Gartner Security and Risk Mgmnt Summit 2013

Published on March 2017 | Categories: Documents | Downloads: 32 | Comments: 0 | Views: 149
of 44
Download PDF   Embed   Report

Comments

Content

Gartner
Security & Risk Management
Summit 2013
June 10 – 13
National Harbor, MD
gartner.com/us/securityrisk

FIVE COMPLETE PROGRAMS
• Chief Information Security Officer (CISO)
• IT Security
• Business Continuity Management
• Risk Management and Compliance
• The Business of IT Security
• Plus: New Industry Day Forums

Reset Your World: The Evolving Role of Risk Management and Information Security

Reset Your World: The Evolving Role of Risk
Discover the full spectrum of security and risk topics
After nearly a decade of steady progress toward maturity, IT security and risk management have reached a tipping point.
The Nexus of Forces — social, mobile, cloud and information — has unleashed a new wave of change and threats.
Emerging markets and a jumble of international regulatory and compliance obligations have also increased the complexity
of the business environment. In addition, the uncertainty of climate change — such as Superstorm Sandy — is making
business continuity management (BCM) more important than ever.
As these threats and changes transform markets and redefine competitive advantage, business leaders are recognizing the
critical role IT security and risk management disciplines play in ongoing business growth and transformation. This year’s
Gartner Security & Risk Management Summit, June 10 – 13, in National Harbor, MD, delivers the essential tools and
strategies CIOs, CISOs, CROs, CTOs and their teams need to identify and communicate emerging risks, manage them
appropriately and enable the business to grow and prosper as securely as possible.

Key benefits of attending

Who should attend

• Reset your security and risk strategy to focus on enabling
business objectives

• CIOs, CSOs, CISOs, CTOs, CROs, CPOs

• Stay relevant in your role as the Nexus of Forces
redefines IT security and risk

• Network managers, security executives and directors

• Implement BCM best practices to make the business
more resilient to threats

• Enterprise architects and planners

• Understand, anticipate and mitigate the risks of new
social collaboration tools

• IT vice presidents, directors and managers
• IT/IS directors and managers
• Business continuity and IT disaster recovery managers
• Senior business executives

• Craft a strategy to deal with emerging BYOD and
mobile threats

• Risk managers

2

Gartner Security & Risk Management Summit 2013

• Finance, audit, legal risk and compliance managers

North America’s
most important
annual gathering
of the IT security
and risk
community

Management and Information Security
Five programs offer in-depth coverage of
core areas of specialization
When you join us at Gartner Security & Risk Management Summit 2013,
you’ll have access to more than 50 Gartner analysts presenting the
latest research covering the full spectrum of security and risk topics. From
infrastructure security to identity and access management, governance to
fraud to emerging risks, technology implementation to boardroom presentation,
this is the singular opportunity each year to update every aspect of risk
management and security based on the latest Gartner insight.

TABLE OF CONTENTS
4 Summit Programs
5 Industry Day Perspective Forums
6 Virtual and Vertical Industry Tracks
7 Keynote Sessions
8 C
 hief Information Security
Officer (CISO) Program
9 CISO Agenda Tracks
10 CISO Invitational Program
11 IT Security Program

What’s new for 2013

13 IT Security Agenda

• Industry Day Perspective Forums with dedicated content and Gartner analysts
for key industries

14 B
 usiness Continuity Management
Program

• Advanced CISO Program that addresses strategic issues for success

15 BCM Agenda

• More than 150 sessions, keynotes, workshops, tutorials and case studies

16 R
 isk Management and Compliance
Program

• Revamped agenda offering more types of sessions

17 R
 isk Agenda

• New Mastermind Interview keynote: Steve Bennett, CEO and
Chairman of the Board, Symantec

18 T
 he Business of IT Security Program

• New Super Roundtable Session — 20 roundtable discussions with your peers
• Our Gartner for Technical Professionals analysts explore architecture and
planning considerations to protect information and build secure applications

19 Session Descriptions
35 Solution Showcase
38 Agenda at a Glance
41 Registration and Pricing

• Interaction with more than 120 vendors
Visit gartner.com/us/securityrisk for agenda updates and to register

3

SUMMIT PROGRAMS
PROGRAMS
SUMMIT

ANALYST-USER
ROUNDTABLES
These topic-driven end-user discussions
are moderated by Gartner analysts.
Learn what your peers are doing around
particular issues and across industries
(preregistration required).

MEET ONE-ON-ONE WITH
A GARTNER ANALYST
Private 30-minute consultations with a
Gartner analyst provide targeted,
personalized advice to help you plan
proactively and invest wisely
(preregistration required).

Five role-based programs for
targeted insight
Chaired by experts in each discipline, this year’s summit offers five role-based
agenda programs providing a more targeted learning and networking experience.

Program Descriptions
Chief Information Security Officer (CISO) Program
This year the CISO program graduates from CISO basics to strategic
and tactical planning. There are still too many things that should be done
with too few resources. So how do you make use of the best information
you have to set priorities and get things done, while moving toward
those elusive strategic goals?
IT Security Program
Cloud, social, mobile and big data drive new opportunities but challenge
traditional approaches to IT security. Their adoption for business
operations requires security programs to mature rapidly. This program
provides insights on security management from Gartner for IT Leaders
analysts, and on security technology management from Gartner for
Technical Professionals analysts.
Risk Management and Compliance Program
Integrated performance and risk management is the next promising
evolutionary step for risk management and compliance programs. But
new regulatory and legal challenges continue to mount. Early detection
and mitigation of emerging risks are critical. This program focuses on
the technologies and strategies to improve governance, manage risk,
ensure compliance and adhere to the letter and spirit of the law.
Business Continuity Management (BCM) Program
Can your organization survive another Superstorm Sandy? The number
of regional disasters is growing. How will your enterprise ensure
continuing operations when a business interruption occurs? These
sessions help organizations anticipate the unexpected, and reinforce
a discipline of risk management and mitigation, response and recovery
in the corporate culture.
The Business of IT Security Program
This program examines the latest technologies and trends, and financial
and strategic views, of the security and risk market. Find out how big
the market is for software and services, which market leaders are
succeeding, and why. Learn where the innovation is, and how Gartner
analysts rate the leading security vendors.

4

Gartner Security & Risk Management Summit 2013

Industry Day Perspective Forums
New! Industry Day Perspective Forums
Aligning IT-specific initiatives to the industry’s business success is the focus of every IT professional. The challenge is how
to illustrate IT’s impact on the business goals — whether to the bottom line, quality, expense control or client satisfaction.
That’s why we are pleased to kick off our Monday program with special Industry Perspective Forums. Five sectors are
covered in separate tracks that deliver targeted content and industry-specific perspectives for the following: Energy/Utilities,
Government, Healthcare, Financial Services and Manufacturing. Industry Day Perspective Forum sessions include:

Government

Healthcare

IG1. Case Study: Advanced, Persistent and
Threatening — Who Are the Attackers and What
Are They Doing?
Dave Monnier, Security Evangelist and Fellow,
Team Cymru; Lawrence Pingree

IH1. Don’t Give Them the Keys to the Kingdom Until
You Know Who They Are
Barry Runyon

IG2. Critical Infrastructure Protection
Requirements Driving New Security Demand

Wes Rishel

IH2. HIPAA Bites: Getting Ready for HIPAA
Enforcement

Ruggero Contu

IH3. Help Save Healthcare: Tackling Fraud and
Abuse at an Enterprise Level

IG3. Best Practices for Mitigating Advanced
Persistent Threats

Christina Lucero, Avivah Litan

Lawrence Pingree

Financial Services
IF1. Case Study
TBA

IF2. Do I Need Cyberinsurance?

Energy/Utilities and Manufacturing
IME1. Understand OT: The Emerging Risks From
Advanced Automation
Earl Perkins, Kristian Steenstrup

IME2. Supply Chain IT Risk Challenges: What
Exactly Is That Supplier Doing?

Juergen Weiss

Erik T. Heidt

IF3. Strategic Road Map for Financial Services
Enterprise Risk Management

IME3. Securing the OT Environment

John A. Wheeler

Earl Perkins, Kristian Steenstrup

IME4. Responsibility and Accountability of
OT Systems
Kristian Steenstrup

Visit gartner.com/us/securityrisk for agenda updates and to register

5

VIRTUALAND
VIRTUAL
ANDVERTICAL
VERTICALINDUSTRY
INDUSTRY
TRACKS
TRACKS
Virtual and vertical industry tracks make it easy to follow a key trend, hot topic or address industry issues in relevant
sessions pulled from across all five conference programs. To further customize any track, visit Agenda Builder at
gartner.com/us/securityrisk.

Virtual Tracks

Vertical Industry Tracks

Mobility and Security
This track covers some of the business-critical system and
data issues emerging from new wireless technologies.

Financial Services
Fighting fraud while keeping online banking seamless and
efficient are just a few of the key issues covered at this
year’s event. See what else is covered for those in the
financial services industry.

Cloud Computing
This track explores this and more of the latest challenges
associated with cloud security.
IAM and Secure Business Enablement
This track features a wealth of presentations on current best
practices and the latest issues and trends.
Advanced CISO
Our CISO track contains best-practice and security
program planning information. For those with more
advanced needs, we have identified this curriculum as
a suggested set of sessions.
Technical Insights: Security Architecture
Explore the architecture and planning considerations for
protecting information, building secure applications,
understanding threats, auditing and monitoring activity,
and managing risk associated with new devices and service
hosting models. These sessions are delivered by Gartner
for Technical Professionals (GTP) analysts.
Cybersecurity
This track helps you separate the hype from the reality and
highlights best practices for protecting your organization in a
rapidly changing threat environment.
Big Data
These sessions analyze the role that big data plays in security,
and how it can enhance our defenses against targeted
attacks and advanced persistent threats (APT).

Government
Government agencies are looking to develop cohesive
national cybersecurity initiatives that are in partnership with
consumers and the public sector. This is just one of the
key issues covered at this year’s event. See what else is
covered for those in government.
Healthcare
Enterprises today are challenged to increase quality of service
delivery, reduce compliance costs and anticipate healthcare
reform while maintaining patient privacy and protecting
intellectual property. This track covers this and more,
specifically for the healthcare and pharmaceutical industries.
Energy/Utilities
Establishing effective and efficient “smart grid” technology
while combating for fraud, cyberattacks and the loss of
control are just a few of the key issues covered at this year’s
event. See what else is covered for those in energy/utilities.
Manufacturing
Managing and optimizing increasingly interconnected and
complex control networks while reducing costs and
maintaining system integrity and protecting proprietary data
are just some of the key issues covered at this year’s event.
See what else is covered for those in the manufacturing sector.

Social and Security
This track shows you how security and risk teams contain the
risks found in social media usage while maximizing the
benefits of social-enabled work processes.
Leadership/Professional Development
This track provides insights into the full range of
skills and knowledge required to advance your capabilities
as a security and risk manager.
6

Gartner Security & Risk Management Summit 2013

KEYNOTE SESSIONS
Guest keynotes
The Intersection of National Security, Leadership and the
Global Economy

Admiral
Mike Mullen

Serving at a critical juncture in our nation’s history, Admiral Mike Mullen was a
key influencer in shaping the security of our nation for decades to come. A man
of unparalleled experience, vision and integrity, Mullen shares with audiences
his belief that, “Our financial health is directly related to our national security,”
and discusses how the key to the United States’ economic success in the next
century is to create opportunity. With an eye on the horizon and to the threats
that still lie ahead, Mullen discusses America’s greatest challenges —
economic growth, infrastructure, education and foreign and military policy.

Chairman of the
Joint Chiefs of Staff
2007-2011; Chief of
Naval Operations;
Commander, U.S.
Naval Forces Europe/
Allied Joint Force
Command Naples;
Vice Chief of
Naval Operations;
Commander, U.S.
Second Fleet

Who’s Got Your Back: Creating and Developing
Great Relationships

Keith Ferrazzi

As founder and CEO of Ferrazzi Greenlight, Keith Ferrazzi works to transform
old behaviors that block global organizations from reaching strategic goals,
into new behaviors that increase shareholder value. The firm’s Greenlight
Research Institute has proven the correlation between positive relationships
and business success, particularly in sales performance. Based on a decade
of field engagements with iconic global organizations, Ferrazzi has perfected
techniques of collaborative coaching and motivation of key constituencies that
positively transform organizational behavior.

CEO, Ferrazzi
Greenlight; Author of
“Who’s Got Your Back”
and “Never Eat Alone”

The Gartner Mastermind Interview

Steve Bennett

Steve Bennett was named Symantec’s chief executive officer in July 2012.
Prior to that, Bennett joined Symantec’s board of directors in February 2010
and became chairman in 2011. Bennett previously led Intuit serving as
president and chief executive officer from 2000-2007. Under Bennett’s
leadership Intuit grew its existing businesses while simultaneously expanding
into new markets. Bennett joined Intuit after a 23-year career at General
Electric, where he managed complex and diverse organizations from consumer
appliances to financial services. He currently serves on boards at American
Airlines and parent company AMR Corporation, along with Qualcomm.

CEO and Chairman of
the Board, Symantec

Gartner keynotes
Opening Global Keynote: Reset
Paul E. Proctor, Vice President and Distinguished Analyst; Andrew Walls, Vice President and Conference Chair;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
Now is the time to break the inertia that blocks progress in security and risk management. The evolution of risk and
security officer roles shows the way to reset your approach to security and risk management, and create and sustain
significant security and risk benefits to your organization. (And it won’t hurt your career any either!)

The Gartner Five-Year Security and Risk Scenario
F. Christian Byrnes, Managing Vice President; Andrew Walls, Vice President and Conference Chair
Gartner’s research community for security and risk is composed of over 50 dedicated and numerous contributing
analysts. This scenario represents their five-year projection of the state of security and risk. The intent is to provide
a base for your long-term strategic planning.
Visit gartner.com/us/securityrisk for agenda updates and to register

7

CHIEF INFORMATION SECURITY OFFICER (CISO) PROGRAM


HOT TOPICS
• Strategic planning for information
security
• Business/IT security alignment
• Governance and policy setting
• Business value of information
security
• Enterprise security architecture
• Creating a risk-aware culture
• Process maturity


WHO SHOULD ATTEND
• CISOs, CIOs, CSOs, CROs, CTOs
and IT vice presidents
• New CISOs who want to build their
leadership role based on leadingedge Gartner research, insights and
best practices
• Experienced CISOs looking to
refresh their understanding of
the latest trends, tools, threats
and technologies
• IT security executives on a CISO
career track

8

Go beyond the CISO fundamentals to
strategic and tactical planning
This year, for the first time, the CISO Program goes beyond fundamentals to
address enterprisewide strategy and tactical planning for chief information
security officers. Too many things still need to be done with too few resources.
We’ll look at how to use the best information available to set priorities and
move toward strategic goals.
In addition to reporting lines, budgets, staffing, and governance, sessions will
address how to act like and be seen as a business leader, understand and
explain security concerns and technologies in business terms, and recognize
what drives the behaviors at the root of many security failures — and how to
change them with people-centric security strategies. This year’s program
agenda features:
• 13 CISO-focused analyst sessions, plus an additional 16 sessions covering
all the issues CISOs face in today’s market
• Advanced CISO Program addressing strategic issues for success in your
role, including: strategic planning for information security, alignment of IT
security to the business; governance and policy setting; creating a
risk-aware culture; and process maturity
• Exclusive CISO Invitational Program for qualified CISOs
• Gartner analysts, focused on your needs in the CISO role, available for
private one-on-one meetings
• Workshop: Selecting Solutions for the Control and Monitoring of Public
Social Media
• VIP Roundtable: Working with the Chief Legal Officer (CLO)

Meet the analysts
Gartner analysts draw on the real-life challenges and solutions experienced by
clients from over 13,000 distinct organizations worldwide.
F. Christian Byrnes
Managing Vice President
and CISO Program Lead

Rob McMillan
Director

Paul E. Proctor
Vice President and
Distinguished Analyst

Tom Scholtz
Vice President and
Distinguished Analyst

Andrew Walls
Vice President
and Conference Chair

John A. Wheeler
Director

Gartner Security & Risk Management Summit 2013

CISO AGENDA TRACKS
MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair;
Paul E. Proctor, Vice President and Distinguished Analyst; F. Christian Byrnes, Managing Vice President;
John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. IG1. Case Study: Advanced, Persistent and Threatening: Who Are the Attackers and What Are They Doing?
Dave Monnier, Security Evangelist and Fellow, Team Cymru; Lawrence Pingree
10:45 a.m. Solution Provider Sessions
11:30 a.m. IG2. Critical Infrastructure Protection Requirements Driving New Security Demand Ruggero Contu G
2:15 p.m. IG3. Best Practices for Mitigating Advanced Persistent Threats Lawrence Pingree G

