Gartner Security and Risk MGMNT Summit 2013

Gartner
Security & Risk Management

Summit 2013
June 10 13
National Harbor, MD
gartner.com/us/securityrisk
FIVE COMPLETE PROGRAMS

Chief Information Security Officer (CISO)
IT Security
Business Continuity Management
Risk Management and Compliance
The Business of IT Security
Plus: New Industry Day Forums
Reset Your World: The Evolving Role of Risk Management and Information Security
Reset Your World: The Evolving Role of Risk

Discover the full spectrum of security and risk topics
After nearly a decade of steady progress toward maturity, IT security and risk management have reached a tipping point.
The Nexus of Forces social, mobile, cloud and information has unleashed a new wave of change and threats.
Emerging markets and a jumble of international regulatory and compliance obligations have also increased the complexity
of the business environment. In addition, the uncertainty of climate change such as Superstorm Sandy is making
business continuity management (BCM) more important than ever.
As these threats and changes transform markets and redefine competitive advantage, business leaders are recognizing the
critical role IT security and risk management disciplines play in ongoing business growth and transformation. This years
Gartner Security & Risk Management Summit, June 10 13, in National Harbor, MD, delivers the essential tools and
strategies CIOs, CISOs, CROs, CTOs and their teams need to identify and communicate emerging risks, manage them
appropriately and enable the business to grow and prosper as securely as possible.
Key benefits of attending
Who should attend
Reset your security and risk strategy to focus on enabling

business objectives
CIOs, CSOs, CISOs, CTOs, CROs, CPOs
Stay relevant in your role as the Nexus of Forces

redefines IT security and risk
Network managers, security executives and directors
Implement BCM best practices to make the business

more resilient to threats
Enterprise architects and planners
Understand, anticipate and mitigate the risks of new

social collaboration tools
IT vice presidents, directors and managers

IT/IS directors and managers
Business continuity and IT disaster recovery managers
Senior business executives
Craft a strategy to deal with emerging BYOD and

mobile threats
Risk managers
Gartner Security & Risk Management Summit 2013
Finance, audit, legal risk and compliance managers
North Americas
most important
annual gathering
of the IT security
and risk
community
Management and Information Security

Five programs offer in-depth coverage of
core areas of specialization
When you join us at Gartner Security & Risk Management Summit 2013,
youll have access to more than 50 Gartner analysts presenting the
latest research covering the full spectrum of security and risk topics. From
infrastructure security to identity and access management, governance to
fraud to emerging risks, technology implementation to boardroom presentation,
this is the singular opportunity each year to update every aspect of risk
management and security based on the latest Gartner insight.
TABLE OF CONTENTS
4 Summit Programs
5 Industry Day Perspective Forums
6 Virtual and Vertical Industry Tracks
7 Keynote Sessions
8 C
hief Information Security
Officer (CISO) Program
9 CISO Agenda Tracks
10 CISO Invitational Program
11 IT Security Program
Whats new for 2013
13 IT Security Agenda
Industry Day Perspective Forums with dedicated content and Gartner analysts
for key industries
14 B
usiness Continuity Management
Program
Advanced CISO Program that addresses strategic issues for success
15 BCM Agenda
More than 150 sessions, keynotes, workshops, tutorials and case studies
16 R
isk Management and Compliance
Program
Revamped agenda offering more types of sessions
17 R
isk Agenda
New Mastermind Interview keynote: Steve Bennett, CEO and

Chairman of the Board, Symantec
18 T
he Business of IT Security Program
New Super Roundtable Session 20 roundtable discussions with your peers

Our Gartner for Technical Professionals analysts explore architecture and
planning considerations to protect information and build secure applications
19 Session Descriptions
35 Solution Showcase
38 Agenda at a Glance
41 Registration and Pricing
Interaction with more than 120 vendors

Visit gartner.com/us/securityrisk for agenda updates and to register
SUMMIT PROGRAMS
PROGRAMS
SUMMIT
ANALYST-USER
ROUNDTABLES
These topic-driven end-user discussions
are moderated by Gartner analysts.
Learn what your peers are doing around
particular issues and across industries
(preregistration required).
MEET ONE-ON-ONE WITH

A GARTNER ANALYST
Private 30-minute consultations with a
Gartner analyst provide targeted,
personalized advice to help you plan
proactively and invest wisely
(preregistration required).
Five role-based programs for

targeted insight
Chaired by experts in each discipline, this years summit offers five role-based
agenda programs providing a more targeted learning and networking experience.
Program Descriptions
Chief Information Security Officer (CISO) Program
This year the CISO program graduates from CISO basics to strategic
and tactical planning. There are still too many things that should be done
with too few resources. So how do you make use of the best information
you have to set priorities and get things done, while moving toward
those elusive strategic goals?
IT Security Program
Cloud, social, mobile and big data drive new opportunities but challenge
traditional approaches to IT security. Their adoption for business
operations requires security programs to mature rapidly. This program
provides insights on security management from Gartner for IT Leaders
analysts, and on security technology management from Gartner for
Technical Professionals analysts.
Risk Management and Compliance Program
Integrated performance and risk management is the next promising
evolutionary step for risk management and compliance programs. But
new regulatory and legal challenges continue to mount. Early detection
and mitigation of emerging risks are critical. This program focuses on
the technologies and strategies to improve governance, manage risk,
ensure compliance and adhere to the letter and spirit of the law.
Business Continuity Management (BCM) Program
Can your organization survive another Superstorm Sandy? The number
of regional disasters is growing. How will your enterprise ensure
continuing operations when a business interruption occurs? These
sessions help organizations anticipate the unexpected, and reinforce
a discipline of risk management and mitigation, response and recovery
in the corporate culture.
The Business of IT Security Program
This program examines the latest technologies and trends, and financial
and strategic views, of the security and risk market. Find out how big
the market is for software and services, which market leaders are
succeeding, and why. Learn where the innovation is, and how Gartner
analysts rate the leading security vendors.
Industry Day Perspective Forums

New! Industry Day Perspective Forums
Aligning IT-specific initiatives to the industrys business success is the focus of every IT professional. The challenge is how
to illustrate ITs impact on the business goals whether to the bottom line, quality, expense control or client satisfaction.
Thats why we are pleased to kick off our Monday program with special Industry Perspective Forums. Five sectors are
covered in separate tracks that deliver targeted content and industry-specific perspectives for the following: Energy/Utilities,
Government, Healthcare, Financial Services and Manufacturing. Industry Day Perspective Forum sessions include:
Government
Healthcare
IG1. Case Study: Advanced, Persistent and

Threatening Who Are the Attackers and What
Are They Doing?
Dave Monnier, Security Evangelist and Fellow,
Team Cymru; Lawrence Pingree
IH1. Dont Give Them the Keys to the Kingdom Until

You Know Who They Are
Barry Runyon
IG2. Critical Infrastructure Protection

Requirements Driving New Security Demand
Wes Rishel
IH2. HIPAA Bites: Getting Ready for HIPAA

Enforcement
Ruggero Contu
IH3. Help Save Healthcare: Tackling Fraud and

Abuse at an Enterprise Level
IG3. Best Practices for Mitigating Advanced

Persistent Threats
Christina Lucero, Avivah Litan
Lawrence Pingree
Financial Services
IF1. Case Study
TBA
IF2. Do I Need Cyberinsurance?
Energy/Utilities and Manufacturing

IME1. Understand OT: The Emerging Risks From
Advanced Automation
Earl Perkins, Kristian Steenstrup
IME2. Supply Chain IT Risk Challenges: What

Exactly Is That Supplier Doing?
Juergen Weiss
Erik T. Heidt
IF3. Strategic Road Map for Financial Services

Enterprise Risk Management
IME3. Securing the OT Environment
John A. Wheeler
IME4. Responsibility and Accountability of

