Visit gartner.com/ap/security for updates and to register! 1

Gartner Security & Risk Management Summit 201425 – 26 August | Hilton Sydney, Australia | gartner.com/ap/security

Hot topics

People-Centric Security

Governance Risk and Compliance

Cloud Computing and Security

Mobility and Security

Identity and Access Management

Smart Risk — Balancing Security and Opportunity

table of contents

From the desk of Rob McMillan, summit chair

Define and achieve effective security and risk management programs to improve enterprise performance

Successful security and risk leaders must learn to make smart decisions to captivate enterprise leaders and employees at all levels, and to instill the values of security risk mitigation to cultivate the pursuit of greater business opportunities.

Now in its 3rd year, Gartner Security & Risk Management Summit 2014, 25-26 August in Sydney, Australia, provides you with the latest strategies and best practices for maintaining an effective balance between risk and opportunity to mitigate security threats, so you can achieve faster business processes and improved enterprise performance.

Vet your strategy against your peers, identify areas for improvement, learn from new case studies and return to the office with a focused vision to advance your security and risk management programs. You’ll learn how to strike a workable balance between security and business, assess associated risks, communicate the parameters of that balance to business leaders and guide user behavior.

Join Gartner and your peers to gain the knowledge you’ll need to combat today’s threats and those that may exist several years from now, as well as the tools and the new technologies that are transforming the business.

Smart Risk — Balancing Security and Opportunity

3 Tracks

4 Agenda at a glance

5 Summit features

6 See who’s attending

7 Solution showcase and Build your agenda

8 Registration and pricing

Rob McMillanResearch Director and Summit Chair, Gartner Research

Tatiana Wells Senior Director, Program Management, Gartner Events

Visit gartner.com/ap/security for updates and to register! 3

Why attend

Who should attend

• ResetyourITsecurityandriskstrategyfor success

• StayrelevantasITsecurityandriskareredefined

•Mitigatetherisksinthenewdigitalage

• CraftstrategyforemergingBYODandmobile threats

• Establishnecessarycloudsecuritymeasures

• Learnhowtobalancesecurity,operational and business needs

Business and IT professionals involved in enterprise-wide security, risk management or business continuity:

• ChiefInformationSecurityOfficers(CISO)

• ChiefSecurityOfficers

• ChiefRiskOfficers(CRO)

• ChiefPrivacyOfficers

• VPs,DirectorsandManagersofITSecurity

• SecurityRiskManager/RiskManager

• ComplianceManager/FraudManager

• InformationRiskandInformationSecurity Managers

EarnCPECreditsAttending the Summit helps you advance your continuing professional education (CPE).RegisteredparticipantsareeligibletoearnCPEcreditstoward(ISC)2andISACA,programs.Learnmoreatgartner.com/ap/security.

ThreeCompleteProgramsFocusingonYourRole

A chief information security officer (ciso) programChiefInformationSecurityOfficers(CISO’s)mustfindandmaintainatrickybalance between protection and productivity. The challenge is exacerbated by ongoing volatility in enterprises’ businesses, technology and threat environments.Thisyear’sCISOprogramexploresthekeycapabilities,strategies and tactics that are essential for the contemporary security leader.

B Risk Management and compliance program Risk management continues to be a work in progress. As organizations revisit their risk management approaches, many are discovering not only a lack of focus on the key risks, but also a lack of understanding of how key risks can impact corporate performance. This year’s sessions will explore new strategies and real-world scenarios that will provide a blueprint for reconstructing risk management and compliance programs.

c it security programAs organizations accelerate adoption of new platforms in the digital age, bad actors develop methods to exploit these emerging platforms. Security programs must rapidly mature in the breadth and effectiveness of techniques and technologies to maintain appropriate levels of security for applications, data and infrastructure regardless of location. This year’s sessions provide advice for effective security management as well as insights into security technology selection and management.

FourAreasFocusingonYourKeyInitiatives

1 successful cloud ManagementGartner clients tell us that the number one obstacle to adopting cloud computing is security. However, an automatic “No” from the security team is not the answer. As organizations explore the benefits of cloud computing, security professionals must be prepared to highlight the risks and the costs of mitigating these risks.

