7 The Elements of an Effective Identity and Access Management Program Identity and access management ( IAM) can deliver real business value beyond its contributions toward effi cient and effective security, risk management and compliance. However, realizing that value demands sound program management. To build an IAM infrastructure that will meet your needs, you must orchestrate a variety of different technologies. . What are the drivers for and benefi ts from IAM? . What are the key elements of an IAM program? . What is the range of IAM technologies: which are core and which fringe, which tactical and which strategic? Ant Allan, Gartner User and Resource Access Monitoring to Improve Security Today's threat environment is dangerous because attackers are targeting your highest value data, and quiet because attackers want to capitalize on a breach for as long as possible. In many cases, the only signal that you will have of a breach is abnormal user activity or resource access. Come to this presentation to learn how user and resource access monitoring technologies ( SIEM. DAM, and so on) improve security, compliance and effi ciency. Mark Nicolett, Gartner Planning for DLP Deployments for Compliance and Intellectual Property Protection Organizations large and small are planning to deploy DLP to better control and protect sensitive assets at the perimeter, within data stores and document management systems, and at the endpoints. As these tools become mainstream within organizations they will impact and challenge traditional views of data classifi cation, protection and access controls. . Exactly what is DLP and how much of it do you need and in what form? . How and what kind of DLP should be leveraged to maximize effectiveness within organizations at the lowest cost and in minimizing the Christmas tree effect? . What are the key deployment lessons learned from successful deployments? Eric Ouellet, Gartner G14: The Dawn of Content Aware IAM Content awareness is a relatively new idea under evaluation in identity and access management ( IAM) circles. Originally a capability incorporated within data loss prevention ( DLP) offerings, it can deliver new capabilities within IAM suites. This presentation will look at: . Content awareness in the context of IAM . Initial and long term vision for content awareness integration . How organizations should plan for the introduction of content Eric Ouellet, Gartner Role Management Evolves: Contextual Entitlement Administration Enterprises frequently struggle with how to control access - who has it, what level, and to what? Role life cycle management is key to many successful user provisioning and IAM governance implementations, and is itself evolving to a new form of " entitlement administration." . What are the key elements? . Who are the key vendors and what do they offer to customers today? . What's the difference between role management and authorization management? Ant Allan, Gartner The Root to Happiness: Best Practices for Managing Superuser Privileges and Shared Account Passwords Organizations are under increasing pressure to reduce the number of users having permanent full superuser privileges. In addition, there is pressure to implement better control over, and greater accountability for, use of shared accounts with like privileges. . What are the risks of unconstrained use of superuser privileges and shared accounts? . What are the best practices for managing superuser privileges and shared accounts in a controlled and auditable manner? . What are the most effective tools for managing superuser privileges and shared accounts? Ant Allan, Gartner Securing Your Organization With Data Scrubbing Technologies Organizations are quickly becoming aware of the risks associated with unintended embedded metadata information in documents shared with clients and partners. With the potential risk exposure being very signifi cant, organizations need to consider data scrubbing solutions. . What is data scrubbing and why is it important? . What type of data scrubbing offerings are currently available? . What is the current legal impact and accepted best practice for enacting a data scrubbing program? Eric Ouellet, Gartner 2 TRACK 2: Protect Data and Applications to Deliver Higher Business Value Attackers are increasingly concentrating on data and applications because " that's where the money is." But it's not just a matter of protection against fi nancial fraud. Privacy demands protection of personal data. Government regulations demand activity monitoring. Business continuity demands robust and reliable backup and recovery. Security managers must address these needs by orchestrating vulnerability management and IAM initiatives to maximize effectiveness and effi ciency. Register Now and builder your agenda at europe. gartner. com/ security
8 Register today at europe. gartner. com/ security One Nation's Compliance Equals Another's Violation: E- Disclosure and Privacy Issues Heat Up Historically, the argument has been that the European statutes on data protection and privacy have not been rigorously and consistently enforced and the disclosure of potentially relevant evidence carried no real penalty. Despite the change in U. S. administration, the courts are unlikely to become similarly friendly. IT practitioners will fi nd themselves caught in the middle. . What relevant laws and statutes do European headquartered companies need to be mindful of? . What can IT do to help mitigate the problem by providing local facilities? . Are there best practices or technological approaches that can be called upon to make the problem more tractable? Debra Logan, Gartner Managing Compliance in a Pan- European Environment New regulations such as Solvency II, IFRS or SEPA are a peculiar challenge for fi nancial services providers which act in a pan- European environment and operate a heterogeneous IT landscape. In this presentation we will discuss root causes and consequences of such compliance activities. In addition we will discuss best practices to overcome the challenges. . The surging wave of pan- European regulations . Business and IT implications for fi nancial services providers . How to deal with the compliance challenges Juergen Weiss, Gartner Stormy Weather: Assessing the Security Risks of SaaS Products and Cloud Services You need visibility into your supplier's processes to ensure the appropriate level of information protection. You'll also need to assess the security features and service levels and how well they're implemented and maintained. Proven risk assessment practices can provide a useful level of assurance that a product or service is reliable, including its capabilities to resist both accident and human manipulation. . What types of information facilitates provider transparency, and how do you get it? . What are the three basic ways to assess the risk associated with a supplier? . What are the compliance concerns associated with cloud computing? Jay Heiser, Gartner Getting Ahead of Regulations: Why Compliance Isn't Enough Compliance has become quite complex: audit requirements, accounting standards, encryption laws, electronic signatures, information security standards, privacy laws, breach notifi cations, document retention rules and e- discovery vary from country to country. We will give an update on the regulatory landscape and analyze what these requirements mean for business and IT. . What makes the regulatory landscape so diverse across different countries? . What do regulations mean for IT departments? . What are the key elements of an IT compliance program? Carsten Casper, Gartner IT GRC Management Security organizations are not exempt from the struggle to link IT to the business. In fact this linkage is required to: evaluate risk with business context; reduce the cost of compliance reporting; and to produce metrics to measure the effectiveness of security programs. Come learn how IT GRCM technology can be used to evaluate IT risks and to effi ciently demonstrate that your organization meets regulatory and legal obligations. Mark Nicolett, Gartner Assembling a GRC Solution: Beyond Marketscopes and Magic Quadrants Most vendors providing fi nancial, IT operations and IT security solutions claim to have a GRC solution, and there are specialist GRC vendors too. Learn the differences in technology- enabled approaches to GRC, and how you can assemple a comprehensive GRC solution. . How can Gartner methodologies help in architecting the GRC solution? . What are the architectural principles that can advance GRC maturity in support of business performance? French Caldwell, Gartner Turning Risk Management Into a Competitive Weapon for Financial Services Organizations Organizations around the world are facing many new regulations and the latest economic crisis will most likely lead to further regulation. Several IT organizations are struggling to cope with these challenges and are looking for ways to create additional business value out of these efforts, which goes beyond pure compliance. In this presentation we will introduce some practical guidelines and case studies to show how to overcome this dilemma. . Implications of re- regulation for risk managers . Overcoming the confl ict between compliance and business value Juergen Weiss, Gartner Summit Program 3 TRACK 3: Meeting Expectations for IT Risk and Compliance Management What level of business risk is represented by partnering arrangements or dependence upon SaaS or cloud computing providers? Will outsiders properly secure your data? Can you effi ciently demonstrate that your organization meets all regulatory and legal obligations in every country? Today's IT risk manager needs to be an enabler, helping the line of business and IT to make effective decisions about which risks to accept and which to avoid.