OT Systems
Kristian Steenstrup
VIRTUALAND
VIRTUAL
ANDVERTICAL
VERTICALINDUSTRY
INDUSTRY
TRACKS
TRACKS
Virtual and vertical industry tracks make it easy to follow a key trend, hot topic or address industry issues in relevant
sessions pulled from across all five conference programs. To further customize any track, visit Agenda Builder at
gartner.com/us/securityrisk.
Virtual Tracks
Vertical Industry Tracks
Mobility and Security

This track covers some of the business-critical system and
data issues emerging from new wireless technologies.
Financial Services
Fighting fraud while keeping online banking seamless and
efficient are just a few of the key issues covered at this
years event. See what else is covered for those in the
financial services industry.
Cloud Computing
This track explores this and more of the latest challenges
associated with cloud security.
IAM and Secure Business Enablement
This track features a wealth of presentations on current best
practices and the latest issues and trends.
Advanced CISO
Our CISO track contains best-practice and security
program planning information. For those with more
advanced needs, we have identified this curriculum as
a suggested set of sessions.
Technical Insights: Security Architecture
Explore the architecture and planning considerations for
protecting information, building secure applications,
understanding threats, auditing and monitoring activity,
and managing risk associated with new devices and service
hosting models. These sessions are delivered by Gartner
for Technical Professionals (GTP) analysts.
Cybersecurity
This track helps you separate the hype from the reality and
highlights best practices for protecting your organization in a
rapidly changing threat environment.
Big Data
These sessions analyze the role that big data plays in security,
and how it can enhance our defenses against targeted
attacks and advanced persistent threats (APT).
Government
Government agencies are looking to develop cohesive
national cybersecurity initiatives that are in partnership with
consumers and the public sector. This is just one of the
key issues covered at this years event. See what else is
covered for those in government.
Healthcare
Enterprises today are challenged to increase quality of service
delivery, reduce compliance costs and anticipate healthcare
reform while maintaining patient privacy and protecting
intellectual property. This track covers this and more,
specifically for the healthcare and pharmaceutical industries.
Energy/Utilities
Establishing effective and efficient smart grid technology
while combating for fraud, cyberattacks and the loss of
control are just a few of the key issues covered at this years
event. See what else is covered for those in energy/utilities.
Manufacturing
Managing and optimizing increasingly interconnected and
complex control networks while reducing costs and
maintaining system integrity and protecting proprietary data
are just some of the key issues covered at this years event.
See what else is covered for those in the manufacturing sector.
Social and Security

This track shows you how security and risk teams contain the
risks found in social media usage while maximizing the
benefits of social-enabled work processes.
Leadership/Professional Development
This track provides insights into the full range of
skillsandknowledge required to advance your capabilities
as a security and risk manager.
6
KEYNOTE SESSIONS
Guest keynotes
The Intersection of National Security, Leadership and the
Global Economy
Admiral
Mike Mullen
Serving at a critical juncture in our nations history, Admiral Mike Mullen was a
key influencer in shaping the security of our nation for decades to come. A man
of unparalleled experience, vision and integrity, Mullen shares with audiences
his belief that, Our financial health is directly related to our national security,
and discusses how the key to the United States economic success in the next
century is to create opportunity. With an eye on the horizon and to the threats
that still lie ahead, Mullen discusses Americas greatest challenges
economic growth, infrastructure, education and foreign and military policy.
Chairman of the
Joint Chiefs of Staff
2007-2011; Chief of
Naval Operations;
Commander, U.S.
Naval Forces Europe/
Allied Joint Force
Command Naples;
Vice Chief of
Naval Operations;
Commander, U.S.
Second Fleet
Whos Got Your Back: Creating and Developing

Great Relationships
Keith Ferrazzi
As founder and CEO of Ferrazzi Greenlight, Keith Ferrazzi works to transform

old behaviors that block global organizations from reaching strategic goals,
into new behaviors that increase shareholder value. The firms Greenlight
Research Institute has proven the correlation between positive relationships
and business success, particularly in sales performance. Based on a decade
of field engagements with iconic global organizations, Ferrazzi has perfected
techniques of collaborative coaching and motivation of key constituencies that
positively transform organizational behavior.
CEO, Ferrazzi
Greenlight; Author of
Whos Got Your Back
and Never Eat Alone
The Gartner Mastermind Interview
Steve Bennett
Steve Bennett was named Symantecs chief executive officer in July 2012.
Prior to that, Bennett joined Symantecs board of directors in February 2010
and became chairman in 2011. Bennett previously led Intuit serving as
president and chief executive officer from 2000-2007. Under Bennetts
leadership Intuit grew its existing businesses while simultaneously expanding
into new markets. Bennett joined Intuit after a 23-year career at General
Electric, where he managed complex and diverse organizations from consumer
appliances to financial services. He currently serves on boards at American
Airlines and parent company AMR Corporation, along with Qualcomm.
CEO and Chairman of

the Board, Symantec
Gartner keynotes
Opening Global Keynote: Reset
Paul E. Proctor, Vice President and Distinguished Analyst; Andrew Walls, Vice President and Conference Chair;
F. Christian Byrnes, Managing Vice President; John A. Wheeler, Director
Now is the time to break the inertia that blocks progress in security and risk management. The evolution of risk and
security officer roles shows the way to reset your approach to security and risk management, and create and sustain
significant security and risk benefits to your organization. (And it wont hurt your career any either!)
The Gartner Five-Year Security and Risk Scenario

F. Christian Byrnes, Managing Vice President; Andrew Walls, Vice President and Conference Chair
Gartners research community for security and risk is composed of over 50 dedicated and numerous contributing
analysts. This scenario represents their five-year projection of the state of security and risk. The intent is to provide
a base for your long-term strategic planning.
CHIEF INFORMATION SECURITY OFFICER (CISO) PROGRAM

HOT TOPICS
Strategic planning for information
security
Business/IT security alignment
Governance and policy setting
Business value of information
security
Enterprise security architecture
Creating a risk-aware culture
Process maturity

WHO SHOULD ATTEND
CISOs, CIOs, CSOs, CROs, CTOs
and IT vice presidents
New CISOs who want to build their
leadership role based on leadingedge Gartner research, insights and
best practices
Experienced CISOs looking to
refresh their understanding of
the latest trends, tools, threats
and technologies
IT security executives on a CISO
career track
Go beyond the CISO fundamentals to

strategic and tactical planning
This year, for the first time, the CISO Program goes beyond fundamentals to
address enterprisewide strategy and tactical planning for chief information
security officers. Too many things still need to be done with too few resources.
Well look at how to use the best information available to set priorities and
move toward strategic goals.
In addition to reporting lines, budgets, staffing, and governance, sessions will
address how to act like and be seen as a business leader, understand and
explain security concerns and technologies in business terms, and recognize
what drives the behaviors at the root of many security failures and how to
change them with people-centric security strategies. This years program
agenda features:
13 CISO-focused analyst sessions, plus an additional 16 sessions covering
all the issues CISOs face in todays market
Advanced CISO Program addressing strategic issues for success in your
role, including: strategic planning for information security, alignment of IT
security to the business; governance and policy setting; creating a
risk-aware culture; and process maturity
Exclusive CISO Invitational Program for qualified CISOs
Gartner analysts, focused on your needs in the CISO role, available for
private one-on-one meetings
Workshop: Selecting Solutions for the Control and Monitoring of Public
Social Media
VIP Roundtable: Working with the Chief Legal Officer (CLO)
Meet the analysts

Gartner analysts draw on the real-life challenges and solutions experienced by
clients from over 13,000 distinct organizations worldwide.
F. Christian Byrnes
Managing Vice President
and CISO Program Lead
Rob McMillan
Director
Paul E. Proctor
Vice President and
Distinguished Analyst
Tom Scholtz
Vice President and
Andrew Walls
Vice President
and Conference Chair
John A. Wheeler
Director
CISO AGENDA TRACKS

