can be used to meet enterprise needs and how enterprises can benefit from the technology.

Eric MaiwaldGTP

E6. Managing, Securing and Budgeting the Mobile Device Life CycleAny mobile device, whether it is owned by the company or the employee, has a measurable life cycle impact on your company’s business processes. This presentation provides attendees with a strategic road map to get both cost and quality of mobile IT under control as a first step to realizing genuine productivity benefits.

John Girard

E7. Keeping Bad Guys Out of Your Accounts Using Five Layers of Fraud preventionThis session looks at internal and external threats against the enterprise and how criminals are circumventing common solutions in place today. It delves into five layers of fraud prevention and identity proofing needed to mitigate these threats, prevent account takeover and new account fraud.

Avivah Litan


E9. To the Point: Refresh Vulnerability AssessmentNetwork vulnerability assessment is a mature market. Vendors have steadily added capabilities to their VA scanning products to differentiate

them. This presentation describes new capabilities available from VA tools, and explores how they can fit into your portfolio of security controls.

Kelly M. Kavanagh

E10. To the Point: Best Practices for Securing Information During International TravelInternational travelers face increasing risks of data loss and compromise, both to government officials and to criminals. Attendees sharing experiences based on travel experiences that can be compared to Gartner’s established best practices can help enterprises protect traveling employees and sensitive mobile data.

Dionisio Zumerle

E11. Facing Information Sprawl: Secure Synchronization of Data on Endpoints Organizations increasingly allow the use of multiple endpoints for business purposes. If no enterprise solution is provided, users are creative in synchronizing data to each of their devices, increasing information sprawl. Learn about the latest synchronization solutions, their security and deployment challenges.

Mario de BoerGTP

E12. DLP Architecture and Operational ProcessesDatalossprevention(DLP)isanessential data security technology, but it suffers from deployment and operations challenges. This presentation reveals a guidance framework that offers a structured approach for planning, architecting andoperatingaDLPtechnologyat a large enterprise.

Anton ChuvakinGTP

E13. Web Application Firewalls: Features, Products, Deployment and Alternatives In the absence of ubiquitous security in software, Web application firewalls are the technology of choice to protect Web applications against external attacks. This technology overview focuses on the latest features of leading Web application firewalls, existing products, deployment options and alternative technologies.

Mario de BoerGTP





IT SECURITY PRECONFERENCE SESSIONSPC3. Now What? How to Use Service Providers to Support SIEM OperationsGartner customers increasingly request external services to support their operational SIEM deployments. In this presentation, we address the best opportunities for external support, and assess the capabilities of several types of providers to deliver operational support.

Kelly M. Kavanagh, Mark Nicolett

PC4. SIEM Architecture and Operational ProcessesSecurity information and event management (SIEM) is a key technology that provides security visibility, but it suffers from challenges with operational deployments. This presentation reveals a guidance framework that offers a structured approach for architecting and running an SIEM deployment at a large enterprise or evolving a stalled deployment.

Anton ChuvakinGTP

PC5. Forget MDM: Extending Security and Identity to Mobile AppsMobile brings up old and new security concerns. Three important elements of the application architecture — the platform, client-side application and back end — affect and are affected by security and other requirements. Understandingthemostcriticalchallenges and solutions around identity and security for each of these elements is the foundational knowledge from which to build mobile apps that are both secure and delightful to use.

Ramon KrikkenGTP

PC7. Using MSSPs for Effective Threat ManagementSelectinganMSSPforeffectivethreatmanagement, beyond compliance-focused or due-diligence monitoring, requires asking the right questions. It also means adjusting internal processes to take advantage of the MSSPscapabilities.Thispresentationtells you what to look for in evaluating MSSPsandhowtomakeeffectiveuse of the relationship.

Kelly M. Kavanagh

IT SECURITY WORKSHOPSW1. Information Security Architecture 101Information security architecture is a foundational element of any security program. However, the term “architecture” means different things to different people, resulting in confusion about the role of security architecture. Gartner experts facilitate a structured discussion on the elements and success criteria of security architecture practice.

Tom Scholtz

W4. Build an Effective Security and Risk ProgramSecurity and risk management is maturing. Creating and formalizing a program is relatively inexpensive, but developing a mature program requires support, a strategic approach and adequate time. Modern enterprises must transform their programs to align with business need and address cultural gaps with the non-IT parts of the business.

Tom Scholtz, Rob McMillan, Jeremy D’Hoinne

W5. Gartner Network Security DesignThis workshop highlights elements of modern technical network security architecture. These elements are drawn from principles of the Gartner Network Security Reference Model. The majority of the workshop is focused on examining participants’ architecture and design issues.

Greg Young

W7. Getting Value Out of IT Security and Risk Metrics ProgramsSecurity and risk metrics are subjects of never-ending discussions. In this



analyst-led collaborative workshop we review a practical approach to developing security and risk metrics, and then break into small groups to develop an example metrics list, metrics dashboard, and/or metrics program plan. The results are then socialized with the whole group, so that all participants can use this knowledge in developing or enhancing their metrics programs.

Ramon KrikkenGTP

W10. Meeting Business Needs for Mobility and SecurityAt the root of the mobile strategy is the information users need and for which risk of disclosure needs to be managed. BYOD adds another dimension to the problem. This workshop examines the conflicts and trade-offs between security and other use case requirements along with decision logic to help navigate through them.

Eric Maiwald

W11. Cloud Contracts: Develop Your Own Security and Risk ExhibitsThis workshop covers key areas to include as a part of a standard boilerplate exhibit that security and risk management teams can share with procurement/vendor management. We discuss key areas such as disaster recovery, audit rights, privacy, confidentiality, backup, SLAs and security requirements.

Gayla Sullivan

W12. IT Risk Cloud Manifesto: Defining What Enterprises Need but Aren’t Getting!Adoption of cloud services has lagged expectations. In part this is because

cloud vendors aren’t addressing the IT risk issues associated with hosting restricted data or critical business services. This workshop facilitates creating a “voice of the enterprise” set of common and prioritized requirements that cloud vendors need to address.

Erik T. Heidt

W13. Mobile Application Security

Neil MacDonald

W14. IT Security: Planning a Self-AuditStop depending on the internal audit team. Reset expectation — conduct self-audits for all IT security processes and technology. Rely on internal audit for independent insights, not compliance violations, not routine corrections.

Khushbu Pratap

IT SECURITY ANALYST-USER ROUNDTABLESAUR2. Government Identity: Providing Constituents With Secure Access to Government ServicesGovernments continue to grapple with providing online, convenient citizen-facing services that require higher levels of identity assurance while keeping costs low. This roundtable will provide a facilitated opportunity to share best practices and emerging trends for meeting these challenges

Gregg Kreizman

AUR4. BYOD SecurityThe BYOD phenomenon presents security risks, operational challenges and the need for new policies. IT must be flexible, but not too flexible,

to satisfy business requirements. In this roundtable, compare notes with your peers on BYOD initiatives and discuss critical success factors and lessons learned.

Lawrence Orans

IT SECURITY INDUSTRY DAY SESSIONSIG1. Case Study: Advanced, Persistent and Threatening — Who Are the Attackers and What Are They Doing? Dave Monnier, Security Evangelist and Fellow, Team Cymru; Lawrence Pingree

IG2. Critical Infrastructure Protection Requirements Driving New Security Demand Government-led cybersecurity initiatives and private sector critical infrastructure protection activities are pushing for greater industry specific focus on security. This session discusses how growing pressure to protect from cyberthreat will drive spend and strategies toward information security.

