gartner security & risk management summit brochure

• Mobileapplicationsandsecurity

• Advancedpersistentthreats

• Cloudcomputingandsecurity

• Consumerization

• Securingthevirtualizeddatacenter

Security and Risk Intelligence: The Next Step in Improved Business Performance

Early-bird savings Save$300whenyouregisterbyApril29

June 20 – 23 National Harbor, MD (Washington, D.C. area) gartner.com/us/securityrisk

Gartner Security & Risk Management Summit 2011

Intelligencefortoday’sbusiness-criticalsecurityfunction:

2 Register by April 29 and save $300.22

Prepare to benefit from new security intelligence capabilitiesThe Gartner Security & Risk Management Summit is the premier gathering for senior IT and business executives across the breadth of IT security and risk management, including privacy, compliance, business continuity management, IT disaster recovery and business resiliency.

Four complete programs—IT Security, Risk Management, Business Continuity Management and CISO—deliver:

• More than 100 drill-down sessions across four programs and eight virtual tracks.

• 15 analyst-led roundtable discussions, 8 workshops, keynotes, case studies and more.

• Analyst one-on-one meetings.

• CISO Invitational Program.

• NEW! CRO Invitational Program.

This year’s theme explores new business intelligence being generated by next-generation security programs—a new source of business value tied directly to the security function. Join us to identify your next steps toward a more secure and resilient enterprise, and improved business performance.

• Mobile applications and security

• Social media and security

• Consumerization

• Advanced persistent threats

• The future of national cybersecurity

• Cloud computing and security

• Securing the virtualized data center

• Critical infrastructure protection

• Fraud detection

• Endpoint security

• Data loss prevention

• Identity management

• Information security metrics

• CIO, CSO, CISO, CRO, CFO, CCO, CGO, CPO and CTOs

• IT vice presidents/directors

• Governance, risk, compliance, and privacy executives

• Senior business executives

• General counsel

• Finance, audit, legal risk and compliance and regulators

• Enterprise and operational risk managers

• Continuity of operations

• Crisis management

• Disaster recovery

• IT infrastructure, network and operation

Hot topics

Who should attend

Overview

3Visit gartner.com/us/securityrisk or call 1 866 405 2511.33

2 Overview

3 Benefits of Attending

4 Keynote Sessions

6 Meet the Analysts

8 Summit Highlights

9 Program Descriptions

10 Virtual Tracks

12 Agenda at a Glance

14 Solution Showcase

15 Registration

Leverage the global expertise of Gartner analystsThe Gartner Security and Risk Management Summit is unique in the industry. No other gathering brings together leading executives in IT security and risk management, Gartner analysts, and relevant solution providers for a comprehensive update on security, risk and BCM disciplines. Get the insight you need to:

• Architect an overall security, risk management and BCM strategy aligned to business needs and goals.

• Protect mission-critical infrastructure from sophisticated new threats and deliver a more agile and resilient enterprise.

• Benefit from new business intelligence being generated by risk, security and BCM programs.

• Evaluate new security risks presented by SaaS, cloud computing and virtualization.

• Understand the changing vendor universe and make the right investments.

• Keep the board and other business leaders informed by articulating security and risk strategy in business language.

• Use insights from BCM, risk and security programs for greater efficiency and improved business performance.

• Prepare for new regulatory, compliance, privacy and e-discovery requirements.

• Use the latest BCM models to identify critical data and processes and make your enterprise highly resilient.

• Create a more risk-aware organizational culture that supports risk management initiatives.

Attending the summit helps you advance your continuing professional education. Registered participants are eligible to earn CPE credits toward ISC2, ISACA, and DRII Certification programs. Learn more at gartner.com/us/securityrisk.

Table of contents

Earn CPE credits

Benefits of Attending

4 Register by April 29 and save $300.

Gartner keynotePresenter: Vic Wheatman, Managing Vice President, Gartner Research

Today’s information security and risk management programs are often based on a noncohesive set of technologies that lacks comprehensive knowledge management, analytics and planning capabilities. What is needed is a transformation to enterprise security intelligence (ESI), enabling correlation and impact analysis across all sources. We have learned how to collect information, but we have not excelled at applying knowledge. In this brief introduction, we will preview the ways in which the conference will bring together the pieces of information security and risk toward an ESI concept to improve organizational performance.

Just announced! Guest keynotesPresenter: Valerie Plame, “Outed” CIA operations officer and best-selling author of “Fair Game”

As a covert CIA operations officer, Valerie Plame worked to protect America’s national security and prevent the proliferation of weapons of mass destruction. In 2003, she found herself at the heart of a political firestorm when senior White House and State Department officials revealed her secret status to several national journalists—including a syndicated conservative newspaper columnist who published her name. Plame’s autobiography, “Fair Game: My Life as a Spy, My Betrayal by the White House,” became a New York Times bestseller and was recently made into a major motion picture.

Presenter: Joseph Wilson, Former U.S. ambassador, author of “The Politics of Truth”; chairman of the board, Symbion Power, Africa

Joseph Wilson’s historic career in international relations spans more than three decades, with service under five U.S. presidents: Ford, Carter, Reagan, Bush Sr. and Clinton. Widely recognized for his diplomatic leadership, Wilson was hailed as “a true American hero” by President George H. W. Bush for his efforts to free more than 100 American hostages in Iraq. The last American official to confront Saddam Hussein before the start of the Gulf War, Wilson served as the acting U.S. ambassador in Iraq throughout Operation Desert Shield.