2 Mobility and securityMobiledevicespresentahostofnewsecurityissues,withtheBYODphenomenon presenting the greatest challenge. IT organizations must adapt to this rapidly changing environment and implement new policies and new technologies to mitigate the risks of the mobile workplace. This track will help you navigate the mobile environment over a three-year horizon.

3 identity and Access ManagementAs business and organizations mature, they must manage volatile and rapid change, establish effective formal governance, and provide accountability through transparency. IAM can enable these evolutionary steps, but must itself evolve. It’s time for your IAM program to grow up and display the right foundation, architecture, governance, and organization for delivering real value. The IAM track features presentations on current best practices and the latest issues and trends.

4 technical insights: security ArchitectureTaking an architectural perspective to security technology and processes is critical to achieving a sustainable, flexible, and effective security program. These sessions explore the architectural and operational considerations for protecting information, building secure applications, understanding threats, logging and monitoring activity, and managing risk associated with new devices and service hosting models.

4 Gartner security & Risk Management summit 2014

Agenda at a glance

07:30 – 18:30 Registration

08:30 – 09:15 Tutorial: Top Security Trends and Takeaways for 2014 and 2015 Christian Byrnes

Tutorial:HowtoUsePaceLayeringtoCreateaGRC Application Strategy John Wheeler

Tutorial: IAM for the Masses Felix Gaehtgens

09:30 – 10:15 Gartner opening Keynote: smart Risk — Balancing security and opportunity John Girard, Paul Proctor and Andrew Walls

10:15 – 10:30 Welcome to the Gartner security & Risk Management summit 2014 Rob McMillan

10:30 – 11:00 IndustryPanelDiscussion

11:00 – 11:30 Refreshment Break in the Solution Showcase

tRAcK A

chief information security officer (ciso) program

tRAcK B

Risk Management and compliance program

tRAcK c

it security program

WoRKsHops

interactive sessions

RounDtABles

Ask the Analyst RoundtablesAnalyst-user Roundtables

11:30 – 12:00 TothePoint:DevelopingtheKeyCompetenciesof the Contemprary Security Team Tom Scholtz

To the Point: How to Achieve Success with Cyber Risk Assessment and Analysis Anne Robins

TothePoint:TheFiveStylesofAdvancedThreatDefense Craig Lawson

11:30 – 13:00 Workshop: Shall we take Privacy Seriously? Moderator: Carsten Casper

Ask the Analyst: Security Threat Intelligence Services — the What, the Who, the Why and the How Moderator: Rob McMillan

12:15 – 13:00 Case Study: Check website for updates When Will We Reach "Peak Threat", And What DoWeDoAfter? Paul Proctor

Architecting a New Approach for Continous Advanced Threat Protection Craig Lawson

Analyst-User Roundtable: Horror Stories — Why IAMProgramsFail Moderator: Felix Gaehtgens

13:00 – 14:15 LunchintheSolutionShowcase

14:15 – 15:00 Aligning Information Security and Information Management—GovernanceistheKey Tom Scholtz

Case Study: Check website for updates ApplicationandDataSecurityRoadmap Adam Hils

14:15 – 15:45 Workshop: WhatDoYouBuyfortheUserWhoHas(Accessto)Everything? Moderator: Felix Gaehtgens

Analyst-User Roundtable: Risk Awareness of OperationalTechnologies Moderator: Kristian Steenstrup

15:15 – 15:45 Solution Provider Sessions

15:45 – 16:15 Refreshment Break in the Solution Showcase

16:15 – 16:45 To the Point: People-Centric Security — Case Studies Tom Scholtz

TothePoint:UsingOrganizationalChangetoMitigateOperationalTechnologyRisk Kristian Steenstrup

To the Point: How to Securely Adopt Public Cloud Computing Adam Hils

Ask the Analyst: Managed Security Services in APAC Moderator: Andrew Walls

Ask the Analyst: Check website for updates

17:00 – 17:45 Mastermind Keynote interview Check website for updates

17:45 – 19:15 Networking Reception in the Solution Showcase

07:30 – 16:45 Registration

07:30 – 08:30 IndustryBreakfast—FinancialServices: TheDarkSideofDigitilization John Wheeler