Ruggero ContuG

IG3. Best Practices for Mitigating Advanced Persistent Threats Advanced threats have increased in recent years taking on much more destructive characteristics than in the past. This presentation covers recommended best practices for mitigating the risks associated with advanced targeted attacks and teach Gartner clients practical things they can do.

Lawrence PingreeG

IF1. Case Study TBA




IH1. Don’t Give Them The Keys to the Kingdom Until You Know Who They Are This presentation outlines and underscores the increasing importance of identity management/user provisioning within the healthcare provider.

Barry RunyonH

IH3. Help Save Healthcare: Tackling Fraud and Abuse at an Enterprise Level This session discusses the drivers that make fraud and abuse such a growing concern for the industry. Most organizations focus on point solutions and rely on “pay and chase” methods of fraud recovery. It is important to take an enterprise approach to combat fraud using newer technology and practices to stop losing money on bad claims and wrong practices.

Christina Lucero; Avivah LitanHIME3. Securing the OT Environment As the complexity of OT systems increases, and the connectivity to them becomes more ubiquitous, the risk from vulnerabilities increases. What used to be “security through obscurity” can no longer be the case, as OT systems move to Microsoft, LinuxandUnixplatforms.Thissession explores the vulnerabilities and how to contain them.

Earl Perkins, Kristian SteenstrupEU

IT SECURITY TUTORIALST1. Top Security Trends and Take-Aways for 2013 and 2014With the Nexus of Forces driving continuing trends in cloud, consumerization, mobility and big data, the way IT is delivered is

changing. Each change brings new threats and breaks old security processes. This session reviews the hottrendsinsecurityfor2013andbeyond while providing a road map to the summit and relevant Gartner research.

Ray Wagner

T3. IAM Myths and MonstersThe phrase “identity and access management” can raise feelings both of great hope and of great fear. Horror stories abound. At the same time, many people hold out great hope for the promises of what IAM can accomplish. Join us as we explore IAM’s myths and monsters.

Ray Wagner

TRACK F

Risk Management and Compliance

F2. Linking Risk to Business Decision Making: Creating KRIs That MatterThetermkeyriskindicator(KRI)hascome to mean “our most important metrics,” but the criteria for “most important” usually falls short of “most useful.” The definition varies greatly across different organizations, so there arenostandards.GoodKRIsshouldbe tied to business impact and influence business decision making.

Paul E. Proctor

F3. Security and Risk Management Technologies for Social MediaIt’s all about social these days. Whether it is social media, user behavior or the interplay of society and your organization, there are new risk and security variables that must be assessed and managed. This panel of analysts will examine the risks and

potential benefits of “social” and identify specific strategic and tactical opportunities for security program improvement and risk management.

Andrew Walls

F4. CEO Concerns 2013 and the IT ImplicationsBased on our global CEO survey and informed by other research sources, we explain how CEOs see in the road aheadfor2013,whattheythinkaboutyou, and how both will shape your agenda. This session is a high-level view of opportunities and risks be considered.

Jorge Lopez

F7. Road Map for Intelligent Information GovernanceWith the influx of types and volume of unstructured data, organizations are struggling with how to manage the governance and compliance issues associated with this data. This session reviews (1) the scope of the problem withalltheunstructured“dark”data,(2)what the best policies are to implement to govern this data and (3) what technologies/tools are available to implement the policies.

Alan Dayley

F8. Align Governance to Your Organization for SuccessIT governance must be tailored for every organization. But many governance efforts continue to fail because they are not aligned to the organization itself. Governance has to align with the culture, structure and politicsoftheorganization.Understandyour organization and design and implement governance for success.

Julie Short



F9. To the Point: Working With the Board of Directors on Risk and Technology for Competitive AdvantageThis presentation discusses how to take advanced technology concepts and make them presentable for the board of directors for investment decisions. Risk and competitive advantage are the focal points in this approach.

Jorge Lopez

F10. To the Point: Conquering the Last Frontier of Governance With Enterprise Legal ManagementAs companies look to improve corporate governance practices in the wake of the global financial crisis, the corporate legal department is at the forefront of change. To be successful, legal professionals need better tools to conquer the evolving governance challenges. This session explores how enterprise legal management applications can help.

John A. Wheeler

F11. The Four Faces of GovernanceGovernance is one of the most critical leadership disciplines required to enable organizations to execute on their operational and strategic goals. To help CIOs, CROs and IT leaders to achieve targeted business outcomes, Gartner clarifies the four faces of governance: accountability, investment, compliance and risk management.

French Caldwell, Julie Short

F12. Ethics at the Nexus of Security, Privacy and Big Data

Jay Heiser

F13. Shrink-Wrap Governance: A Guide to Understanding GRC Software and ServicesThe Hype Cycle for GRC Technologies has over three dozen technologies and services markets represented. With so many vendors and service providers claiming to do GRC, it’s critical to understand what really forms the core of this marketplace and how to execute GRC programs in your enterprise.

French Caldwell

TRACK G

Risk Management and Compliance

G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRCGRC vendors have a lot of catching up to do. Most vendors have yet to offer effective third generation GRC, which focuses on performance, much less apply fourth generation GRC, which focuses on decision making. However, risk managers can help push the envelope on what will be within the art of the possible for the fourth generation of GRC.

French Caldwell

G3. A New Way Forward: How to Create a Strategic Road Map for ComplianceSenior IT and business leaders face an increasing number of compliance requirements and a continued rise in associated costs. In this session, you learn how to create a strategic road map for compliance highlighting key initiatives that promote a risk-aware compliance culture and leads to real business value.

John A. Wheeler

G4. Maverick Research: Crowdsource Your Management of Operational RiskTraditional approaches to managing operational risk are delivering diminishing returns as the pace of business accelerates. Crowdsourcing techniques can change the way risk is managed and decisions are made. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner’s official positions.)

Leif Eriksen, Paul E. Proctor

G7. Defining Three Segments in the Audit Technology MarketThis session introduces the three segments in the audit technologies market: audit analytics, audit management and continuous auditing.

Khushbu Pratap

G8. Top 5 IT Audit Trends in 2012-2013Khushbu Pratap

G9. To the Point: Is Your Business Keeping Up With the Changes and Best Practices for E-Discovery?As information compliance and regulatory requirements mature, so does the need for organizations to hone e-discovery best practices and implementations. This session discusses changes in the e-discovery market and how you can best adhere to these changes.

Alan Dayley

G10. To the Point: Anti-Bribery Fear and Hype — Limits and Uses of FCPA Solutions

French Caldwell

G11. Case StudyTBA





G12. Why ERM and GRC Depend on Each Other to SucceedThis session defines and explores the symbiotic relationship between enterprise risk management (ERM) and governance, risk and compliance (GRC). Today, companies are challenged with finding better ways to understand and analyze risk. Some may look to ERM and others may focus on GRC. To be truly effective, however, companies need both.

John A. Wheeler

G13. Debate: Cyberinsurance — Evolution or Revolution?Cyberinsurance should be a great idea, but Gartner sees challenges for the industry and for the insured. There is an evolution of cyberinsurance that will make it a worthy vehicle for risk transfer by2016,buttodayitismoreofagamble. This debate covers the pros and cons of cyberinsurance so you can make an informed decision.

Paul E. Proctor, John A. Wheeler

RISK PRECONFERENCE SESSIONSPC1. Sharing Data Without Losing ItToday’s security managers are struggling to meet the growing demands to share enterprise data with personal devices and external parties. This pitch will provide a use case model for the choice of collaborative systems with data protection technology that matches business needs for data protection.

Jay Heiser

PC8. Road Stories: Lessons Learnt (and Fingers Burnt) in IT Risk ManagementRisk management is more art than science. The best way to learn risk management is to practice it. The approach must suit the culture of the

organization. This presentation shares experiences, pitfalls and best practices encountered by Gartner analysts during their regular interactions with clients.