CISO
4:30 p.m. A1. Transform Your Security and Risk Program or Find Another Job Paul E. Proctor
5:30 p.m. A2. Preparing a Security Strategic Plan F. Christian Byrnes
6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell;
Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular
(Registration required; end users only.)
8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen,
Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval
Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander,
U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the
Board, Symantec
10:00 a.m. W6. Workshop: Use a Balanced Scorecard to Demonstrate Security’s Value Rob McMillan

Absolutely first rate
conference! The best
security event I have ever
attended. Knowledgeable
presenters, timely and
relevant content, great
networking opportunities.
2012 conference attendee

11:15 a.m. A3. Organizing for Success: Developing Process-centric Security Teams Tom Scholtz
2:00 p.m. A4. Finding the Optimal Balance Between Behavioral and Technical Controls

Andrew Walls

4:15 p.m. A5. Maverick Research: Transform Your Security Program — From Control-centric to People-centric
Tom Scholtz
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario Andrew Walls , Vice President
and Conference Chair; F. Christian Byrnes, Managing Vice President
6:30 p.m. Hospitality Suites

WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular
(Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships
Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone”
9:15 a.m. Solution Provider Sessions
10:30 a.m. A6. That Frightening Phrase: “The Standard of Due Care” Rob McMillan
11:30 a.m. A7. The Care and Feeding of an Effective Awareness Program Andrew Walls
1:45 p.m. A8. Using Outside Resources: Security Consultants and Threat Intelligence Services Rob McMillan
4:00 p.m. A9. To the Point: The Risk Management Maturity Pathway Rob McMillan
4:30 p.m. A10. To the Point: The Information Security Maturity Pathway Rob McMillan
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

THURSDAY, JUNE 13
830 a.m. A11. Case Study

TBA

9:30 a.m. A12. Panel: Reset Your IAM Planning! Lessons From the Veterans Gregg Kreizman, Earl Perkins
10:30 a.m. A13. Open Mic

F. Christian Byrnes

11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell,
Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director;
Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

Visit gartner.com/us/securityrisk for agenda updates and to register

9

CISO Invitational Program

CISO INVITATIONAL
PROGRAM FEATURES
• Direct interaction with analysts
• The latest research on top priorities
for CISOs
• Boardroom case study
presentations with leading solution
providers
• Advanced CISO virtual track for
more experienced CISOs
• C-level-only roundtable discussions
• Exclusive CISO networking events
• Keynotes, general sessions and a
Mastermind Interview
• Security management workshops

An exclusive gathering of CISOs and
Gartner analysts
The Gartner Chief Information Security Officer (CISO) Invitational Program,
held concurrently with Gartner Security & Risk Management Summit 2013,
gathers a carefully screened group of CISOs for a chance to learn the current
best practices, get updates on how peers are handling evolving challenges,
and improve leadership skills. Admission is subject to approval and includes
complimentary roundtrip airfare, accommodations, registration fee and access
to session presentations online, including audio and slides.
If you qualify for this program, your day will be spent gaining valuable market
intelligence from the world’s top technology providers as you participate in
private boardroom presentations and select components of Gartner Security
& Risk Management Summit 2013, which include:
• Complete CISO Program, consisting of analyst-led sessions, interactive
workshops, tutorials, case studies and more
• Special CISO-only sessions and networking opportunities
• More advanced sessions for those with experience in the CISO role
• Five keynotes and general sessions and a new Mastermind Interview keynote
• Solution Showcase featuring more than 120 leading-edge solution providers
We encourage you to submit your application for qualification today because
seats are filling quickly. To apply, visit gartner.com/us/securityrisk/ciso.

10

Gartner Security & Risk Management Summit 2013

IT SECURITY PROGRAM
The Nexus of Forces — social, mobile, cloud and information — is having a
major impact on IT security, both on how it’s accomplished and with regard
to new threats and vulnerabilities. In this comprehensive program, sessions
will cover the breadth of today’s IT security priorities, from network,
infrastructure and data protection to application security, identity and
access management, privacy and mobile and cloud security.
Gone are the days when walling off intruders and controlling access was
enough. Thanks to the cloud, social media and BYOD, the line of defense
has blurred beyond recognition. Security’s new mandate is to focus on
business objectives and find ways to enable new opportunities in a secure,
trusted environment.
Featuring Technical Insights sessions from Gartner for Technical
Professionals, the IT Security Program delivers the tools and next steps to
get things done today and understand where the technology is taking us
tomorrow. The program agenda features:
• More than 70 sessions, workshops and roundtables covering all of the
latest issues enterprises are faced with today
• 10 Technical Insights sessions by Gartner for Technical Professionals
analysts that drill down on best practices in cloud, mobile and virtualization
• Tutorials on topics including top security trends and identity and access
management
• Plus, 10 IT security-focused workshops, 12 To the Point sessions,
networking events, panels, analyst-user roundtables, and much more
• 25 on-site Gartner analysts focused on IT security, available for private
one-on-one meetings


HOT TOPICS
• Advanced targeted threats
(advanced persistent threat APT)
• BYOD security
• DDoS mitigation
• Mobility
• Data loss prevention (DLP)
• Next-generation firewalls
• Next-generation intrusion prevention
• Security information and event
management
• Network access control
• Anti-malware
• Secure email
• Secure Web
• DNS security

Unparalleled opportunity
to network at a national
level. Great info on
industry trends, tools and
overall solutions.
2012 conference attendee
Visit gartner.com/us/securityrisk for agenda updates and to register

11

SECURITYPROGRAM
AGENDA
IT SECURITY
Meet the analysts
Gartner analysts draw on the real-life challenges and solutions experienced by clients from over 13,000 distinct
organizations worldwide.
Ant Allan
Vice President

Anton Chuvakin
Director, Gartner
for Technical
Professionals Analyst

Alan Dayley
Director

Mario de Boer
Director, Gartner
for Technical
Professionals Analyst

Joe Feiman
Vice President
and Gartner Fellow

Peter Firstbrook
Vice President

John Girard
Vice President and
Distinguished Analyst

Jay Heiser
Vice President

Kelly M. Kavanagh
Principal Analyst

Gregg Kreizman
Vice President

Ramon Krikken
Vice President,
Gartner for Technical
Professionals Analyst

Avivah Litan
Vice President and
Distinguished Analyst

Brian Lowans
Principal Analyst

Neil MacDonald
Vice President and
Gartner Fellow

Eric Maiwald
Vice President,
Gartner for Technical
Professionals Analyst

Rob McMillan
Director

Mark Nicolett
Managing Vice President

Lawrence Orans
Director and IT Security
Program Lead

Eric Ouellet
Vice President

Earl Perkins
Vice President

Tom Scholtz
Vice President and
Distinguished Analyst

Ray Wagner
Managing Vice President

Jeffrey Wheatman
Leadership Partner

Greg Young
Vice President

12

Gartner Security & Risk Management Summit 2013

IT SECURITY AGENDA
MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. IF1. Case Study TBA
IH1. Don’t Give Them the Keys to the
IME1. Understand OT: The Emerging
IME2. Supply Chain IT Risk
Kingdom Until You Know Who They Are
Risks From Advanced Automation
Challenges: What Exactly Is That
Barry Runyon H
Earl Perkins, Kristian Steenstrup EU M
Supplier Doing? Erik T. Heidt GTP
10:45 a.m. Solution Provider Sessions
11:30 a.m. IF2. Do I Need Cyberinsurance? Juergen Weiss
IH2. HIPAA Bites: Getting Ready for HIPAA IME3. Securing the OT Environment
F
2:15 p.m. IF3. Strategic Road Map for Financial Services
Enterprise Risk Management John A. Wheeler

F

Enforcement Wes Rishel H
IH3. Help Save Healthcare: Tackling
Fraud and Abuse at an Enterprise Level
Christina Lucero, Avivah Litan H

Earl Perkins, Kristian Steenstrup EU
IME4. Responsibility and Accountability
of OT Systems Kristian Steenstrup
EU M

IT SECURITY
4:30 p.m. B1. Practicing Safe SaaS Jay Heiser

C1. Securing Private, Public and Hybrid
Cloud Computing Neil MacDonald

D1. Panel: Getting IAM Going — Best
E1. Big Data Discovery Using
Practices for Formalizing Your IAM
Content-Aware Data Loss Prevention
Program Ant Allan, Earl Perkins,
Solutions Eric Ouellet
Ray Wagner
W5. Workshop: Gartner Network Security Design Greg Young

W4. Workshop: Build an Effective Security and Risk Program Tom Scholtz,
Rob McMillan, Jeremy D’Hoinne
5:30 p.m. B2. Cyberthreat Lawrence Orans
C2. Panel: What Is the Future of Mobile
Management and Security?
Peter Firstbrook, Neil MacDonald,
John Girard
6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

D2. Cost, Consequence and Value: The
Economics of IAM Earl Perkins

E2. Cloud Encryption: Strong Security,
Obfuscation or Snake Oil?
Ramon Krikken GTP

TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10

Christina Lucero, Irma Fabular (Registration required; end users only.)

10:00 a.m. W7. Getting Value Out of IT Security and Risk Metrics Programs Ramon Krikken GTP
11:15 a.m. B3. Presenting a Hard Target to Attackers:
C3. Top 10 Security Myths Jay Heiser
Operationally Effective Vulnerability Management
Mark Nicolett
2:00 p.m. B4. Panel: Real-World Case Studies in Mobile
C4. How Can You Leverage Content-Aware
Banking Security Moderator: Avivah Litan;, Dave
DLP to Ensure Your Corporate Policies and
Jevans, Chairman, Anti-Phishing Working Group,
Processes Are Effective? Eric Ouellet
Marble Security; Vas Rajan, Chief Information
Security Officer, CLS Bank; Tim Wainwright,
Managing Director, CISSP, Security Risk Advisor
4:15 p.m. B5. Mobile Device Security Exploits in Depth John
C5. Endpoint Security When the
Girard, Dionisio Zumerle
Consumer Is King Peter Firstbrook
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario

D3. Town Hall: Access All Areas
Ant Allan, Gregg Kreizman

E3. TBA

D4. Your Cloud and Mobile Devices Broke
My IAM Gregg Kreizman

E4. Security Monitoring of Public
Cloud Anton Chuvakin GTP

D5. IAM for Applications and Data: The
E5. Using Managed Containers to
Rise of Data Access Governance
Protect Information on Mobile Devices
in IAM Earl Perkins
Eric Maiwald GTP
Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President

6:30 p.m. Hospitality Suites

WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships
“Never Eat Alone”
9:15 a.m. Solution Provider Sessions
10:30 a.m. B6. Preparing Your Security Program for BYOD
Eric Ahlm

C6. Cybersecurity! (The Biggest Scam
Since the Ponzi Scheme) Greg Young

W10. Workshop: Meeting Business Needs for Mobility and Security
11:30 a.m. B7. Predictions: Your Network Security
in 2018 Greg Young

Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and

D6. Using Big Data Analytics for
Information Security Neil MacDonald

E6. Managing, Securing and
Budgeting the Mobile Device Life
Cycle John Girard

Eric Maiwald

C7. User Activity Monitoring for Early
Breach Detection Mark Nicolett

1:45 p.m. B8. Encryption Planning Made Simple! Follow the
Data Brian Lowans

C8. Big Security Data Is Neither Big
Security Nor Big Intelligence
Joseph Feiman
W11. Workshop: Cloud Contracts — Develop Your Own Security and Risk Exhibits
Gayla Sullivan
4:00 p.m. B9. To the Point: The Database Security Manual —
C9. To the Point: Deny Denial of Service
What You Need to Know Brian Lowans
Attacks Lawrence Orans
4:30 p.m. B10. To the Point: Cybersecurity for the Internet of
C10. To the Point: Playing Chess With
Everything Earl Perkins
APTs Anton Chuvakin; Ramon Krikken
GTP
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

D7. Good Authentication Choices for
Smartphones and Tablets
John Girard, Eric Ahlm
D8. Mobile Device Policy Essentials
John Girard, Dionisio Zumerle

E7. Keeping Bad Guys Out of Your
Accounts Using Five Layers of Fraud
Prevention Avivah Litan
E8. Case Study: A Successful
Implementation of the FICAM
Guidelines
TBA
W12. Workshop: IT Risk Cloud Manifesto — Defining What Enterprises Need but
Aren’t Getting! Erik T. Heidt
D9. Case Study TBA
E9. To the Point: Refresh Vulnerability
Assessment Kelly M. Kavanagh
D10. To the Point: Revolution and
E10. To the Point: Best Practices
Evolution in Windows 8 Security
for Securing Information During
Mario de Boer
International Travel Dionisio Zumerle

THURSDAY, JUNE 13
8:30 a.m. B11. The Seven Dimensions of Context-Aware
Security Avivah Litan

C11. Top Mobile Gear: Mobility Road Trip!
Ant Allan, John Girard, Tom Scholtz

W13. Workshop: Mobile Application Security
Neil MacDonald
9:30 a.m. B12. Is Cloud Encryption Ready for Prime Time?
Eric Ouellet

W14. Workshop: IT Security — Planning a Self-Audit Khushbu Pratap

10:30 a.m. B13. Software-Defined Networking and Its Impact on
Security Eric Maiwald GTP

C12. Adapting the Secure Web Gateway
Peter Firstbrook, Lawrence Orans

D11. Getting to Single Sign-on Securely
Gregg Kreizman

D12. Panel: A World Without Passwords
and Tokens Ant Allan, Avivah Litan,
Ian Glazer
D13. Identity and Access Management
Gets Social Ant Allan

E11. Facing Information Sprawl: Secure
Synchronization of Data on Endpoints
Mario de Boer GTP

E12. DLP Architecture and Operational
Processes Anton Chuvakin GTP

C13. Panel: Hackers Are Not a Threat to
E13. Web Application Firewalls:
Security — A Future of Internet Security
Features, Products, Deployment and
Joseph Feiman, John Girard, Avivah Litan,
Alternatives Mario de Boer GTP
Eric Ahlm, Neil MacDonald, Lawrence
Pingree, Eric Ouellet, Peter Firstbrook
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice
President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

Visit gartner.com/us/securityrisk for agenda updates and to register

13

BUSINESSCONTINUITY
CONTINUITYMANAGEMENT
MANAGEMENT
PROGRAM
BUSINESS
PROGRAM


HOT TOPICS
• BCM planning tools and
their implementation
• ISO 22301 implementation
best practices
• The nexus of technology to take
your BCM program to the next level
• IT-DRM architectures and
technologies for recovery,
high-availability and exercising
• BIA best practices
• Exercising best practices
• Supplier/third-party risk
• BCM metrics
• Cloud service provider risk
• Recovery plan
development workshop

14

Did your organization survive Superstorm Sandy? Would it survive another
Superstorm Sandy? What happens when your production and recovery sites
are hit by the same outage? Do you know if your workforce can get to work to
do their jobs? The number of regional disasters is on the rise. How does an
enterprise ensure continuing business operations and systems availability in
the event of a major business interruption?
The 2013 Business Continuity Management Program will cover the breadth
of BCM priorities, including how to make BCM an enterprise risk function,
planning, strategy, availability risks in using cloud computing, plan
development and exercising, the new ISO 22301 BCM standard, supplier/
third-party availability risk, crisis management and communications, metrics
for success and reporting to the board and developments in BCM software
and complementary technologies for enhanced situational awareness.
These sessions help organizations anticipate the unanticipated and
work to create a culture of risk management and business resilience.
The program agenda features:
• 19 BCM-focused analyst sessions, workshops and roundtables
• Workshop on developing effective and efficient disaster recovery plans
• Case studies on BCM metrics and BCMP implementation
• Tutorial on best practices for creating emergency messages
• To the Point sessions, analyst-user roundtables, and much more
• Eight on-site Gartner analysts focused on BCM, available for private
one-on-one meetings

Gartner Security & Risk Management Summit 2013

BCM AGENDA
Meet the analysts
Gartner analysts draw on the real-life challenges and solutions experienced by
clients from over 13,000 distinct organizations worldwide.
Leif Eriksen
Director

John Girard
Vice President and
Distinguished Analyst

Jay Heiser
Vice President

John P. Morency
Vice President

Donna Scott
Vice President and
Distinguished Analyst

Gayla Sullivan
Director

Belinda Wilson
Senior Director,
Gartner Consulting

Roberta J. Witty
Vice President and
BCM Program Lead

MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. PC2. ISO 22301 Implementation Session Roberta J. Witty; John P. Morency; Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting
10:45 a.m. Solution Provider Sessions
11:30 a.m. T4. TBA
2:00 p.m. W3. Workshop: Selecting Solutions for the Control and Monitoring of Public Social Media
2:15 p.m. PC7. Using MSSPs for Effective Threat Management Kelly M. Kavanagh

