5 Foundation Sessions Legacy Information Management: Control Risk, Improve Security and Save Money Legacy data creates substantial costs for storage and maintenance despite much of it being outdated and redundant. New techniques and technologies can help with information retention management, which is the bedrock of risk mitigation, information governance and overall data security. With legal and regulatory oversight bodies, as well as the courts expecting companies to clear up this undisciplined data growth, it's time you start the long journey to better manage your data. . What is the extent of the problem? . How does it relate to governance risk and compliance? Debra Logan, Gartner The IT Security Manager's Guide to Enterprise Risk Management According to a Gartner survey, enterprise risk management is one of the top three initiatives affecting IT security professionals in 2009. Risk comes in many forms and can have a serious impact. As corporations move to real time, so does risk. Limited data, complex interdependencies and organizational silos inhibit risk identifi cation, measurement and management. In order to retain stakeholder trust, establish transparency while protecting privacy and to meet regulatory requirements, an integrated approach to enterprise risk management must be applied. French Caldwell, Gartner Articulating the Business Value of Information Security The security management program is a big ticket budget item. As budgets begin to tighten it will become increasingly diffi cult to justify security expenditures. This presentation will share. . Strategies for obtaining and maintaining executive support for security initiatives . A practical model for communicating the business value of an information security program . Techniques for effective cost/ benefi t analyses for security project investments. Tom Scholtz, Gartner Gartner Analyst/ User Roundtables Gartner Analyst/ User Roundtables are your chance to network with a Gartner analyst and a group of your peers; to get ideas and answers from organizations experiencing similar challenges. Your Role as CISO: 2010- 2012 Christian Byrnes, Gartner Managed Security Services Providers Carsten Casper, Gartner Remote Access Authentication Mashup/ Meltdown John Girard, Gartner Protecting the Endpoint Peter Firstbrook, Gartner Assessing Outsourcing and External Service Risks Jay Heiser, Gartner Security Information and Event Management Mark Nicolett, Gartner Contemporary Issues in IAM Ant Allan, Gartner Foundation Sessions and Gartner Analyst/ User Roundtables Begin your Summit experience with a full briefi ng on the latest priorities and essential updates relating to three key subjects featured within the Summit. As an experienced professional wanting a fast refresh on the Gartner perspective, or as a newcomer wanting a snapshot of what you need to know, the Foundation Sessions form a solid basis for your time on- site. For more information about the Foundation Sessions visit europe. gartner. com/ security
6 Register today at europe. gartner. com/ security Summit Program TRACK 1: A Secure Infrastructure is no Luxury Today's highly- connected environment simultaneously offers huge business advantages and signifi cant risks. You not only have to maintain network fi rewalls, secure Web gateways and endpoint protection platforms, but you have to support teleworkers and partners. Virtualization and cloud security challenge your established perimeters while the bad guys keep innovating. Protecting the Endpoint From the Malware Pandemic The expansion of endpoint protection from traditional signature- based detection and personal fi rewalls, to data protection and PC life cycle tools is well underway. This session will examine what makes sense in an endpoint security package and which vendors are leading the way. We will also examine the converging roles of operations and security and list the top procedural changes that will enhance the security posture of endpoints. . What are the advantages of security and operations integration? . What features, confi guration options and procedural enhancements will be critical for future endpoint security success? . Which vendors are leading the way and how to negotiate effectively to get the best deal? Peter Firstbrook, Gartner Planning for the Content Aware Enterprise: 2009 DLP Magic Quadrant The content aware data loss prevention market continues to evolve. Organizations are adjusting to a strategy where they can dynamically apply policy at the time of an operation. Data loss prevention technologies are increasingly common compliance tools for many organizations. However, many struggle when it comes to selecting and deploying meaningful content- aware DLP solutions and achieving their intended compliance goals. . What should an enterprise data loss prevention strategy look like? . Who are the leaders in each market segment? . What fi ve points must organizations consider when deploying DLP solutions? Paul Proctor, Gartner Secure Remote Access For Non- Securable People: Access Protection in an Outsourced, Contracted, Partnered World Contractors are less expensive on the ledger than full- time employees. Business partners must be connected to make just- in- time decisions. Companies give control of critical internal systems to users who are not under direct supervision. Relationships span political boundaries. Enforcement of data protection and SLAs are acts of faith. We take stock of the vulnerabilities caused by extranet access and recommend a survival plan. . What are the extranet security and privacy challenges through 2014? . How will business integrity be maintained when users may never be seen? . Which contractual, technological and managerial practices will be most effective to maintain access control? John Girard, Gartner Gartner Magic Quadrant Power Session: Getting What you Want From the Security Market Players With cost rationalization and effi ciency high on the corporate agenda for 2009- 2010, learn from the Gartner analysts who are best placed to give you what you need and whether there are opportunities for you to achieve a better deal or a renegotiated arrangement in this climate. The session will cover the key technology providers in SIEM, user provisioning, content monitoring and fi ltering, data loss protection, personal fi rewalls and mobile data protection. . What trends and product features contributed to the 2009 Magic Quadrant positioning? . Which vendors have the sharpest vision of where the market is going? . Where are the dangers and opportunities in the security technology market? Gartner Analysts: Peter Firstbrook, John Girard, French Caldwell, Paul Proctor Securing the Web Gateway The Web is simultaneously becoming more important and more dangerous to modern business. Web- based applications and services such as Skype and Salesforce. com have the ability to cut costs and improve productivity, yet few organizations have adequate solutions to effectively manage and fi lter Internet traffi c fl ooding the LAN. . What are the trends and implications of the evolving Web applications? . What are the key features and requirements of a secure Web gateway? . Which vendors will your organization rely on to secure the Web gateway? Peter Firstbrook, Gartner Trusted Portable Personalities: Case Studies To Mix Security and Portability Every company struggles to adapt to rising demands for portable information access without increasing investments in supervision and dedicated workstations. Data loss prevention is failing under an avalanche of portable media devices and Internet portals. These demands extend far beyond the question of employee access to encompass sharing of legally sensitive data and competitive intellectual property. . How can corporate data be productively used on noncorporate workstations? . What are the decision factors that determine the best methods for secure, portable remote access? John Girard, Gartner Using Vulnerability Management to Operationalize Security Security policies are most effective when assessment and remediation processes are implemented by network, desktop and server administration groups. The security organization needs to keep control of policy and audit while it runs projects to operationalize selected assessment and remediation functions. This presentation provides guidance on how to use operations to improve the effectiveness and effi ciency of IT security. Mark Nicolett, Gartner 1 Presented by both Gartner analysts and invited guest speakers these sessions offer the very latest topical updates and actionable insights on the subjects most critical to your organizational development and innovation.