Tom Scholtz

RISK GENERAL SESSIONSF1./G1. General Session: Duck and Cover — Preparing for CyberwarCyberwar is a reality, and current defenses are inadequate for new classes of massive coordinated cyberattack. This presentation discusses recent developments in massive coordinated geopolitical and criminal cyberattacks, and offers advice to public — and private-sector enterprises on how to protect systems in an era of cyberwar.

Richard Hunter, Avivah Litan

F5./G5. General Session: A Clash of Forces — Managing Emerging Risks of the NexusIndustry experts and analysts share insights on risk and compliance issues emerging from the Nexus of Forces, their impacts and how to manage them. Topics for discussion include social media compliance, ethics and anti-bribery, vendor risk management, operational technology, legal and cloud risks.

French Caldwell, Andrew Walls, panelists

F6./G6. Leadership, Governance and RiskDavid Marquet speaks about the relationship between leadership, governance and risk with a focus on decision making and the decision-making architecture in your organization. From a leadership perspective, he advocates “moving authority to information” as opposed to moving information to authority.

Only companies that embrace this change will retain the agility and resilience needed to compete moving forward. Oh, by the way, it’s happening anyway.

David Marquet, Author of the Award-Winning Book “Turn the Ship Around!”; French Caldwell

RISK WORKSHOPSW3. Selecting Solutions for the Control and Monitoring of Public Social MediaPublicsocialmediaareusedbyenterprises and individuals within the enterprise. Security professionals must assess security and compliance risks, and understand the strengths and weaknesses of monitoring and control solutions. In this workshop you assess the risks to your organization, and select a set of technologies to mitigate these.

Mario de BoerGTP

W8. Workshop TBA

W9. IT Risk Management: Selecting the Best Assessment Methods and Tools This workshop focuses on the best effort to select the an appropriate IT risk assessment method.

Jeffrey Wheatman, Khushbu Pratap

W15. The Gartner Network Security Architecture Reference ModelTBA

RISK ANALYST-USER ROUNDTABLESAUR6. Supply Chain Risks

Leif Eriksen

AUR9. Auditor’s Role in Emerging Risks Internal auditors are sometimes the



torch bearers for emerging risks that the board always wants be informed about. Where do internal auditors help, what do they currently consider? Are internal auditors responsible for managing emerging risks?

Khushbu Pratap

RISK INDUSTRY DAY SESSIONSIME1. Understand OT: The Emerging Risks From Advanced AutomationOperational technology is hardware and software that detects or causes a change of state, through the direct monitoring and/or control of physical devices, processes and events in the enterprise. While this promises better access to data and visibility, it also creates a portfolio of complex products that need to be managed.

Earl Perkins, Kristian SteenstrupEU M

IME2. Supply Chain IT Risk Challenges: What Exactly Is That Supplier Doing? Many enterprises are under greater regulatory pressure to demonstrate comprehensive and effective IT risk controls not only with their primary suppliers, but also throughout the supply chain. We explore the risk management challenges enterprises face when their vendors leverage vendors, as well as discussing solutions.

Erik T. HeidtGTP

IME4. Responsibility and Accountability of OT Systems There is a temptation to respond to OT issues by assigning the problem to the IT department. In some cases, the response is to build walls around operations. The best approach is to

think of where IT can contribute to better manage OT. We explore the RACI model applied to OT to determine where IT can have a supporting role.

Kristian SteenstrupEU M

IF2. Do I Need Cyberinsurance?Following a number of significant data privacy breaches and websites attacks, there is a growing interest in cyberinsurance coverage. In this workshop you can discuss the potential benefits of cyberinsurance and assess whether this insurance is relevant for your organization.

Juergen WeissFIF3. Strategic Road Map for Financial Services Enterprise Risk Management This presentation explains the state of risk and compliance management in the BIS industry, and how market forces are driving risk management transformation and will illuminate the technology implications for financial institutions for enabling more agile and responsive risk management.

John A. WheelerFIH2. HIPAA Bites: Getting Ready for HIPAA Enforcement This is a hot topic, with healthcare provider spending on security going up duetoHIPAAenforcement.Healthcareorganization attendance at the last U.S.conferencewaslargeenoughtoensure an interested audience. Probabletopicsincluderisk-basedassessment, encryption, “meaningful use” requirements and patient/member engagement considerations.

Wes RishelH

RISK TUTORIALST2. Tell Me, What’s IT GRC Again? (Solutions to Common Challenges)IT GRC programs continue to be a catch-all for policy, risk and compliance activities. No clear and complete vision of IT GRC has emerged, and GRC activities tend to be matrixed across the enterprise. Here a summary of current research on IT GRC programs will be reviewed, including recommendations for planning and executing IT GRC programs.

Erik T. HeidtGTP

TRACK H

Business Continuity Management (BCM)

H1. What Are the BCM Software Markets and How to Get the Most Out of ThemThe BCM software market is a subset of the broader response and recovery marketplace for business and IT disruptions. This session provides the latest market analysis of these tools so that organizations can make the right tool choice for their needs. It also discusses complementary markets to ensure better operational resilience.

Roberta J. Witty, John P. Morency, Leif Eriksen, John Girard

H2. What You Can and Cannot Do With Recovery Exercise Management AutomationExercising IT DRM plans is a “must do,” not a “would like to do” activity. However, increasing time and resource costs demand more efficient and effective approaches. This session discusses recovery





exercise automation software, its associated strengths and weaknesses and how it can be used to improve exercise scope, execution and results.

John P. Morency

H3. Case Study: Business Continuity Metrics — From Project to Program to Incident Management Roberta J. Witty BCM Metrics TBA

H4. Cloud Service Provider Risk Management When IT acquires public cloud services, it must assure that the supplier will deliver to contracted SLAs. This presentation discusses the approach to assess cloud service provider risk for architecture/design, availability, performance, data protection, recovery, security, operational controls and other contract terms and conditions.

Donna Scott, John P. Morency, Jay Heiser

H5. Managing Global Recovery and Continuity RiskThe challenge of orchestrating efficient, effective and sustainable business continuity across a global organization requires addressing difficult people, process and technology issues. This session discusses how to develop the structures and procedures to reduce operating risk across different geographies, time zones and operating cultures.

John P. Morency, Roberta J. Witty

H6. What You Need to Know About Technical IT-DRM ArchitecturesFew things are more technical than automating application failover and failback for resilience and disaster recovery. The session discusses how to make better architectural decisions by addressing the technical details and

trade-offs of critical technologies such as data replication/synchronization, clustering and disaster recovery orchestration.

Donna Scott, John P. Morency

H7. Case Study: Using the Fusion Framework to Implement and Manage BC/DR Program-Related ActivitiesRoberta J. Witty

H8. Recovery Exercising Best Practices

Belinda Wilson

H9. To the Point: BCM Grows Up— How a Nexus of Technologies Is Moving BCM Into the C-Suite There are a number of technologies that are making BCM a C-suite topic because they provide management with an entirely new and complete picture of their organization. This session discusses what these technologies are and how they can be used for expanded risk management and improved business and operational resilience.

Roberta J. Witty

H10. To the Point: The Business Continuity Management Planning Market in Depth Organizations are realizing that managing recovery plans using office management software is not feasible. Some firms have over 1,000 plans; therefore automation is required. This sessionpresentstheBCMPsoftwaremarket Magic Quadrant and discuss best practices for implementing and using the tool for most effectiveness within the organization.