Keynote Sessions

5Visit gartner.com/us/securityrisk or call 1 866 405 2511.

Security, Risk and Crisis Management in the Coming DecadePresenter: Michael Chertoff, Former Secretary of Homeland Security, 2005-2009, Co-Founder and Managing Principal, The Chertoff Group

A senior official involved in managing major crises, Michael Chertoff will explore strategies for managing risk. Drawing upon the his experiences as head of the criminal division of the U.S. Department of Justice and as U.S. Secretary of Homeland Security, Mr. Chertoff’s experience spans managing responses from the 9/11 attacks, the Enron and other corporate accounting scandals and natural disasters, including Hurricane Katrina.

Mr. Chertoff will address the security challenges posed by foreign investment in sensitive domestic industries and will close with a focus on global vulnerabilities, including supply chain disruption and cyberwarfare. Mr. Chertoff will also describe lessons learned regarding preparedness as well as resiliency and response in exceptionally high-profile media environments.

Presenter: David Pogue, Tech

Columnist, The New York Times

As the tech columnist for The New York Times, David Pogue has a front-row seat for observing today’s blazing-fast torrent of new inventions. Hundreds of

technologies come down the pike every year—and plenty get lots of press—but sadly, much of it is junk and some of it carries potential security risks. Pogue will stick his neck out to predict which will actually cause major, disruptive changes. He’ll display, discuss and even demonstrate the technological advances—in personal entertainment, mobile technology, Web 2.0, security and more—that will have the most impact on society in the coming years.

Program Chairs

Vic WheatmanConference Chair, Managing Vice President

F. Christian Byrnes CISO, Managing Vice President

Ray WagnerIT Security, Managing Vice President

Lawrence OransIT Security, Director

French CaldwellRisk Management and Compliance, Vice President

Roberta J. WittyBusiness Continuity Management, Vice President


Ken DulaneyVice President and Distinguished Analyst

John BaceVice President

Meet the Analysts

F. Christian ByrnesManaging Vice President

Jay HeiserVice President

Paul E. ProctorVice President and Gartner Fellow

French CaldwellVice President and Gartner Fellow

Carsten CasperDirector, Gartner Consulting

Tom ScholtzVice President and Distinguished Analyst

Dan BlumVice President and Distinguished Analyst

Ant AllanVice President

Perry CarpenterDirector

Joseph FeimanVice President and Gartner Fellow


Peter FirstbrookDirector

Trent HenryVice President

John GirardVice President and Distinguished Analyst

Kelly KavanaghPrincipal Research Analyst

Eric MaiwaldVice President

Neil MacDonaldVice President and Gartner Fellow

Rob McMillanDirector

John PescatoreVice President and Distinguished Analyst

Earl PerkinsVice President

Lawrence PingreeResearch Director

Vic WheatmanManaging Vice President

Jeffrey WheatmanVice President and Distinguished Analyst

Greg Young Vice President

Tim ZimmermanPrincipal Research Analyst

Gregg KriezmanDirector

Ramon KrikkenDirector

Avivah LitanVice President and Distinguished Analyst

Mark NicolettVice President and Distinguished Analyst

Lawrence OransDirector

Eric OuelletVice President

Ray WagnerManaging Vice President

Bob WalderDirector

Andrew WallsDirector

CISO IT Security

John P. MorencyVice President


Rob McMillanDirector

Doug SimmonsVice President Consulting

Alice WangDirector Consulting


John BaceVice President

Michele CantaraVice President

French CaldwellVice President and Gartner Fellow

Andrew FrankVice President


John F. HagertyVice President and Distinguished Analyst

Dale KutnickSenior Vice President, Executive Programs


Debra LoganVice President and Distinguished Analyst

Mark NicolettVice President and Distinguished Analyst

John P. MorencyVice President

Paul E. ProctorVice President and Gartner Fellow


Drue ReevesVice President and Distinguished Analyst

Steven StokesManaging Vice President



Roberta J. WittyVice President

John GirardVice President and Distinguished Analyst


Jeffrey ViningVice President


Donna ScottVice President and Distinguished Analyst

Risk Management and Compliance

Business Continuity Management

Sit down privately for 30 minutes with a Gartner analyst who specializes in the topic you’d like to discuss. To reserve your one-on-one session, visit the Agenda Builder at gartner.com/us/securityrisk or the one-on-one desk on-site at the conference.

Gartneranalystone-on-ones

Earl PerkinsResearch Vice President

Mark DriverResearch Vice President

Carsten CasperResearch Director



Summit Highlights

Networking that delivers valuable insightsIn addition to community networking breakfasts by industry and program, lunch and evening receptions, hospitality suites and roundtable discussions, this year’s summit includes a special event presenting the 2010 executive summary from Financial Executives International, plus an Executive Women’s Forum meet-and-greet.

End-user case studiesGartner invites a number of end users to personally present leading-edge case studies and answer questions. It’s a unique opportunity to hear detailed accounts of major implementations firsthand.

