September 22 - 24, 2019
The Ballantyne Charlotte, Charlotte, NC

Day Two: Monday, September 23, 2019

8:00 am - 8:45 am Breakfast

8:45 am - 8:50 am Chairperson's Opening Remarks

8:50 am - 9:35 am A Lesson in Survival: Transforming Culture By Preparing for a Crisis

Is your team prepared for the uncertainty and chaos of a security incident? How rapidly can your organization band together during a crisis? Who do you need to navigate a major security event and have you trained them to identify and support their stakeholders?
 
In this talk, we will show how key personalities, including  "fire fighters" and "bridge builders", emerge during the pandemonium of a major security event, and how these roles are core to the effectiveness of the security program long before a crisis ever happens. We will demonstrate how identifying, developing, and empowering these team members will allow you to not just survive a major event, but proactively build trust with your stakeholders and transform your security culture.
Adam Tice, Senior Vice President of Cybersecurity at Equifax

Adam Tice

Senior Vice President of Cybersecurity
Equifax

9:35 am - 10:05 am Identifying and Classifying Your Regulated Data Risk

With new regulations and privacy mandates such as the California
Consumer Privacy Act (CCPA) and updated New York State Cybersecurity Requirements 
(23 NYCRR 500) emerging across North America, it's more critical than ever to have a proven
process to identify and classify your organization's risk score for regulated data. Across all
industries, this process needs to enable you to automatically



10:05 am - 10:20 am Networking Break

10:20 am - 10:50 am Business Meetings

10:50 am - 11:20 am Business Meetings

11:20 am - 11:50 am Business Meetings

Brainweave

11:50 am - 12:35 pm Improving Identity and Access Management in Financial Services
People, processes and technologies are all critical to effective privileged access management.  The evolving IAM landscape improves business outcomes, strengthens   the user experience and increases operational efficiency. Beyond a tick box for compliance, identity and security analytics can improve decision-making information for business managers, driving access revocation rates higher. Attend this session to learn how analytics can make your governance investment worthwhile with examples including:

•Focusing on orphaned accounts
•Detecting behavioral anomalies
•Responding with multi-factor authentication

Masterclass

11:50 am - 12:35 pm CMMI® Institute: Building Resilience Through a Risk-Based ‘Cybermaturity’ Approach
The CMMI Institute interviewed CISOs/CSOs seeking
to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to
provide a holistic solution that seeks to align
pragmatic insights with business objectives, the
CMMI Institute built a risk-based capability maturity platform. The platform is an enterprise platform that
can support organization of varying complexity and
security demands while providing a clear
understanding of the priorities an organization should attack first. 

Key Takeaways: 

•Understand the challenges global
organizations are facing and how leading
organizations are solving
•Understand a risk-based approach for
prioritizing investment for organizations
with varying complexity and security
demands
•Understand the CMMI Institute’s holistic
approach of assessing the maturity of an
organization’s security capability maturityThe CMMI Institute interviewed CISOs/CSOs seeking
to identify common themes in the challenges organizations are facing and the best thinking in solving those challenges. Recognizing the need to
provide a holistic solution that seeks to align
pragmatic insights with business objectives, the
CMMI Institute built a risk-based capability maturity platform. The platform is an enterprise platform that
can support organization of varying complexity and
security demands while providing a clear
understanding of the priorities an organization should attack first. 

Key Takeaways: 

•Understand the challenges global
organizations are facing and how leading
organizations are solving
•Understand a risk-based approach for
prioritizing investment for organizations
with varying complexity and security
demands
•Understand the CMMI Institute’s holistic
approach of assessing the maturity of an
organization’s security capability maturity

12:40 pm - 1:40 pm Networking Lunch

1:45 pm - 2:15 pm Third Party Risk Management (TPRM) in a Transformation World

Organizations are gravitating quickly to transformation (cloud, agile, RPA, etc).  The goal of these activities is to improve customer service, increase revenue, reduce cost and operate more agile to name a few. This process requires TPRM activities to keep up with the transformative process.
Nasser Fattah, Managing Director at MUFG Union Bank

Nasser Fattah

Managing Director
MUFG Union Bank

2:15 pm - 3:15 pm Practitioner Roundtables

Earlier in the Exchange, we collected your insights and challenges using the Thoughtexchange social learning tool. We identified the highest rated topic areas. During this session, you’ll have the opportunity to choose a topic and participate in a small group discussion. You will work in groups to develop an action plan for improvement. 

Brainweave

3:20 pm - 4:05 pm Achieving Risk Tolerance Through Solid Risk Frameworks
Concise, clear communication is essential to identify risk tolerance and the key assets that must be protected.  Frameworks such as NIST CSF provide a common language of communication for stakeholders. Breach contingency planning and communications are as important as breach prevention. But strengthening relationships with legal, HR, PR and other stakeholders often is pushed away with focus resting on breach prevention. 
In this session:

•Developing and practicing contingency planning
•Utilizing risk frameworks for communications in a common language
•Exploring impact of changing legal and regulatory requirements

Masterclass

3:20 pm - 4:05 pm Preparing for a Quantum World
This future-focused session explores the potential impacts of advances in quantum computing and quantum cryptography on confidentiality, integrity, and expectations of privacy. From potential challenges such as rendering some or all current encryption algorithms obsolete due to processing power, to the concept of a re-imagined Quantum Internet with possibly guaranteed confidentiality. The information discussed is intended to provoke insights into the  emerging security landscape. Whether the advent of quantum-based computing and cryptography turns out to be beneficial or harmful (or both), expectations must be reset and realigned to plan for such a paradigm shift.
In this session:

•Differentiating between a quantum computer and classical computer
•Understanding the impact of quantum algorithms on cryptography
•Realigning expectations for the paradigm shift of quantum-based cryptography

4:05 pm - 4:20 pm Networking Break

4:20 pm - 4:50 pm Business Meetings

4:50 pm - 5:20 pm Business Meetings

5:20 pm - 5:50 pm Business Meetings

5:50 pm - 6:30 pm Proactive Partnerships- Speaking the Language of Business and Technology

Cyber security needs to be aligned with the business with accountability across the organization and with the customers. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront - translating and communicating risk in a way that resonates with the business stakeholders and translates to what customers are seeking. Cyber security is just one responsibility of the CISO, with high profile data breaches in the evolving regulatory era, communication with the board and the rest of the C-suite is paramount. CISOs must shape the message and methods to address unique organizational dynamics and instil security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.

Join this session to learn:
•Engaging, managing, and exceeding expectations
•Top-down focus on risk management
•Evolving roles of the CISO, CIRO, and CIOs
Eric Staffin, Chief Information Security Officer at IHS Markit

Eric Staffin

Chief Information Security Officer
IHS Markit

6:30 pm - 7:00 pm Networking Reception