Roberta J. Witty, John P. Morency

H11. Supplier Contingency Planning: What You Need to Know for Supplier RecoveryThis session covers how BCM teams can implement supplier contingency

plans so that supplier risk mitigation, response, recovery and restoration efforts are more successful. We discuss how to determine which suppliers require BCM and the activities required in ongoing risk management, and evaluate the viability of supplier contingency plans.

Gayla Sullivan

H12. Designing and Architecting for 24/7 AvailabilityGlobalization and cost management increase the need for continuous availability for mission-critical applications. Cloud computing raises the visibility of designing for continuous multisite availability. This presentation looks at architecture and management strategies to reduce or eliminate planned and unplanned application downtime.

Donna Scott

H13. How to Conduct an Effective BIA The Risk assessment and business impact analysis are the most important activities in the BCM planning process. They provide the foundation on which all recovery startegies and solutions are built. This presentation discusses different risk assessment approaches and gives guidance on how best to conduct a BIA for BCM.

Belinda Wilson

BCM PRECONFERENCE SESSIONSPC2. ISO 22301 Implementation Session

Roberta J. Witty; John P. Morency; Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting

PC6. End-User Case StudyTBA



BCM WORKSHOPSW2. How to Develop Effective and Efficient Disaster Recovery PlansRegardless of size, industry or location, every organization needs a BCM program with a variety of recovery plans. This workshop presents the steps and processes required to develop effective recovery plans. In addition, participants are given a method to assess their existing plans for improvement once back at the office.Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty, John P. Morency, Belinda Wilson

BCM ANALYST-USER ROUNDTABLESAUR5. BCM Metrics: What Works, What Doesn’t An increased focus on governance and transparency is requiring many BCM programs to provide timely and meaningful program status information to management on a regular (monthly) basis. This roundtable will allow participants to discuss how they have best implemented, managed and reported on BCM program metrics.

Roberta J. Witty

AUR7. How Does BCM Fit Into the Enterprise Risk Management Program?Many organizations are integrating many risk domains under one management umbrella — in a virtual or direct reporting management arrangement. This roundtable allows conference participants to discuss what works and doesn’t work for their organizations in regard to integrating BCM into the

organizational or enterprise risk management program.

Roberta J. Witty

AUR8. IT-DRM Management Automation RoundtableThis roundtable allows conference participants to discuss their experience in using IT-DRM planning, implementation and exercise management automation software. The focus is on the time and cost required to implement the software products, as well as the related efficiency, effectiveness and cost reduction benefits that were achieved.

John P. Morency

BCM TUTORIALST4. TBA

TRACK J

The Business of IT Security

J1. Global Security Markets: Where Are We Going From Here?This presentation covers the security markets worldwide and details the market dynamics that are changing the future of information security globally. Gartner Invest clients and technology providers must understand market competitive dynamics in order to compete into the future.

Eric Ahlm, Ruggero Contu, Lawrence Pingree

J2. Survey Analysis: Examining the Gartner Global 2012 Security Conference Survey ResultsThis session examines the results of survey data from Gartner’s

global security and risk summits. Attendees walk away with a better understanding of the major technology priorities, buying behaviors and budgeting trends.

Eric Ahlm, Ruggero Contu, Lawrence Pingree

J3. User Survey Analysis: Security Services Market TrendsIn2012,GartnerconductedasurveyofusersintheU.S.andEMEAtodiscoverthe trends and buying behaviors for consulting, managed and cloud services providers. This session discusses the key findings to help security service providers better understand the market direction.

Eric Ahlm

J4. Panel: Security Startups — Leading the Way to Success Leaders from emerging startup companies participate in a discussion so that you can better understand the direction of the latest techniques used by attackers, the latest security technologies and how these leaders view their future success in today’s challenging technology market.

Ruggero Contu, Lawrence Pingree, Gaurav Banga,CEO, Bromiun; Mike Horn, CEO, NetCitadel; Pravin Kothari, CEO, CipherCloud; George Kurtz, CEO, Crowdstrike; Gordon Shevlin, CEO, Allgress

J5. Buyers Are From Mars, Vendors Are From VenusThe art of successful negotiation often hinges on the ability of each side to understand what drives the other. Partiescanoftentalkatcross-purposes because they do not understand the culture, language and goals of the other. This presentation tells you what you need to know to





work efficiently and successfully on your next deal.

Eric Ahlm, Rob McMillan

J6. Information Security: Process or Technology — Which Way Do We Go?The information security market is huge and continually growing. Client organizations have spent billions of dollars on technology to solve the information security problem; yet when we speak to clients they don’t really feel any safer now than they did five or 10 years ago. Maybe throwing tools at the problem is not the way to go! Maybe the key to success is building scalable, repeatable patterns of behavior. This panel of analysts discusses why process might be a better point of focus than technology.

Jeffrey Wheatman, Jay Heiser, Anton Chuvakin, Neil MacDonald, Tom Scholtz

J7. Management Still Doesn’t Get Security (And What You Can Do About That)Many management teams just don’t get it. Security and IT risk become priorities (for a while) after a failure but after long periods without visible failures they go back to not caring. A modern security and IT risk program needs continuously engaged decision makers. Learn how to engage executive management teams and keep them continuously engaged.

Paul E. Proctor

J8. TBA

J9. To the Point: Security Specialist Career Guide — Prosper, Survive or LeaveCloud is a transformational phenomenon that changes our businesses and our IT organizations. Will cloud transform IT workforce? Will it threaten people’s job security?

Joseph Feiman

J10. The Evolving Security Software Ecosystems: Gartner Predictions for the Market’s FutureThe security market is being transformed by new end-user requirements as a result changes brought by social, mobile, cloud and big data. While consolidation remains an important factor shaping the marketplace, regeneration and innovation introduced by constant influx of startup players continues also to be an influencer in this market. This presentation analyzes the market-share dynamics that have been shaping the security ecosystem and discusses potential future developments across different segments.Ruggero Contu

J11. Security: A Financial PerspectiveIn the presentation we will look at the growth trends of the overall sector and the growth trends of the sector’s sub-segments. The presentation will also assess the vendors’ respective positions in the market. Finally, the vendors will be assessed from a financial perspective using the Gartner financial rating methodology as well as other relevant financial metrics.Frank Marsala

J12. Gartner Security Market Magic Quadrant ReviewsParticipateinanexcitingreviewoftheleaders, challengers, visionaries and niche players in Web fraud detection, mobile device management, managed security services, endpoint protection, data masking, application security testing and security information and event management.

Avivah Litan, John Girard, Kelly M. Kavanagh, Neil MacDonald, Joe Feiman, Mark Nicolett

J13. Case StudyTBA


SOLUTION SHOWCASE

Cisco offers one of the largest portfolios of security solutions available. With these solutions, organizations can embrace new market transformations, protect assets, empower employees, and accelerate business. Cisco takes a comprehensive approach by integrating security into all parts of the network, and simplifies security challenges, such as: An increase of mobile devices on the network; a move to a cloud-based infrastructure; and hackers that pose sophisticated and persistent threats to the network.

Dell SecureWorks uses cyber threat intelligence to provide predictive, continuous and responsive protection for thousands of organizations worldwide.EnrichedbyintelligencefromourCounterThreatUnitresearchteam,DellSecureWorks’InformationSecurityServiceshelporganizations predict threats, proactively fortify defenses, continuously detect and stop cyber-attacks, and recover faster from security breaches. To learn more, visit www.secureworks.com.