MONDAY, JUNE 10
8:00 a.m. Event Orientation
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair;
Paul E. Proctor, Vice President and Distinguished Analyst; F. Christian Byrnes, Managing Vice President;
John A. Wheeler, Director
9:05 a.m. K1b. Gartner Opening Remarks Andrew Walls, Vice President and Conference Chair
9:45 a.m. IG1. Case Study: Advanced, Persistent and Threatening: Who Are the Attackers and What Are They Doing?
Dave Monnier, Security Evangelist and Fellow, Team Cymru; Lawrence Pingree
10:45 a.m. Solution Provider Sessions
11:30 a.m. IG2. Critical Infrastructure Protection Requirements Driving New Security Demand Ruggero Contu G
2:15 p.m. IG3. Best Practices for Mitigating Advanced Persistent Threats Lawrence Pingree G
CISO
4:30 p.m. A1. Transform Your Security and Risk Program or Find Another Job Paul E. Proctor
5:30 p.m. A2. Preparing a Security Strategic Plan F. Christian Byrnes
6:15 p.m. Solution Showcase Evening Reception and Theater Presentations
TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell;
Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular
(Registration required; end users only.)
8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen,
Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval
Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander,
U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the
Board, Symantec
10:00 a.m. W6. Workshop: Use a Balanced Scorecard to Demonstrate Securitys Value Rob McMillan
Absolutely first rate

conference! The best
security event I have ever
attended. Knowledgeable
presenters, timely and
relevant content, great
networking opportunities.
2012 conference attendee
11:15 a.m. A3. Organizing for Success: Developing Process-centric Security Teams Tom Scholtz
2:00 p.m. A4. Finding the Optimal Balance Between Behavioral and Technical Controls
Andrew Walls
4:15 p.m. A5. Maverick Research: Transform Your Security Program From Control-centric to People-centric
Tom Scholtz
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario Andrew Walls , Vice President
and Conference Chair; F. Christian Byrnes, Managing Vice President
6:30 p.m. Hospitality Suites
WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular
8:00 a.m. K5. Guest Keynote Whos Got Your Back: Creating and Developing Great Relationships
Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of Whos Got Your Back and Never Eat Alone
10:30 a.m. A6. That Frightening Phrase: The Standard of Due Care Rob McMillan
11:30 a.m. A7. The Care and Feeding of an Effective Awareness Program Andrew Walls
1:45 p.m. A8. Using Outside Resources: Security Consultants and Threat Intelligence Services Rob McMillan
4:00 p.m. A9. To the Point: The Risk Management Maturity Pathway Rob McMillan
4:30 p.m. A10. To the Point: The Information Security Maturity Pathway Rob McMillan
6:00 p.m. Summit Party VIP Boat Cruise (By invitation only)
THURSDAY, JUNE 13
830 a.m. A11. Case Study
TBA
9:30 a.m. A12. Panel: Reset Your IAM Planning! Lessons From the Veterans Gregg Kreizman, Earl Perkins
10:30 a.m. A13. Open Mic
F. Christian Byrnes
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell,
Vice President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director;
Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President
CISO Invitational Program
CISO INVITATIONAL
PROGRAM FEATURES
Direct interaction with analysts
The latest research on top priorities
for CISOs
Boardroom case study
presentations with leading solution
providers
Advanced CISO virtual track for
more experienced CISOs
C-level-only roundtable discussions
Exclusive CISO networking events
Keynotes, general sessions and a
Mastermind Interview
Security management workshops
An exclusive gathering of CISOs and

Gartner analysts
The Gartner Chief Information Security Officer (CISO) Invitational Program,
held concurrently with Gartner Security & Risk Management Summit 2013,
gathers a carefully screened group of CISOs for a chance to learn the current
best practices, get updates on how peers are handling evolving challenges,
and improve leadership skills. Admission is subject to approval and includes
complimentary roundtrip airfare, accommodations, registration fee and access
to session presentations online, including audio and slides.
If you qualify for this program, your day will be spent gaining valuable market
intelligence from the worlds top technology providers as you participate in
private boardroom presentations and select components of Gartner Security
& Risk Management Summit 2013, which include:
Complete CISO Program, consisting of analyst-led sessions, interactive
workshops, tutorials, case studies and more
Special CISO-only sessions and networking opportunities
More advanced sessions for those with experience in the CISO role
Five keynotes and general sessions and a new Mastermind Interview keynote
Solution Showcase featuring more than 120 leading-edge solution providers
We encourage you to submit your application for qualification today because
seats are filling quickly. To apply, visit gartner.com/us/securityrisk/ciso.
10
IT SECURITY PROGRAM
The Nexus of Forces social, mobile, cloud and information is having a
major impact on IT security, both on how its accomplished and with regard
to new threats and vulnerabilities. In this comprehensive program, sessions
will cover the breadth of todays IT security priorities, from network,
infrastructure and data protection to application security, identity and
access management, privacy and mobile and cloud security.
Gone are the days when walling off intruders and controlling access was
enough. Thanks to the cloud, social media and BYOD, the line of defense
has blurred beyond recognition. Securitys new mandate is to focus on
business objectives and find ways to enable new opportunities in a secure,
trusted environment.
Featuring Technical Insights sessions from Gartner for Technical
Professionals, the IT Security Program delivers the tools and next steps to
get things done today and understand where the technology is taking us
tomorrow. The program agenda features:
More than 70 sessions, workshops and roundtables covering all of the
latest issues enterprises are faced with today
10 Technical Insights sessions by Gartner for Technical Professionals
analysts that drill down on best practices in cloud, mobile and virtualization
Tutorials on topics including top security trends and identity and access
management
Plus, 10 IT security-focused workshops, 12 To the Point sessions,
networking events, panels, analyst-user roundtables, and much more
25 on-site Gartner analysts focused on IT security, available for private
one-on-one meetings

HOT TOPICS
Advanced targeted threats
(advanced persistent threat APT)
BYOD security
DDoS mitigation
Mobility
Data loss prevention (DLP)
Next-generation firewalls
Next-generation intrusion prevention
Security information and event
management
Network access control
Anti-malware
Secure email
Secure Web
DNS security
Unparalleled opportunity
to network at a national
level. Great info on
industry trends, tools and
overall solutions.
2012 conference attendee
11
SECURITYPROGRAM
AGENDA
IT SECURITY
Meet the analysts
Gartner analysts draw on the real-life challenges and solutions experienced by clients from over 13,000 distinct
organizations worldwide.
Ant Allan
Vice President
Anton Chuvakin
Director, Gartner
for Technical
Professionals Analyst
Alan Dayley
Director
Mario de Boer
Director, Gartner
for Technical
Joe Feiman
Vice President
and Gartner Fellow
Peter Firstbrook
Vice President
John Girard
Vice President and
Jay Heiser
Vice President
Kelly M. Kavanagh
Principal Analyst
Gregg Kreizman
Vice President
Ramon Krikken
Vice President,
Gartner for Technical
Avivah Litan
Vice President and
Brian Lowans
Principal Analyst
Neil MacDonald
Vice President and
Gartner Fellow
Eric Maiwald
Vice President,
Gartner for Technical
Rob McMillan
Director
Mark Nicolett
Lawrence Orans
Director and IT Security
Program Lead
Eric Ouellet
Vice President
Earl Perkins
Vice President
Tom Scholtz
Vice President and
Ray Wagner
Jeffrey Wheatman
Leadership Partner
Greg Young
Vice President
12
IT SECURITY AGENDA
MONDAY, JUNE 10
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair; Paul E. Proctor, Vice President and Distinguished Analyst;
9:45 a.m. IF1. Case Study TBA
IH1. Dont Give Them the Keys to the
IME1. Understand OT: The Emerging
IME2. Supply Chain IT Risk
Kingdom Until You Know Who They Are
Risks From Advanced Automation
Challenges: What Exactly Is That
Barry Runyon H
Earl Perkins, Kristian Steenstrup EU M
Supplier Doing? Erik T. Heidt GTP
11:30 a.m. IF2. Do I Need Cyberinsurance? Juergen Weiss
IH2. HIPAA Bites: Getting Ready for HIPAA IME3. Securing the OT Environment
F
2:15 p.m. IF3. Strategic Road Map for Financial Services
Enterprise Risk Management John A. Wheeler
Enforcement Wes Rishel H

