In tomorrow's computing environment, data will need to be shared so widely that an "inside and outside" attitude to security will do little to protect critical information. Devices will participate in all types of public and private local, metropolitan, and wide area networks, accessing services hosted in all manner of locations. Similarly, businesses will be sharing what we used to consider "their own" infrastructure with partners, customers, and even competitors. Firms will need to fundamentally change the way they secure their most sensitive information, as well as how they'll be able to trust their infrastructures to protect their businesses.

Learning to harness the power of technology, learning how to manage and mitigate technological risks, and understanding how to identify technological threats are all alternative tried-and-tested solutions. During her speech, Natanson will share her perspective on proactive brand management by discussing how:

• Proactive brand management secures the brand and stimulates a healthy brand culture.
• Proactive security leads to controlling reputational damage.
• Understanding how to apply proactive security continues to lead to operational effectiveness and revenue protection, allowing the organization to concentrate on greater revenue production.

Zero day attacks, sophisticated bots, targeted attacks and similar threats keep CIO's and CEO's up at night. This presentation reveals important exclusive details behind the most important global threats facing computer networks today and what can be done proactively to successfully lower the risk of a future attack. Participants of this session will take away the following:

• An authoritative understanding of the top threats facing global networks today.
• Actionable intelligence to drive proactive mitigation and countermeasures for attacks before they occur.

Mr. Pelgrin will share his experiences with successful security projects at the State of New York level as well as across the country through the MS-ISAC — including what went right and lessons learned.

Both Cheswick and Stubblefield will present their views on the future of security, focusing on:

• What's next: threats 2010.
• How we will combat those threats.

Following their presentations, both speakers will participate in a moderated panel discussion and address questions from the audience.

Based on his experience at Chevron, Jackson will be sharing his insights on:

• Why Chevron decided to reorganize into a global information risk management organization.
• How the company did it — what worked well and what didn't.

The truth is that there are very few true executive chiefs of information or physical security. The convergence of physical and information security is tactical and limits potential future growth. Focusing on enterprise risk management offers a much more interesting career path for the CISO. In this way, chiefs are aligned more closely with the strategic direction of their business, which could lead to the executive suite.

Virtualization And Security Configuration Policy Compliance

Emerging virtualization technologies hold out the promise of better IT asset utilization, more agile IT asset allocation, and more secure and consolidated IT infrastructure. The same dynamic provisioning capabilities that support these compelling value propositions introduce new complexity into IT configuration policy compliance efforts.

Systems with dynamic numbers of OS instances must be demonstrably compliant, not just in an anticipated steady state but also in any state into which the system may be driven by load variation or failover response. Each hosted guest operating system instance and application must be compliant in the traditional sense and configured consistently with the security and operational configuration of the underlying virtual processor and storage assets. Finally, mitigation and remediation of hosted assets will be constrained by limitations in the plausible configuration of the underlying shared physical resources. Compliance will have to be addressed in the context of both host and guest configuration policies. Policy consistency and configuration compatibility at the application, service, operating system, and virtual asset level will emerge as core assessment issues.

The session will provide insight into the new compliance issues introduced by the deployment of virtualization technologies and will discuss technical and methodological approaches to effectively sustaining compliance in these environments.

Sustainability in the face of global competition means that businesses are forced to become increasingly dynamic, able to manage escalating levels of change to the enterprise in the form of new products, new markets, new people, new skills, acquisitions, divestitures, and more. Ultimately, this means managing more risk. Many firms manage this risk from a purely defensive point of view or as a response to regulatory pressure, an approach that will prove to add limited value to the organization. True competitive advantage will stem from an enterprise's ability to use information to make calculated and agile business decisions in the context of increasingly complex circumstances. Risk information and risk technology will be to solution to be fully leveraged for competitive advantage (just like CRM and ERP systems help manage client and resource assets today).

Technology must facilitate the various ways in which individuals need to interact with risk information yet provide the enterprise with the information quality and policy control required to deliver strategic advantage. Most importantly, it must be able to support constant change in the enterprise's business and technical environment. These are fundamental design constraints in the core model of any modern risk management system.

This session looks at next-generation technology in the form of flexible "machinery" that serves the intellectual, subjective, and process design considerations unique to the organization's people, policy, and strategy.

This session will give a granular look at what comprises the role of the chief privacy officer (CPO), based on the results of the joint Deloitte & Touche And Ponemon Institute CPO Survey. This session will provide an opportunity to take a deep look into the CPO role and understand key tasks and activities occupying CPOs today. In addition, the session will provide insight into the actual versus optimal allocation of the CPO's time in meeting the data protection priorities of the enterprise. Special attention will be given to privacy incident response and breach notification, as well as the level of CPO time and effort required to deal with these events.

Based on his experience with the Standard Chartered Bank, Meakin will discuss:

• Progress of the Jericho Forum.
• Providing security for new subsidiaries in China and other emerging markets

Security can be complex as you enter the international arena. It is essential to take cultural differences into account while managing security in an international environment. During his talk, Raines will examine:

• Cultural and regulatory differences across Latin America, North America, Europe, and Asia and how they affect security.
• How security managers must take these differences into account in order to effectively manage security in their environments.