Governance/Risk & Compliance Track

Many today argue that managing and prioritizing spending and security programs based on risk is the only way that makes sense. This track explains how to build a risk-based approach in your organization where you engage the proper business areas to ensure appropriate governance.

Creating Successful Information Security Governance Using a Risk-Based Approach
Eric Holmquist, Vice President, Director of Operational Risk, Advanta Bank

More than ever information security requires a thorough combination of governance elements, including policies, procedures, technology and, most importantly, training and awareness. In this session, Eric Holmquist explores the key elements of sound information security governance and how to successfully manage and coordinate all of the complex and important elements. Topics include:

• Designing an effective governance structure
• Managing to more than just regulatory compliance
• Creating effective control and monitoring elements

Ensuring Your Outsourcers Meet Your Compliance Mandates
Richard E. Mackey, Vice President, SystemExperts

While organizations are increasingly turning to service providers to reduce cost, augment their product set, and focus on core services, it's no secret that many of the recent data breaches occurred due to missteps with a third-party vendor. Partnering with other organizations brings with it risk, particularly when the information shared with the service provider is sensitive and is subject to regulatory requirements.

Most regulations from those specified by the FFIEC, GLBA and PCI require organizations to ensure that their service providers protect sensitive data according to the requirements of the regulation or contract. This requires a service provider management program and SLAs that clearly state the responsibilities of both parties. In this presentation, Richard Mackey discusses the requirements stated in various regulations and practices designed to help you effectively manage your service providers. Attend and discover:

• How to minimize risk via information analysis
• The importance of risk analysis to service provider management
• How to review service provider practices
• Typical regulatory requirements and how they affect service provider management
• How to monitor relationships and establish triggers for further review
• The importance of coordinated incident response and business continuity planning with service
  providers
• The use of technology to facilitate managing and monitoring service providers

Case Study: Mapping Products to Compliance
Vik Phatak CEO, NSS Labs

Join Vik Phatal as he reviews real-world examples of how to map compliance to technologies. Through case studies, including an international retail franchise, a medium-sized hospital network, and a large manufacturing organization, you'll learn how to:

• Get the maximum out of products to support sustainable security and compliance programs
• Avoid "fad" technologies
• Defend product purchasing decisions

---

• FREE Registration
• Home
• Event-At-A-Glance
• Top 10 Reasons to Attend
• Speakers
• Sessions in Detail:
•   Emerging Threats
•   Governance/Risk
    & Compliance
•   Network Security
•   Data Protection
• Hotel & City Info
• FAQs
• Special Events
• Event Exhibitors
• Advisory Board
• Contact Us
• For Sponsors

SearchSecurity.com | SearchFinancialSecurity.com | Information Security | TechTarget Home Page | TechTarget Events Home Page

TechTarget Events
The Ajax Experience | The CIO Decisions Conference | Data Center Decisions | Financial Information Security Decisions
Information Security Decisions | Storage Decisons | TheServerSide Java Symposium | Regional Seminars

To report issues with this Web site, please contact TechTargetWebSite@TechTarget.com.
©2009 TechTarget. TechTarget cares about your privacy. Read our Privacy Statement.