Dell Software makes it easy to securely manage and protect applications, systems, devices and data to help organizations of all sizes fully deliver on the promise of technology. Our simple yet powerful software – combined with Dell hardware and services – provide scalable, end-to-end solutions to drive value and accelerate results. Whether it’s Windows infrastructure, the cloud and mobile computing, or networks, databases and business intelligence, we dramatically reduce complexity and risk to unlock the power of IT. www.dell.com/software

HPprovidescompleteinformationsecuritysolutionsthatprotectthehybridEnterprise.Ourproactiveapproachtoinformationsecurityoptimizesyourinvestmentandimprovesyourriskposture,thusenablingyoutoachievebetterbusinessresults.HP’sunrivalledcapabilitiesspanningsecurityconsulting,managedsecurityservicesandmarket-leadingproductsfromHPArcSight,HPFortify,HPAtalla,andHPTippingPointdeliverintegratedsecuritysolutionstomanagerisk,deliveractionablesecurityintelligenceandintegratedsecurityoperations. HPisatrustedpartnertothousandsofglobalenterpriseandgovernmentclients;Weworkwithyoutodefineandimplementaholistic,risk-based security strategy that supports your unique business requirements balancing risk with opportunity. www.hp.com

Lieberman Software provides award-winning privileged identity management and security management products to more than 1200activecustomersworldwide,including40%oftheFortune50.Byautomaticallydiscoveringandmanagingprivilegedaccountsthroughout the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. Lieberman Software products scale to the largest enterprises in the world and deploy in minutes.

Qualysisapioneerandleadingproviderofcloudsecurityandcompliancesolutionswithover6,000customersinmorethan100countries,andpartnershipswithleadingmanagedserviceprovidersandconsultingorganizationsworldwide.TheQualysGuardCloudPlatformandintegrated suite of solutions helps organizations simplify security operations and lower the cost of compliance, delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and Web applications.

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps organizations solve their most complex and sensitive security challenges by bringing visibility and trust to millions of user identities, thetransactionstheyperformandthedatathatisgenerated.RSAdeliversidentityassurance,encryption&keymanagement,SIEM,DataLossPrevention,ContinuousNetworkMonitoring,andFraudProtectionwithindustryleadingeGRCcapabilitiesandrobustconsultingservices.www.RSA.com

Symantec is a global leader in providing security, storage and system management solutions to help our customers – from consumers and small businesses to the largest global organizations – secure and manage their information-driven world against more risks at more points, more completely and efficiently. Our software and services protect completely, in ways that can be easily managed and with controls that can be enforced automatically – enabling confidence wherever information is used or stored.

TrendMicroiscelebrating25yearsofinnovationsecurityandsharingourvisionforadata-centricsecurityframework.Inourboothyou’llseetheTrendMicro™CustomDefenseSolutionagainstadvancedpersistentthreats(APTs).Youwillearnwhatwemeanbycompleteenduserprotection. And, you’ll understand how our virtualization and cloud customers are winning in the data center with integrated, agentless security.

Websense, Inc. (NASDAQ: WBSN), is a global leader in unified web security, email security, mobile security and data loss prevention (DLP).Thecompany’sprovenbest-in-classinformationsecuritysolutionsareavailableasappliance-basedsoftwareorSaaS-basedcloud-based services. The Websense® TRITON™ unified security solutions help organizations securely leverage traditional, social media and cloud-based communications, while protecting from advanced threats, preventing loss of confidential information, and enforcing Internet use and security policies.

Verizon Enterprise Solutions creates global connections that help generate growth, drive business innovation and move society forward. With industry-specific solutions and a full range of global wholesale offerings provided over the company’s secure mobility, cloud, strategic networking and advanced communications platforms, Verizon Enterprise Solutions helps open new opportunities around the world for innovation, investment and business transformation. Visit verizon.com/enterprise. Verizon Enterprise Solutions can help safeguard your information from tomorrow’s threats and provide secure access where and when you need it. Access our dedicated security solutions site to get the latest information, including insightful blogs from our engineers and consultants, plus in-depth papers, video snapshots and our flagship Data Breach Investigations Report (DBIR), the most comprehensive review of security incidents available. www.verizonenterprise.com/us/solutions/security/

AirWatch is the leader in enterprise-grade mobility management and security solutions. Our highly scalable solution provides a real-time view of an entire fleet of corporate and employee-owned Apple iOS, Android, Windows, BlackBerry and Symbian devices. As the largest MDM provider, AirWatch offers the most comprehensive mobility management solution.

Akamai is the leading cloud platform for helping enterprises provide secure, high-performing user experiences on any device, anywhere. OurIntelligentPlatform™removesthecomplexitiesofconnectingtheincreasinglymobileworld,supporting24/7consumerdemand,andenabling enterprises to securely leverage the cloud – Akamai accelerates innovation in our hyperconnected world.

AT&TInc.isagloballeaderincommunicationsandarecognizedleaderinBusiness-relatedvoiceanddataservices,includingglobalIPservices,hosting,applications,andmanagedservices.Businessesallovertheworld,deployAT&Tservicestoimproveproductivity,manageoverall costs, and position themselves to take advantage of future technology enhancements.

CheckPointSoftwareTechnologiesLtd.theworldwideleaderinsecuringtheInternet,providescustomerswithuncompromisedprotectionagainst all types of threats, reduces security complexity and lowers total cost of ownership. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. www.checkpoint.com

The Citrix® Mobile Solutions Bundle, which is comprised of XenMobile™ MDM and CloudGateway™, offers a complete enterprise mobility management solution. It gives IT a comprehensive set of tools that make it easy to manage and secure devices, apps, and data. It allows users to access any app from any device, giving them the freedom to experience work and life their way.

Fasoo has been successfully building its worldwide reputation as a leading enterprise DRM solution provider with the best-in-class solutions and services. Fasoo has successfully retained its leadership in the enterprise DRM market by deploying solutions for more than 1,100 organizationsinenterprise-widelevel,securingmorethan2millionusers.

PREMIER SPONSORS

PLATINUM SPONSORS


SOLUTION SHOWCASE

FireEyeistheleaderinstoppingtoday’snewbreedofcyberattackssuchaszero-dayandAPTattacksthatbypasstraditionaldefensesand compromise over 95% of networks. The FireEye solution is the world’s only signature-less protection against multiple threat vectors. FireEyesolutionsaredeployedbymorethan25%oftheFortune100.

Fortinet, a global provider of IT security, delivers customer-proven solutions that provide organizations with the power to protect and control their IT infrastructure. Our customers rely on our technologies, solution architecture, and global security intelligence to block threats and gain control of their network, data, and users.

IBM Security offers one of the world’s broadest, most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research and development, provides the security intelligence to help holistically protect people, infrastructure, data and applications for protection against advanced threats in today’s hyper-connected world.

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company. We are relentlessly focused on constantly finding new ways to keep our customers safe.

MetricStream is the market leader for integrated Governance, Risk, Compliance (GRC) Management Solutions, which includes solutions forITRisk&ComplianceManagement,InformationSecurityRiskManagement,BusinessContinuityManagement,ITDisasterRecoveryManagement,AuditManagement,PolicyManagement,Supplier/VendorGovernanceandQualityManagement.

PaloAltoNetworksisthenetworksecuritycompany.Itsnext-generationfirewallsenableunprecedentedvisibilityandgranularpolicycontrolofapplicationsandcontentatupto20Gbpswithnoperformancedegradationregardlessofport,protocol,evasivetacticorSSLencryption.

Secunia is the leading provider of IT security solutions that help businesses and private individuals globally manage and control vulnerability threats and risks across their networks and endpoints. This is enabled by Secunia’s award-winning Vulnerability Intelligence, VulnerabilityAssessment,andPatchManagementsolutionsthatensureoptimalprotectionofcriticalinformationassets.

SilverSky is the expert provider of cloud security services. The company delivers the industry’s only advanced Security-as-a-Service platform that’s simple to deploy and transformational to use. By tirelessly safeguarding corporate communications and infrastructure, SilverSky enables growth-minded leaders to pursue their business ambitions without security worry.