Industry Breakfast — Government: The Myths of Authentication Anne Robins

IndustryBreakfast—OperationalTechnologySecurity for Manufacturing Automation and Control Earl Perkins

08:30 – 09:15 Why Your Policy is Broken and How You Can FixIt Rob McMillan

GRC—GoodConcept.FixingTerribleExecution Paul Proctor

HowBringYourOwnisShapingMobileSecurity John Girard

08:30 – 10:00 Workshop: Selecting Your IT Risk Assessment Methods and Tools Moderator: Chris Byrnes

Analyst-User Roundtable: Security Training — WhatWorks,WhatDoesn'tWork Moderator: Andrew Walls

09:30 – 10:00 Solution Provider Sessions

10:00 – 10:30 Refreshment Break in the Solution Showcase

10:30 – 11:15 MuchAdoaboutNothing—ITSecurityandOTSecurityAren'tthatDifferent Earl Perkins

The Gartner Business Risk Model Paul Proctor Case Study: Check website for updates 10:30 – 12:00 Workshop: GotMetricsButNobodyListens?TransformThem! Moderator: Rob McMillan

Analyst-User Roundtable: People-Centric Security Moderator: Tom Scholtz

11:30 – 12:00 Solution Provider Sessions

12:00 – 13:15 LunchintheSolutionShowcase

13:15 – 13:45 To the Point: Building a Secure User Andrew Walls

To the Point: Now is the Time to Put Your Privacy Program Right Carsten Casper

To the Point: Securing Cloud Services Anne Robins

AsktheAnalyst:ImplementingDLP— WhatWorks,WhatDoesn'tWork Moderator: Rob McMillan

Ask the Analyst: Securing Cloud Computing Moderator: Adam Hils

14:00 – 14:45 Understanding the Spectrum of Metrics and Reporting Christian Byrnes

PracticalInsightonEmbeddingRiskManagementinTechnologyOperations John Wheeler

Case Study: Check website for updates Analyst-User Roundtable: Cyberinsurance — AGreatIdeaButWithaFewChallenges Moderator: Paul Proctor

Analyst-UserRoundtable:What'sNewintheWorldofPrivacyLawsandPractices? Moderator: Carsten Casper

14:45 – 15:15 Refreshment Break in the Solution Showcase

15:15 – 16:00 Guest Keynote: Your personal Brand, Your Reputation, Your opportunity Sue Currie, Leading Personal Branding Expert

16:00 – 16:45 Gartner closing Keynote: the ciso Agenda for 2014/5 Christian Byrnes

16:45 – 17:00 Closing Remarks Rob McMillan

Mon

day

25 A

UG

US

T 20

14Tu

esda

y26

AU

GU

ST

2014

Visit gartner.com/ap/security for updates and to register! 5

07:30 – 18:30 Registration

08:30 – 09:15 Tutorial: Top Security Trends and Takeaways for 2014 and 2015 Christian Byrnes

Tutorial:HowtoUsePaceLayeringtoCreateaGRC Application Strategy John Wheeler

Tutorial: IAM for the Masses Felix Gaehtgens

09:30 – 10:15 Gartner opening Keynote: smart Risk — Balancing security and opportunity John Girard, Paul Proctor and Andrew Walls

10:15 – 10:30 Welcome to the Gartner security & Risk Management summit 2014 Rob McMillan

10:30 – 11:00 IndustryPanelDiscussion

11:00 – 11:30 Refreshment Break in the Solution Showcase

tRAcK A

chief information security officer (ciso) program

tRAcK B

Risk Management and compliance program

tRAcK c

it security program

WoRKsHops

interactive sessions

RounDtABles

Ask the Analyst RoundtablesAnalyst-user Roundtables

11:30 – 12:00 TothePoint:DevelopingtheKeyCompetenciesof the Contemprary Security Team Tom Scholtz

To the Point: How to Achieve Success with Cyber Risk Assessment and Analysis Anne Robins

TothePoint:TheFiveStylesofAdvancedThreatDefense Craig Lawson

11:30 – 13:00 Workshop: Shall we take Privacy Seriously? Moderator: Carsten Casper

