8 Register today at europe. gartner. com/ security One Nation's Compliance Equals Another's Violation: E- Disclosure and Privacy Issues Heat Up Historically, the argument has been that the European statutes on data protection and privacy have not been rigorously and consistently enforced and the disclosure of potentially relevant evidence carried no real penalty. Despite the change in U. S. administration, the courts are unlikely to become similarly friendly. IT practitioners will fi nd themselves caught in the middle. . What relevant laws and statutes do European headquartered companies need to be mindful of? . What can IT do to help mitigate the problem by providing local facilities? . Are there best practices or technological approaches that can be called upon to make the problem more tractable? Debra Logan, Gartner Managing Compliance in a Pan- European Environment New regulations such as Solvency II, IFRS or SEPA are a peculiar challenge for fi nancial services providers which act in a pan- European environment and operate a heterogeneous IT landscape. In this presentation we will discuss root causes and consequences of such compliance activities. In addition we will discuss best practices to overcome the challenges. . The surging wave of pan- European regulations . Business and IT implications for fi nancial services providers . How to deal with the compliance challenges Juergen Weiss, Gartner Stormy Weather: Assessing the Security Risks of SaaS Products and Cloud Services You need visibility into your supplier's processes to ensure the appropriate level of information protection. You'll also need to assess the security features and service levels and how well they're implemented and maintained. Proven risk assessment practices can provide a useful level of assurance that a product or service is reliable, including its capabilities to resist both accident and human manipulation. . What types of information facilitates provider transparency, and how do you get it? . What are the three basic ways to assess the risk associated with a supplier? . What are the compliance concerns associated with cloud computing? Jay Heiser, Gartner Getting Ahead of Regulations: Why Compliance Isn't Enough Compliance has become quite complex: audit requirements, accounting standards, encryption laws, electronic signatures, information security standards, privacy laws, breach notifi cations, document retention rules and e- discovery vary from country to country. We will give an update on the regulatory landscape and analyze what these requirements mean for business and IT. . What makes the regulatory landscape so diverse across different countries? . What do regulations mean for IT departments? . What are the key elements of an IT compliance program? Carsten Casper, Gartner IT GRC Management Security organizations are not exempt from the struggle to link IT to the business. In fact this linkage is required to: evaluate risk with business context; reduce the cost of compliance reporting; and to produce metrics to measure the effectiveness of security programs. Come learn how IT GRCM technology can be used to evaluate IT risks and to effi ciently demonstrate that your organization meets regulatory and legal obligations. Mark Nicolett, Gartner Assembling a GRC Solution: Beyond Marketscopes and Magic Quadrants Most vendors providing fi nancial, IT operations and IT security solutions claim to have a GRC solution, and there are specialist GRC vendors too. Learn the differences in technology- enabled approaches to GRC, and how you can assemple a comprehensive GRC solution. . How can Gartner methodologies help in architecting the GRC solution? . What are the architectural principles that can advance GRC maturity in support of business performance? French Caldwell, Gartner Turning Risk Management Into a Competitive Weapon for Financial Services Organizations Organizations around the world are facing many new regulations and the latest economic crisis will most likely lead to further regulation. Several IT organizations are struggling to cope with these challenges and are looking for ways to create additional business value out of these efforts, which goes beyond pure compliance. In this presentation we will introduce some practical guidelines and case studies to show how to overcome this dilemma. . Implications of re- regulation for risk managers . Overcoming the confl ict between compliance and business value Juergen Weiss, Gartner Summit Program 3 TRACK 3: Meeting Expectations for IT Risk and Compliance Management What level of business risk is represented by partnering arrangements or dependence upon SaaS or cloud computing providers? Will outsiders properly secure your data? Can you effi ciently demonstrate that your organization meets all regulatory and legal obligations in every country? Today's IT risk manager needs to be an enabler, helping the line of business and IT to make effective decisions about which risks to accept and which to avoid.
9 4 TRACK 4: Leading the Security and Risk Management Team Through Turbulent Times How do you align security and risk management with the business? How do you get staff to comply with policy? How do you articulate the business value of security? How do you balance the budget? Leading the information security or risk management function is a special responsibility, requiring a mix of technical, political and social skills. Register Now and builder your agenda at europe. gartner. com/ security Transforming from CISO to IT CRO As enterprises reform their compliance efforts from reactionary to risk- oriented, chief information security offi cers ( CISOs) and other IT risk management and security professionals will need to follow along or will fi nd themselves deemed as irrelevant to the business. However, CISOs who develop competencies in enterprise risk management ( ERM) and business analysis will be able to align IT risk management with business performance - for the benefi t of both. . What are the relationships between IT security, IT risk management and enterprise risk management? . How will business risks be better managed if IT security professionals play a direct role in enterprise risk management? . What are the skills and process disciplines needed for IT security professionals to contribute to the enterprise risk management program? French Caldwell, Gartner Know IT Security? Prove It! Developing Your Career With the Right Security Qualifi cation In times when even venerable IT security jobs may be at risk, you need a little bit extra that makes you stand out from the crowd. Having a security certifi cation can help, but it can also pigeon hole you in terms of your perceived skills. When just about everyone has some certifi cate, what can you do to make sure you have the right one? . What are the benefi ts of personal certifi cations that exist today? . How do training, exam, peer review and continuous education infl uence the value of certifi cation? . What skills and certifi cations should an employer look for when optimizing the team structure? Carsten Casper, Gartner Report to the Board: Five Practical Tips to Link Risk and Security to Corporate Performance A board wants to know that the organization is appropriately protected against reasonably anticipated risk. CIOs, CISOs and RMOs struggle to link risk management efforts in security, privacy, business continuity and compliance to the value they provide at line-of- business and executive levels. A handful of companies have fi gured it out and these fi ve practical tips can help you solve this challenge. . What do boards of directors and line-of- business executives want from risk management, GRC and security? . How do you map key risk indicators into key performance indicators to support corporate performance? . How can you present a defensible case for the value and effectiveness of risk management to executive audiences? Christian Byrnes, Gartner Integrating Security Management Into ITIL v3 Strategies: Case Study and Best Practices Version 3 of ITIL takes a life cycle view of service management, as opposed to the functional approach of previous versions. While this is a major improvement in approach, it does have major practical implications on IT security, risk and compliance strategies. This presentation will look at: . What's new in ITIL v3, and how it impacts security management strategies . A case study of how a multinational organization has integrated its security and risk management program into its ITIL v3 program . Best practices in using ITIL v3 to align security and service management strategies. Tom Scholtz, Gartner Gartner Workshop Session: Security Maturity Self Assessment Assessing the maturity of security management processes is the foundation of continuous improvement in security performance. Consistent reporting on process maturity supports increased executive awareness and support. Furthermore, process maturity can also be interpreted as an indicator of the risk posture of the organization. . How should organizations defi ne a security and risk process catalog? . What are the steps for formalizing security processes? ( Audience Limited to 40 - 1hr30minute session) Christian Byrnes, Paul Proctor, Gartner The Risk Program Maturity Benchmark: How Does Your Organization Stack Up? Gartner has surveyed several hundred organizations, in different geographies and verticals, and of different sizes across 12 dimensions of program maturity. Come to this presentation to fi nd out how you compare. Paul Proctor, Gartner No More Dr No: A Framework for Positive Information Security Management Security controls are inherently restrictive, and consequently the nickname of many organizations information risk and security management is " Dr No." However, there are a number of governance, process, cultural and technological actions that information security leaders can implement to align their programs closer to business strategies. . The symptoms, causes and consequences . The governance, process, cultural and technical characteristics of a business-aligned security practice. Tom Scholtz, Gartner