Solutionary reduces the information security and compliance burden, providing flexible managed security and compliance services that work the way clients want; enhancing existing initiatives, infrastructure and personnel. Our patented technology, systems and process, and our actionable threat intelligence make our clients smarter. We call this relevant, intelligent security

Sonatype CLM fixes the risk in open source. Security teams and application developers rely on Sonatype CLM across the software lifecycle to identify risky open source components, enforce policy, and fix flaws. http://www.sonatype.com/

Sourcefire®, Inc. is world leader in intelligent cybersecurity solutions. Trusted by organizations and government agencies in more than 180 countries, Sourcefire’s solutions, including industry-leading next-generation network security appliances and advanced malware protection, provide customers with Agile Security® for continuous protection in a world of continuous change.

Stonesoft delivers software-based network security to secure information flow and simplify security management. The company’s productsincludenextgenerationfirewalls,intrusionpreventionsystems,andSSLVPNsolutions.Stonesofthasthehighestcustomerretention rate in the industry due to low TCO, ease of management, and prevention of advanced evasion techniques.

Tripwire is a leading global provider of IT security solutions for enterprises, government agencies and service providers who need to protect their sensitive data on critical infrastructure from breaches, vulnerabilities, and threats. Thousands of customers rely on Tripwire’s critical security controls like security configuration management, file integrity monitoring, and log and event management.

Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances. Trustwave has helped hundreds of thousands of organization manage compliance and secure their network infrastructures, data communications and critical information assets. For more information, visit https://www.trustwave.com.

Veracodeprovidestheworld’sleadingApplicationRiskManagementPlatform.Veracode’spatentedandprovencloud-basedcapabilitiesallow customers to govern and mitigate software security risk across a single application or an enterprise portfolio with unmatched simplicity. Veracode was founded with one simple mission in mind: to make it simple and cost-effective for organizations to accurately identify and manage application security risk.

VMware is the global leader in virtualization and cloud infrastructure solutions that enable businesses to thrive in the Cloud Era. With more than 400,000 customers and 55,000 partners, organizations of all sizes rely on VMware to help them transform the way they build, deliver and consume Information Technology resources in a manner that is evolutionary and based on their specific needs.

Voltage Security®, Inc. is the leading data protection provider, delivering secure, scalable, and proven data-centric encryption solutions, enabling our customers to effectively combat new and emerging security threats. Our data protection solutions allow any company to seamlessly secure all types of sensitive information, while efficiently meeting compliance and privacy requirements.

WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk. WhiteHat Sentinel, the company’s flagship product family, is the most accurate and cost-effective website vulnerability management solution available, delivering the visibility, flexibility, and control that organizations need to prevent website attacks. www.whitehatsec.com.

PLATINUM SPONSORS CONTINUED

RELEVANT . INTELLIGENT . SECURITY


Absolute Software Corp.

AccessData

Adobe Systems Inc.

AgeTak

Agiliance

AhnLab

AlertEnterprise Inc.

Appthority, Inc.

Aveksa

Axis Technology

Axway

Bay Dynamics, Inc.

BeyondTrust

Bit9

Bloomberg Vault

Blue Coat Systems

Bradford Networks

Brinqa

Bromium

Centrify

Core Security

Courion Corporation

Coverity, Inc.

Critical Watch

Cyber-Ark Software

CYBEROAM

Damballa

Digital Defense, Inc.

DriveSavers Data Recovery

EventTracker

F5 Networks

Fiberlink

FireHost

FireMon

Fischer International Identity

FishNet Security

General Dynamics Fidelis Cybersecurity Solutions

HID Global

Hitachi ID Systems

Identropy

Imperva

Integralis

Juniper Networks

Lancope

LANDesk Software

LockPath

LogRythm

Mandiant

Marble Security, Inc.

Modulo

NetIQ

Neustar

Norman AS

NSFOCUS

NuData Security

Okta

OpenTrust

Oracle

PhishMe, Inc.

Proofpoint, Inc.

Radiant Logic, Inc.

Rapid7

RedSeal Networks

Rsam

SailPoint

Sath Technologies

SecureAuth

SOA Software

Software AG

Splunk

SSH Communications Security

Tenable Network Security

Thycotic Software, Ltd.

TITUS

TrustSphere

Tufin Technologies

Venafi, Inc.

Verdasys

Vormetric, Inc.

WatchDox

WatchGuard Technologies, Inc.

Wontok

Xceedium, Inc.

ZixCorp

Zscaler

SOLUTION SHOWCASE

SILVER SPONSORS

MEDIA PARTNERS

Sponsors as of March 12, 2013, and subject to change

BECOME A SPONSOR

Jason BonsignoreAccount Manager+1 203 316 [email protected]

Silas Mante Account Manager+1 203 316 [email protected]

John ForcinoAccount Manager+1 203 316 [email protected]

David SorkinSales Director+1 203 316 [email protected]

Krista WayAccount Manager+1 203 316 [email protected]

AGENDA AT A GLANCE

GTP Sessions by Gartner for Technical Professionals analysts

EU Energy/Utilities F Financial Services G Government H Healthcare M Manufacturing

AgendaasofApril25,2013,andsubjecttochange



9:05 a.m. K1b. Gartner Opening Remarks AndrewWalls,VicePresidentandConferenceChair9:45 a.m. IG1. CaseStudy:Advanced,PersistentandThreatening—WhoAretheAttackersandWhatAreTheyDoing? Dave Monnier, Security Evangelist and Fellow, Team Cymru;

Lawrence Pingree10:45 a.m. SolutionProviderSessions11:30 a.m. IG2. CriticalInfrastructureProtectionRequirementsDrivingNewSecurityDemandRuggero Contu G2:15p.m. IG3. BestPracticesforMitigatingAdvancedPersistentThreatsLawrence Pingree G

CISO4:30 p.m. A1. TransformYourSecurityandRiskProgramorFindAnotherJobPaul E. Proctor

5:30 p.m. A2. PreparingaSecurityStrategicPlanF. Christian Byrnes






10:00 a.m. W6. Workshop:UseaBalancedScorecardtoDemonstrateSecurity’sValueRob McMillan

11:15 a.m. A3.OrganizingforSuccess:DevelopingProcess-centricSecurityTeamsTom Scholtz

2:00p.m. A4. Finding the Optimal Balance Between Behavioral and Technical Controls Andrew Walls

4:15 p.m. A5. MaverickResearch:TransformYourSecurityProgram—FromControl-centrictoPeople-centricTom Scholtz






10:30 a.m. A6. ThatFrighteningPhrase:“TheStandardofDueCare”Rob McMillan

11:30 a.m. A7. TheCareandFeedingofanEffectiveAwarenessProgramAndrew Walls

1:45 p.m. A8. UsingOutsideResources:SecurityConsultantsandThreatIntelligenceServicesRob McMillan

4:00 p.m. A9. TothePoint:TheRiskManagementMaturityPathwayRob McMillan4:30 p.m. A10. TothePoint:TheInformationSecurityMaturityPathwayRob McMillan6:00p.m. SummitParty—VIPBoatCruise(Byinvitationonly)

THURSDAY, JUNE 137:00a.m. HC3.HIPPASecurity(Registrationrequired;endusersonly.)Irma Fabular, Wes Rishel, Alice Wang

8:30 a.m. A11. Case Study TBA

9:30 a.m. A12. Panel:ResetYourIAMPlanning!LessonsFromtheVeteransGregg Kreizman, Earl Perkins

