Register for Burton Group Catalyst 2006
Burton Group Catalyst Conference Burton Group Catalyst Conference 2006 - San Francisco June 12-14

SECURITY AND RISK MANAGEMENT STRATEGIES TRACK 2005

Wednesday July 13, 2005
Thursday July 14, 2005
<< Return to 2005 Archive Index

Managing Security: Effective Strategies for Protecting the Business

The painful consequences of ignoring enterprise security needs are driving more and more organizations to deal with security on business terms. Many enterprises are reconsidering their internal security and risk management practices in the face of mounting pressure from audits and regulatory compliance mandates such as Sarbanes-Oxley, for example. And the threats of worms, viruses, identity theft, cyber crime, phishing, insider fraud, and intellectual property theft pose additional challenges that require enterprises to re-think their approach to security.

The Security and Risk Management Strategies (SRMS) track will present a systematic, comprehensive approach to enterprise security. The track will focus on practical strategies for tying security management to organizational governance. Burton Group analysts and consultants will discuss how to build appropriate levels of risk assessment into business decisions. You will hear about the technologies, architectures, and practices that combine to create effective strategies for protecting the business. Presenters will examine how to manage protective mechanisms, enforce security policies, and achieve regulatory compliance. We'll also discuss how to implement layered defenses and achieve higher assurance levels. And as always the case at Catalyst Conference, these and other security topics will be examined by analysts, debated by industry experts, and reality-tested through customer case studies.

TOP

Security and Risk Management Strategies Track - Wednesday July 13, 2005

Adaptive Security: Mastering Risk Management, Governance, and Policy

Enterprises cannot address security effectively by just throwing new products at the problem. As many people have said many times, security is a business problem. And managing security and risk in today's threatening (and increasingly regulated) environment requires improvements in governance, practices, metrics, and management systems. Decision makers must consider business risk and compliance before they invest in risk mitigation measures, including security technology.

On the first day of the conference, the SRMS track will focus on security management. Our security experts will help you understand how your organization can address business, regulatory, and other management challenges by implementing a comprehensive security program. Well define that security program, starting with the business issues, discussing how organizational governance relates to security architecture. Analysts and consultants will focus on how to infuse risk management into the decision making process, and how risk management decisions should drive technology and architecture decisions. The day will also include an in-depth look at how compliance and audit functions can and should work in today's networked enterprise.

As the SRMS track covers these and other topics, you'll gain a better understanding of security management, what you can (and should) do today, and how to prepare for tomorrow.

Topics include:

  • Governance
    • Relationship between security governance and the corporate/business governance structure
    • Creating partnerships between management and technology groups
    • What does and doesn't work
  • Risk Management
    • Relationship between business risk management and IT risk management
    • How consequences impact risk decisions
    • How to determine when it's appropriate to use due diligence
    • Methods for assessing protection posture
  • Security Management
    • Defining security policies and controls
    • Tools and feedback mechanisms to effectively implement, monitor, and respond to exceptions
    • Metrics for assessing security program effectiveness
  • Compliance and Audit
    • How to understand audit controls and perspectives
    • Mapping the terminology of audit to IT security
    • Meeting the requirements of Sarbanes-Oxley and other regulations
    • Pitfalls and limitations of technologies that claim to deliver compliance functionality
  • Security Event Management
    • How to make better use of the security information
    • Value of aggregating and correlating audit logs
    • Tracking insider abuse, using forensics as evidence, demonstrating compliance, and radically reducing false positives

TOP

Security and Risk Management Strategies Track - Thursday July 14, 2005

Enterprise Security Architecture: A Systematic Approach

Today, overburdened IT security teams strive to install, operate, and manage a complex array of interdependent technical solutions. A growing number of interdependent security products, appliances, and technologies are also competing for limited budgets. But to succeed, enterprises must take an architectural approach to security, before investing in products and technical solutions. Only then can organizations ensure that the strategic security technologies they deploy are well-matched to their protection needs.

The second day of the SRMS track will focus on the architectural and technical elements of an effective enterprise security environment. Sessions will cover how today's threats are evolving, as well as the effectiveness and economics of possible counter-measures. Burton Group analysts will discuss how enterprise security managers can raise the bar through improved content protection and heightened host assurance. You'll learn how to enforce a consistent set of business and security policies across a fragmented security infrastructure comprised of many products from multiple vendors.

The SRMS track will give you a better understanding of challenges you may encounter as you put in place the technical architecture, infrastructure, and products necessary to enforce enterprise security policies and achieve a higher level of assurance across the business network, processing systems, and applications.

Topics include:

  • Security Architecture
    • Current state of security architecture, what's broken, and where we go next
    • A Reference Architecture for security technology
    • Relating security architecture to a comprehensive security program and information security principles
  • Content Filtering
    • Content as an attack vector
    • Role and effectiveness of filtering technologies in defending against content-based worms, viruses, spam, and phishing
    • Where signature-based filters should be placed
    • Limitations of filtering technologies and alternative approaches
  • Intelligent Perimeters and Zones
    • How virtual organizations, mobile users, and the proliferation of network access points stretch distributed perimeters
    • Mechanisms for creating layered zones of trust
    • Recommended strategies for system placement, detection services, and malicious software (malware) throttling within zones
  • Higher Assurance
    • Progress in operating systems, virtual computing, and trusted hardware
    • Rationale and roadmap for uplifting host security
    • Current industry experience with higher surety approaches

TOP

<< Back to Catalyst Conference North America 2005 Archive

 
Register by February 28, 2006 for best Early Bird pricing

CLICK HERE for details
 
Home | Terms of Use | Privacy Policy | Contact Us   ® 2006 Burton Group, All rights reserved