page 1
page 2
page 3
page 4
page 5
page 6
page 7
page 8
page 9
page 10
page 11
page 12
page 13
page 14
page 15
page 16

10 Register today at europe. gartner. com/ security The Gartner Best Practice Council Panel Discussion: Meeting the Business Half Way Safeguarding information in a corporate IT environment - a ' consumer- centric' arena of changing threats - requires an agile and responsive approach from the security team. In this interactive debate, hear how a number of leading-edge organization's have approached this essential are in terms of strategy, governance and communications. Richard Barber, IT Security Strategy & Risk Manager, British American Tobacco Ian Mason, Gartner Best Practices Councils EMEA Casimiro Juanes, Head of IT Security, Ericsson Paul Jervis, CISO, RWE nPower Instituting an IT Risk Reporting and Management Framework at Euroclear Gaining management acceptance was positively affected by linking risk to specifi c IT processes - Euroclear created a consistent framework containing fl exible reporting. . Addressing risk and reporting at the strategic, operational and tactical levels . Ensuring clear reporting to enhance acceptance and understanding. Olivier Nijland, IT Risk Manager, Euroclear Using DLP to Prevent Misuse of Confi dential Information Banc Sabadell Group will present their experience of selection and implementing a solution in this fi eld. . What to do before deploying a DLP solution . Measuring our success in help detect, monitor and prevent misuse of data . Best practices for formulating the correct process. Santiago Minguito, Information Security Manager, Banc Sabadell Group A Practical Integration of ISO 27001 and ISO 27005 for Superior Security Management The case study illustrates how an organization with many varying lines of business can defi ne and link together in a practical way . A common mandatory guideline and baseline for information security based on ISO 27001 . A mandatory information classifi cation model . A information security risk assessment process based on ISO 27005. Jan A Svensson, Director Information Security, City of Göteborg Implementing Network Access Control for the Swiss Federal Railways This session will highlight the common threats for large enterprise networks and how a Network Access Control ( NAC) solution can help minimize the risk. The focus will be on evaluating and implementing a NAC-Solution in a large and heterogeneous environment: . Key points to consider when evaluating a NAC- Solution . Overview of the solution chosen by the Swiss Federal Railways . Sharing our hands- on experience in implementing NAC Alexander Hermann, Security Project Manager, Swiss Federal Railways Advanced Security Practice Workshop: Risk Management - for the Advanced Information Security Practitioner This workshop will begin with a bottom up view from within IT of the current state of IT risk management. We will move forward by taking a look at the risk landscape facing all organizations. This will highlight the gaps that are all too often present between where organizations are and where they need to be. We will go on to explore the resources readily available to organizations to enable them to close the gaps and effectively manage IT risks. Roger Southgate, Leader, London CobiT Development Group and President, IT Governance Standards, ISACA Security Essentials for the 21st Century: Security Leaders not just Managers Your professional development objectives should ensure you learn how to move from ' pushing' employees toward security objectives, to leading and taking them with you. . Becoming a true leader drawing employees toward security goals . Securely enabling the organization in an inherently insecure environment . Moving from technology focus to ' soft skill' people focus Jim Heard, Information Security Manager, Centrica Energy End- User Case Studies The case studies bring practitioners' own experiences at leading organizations from a variety of industries and countries to the event. They demonstrate the challenges, adopted solutions, chosen processes, and resulting benefi ts that you can apply to your own environment. Best practice examples and real- world know- how showing you what you want to do - and what to avoid. Register Now and builder your agenda at europe. gartner. com/ security

11 Media and Accreditation Partners Media Partners Use the Gartner Information Security Summit to advance your professional and personal development. At the 2009 Summit we are partnering with key certifi cation providers within this subject area to allow you to count your attendance toward your qualifi cations. You will also be able to meet and learn from these organizations on- site as part of your Summit experience so you can gain a better understanding of the options open to you as you seek to develop in your chosen career. ISACA, previously known as the Information Systems Audit and Control Association, now goes by its acronym only, to refl ect the broad range of IT governance professionals it serves. The Certifi ed Information Security Manager ® ( CISM ® ) certifi cation program launched in 2002 and developed specifi cally for experienced information security managers, and those who have information security management responsibilities has added impetus to the growth in ISACA membership worldwide to more than 75,000 since its inception in 1967. ISACA's strong chapter network provides local support and networking opportunities via more than 175 chapters located in over 70 countries. www. isaca. org. uk The International Information Systems Security Certifi cation Consortium, Inc. - ( ISC) 2 ® - is the globally recognized Gold Standard for certifying information security professionals. Founded in 1989, ( ISC) 2 has certifi ed over 60,000 information security professionals in 135 countries. ( ISC) 2 issues the Certifi ed Information Systems Security Professional ( CISSP) and related concentrations, Certifi cation and Accreditation Professional ( CAP), and Systems Security Certifi ed Practitioner ( SSCP) credentials to those meeting necessary competency requirements. The CISSP, CISSP- ISSEP, CISSP- ISSAP and SSCP are among the fi rst information technology credentials to meet the stringent requirements of ANSI/ ISO/ IEC Standard 17024, a global benchmark for assessing and certifying personnel. ( ISC) 2 members can earn up to 16 CPEs. www. isc. org SANS is the most trusted source for information security training and certifi cation in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security. Its programs now reach more than 165,000 security professionals. A wide range of individuals are sharing the lessons they learn and are jointly fi nding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. www. sans. org The Institute of Information Security Professionals ( IISP) is setting the standard for professionalism in information security. Full Membership of the Institute is becoming the recognized competence- based qualifi cation in this fi eld. The addition of the UK Government Infosec Training Paths & Competences ( ITPC) scheme to the Institute's programme is a great step in providing a single harmonized skills framework for the accreditation of Information Security and Assurance professionals working in both public and private sectors. www. instisp. org