Mario de Boer

GTP

BCM
4:30 p.m. H1. What Are the BCM Software Markets and How to Get the Most Out of Them

Roberta J. Witty, John P. Morency, Leif Eriksen, John Girard

5:30 p.m. H2. What You Can and Cannot Do With Recovery Exercise Management Automation

John P. Morency

6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken;
F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.)
8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval
Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec
11:15 a.m. H3. Case Study: Business Continuity Metrics — From Project to Program to Incident Management Roberta J. WittyBCM Metrics

TBA

2:00 p.m. H4. Cloud Service Provider Risk Management Donna Scott, John P. Morency, Jay Heiser
4:15 p.m. H5. Managing Global Recovery and Continuity Risk

John P. Morency, Roberta J. Witty

5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario
Managing Vice President
6:30 p.m. Hospitality Suites

Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes,

WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back”
and “Never Eat Alone”
10:30 a.m. H6. What You Need to Know About Technical IT-DRM Architectures Donna Scott, John P. Morency
11:30 a.m. H7. Case Study TBA
1:45 p.m. H8. Recovery Exercising Best Practices Belinda Wilson
4:00 p.m. H9. To the Point: BCM Grows Up — How a Nexus of Technologies Is Moving BCM Into the C-Suite Roberta J. Witty
4:30 p.m. H10. To the Point: The Business Continuity Management Planning Market in Depth Roberta J. Witty, John P. Morency
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

THURSDAY, JUNE 13
8:30 a.m. H11. Supplier Contingency Planning: What You Need to Know for Supplier Recovery Gayla Sullivan
9:30 a.m. H12. Designing and Architecting for 24/7 Availability Donna Scott
10:30 a.m. H13. How to Conduct an Effective BIA Belinda Wilson
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty,
Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

Visit gartner.com/us/securityrisk for agenda updates and to register

15

RISK MANAGEMENT
MANAGEMENTAND
ANDCOMPLIANCE
COMPLIANCE
PROGRAM
RISK
PROGRAM


HOT TOPICS
• Enterprise and IT risk management
• Integrated performance and risk
• Emerging risks
• Cloud risks
• Social media compliance and
risk management
• Third-party risk management
• Risk-Adjusted Value
Management™ (using risk to
drive performance)
• Creating key risk indicators
• IT and corporate governance
• Information governance
• E-discovery
• The fourth generation of GRC
• Privacy
• IT audit

16

As businesses transform themselves, push into new markets, pursue new
capabilities and experience the immediacy and transparency of a mobile, social
world, they face major new risk and compliance issues. Managing those risks
effectively is essential to improved business performance. Integrated
performance and risk is the next evolutionary step for governance, risk and
compliance (GRC) programs.
Measuring and managing the impact of risk on business performance;
complying with a variety of global rules, regulations and laws about financial
transactions and privacy; and detecting early and mitigating emerging risks are
all critical components of successful business and IT operations. The Risk
Management and Compliance Program focuses on the technologies and
strategies to improve governance and manage risk and compliance, as well as
strategies to communicate the benefits of effective risk management to
business leaders.

Meet the analysts
Gartner analysts draw on the real-life challenges and solutions experienced by
clients from over 13,000 distinct organizations worldwide.

French Caldwell
Vice President and
Gartner Fellow and
Risk Program Lead

Carsten Casper
Vice President

Richard Hunter
Vice President and
Distinguished Analyst

Jorge Lopez
Vice President and
Distinguished Analyst

Khushbu Pratap
Senior Analyst

Paul E. Proctor
Vice President and
Distinguished Analyst

Julie Short
Director

Andrew Walls
Vice President
and Conference Chair

Jeffrey Wheatman
Leadership Partner

John A. Wheeler
Director

Gartner Security & Risk Management Summit 2013

RISK AGENDA
MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. W1. Workshop: Information Security Architecture 101 Tom Scholtz, Doug Simmons
10:15 a.m. T1. Tutorial: Top Security Trends and Take-Aways for 2013 and 2014 Ray Wagner
PC1. Sharing Data Without Losing It Jay Heiser
10:45 a.m. Solution Provider Sessions
11:30 a.m. PC4. SIEM Architecture and Operational Processes Anton Chuvakin GTP
PC5. Forget MDM: Extending Security and Identity to Mobile Apps Ramon Krikken GTP
2:00 p.m. W2. Workshop: How to Develop Effective and Efficient Disaster Recovery Plans Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty,
John P. Morency, Belinda Wilson
2:15 p.m. T3. Tutorial: IAM Myths and Monsters

PC6. End-User Case Study TBA

Ray Wagner

RISK MANAGEMENT AND COMPLIANCE
4:30 p.m. F1. /G1. General Session: Duck and Cover — Preparing for Cyberwar Richard Hunter, Avivah Litan
5:30 p.m. F2. Linking Risk to Business Decision Making: Creating KRIs That Matter Paul E. Proctor

G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRC

French Caldwell

6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10

Christina Lucero, Irma Fabular (Registration required; end users only.)

8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval
Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec
11:15 a.m. F3. Security and Risk Management Technologies for Social Media

Andrew Walls

2:00 p.m. F4. CEO Concerns 2013 and the IT Implications Jorge Lopez
4:00 p.m. W8. Workshop: TBA
4:15 p.m. F5./G5. General Session: A Clash of Forces — Managing Emerging Risks of the Nexus
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario

G3. A New Way Forward: How to Create a Strategic Road Map for Compliance

John A. Wheeler

G4. Maverick Research: Crowdsource Your Management of Operational Risk
Leif Eriksen, Paul E. Proctor
W9. Workshop: IT Risk Management — Selecting the Best Assessment Methods and
Tools Jeffrey Wheatman, Khushbu Pratap
French Caldwell, Andrew Walls, panelists

Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President

6:30 p.m. Hospitality Suites

WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and
“Never Eat Alone”
10:30 a.m. F6./G6. Leadership, Governance and Risk David Marquet, Author of the Award-Winning Book, “Turn the Ship Around!”; French Caldwell
11:30 a.m. F7. Road Map for Intelligent Information Governance Alan Dayley
G7. Defining Three Segments in the Audit Technology Market Khushbu Pratap
1:45 p.m. F8. Align Governance to Your Organization for Success

Julie Short

4:00 p.m. F9. To the Point: Working With the Board of Directors on Risk and Technology for
Competitive Advantage Jorge Lopez
4:30 p.m. F10. To the Point: Conquering the Last Frontier of Governance With Enterprise Legal
Management John A. Wheeler
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

G8. Top 5 IT Audit Trends in 2012-2013 Khushbu Pratap
G9. To the Point: Is Your Business Keeping Up With the Changes and Best Practices for
E-Discovery? Alan Dayley
G10. To the Point: Anti-Bribery Fear and Hype — Limits and Uses of FCPA Solutions
French Caldwell

THURSDAY, JUNE 13
8:30 a.m. F11. The Four Faces of Governance

French Caldwell, Julie Short

G11. Case Study TBA

W15. The Gartner Network Security Architecture Reference Model
9:30 a.m. F12. Ethics at the Nexus of Security, Privacy and Big Data Jay Heiser

G12. Why ERM and GRC Depend on Each Other to Succeed

John A. Wheeler

10:30 a.m. F13. Shrink-Wrap Governance: A Guide to Understanding GRC Software and Services
G13. Debate: Cyberinsurance — Evolution or Revolution? Paul E. Proctor, John A. Wheeler
French Caldwell
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice
President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

New Risk Management and Compliance Program features for 2013
The Risk Management and Compliance Program features:
• Tutorial on governance, risk and compliance (GRC)
• More than two dozen risk-and-compliance-focused analyst sessions, To the Point sessions, case-studies,
panels, debates and Gartner for Technical Professionals (GTP) sessions
• Three general sessions:
– Duck and Cover: Preparing for Cyberwar

Richard Hunter, Avivah Litan

– A Clash of Forces: Managing Emerging Risks of the Nexus

French Caldwell, Andrew Walls, panelists

– Leadership, Governance and Risk David Marquet, Author of the Award-Winning book
“Turn the Ship Around!”; French Caldwell
• Special risk-management-and-compliance networking opportunities
• Gartner analysts focused on risk management and compliance, available for private one-on-one meetings
Visit gartner.com/us/securityrisk for agenda updates and to register

17

THE BUSINESS OF IT SECURITY PROGRAM
THE BUSINESS OF IT SECURITY PROGRAM
Meet the analysts
Gartner analysts draw on the real-life
challenges and solutions experienced
by clients from over 13,000 distinct
organizations worldwide.
Eric Ahlm
Research Director

David W. Cearley
Vice President and
Gartner Fellow

Ruggero Contu
Director

What’s going on in today’s dynamic, competitive, complex security and risk
marketplace? Where are leading companies putting their security dollars?
Which startups captured the $650 million in venture capital invested in security
and risk management startups last year?
The Business of IT Security Program offers CISOs, business and IT leaders an
overview of the latest developments in the security and risk market, including
market conditions and challenges, new technologies, mergers and acquisitions
and trends shaping the future of secure business enablement. This year’s
agenda features a panel of startup security company executives discussing
advanced threats, new technologies and what lies ahead. Including Gartner
ratings of leading security vendors, this financial and strategic overview is
essential for those participating in the sale, purchase or valuation of security and
risk-related technologies.
MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair;
Paul E. Proctor, Vice President and Distinguished Analyst; F. Christian Byrnes, Managing Vice President;
John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. PC3. Now What? How to Use Service Providers to Support SIEM Operations Kelly M. Kavanagh, Mark Nicolett
10:45 a.m. Solution Provider Sessions
11:30 a.m. T2. Tutorial: Tell Me, What’s IT GRC Again? (Solutions to Common Challenges) Erik T. Heidt GTP
2:15 p.m. PC8. Road Stories: Lessons Learnt (and Fingers Burnt) in IT Risk Management

Tom Scholtz

Business OF IT SECURITY
Lawrence Pingree
Director and Business of
IT Security Program Lead

4:30 p.m. J1. Global Security Markets: Where Are We Going From Here? Eric Ahlm, Ruggero Contu, Lawrence Pingree
5:30 p.m. J2. Survey Analysis: Examining the Gartner Global 2012 Security Conference Survey Results Eric Ahlm,
Ruggero Contu, Lawrence Pingree
6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

TUESDAY, JUNE 11


HOT TOPICS
• Forecast report/analysis
• Market share reports
• User wants and needs survey
• Key vendor SWOT analysis
• MQ/trend analysis
• Startup company panel

7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell;
Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular
(Registration required; end users only.)
8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen,
Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval
Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander,
U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board,
Symantec
11:15 a.m. J3. User Survey Analysis: Security Services Market Trends Eric Ahlm
2:00 p.m. J4. Panel: Security Startups — Leading the Way to Success Ruggero Contu, Lawrence Pingree, Gaurav
Banga,CEO, Bromiun; Mike Horn, CEO, NetCitadel; Pravin Kothari, CEO, CipherCloud; George Kurtz, CEO,
Crowdstrike; Gordon Shevlin, CEO, Allgress
4:15 p.m. J5. Buyers Are From Mars, Vendors Are From Venus Eric Ahlm, Rob McMillan
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario
and Conference Chair; F. Christian Byrnes, Managing Vice President
6:30 p.m. Hospitality Suites

Andrew Walls , Vice President

WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular
(Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi,
CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and “Never Eat Alone”
10:30 a.m. J6. Information Security: Process or Technology — Which Way Do We Go? Jeffrey Wheatman, Jay Heiser,
Anton Chuvakin, Neil MacDonald, Tom Scholtz
11:30 a.m. J7. Management Still Doesn’t Get Security (And What You Can Do About That) Paul E. Proctor
1:45 p.m. J8. TBA
4:00 p.m. J9. To the Point: Security Specialist Career Guide — Prosper, Survive or Leave Joseph Feiman
4:30 p.m. J10. The Evolving Security Software Ecosystems: Gartner Predictions for the Market’s Future Ruggero Contu
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

THURSDAY, JUNE 13
8:30 a.m. J11. Top 10 Technology Trends for 2013: The Security Perspective David W. Cearley
9:30 a.m. J12. Gartner Security Market Magic Quadrant Reviews
Neil MacDonald, Joseph Feiman, Mark Nicolett
10:30 a.m. J13. Case Study TBA

Avivah Litan, John Girard, Kelly M. Kavanagh,

11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice
President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman
Krikken, Vice President; F. Christian Byrnes, Managing Vice President

18

Gartner Security & Risk Management Summit 2013

SESSION DESCRIPTIONS
GTP Sessions by Gartner for Technical Professionals analysts
F Financial Services

G Government

Track A

The CISO
A1. Transform Your Security
and Risk Program or Find
Another Job
Only about 30% of IT risk and
security officers have truly risk-based
programs. The other 70% continue
to struggle with outdated security
programs that are doomed to repeat
the same failures. We have reached
a tipping point where transformation
is not just an option but a
requirement to keep your job.
Paul E. Proctor
A2. Preparing a Security
Strategic Plan
The Gartner five-year security and
risk scenario provides a target for
where your security and risk program
should be in 2018. This presentation
explains how to create a strategic
plan that can get you there.
F. Christian Byrnes
A3. Organizing for Success:
Developing Process-centric
Security Teams
There is no such thing as a perfect,
universally appropriate model for
security organizations. Security
organizations must reflect the political
and cultural realities of the enterprise.
Every enterprise must develop its
own process-based model, taking
into consideration basic principles
and practical realities.
Tom Scholtz

H Healthcare

EU Energy/Utilities

M Manufacturing

A4. Finding the Optimal Balance
Between Behavioral and
Technical Controls
Security performance depends on a
delicate balance between technical
and behavioral controls. There are
times when technology provides the
best protection and others when the
user is in control. Effective security
needs to determine the appropriate
control balance based on context
and continuously optimize that
balance based on results.
Andrew Walls
A5. Maverick Research:
Transform Your Security
Program — From Control-centric
to People-centric
The traditional “control” mindset of
information security cannot keep
pace with technological and
behavioral change, resulting in
policies and technologies that cause
frustration and impede agility. A new
approach is required — one that
recognizes how the relationships
between IT, the business and
individuals have been transformed
irrevocably.
Tom Scholtz
A6. That Frightening Phrase:
“The Standard of Due Care”
Most organizations are aware of their
need to meet a standard of due care
in their normal business operations.
What this means is often not clear
and usually only becomes clear when
tested in court. In this presentation
we look at what this means in the
realm of IT security, highlighting a few
examples along the way.
Rob McMillan

Visit gartner.com/us/securityrisk for agenda updates and to register

A7. The Care and Feeding of an
Effective Awareness Program
User behavior controls the success
of security operations, but many
organizations fail to maintain an
effective program for driving
improvement in that behavior. This
presentation provides an in-depth
analysis of the structure and content
of security awareness programs
that actually produce results.
Andrew Walls
A8. Using Outside Resources:
Security Consultants and Threat
Intelligence Services
Clients occasionally seek advice
about the “leading security consulting
firms” in a particular geography. Many
factors determine whether a firm is
right for the task at hand. Clients
must assess the capabilities of a
consultant or firm by looking beyond
the brand and the marketing hype to
seek answers to critical questions.
Rob McMillan
A9. To the Point: The Risk
Management Maturity Pathway
Improving risk management maturity
is fundamental to improving the
cost-effectiveness and business
alignment of the enterprise’s risk
activities. The Gartner ITScore for
Risk Management is designed to help
you achieve this. Take a brief tour to
see what maturity levels 1 through 4
look like and where your organization
may fit.
Rob McMillan
A10. To the Point: The
Information Security
Maturity Pathway
Improving information security
maturity is fundamental to improving
19

session DESCRIPTIONS
descriptions
SESSION
the risk effectiveness and business
alignment of the enterprise’s security
activities. The Gartner ITScore for
Information Security is designed to
help you achieve this. Take a brief
tour to see what maturity levels 1
through 4 look like, and where your
organization may fit.
Rob McMillan
A11. Case Study
TBA
A12. Panel: Reset Your IAM
Planning! Lessons from
the Veterans
Many enterprises have planned and
implemented IAM systems — Now
it’s your turn. Where to begin? What
are the best practices? How do you
measure IAM project success? What
are the characteristics of a successful
IAM solution? This panel of IAM
veterans takes your questions and
discusses details about their
deployments.
Gregg Kreizman, Earl Perkins
A13. CISO Open Mic
Open opportunity for discussion and
sharing among CIO participants.
F. Christian Byrnes