Solution provider showcaseMeet with today’s leading and most innovative solution providers across security and risk. Hear their case studies, get answers to your questions and create a shortlist of top vendors.

Hear how your colleagues from various industries tackle problems similar to yours. These small group discussions, moderated by an analyst, provide an informal setting for you and your peers to share insight, challenges and concerns on today’s hottest topics.

Analyst-userroundtables

CISO and CRO Invitational ProgramsConcurrent with the summit, CISO and CRO Invitational Programs provide a forum for the exploration of top-of-mind Ieadership, IT security, privacy and risk management issues for CISOs, CSOs and CROs. In these intensive programs, guest executives meet with leading technology providers to exchange ideas and strategies. Participation includes gratis travel, hotel and registration and is by invitation only on a first-come, first-served basis. To apply, visit gartner.com/us/securityrisk.

Greater breadth and deeper coverage of key topics

Richer in both breadth and depth, the 2011 summit presents more new research than ever before. The Risk Management and Compliance program and the IT Security program have each been expanded, with increased focus on: enterprise and operational risk, legal and compliance, infrastructure protection and secure business enablement. Expect:• New research, case studies, keynotes and

marketplace updates

• More preconference tutorials, workshops and networking by community

• Eight virtual tracks with in-depth coverage of key topics, including wireless, cloud, IAM and privacy

• Four complete programs plus a new track— Technical Insights: Security Architecture—that focuses on improving business intelligence and data management solutions

New for 2011


Program DescriptionsSummit Highlights

IT Security Program Today’s security is about business as much as technology. From the cloud to the network, enterprise data to remote computing, security has a direct impact on the bottom line. In this program, we’ll address evolving trends and challenges across security, among them:

• Mobile applications and consumerization• Cloud computing and virtualized data centers• Advanced persistent threats• NEW track: Technical Insights: Security Architecture

Risk Management and Compliance ProgramThis program focuses on the technologies and strategies to improve governance, manage risk and adhere to the letter and spirit of the law. Top priorities we’ll cover include:

• Answering to the board—risk and compliance in business terms• E-discovery and information governance• New risks in the IT supply chain• Risk-based approaches to privacy

CISO ProgramSuited to those new to the role as well as experienced leaders updating their knowledge base, the program addresses evolving challenges in:

• Enterprise security intelligence• Business-IT security alignment• Governance, policy and privacy• Corporate risk management

Business Continuity Management ProgramHow does the enterprise ensure continuing operations and system availability when something goes wrong? What is the IT disaster recovery plan? These sessions help organizations anticipate the unanticipated and work to reinforce a discipline of continuity in the corporate culture, a perspective that can yield added benefits in the form of business intelligence and greater efficiencies. Key topics include:

• Cloud, mobile and social software, and disaster recovery• Standards and certification• Ensuring 24/7 availability

Four complete programs deliver in-depth insight across key disciplines


Virtual Tracks

Wireless and Security Wireless access is a factor in all future network and user device approaches, bringing both new and reinvented wireless security challenges. This track covers business-critical system and data issues emerging from new wireless technologies.

CybersecurityOrganized teams of hackers are coordinating their efforts not only to gain access to systems for purposes of data acquisition or sabotage, but to negate remediation efforts in an attempt to maintain that access. This track explores cybersecurity issues that impact both the private and public sectors.

Cloud Computing Cloud computing presents major security challenges as well as exciting new opportunities in security-as-a-service and cloud-based security services. In this track, we’ll explore the new imperative: know your risk profile, understand the risks cloud computing can create, minimize those risks, and move forward appropriately.

Privacy Everybody wants privacy, but nobody wants to pay for it. Privacy professionals have to tap into the technology pools

and budgets from adjacent security, application and risk management areas. These sessions address emerging technologies that have an impact on privacy, but also those that can help to protect personal information.

Identity and Access Management As businesses and institutions mature, they must manage volatile and rapid change, establish effective formal governance and provide accountability through transparency. IAM can enable these evolutionary steps, but must itself evolve. It’s time for your IAM program to grow up and display the right foundation, architecture, governance and organization for delivering real value; we’ll examine how.

Trend Watch The trend line tells us that the bad guys are getting smarter, the technology more evolved and business practices around security, risk and compliance keep moving towards more maturity. Here we forecast future trends in the domain to help you get, and keep, ahead of the curve.

Virtual tracks let you follow a key trend or topic with relevant sessions pulled from across the conference offerings. Through the online Agenda Builder, you can also customize any of these eight tracks to suit your own specific interests. Visit gartner.com/us/securityrisk on your PC or mobile device to get started.


Marketplace Review Mergers and acquisitions, new point solutions and the convergence of product functionality into integrated solutions all contribute to a dynamic security, risk and compliance marketplace. What does that mean for your investments and future buying decisions? Get the latest updates to help you anticipate marketplace changes.

Social Media New social media tools aid collaboration, build brand awareness and facilitate off-the-record communications. These often bypass corporate filters, meaning that official correspondence is beyond enterprise control. Meanwhile, corporate and personal privacy is increasingly being put at risk. What can be done about the risks of emerging social media and how do they balance against the opportunities?