IH3. Help Save Healthcare: Tackling
Fraud and Abuse at an Enterprise Level
Christina Lucero, Avivah Litan H
Earl Perkins, Kristian Steenstrup EU

IME4. Responsibility and Accountability
of OT Systems Kristian Steenstrup
EU M
IT SECURITY
4:30 p.m. B1. Practicing Safe SaaS Jay Heiser
C1. Securing Private, Public and Hybrid

Cloud Computing Neil MacDonald
D1. Panel: Getting IAM Going Best

E1. Big Data Discovery Using
Practices for Formalizing Your IAM
Content-Aware Data Loss Prevention
Program Ant Allan, Earl Perkins,
Solutions Eric Ouellet
Ray Wagner
W5. Workshop: Gartner Network Security Design Greg Young
W4. Workshop: Build an Effective Security and Risk Program Tom Scholtz,
Rob McMillan, Jeremy DHoinne
5:30 p.m. B2. Cyberthreat Lawrence Orans
C2. Panel: What Is the Future of Mobile
Management and Security?
Peter Firstbrook, Neil MacDonald,
John Girard
D2. Cost, Consequence and Value: The

Economics of IAM Earl Perkins
E2. Cloud Encryption: Strong Security,

Obfuscation or Snake Oil?
Ramon Krikken GTP
TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10
Christina Lucero, Irma Fabular (Registration required; end users only.)
10:00 a.m. W7. Getting Value Out of IT Security and Risk Metrics Programs Ramon Krikken GTP
11:15 a.m. B3. Presenting a Hard Target to Attackers:
C3. Top 10 Security Myths Jay Heiser
Operationally Effective Vulnerability Management
Mark Nicolett
2:00 p.m. B4. Panel: Real-World Case Studies in Mobile
C4. How Can You Leverage Content-Aware
Banking Security Moderator: Avivah Litan;, Dave
DLP to Ensure Your Corporate Policies and
Jevans, Chairman, Anti-Phishing Working Group,
Processes Are Effective? Eric Ouellet
Marble Security; Vas Rajan, Chief Information
Security Officer, CLS Bank; Tim Wainwright,
Managing Director, CISSP, Security Risk Advisor
4:15 p.m. B5. Mobile Device Security Exploits in Depth John
C5. Endpoint Security When the
Girard, Dionisio Zumerle
Consumer Is King Peter Firstbrook
5:30 p.m. K4. Gartner Keynote The Gartner Five-Year Security and Risk Scenario
D3. Town Hall: Access All Areas

Ant Allan, Gregg Kreizman
E3. TBA
D4. Your Cloud and Mobile Devices Broke

My IAM Gregg Kreizman
E4. Security Monitoring of Public

Cloud Anton Chuvakin GTP
D5. IAM for Applications and Data: The

E5. Using Managed Containers to
Rise of Data Access Governance
Protect Information on Mobile Devices
in IAM Earl Perkins
Eric Maiwald GTP
Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing Vice President
WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
Never Eat Alone
10:30 a.m. B6. Preparing Your Security Program for BYOD
Eric Ahlm
C6. Cybersecurity! (The Biggest Scam

Since the Ponzi Scheme) Greg Young
W10. Workshop: Meeting Business Needs for Mobility and Security

11:30 a.m. B7. Predictions: Your Network Security
in 2018 Greg Young
Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of Whos Got Your Back and
D6. Using Big Data Analytics for

Information Security Neil MacDonald
E6. Managing, Securing and

Budgeting the Mobile Device Life
Cycle John Girard
Eric Maiwald
C7. User Activity Monitoring for Early

Breach Detection Mark Nicolett
1:45 p.m. B8. Encryption Planning Made Simple! Follow the

Data Brian Lowans
C8. Big Security Data Is Neither Big

Security Nor Big Intelligence
Joseph Feiman
W11. Workshop: Cloud Contracts Develop Your Own Security and Risk Exhibits
Gayla Sullivan
4:00 p.m. B9. To the Point: The Database Security Manual
C9. To the Point: Deny Denial of Service
What You Need to Know Brian Lowans
Attacks Lawrence Orans
4:30 p.m. B10. To the Point: Cybersecurity for the Internet of
C10. To the Point: Playing Chess With
Everything Earl Perkins
APTs Anton Chuvakin; Ramon Krikken
GTP
D7. Good Authentication Choices for

Smartphones and Tablets
John Girard, Eric Ahlm
D8. Mobile Device Policy Essentials
John Girard, Dionisio Zumerle
E7. Keeping Bad Guys Out of Your

Accounts Using Five Layers of Fraud
Prevention Avivah Litan
E8. Case Study: A Successful
Implementation of the FICAM
Guidelines
TBA
W12. Workshop: IT Risk Cloud Manifesto Defining What Enterprises Need but
Arent Getting! Erik T. Heidt
D9. Case Study TBA
E9. To the Point: Refresh Vulnerability
Assessment Kelly M. Kavanagh
D10. To the Point: Revolution and
E10. To the Point: Best Practices
Evolution in Windows 8 Security
for Securing Information During
Mario de Boer
International Travel Dionisio Zumerle
THURSDAY, JUNE 13
8:30 a.m. B11. The Seven Dimensions of Context-Aware
Security Avivah Litan
C11. Top Mobile Gear: Mobility Road Trip!

Ant Allan, John Girard, Tom Scholtz
W13. Workshop: Mobile Application Security

Neil MacDonald
9:30 a.m. B12. Is Cloud Encryption Ready for Prime Time?
Eric Ouellet
W14. Workshop: IT Security Planning a Self-Audit Khushbu Pratap
10:30 a.m. B13. Software-Defined Networking and Its Impact on

Security Eric Maiwald GTP
C12. Adapting the Secure Web Gateway

Peter Firstbrook, Lawrence Orans
D11. Getting to Single Sign-on Securely

Gregg Kreizman
D12. Panel: A World Without Passwords

and Tokens Ant Allan, Avivah Litan,
Ian Glazer
D13. Identity and Access Management
Gets Social Ant Allan
E11. Facing Information Sprawl: Secure

Synchronization of Data on Endpoints
Mario de Boer GTP
E12. DLP Architecture and Operational

Processes Anton Chuvakin GTP
C13. Panel: Hackers Are Not a Threat to

E13. Web Application Firewalls:
Security A Future of Internet Security
Features, Products, Deployment and
Joseph Feiman, John Girard, Avivah Litan,
Alternatives Mario de Boer GTP
Eric Ahlm, Neil MacDonald, Lawrence
Pingree, Eric Ouellet, Peter Firstbrook
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty, Vice
President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President
13
BUSINESSCONTINUITY
CONTINUITYMANAGEMENT
MANAGEMENT
PROGRAM
BUSINESS
PROGRAM

HOT TOPICS
BCM planning tools and
their implementation
ISO 22301 implementation
best practices
The nexus of technology to take
your BCM program to the next level
IT-DRM architectures and
technologies for recovery,
high-availability and exercising
BIA best practices
Exercising best practices
Supplier/third-party risk
BCM metrics
Cloud service provider risk
Recovery plan
development workshop
14
Did your organization survive Superstorm Sandy? Would it survive another