20

THE CISO WORKSHOPS
W3. Selecting Solutions for the
Control and Monitoring of Public
Social Media
Public social media are used by
enterprises and individuals within the
enterprise. Security professionals
must assess security and compliance
risks, and understand the strengths
and weaknesses of monitoring and
control solutions. In this workshop
you assess the risks to your
organization, and select a set of
technologies to mitigate these.
Mario de Boer
GTP

IT Security
B1. Practicing Safe SaaS
Most enterprises continue to struggle
with the appropriate use of SaaS,
but for most organizations, “no” is
not the right answer. Standards and
practices for risk assessment and use
continue to evolve, but gaps still
remain. This presentation provides
guidance on the creation of a SaaS
usage profiles.
Jay Heiser

W6. Use a Balanced Scorecard to
Demonstrate Security’s Value
There is no standard set of
industry-accepted security metrics.
That’s because they are hard to do.
The purpose of any credible security
scheme must be twofold: Show
how security is supporting business
outcomes, and inform management
about significant risks and their
management. It is possible to
achieve this. Learn how in this
hands-on workshop.
Rob McMillan

Track B

B2. Cyberthreat
Lawrence Orans
B3. Presenting a Hard Target to
Attackers: Operationally
Effective Vulnerability
Management
Today’s attackers are getting better
at finding and exploiting security
weaknesses. The first order of
business is to present a hard target
to the attacker. Vulnerability
management needs to be extended
to deal with emerging threats, and
to accommodate the requirements
of cloud services. This presentation

Gartner Security & Risk Management Summit 2013

GTP Sessions by Gartner for Technical Professionals analysts
F Financial Services

G Government

provides advice on how to extend
vulnerability management to meet
new requirements.
Mark Nicolett
B4. Panel: Real-World Case
Studies in Mobile Banking
Security
This panel will bring together two or
three mobile security experts talk
about their experiences and wish
lists for future mobile security. What
are the threats and attack vectors
faced in mobile transactions? How
have organizations addressed these
threats? What are future
enhancements that are needed
in mobile transaction security?”
Moderator: Avivah Litan;, Dave
Jevans, Chairman, Anti-Phishing
Working Group, Marble Security; Vas
Rajan, Chief Information Security
Officer, CLS Bank; Tim Wainwright,
Managing Director, CISSP, Security
Risk Advisor
F

B5. Mobile Device Security
Exploits in Depth
How can we stop worrying about
mobile security? You can’t trust the
OS or the apps, the user resists
security practices, and your company
doesn’t own the device. This
presentation puts the inconvenient
facts front and center with real
examples, and offers a path forward
to reduce risk while still taking user
experience into consideration.
John Girard, Dionisio Zumerle
B6. Preparing Your Security
Program for BYOD
Mobile devices are entering the
enterprise network at alarming
rates. As enterprises race to secure
mobile devices, a new challenge

H Healthcare

EU Energy/Utilities

M Manufacturing

faces them as they look to extend
more applications and more trust to
these mobile devices. This session
discusses the greater challenge
of BYOD beyond simply mobile
device security.
Eric Ahlm
B7. Predictions: Your Network
Security in 2018
Gartner analyst Greg Young takes
you ahead in time to what your
network security will and won’t be
like in the not-so-distant future of
2018 and points in between then
and now. With many network security
safeguards having five-year life
span, the decisions you are making
now are already impacting on 2018.
Sorry, we still won’t be going to work
via jetpack.
Greg Young
B8. Encryption Planning Made
Simple! Follow the Data
Enterprises must balance a complex
array of regulations, security controls
and risk mitigation issues before
realizing any benefits from data
encryption. Here we look at the
issues and encryption options to
maximize its value.

B10. To the Point: Cybersecurity
for the Internet of Everything
The Internet is expanding to include
connections not only to people but to
machines: automobiles, buildings,
power grids — millions of sensors
and control systems, all needing
protection. How can enterprises that
embrace the Internet of Everything
(IoE) in their businesses prepare for
threats to such systems?
Earl Perkins
B11. The Seven Dimensions of
Context-Aware Security
This session explains the benefits of
context-aware security. It explores
how to use the seven dimensions
of context-aware computing to
mitigate damage from largely invisible
security threats. It also delves
into organizational and process
considerations as well as the
business and IT risks.
Avivah Litan
B12. Is Cloud Encryption Ready
for Prime Time?
Organizations are beginning the
process of considering leveraging
cloud infrastructures with their most
sensitive data.

Brian Lowans

Eric Ouellet

B9. To the Point: The Database
Security Manual — What You
Need to Know
Enterprises are increasingly using
databases in larger numbers and
complexity. We describe how the
growing security threats and
regulatory requirements can
be addressed by database
security solutions.

B13. Software-Defined Networking
and Its Impact on Security
SDN is being discussed as the future
for data center networking. SDN
impacts more than just the network
infrastructure equipment. It impacts how
enterprises implement network security
controls. This session discusses how
SDN impacts network security and
provides recommendations to properly
implement security controls within
an SDN.

Brian Lowans

Visit gartner.com/us/securityrisk for agenda updates and to register

Eric Maiwald
GTP
21

session DESCRIPTIONS
descriptions
SESSION
Track C
IT Security
C1. Securing Private, Public and
Hybrid Cloud Computing
Neil MacDonald
C2. Panel: What Is the Future
of Mobile Management and
Security?
This debate tackles numerous
strategic and tactical questions on
the future of mobile security that are
vexing both vendors and clients
alike. The analyst presents multiple
scenarios and attempt to form a
consensus understanding where the
mobile security market is headed and
how it will transform IT.
Peter Firstbrook, Neil MacDonald,
John Girard
C3. Top 10 Security Myths
It is often said that ignorance is
bliss — but only until the hack
occurs. This presentation introduces
some of the most common
misconceptions about security, and
concludes with best practices on
how to improve your organization’s
risk management culture.
Jay Heiser
C4. How Can You Leverage
Content-Aware DLP to Ensure
Your Corporate Policies and
Processes Are Effective?
Your organization has expended
significant effort creating the perfect
policies and processes to address its
risk management needs. Sadly, most
organizations expect their staff and
contractors to “automagically” learn
and apply each of the policies in the
exact context intended, based solely
on a directive sent by email or via

22

generic webinar/lunch and learn
sessions. It’s no wonder you
have poor compliance results and
minimal reduction of risk even after
all that effort.
Eric Ouellet
C5. Endpoint Security: When the
Consumer Is King
We are experiencing an
unprecedented wave of endpoint
innovation. This new wave is driven
by consumer requirements, not
business requirements. Apple and
Samsung are the companies to
watch — not HP and Microsoft. How
will endpoint security be transformed
by employee-owned tablets and
mobile devices on mobile networks?
Does Windows 8 change the game?
Is application control a viable
alternative to blacklist signature
databases, and how will app stores
transform security?
Peter Firstbrook
C6. Cybersecurity! (The Biggest
Scam Since the Ponzi Scheme)
Gartner Vice President Greg Young
presents an alternative view to the
hype surrounding cybersecurity. What
is the real proposition of all things
cyber? Is this the new approach to
tackling an aggressive threat the
origins, or merely a repackaging of
current security approaches with
no net new benefit? Is “cyber” not
only wasteful but dangerous to
enterprise security?
Greg Young
C7. User Activity Monitoring for
Early Breach Detection
Early detection of targeted attacks
and security breaches has never
been more important and more
difficult to achieve. Your chances are
vastly improved if your monitoring
integrates security events with threat

intelligence and context about your
users, assets and applications. User
activity monitoring is essential for the
early detection of targeted attacks,
and has also become part of the
standard of due care for a variety of
regulations across all industry
segments. This presentation provides
advice on how to deploy security
monitoring technologies such as
security information and event
management (SIEM), for user activity
and resource access monitoring.
Mark Nicolett
C8. Big Security Data Is Neither
Big Security nor Big Intelligence
There are fundamental flaws in the
assumptions and expectations
associated with big collections of
security data: (1) that security
intelligence [SI] is analogous to
business intelligence [BI] and the big
security data is an ultimate source for
SI; and (2) that big security data is a
key to security.
Joseph Feiman
C9. To the Point: Deny Denial of
Service Attacks
The changing nature of denial of
service (DoS) attacks presents new
threats to enterprises. Attackers are
using innovative techniques to
generate more powerful and
sophisticated attacks, forcing the
DoS mitigation market to evolve
quickly. Security professionals must
adapt to defend their organizations
against high-profile DoS disruptions
in this new era.
Lawrence Orans
C10. To the Point: Playing Chess
With APTs
Seeing your user accounts and
endpoints (pawns) compromised,
perimeters evaded and secrets
taken? Survivors control the center

Gartner Security & Risk Management Summit 2013

GTP Sessions by Gartner for Technical Professionals analysts
F Financial Services

G Government

(the data), use security tools adeptly
and stay a few moves ahead with
advanced monitoring and threat
intelligence. Attend this presentation
and learn the best architectures for a
sometimes-deadly cyberchessboard.
Anton Chuvakin; Ramon Krikken
GTP
C11. Top Mobile Gear: Mobility
Road Trip!
Time for a road trip. Gartner analysts
head out to learn (and to race) each
other to find the truth about good
mobile security practices. Improving
the format of a popular TV show, our
crews go forth to ask the people
about their burning questions
concerning life, mobility and happy
commerce. And dodging flying
vegetables as needed.
Ant Allan, John Girard, Tom Scholtz
C12. Adapting the Secure
Web Gateway
The Internet is being rebooted with
HTML5 and the rise of new operating
systems and mobile device, not to
mention the rise of “cloud”
everything. How will the secure Web
gateway adapt to keep up with both
the evolving security threats and
rapidly changing applications? What
is the SWG role in adapting to an
employee owned device world?

H Healthcare

EU Energy/Utilities

M Manufacturing

Internet security over the next 5 to
10 years.
Joseph Feiman, John Girard,
Avivah Litan, Eric Ahlm,
Neil MacDonald, Lawrence Pingree,
Eric Ouellet, Peter Firstbrook

Track D
IT Security
D1. Panel: Getting IAM Going —
Best Practices for Formalizing
Your IAM Program
Moving from an informal, unmanaged
IAM program to a formal, managed,
efficient and effective model program
is a daunting task. This panel
discusses where to start and best
practices for creating a process
catalog, assigning program roles and
responsibilities, and implementing
policy and technology for a
successful maturation process.
Ant Allan, Earl Perkins, Ray Wagner

D2. Cost, Consequence and
Value: The Economics of IAM
How do we measure the value of
IAM? For many, justifying IAM has
been elusive. It remains a horizontal
concern in the vertical world of
business services, something shared
by all business functions but owned
by none. How can an IAM project
be reconciled with the budgets
of business?
Earl Perkins
D3. Town Hall: Access All Areas
Authentication, federation and
authorization in a mobile,
cloudy world.
Ant Allan, Gregg Kreizman
D4. Your Cloud and Mobile
Devices Broke My IAM
Cloud computing and mobile
endpoint adoption break established
IAM architectures and challenge
security leaders to deliver secure
access services to their enterprises.
This session addresses the

Peter Firstbrook, Lawrence Orans
C13. Panel: Hackers Are Not a
Threat to Security — A Future of
Internet Security
We explore the Internet evolution
scenario: “Control, Freedom, Profit”
and the security scenario: “Security
Nirvana, Perpetual Arms Race,
Security Engineering, and Chaos.”
We point to the likeliest scenarios for

Visit gartner.com/us/securityrisk for agenda updates and to register

23

session DESCRIPTIONS
descriptions
SESSION
current and evolving solutions
to these problems.

D9. Case Study

Gregg Kreizman

D10. To the Point: Revolution and
Evolution in Windows 8 Security
Windows 8, which runs on desktops,
laptops and various tablet platforms,
improves on Windows 7 security and
introduces new security features. This
presentation focuses on Windows 8
security features and limitations,
enabling security professionals to
plan for the security of their desktop
and mobile infrastructures.

D5. IAM for Applications and
Data: The Rise of Data Access
Governance in IAM
Access to unstructured data has
always been an enterprise concern.
How can IAM provide administration,
access, analytics capabilities for
access to files, folders, and other
data formats? How can data access
governance truly become part of
identity governance and
administration? This presentation
explores this trend in IAM
Earl Perkins
D6. Using Big Data Analytics for
Information Security
Neil MacDonald
D7. Good Authentication Choices
for Smartphones and Tablets
The price and complexity of
traditional authentication is more than
just unpopular with mobile users;
many platforms simply do not support
robust identity access methods. We
offer a path for making strategic
decisions about mobile authentication
and answer the question “who
benefits from good authentication?”
John Girard, Eric Ahlm
D8. Mobile Device
Policy Essentials
Mobile devices, particularly
consumer-level products, have
trampled over the well-crafted policies
that companies put in place for trusted
work systems. Businesses
must learn to prioritize the basic
configuration and security policies that
they will need to preserve. Attendees
learn the notes and feedback collected
in recent workshops and AURs.
John Girard, Dionisio Zumerle
24

rapidly becoming key components
in this process.

TBA

Mario de Boer
D11. Getting to Single
Sign-on Securely
The quest for single sign-on (SSO) is
the result of disparate identity silos,
increased password-related support
costs, and user frustration. This
session helps attendees make
decisions regarding strategies and
tools to achieve SSO securely.
Gregg Kreizman
D12. Panel: A World Without
Passwords and Tokens
Ant Allan, Avivah Litan, Ian Glazer
D13. Identity and Access
Management Gets Social
Ant Allan

Track E
IT Security
E1. Big Data Discovery Using
Content-Aware Data Loss
Prevention (DLP) Solutions
Organizations large and small report
that they face significant challenges in
properly locating and identifying their
sensitive data within their big data
environments. This session discusses
how content-aware DLP tools are

Eric Ouellet
E2. Cloud Encryption: Strong
Security, Obfuscation or
Snake Oil?
Encryption is often used as a primary
means to protect data. But does
encryption work in the cloud? Maybe
it does for all of it, or maybe just for
some of it … and this does matter,
because incorrect use of encryption
can result in a complete lack of
security. Understanding algorithm
and architecture options, and
knowing which ones work and which
ones don’t, is critical to keeping your
data safe in the public cloud.
Ramon Krikken
GTP
E3. TBA
E4. Security Monitoring of
Public Cloud
Cloud security monitoring is an
afterthought for most organizations,
and as cloud usage expands and
new risks emerge, it can be left
behind altogether. However, security
monitoring must be deployed across
public clouds, private clouds and
traditional infrastructure — and
enterprises, not the providers, own
that responsibility. Organizations
should push their providers for more
data feeds and telemetry, and plan
their monitoring architectures.
Anton Chuvakin
GTP
E5. Using Managed Containers
to Protect Information on
Mobile Devices
Managed containers are a
mechanism to protect enterprise
information on the mobile device
while separating it from employee
data. Enterprises should consider

Gartner Security & Risk Management Summit 2013

GTP Sessions by Gartner for Technical Professionals analysts
F Financial Services

G Government

H Healthcare

EU Energy/Utilities

M Manufacturing

container technology but there are
downsides. This talk shows how
containers can be used to meet
enterprise needs and how enterprises
can benefit from the technology.

them. This presentation describes
new capabilities available from VA
tools, and explores how they can fit
into your portfolio of security controls.

Eric Maiwald
GTP

E10. To the Point: Best Practices
for Securing Information During
International Travel
International travelers face increasing
risks of data loss and compromise,
both to government officials and to
criminals. Attendees sharing
experiences based on travel
experiences that can be compared to
Gartner’s established best practices
can help enterprises protect traveling
employees and sensitive mobile data.

E6. Managing, Securing and
Budgeting the Mobile Device
Life Cycle
Any mobile device, whether it is
owned by the company or the
employee, has a measurable life cycle
impact on your company’s business
processes. This presentation provides
attendees with a strategic road map
to get both cost and quality of
mobile IT under control as a first
step to realizing genuine
productivity benefits.
John Girard
E7. Keeping Bad Guys Out of
Your Accounts Using Five Layers
of Fraud prevention
This session looks at internal and
external threats against the enterprise
and how criminals are circumventing
common solutions in place today.
It delves into five layers of fraud
prevention and identity proofing
needed to mitigate these threats,
prevent account takeover and new
account fraud.

Kelly M. Kavanagh

Dionisio Zumerle
E11. Facing Information Sprawl:
Secure Synchronization of Data
on Endpoints
Organizations increasingly allow the
use of multiple endpoints for business
purposes. If no enterprise solution is
provided, users are creative in
synchronizing data to each of their
devices, increasing information
sprawl. Learn about the latest
synchronization solutions, their
security and deployment challenges.