New track for IT security practitionersTechnical Insights: Security ArchitectureProviding in-depth technical research and decision support tools, these sessions explore the architecture and planning considerations for protecting information, building secure applications, understanding threats, auditing and monitoring activity, and managing risk associated with new devices and service hosting models. Session topics include:

• Developing a cloud computing security strategy• Consumerization and security architecture• Designing security monitoring architectures• Application security programs

Dive into hands-on specifics in workshops covering 10 hot topics, from creating key risk indicators to assessing your organization’s privacy posture.

AW1. Creating a Balanced Scorecard for Information Security Jeffrey Wheatman, Rob McMillan (8:30 a.m.)

BW1. IAM Program Maturity Assessment Ant Allan, Gregg Kreizman, Perry Carpenter, Earl Perkins, Ray Wagner (8:30 a.m.)

FW1. BCM MaturityJohn P. Morency, Roberta J. Witty (8:30 a.m.)

GW1. Creating Key Risk Indicators for Your Company Paul E. Proctor (8:30 a.m.)

AW2. CRO (10:20 a.m.)

BW2. SEC Foundational Building Blocks of a Data Loss Prevention Strategy Alice Wang (10:20 a.m.)

FW2. KRI Development John P. Morency, Roberta J. Witty (10:20 a.m.)

For complete details visit gartner.com/us/securityrisk.

Thursday workshop series

12 Register by April 29 and save $300. 13Visit gartner.com/us/securityrisk or call 1 866 405 2511.

Monday, June 20

11:30 a.m. Tutorial 1. Developing Next-Generation Security Metrics Jeffrey Wheatman

B S F

Tutorial 2. Choosing the Right BCM Consultant for the Job John P. Morency, Roberta J. Witty

FBP

Tutorial 3. Fathoming the Jellyfish: Understanding the Gartner IAM Taxonomy and Capability Models Ant Allen

S T F

Tutorial 4. Security Markets Worldwide Lawrence Pingree B F

Tutorial 5. Top Security Trends and Take-Aways for 2011-2012 Ray Wagner

S T F

10:00 a.m. Welcome Address Vic Wheatman, Managing Vice President and Conference Chair

10:15 a.m. Opening Keynote Michael Chertoff, Secretary of Homeland Security, 2005-2009

Infrastructure Protection

Secure Business Enablement The CISO

Enterprise and Operational Risk Management

Managing Legal and Compliance Risks

SecurityTechnical Insights:

Security Architecture CISO Risk Compliance BCM Analyst-User Roundtables

11:30 a.m. B1. From Security Silos to Enterprise Security Intelligence Joseph Feiman

B S A

C1. Defending the Homeland: The Future of National Cybersecurity Andrew Walls

T S A

D1. The Identity and Access Management Scenario Gregg Kreizman

B A S

E1. Emerging Technologies for Mobile Security John Girard, Ant Allan

T A

TI1. Dangerous Times: Shared Intelligence Plays a Vital Role Dan Blum

P A

A1. Defining the Information Security Program F. Christian Byrnes, Mark A. Margevicius

B S F

G1. Selecting IT Risk Assessment Methods and Tools: A Use Case Approach Tom Scholtz

P H1. The End of the Beginning and What’s Next in Compliance John Bace, French Caldwell

S A

F1. Operations Resilience: How Achievable Will It Be? John P. Morency, Donna Scott

S B

AUR1. Emerging Trends in Security and Risk Management Ray Wagner

AUR2. Tablet Security Supporting iPads in the Enterprise Bob Walder

12:30 p.m. Attendee Lunch and Solution Showcase Dessert Reception, Theater Showcase Presentations

2:30 p.m. B2. Adaptive, Context-Aware Security Infrastructure and Intelligence Neil MacDonald

S A

C2. Cyberwar and APT: Hype and FUD Bob Walder

T S A

D2. Improving IAM Processes Is a Business Imperative Earl Perkins

B F S

E2. Best Practices for Owning Your Airwaves to Provide Security, Maximize Performance and Mitigate Interference Tim Zimmerman

T P A

TI2. Managing the Risk of Using SaaS Eric Maiwald

S A T

A2. Risk Assessment 101 Jay Heiser

F B S

G2. The KRI Catalog Paul E. Proctor

B P F

H2. The Future of Privacy Carsten Casper, Andrew Walls, John Bace

B S A

F2. Building Resilience Into the Development Life Cycle Roberta J. Witty, John P. Morency

P T

AUR3. Enterprise Security Intelligence Roundtable Joseph Feiman

AUR4. Cloud Concerns Roundtable Lawrence Pingree

3:45 p.m. Solution Provider Sessions

5:00 p.m. Guest Keynote Fair Game: Intelligence, Integrity, Security and Counterproliferation Valerie Plame, “Outed” CIA Operative; and Former Ambassador Joseph Wilson

6:00 p.m. Solution Showcase Evening Reception

Tuesday, June 21 7:00 a.m. Breakfast

8:15 a.m. B3. Content-Aware Data Loss Prevention Trends for 2011 and Beyond Eric Ouellet

S A T

C3. Securing the Virtualized Data Center: From Private Cloud to Public Cloud Neil MacDonald

