page 1
page 2
page 3
page 4
page 5
page 6
page 7
page 8
page 9
page 10
page 11
page 12
page 13
page 14
page 15
page 16

4 Register today at europe. gartner. com/ security Milestones and Monsters The Web has levelled the playing fi eld. Now, anyone can come up with a great idea, and unleash it on the world. And in an age where consumer electronics is massive business, every new invention is a potential goldmine. The best thing is, to capitalize on it, you don't even have to have the idea yourself. You just have to know how and when it could change the world, and be ready. We start with a look at some of the technology past milestones that have given rise to the success stories of today, and a look ahead at some which have yet to happen - the ones that you may be able to make a few zeroes on. And then it's on into the dark side - after all... innovation isn't always for the greater good. As more and more real life and real business takes place online, there are real opportunities for organized criminals to cash in. So, who are they? How are they structured? And how are they likely to hit you? Place yourself in the hands of the perfect guide - one who has investigated cutting edge cybercrime, and demonstrated how easy it is to command an army of zombie machines to do anything you want. Spencer Kelly, Technology Tourist, Presenter of the BBC's international technology programme Click Making the Real World Trade- Off: Balancing the Costs of Security and Insecurity Over the past 25 years the practice of information security has made many advances but has not been an unobstructed march to victory over insecurity; in some ways, the organization is more insecure than ever. As best practice and theory have come into contact with the day- to- day reality within organizations, it has been demonstrated time and again that security is not an all-encompassing end goal; it is a series of evolving compromises and ongoing choices. Professor Fred Piper, internationally respected for his contributions to the advancement of information security, will explore how to balance the needs of security with the needs of a functioning organization and the people who work within it. He will argue that the role of the security professional is to demonstrate to the organization exactly what trade- offs are involved, and to govern the relationship between the policies set and their practical impacts on the people who have to work with them. Looking to the here and now, it is time to defi ne security policies that take into account the true costs and are acceptable to the people who will have to act within their proscriptions; if you fail to strike the right balance those same people will turn out to be your key enemy and your greatest threat. Professor Fred Piper, Information Security Group, Royal Holloway, University of London Gartner Strategy Keynote: Your Role in Information Security Information security only started maturing in the 1990s, when distributed computing and pervasive networking resulted in a dramatic increase in business dependency on IT. This coincided with a dramatic increase in risk. Maturation implies change. Using other examples of IT maturation, we can better understand what an information security professional will look like, starting fi ve years from now. . What are the key roles and responsibilities of information security practitioners today? . How will those key roles change over the next fi ve to seven years? . Which direction should you set for your career in information security and risk? Christian Byrnes, Gartner Gartner Closing Keynote: The Future of Information Security Infosec managers who forget the past are doomed to repeat it. We cannot understand the risk implications of continuous evolution of information media outside of the context of the last 6000 years of information security failure. Cuneiform tablets resulted in a rash of Babylonian identity frauds, Gutenberg launched a four- century debate on intellectual property protection, and cyber warriors committed man in the middle attacks in 1862. As digital technology becomes increasingly complex, and IT continues to lose control over information, the loss patterns of the past are repeating themselves at an exponentially accelerating rate. Only by understanding the lessons of the past can we prepare ourselves to thrive in a future of increasingly abstract and distributed trust mechanisms, a world of sophisticated anonymous attacks, in which the end user will inevitably become our fi rst line of defense. Jay Heiser, Gartner Plenary Sessions Plenary Sessions

5 Foundation Sessions Legacy Information Management: Control Risk, Improve Security and Save Money Legacy data creates substantial costs for storage and maintenance despite much of it being outdated and redundant. New techniques and technologies can help with information retention management, which is the bedrock of risk mitigation, information governance and overall data security. With legal and regulatory oversight bodies, as well as the courts expecting companies to clear up this undisciplined data growth, it's time you start the long journey to better manage your data. . What is the extent of the problem? . How does it relate to governance risk and compliance? Debra Logan, Gartner The IT Security Manager's Guide to Enterprise Risk Management According to a Gartner survey, enterprise risk management is one of the top three initiatives affecting IT security professionals in 2009. Risk comes in many forms and can have a serious impact. As corporations move to real time, so does risk. Limited data, complex interdependencies and organizational silos inhibit risk identifi cation, measurement and management. In order to retain stakeholder trust, establish transparency while protecting privacy and to meet regulatory requirements, an integrated approach to enterprise risk management must be applied. French Caldwell, Gartner Articulating the Business Value of Information Security The security management program is a big ticket budget item. As budgets begin to tighten it will become increasingly diffi cult to justify security expenditures. This presentation will share. . Strategies for obtaining and maintaining executive support for security initiatives . A practical model for communicating the business value of an information security program . Techniques for effective cost/ benefi t analyses for security project investments. Tom Scholtz, Gartner Gartner Analyst/ User Roundtables Gartner Analyst/ User Roundtables are your chance to network with a Gartner analyst and a group of your peers; to get ideas and answers from organizations experiencing similar challenges. Your Role as CISO: 2010- 2012 Christian Byrnes, Gartner Managed Security Services Providers Carsten Casper, Gartner Remote Access Authentication Mashup/ Meltdown John Girard, Gartner Protecting the Endpoint Peter Firstbrook, Gartner Assessing Outsourcing and External Service Risks Jay Heiser, Gartner Security Information and Event Management Mark Nicolett, Gartner Contemporary Issues in IAM Ant Allan, Gartner Foundation Sessions and Gartner Analyst/ User Roundtables Begin your Summit experience with a full briefi ng on the latest priorities and essential updates relating to three key subjects featured within the Summit. As an experienced professional wanting a fast refresh on the Gartner perspective, or as a newcomer wanting a snapshot of what you need to know, the Foundation Sessions form a solid basis for your time on- site. For more information about the Foundation Sessions visit europe. gartner. com/ security