E12. DLP Architecture and
Operational Processes
Data loss prevention (DLP) is an
essential data security technology,
but it suffers from deployment
and operations challenges.
This presentation reveals a guidance
framework that offers a structured
approach for planning, architecting
and operating a DLP technology at
a large enterprise.
Anton Chuvakin
GTP
E13. Web Application Firewalls:
Features, Products, Deployment
and Alternatives
In the absence of ubiquitous security
in software, Web application firewalls
are the technology of choice to
protect Web applications against
external attacks. This technology
overview focuses on the latest
features of leading Web application
firewalls, existing products,
deployment options and
alternative technologies.
Mario de Boer
GTP

Mario de Boer
GTP

Avivah Litan
E8. Case Study: A Successful
Implementation of the FICAM
Guidelines
TBA
E9. To the Point: Refresh
Vulnerability Assessment
Network vulnerability assessment is
a mature market. Vendors have
steadily added capabilities to their
VA scanning products to differentiate
Visit gartner.com/us/securityrisk for agenda updates and to register

25

session DESCRIPTIONS
descriptions
SESSION
IT SECURITY
PRECONFERENCE
SESSIONS
PC3. Now What? How to Use
Service Providers to Support
SIEM Operations
Gartner customers increasingly
request external services to support
their operational SIEM deployments.
In this presentation, we address the
best opportunities for external
support, and assess the capabilities
of several types of providers to
deliver operational support.
Kelly M. Kavanagh, Mark Nicolett
PC4. SIEM Architecture and
Operational Processes
Security information and event
management (SIEM) is a key
technology that provides security
visibility, but it suffers from challenges
with operational deployments.
This presentation reveals a guidance
framework that offers a structured
approach for architecting and
running an SIEM deployment at
a large enterprise or evolving a
stalled deployment.
Anton Chuvakin
GTP

PC5. Forget MDM: Extending
Security and Identity to
Mobile Apps
Mobile brings up old and new
security concerns. Three important
elements of the application
architecture — the platform, clientside application and back end —
affect and are affected by security
and other requirements.
Understanding the most critical
challenges and solutions around
identity and security for each of
these elements is the foundational
knowledge from which to build
mobile apps that are both secure
and delightful to use.
Ramon Krikken
GTP
PC7. Using MSSPs for Effective
Threat Management
Selecting an MSSP for effective threat
management, beyond compliancefocused or due-diligence monitoring,
requires asking the right questions.
It also means adjusting internal
processes to take advantage of the
MSSPs capabilities. This presentation
tells you what to look for in evaluating
MSSPs and how to make effective
use of the relationship.
Kelly M. Kavanagh

IT SECURITY
WORKSHOPS
W1. Information Security
Architecture 101
Information security architecture is a
foundational element of any security
program. However, the term
“architecture” means different things
to different people, resulting in
confusion about the role of security
architecture. Gartner experts facilitate
a structured discussion on the
elements and success criteria of
security architecture practice.
Tom Scholtz
W4. Build an Effective Security
and Risk Program
Security and risk management is
maturing. Creating and formalizing a
program is relatively inexpensive, but
developing a mature program requires
support, a strategic approach and
adequate time. Modern enterprises
must transform their programs to align
with business need and address
cultural gaps with the non-IT parts
of the business.
Tom Scholtz, Rob McMillan,
Jeremy D’Hoinne
W5. Gartner Network
Security Design
This workshop highlights elements of
modern technical network security
architecture. These elements are
drawn from principles of the Gartner
Network Security Reference Model.
The majority of the workshop is
focused on examining participants’
architecture and design issues.
Greg Young
W7. Getting Value Out of IT
Security and Risk Metrics
Programs
Security and risk metrics are subjects
of never-ending discussions. In this

26

Gartner Security & Risk Management Summit 2013

GTP Sessions by Gartner for Technical Professionals analysts
F Financial Services

G Government

analyst-led collaborative workshop
we review a practical approach to
developing security and risk metrics,
and then break into small groups to
develop an example metrics list,
metrics dashboard, and/or metrics
program plan. The results are then
socialized with the whole group, so
that all participants can use this
knowledge in developing or
enhancing their metrics programs.
Ramon Krikken
GTP
W10. Meeting Business Needs for
Mobility and Security
At the root of the mobile strategy is
the information users need and for
which risk of disclosure needs to be
managed. BYOD adds another
dimension to the problem. This
workshop examines the conflicts
and trade-offs between security and
other use case requirements along
with decision logic to help navigate
through them.
Eric Maiwald
W11. Cloud Contracts:
Develop Your Own Security
and Risk Exhibits
This workshop covers key areas to
include as a part of a standard
boilerplate exhibit that security and
risk management teams can share
with procurement/vendor
management. We discuss key
areas such as disaster recovery, audit
rights, privacy, confidentiality, backup,
SLAs and security requirements.
Gayla Sullivan
W12. IT Risk Cloud Manifesto:
Defining What Enterprises Need
but Aren’t Getting!
Adoption of cloud services has lagged
expectations. In part this is because

H Healthcare

EU Energy/Utilities

M Manufacturing

cloud vendors aren’t addressing the IT
risk issues associated with hosting
restricted data or critical business
services. This workshop facilitates
creating a “voice of the enterprise”
set of common and prioritized
requirements that cloud vendors
need to address.
Erik T. Heidt
W13. Mobile Application Security
Neil MacDonald
W14. IT Security: Planning a
Self-Audit
Stop depending on the internal audit
team. Reset expectation — conduct
self-audits for all IT security processes
and technology. Rely on internal
audit for independent insights,
not compliance violations, not
routine corrections.
Khushbu Pratap

IT SECURITY ANALYSTUSER ROUNDTABLES
AUR2. Government Identity:
Providing Constituents
With Secure Access to
Government Services
Governments continue to grapple
with providing online, convenient
citizen-facing services that require
higher levels of identity assurance
while keeping costs low. This
roundtable will provide a facilitated
opportunity to share best practices
and emerging trends for meeting
these challenges
Gregg Kreizman
AUR4. BYOD Security
The BYOD phenomenon presents
security risks, operational challenges
and the need for new policies. IT
must be flexible, but not too flexible,

Visit gartner.com/us/securityrisk for agenda updates and to register

to satisfy business requirements. In
this roundtable, compare notes with
your peers on BYOD initiatives and
discuss critical success factors and
lessons learned.
Lawrence Orans

IT SECURITY INDUSTRY
DAY SESSIONS
IG1. Case Study: Advanced,
Persistent and Threatening —
Who Are the Attackers and
What Are They Doing?
Dave Monnier, Security Evangelist and
Fellow, Team Cymru; Lawrence Pingree
IG2. Critical Infrastructure
Protection Requirements Driving
New Security Demand
Government-led cybersecurity
initiatives and private sector critical
infrastructure protection activities
are pushing for greater industry
specific focus on security. This
session discusses how growing
pressure to protect from cyberthreat
will drive spend and strategies toward
information security.
Ruggero Contu
G
IG3. Best Practices for Mitigating
Advanced Persistent Threats
Advanced threats have increased in
recent years taking on much more
destructive characteristics than in the
past. This presentation covers
recommended best practices for
mitigating the risks associated with
advanced targeted attacks and teach
Gartner clients practical things they
can do.
Lawrence Pingree
G
IF1. Case Study
TBA
27

session DESCRIPTIONS
descriptions
SESSION
IH1. Don’t Give Them The Keys to
the Kingdom Until You Know
Who They Are
This presentation outlines and
underscores the increasing
importance of identity management/
user provisioning within the
healthcare provider.

changing. Each change brings new
threats and breaks old security
processes. This session reviews the
hot trends in security for 2013 and
beyond while providing a road map
to the summit and relevant
Gartner research.

Barry Runyon
H

T3. IAM Myths and Monsters
The phrase “identity and access
management” can raise feelings both
of great hope and of great fear.
Horror stories abound. At the same
time, many people hold out great
hope for the promises of what IAM
can accomplish. Join us as we
explore IAM’s myths and monsters.

IH3. Help Save Healthcare:
Tackling Fraud and Abuse at
an Enterprise Level
This session discusses the drivers
that make fraud and abuse such a
growing concern for the industry.
Most organizations focus on point
solutions and rely on “pay and chase”
methods of fraud recovery. It is
important to take an enterprise
approach to combat fraud using
newer technology and practices
to stop losing money on bad claims
and wrong practices.
Christina Lucero; Avivah Litan
H
IME3. Securing the
OT Environment
As the complexity of OT systems
increases, and the connectivity to
them becomes more ubiquitous, the
risk from vulnerabilities increases.
What used to be “security through
obscurity” can no longer be the case,
as OT systems move to Microsoft,
Linux and Unix platforms. This
session explores the vulnerabilities
and how to contain them.
Earl Perkins, Kristian Steenstrup
EU

IT SECURITY TUTORIALS
T1. Top Security Trends and
Take-Aways for 2013 and 2014
With the Nexus of Forces driving
continuing trends in cloud,
consumerization, mobility and big
data, the way IT is delivered is
28

Ray Wagner

Ray Wagner

Track F
Risk Management
and Compliance
F2. Linking Risk to Business
Decision Making: Creating
KRIs That Matter
The term key risk indicator (KRI) has
come to mean “our most important
metrics,” but the criteria for “most
important” usually falls short of “most
useful.” The definition varies greatly
across different organizations, so there
are no standards. Good KRIs should
be tied to business impact and
influence business decision making.
Paul E. Proctor
F3. Security and Risk Management
Technologies for Social Media
It’s all about social these days. Whether
it is social media, user behavior or the
interplay of society and your
organization, there are new risk and
security variables that must be
assessed and managed. This panel of
analysts will examine the risks and

potential benefits of “social” and
identify specific strategic and tactical
opportunities for security program
improvement and risk management.
Andrew Walls
F4. CEO Concerns 2013 and the IT
Implications
Based on our global CEO survey and
informed by other research sources,
we explain how CEOs see in the road
ahead for 2013, what they think about
you, and how both will shape your
agenda. This session is a high-level
view of opportunities and risks
be considered.
Jorge Lopez
F7. Road Map for Intelligent
Information Governance
With the influx of types and volume of
unstructured data, organizations are
struggling with how to manage the
governance and compliance issues
associated with this data. This session
reviews (1) the scope of the problem
with all the unstructured “dark” data, (2)
what the best policies are to implement
to govern this data and (3) what
technologies/tools are available to
implement the policies.
Alan Dayley
F8. Align Governance to Your
Organization for Success
IT governance must be tailored for
every organization. But many
governance efforts continue to fail
because they are not aligned to
the organization itself. Governance has
to align with the culture, structure and
politics of the organization. Understand
your organization and design and
implement governance for success.
Julie Short

Gartner Security & Risk Management Summit 2013

GTP Sessions by Gartner for Technical Professionals analysts
F Financial Services

G Government

F9. To the Point: Working With the
Board of Directors on Risk and
Technology for Competitive
Advantage
This presentation discusses how to
take advanced technology concepts
and make them presentable for the
board of directors for investment
decisions. Risk and competitive
advantage are the focal points in
this approach.
Jorge Lopez
F10. To the Point: Conquering the
Last Frontier of Governance With
Enterprise Legal Management
As companies look to improve
corporate governance practices in the
wake of the global financial crisis, the
corporate legal department is at the
forefront of change. To be successful,
legal professionals need better tools
to conquer the evolving governance
challenges. This session explores
how enterprise legal management
applications can help.
John A. Wheeler
F11. The Four Faces
of Governance
Governance is one of the most critical
leadership disciplines required to
enable organizations to execute on
their operational and strategic goals.
To help CIOs, CROs and IT leaders to
achieve targeted business outcomes,
Gartner clarifies the four faces of
governance: accountability, investment,
compliance and risk management.
French Caldwell, Julie Short
F12. Ethics at the Nexus of
Security, Privacy and Big Data
Jay Heiser

H Healthcare

EU Energy/Utilities

M Manufacturing

F13. Shrink-Wrap Governance:
A Guide to Understanding GRC
Software and Services
The Hype Cycle for GRC Technologies
has over three dozen technologies
and services markets represented.
With so many vendors and service
providers claiming to do GRC, it’s
critical to understand what really
forms the core of this marketplace
and how to execute GRC programs
in your enterprise.

G4. Maverick Research:
Crowdsource Your Management
of Operational Risk
Traditional approaches to managing
operational risk are delivering
diminishing returns as the pace of
business accelerates. Crowdsourcing
techniques can change the way risk is
managed and decisions are made.
(Maverick research deliberately exposes
unconventional thinking and may not
agree with Gartner’s official positions.)

French Caldwell

Leif Eriksen, Paul E. Proctor

Track G

G7. Defining Three Segments in
the Audit Technology Market
This session introduces the three
segments in the audit technologies
market: audit analytics, audit
management and continuous auditing.

Risk Management
and Compliance
G2. GRC 4G: How Social,
Big Data and Risk Analytics
Are Changing GRC
GRC vendors have a lot of catching up
to do. Most vendors have yet to offer
effective third generation GRC, which
focuses on performance, much less
apply fourth generation GRC, which
focuses on decision making. However,
risk managers can help push the
envelope on what will be within the art
of the possible for the fourth generation
of GRC.
French Caldwell
G3. A New Way Forward:
How to Create a Strategic Road
Map for Compliance
Senior IT and business leaders face
an increasing number of compliance
requirements and a continued rise in
associated costs. In this session, you
learn how to create a strategic road map
for compliance highlighting key initiatives
that promote a risk-aware compliance
culture and leads to real business value.

Khushbu Pratap
G8. Top 5 IT Audit Trends in
2012-2013
Khushbu Pratap
G9. To the Point: Is Your Business
Keeping Up With the Changes and
Best Practices for E-Discovery?
As information compliance and
regulatory requirements mature, so
does the need for organizations to
hone e-discovery best practices and
implementations. This session
discusses changes in the e-discovery
market and how you can best adhere
to these changes.
Alan Dayley
G10. To the Point: Anti-Bribery
Fear and Hype — Limits and
Uses of FCPA Solutions
French Caldwell
G11. Case Study
TBA

John A. Wheeler
Visit gartner.com/us/securityrisk for agenda updates and to register

29

session DESCRIPTIONS
descriptions
SESSION
G12. Why ERM and GRC Depend
on Each Other to Succeed
This session defines and explores the
symbiotic relationship between
enterprise risk management (ERM) and
governance, risk and compliance
(GRC). Today, companies are
challenged with finding better ways to
understand and analyze risk. Some
may look to ERM and others may focus
on GRC. To be truly effective, however,
companies need both.
John A. Wheeler
G13. Debate: Cyberinsurance —
Evolution or Revolution?
Cyberinsurance should be a great idea,
but Gartner sees challenges for the
industry and for the insured. There is an
evolution of cyberinsurance that will
make it a worthy vehicle for risk transfer
by 2016, but today it is more of a
gamble. This debate covers the pros
and cons of cyberinsurance so you can
make an informed decision.
Paul E. Proctor, John A. Wheeler

RISK PRECONFERENCE
SESSIONS
PC1. Sharing Data Without
Losing It
Today’s security managers are
struggling to meet the growing
demands to share enterprise data
with personal devices and external
parties. This pitch will provide a use
case model for the choice of
collaborative systems with data
protection technology that matches
business needs for data protection.
Jay Heiser
PC8. Road Stories: Lessons
Learnt (and Fingers Burnt) in IT
Risk Management
Risk management is more art than
science. The best way to learn risk
management is to practice it. The
approach must suit the culture of the
30

organization. This presentation
shares experiences, pitfalls and best
practices encountered by Gartner
analysts during their regular
interactions with clients.

Only companies that embrace this
change will retain the agility and
resilience needed to compete moving
forward. Oh, by the way, it’s
happening anyway.

Tom Scholtz

David Marquet, Author of the AwardWinning Book “Turn the Ship
Around!”; French Caldwell

RISK GENERAL SESSIONS
F1./G1. General Session:
Duck and Cover — Preparing
for Cyberwar
Cyberwar is a reality, and current
defenses are inadequate for new
classes of massive coordinated
cyberattack. This presentation discusses
recent developments in massive
coordinated geopolitical and criminal
cyberattacks, and offers advice to
public — and private-sector
enterprises on how to protect systems
in an era of cyberwar.
Richard Hunter, Avivah Litan
F5./G5. General Session: A Clash
of Forces — Managing Emerging
Risks of the Nexus
Industry experts and analysts share
insights on risk and compliance issues
emerging from the Nexus of Forces,
their impacts and how to manage
them. Topics for discussion include
social media compliance, ethics and
anti-bribery, vendor risk management,
operational technology, legal and
cloud risks.
French Caldwell, Andrew Walls,
panelists
F6./G6. Leadership, Governance
and Risk
David Marquet speaks about the
relationship between leadership,
governance and risk with a focus
on decision making and the decisionmaking architecture in your
organization. From a leadership
perspective, he advocates “moving
authority to information” as opposed
to moving information to authority.