Superstorm Sandy? What happens when your production and recovery sites
are hit by the same outage? Do you know if your workforce can get to work to
do their jobs? The number of regional disasters is on the rise. How does an
enterprise ensure continuing business operations and systems availability in
the event of a major business interruption?
The 2013 Business Continuity Management Program will cover the breadth
of BCM priorities, including how to make BCM an enterprise risk function,
planning, strategy, availability risks in using cloud computing, plan
development and exercising, the new ISO 22301 BCM standard, supplier/
third-party availability risk, crisis management and communications, metrics
for success and reporting to the board and developments in BCM software
and complementary technologies for enhanced situational awareness.
These sessions help organizations anticipate the unanticipated and
work to create a culture of risk management and business resilience.
The program agenda features:
19 BCM-focused analyst sessions, workshops and roundtables
Workshop on developing effective and efficient disaster recovery plans
Case studies on BCM metrics and BCMP implementation
Tutorial on best practices for creating emergency messages
To the Point sessions, analyst-user roundtables, and much more
Eight on-site Gartner analysts focused on BCM, available for private
one-on-one meetings
BCM AGENDA
Meet the analysts
Leif Eriksen
Director
John Girard
Vice President and
Jay Heiser
Vice President
John P. Morency
Vice President
Donna Scott
Vice President and
Gayla Sullivan
Director
Belinda Wilson
Senior Director,
Gartner Consulting
Roberta J. Witty
Vice President and
BCM Program Lead
MONDAY, JUNE 10
9:45 a.m. PC2. ISO 22301 Implementation Session Roberta J. Witty; John P. Morency; Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting
11:30 a.m. T4. TBA
2:00 p.m. W3. Workshop: Selecting Solutions for the Control and Monitoring of Public Social Media
2:15 p.m. PC7. Using MSSPs for Effective Threat Management Kelly M. Kavanagh
Mario de Boer
GTP
BCM
4:30 p.m. H1. What Are the BCM Software Markets and How to Get the Most Out of Them
Roberta J. Witty, John P. Morency, Leif Eriksen, John Girard
5:30 p.m. H2. What You Can and Cannot Do With Recovery Exercise Management Automation
John P. Morency
TUESDAY, JUNE 11
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell; Roberta J. Witty; Lawrence Orans; Roman Krikken;
F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular (Registration required; end users only.)
8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen, Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval
Operations; Commander, U.S. Naval Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander, U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board, Symantec
11:15 a.m. H3. Case Study: Business Continuity Metrics From Project to Program to Incident Management Roberta J. WittyBCM Metrics
TBA
2:00 p.m. H4. Cloud Service Provider Risk Management Donna Scott, John P. Morency, Jay Heiser
4:15 p.m. H5. Managing Global Recovery and Continuity Risk
John P. Morency, Roberta J. Witty
Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes,
WEDNESDAY, JUNE 12
8:00 a.m. K5. Guest Keynote Whos Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of Whos Got Your Back
and Never Eat Alone
10:30 a.m. H6. What You Need to Know About Technical IT-DRM Architectures Donna Scott, John P. Morency
11:30 a.m. H7. Case Study TBA
1:45 p.m. H8. Recovery Exercising Best Practices Belinda Wilson
4:00 p.m. H9. To the Point: BCM Grows Up How a Nexus of Technologies Is Moving BCM Into the C-Suite Roberta J. Witty
4:30 p.m. H10. To the Point: The Business Continuity Management Planning Market in Depth Roberta J. Witty, John P. Morency
THURSDAY, JUNE 13
8:30 a.m. H11. Supplier Contingency Planning: What You Need to Know for Supplier Recovery Gayla Sullivan
9:30 a.m. H12. Designing and Architecting for 24/7 Availability Donna Scott
10:30 a.m. H13. How to Conduct an Effective BIA Belinda Wilson
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice President and Distinguished Analyst; Roberta J. Witty,
Vice President; Lawrence Orans, Director; Roman Krikken, Vice President; F. Christian Byrnes, Managing Vice President
15
RISK MANAGEMENT
MANAGEMENTAND
ANDCOMPLIANCE
COMPLIANCE
PROGRAM
RISK
PROGRAM

HOT TOPICS
Enterprise and IT risk management
Integrated performance and risk
Emerging risks
Cloud risks
Social media compliance and
risk management
Third-party risk management
Risk-Adjusted Value
Management (using risk to
drive performance)
Creating key risk indicators
IT and corporate governance
Information governance
E-discovery
The fourth generation of GRC
Privacy
IT audit
16
As businesses transform themselves, push into new markets, pursue new

capabilities and experience the immediacy and transparency of a mobile, social
world, they face major new risk and compliance issues. Managing those risks
effectively is essential to improved business performance. Integrated
performance and risk is the next evolutionary step for governance, risk and
compliance (GRC) programs.
Measuring and managing the impact of risk on business performance;
complying with a variety of global rules, regulations and laws about financial
transactions and privacy; and detecting early and mitigating emerging risks are
all critical components of successful business and IT operations. The Risk
Management and Compliance Program focuses on the technologies and
strategies to improve governance and manage risk and compliance, as well as
strategies to communicate the benefits of effective risk management to
business leaders.
Meet the analysts

French Caldwell
Vice President and
Gartner Fellow and
Risk Program Lead
Carsten Casper
Vice President
Richard Hunter
Vice President and
Jorge Lopez
Vice President and
Khushbu Pratap
Senior Analyst
Paul E. Proctor
Vice President and
Julie Short
Director
Andrew Walls
Vice President
and Conference Chair
Jeffrey Wheatman
Leadership Partner
John A. Wheeler
Director
RISK AGENDA
MONDAY, JUNE 10
9:45 a.m. W1. Workshop: Information Security Architecture 101 Tom Scholtz, Doug Simmons
10:15 a.m. T1. Tutorial: Top Security Trends and Take-Aways for 2013 and 2014 Ray Wagner
PC1. Sharing Data Without Losing It Jay Heiser
11:30 a.m. PC4. SIEM Architecture and Operational Processes Anton Chuvakin GTP
PC5. Forget MDM: Extending Security and Identity to Mobile Apps Ramon Krikken GTP
2:00 p.m. W2. Workshop: How to Develop Effective and Efficient Disaster Recovery Plans Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty,
John P. Morency, Belinda Wilson
2:15 p.m. T3. Tutorial: IAM Myths and Monsters
PC6. End-User Case Study TBA
Ray Wagner
RISK MANAGEMENT AND COMPLIANCE

4:30 p.m. F1. /G1. General Session: Duck and Cover Preparing for Cyberwar Richard Hunter, Avivah Litan
5:30 p.m. F2. Linking Risk to Business Decision Making: Creating KRIs That Matter Paul E. Proctor
G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRC
French Caldwell
TUESDAY, JUNE 11
11:15 a.m. F3. Security and Risk Management Technologies for Social Media
Andrew Walls
2:00 p.m. F4. CEO Concerns 2013 and the IT Implications Jorge Lopez
4:00 p.m. W8. Workshop: TBA
4:15 p.m. F5./G5. General Session: A Clash of Forces Managing Emerging Risks of the Nexus
G3. A New Way Forward: How to Create a Strategic Road Map for Compliance
John A. Wheeler
G4. Maverick Research: Crowdsource Your Management of Operational Risk