10:30 a.m. A13. Open Mic F. Christian Byrnes


AGENDA AT A GLANCE



9:05 a.m. K1b. Gartner Opening Remarks AndrewWalls,VicePresidentandConferenceChair9:45 a.m. IF1. Case Study TBA IH1. Don’tGiveThemtheKeystothe

KingdomUntilYouKnowWhoTheyAreBarry Runyon H

IME1. UnderstandOT:TheEmergingRisks From Advanced Automation Earl Perkins, Kristian Steenstrup EU M

IME2. Supply Chain IT Risk Challenges: What Exactly Is That Supplier Doing? Erik T. Heidt GTP

10:45 a.m. SolutionProviderSessions11:30 a.m. IF2. Do I Need Cyberinsurance? Juergen Weiss

FIH2. HIPAABites:GettingReadyforHIPAAEnforcement Wes Rishel H

IME3. Securing the OT Environment Earl Perkins, Kristian Steenstrup EU

2:15p.m. IF3. Strategic Road Map for Financial Services Enterprise Risk Management John A. Wheeler F

IH3. Help Save Healthcare: Tackling Fraud and Abuse at an Enterprise Level Christina Lucero, Avivah Litan H

IME4. Responsibility and Accountability of OT Systems Kristian Steenstrup EU M

IT SECURITY4:30 p.m. B1.PracticingSafeSaaSJay Heiser C1. SecuringPrivate,PublicandHybrid

Cloud Computing Neil MacDonaldD1.Panel:GettingIAMGoing—BestPracticesforFormalizingYourIAMProgramAnt Allan, Earl Perkins, Ray Wagner

E1.BigDataDiscoveryUsingContent-AwareDataLossPreventionSolutions Eric Ouellet

W4. Workshop:BuildanEffectiveSecurityandRiskProgram Tom Scholtz, Rob McMillan, Jeremy D’Hoinne

W5. Workshop: Gartner Network Security Design Greg Young

5:30 p.m. B2. Cyberthreat Lawrence Orans C2.Panel:WhatIstheFutureofMobileManagement and Security? Peter Firstbrook, Neil MacDonald, John Girard

D2. Cost, Consequence and Value: The Economics of IAM Earl Perkins

E2. Cloud Encryption: Strong Security, Obfuscation or Snake Oil? Ramon Krikken GTP




10:00 a.m. W7. GettingValueOutofITSecurityandRiskMetricsProgramsRamon Krikken GTP11:15 a.m. B3.PresentingaHardTargettoAttackers:

Operationally Effective Vulnerability Management Mark Nicolett

C3. Top 10 Security Myths Jay Heiser D3. Town Hall: Access All Areas Ant Allan, Gregg Kreizman

E3. TBA

2:00p.m. B4.Panel:Real-WorldCaseStudiesinMobileBanking Security Moderator: Avivah Litan;, Dave Jevans, Chairman, Anti-Phishing Working Group, Marble Security; Vas Rajan, Chief Information Security Officer, CLS Bank; Tim Wainwright, Managing Director, CISSP, Security Risk Advisor

C4. How Can You Leverage Content-Aware DLPtoEnsureYourCorporatePoliciesandProcessesAreEffective? Eric Ouellet

D4. Your Cloud and Mobile Devices Broke My IAM Gregg Kreizman

E4.SecurityMonitoringofPublicCloud Anton Chuvakin GTP

4:15 p.m. B5. Mobile Device Security Exploits in Depth John Girard, Dionisio Zumerle

C5. Endpoint Security When the ConsumerIsKingPeter Firstbrook

D5. IAM for Applications and Data: The Rise of Data Access Governance in IAM Earl Perkins

E5.UsingManagedContainerstoProtectInformationonMobileDevices Eric Maiwald GTP






10:30 a.m. B6. PreparingYourSecurityProgramforBYODEric Ahlm

C6. Cybersecurity! (The Biggest Scam SincethePonziScheme)Greg Young

D6. UsingBigDataAnalyticsforInformation Security Neil MacDonald

E6. Managing, Securing and Budgeting the Mobile Device Life Cycle John Girard

W10. Workshop: Meeting Business Needs for Mobility and Security Eric Maiwald

11:30 a.m. B7. Predictions:YourNetworkSecurity in2018Greg Young

C7. UserActivityMonitoringforEarlyBreach Detection Mark Nicolett

D7. Good Authentication Choices for Smartphones and Tablets John Girard, Eric Ahlm

E7. KeepingBadGuysOutofYourAccountsUsingFiveLayersofFraudPreventionAvivah Litan

1:45 p.m. B8. EncryptionPlanningMadeSimple!FollowtheData Brian Lowans

C8. Big Security Data Is Neither Big Security Nor Big Intelligence Joseph Feiman

D8. MobileDevicePolicyEssentials John Girard, Dionisio Zumerle


W11. Workshop: Cloud Contracts — Develop Your Own Security and Risk Exhibits Gayla Sullivan

W12. Workshop: IT Risk Cloud Manifesto — Defining What Enterprises Need but Aren’t Getting! Erik T. Heidt

4:00 p.m. B9. TothePoint: The Database Security Manual — WhatYouNeedtoKnowBrian Lowans

C9. TothePoint: Deny Denial of Service Attacks Lawrence Orans

D9. Case Study TBA E9. TothePoint:RefreshVulnerabilityAssessment Kelly M. Kavanagh

4:30 p.m. B10. TothePoint: Cybersecurity for the Internet of Everything Earl Perkins

C10. TothePoint: PlayingChessWithAPTsAnton Chuvakin; Ramon Krikken GTP

D10. TothePoint:RevolutionandEvolution in Windows 8 Security Mario de Boer

E10. TothePoint:BestPracticesfor Securing Information During International Travel Dionisio Zumerle


THURSDAY, JUNE 138:30 a.m. B11. The Seven Dimensions of Context-Aware

Security Avivah LitanC11. Top Mobile Gear: Mobility Road Trip! Ant Allan, John Girard, Tom Scholtz

D11. Getting to Single Sign-on Securely Gregg Kreizman

E11. Facing Information Sprawl: Secure Synchronization of Data on Endpoints Mario de Boer GTP

W13. Workshop: Mobile Application Security Neil MacDonald

W14. Workshop: ITSecurity—PlanningaSelf-AuditKhushbu Pratap

9:30 a.m. B12. IsCloudEncryptionReadyforPrimeTime?Eric Ouellet

C12. Adapting the Secure Web Gateway Peter Firstbrook, Lawrence Orans

D12. Panel:AWorldWithoutPasswordsand Tokens Ant Allan, Avivah Litan, Ian Glazer

E12. DLPArchitectureandOperationalProcessesAnton Chuvakin GTP

10:30 a.m. B13. Software-Defined Networking and Its Impact on Security Eric Maiwald GTP

C13. Panel:HackersAreNotaThreattoSecurity — A Future of Internet Security Joseph Feiman, John Girard, Avivah Litan, Eric Ahlm, Neil MacDonald, Lawrence Pingree, Eric Ouellet, Peter Firstbrook

D13. Identity and Access Management Gets Social Ant Allan

E13. Web Application Firewalls: Features,Products,DeploymentandAlternatives Mario de Boer GTP
































AGENDA AT A GLANCE


































9:05 a.m. K1b. Gartner Opening Remarks AndrewWalls,VicePresidentandConferenceChair9:45 a.m. W1. Workshop: Information Security Architecture 101 Tom Scholtz, Doug Simmons

10:15 a.m. T1.Tutorial:TopSecurityTrendsandTake-Awaysfor2013and2014Ray Wagner PC1. Sharing Data Without Losing It Jay Heiser10:45 a.m. SolutionProviderSessions11:30 a.m. PC4. SIEMArchitectureandOperationalProcessesAnton Chuvakin GTP PC5. Forget MDM: Extending Security and Identity to Mobile Apps Ramon Krikken GTP2:00p.m. W2. Workshop:HowtoDevelopEffectiveandEfficientDisasterRecoveryPlansBrian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty,