Ask the Analyst: Security Threat Intelligence Services — the What, the Who, the Why and the How Moderator: Rob McMillan

12:15 – 13:00 Case Study: Check website for updates When Will We Reach "Peak Threat", And What DoWeDoAfter? Paul Proctor

Architecting a New Approach for Continous Advanced Threat Protection Craig Lawson

Analyst-User Roundtable: Horror Stories — Why IAMProgramsFail Moderator: Felix Gaehtgens

13:00 – 14:15 LunchintheSolutionShowcase

14:15 – 15:00 Aligning Information Security and Information Management—GovernanceistheKey Tom Scholtz

Case Study: Check website for updates ApplicationandDataSecurityRoadmap Adam Hils

14:15 – 15:45 Workshop: WhatDoYouBuyfortheUserWhoHas(Accessto)Everything? Moderator: Felix Gaehtgens

Analyst-User Roundtable: Risk Awareness of OperationalTechnologies Moderator: Kristian Steenstrup

15:15 – 15:45 Solution Provider Sessions

15:45 – 16:15 Refreshment Break in the Solution Showcase

16:15 – 16:45 To the Point: People-Centric Security — Case Studies Tom Scholtz

TothePoint:UsingOrganizationalChangetoMitigateOperationalTechnologyRisk Kristian Steenstrup

To the Point: How to Securely Adopt Public Cloud Computing Adam Hils

Ask the Analyst: Managed Security Services in APAC Moderator: Andrew Walls

Ask the Analyst: Check website for updates

17:00 – 17:45 Mastermind Keynote interview Check website for updates

17:45 – 19:15 Networking Reception in the Solution Showcase

07:30 – 16:45 Registration

07:30 – 08:30 IndustryBreakfast—FinancialServices: TheDarkSideofDigitilization John Wheeler

Industry Breakfast — Government: The Myths of Authentication Anne Robins

IndustryBreakfast—OperationalTechnologySecurity for Manufacturing Automation and Control Earl Perkins

08:30 – 09:15 Why Your Policy is Broken and How You Can FixIt Rob McMillan

GRC—GoodConcept.FixingTerribleExecution Paul Proctor

HowBringYourOwnisShapingMobileSecurity John Girard

08:30 – 10:00 Workshop: Selecting Your IT Risk Assessment Methods and Tools Moderator: Chris Byrnes

Analyst-User Roundtable: Security Training — WhatWorks,WhatDoesn'tWork Moderator: Andrew Walls

09:30 – 10:00 Solution Provider Sessions

10:00 – 10:30 Refreshment Break in the Solution Showcase

10:30 – 11:15 MuchAdoaboutNothing—ITSecurityandOTSecurityAren'tthatDifferent Earl Perkins

The Gartner Business Risk Model Paul Proctor Case Study: Check website for updates 10:30 – 12:00 Workshop: GotMetricsButNobodyListens?TransformThem! Moderator: Rob McMillan

Analyst-User Roundtable: People-Centric Security Moderator: Tom Scholtz

11:30 – 12:00 Solution Provider Sessions

12:00 – 13:15 LunchintheSolutionShowcase

13:15 – 13:45 To the Point: Building a Secure User Andrew Walls

To the Point: Now is the Time to Put Your Privacy Program Right Carsten Casper

To the Point: Securing Cloud Services Anne Robins

AsktheAnalyst:ImplementingDLP— WhatWorks,WhatDoesn'tWork Moderator: Rob McMillan

Ask the Analyst: Securing Cloud Computing Moderator: Adam Hils

14:00 – 14:45 Understanding the Spectrum of Metrics and Reporting Christian Byrnes

PracticalInsightonEmbeddingRiskManagementinTechnologyOperations John Wheeler

Case Study: Check website for updates Analyst-User Roundtable: Cyberinsurance — AGreatIdeaButWithaFewChallenges Moderator: Paul Proctor

Analyst-UserRoundtable:What'sNewintheWorldofPrivacyLawsandPractices? Moderator: Carsten Casper