Leif Eriksen, Paul E. Proctor
W9. Workshop: IT Risk Management Selecting the Best Assessment Methods and
Tools Jeffrey Wheatman, Khushbu Pratap
French Caldwell, Andrew Walls, panelists
WEDNESDAY, JUNE 12
8:00 a.m. K5. Guest Keynote Whos Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of Whos Got Your Back and
Never Eat Alone
10:30 a.m. F6./G6. Leadership, Governance and Risk David Marquet, Author of the Award-Winning Book, Turn the Ship Around!; French Caldwell
11:30 a.m. F7. Road Map for Intelligent Information Governance Alan Dayley
G7. Defining Three Segments in the Audit Technology Market Khushbu Pratap
1:45 p.m. F8. Align Governance to Your Organization for Success
Julie Short
4:00 p.m. F9. To the Point: Working With the Board of Directors on Risk and Technology for
Competitive Advantage Jorge Lopez
4:30 p.m. F10. To the Point: Conquering the Last Frontier of Governance With Enterprise Legal
Management John A. Wheeler
G8. Top 5 IT Audit Trends in 2012-2013 Khushbu Pratap

G9. To the Point: Is Your Business Keeping Up With the Changes and Best Practices for
E-Discovery? Alan Dayley
G10. To the Point: Anti-Bribery Fear and Hype Limits and Uses of FCPA Solutions
French Caldwell
THURSDAY, JUNE 13
8:30 a.m. F11. The Four Faces of Governance
French Caldwell, Julie Short
G11. Case Study TBA
W15. The Gartner Network Security Architecture Reference Model

9:30 a.m. F12. Ethics at the Nexus of Security, Privacy and Big Data Jay Heiser
G12. Why ERM and GRC Depend on Each Other to Succeed
John A. Wheeler
10:30 a.m. F13. Shrink-Wrap Governance: A Guide to Understanding GRC Software and Services
G13. Debate: Cyberinsurance Evolution or Revolution? Paul E. Proctor, John A. Wheeler
French Caldwell
New Risk Management and Compliance Program features for 2013

The Risk Management and Compliance Program features:
Tutorial on governance, risk and compliance (GRC)
More than two dozen risk-and-compliance-focused analyst sessions, To the Point sessions, case-studies,
panels, debates and Gartner for Technical Professionals (GTP) sessions
Three general sessions:
Duck and Cover: Preparing for Cyberwar
Richard Hunter, Avivah Litan
A Clash of Forces: Managing Emerging Risks of the Nexus
Leadership, Governance and Risk David Marquet, Author of the Award-Winning book
Turn the Ship Around!; French Caldwell
Special risk-management-and-compliance networking opportunities
Gartner analysts focused on risk management and compliance, available for private one-on-one meetings
17
THE BUSINESS OF IT SECURITY PROGRAM

THE BUSINESS OF IT SECURITY PROGRAM
Meet the analysts
Gartner analysts draw on the real-life
challenges and solutions experienced
by clients from over 13,000 distinct
organizations worldwide.
Eric Ahlm
Research Director
David W. Cearley
Vice President and
Gartner Fellow
Ruggero Contu
Director
Whats going on in todays dynamic, competitive, complex security and risk

marketplace? Where are leading companies putting their security dollars?
Which startups captured the $650 million in venture capital invested in security
and risk management startups last year?
The Business of IT Security Program offers CISOs, business and IT leaders an
overview of the latest developments in the security and risk market, including
market conditions and challenges, new technologies, mergers and acquisitions
and trends shaping the future of secure business enablement. This years
agenda features a panel of startup security company executives discussing
advanced threats, new technologies and what lies ahead. Including Gartner
ratings of leading security vendors, this financial and strategic overview is
essential for those participating in the sale, purchase or valuation of security and
risk-related technologies.
MONDAY, JUNE 10
8:15 a.m. K1a. Gartner Opening Global Keynote Reset Andrew Walls, Vice President and Conference Chair;
Paul E. Proctor, Vice President and Distinguished Analyst; F. Christian Byrnes, Managing Vice President;
John A. Wheeler, Director
9:45 a.m. PC3. Now What? How to Use Service Providers to Support SIEM Operations Kelly M. Kavanagh, Mark Nicolett
11:30 a.m. T2. Tutorial: Tell Me, Whats IT GRC Again? (Solutions to Common Challenges) Erik T. Heidt GTP
2:15 p.m. PC8. Road Stories: Lessons Learnt (and Fingers Burnt) in IT Risk Management
Tom Scholtz
Business OF IT SECURITY
Lawrence Pingree
Director and Business of
IT Security Program Lead
4:30 p.m. J1. Global Security Markets: Where Are We Going From Here? Eric Ahlm, Ruggero Contu, Lawrence Pingree
5:30 p.m. J2. Survey Analysis: Examining the Gartner Global 2012 Security Conference Survey Results Eric Ahlm,
Ruggero Contu, Lawrence Pingree
TUESDAY, JUNE 11

HOT TOPICS
Forecast report/analysis
Market share reports
User wants and needs survey
Key vendor SWOT analysis
MQ/trend analysis
Startup company panel
7:00 a.m. Power Breakfast: About Gartner and Security & Risk Management Research Andrew Walls, French Caldwell;
Roberta J. Witty; Lawrence Orans; Roman Krikken; F. Christian Byrnes
HC1. Healthcare Moderated Breakfast: Fraud, Waste, Abuse and ICD-10 Christina Lucero, Irma Fabular
8:00 a.m. K2. The Intersection of National Security, Leadership and the Global Economy Admiral Mike Mullen,
Chairman of the Joint Chiefs of Staff 2007-2011; Chief of Naval Operations; Commander, U.S. Naval
Forces Europe/Allied Joint Force Command Naples; Vice Chief of Naval Operations; Commander,
U.S. Second Fleet
8:45 a.m. K3. Guest Keynote The Gartner Mastermind Interview Steve Bennett, CEO and Chairman of the Board,
Symantec
11:15 a.m. J3. User Survey Analysis: Security Services Market Trends Eric Ahlm
2:00 p.m. J4. Panel: Security Startups Leading the Way to Success Ruggero Contu, Lawrence Pingree, Gaurav
Banga,CEO, Bromiun; Mike Horn, CEO, NetCitadel; Pravin Kothari, CEO, CipherCloud; George Kurtz, CEO,
Crowdstrike; Gordon Shevlin, CEO, Allgress
4:15 p.m. J5. Buyers Are From Mars, Vendors Are From Venus Eric Ahlm, Rob McMillan
and Conference Chair; F. Christian Byrnes, Managing Vice President
Andrew Walls , Vice President
WEDNESDAY, JUNE 12
7:00 a.m. HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular
8:00 a.m. K5. Guest Keynote Whos Got Your Back: Creating and Developing Great Relationships Keith Ferrazzi,
CEO, Ferrazzi Greenlight; Author of Whos Got Your Back and Never Eat Alone
10:30 a.m. J6. Information Security: Process or Technology Which Way Do We Go? Jeffrey Wheatman, Jay Heiser,
Anton Chuvakin, Neil MacDonald, Tom Scholtz
11:30 a.m. J7. Management Still Doesnt Get Security (And What You Can Do About That) Paul E. Proctor
1:45 p.m. J8. TBA
4:00 p.m. J9. To the Point: Security Specialist Career Guide Prosper, Survive or Leave Joseph Feiman
4:30 p.m. J10. The Evolving Security Software Ecosystems: Gartner Predictions for the Markets Future Ruggero Contu
THURSDAY, JUNE 13
8:30 a.m. J11. Top 10 Technology Trends for 2013: The Security Perspective David W. Cearley
9:30 a.m. J12. Gartner Security Market Magic Quadrant Reviews
Neil MacDonald, Joseph Feiman, Mark Nicolett
10:30 a.m. J13. Case Study TBA
Avivah Litan, John Girard, Kelly M. Kavanagh,
11:30 a.m. K6. Gartner Closing Insights Andrew Walls, Vice President and Conference Chair; French Caldwell, Vice
President and Distinguished Analyst; Roberta J. Witty, Vice President; Lawrence Orans, Director; Roman
Krikken, Vice President; F. Christian Byrnes, Managing Vice President
18
SESSION DESCRIPTIONS
GTP Sessions by Gartner for Technical Professionals analysts
F Financial Services
G Government
Track A