RISK WORKSHOPS
W3. Selecting Solutions for the
Control and Monitoring of Public
Social Media
Public social media are used by
enterprises and individuals within the
enterprise. Security professionals
must assess security and compliance
risks, and understand the strengths and
weaknesses of monitoring and control
solutions. In this workshop you assess
the risks to your organization, and
select a set of technologies to
mitigate these.
Mario de Boer
GTP
W8. Workshop
TBA
W9. IT Risk Management:
Selecting the Best Assessment
Methods and Tools
This workshop focuses on the best
effort to select the an appropriate IT
risk assessment method.
Jeffrey Wheatman, Khushbu Pratap
W15. The Gartner Network
Security Architecture Reference
Model
TBA

RISK ANALYST-USER
ROUNDTABLES
AUR6. Supply Chain Risks
Leif Eriksen
AUR9. Auditor’s Role in
Emerging Risks
Internal auditors are sometimes the

Gartner Security & Risk Management Summit 2013

GTP Sessions by Gartner for Technical Professionals analysts
F Financial Services

G Government

torch bearers for emerging risks that
the board always wants be informed
about. Where do internal auditors help,
what do they currently consider? Are
internal auditors responsible for
managing emerging risks?
Khushbu Pratap

RISK INDUSTRY DAY
SESSIONS
IME1. Understand OT:
The Emerging Risks From
Advanced Automation
Operational technology is hardware
and software that detects or causes
a change of state, through the direct
monitoring and/or control of physical
devices, processes and events in the
enterprise. While this promises better
access to data and visibility, it also
creates a portfolio of complex products
that need to be managed.
Earl Perkins, Kristian Steenstrup
EU M
IME2. Supply Chain IT Risk
Challenges: What Exactly Is That
Supplier Doing?
Many enterprises are under greater
regulatory pressure to demonstrate
comprehensive and effective IT risk
controls not only with their primary
suppliers, but also throughout the
supply chain. We explore the risk
management challenges enterprises
face when their vendors leverage
vendors, as well as discussing solutions.
Erik T. Heidt
GTP
IME4. Responsibility and
Accountability of OT Systems
There is a temptation to respond to OT
issues by assigning the problem to the
IT department. In some cases, the
response is to build walls around
operations. The best approach is to

H Healthcare

EU Energy/Utilities

M Manufacturing

think of where IT can contribute to
better manage OT. We explore the
RACI model applied to OT to
determine where IT can have a
supporting role.
Kristian Steenstrup
EU M
IF2. Do I Need Cyberinsurance?
Following a number of significant
data privacy breaches and websites
attacks, there is a growing interest
in cyberinsurance coverage. In this
workshop you can discuss the
potential benefits of cyberinsurance
and assess whether this insurance is
relevant for your organization.
Juergen Weiss
F
IF3. Strategic Road Map for
Financial Services Enterprise Risk
Management
This presentation explains the state of
risk and compliance management
in the BIS industry, and how market
forces are driving risk management
transformation and will illuminate the
technology implications for financial
institutions for enabling more agile and
responsive risk management.
John A. Wheeler
F
IH2. HIPAA Bites: Getting Ready
for HIPAA Enforcement
This is a hot topic, with healthcare
provider spending on security going up
due to HIPAA enforcement. Healthcare
organization attendance at the last
U.S. conference was large enough to
ensure an interested audience.
Probable topics include risk-based
assessment, encryption, “meaningful
use” requirements and patient/member
engagement considerations.
Wes Rishel
H

Visit gartner.com/us/securityrisk for agenda updates and to register

RISK TUTORIALS
T2. Tell Me, What’s IT GRC Again?
(Solutions to Common Challenges)
IT GRC programs continue to be a
catch-all for policy, risk and compliance
activities. No clear and complete vision
of IT GRC has emerged, and GRC
activities tend to be matrixed across
the enterprise. Here a summary of
current research on IT GRC programs
will be reviewed, including
recommendations for planning and
executing IT GRC programs.
Erik T. Heidt
GTP

Track H
Business Continuity
Management (BCM)
H1. What Are the BCM Software
Markets and How to Get the
Most Out of Them
The BCM software market is a
subset of the broader response and
recovery marketplace for business
and IT disruptions. This session
provides the latest market analysis of
these tools so that organizations can
make the right tool choice for their
needs. It also discusses
complementary markets to ensure
better operational resilience.
Roberta J. Witty, John P. Morency,
Leif Eriksen, John Girard
H2. What You Can and Cannot
Do With Recovery Exercise
Management Automation
Exercising IT DRM plans is a “must
do,” not a “would like to do” activity.
However, increasing time and
resource costs demand more
efficient and effective approaches.
This session discusses recovery
31

session DESCRIPTIONS
descriptions
SESSION
exercise automation software, its
associated strengths and
weaknesses and how
it can be used to improve exercise
scope, execution and results.

trade-offs of critical technologies such
as data replication/synchronization,
clustering and disaster recovery
orchestration.

John P. Morency

H7. Case Study: Using the Fusion
Framework to Implement and
Manage BC/DR Program-Related
Activities
Roberta J. Witty

H3. Case Study: Business
Continuity Metrics — From Project
to Program to Incident
Management
Roberta J. Witty BCM Metrics TBA
H4. Cloud Service Provider
Risk Management
When IT acquires public cloud services,
it must assure that the supplier will
deliver to contracted SLAs. This
presentation discusses the approach
to assess cloud service provider risk for
architecture/design, availability,
performance, data protection, recovery,
security, operational controls and other
contract terms and conditions.
Donna Scott, John P. Morency,
Jay Heiser
H5. Managing Global Recovery
and Continuity Risk
The challenge of orchestrating efficient,
effective and sustainable business
continuity across a global organization
requires addressing difficult people,
process and technology issues. This
session discusses how to develop the
structures and procedures to reduce
operating risk across different
geographies, time zones and
operating cultures.
John P. Morency, Roberta J. Witty
H6. What You Need to
Know About Technical
IT-DRM Architectures
Few things are more technical than
automating application failover and
failback for resilience and disaster
recovery. The session discusses how
to make better architectural decisions
by addressing the technical details and
32

Donna Scott, John P. Morency

H8. Recovery Exercising
Best Practices
Belinda Wilson
H9. To the Point: BCM Grows Up—
How a Nexus of Technologies Is
Moving BCM Into the C-Suite
There are a number of technologies
that are making BCM a C-suite topic
because they provide management
with an entirely new and complete
picture of their organization. This
session discusses what these
technologies are and how they can be
used for expanded risk management
and improved business and operational
resilience.
Roberta J. Witty
H10. To the Point: The Business
Continuity Management Planning
Market in Depth
Organizations are realizing that
managing recovery plans using office
management software is not feasible.
Some firms have over 1,000 plans;
therefore automation is required. This
session presents the BCMP software
market Magic Quadrant and discuss
best practices for implementing and
using the tool for most effectiveness
within the organization.
Roberta J. Witty, John P. Morency
H11. Supplier Contingency
Planning: What You Need to Know
for Supplier Recovery
This session covers how BCM teams
can implement supplier contingency

plans so that supplier risk mitigation,
response, recovery and restoration
efforts are more successful. We
discuss how to determine which
suppliers require BCM and the activities
required in ongoing risk management,
and evaluate the viability of supplier
contingency plans.
Gayla Sullivan
H12. Designing and Architecting
for 24/7 Availability
Globalization and cost management
increase the need for continuous
availability for mission-critical
applications. Cloud computing raises
the visibility of designing for continuous
multisite availability. This presentation
looks at architecture and
management strategies to reduce
or eliminate planned and unplanned
application downtime.
Donna Scott
H13. How to Conduct an
Effective BIA
The Risk assessment and business
impact analysis are the most important
activities in the BCM planning process.
They provide the foundation on which
all recovery startegies and solutions are
built. This presentation discusses
different risk assessment approaches
and gives guidance on how best to
conduct a BIA for BCM.
Belinda Wilson

BCM PRECONFERENCE
SESSIONS
PC2. ISO 22301 Implementation
Session
Roberta J. Witty; John P. Morency;
Brian Zawada, ISO TC 223 U.S.
Representative, Avalution Consulting
PC6. End-User Case Study
TBA

Gartner Security & Risk Management Summit 2013

GTP Sessions by Gartner for Technical Professionals analysts
F Financial Services

G Government

BCM WORKSHOPS
W2. How to Develop Effective and
Efficient Disaster Recovery Plans
Regardless of size, industry or location,
every organization needs a BCM
program with a variety of recovery plans.
This workshop presents the steps and
processes required to develop effective
recovery plans. In addition, participants
are given a method to assess their
existing plans for improvement once
back at the office.
Brian Zawada, ISO TC 223 U.S.
Representative, Avalution Consulting;
Roberta J. Witty, John P. Morency,
Belinda Wilson

H Healthcare

Roberta J. Witty
AUR8. IT-DRM Management
Automation Roundtable
This roundtable allows conference
participants to discuss their
experience in using IT-DRM planning,
implementation and exercise
management automation software.
The focus is on the time and
cost required to implement the
software products, as well as the
related efficiency, effectiveness
and cost reduction benefits that
were achieved.
John P. Morency

AUR5. BCM Metrics: What Works,
What Doesn’t
An increased focus on governance
and transparency is requiring many
BCM programs to provide timely and
meaningful program status
information to management on a
regular (monthly) basis. This
roundtable will allow participants to
discuss how they have best
implemented, managed and reported
on BCM program metrics.

T4. TBA

AUR7. How Does BCM Fit
Into the Enterprise Risk
Management Program?
Many organizations are integrating
many risk domains under one
management umbrella — in a virtual
or direct reporting management
arrangement. This roundtable allows
conference participants to discuss
what works and doesn’t work for
their organizations in regard to
integrating BCM into the

M Manufacturing

organizational or enterprise risk
management program.

BCM ANALYST-USER
RoUNDTABLES

Roberta J. Witty

EU Energy/Utilities

BCM TUTORIALS

Track J
 he Business of
T
IT Security
J1. Global Security Markets:
Where Are We Going From Here?
This presentation covers the security
markets worldwide and details the
market dynamics that are changing the
future of information security globally.
Gartner Invest clients and technology
providers must understand market
competitive dynamics in order to
compete into the future.
Eric Ahlm, Ruggero Contu,
Lawrence Pingree
J2. Survey Analysis: Examining the
Gartner Global 2012 Security
Conference Survey Results
This session examines the results
of survey data from Gartner’s

Visit gartner.com/us/securityrisk for agenda updates and to register

global security and risk summits.
Attendees walk away with a better
understanding of the major technology
priorities, buying behaviors and
budgeting trends.
Eric Ahlm, Ruggero Contu,
Lawrence Pingree
J3. User Survey Analysis: Security
Services Market Trends
In 2012, Gartner conducted a survey of
users in the U.S. and EMEA to discover
the trends and buying behaviors for
consulting, managed and cloud
services providers. This session
discusses the key findings to help
security service providers better
understand the market direction.
Eric Ahlm
J4. Panel: Security Startups —
Leading the Way to Success
Leaders from emerging startup
companies participate in a discussion
so that you can better understand the
direction of the latest techniques used
by attackers, the latest security
technologies and how these leaders
view their future success in today’s
challenging technology market.
Ruggero Contu, Lawrence Pingree,
Gaurav Banga,CEO, Bromiun; Mike
Horn, CEO, NetCitadel; Pravin Kothari,
CEO, CipherCloud; George Kurtz,
CEO, Crowdstrike; Gordon Shevlin,
CEO, Allgress
J5. Buyers Are From Mars,
Vendors Are From Venus
The art of successful negotiation often
hinges on the ability of each side to
understand what drives the other.
Parties can often talk at crosspurposes because they do not
understand the culture, language and
goals of the other. This presentation
tells you what you need to know to
33

session DESCRIPTIONS
descriptions
SESSION
work efficiently and successfully on
your next deal.
Eric Ahlm, Rob McMillan
J6. Information Security: Process
or Technology — Which Way Do
We Go?
The information security market is huge
and continually growing. Client
organizations have spent billions of
dollars on technology to solve the
information security problem; yet when
we speak to clients they don’t really
feel any safer now than they did five or
10 years ago. Maybe throwing tools at
the problem is not the way to go!
Maybe the key to success is building
scalable, repeatable patterns of
behavior. This panel of analysts
discusses why process might be a
better point of focus than technology.
Jeffrey Wheatman, Jay Heiser,
Anton Chuvakin, Neil MacDonald,
Tom Scholtz
J7. Management Still Doesn’t Get
Security (And What You Can Do
About That)
Many management teams just don’t
get it. Security and IT risk become
priorities (for a while) after a failure but
after long periods without visible
failures they go back to not caring. A
modern security and IT risk program
needs continuously engaged decision
makers. Learn how to engage
executive management teams and
keep them continuously engaged.
Paul E. Proctor

34

J8. TBA
J9. To the Point: Security
Specialist Career Guide —
Prosper, Survive or Leave
Cloud is a transformational
phenomenon that changes our
businesses and our IT organizations.
Will cloud transform IT workforce? Will
it threaten people’s job security?
Joseph Feiman
J10. The Evolving Security
Software Ecosystems: Gartner
Predictions for the Market’s Future
The security market is being
transformed by new end-user
requirements as a result changes
brought by social, mobile, cloud and
big data. While consolidation remains
an important factor shaping the
marketplace, regeneration and
innovation introduced by constant
influx of startup players continues also
to be an influencer in this market. This
presentation analyzes the market-share
dynamics that have been shaping the
security ecosystem and discusses
potential future developments across
different segments.
Ruggero Contu

J12. Gartner Security Market
Magic Quadrant Reviews
Participate in an exciting review of the
leaders, challengers, visionaries and
niche players in Web fraud detection,
mobile device management, managed
security services, endpoint protection,
data masking, application security
testing and security information and
event management.
Avivah Litan, John Girard, Kelly M.
Kavanagh, Neil MacDonald, Joe
Feiman, Mark Nicolett
J13. Case Study
TBA

J11. Security: A Financial
Perspective
In the presentation we will look at the
growth trends of the overall sector and
the growth trends of the sector’s
sub-segments. The presentation will
also assess the vendors’ respective
positions in the market. Finally, the
vendors will be assessed from a
financial perspective using the Gartner
financial rating methodology as well as
other relevant financial metrics.
Frank Marsala

Gartner Security & Risk Management Summit 2013

SOLUTION SHOWCASE
PREMIER SPONSORS
Cisco offers one of the largest portfolios of security solutions available. With these solutions, organizations can embrace new
market transformations, protect assets, empower employees, and accelerate business. Cisco takes a comprehensive approach
by integrating security into all parts of the network, and simplifies security challenges, such as: An increase of mobile devices on
the network; a move to a cloud-based infrastructure; and hackers that pose sophisticated and persistent threats to the network.
Dell SecureWorks uses cyber threat intelligence to provide predictive, continuous and responsive protection for thousands of organizations
worldwide. Enriched by intelligence from our Counter Threat Unit research team, Dell SecureWorks’ Information Security Services help
organizations predict threats, proactively fortify defenses, continuously detect and stop cyber-attacks, and recover faster from security
breaches. To learn more, visit www.secureworks.com.
Dell Software makes it easy to securely manage and protect applications, systems, devices and data to help organizations of all sizes fully
deliver on the promise of technology. Our simple yet powerful software – combined with Dell hardware and services – provide scalable,
end-to-end solutions to drive value and accelerate results. Whether it’s Windows infrastructure, the cloud and mobile computing, or networks,
databases and business intelligence, we dramatically reduce complexity and risk to unlock the power of IT. www.dell.com/software
HP provides complete information security solutions that protect the hybrid Enterprise. Our proactive approach to information security
optimizes your investment and improves your risk posture, thus enabling you to achieve better business results. HP’s unrivalled capabilities
spanning security consulting, managed security services and market-leading products from HP ArcSight, HP Fortify, HP Atalla, and HP
TippingPoint deliver integrated security solutions to manage risk, deliver actionable security intelligence and integrated security operations.
HP is a trusted partner to thousands of global enterprise and government clients; We work with you to define and implement a holistic,
risk-based security strategy that supports your unique business requirements balancing risk with opportunity. www.hp.com
Lieberman Software provides award-winning privileged identity management and security management products to more than
1200 active customers worldwide, including 40% of the Fortune 50. By automatically discovering and managing privileged accounts
throughout the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external
security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. Lieberman Software products scale to the largest
enterprises in the world and deploy in minutes.
Qualys is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries,
and partnerships with leading managed service providers and consulting organizations worldwide. The QualysGuard Cloud Platform and
integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance, delivering critical security
intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and Web applications.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration.
RSA helps organizations solve their most complex and sensitive security challenges by bringing visibility and trust to millions of user identities,
the transactions they perform and the data that is generated. RSA delivers identity assurance, encryption & key management, SIEM, Data
Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services.
www.RSA.com
Symantec is a global leader in providing security, storage and system management solutions to help our customers – from consumers and
small businesses to the largest global organizations – secure and manage their information-driven world against more risks at more points,
more completely and efficiently. Our software and services protect completely, in ways that can be easily managed and with controls that can
be enforced automatically – enabling confidence wherever information is used or stored.
Trend Micro is celebrating 25 years of innovation security and sharing our vision for a data-centric security framework. In our booth you’ll see
the Trend Micro™ Custom Defense Solution against advanced persistent threats (APTs). You will earn what we mean by complete end user
protection. And, you’ll understand how our virtualization and cloud customers are winning in the data center with integrated, agentless security.
Websense, Inc. (NASDAQ: WBSN), is a global leader in unified web security, email security, mobile security and data loss prevention
(DLP). The company’s proven best-in-class information security solutions are available as appliance-based software or SaaS-based
cloud-based services. The Websense® TRITON™ unified security solutions help organizations securely leverage traditional, social media
and cloud-based communications, while protecting from advanced threats, preventing loss of confidential information, and enforcing
Internet use and security policies.
Verizon Enterprise Solutions creates global connections that help generate growth, drive business innovation and move society forward.
With industry-specific solutions and a full range of global wholesale offerings provided over the company’s secure mobility, cloud,
strategic networking and advanced communications platforms, Verizon Enterprise Solutions helps open new opportunities around the
world for innovation, investment and business transformation. Visit verizon.com/enterprise. Verizon Enterprise Solutions can help
safeguard your information from tomorrow’s threats and provide secure access where and when you need it. Access our dedicated
security solutions site to get the latest information, including insightful blogs from our engineers and consultants, plus in-depth papers,
video snapshots and our flagship Data Breach Investigations Report (DBIR), the most comprehensive review of security incidents
available. www.verizonenterprise.com/us/solutions/security/