S A

D3. The Future of Access Management: the End of Point Solutions Gregg Kreizman

T A P

E3. Next-Generation Architectures for Infrastructure Guest Access Tim Zimmerman

P A

TI3. Develop a Cloud Computing Security Strategy Dan Blum

S A T

A3. Report Risk to the Board…and Keep Your Job Paul E. Proctor

B P F

G3. Analytics’ Role in Managing Risk John F. Hagerty

P A

F3. Standards Comparison: BS 25999, NFPA 1600 and ASIS SPC.1-2009 Don Byrnes

B P F

AUR5. Talkin’ Bout My Next G-g-g-generation Firewall Greg Young

AUR6. Crisis Management John P. Morency, Donna Scott

P B

9:30 a.m. Solution Provider Sessions

10:45 a.m. B4. Critical Infrastructure Protection, Smart Grid and Next-Generation Threats Earl Perkins

S A

C4. How to Use the Cloud and Stay Secure John Pescatore

P A

D4. Security Information and Event Management Drives Enterprise Security Intelligence Mark Nicolett

P A

E4. New Trends in Fraud Detection: Grappling With the Enemies Within and Without Avivah Litan

P A

TI4. Consumerization and Security Architecture Eric Maiwald

A4. An Introduction to Information Security Architecture Tom Scholtz

F G4. Driving Performance and Improving Risk Management With BPM Michele Cantara

P F

H4. Understanding the Foundations and Components of Compliance John Bace

F P

F4. Social Software and Recovery Andrew Walls, Roberta P. Witty

A B

AUR7. Achieving Your IT Resilience Goals John P. Morency, Donna Scott

T AUR8. Network Access Control Experiences Lawrence Orans

11:45 a.m. Solution Showcase Lunch and Exhibits Theater Presentations

2:00 p.m. B5. iPad Data Safety Bob Walder

P A

C5. Secure Web Gateways: Intelligently Defending Against the Web 2.0 Threat Peter Firstbrook, Lawrence Orans

P A

D5. Looking Forward: Best Practices for User Administration Perry Carpenter

B F S

E5. The Enterprise Social Platform: The Newer Attack Vector Alice Wang

R S A

One Giant D-L-P for Your Security Architecture Trent Henry

A5. Building an Effective Security Awareness Program Andrew Walls

P F

G5. Ensuring Cloud Assurance Jay Heiser

S A

H5. Intelligent Information Governance 2011 Debra Logan

P F

F5. Uptime All the Time Donna Scott

A T

AUR9. TBA


4:30 p.m. BN1. Net IT Out: Tips for Vendor Proposals Greg Young

P F

CN1. Net IT Out: Cloud Performance and Security Bob Walder

P A

DN1. Net IT Out: Business Continuity Management Planning BCMP Jeff Vining, Roberta J. Witty

EN1. Net IT Out: Choosing User Provisioning Vendors Perry Carpenter

P F

AN1. Privacy Policy: Structure and Content Carsten Casper

S F

GN1. Net IT Out: Operational Technology Governance, Risk Management and Compliance Earl Perkins

S F

HN1. Net IT Out: Choosing Enterprise GRC Vendors French Caldwell, Paul E. Proctor

S F

FN1. BCM Software Marketplace Review: Emergency Mass Notification Services and BCMP John Girard, Tom Scholtz

P T

DN1. Business Continuity Management Planning (BCMP) Jeff Vining, Roberta J. Witty

4:55 p.m. BN2. Net IT Out: E-Mail Encryption Eric Ouellet

P A

CN2. Net IT Out: Log Management as a Service: Alternatives to SIEM Kelly M. Kavanagh

P A

EN2. Net IT Out: Choosing Fraud Detection Vendors Avivah Litan

P A

AN2. Managing Relationships With Internal and External Auditors John P. Morency

P F

GN2. Net IT Out: Understanding the E-Discovery Market Debra Logan

F S

HN2. Net IT Out: Choosing IT GRC Management Vendors Mark Nicolett

P F

5:30 p.m. Keynote: TBA

6:30 p.m. Hospitality Suites

Wednesday, June 22 7:30 a.m. Breakfast With the Analysts

8:30 a.m. B6. Building the Intelligent Endpoint Protection Platform Peter Firstbrook

S A

C6. The Mobile Security Brothers Traveling Roadshow John Pescatore, John Girard

D6. One Ring to Rule Them All: Intelligent Security Management With Active Directory Andrew Walls

P F

E6. The State of Enterprise Data Collaboration for Internal and External Needs With EDRM, DLP, Encryption and Portals Eric Ouellet

T F S

TI6. IT1 Presentation: Designing Security Monitoring Architectures Ramon Krikken

A6. The Care and Feeding of Security Policies Jay Heiser

F S

G6. Enterprise and Operational Risk Management: Directors Roundtable, What the Board Wants Dale Kutnick, French Caldwell

B S

H6. Supply Chain Risks in a Changing World Stephen Stokes

P F6. Case Study: A Modern Approach to Business Resiliency Management at Lockheed Martin Corporation Nader Mehravari

S B

AUR10. Enterprise Fraud Management Roundtable Avivah Litan

9:45 a.m. Solution Provider Sessions

11:00 a.m. B7. The Glass House of Data Center Security Greg Young

P A

C7. How to Avoid Having a Really Bad Day: Preparing For and Managing Security Incidents in a Controlled Way Rob McMillan

