The security organization is finally starting to get the visibility that it had been asking for, but now it doesn't know how to deal with it. Many chief information security officers understand that they need to align themselves with the business and provide strategic advice, but they don't know how. The results from Forrester's Enterprise And SMB Security Survey, North America And Europe, Q3 2007 highlight some of these issues, challenges, and priorities for CISOs. This survey covers:
- Top issues, challenges, and priorities for CISOs in 2008
- The changing responsibilities of the security organization
- Progress businesses have made in aligning security with other parts of IT and the business

• How has the Threat Landscape changed?
• Who and what do we need to protect against?
• What new approaches are there to combat organised cybercrime?
• How could a cloud client architecture be the answer?

Synopsis: The need for increased computing agility, coupled with the increasing cost and complexity of IT systems, have driven the rapid adoption of virtualisation technologies. While virtualisation has operational and economic rewards, the reality is that when information security controls are improperly implemented or neglected in virtualised environments, real security risks and exposures can be created faster than ever. The good news is that information security can take some practical steps right away to limit operational and security risks.

Session highlights will include:

• Practical steps to take to implement effective security controls across virtual and physical infrastructures
• How to "bake security in" from conception or incorporate security now if virtual machines are already operating
• How to use tools to address security issues, including the freely available Tripwire ConfigCheck

Synopsis: ABN AMRO Bank has gone through extremely turbulent times. The presentation focuses on the impact of the organisational changes on security management and the key issues for the information security department. The actions to keep security management effective are discussed.

Session highlights will include:

• An insight into consequences of the financial crisis on the financial sector.
• Impact of organisational changes on security management and the key challenges.
• Practical actions to implement effective Security Management during turbulent times.

Exactly how do you establish effective metrics based on your organization¿s unique requirements? You¿ll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management. This session bridges management¿s quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. You'll learn how to:
- Replace nonstop crisis response with a systematic approach to security improvement
- Understand the differences between "good" and "bad" metrics
- Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk
- Quantify the effectiveness of security acquisition, implementation, and other program activities
- Implement balanced scorecards that present compact, holistic views of organizational security effectiveness