PLATINUM SPONSORS
AirWatch is the leader in enterprise-grade mobility management and security solutions. Our highly scalable solution provides a real-time view
of an entire fleet of corporate and employee-owned Apple iOS, Android, Windows, BlackBerry and Symbian devices. As the largest MDM
provider, AirWatch offers the most comprehensive mobility management solution.
Akamai is the leading cloud platform for helping enterprises provide secure, high-performing user experiences on any device, anywhere.
Our Intelligent Platform™ removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and
enabling enterprises to securely leverage the cloud – Akamai accelerates innovation in our hyperconnected world.
AT&T Inc. is a global leader in communications and a recognized leader in Business-related voice and data services, including global IP
services, hosting, applications, and managed services. Businesses all over the world, deploy AT&T services to improve productivity, manage
overall costs, and position themselves to take advantage of future technology enhancements.
Check Point Software Technologies Ltd. the worldwide leader in securing the Internet, provides customers with uncompromised protection
against all types of threats, reduces security complexity and lowers total cost of ownership. Customers include tens of thousands of
organizations of all sizes, including all Fortune and Global 100 companies. www.checkpoint.com
The Citrix® Mobile Solutions Bundle, which is comprised of XenMobile™ MDM and CloudGateway™, offers a complete enterprise mobility
management solution. It gives IT a comprehensive set of tools that make it easy to manage and secure devices, apps, and data. It allows
users to access any app from any device, giving them the freedom to experience work and life their way.
Fasoo has been successfully building its worldwide reputation as a leading enterprise DRM solution provider with the best-in-class solutions
and services. Fasoo has successfully retained its leadership in the enterprise DRM market by deploying solutions for more than 1,100
organizations in enterprise-wide level, securing more than 2 million users.

SOLUTION SHOWCASE
PLATINUM SPONSORS continued
FireEye is the leader in stopping today’s new breed of cyber attacks such as zero-day and APT attacks that bypass traditional defenses
and compromise over 95% of networks. The FireEye solution is the world’s only signature-less protection against multiple threat vectors.
FireEye solutions are deployed by more than 25% of the Fortune 100.
Fortinet, a global provider of IT security, delivers customer-proven solutions that provide organizations with the power to protect and
control their IT infrastructure. Our customers rely on our technologies, solution architecture, and global security intelligence to block
threats and gain control of their network, data, and users.
IBM Security offers one of the world’s broadest, most advanced and integrated portfolios of enterprise security products and services.
The portfolio, supported by world-renowned IBM X-Force® research and development, provides the security intelligence to help
holistically protect people, infrastructure, data and applications for protection against advanced threats in today’s hyper-connected world.
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world’s largest dedicated security technology company.
We are relentlessly focused on constantly finding new ways to keep our customers safe.
MetricStream is the market leader for integrated Governance, Risk, Compliance (GRC) Management Solutions, which includes solutions
for IT Risk & Compliance Management, Information Security Risk Management, Business Continuity Management, IT Disaster Recovery
Management, Audit Management, Policy Management, Supplier/Vendor Governance and Quality Management.
Palo Alto Networks is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy
control of applications and content at up to 20Gbps with no performance degradation regardless of port, protocol, evasive tactic or SSL
encryption.
Secunia is the leading provider of IT security solutions that help businesses and private individuals globally manage and control
vulnerability threats and risks across their networks and endpoints. This is enabled by Secunia’s award-winning Vulnerability Intelligence,
Vulnerability Assessment, and Patch Management solutions that ensure optimal protection of critical information assets.
SilverSky is the expert provider of cloud security services. The company delivers the industry’s only advanced Security-as-a-Service
platform that’s simple to deploy and transformational to use. By tirelessly safeguarding corporate communications and infrastructure,
SilverSky enables growth-minded leaders to pursue their business ambitions without security worry.

R E L EVA N T . I N T E L L I G E N T . S EC U R IT Y

Solutionary reduces the information security and compliance burden, providing flexible managed security and compliance services that
work the way clients want; enhancing existing initiatives, infrastructure and personnel. Our patented technology, systems and process,
and our actionable threat intelligence make our clients smarter. We call this relevant, intelligent security
Sonatype CLM fixes the risk in open source. Security teams and application developers rely on Sonatype CLM across the software
lifecycle to identify risky open source components, enforce policy, and fix flaws. http://www.sonatype.com/
Sourcefire®, Inc. is world leader in intelligent cybersecurity solutions. Trusted by organizations and government agencies in more than
180 countries, Sourcefire’s solutions, including industry-leading next-generation network security appliances and advanced malware
protection, provide customers with Agile Security® for continuous protection in a world of continuous change.
Stonesoft delivers software-based network security to secure information flow and simplify security management. The company’s
products include next generation firewalls, intrusion prevention systems, and SSL VPN solutions. Stonesoft has the highest customer
retention rate in the industry due to low TCO, ease of management, and prevention of advanced evasion techniques.
Tripwire is a leading global provider of IT security solutions for enterprises, government agencies and service providers who need to
protect their sensitive data on critical infrastructure from breaches, vulnerabilities, and threats. Thousands of customers rely on Tripwire’s
critical security controls like security configuration management, file integrity monitoring, and log and event management.
Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud,
managed security services, software and appliances. Trustwave has helped hundreds of thousands of organization manage compliance
and secure their network infrastructures, data communications and critical information assets. For more information,
visit https://www.trustwave.com.
Veracode provides the world’s leading Application Risk Management Platform. Veracode’s patented and proven cloud-based capabilities
allow customers to govern and mitigate software security risk across a single application or an enterprise portfolio with unmatched
simplicity. Veracode was founded with one simple mission in mind: to make it simple and cost-effective for organizations to accurately
identify and manage application security risk.
VMware is the global leader in virtualization and cloud infrastructure solutions that enable businesses to thrive in the Cloud Era.
With more than 400,000 customers and 55,000 partners, organizations of all sizes rely on VMware to help them transform the way
they build, deliver and consume Information Technology resources in a manner that is evolutionary and based on their specific needs.
Voltage Security®, Inc. is the leading data protection provider, delivering secure, scalable, and proven data-centric encryption solutions,
enabling our customers to effectively combat new and emerging security threats. Our data protection solutions allow any company to
seamlessly secure all types of sensitive information, while efficiently meeting compliance and privacy requirements.
WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow
the window of risk. WhiteHat Sentinel, the company’s flagship product family, is the most accurate and cost-effective website vulnerability
management solution available, delivering the visibility, flexibility, and control that organizations need to prevent website attacks.
www.whitehatsec.com.

36

Gartner Security & Risk Management Summit 2013

SOLUTION SHOWCASE
SILVER SPONSORS
Absolute Software Corp.

Blue Coat Systems

EventTracker

Lancope

PhishMe, Inc.

Thycotic Software, Ltd.

AccessData

Bradford Networks

F5 Networks

LANDesk Software

Proofpoint, Inc.

TITUS

Adobe Systems Inc.

Brinqa

Fiberlink

LockPath

Radiant Logic, Inc.

TrustSphere

AgeTak

Bromium

FireHost

LogRythm

Rapid7

Tufin Technologies

Agiliance

Centrify

FireMon

Mandiant

RedSeal Networks

Venafi, Inc.

AhnLab

Core Security

Marble Security, Inc.

Rsam

Verdasys

AlertEnterprise Inc.

Courion Corporation

Fischer International
Identity

Modulo

SailPoint

Vormetric, Inc.

Appthority, Inc.

Coverity, Inc.

NetIQ

Sath Technologies

WatchDox

Aveksa

Critical Watch

Neustar

SecureAuth

Axis Technology

Cyber-Ark Software

HID Global

Norman AS

SOA Software

WatchGuard
Technologies, Inc.

Axway

CYBEROAM

Hitachi ID Systems

NSFOCUS

Software AG

Bay Dynamics, Inc.

Damballa

Identropy

NuData Security

Splunk

BeyondTrust

Digital Defense, Inc.

Imperva

Okta

Integralis

OpenTrust

SSH Communications
Security

Juniper Networks

Oracle

Bit9
Bloomberg Vault

DriveSavers Data
Recovery

FishNet Security
General Dynamics Fidelis
Cybersecurity Solutions

Wontok
Xceedium, Inc.
ZixCorp
Zscaler

Tenable Network Security

MEDIA PARTNERS

BECOME A SPONSOR
Jason Bonsignore
Account Manager
+1 203 316 6050
[email protected]

Sponsors as of March 12, 2013, and subject to change

Silas Mante
Account Manager
+1 203 316 3778
[email protected]
John Forcino
Account Manager
+1 203 316 6142
[email protected]
David Sorkin
Sales Director
+1 203 316 3561
[email protected]
Krista Way
Account Manager
+1 203 316 6763
[email protected]
Visit gartner.com/us/securityrisk for agenda updates and to register

37

AGENDA at a glance
Agenda as of April 25, 2013, and subject to change

MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. IG1. Case Study: Advanced, Persistent and Threatening — Who Are the Attackers and What Are They Doing? Dave Monnier, Security Evangelist and Fellow, Team Cymru;
Lawrence Pingree
10:45 a.m. Solution Provider Sessions
11:30 a.m. IG2. Critical Infrastructure Protection Requirements Driving New Security Demand Ruggero Contu G
2:15 p.m. IG3. Best Practices for Mitigating Advanced Persistent Threats Lawrence Pingree G

CISO
4:30 p.m. A1. Transform Your Security and Risk Program or Find Another Job Paul E. Proctor
5:30 p.m. A2. Preparing a Security Strategic Plan F. Christian Byrnes
6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10

Christina Lucero, Irma Fabular (Registration required; end users only.)

8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval
Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec
10:00 a.m. W6. Workshop: Use a Balanced Scorecard to Demonstrate Security’s Value Rob McMillan
11:15 a.m. A3. Organizing for Success: Developing Process-centric Security Teams Tom Scholtz
2:00 p.m. A4. Finding the Optimal Balance Between Behavioral and Technical Controls

Andrew Walls

4:15 p.m. A5. Maverick Research: Transform Your Security Program — From Control-centric to People-centric Tom Scholtz
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario
Vice President
6:30 p.m. Hospitality Suites

Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing

WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships
and “Never Eat Alone”
9:15 a.m. Solution Provider Sessions

Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back”

10:30 a.m. A6. That Frightening Phrase: “The Standard of Due Care” Rob McMillan
11:30 a.m. A7. The Care and Feeding of an Effective Awareness Program Andrew Walls
1:45 p.m. A8. Using Outside Resources: Security Consultants and Threat Intelligence Services Rob McMillan
4:00 p.m. A9. To the Point: The Risk Management Maturity Pathway Rob McMillan
4:30 p.m. A10. To the Point: The Information Security Maturity Pathway Rob McMillan
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

THURSDAY, JUNE 13
7:00 a.m. HC3. HIPPA Security (Registration required; end users only.) Irma Fabular, Wes Rishel, Alice Wang
8:30 a.m. A11. Case Study

TBA

9:30 a.m. A12. Panel: Reset Your IAM Planning! Lessons From the Veterans Gregg Kreizman, Earl Perkins
10:30 a.m. A13. Open Mic

F. Christian Byrnes

11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty,
Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

GTP Sessions by Gartner for Technical Professionals analysts
EU Energy/Utilities

F Financial Services

G Government

H Healthcare

M Manufacturing

AGENDA at a glance
MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. IF1. Case Study TBA
IH1. Don’t Give Them the Keys to the
IME1. Understand OT: The Emerging
IME2. Supply Chain IT Risk
Kingdom Until You Know Who They Are
Risks From Advanced Automation
Challenges: What Exactly Is That
Barry Runyon H
Earl Perkins, Kristian Steenstrup EU M
Supplier Doing? Erik T. Heidt GTP
10:45 a.m. Solution Provider Sessions
11:30 a.m. IF2. Do I Need Cyberinsurance? Juergen Weiss
IH2. HIPAA Bites: Getting Ready for HIPAA IME3. Securing the OT Environment
F
2:15 p.m. IF3. Strategic Road Map for Financial Services
Enterprise Risk Management John A. Wheeler

F

Enforcement Wes Rishel H
IH3. Help Save Healthcare: Tackling
Fraud and Abuse at an Enterprise Level
Christina Lucero, Avivah Litan H

Earl Perkins, Kristian Steenstrup EU
IME4. Responsibility and Accountability
of OT Systems Kristian Steenstrup
EU M

IT SECURITY
4:30 p.m. B1. Practicing Safe SaaS Jay Heiser

C1. Securing Private, Public and Hybrid
Cloud Computing Neil MacDonald

D1. Panel: Getting IAM Going — Best
E1. Big Data Discovery Using
Practices for Formalizing Your IAM
Content-Aware Data Loss Prevention
Program Ant Allan, Earl Perkins,
Solutions Eric Ouellet
Ray Wagner
W5. Workshop: Gartner Network Security Design Greg Young

W4. Workshop: Build an Effective Security and Risk Program Tom Scholtz,
Rob McMillan, Jeremy D’Hoinne
5:30 p.m. B2. Cyberthreat Lawrence Orans
C2. Panel: What Is the Future of Mobile
Management and Security?
Peter Firstbrook, Neil MacDonald,
John Girard
6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

D2. Cost, Consequence and Value: The
Economics of IAM Earl Perkins

E2. Cloud Encryption: Strong Security,
Obfuscation or Snake Oil?
Ramon Krikken GTP

TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10

Christina Lucero, Irma Fabular (Registration required; end users only.)