John P. Morency, Belinda Wilson2:15p.m. T3. Tutorial: IAM Myths and Monsters Ray Wagner PC6. End-UserCaseStudyTBA

RISK MANAGEMENT AND COMPLIANCE4:30 p.m. F1. /G1. GeneralSession:DuckandCover—PreparingforCyberwarRichard Hunter, Avivah Litan

5:30 p.m. F2.LinkingRisktoBusinessDecisionMaking:CreatingKRIsThatMatter Paul E. Proctor

G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRC French Caldwell






11:15 a.m. F3. Security and Risk Management Technologies for Social Media Andrew Walls G3. A New Way Forward: How to Create a Strategic Road Map for Compliance John A. Wheeler

2:00p.m. F4.CEOConcerns2013andtheITImplicationsJorge Lopez G4. Maverick Research: Crowdsource Your Management of Operational Risk Leif Eriksen, Paul E. Proctor

4:00 p.m. W8. Workshop: TBA W9. Workshop: IT Risk Management — Selecting the Best Assessment Methods and Tools Jeffrey Wheatman, Khushbu Pratap

4:15 p.m. F5./G5. General Session: A Clash of Forces — Managing Emerging Risks of the Nexus French Caldwell, Andrew Walls, panelists





10:30 a.m. F6./G6. Leadership, Governance and Risk David Marquet, Author of the Award-Winning Book, “Turn the Ship Around!”; French Caldwell11:30 a.m. F7. Road Map for Intelligent Information Governance Alan Dayley G7. Defining Three Segments in the Audit Technology Market Khushbu Pratap

1:45 p.m. F8. Align Governance to Your Organization for Success Julie Short G8. Top5ITAuditTrendsin2012-2013Khushbu Pratap

4:00 p.m. F9. TothePoint:WorkingWiththeBoardofDirectorsonRiskandTechnologyforCompetitive Advantage Jorge Lopez

G9. TothePoint:IsYourBusinessKeepingUpWiththeChangesandBestPracticesforE-Discovery? Alan Dayley

4:30 p.m. F10. TothePoint:ConqueringtheLastFrontierofGovernanceWithEnterpriseLegalManagement John A. Wheeler

G10. TothePoint:Anti-BriberyFearandHype—LimitsandUsesofFCPASolutions French Caldwell


THURSDAY, JUNE 138:30 a.m. F11. The Four Faces of Governance French Caldwell, Julie Short G11. Case Study TBA

W15. The Gartner Network Security Architecture Reference Model

9:30 a.m. F12. EthicsattheNexusofSecurity,PrivacyandBigDataJay Heiser G12. Why ERM and GRC Depend on Each Other to Succeed John A. Wheeler

10:30 a.m. F13. Shrink-WrapGovernance:AGuidetoUnderstanding GRC Software and Services French Caldwell

G13. Debate: Cyberinsurance — Evolution or Revolution? Paul E. Proctor, John A. Wheeler


AGENDA AT A GLANCE

















WEDNESDAY, JUNE 12HC2.HealthcareModeratedBreakfast:BYODBestPracticesinHealthcareBarry Runyon; Irma Fabular (Registration required; end users only.)


10:30 a.m. J6. InformationSecurity:ProcessorTechnology—WhichWayDoWeGo?Jeffrey Wheatman, Jay Heiser, Anton Chuvakin, Neil MacDonald, Tom Scholtz

11:30 a.m. J7. Management Still Doesn’t Get Security (And What You Can Do About That) Paul E. Proctor

1:45 p.m. J8. TBA



THURSDAY, JUNE 138:30 a.m. J11. Security:AFinancialPerspectiveFrank Marsala




AGENDA AT A GLANCE





Gartner event ticketsWe accept one Gartner summit ticket or one Gartner Catalyst ticket for payment. If you are a client with questions about tickets, please contact your sales representative or call +12033161200.

Team Attendance Program: Leverage more value across your organization Knowledgecreatesthecapacityforeffectiveaction.Imaginetheimpactonyour organization when knowledge multiplies: common vision, faster responses, smarter decisions. That’s the Gartner Team Attendance effect. You’ll realize it in full when you attend a Gartner event as a group. Maximize learning by participating together in relevant sessions. Split up to cover more ground, sharing your session take-aways later. Leverage the expertise of a Gartner analyst in a private group meeting.

Team benefits• TeammeetingwithaGartneranalyst

(end users only) •Role-basedagendas• On-siteteamsupport:Workwitha

single point of contact for on-site team deliverables

•Complimentaryregistrations

For more information, email [email protected] or contact your Gartner account manager.

Standardprice:$2,375

Web: gartner.com/us/securityrisk

Email: [email protected]

Phone: 18664052511

$247pernight(plustax)at

Gaylord National Resort and Convention Center201WaterfrontStreetNationalHarbor,MD20745Phone:+13019654000gaylordhotels.com

REGISTER TODAY

SPECIAL GARTNER HOTEL ROOM RATE

Gartner events deliver what you needWe’ve developed conference essentials to ensure that your time at a Gartner summit results in real value and delivers everything you need — efficiently and effectively.

Event Approval ToolsFor use pre-event, on-site and post-event, our Event Approval Tools make it easy to demonstrate the substantial value of your Gartner event experience to your manager. They include a customizable letter, cost-benefit analysis, top reasons to attend and more. Visit gartner.com/us/securityrisk for details.

Complimentary registrations1 for every 3 paid registrations2forevery5paidregistrations3forevery7paidregistrations

EARN CPE CREDITS

Attending the summit helps you advance your continuing professional education (CPE). Registered participants are eligible to earn CPE credits toward (ISC)2, ISACA, DRII, and IAPP certification programs. Learn more at gartner.com/us/securityrisk.

REGISTRATION AND PRICING

3 WAYS TO REGISTER

PresortedStandard

U.S.PostagePAID

Gartner

Gartner, Inc.56 Top Gallant RoadStamford, CT 06902-7700

PO Box 29307 Shawnee, KS 66201

Change Service Requested

Gartner is the world’s leading information technology research and advisory company. We deliver to our clients the technology-related insight and intelligence necessary to make the right decisions, every day. Our pivotal advantage: More than 900 analysts delivering independent thinking and actionable guidance to clients in over 13,000 organizations worldwide — the majority from the Fortune 1000 and Global 500. This extensive body of knowledge, insight and expertise informsallofour60+eventsaroundtheworld.Yousimplywon’tfindthis unique quality of content at any other IT conference. Why? Because no one understands the impact of technology on global business like we do.

Prioritycode

Take a deep-dive into the full spectrum of IT security and risk management topics

Gartner Security & Risk Management Summit 2013June 10 – 13 | National Harbor, MDgartner.com/us/securityrisk

3 WAYS TO REGISTERWeb: gartner.com/us/securityrisk Email: [email protected] Phone:18664052511

ABOUT GARTNER

Don’t Miss Out!

©2013Gartner,Inc.and/oritsaffiliates.Allrightsreserved.Gartnerisaregistered trademark of Gartner, Inc. or its affiliates. For more information, email [email protected] or visit gartner.com.

Web: gartner.com/us/securityrisk

Email: [email protected]

Phone: 18664052511

3 WAYS TO REGISTER

gartner security and risk mgmnt summit 2013

Documents

risk management disciplines

aspect of risk management

risk topics

access management

spectrum of security

infrastructure security

risk communityfive programs

gartner analysts