P A

D7. Improving IAM. Value Through Identity and Access Intelligence Earl Perkins

T A S

E7. Case Study: Ensuring Privacy—Intelligently Protecting Patient EMR and Medical Identity Information Saikat Maiti, Head, Information Security and Data Privacy, Varian Medical Systems

TI7. IT1 Presentation: Making Progress in Application Security Programs Ramon Krikken

A7. Articulating the Business Value of Information Security Tom Scholtz

P F

G7. Future Scenarios for Privacy, Advertising and Online Social Identity Andrew Frank

S A

H7. Which Regulations Apply to Me French Caldwell

F P

F7. Disaster in the Cloud Jay Heiser

A T

AUR11. Security Metrics Roundtable Jeffrey Wheatman

AUR12. TBA

12:00 p.m. Solution Showcase Lunch and Exhibits Theater Presentations

1:30 p.m. B8. Hey Boss, I Need Another Network Security Tool Lawrence Orans, John Pescatore

P A

C8. Vulnerability Management for Emerging Threats and Technologies Mark Nicolett

S A

D8. Improving Identity Assurance: Best Practices for User Authentication Ant Allan

T F P

E8. Embrace Emerging IAM Administration and Intelligence Trends to Improve Time-to-Value Perry Carpenter

A P

TI8. Stop Worrying and Embrace SharePoint Security Features Trent Henry

A8. What to Do When a Lawyer Is Not Around John Bace

P F

G8. Critical Strategies to Manage Risk and Maximize Business Value of Open Source Within the Enterprise Mark Driver

S F

H8. Negotiating and Managing Cloud Legal and Liability Issues Drue Reeves

P A

F8. Modernizing Recovery Into Resilience John P. Morency

A T

AUR13. Mobile Applications and Recovery Roberta J. Witty, John Girard T


4:00 p.m. B9. Case Study: Oil Company Builds Security Program Using Tools and Governance Doug Simmons, Gartner Consulting

S A

C9. Data Encryption for Compliance and Information Governance Eric Ouellet

P F

D9. Assessing Risks in Social Collaboration Software Andrew Walls

P A

E9. Managing Identity in the Cloud Greg Kreizman

T F P

A9. The Future of GRC French Caldwell

S A

G9. Case Study: Best Practices in E-Discovery Debra Logan

P F

H9. Managing Vendors and Their Risks to Your Business French Caldwell

P F

F9. Case Study: Mobile Technologies in Disaster Recovery John Girard

P T

AUR14. TBA AUR15. TBA

5:15 p.m. Guest Keynote Disruptive Tech: What’s New, What’s Coming, How It Will Change Everything and Is It Secure? David Pogue, Technology Columnist, The New York Times

Thursday, June 23 9:00 a.m. GS1. Pocket Power: Reap the Benefits of Mobile Evolution While Managing Risk Ken Dulaney

10:20 a.m. GS2. Col. Lindley Johnson, NASA’s Near-Earth Objects Observations Program Executive

11:45 a.m. Closing Keynote

12:15 p.m. Conference Ends

Create your own customized agenda online

Don’t miss that must-see session! Use our online Agenda Builder to customize your summit experience prior to the event. Build your agenda on your PC or mobile device, sign up for RSS alerts and more at gartner.com/us/securityrisk.

Agenda at a Glance

B Business T Technology S Strategic P Practical A Advanced F Foundational

See page 11 for our Thursday Workshop Series or visit gartner.com/us/securityrisk for complete details.

Solution Showcase

Today’s leading solution providers and top innovators in the security, risk management and business continuity management space will be on-site with their most informed representatives, ready to answer your questions. Get the research, ask your questions, streamline the vetting process, and leave with a shortlist you can act on immediately.

Premier Sponsors

Google’s cloud computing solutions allow you to dramatically lower IT costs and increase productivity, security and reliability. Google Apps is a 100% web suite of applications that includes Gmail, Google Calendar, Google Docs and Spreadsheets, Google Sites, and more. Google Postini services help make email systems more secure, compliant and reliable by blocking spam and malware before they reach your networks, by providing encryption and archiving to help meet compliance requirements, and by offering email continuity.

Verizon Business, a unit of Verizon Communications, is a global leader in communications solutions. We combine professional expertise with one of the world’s most connected IP networks to deliver award-winning communications, IT, information security and network solutions. We securely connect today’s enterprises - enabling them to increase productivity and efficiency. Many of the world’s largest businesses—including 96% of the Fortune 1000—rely on our professional and managed services and network technologies.

CIPHER is a global solution provider in Information Security. It is committed to delivering excellence and innovation through Consulting, System Integration and Managed Security Services (MSS) provided by modern 24x7 Security Operations Centres (SOC). CIPHER has over 10 years of experience, it is a highly accredited company including ISO 20000 and ISO 27001 certification and a pioneer in obtaining PCI-QSA and PCI-ASV certificates.

As a world-leading information technology company, HP applies new thinking and ideas to create more simple, valuable and trusted experiences with technology. Our focus is to continuously improve the way our customers live and work through technology products and services, form the individual consumer to the largest enterprise. More information can be found at www.hp.com

Platinum Sponsors

as of March 11, 2011

Dell Inc. (NASDAQ: DELL) listens to customers and delivers worldwide innovative technology and business solutions they trust and value. Recognized as an industry leader by top analysts, Dell SecureWorks provides world-class information security services to help organizations of all sizes protect their IT assets, comply with regulations and reduce security costs. www.dellsecureworks.com

AT&T Inc. is a global leader in communications, with operating subsidiaries providing services under the AT&T brand. AT&T is a recognized leader in Business-related voice and data services, including global IP services, hosting, applications, and managed services. In the United States, AT&T is a leader in Mobile voice and data, as well as IP, Yellow Pages and advertising services, and provides Wi-Fi service in over 20,000 hotspots.