10:00 a.m. W7. Getting Value Out of IT Security and Risk Metrics Programs Ramon Krikken GTP
11:15 a.m. B3. Presenting a Hard Target to Attackers:
C3. Top 10 Security Myths Jay Heiser
Operationally Effective Vulnerability Management
Mark Nicolett
2:00 p.m. B4. Panel: Real-World Case Studies in Mobile
C4. How Can You Leverage Content-Aware
Banking Security Moderator: Avivah Litan;, Dave
DLP to Ensure Your Corporate Policies and
Jevans, Chairman, Anti-Phishing Working Group,
Processes Are Effective? Eric Ouellet
Marble Security; Vas Rajan, Chief Information
Security Officer, CLS Bank; Tim Wainwright,
Managing Director, CISSP, Security Risk Advisor
4:15 p.m. B5. Mobile Device Security Exploits in Depth John
C5. Endpoint Security When the
Girard, Dionisio Zumerle
Consumer Is King Peter Firstbrook
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario

D3. Town Hall: Access All Areas
Ant Allan, Gregg Kreizman

E3. TBA

D4. Your Cloud and Mobile Devices Broke
My IAM Gregg Kreizman

E4. Security Monitoring of Public
Cloud Anton Chuvakin GTP

D5. IAM for Applications and Data: The
E5. Using Managed Containers to
Rise of Data Access Governance
Protect Information on Mobile Devices
in IAM Earl Perkins
Eric Maiwald GTP
Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President

6:30 p.m. Hospitality Suites

WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships
“Never Eat Alone”
9:15 a.m. Solution Provider Sessions
10:30 a.m. B6. Preparing Your Security Program for BYOD
Eric Ahlm

C6. Cybersecurity! (The Biggest Scam
Since the Ponzi Scheme) Greg Young

W10. Workshop: Meeting Business Needs for Mobility and Security
11:30 a.m. B7. Predictions: Your Network Security
in 2018 Greg Young

Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back” and

D6. Using Big Data Analytics for
Information Security Neil MacDonald

E6. Managing, Securing and
Budgeting the Mobile Device Life
Cycle John Girard

Eric Maiwald

C7. User Activity Monitoring for Early
Breach Detection Mark Nicolett

1:45 p.m. B8. Encryption Planning Made Simple! Follow the
Data Brian Lowans

C8. Big Security Data Is Neither Big
Security Nor Big Intelligence
Joseph Feiman
W11. Workshop: Cloud Contracts — Develop Your Own Security and Risk Exhibits
Gayla Sullivan
4:00 p.m. B9. To the Point: The Database Security Manual —
C9. To the Point: Deny Denial of Service
What You Need to Know Brian Lowans
Attacks Lawrence Orans
4:30 p.m. B10. To the Point: Cybersecurity for the Internet of
C10. To the Point: Playing Chess With
Everything Earl Perkins
APTs Anton Chuvakin; Ramon Krikken
GTP
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

D7. Good Authentication Choices for
Smartphones and Tablets
John Girard, Eric Ahlm
D8. Mobile Device Policy Essentials
John Girard, Dionisio Zumerle

E7. Keeping Bad Guys Out of Your
Accounts Using Five Layers of Fraud
Prevention Avivah Litan
E8. Case Study: A Successful
Implementation of the FICAM
Guidelines
TBA
W12. Workshop: IT Risk Cloud Manifesto — Defining What Enterprises Need but
Aren’t Getting! Erik T. Heidt
D9. Case Study TBA
E9. To the Point: Refresh Vulnerability
Assessment Kelly M. Kavanagh
D10. To the Point: Revolution and
E10. To the Point: Best Practices
Evolution in Windows 8 Security
for Securing Information During
Mario de Boer
International Travel Dionisio Zumerle

THURSDAY, JUNE 13
8:30 a.m. B11. The Seven Dimensions of Context-Aware
Security Avivah Litan

C11. Top Mobile Gear: Mobility Road Trip!
Ant Allan, John Girard, Tom Scholtz

W13. Workshop: Mobile Application Security
Neil MacDonald
9:30 a.m. B12. Is Cloud Encryption Ready for Prime Time?
Eric Ouellet

W14. Workshop: IT Security — Planning a Self-Audit Khushbu Pratap

10:30 a.m. B13. Software-Defined Networking and Its Impact on
Security Eric Maiwald GTP

C12. Adapting the Secure Web Gateway
Peter Firstbrook, Lawrence Orans

D11. Getting to Single Sign-on Securely
Gregg Kreizman

D12. Panel: A World Without Passwords
and Tokens Ant Allan, Avivah Litan,
Ian Glazer
D13. Identity and Access Management
Gets Social Ant Allan

E11. Facing Information Sprawl: Secure
Synchronization of Data on Endpoints
Mario de Boer GTP

E12. DLP Architecture and Operational
Processes Anton Chuvakin GTP

C13. Panel: Hackers Are Not a Threat to
E13. Web Application Firewalls:
Security — A Future of Internet Security
Features, Products, Deployment and
Joseph Feiman, John Girard, Avivah Litan,
Alternatives Mario de Boer GTP
Eric Ahlm, Neil MacDonald, Lawrence
Pingree, Eric Ouellet, Peter Firstbrook
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice
President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

AGENDA at a glance
Agenda as of April 25, 2013, and subject to change

MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. PC2. ISO 22301 Implementation Session Roberta J. Witty; John P. Morency; Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting
10:45 a.m. Solution Provider Sessions
11:30 a.m. T4. TBA
2:00 p.m. W3. Workshop: Selecting Solutions for the Control and Monitoring of Public Social Media
2:15 p.m. PC7. Using MSSPs for Effective Threat Management Kelly M. Kavanagh

Mario de Boer

GTP

BCM
4:30 p.m. H1. What Are the BCM Software Markets and How to Get the Most Out of Them

Roberta J. Witty, John P. Morency, Leif Eriksen, John Girard

5:30 p.m. H2. What You Can and Cannot Do With Recovery Exercise Management Automation

John P. Morency

6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken;
F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.)
8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval
Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec
11:15 a.m. H3. Case Study: Business Continuity Metrics — From Project to Program to Incident Management Roberta J. WittyBCM Metrics

TBA

2:00 p.m. H4. Cloud Service Provider Risk Management Donna Scott, John P. Morency, Jay Heiser
4:15 p.m. H5. Managing Global Recovery and Continuity Risk

John P. Morency, Roberta J. Witty

5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario
Managing Vice President
6:30 p.m. Hospitality Suites

Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes,

WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back”
and “Never Eat Alone”
10:30 a.m. H6. What You Need to Know About Technical IT-DRM Architectures Donna Scott, John P. Morency
11:30 a.m. H7. Case Study TBA
1:45 p.m. H8. Recovery Exercising Best Practices Belinda Wilson
4:00 p.m. H9. To the Point: BCM Grows Up — How a Nexus of Technologies Is Moving BCM Into the C-Suite Roberta J. Witty
4:30 p.m. H10. To the Point: The Business Continuity Management Planning Market in Depth Roberta J. Witty, John P. Morency
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

THURSDAY, JUNE 13
8:30 a.m. H11. Supplier Contingency Planning: What You Need to Know for Supplier Recovery Gayla Sullivan
9:30 a.m. H12. Designing and Architecting for 24/7 Availability Donna Scott
10:30 a.m. H13. How to Conduct an Effective BIA Belinda Wilson
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty,
Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

GTP Sessions by Gartner for Technical Professionals analysts
EU Energy/Utilities

F Financial Services

G Government

H Healthcare

M Manufacturing

AGENDA at a glance
Agenda as of April 25, 2013, and subject to change

MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. W1. Workshop: Information Security Architecture 101 Tom Scholtz, Doug Simmons
10:15 a.m. T1. Tutorial: Top Security Trends and Take-Aways for 2013 and 2014 Ray Wagner
PC1. Sharing Data Without Losing It Jay Heiser
10:45 a.m. Solution Provider Sessions
11:30 a.m. PC4. SIEM Architecture and Operational Processes Anton Chuvakin GTP
PC5. Forget MDM: Extending Security and Identity to Mobile Apps Ramon Krikken GTP
2:00 p.m. W2. Workshop: How to Develop Effective and Efficient Disaster Recovery Plans Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty,
John P. Morency, Belinda Wilson
2:15 p.m. T3. Tutorial: IAM Myths and Monsters

PC6. End-User Case Study TBA

Ray Wagner

RISK MANAGEMENT AND COMPLIANCE
4:30 p.m. F1. /G1. General Session: Duck and Cover — Preparing for Cyberwar Richard Hunter, Avivah Litan
5:30 p.m. F2. Linking Risk to Business Decision Making: Creating KRIs That Matter
Paul E. Proctor
6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRC
French Caldwell

TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken;
F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.)
8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval
Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec
11:15 a.m. F3. Security and Risk Management Technologies for Social Media

Andrew Walls

2:00 p.m. F4. CEO Concerns 2013 and the IT Implications Jorge Lopez
4:00 p.m. W8. Workshop: TBA
4:15 p.m. F5./G5. General Session: A Clash of Forces — Managing Emerging Risks of the Nexus
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario
Managing Vice President
6:30 p.m. Hospitality Suites

G3. A New Way Forward: How to Create a Strategic Road Map for Compliance
John A. Wheeler
G4. Maverick Research: Crowdsource Your Management of Operational Risk
Leif Eriksen, Paul E. Proctor
W9. Workshop: IT Risk Management — Selecting the Best Assessment Methods and
Tools Jeffrey Wheatman, Khushbu Pratap
French Caldwell, Andrew Walls, panelists

Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes,

WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back”
and “Never Eat Alone”
10:30 a.m. F6./G6. Leadership, Governance and Risk David Marquet, Author of the Award-Winning Book, “Turn the Ship Around!”; French Caldwell
11:30 a.m. F7. Road Map for Intelligent Information Governance Alan Dayley
G7. Defining Three Segments in the Audit Technology Market Khushbu Pratap
1:45 p.m. F8. Align Governance to Your Organization for Success

Julie Short

4:00 p.m. F9. To the Point: Working With the Board of Directors on Risk and Technology for
Competitive Advantage Jorge Lopez
4:30 p.m. F10. To the Point: Conquering the Last Frontier of Governance With Enterprise Legal
Management John A. Wheeler
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

G8. Top 5 IT Audit Trends in 2012-2013 Khushbu Pratap
G9. To the Point: Is Your Business Keeping Up With the Changes and Best Practices for
E-Discovery? Alan Dayley
G10. To the Point: Anti-Bribery Fear and Hype — Limits and Uses of FCPA Solutions
French Caldwell

THURSDAY, JUNE 13
8:30 a.m. F11. The Four Faces of Governance

French Caldwell, Julie Short

G11. Case Study TBA

W15. The Gartner Network Security Architecture Reference Model
9:30 a.m. F12. Ethics at the Nexus of Security, Privacy and Big Data Jay Heiser

G12. Why ERM and GRC Depend on Each Other to Succeed

John A. Wheeler

10:30 a.m. F13. Shrink-Wrap Governance: A Guide to Understanding
G13. Debate: Cyberinsurance — Evolution or Revolution?
GRC Software and Services French Caldwell
Paul E. Proctor, John A. Wheeler
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice
President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

GTP Sessions by Gartner for Technical Professionals analysts
EU Energy/Utilities

F Financial Services

G Government

H Healthcare

M Manufacturing

AGENDA at a glance
Agenda as of April 25, 2013, and subject to change

MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. PC3. Now What? How to Use Service Providers to Support SIEM Operations Kelly M. Kavanagh, Mark Nicolett
10:45 a.m. Solution Provider Sessions
11:30 a.m. T2. Tutorial: Tell Me, What’s IT GRC Again? (Solutions to Common Challenges) Erik T. Heidt GTP
2:15 p.m. PC8. Road Stories: Lessons Learnt (and Fingers Burnt) in IT Risk Management

Tom Scholtz

Business OF IT SECURITY
4:30 p.m. J1. Global Security Markets: Where Are We Going From Here? Eric Ahlm, Ruggero Contu, Lawrence Pingree
5:30 p.m. J2. Survey Analysis: Examining the Gartner Global 2012 Security Conference Survey Results Eric Ahlm,
Ruggero Contu, Lawrence Pingree
6:15 p.m. Solution Showcase Evening Reception and Theater Presentations

TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10

Christina Lucero, Irma Fabular (Registration required; end users only.)

8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval
Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec
11:15 a.m. J3. User Survey Analysis: Security Services Market Trends Eric Ahlm
2:00 p.m. J4. Panel: Security Startups — Leading the Way to Success Ruggero Contu, Lawrence Pingree, Gaurav Banga,CEO, Bromiun; Mike Horn, CEO, NetCitadel; Pravin Kothari, CEO,
CipherCloud; George Kurtz, CEO, Crowdstrike; Gordon Shevlin, CEO, Allgress
4:15 p.m. J5. Buyers Are From Mars, Vendors Are From Venus Eric Ahlm, Rob McMillan
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario
Vice President
6:30 p.m. Hospitality Suites

Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing

WEDNESDAY, JUNE 12
HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
8:00 a.m. K5. Guest Keynote Who’s Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of “Who’s Got Your Back”
and “Never Eat Alone”
10:30 a.m. J6. Information Security: Process or Technology — Which Way Do We Go? Jeffrey Wheatman, Jay Heiser, Anton Chuvakin, Neil MacDonald, Tom Scholtz
11:30 a.m. J7. Management Still Doesn’t Get Security (And What You Can Do About That)

Paul E. Proctor

1:45 p.m. J8. TBA
4:00 p.m. J9. To the Point: Security Specialist Career Guide — Prosper, Survive or Leave Joseph Feiman
4:30 p.m. J10. The Evolving Security Software Ecosystems: Gartner Predictions for the Market’s Future Ruggero Contu
6:00 p.m. Summit Party — VIP Boat Cruise (By invitation only)

THURSDAY, JUNE 13
8:30 a.m. J11. Security: A Financial Perspective Frank Marsala
9:30 a.m. J12. Gartner Security Market Magic Quadrant Reviews
10:30 a.m. J13. Case Study

Avivah Litan, John Girard, Kelly M. Kavanagh, Neil MacDonald, Joseph Feiman, Mark Nicolett

TBA

11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty,
Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President

GTP Sessions by Gartner for Technical Professionals analysts
EU Energy/Utilities

F Financial Services

G Government

H Healthcare

M Manufacturing

REGISTRATION AND PRICING
Gartner events deliver what you need

3 WAYS TO REGISTER

We’ve developed conference essentials to ensure that your time at a Gartner
summit results in real value and delivers everything you need — efficiently
and effectively.

Web: gartner.com/us/securityrisk
Email: [email protected]
Phone: 1 866 405 2511


REGISTER TODAY
Standard price: $2,375

Gartner event tickets

Team Attendance Program:
Leverage more value across your organization
Knowledge creates the capacity for effective action. Imagine the impact on
your organization when knowledge multiplies: common vision, faster
responses, smarter decisions. That’s the Gartner Team Attendance effect.
You’ll realize it in full when you attend a Gartner event as a group. Maximize
learning by participating together in relevant sessions. Split up to cover more
ground, sharing your session take-aways later. Leverage the expertise of a
Gartner analyst in a private group meeting.

Team benefits

Complimentary registrations

• Team meeting with a Gartner analyst
(end users only)
• Role-based agendas
• On-site team support: Work with a
single point of contact for on-site
team deliverables
• Complimentary registrations

1 for every 3 paid registrations
2 for every 5 paid registrations
3 for every 7 paid registrations

For more information, email [email protected] or contact your
Gartner account manager.

Event Approval Tools
For use pre-event, on-site and post-event, our Event Approval Tools make it
easy to demonstrate the substantial value of your Gartner event experience
to your manager. They include a customizable letter, cost-benefit analysis,
top reasons to attend and more. Visit gartner.com/us/securityrisk for details.

EARN CPE CREDITS
Attending the summit helps you advance your continuing professional
education (CPE). Registered participants are eligible to earn CPE
credits toward (ISC)2, ISACA, DRII, and IAPP certification programs.
Learn more at gartner.com/us/securityrisk.

Visit gartner.com/us/securityrisk for agenda updates and to register

We accept one Gartner summit ticket or one
Gartner Catalyst ticket for payment. If you are
a client with questions about tickets, please
contact your sales representative or call
+1 203 316 1200.

SPECIAL GARTNER
HOTEL ROOM RATE
$247 per night (plus tax) at
Gaylord National Resort and
Convention Center
201 Waterfront Street
National Harbor, MD 20745
Phone: +1 301 965 4000
gaylordhotels.com

43

Gartner, Inc.
56 Top Gallant Road
Stamford, CT 06902-7700

Presorted
Standard
U.S. Postage
PAID
Gartner

PO Box 29307
Shawnee, KS 66201

Take a deep-dive into the full spectrum of
IT security and risk management topics

Change Service Requested

Gartner Security &
Risk Management
Summit 2013

Priority code

June 10 – 13 | National Harbor, MD
gartner.com/us/securityrisk

Don’t Miss Out!

3 WAYS TO REGISTER
Web: gartner.com/us/securityrisk

Email: [email protected]

Phone: 1 866 405 2511

ABOUT GARTNER
Gartner is the world’s leading information technology research and advisory
company. We deliver to our clients the technology-related insight and intelligence
necessary to make the right decisions, every day. Our pivotal advantage: More
than 900 analysts delivering independent thinking and actionable guidance to
clients in over 13,000 organizations worldwide — the majority from the Fortune
1000 and Global 500. This extensive body of knowledge, insight and expertise
informs all of our 60+ events around the world. You simply won’t find this
unique quality of content at any other IT conference. Why? Because no one
understands the impact of technology on global business like we do.

© 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a
registered trademark of Gartner, Inc. or its affiliates. For more information,
email [email protected] or visit gartner.com.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close