14:45 – 15:15 Refreshment Break in the Solution Showcase

15:15 – 16:00 Guest Keynote: Your personal Brand, Your Reputation, Your opportunity Sue Currie, Leading Personal Branding Expert

16:00 – 16:45 Gartner closing Keynote: the ciso Agenda for 2014/5 Christian Byrnes

16:45 – 17:00 Closing Remarks Rob McMillan

Age

nda

corr

ect a

s of

7 J

uly

2014

. Ses

sion

s su

bje

ct to

cha

nge.

summit features

end-user case studiesGartner-invited end-users reveal their personal challenges, issues and lessons learned.

track sessionsPresented by Gartner analysts, invited guest speakers and industry presenters, these sessions focus on the issues that matter most to you and provide real-world information that will help you make better decisions and drive successful results.

“to the point” sessionsSometimes you just want to hear the “Top 5 Things You Want to Know” about a trend, a technology or an approach. Gartner analysts provide top concepts, key trends or a quick overview of a particular topic, in a condensed format.

WorkshopsPresented by Gartner or guest experts, these workshops provide an opportunity to drill down on specific “how to” topics in an extended, small group session. The courses are designed for an intimate and interactive learning experience. Reserved for end-users only.

Analyst-user roundtablesJoin us for a hosted peer group discussion with your end-user peers, along with a Gartner analyst lending his or her expertise to assist you. These should not be missed!

Ask the analystAlongside the traditional Gartner analyst-user roundtables where you can speak to your peers in a moderated environment, there will also be a series of Q&A roundtables in which you can question the analyst directly and learn from the questions posed by your peers.

tutorial sessionsThese presentations are focused on layering the foundations for attendees’ understanding of a topic, trend or technology with basic 101 “building block” definitions and analysis.

technical insights — neWLooking for the in-depth technical view? We’ve got it covered with Technical Insights sessions, presented by Gartner for Technical Professionals analysts. Focused on execution, these sessions offer how-to guidance on assessing new technologies at the technical level, developing architecture and design, evaluating products, creating an implementation strategy and managing overall project execution.

At the Summit, please refer to the agenda in the event guide provided,

for the most up to date session and location information.

6 Gartner security & Risk Management summit 2014

Meet the analysts

Christian ByrnesManaging VP

John GirardVP Distinguished Analyst

Robert McMillanResearch Director

Anne RobinsResearch Director

Carsten CasperResearch VP

Adam HilsResearch Director

Earl PerkinsResearch VP

Tom ScholtzVP and Gartner Fellow

Andrew WallsResearch VP

Felix GaehtgensResearch Director

Craig LawsonResearch Director

Paul ProctorVP Distinguished Analyst

Kristian SteenstrupVP and Gartner Fellow

John WheelerResearch Director

FOCUS AREAS: Information security program management; risk management

FOCUS AREAS: Mobile enterprise strategy; information security technology and services; identity and access management; integrating Apple into the enterprise; negotiating software contracts

FOCUS AREAS: Security and risk management leaders; information security program management; risk management; IT governance; information security technology and services

FOCUS AREAS: Risk management; identity and access management; information security program management; information security technology and services

FOCUS AREAS: Privacy; information security program management; compliance; information security technology and services

FOCUS AREAS: Information security technology and services; information security program management; virtualization

FOCUS AREAS: Security and risk management leaders; IT and operational technology alignment; information security technology and services; compliance; smart grid

FOCUS AREAS: Information security program management; risk management; business continuity management; IT governance; information security technology and services

FOCUS AREAS: Information security program management; information security technology and services; privacy; security and risk management leaders; business gets social

FOCUS AREAS: Identity and access management

FOCUS AREAS: Information security technology and services

FOCUS AREAS: Risk management; information security program management; information security technology and services; compliance; IT governance

FOCUS AREAS: IT and operational technology alignment; business value of IT; IT strategic planning; competitive advantage and business transformation

FOCUS AREAS: Risk management; security and risk management leaders; IT governance; business value of IT; compliance

Gartner keynotes

Guest keynote

MondAy 25 AuGuST — 09:30

Gartner opening Keynote: Smart Risk — Balancing Security and opportunityJohn Girard, VP Distinguished Analyst; Paul Proctor, VP Distinguished Analyst; Andrew Walls, Research VP