Qualys, Inc. <http://www.qualys.com/> is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing an immediate, continuous view of security and compliance postures. The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 47 of the Fortune Global 100, and performs more than 500 million IP audits per year.

Symantec is a global leader in providing security, storage and systems management solutions to help our customers – from consumers and small businesses to the largest global organizations – secure and manage their information-driven world against more risks at more points, more completely and efficiently. Our software and services protect completely, in ways that can be easily managed and with controls that can be enforced automatically – enabling confidence wherever information is used or stored. www.symantec.com

Cisco security balances protection and power to deliver highly secure collaboration. With Cisco security, customers can connect, communicate, and conduct business securely while protecting users, information, applications, and the network. Cisco pervasive security can help minimize security and compliance IT risk, reduce IT administrative burden, and lower TCO. Information about Cisco security can be found at www.cisco.com/go/security

Websense, Inc., a global leader in unified Web security, email security, and data loss prevention (DLP) solutions, delivers the best content security for modern threats at the lowest total cost of ownership to tens of thousands of organizations worldwide. Distributed through global channel partners and delivered as software, appliance and Security-as-a-Service (SaaS), Websense helps organizations leverage Web 2.0 and cloud communication, while protecting from advanced persistent threats, preventing confidential data loss and enforcing security policies.

Core Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers gain real visibility into their security standing, real validation of their security controls, and real metrics for more effective information security.

Intel is a world leader in computing innovation. The company designs and builds the essential technologies that serve as the foundation for the world’s computing devices. Laptops with Intel® Anti-Theft Technology provide you with intelligent security for lost or stolen laptops. Because the technology is built into the hardware, Intel AT provides local protection that works even if a thief reimages the OS, changes the boot order, installs a new hard-drive, or stays off the Internet. Additional information is available at http://anti-theft.intel.com.

McAfee is the world’s largest dedicated security technology company. McAfee relentlessly tackles the world’s toughest security challenges. With nearly 350 patents, our award-winning research team and engineers develop solutions that make businesses more powerful to protect their systems, networks, and data, while also helping them optimize complex risk and compliance issues. At home, we help consumers secure every aspect of their digital life—PC, mobile phone, and internet—with solutions that auto-update and are easy to install and use.

Through world-class solutions that address risk across the enterprise, IBM Security Solutions enable organizations to build a strong security posture that helps reduce costs, improve service, manage risk, and enable innovation. For more information on how to address today’s biggest risks please visit us at ibm.com/security.


Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content—by user, not just IP address—at up to 10Gbps with no performance degradation. Based on patent-pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications—regardless of port, protocol, evasive tactic or SSL encryption—and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. For more information, visit www.paloaltonetworks.com.

Solutionary reduces the information security and compliance burden, delivering flexible managed security services that align with client goals, enhancing organizations’ existing security program, infrastructure and personnel. The company’s services are based on experienced security professionals, actionable threat intelligence and the ActiveGuard service platform that provide expert security and compliance management. This client focus and dedication to customer service has enabled Solutionary to boast one of the highest client retention rates in the industry.

Guided by its vision of Dynamic Security for the Global Network, SonicWALL develops advanced intelligent network security and data protection solutions that adapt as organizations evolve and as threats evolve. Trusted by small and large enterprises worldwide, SonicWALL solutions are designed to detect and control applications and protect networks from intrusions and malware attacks through award-winning hardware, software and virtual appliance-based solutions. For more information, visit http://www.sonicwall.com/.

Sourcefire, Inc. (Nasdaq:FIRE) is a world leader in intelligent cybersecurity solutions. Sourcefire is transforming the way Global 2000 organizations and government agencies manage and minimize network security risks. Sourcefire’s Next-Generation IPS™, Next-Generation Firewall™, virtual, and anti-virus/malware solutions equip customers with an efficient and effective layered security defense - protecting network assets before, during and after an attack. Today, the name Sourcefire has grown synonymous with innovation and cybersecurity intelligence. For more information: http://www.sourcefire.com

Trend Micro provides leading Internet content security solutions for businesses and consumers. We protect against malware, spam, data leaks, and the newest Web threats designed to steal digital information. Our unique solutions stop these threats where they first emerge - in the Internet - before they can attack corporate networks and PCs. Founded in 1988, Trend Micro operates globally and protects hundreds of millions of users in the office, at home and on the go.

Tripwire is a leading global provider of IT security and compliance automation solutions. Tripwire VIA™, the comprehensive suite of industry-leading file integrity, policy compliance and log and event management solutions, is the way organizations proactively achieve continuous compliance, mitigate risk, and ensure operational control through Visibility, Intelligence and Automation.

Silver Sponsors

the network security companytm

RELEVANT . INTELLIGENT . SECURITY

Platinum Sponsors

Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. Trustwave has helped thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com.