The CISO
A1. Transform Your Security
and Risk Program or Find
Another Job
Only about 30% of IT risk and
security officers have truly risk-based
programs. The other 70% continue
to struggle with outdated security
programs that are doomed to repeat
the same failures. We have reached
a tipping point where transformation
is not just an option but a
requirement to keep your job.
Paul E. Proctor
A2. Preparing a Security
Strategic Plan
The Gartner five-year security and
risk scenario provides a target for
where your security and risk program
should be in 2018. This presentation
explains how to create a strategic
plan that can get you there.
F. Christian Byrnes
A3. Organizing for Success:
Developing Process-centric
Security Teams
There is no such thing as a perfect,
universally appropriate model for
security organizations. Security
organizations must reflect the political
and cultural realities of the enterprise.
Every enterprise must develop its
own process-based model, taking
into consideration basic principles
and practical realities.
Tom Scholtz
H Healthcare
EU Energy/Utilities
M Manufacturing
A4. Finding the Optimal Balance

Between Behavioral and
Technical Controls
Security performance depends on a
delicate balance between technical
and behavioral controls. There are
times when technology provides the
best protection and others when the
user is in control. Effective security
needs to determine the appropriate
control balance based on context
and continuously optimize that
balance based on results.
Andrew Walls
A5. Maverick Research:
Transform Your Security
Program From Control-centric
to People-centric
The traditional control mindset of
information security cannot keep
pace with technological and
behavioral change, resulting in
policies and technologies that cause
frustration and impede agility. A new
approach is required one that
recognizes how the relationships
between IT, the business and
individuals have been transformed
irrevocably.
Tom Scholtz
A6. That Frightening Phrase:
The Standard of Due Care
Most organizations are aware of their
need to meet a standard of due care
in their normal business operations.
What this means is often not clear
and usually only becomes clear when
tested in court. In this presentation
we look at what this means in the
realm of IT security, highlighting a few
examples along the way.
Rob McMillan
A7. The Care and Feeding of an

Effective Awareness Program
User behavior controls the success
of security operations, but many
organizations fail to maintain an
effective program for driving
improvement in that behavior. This
presentation provides an in-depth
analysis of the structure and content
of security awareness programs
that actually produce results.
Andrew Walls
A8. Using Outside Resources:
Security Consultants and Threat
Intelligence Services
Clients occasionally seek advice
about the leading security consulting
firms in a particular geography. Many
factors determine whether a firm is
right for the task at hand. Clients
must assess the capabilities of a
consultant or firm by looking beyond
the brand and the marketing hype to
seek answers to critical questions.
Rob McMillan
A9. To the Point: The Risk
Management Maturity Pathway
Improving risk management maturity
is fundamental to improving the
cost-effectiveness and business
alignment of the enterprises risk
activities. The Gartner ITScore for
Risk Management is designed to help
you achieve this. Take a brief tour to
see what maturity levels 1 through 4
look like and where your organization
may fit.
Rob McMillan
A10. To the Point: The
Information Security
Maturity Pathway
Improving information security
maturity is fundamental to improving
19
session DESCRIPTIONS
descriptions
SESSION
the risk effectiveness and business
alignment of the enterprises security
activities. The Gartner ITScore for
Information Security is designed to
help you achieve this. Take a brief
tour to see what maturity levels 1
through 4 look like, and where your
organization may fit.
Rob McMillan
A11. Case Study
TBA
A12. Panel: Reset Your IAM
Planning! Lessons from
the Veterans
Many enterprises have planned and
implemented IAM systems Now
its your turn. Where to begin? What
are the best practices? How do you
measure IAM project success? What
are the characteristics of a successful
IAM solution? This panel of IAM
veterans takes your questions and
discusses details about their
deployments.
Gregg Kreizman, Earl Perkins
A13. CISO Open Mic
Open opportunity for discussion and
sharing among CIO participants.
F. Christian Byrnes
20
THE CISO WORKSHOPS

W3. Selecting Solutions for the
Control and Monitoring of Public
Social Media
Public social media are used by
enterprises and individuals within the
enterprise. Security professionals
must assess security and compliance
risks, and understand the strengths
and weaknesses of monitoring and
control solutions. In this workshop
you assess the risks to your
organization, and select a set of
technologies to mitigate these.
Mario de Boer
GTP
IT Security
B1. Practicing Safe SaaS
Most enterprises continue to struggle
with the appropriate use of SaaS,
but for most organizations, no is
not the right answer. Standards and
practices for risk assessment and use
continue to evolve, but gaps still
remain. This presentation provides
guidance on the creation of a SaaS
usage profiles.
Jay Heiser
W6. Use a Balanced Scorecard to

Demonstrate Securitys Value
There is no standard set of
industry-accepted security metrics.
Thats because they are hard to do.
The purpose of any credible security
scheme must be twofold: Show
how security is supporting business
outcomes, and inform management
about significant risks and their
management. It is possible to
achieve this. Learn how in this
hands-on workshop.
Rob McMillan
Track B
B2. Cyberthreat
Lawrence Orans
B3. Presenting a Hard Target to
Attackers: Operationally
Effective Vulnerability
Management
Todays attackers are getting better
at finding and exploiting security
weaknesses. The first order of
business is to present a hard target
to the attacker. Vulnerability
management needs to be extended
to deal with emerging threats, and
to accommodate the requirements
of cloud services. This presentation

G Government
provides advice on how to extend

vulnerability management to meet
new requirements.
Mark Nicolett
B4. Panel: Real-World Case
Studies in Mobile Banking
Security
This panel will bring together two or
three mobile security experts talk
about their experiences and wish
lists for future mobile security. What
are the threats and attack vectors
faced in mobile transactions? How
have organizations addressed these
threats? What are future
enhancements that are needed
in mobile transaction security?
Moderator: Avivah Litan;, Dave
Jevans, Chairman, Anti-Phishing
Working Group, Marble Security; Vas
Rajan, Chief Information Security
Officer, CLS Bank; Tim Wainwright,
Managing Director, CISSP, Security
Risk Advisor
F
B5. Mobile Device Security

Exploits in Depth
How can we stop worrying about
mobile security? You cant trust the
OS or the apps, the user resists
security practices, and your company
doesnt own the device. This
presentation puts the inconvenient
facts front and center with real
examples, and offers a path forward
to reduce risk while still taking user
experience into consideration.
B6. Preparing Your Security
Program for BYOD
Mobile devices are entering the
enterprise network at alarming
rates. As enterprises race to secure
mobile devices, a new challenge
H Healthcare
EU Energy/Utilities
M Manufacturing
faces them as they look to extend

more applications and more trust to
these mobile devices. This session
discusses the greater challenge
of BYOD beyond simply mobile
device security.
Eric Ahlm
B7. Predictions: Your Network
Security in 2018
Gartner analyst Greg Young takes
you ahead in time to what your
network security will and wont be
like in the not-so-distant future of
2018 and points in between then
and now. With many network security
safeguards having five-year life
span, the decisions you are making
now are already impacting on 2018.
Sorry, we still wont be going to work
via jetpack.
Greg Young
B8. Encryption Planning Made
Simple! Follow the Data
Enterprises must balance a complex
array of regulations, security controls
and risk mitigation issues before
realizing any benefits from data
encryption. Here we look at the
issues and encryption options to
maximize its value.
B10. To the Point: Cybersecurity

for the Internet of Everything
The Internet is expanding to include
connections not only to people but to
machines: automobiles, buildings,
power grids millions of sensors
and control systems, all needing
protection. How can enterprises that
embrace the Internet of Everything
(IoE) in their businesses prepare for
threats to such systems?
Earl Perkins
B11. The Seven Dimensions of
Context-Aware Security
This session explains the benefits of
context-aware security. It explores
how to use the seven dimensions
of context-aware computing to
mitigate damage from largely invisible
security threats. It also delves
into organizational and process
considerations as well as the
business and IT risks.
Avivah Litan
B12. Is Cloud Encryption Ready
for Prime Time?
Organizations are beginning the
process of considering leveraging
cloud infrastructures with their most
sensitive data.
Brian Lowans
Eric Ouellet
B9. To the Point: The Database