TuESdAy 26 AuGuST — 16:00

Gartner Closing Keynote: The CISo Agenda for 2014/5Christian Byrnes, Managing VP

TuESdAy 26 AuGuST — 15:15

your Personal Brand, your Reputation, your opportunitySue Currie, Leading Personal Branding Expert

Gartner analyst one-on-one meetingsGartnerEventsgiveyoumorethanwhat your normal industry event offers. Meeting face-to-face with a Gartner analyst is one of the key benefits of attending a Gartner Summit. Personalize your 30 minute private appointment to discuss your specific issue and walk away with invaluable, tailor-made advice that you can apply to your role and your organization straight away.

Visit gartner.com/ap/security for updates and to register! 7

Solution showcaseDevelopa“shortlist”oftechnologyproviderswhocanmeetyourparticularneeds.We offer you exclusive access to some of the world’s leading technology and service solution providers in a variety of settings.

sponsorship opportunitiesFor further information about sponsoring this event contact:

Dan Giacco

Telephone: +61 438 874 149

Email: daniel.giacco@gartner.com

Maria Kamberidis

Telephone: +61 427 327 222

Email: maria.kamberidis@gartner.com

premier sponsor

platinum sponsors

silver sponsors

Media partners

powerful tools to navigate manage and decideTo get the most out of your Summit experience, we’ve created a range of tools to help you manage your goals and objectives of attending.

Gartner events navigatorWe’re excited to introduce a new and enhanced agenda planning tool which replaces our previous Agenda Builder tool. GartnerEventsNavigatorallowsyoutoplanyour personal event experience and gain themostfromyourtimeon-site.Organize,view and customize your agenda using the following criteria:

•Gartneranalystandspeakerprofiles

•Gartneranalystone-on-onemeetings

• Sessiondetailsincludingtracks,date,time, etc.

• YourGartneranalyst-userroundtableorworkshop reservations

• Dailyactivitiesandnetworking

Gartner events navigator Mobile AppManage your agenda on your mobile device!

•Getup-to-the-minuteeventupdates

• Integratesocialmediaintoyoureventexperience

• Accesssessiondocumentsandaddyournotes

• AvailableforiPhone®, iPad® and Android™

event Approval toolsForusepre-event,on-siteandpost-event,ourEventApprovalToolsmakeiteasytodemonstrate the substantial value of your Gartner event experience to your manager. They include a customizable letter, cost-benefi t analysis, top reasons to attend and more.

Visit gartner.com/ap/security for details.

Build your agenda

GARTnER HoTEL RooM RATE

$300 per night at Hilton Sydney 488 George Street Sydney NSW 2000

Phone: + 61 9266 2000

Venue

©2014Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.oritsaffiliates.Formoreinformation,emailinfo@gartner.comorvisitgartner.com.

Gartner security & Risk Management summit 201425 – 26 August | Hilton sydney, Australiagartner.com/ap/security

100% Money-Back Guarantee If you are not completely satisfied with this Gartner conference, please notify us in writing within 15 days of the conference and we will refund 100% of your registration fee.

Gartner Security & Risk Management Summit2014isonTwitterandLinkedIn.

#Gartnersec

Gartner security & Risk Management Xchange

Join the conversation!

3 easy ways to register

Web: gartner.com/ap/security

email: apac.registration@gartner.com

telephone: +61 2 8569 7622

pricing Pricing and Date is subject to change

standard price: $2,795 exc. GST

public sector price: $2,295 exc. GST

Gartner clients A Gartner ticket covers both days of the Summit. Contact your account manager or email apac.events@gartner.com to register using a ticket.

Group rate discount

Attend as a group — discounts availableGartner Events has designed an experience that will help teams of 4 to 25 maximize their Summit experience while on-site and long after the event concludes.

Summit group rate discount offers:

• 4forthepriceof3

• 7forthepriceof5

• 10forthepriceof7

For more information visit gartner.com/ap/security

“ By 2016, 40% of large companies will integrate IT

risk measurements with corporate performance,

doubling from 20% in 2013.” 2014 Gartner Predicts