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

Splunk is software used for monitoring, reporting and analyzing IT data. This data is generated by all applications, systems and infrastructure - located on-premise or in the cloud. IT data is massive in scale, unstructured and contains a definitive record of transactions, systems, applications and user activity. It’s also largely unused, trapped in rigid, silo-based systems. Only Splunk lets you capture and analyze real-time and historical IT data from one place, so you can unlock its value.

21st Century Software3MAbsolute SoftwareAccessData GroupAgiliance Inc.AirWatchAlertEnterprise Inc.AlgoSecArcSight an HP CompanyAuthenWare CorporationBeta Systems SoftwareBeyondTrust SoftwareBit9, Inc.Blue Coat Systems, Inc.

Bradford NetworksBWiseCentrifyClearwell COOP SystemsCyber-Ark SoftwareCyveillance, Inc., A QinetiQ North America CompanyDamballaDataguise, Inc.DeviceLock, Inc.Fischer International Identity

Hitachi ID Systems, Inc.Identity Finder, LLCInDorse TechnologiesLogRhythm, Inc.LumensionM86 SecurityMENTIS Software SolutionsMetricStreamModulonCirclenuBridges, Inc.PricewaterhouseCoopers, LLP

Rapid7RioRey, Inc.RsamSailPointSmarsh, IncSunGard Availability ServicesTenable Network Security, Inc.Tufin TechnologiesVeracode, Inc.Verdasys

Oracle Corporation (NASDAQ: ORCL) is the world’s largest enterprise software company, providing database, middleware, and collaboration products; enterprise business applications; application development tools; and professional services for businesses and organizations worldwide. For more information, visit oracle.com.


Register by April 29 and save $300!

Early-birdsavings

3 easy ways to registerWeb: gartner.com/us/securityriskE-mail: [email protected]: 1 866 405 2511

Don’t miss this year’s in-depth coverage of security and wireless technologies, security and the cloud, and sophisticated new security threats. There’s no better way to update your IT security insights!

Silas ManteAccount Manager+1 203 316 [email protected]

Sponsorship Opportunities

Gaylord National Hotel and Convention Center201 Waterfront StreetNational Harbor, MD 20745Phone: +1 301 965 4000

A limited block of rooms has been reserved for attendees at this rate until May 23, 2011. To obtain the group rate of $230, indicate that you are attending the Gartner Security & Risk Management Summit when making your reservation.

Special Gartner hotel room rate: $230 (plus tax and $15 resort fee) for single or double occupancy

Registration

Bring the team and save!

John ForcinoAccount Manager+1 203 316 [email protected]

Conference registration fee includes conference attendance, documentation and planned functions.Standard price: $2,150Public-sector price: $1,750

Interested in becoming a Gartner client?Phone: +1 203 316 1111E-mail: [email protected]

Team discounts on registration rates:4 for the price of 37 for the price of 512 for the price of 8

Team benefits include:• Team meeting with a Gartner analyst (end users only)• Optional team meeting(s) with select executives from vendor organizations• Advice and support on building personalized agendas• 10+ free multimedia sessions from Gartner Events on Demand• Complimentary team lounge and meeting space• Concierge service, pre-event and on-site

For more information, e-mail [email protected] or contact your Gartner account manager.

David SorkinSr Account Manager+1 203 316 [email protected]

© 2

011

Gar

tner

, Inc

. and

/or

its a

ffilia

tes.

All

right

s re

serv

ed. G

artn

er is

a re

gist

ered

trad

emar

k of

Gar

tner

, Inc

. or

its a

ffilia

tes.

Fo

r m

ore

info

rmat

ion,

e-m

ail i

nfo@

gart

ner.c

om o

r vi

sit g

artn

er.c

om. P

rodu

ced

by M

arke

ting

Com

mun

icat

ions

3 ea

sy w

ays

to re

gist

erW

eb: g

artn

er.c

om/u

s/se

curit

yris

kE

-mai

l: us

.regi

stra

tion@

even

treg

.com

P

hone

: 1 8

66 4

05 2

511

Prio

rity

code

:

Gar

tner

Sec

urity

& R

isk

M

anag

emen

t S

umm

it 20

11Ju

ne 2

0 –

23 •

Nat

iona

l Har

bo

r, M

D (W

ashi

ngto

n, D

.C. a

rea)

g

artn

er.c

om

/us/

secu

rity

risk

Pre

sort

edS

tand

ard

U.S

. Pos

tage

PAID

Gar

tner

56T

opG

alla

ntR

oad

PO

Box

102

12S

tam

ford

,CT

0690

4-22

12

Ear

ly-b

ird

sav

ing

sR

egis

ter

by A

pril

29 a

nd s

ave

$300

!

Nea

rly 5

0 se

curit

y se

ssio

ns c

over

ing

priv

acy,

mob

ility,

cl

oud,

com

plia

nce,

IAM

, crit

ical

infra

stru

ctur

e, b

usin

ess

enab

lem

ent a

nd m

ore

• M

obilit

y, c

loud

and

virt

ualiz

atio

n•

Con

sum

eriz

atio

n an

d co

mpl

ianc

e•

Crit

ical

infra

stru

ctur

e•

Bus

ines

s en

able

men

t•

Priv

acy,

IAM

and

mor

e