Security Manual What You
Need to Know
Enterprises are increasingly using
databases in larger numbers and
complexity. We describe how the
growing security threats and
regulatory requirements can
be addressed by database
security solutions.
B13. Software-Defined Networking

and Its Impact on Security
SDN is being discussed as the future
for data center networking. SDN
impacts more than just the network
infrastructure equipment. It impacts how
enterprises implement network security
controls. This session discusses how
SDN impacts network security and
provides recommendations to properly
implement security controls within
an SDN.
Brian Lowans
Eric Maiwald
GTP
21
descriptions
SESSION
Track C
IT Security
C1. Securing Private, Public and
Hybrid Cloud Computing
Neil MacDonald
C2. Panel: What Is the Future
of Mobile Management and
Security?
This debate tackles numerous
strategic and tactical questions on
the future of mobile security that are
vexing both vendors and clients
alike. The analyst presents multiple
scenarios and attempt to form a
consensus understanding where the
mobile security market is headed and
how it will transform IT.
John Girard
C3. Top 10 Security Myths
It is often said that ignorance is
bliss but only until the hack
occurs. This presentation introduces
some of the most common
misconceptions about security, and
concludes with best practices on
how to improve your organizations
risk management culture.
Jay Heiser
C4. How Can You Leverage
Content-Aware DLP to Ensure
Your Corporate Policies and
Processes Are Effective?
Your organization has expended
significant effort creating the perfect
policies and processes to address its
risk management needs. Sadly, most
organizations expect their staff and
contractors to automagically learn
and apply each of the policies in the
exact context intended, based solely
on a directive sent by email or via
22
generic webinar/lunch and learn

sessions. Its no wonder you
have poor compliance results and
minimal reduction of risk even after
all that effort.
Eric Ouellet
C5. Endpoint Security: When the
Consumer Is King
We are experiencing an
unprecedented wave of endpoint
innovation. This new wave is driven
by consumer requirements, not
business requirements. Apple and
Samsung are the companies to
watch not HP and Microsoft. How
will endpoint security be transformed
by employee-owned tablets and
mobile devices on mobile networks?
Does Windows 8 change the game?
Is application control a viable
alternative to blacklist signature
databases, and how will app stores
transform security?
Peter Firstbrook
C6. Cybersecurity! (The Biggest
Scam Since the Ponzi Scheme)
Gartner Vice President Greg Young
presents an alternative view to the
hype surrounding cybersecurity. What
is the real proposition of all things
cyber? Is this the new approach to
tackling an aggressive threat the
origins, or merely a repackaging of
current security approaches with
no net new benefit? Is cyber not
only wasteful but dangerous to
enterprise security?
Greg Young
C7. User Activity Monitoring for
Early Breach Detection
Early detection of targeted attacks
and security breaches has never
been more important and more
difficult to achieve. Your chances are
vastly improved if your monitoring
integrates security events with threat
intelligence and context about your

users, assets and applications. User
activity monitoring is essential for the
early detection of targeted attacks,
and has also become part of the
standard of due care for a variety of
regulations across all industry
segments. This presentation provides
advice on how to deploy security
monitoring technologies such as
security information and event
management (SIEM), for user activity
and resource access monitoring.
Mark Nicolett
C8. Big Security Data Is Neither
Big Security nor Big Intelligence
There are fundamental flaws in the
assumptions and expectations
associated with big collections of
security data: (1) that security
intelligence [SI] is analogous to
business intelligence [BI] and the big
security data is an ultimate source for
SI; and (2) that big security data is a
key to security.
Joseph Feiman
C9. To the Point: Deny Denial of
Service Attacks
The changing nature of denial of
service (DoS) attacks presents new
threats to enterprises. Attackers are
using innovative techniques to
generate more powerful and
sophisticated attacks, forcing the
DoS mitigation market to evolve
quickly. Security professionals must
adapt to defend their organizations
against high-profile DoS disruptions
in this new era.
Lawrence Orans
C10. To the Point: Playing Chess
With APTs
Seeing your user accounts and
endpoints (pawns) compromised,
perimeters evaded and secrets
taken? Survivors control the center

G Government
(the data), use security tools adeptly

and stay a few moves ahead with
advanced monitoring and threat
intelligence. Attend this presentation
and learn the best architectures for a
sometimes-deadly cyberchessboard.
Anton Chuvakin; Ramon Krikken
GTP
C11. Top Mobile Gear: Mobility
Road Trip!
Time for a road trip. Gartner analysts
head out to learn (and to race) each
other to find the truth about good
mobile security practices. Improving
the format of a popular TV show, our
crews go forth to ask the people
about their burning questions
concerning life, mobility and happy
commerce. And dodging flying
vegetables as needed.
C12. Adapting the Secure
Web Gateway
The Internet is being rebooted with
HTML5 and the rise of new operating
systems and mobile device, not to
mention the rise of cloud
everything. How will the secure Web
gateway adapt to keep up with both
the evolving security threats and
rapidly changing applications? What
is the SWG role in adapting to an
employee owned device world?
H Healthcare
EU Energy/Utilities
M Manufacturing
Internet security over the next 5 to

10 years.
Joseph Feiman, John Girard,
Avivah Litan, Eric Ahlm,
Neil MacDonald, Lawrence Pingree,
Eric Ouellet, Peter Firstbrook
Track D
IT Security
D1. Panel: Getting IAM Going
Best Practices for Formalizing
Your IAM Program
Moving from an informal, unmanaged
IAM program to a formal, managed,
efficient and effective model program
is a daunting task. This panel
discusses where to start and best
practices for creating a process
catalog, assigning program roles and
responsibilities, and implementing
policy and technology for a
successful maturation process.
Ant Allan, Earl Perkins, Ray Wagner
D2. Cost, Consequence and

Value: The Economics of IAM
How do we measure the value of
IAM? For many, justifying IAM has
been elusive. It remains a horizontal
concern in the vertical world of
business services, something shared
by all business functions but owned
by none. How can an IAM project
be reconciled with the budgets
of business?
Earl Perkins
Authentication, federation and
authorization in a mobile,
cloudy world.
D4. Your Cloud and Mobile
Devices Broke My IAM
Cloud computing and mobile
endpoint adoption break established
IAM architectures and challenge
security leaders to deliver secure
access services to their enterprises.
This session addresses the

C13. Panel: Hackers Are Not a
Threat to Security A Future of
Internet Security
We explore the Internet evolution
scenario: Control, Freedom, Profit
and the security scenario: Security
Nirvana, Perpetual Arms Race,
Security Engineering, and Chaos.
We point to the likeliest scenarios for
23
descriptions
SESSION
current and evolving solutions
to these problems.
D9. Case Study
Gregg Kreizman

Windows 8, which runs on desktops,
laptops and various tablet platforms,
improves on Windows 7 security and
introduces new security features. This
presentation focuses on Windows 8
security features and limitations,
enabling security professionals to
plan for the security of their desktop
and mobile infrastructures.
D5. IAM for Applications and

Data: The Rise of Data Access
Governance in IAM
Access to unstructured data has
always been an enterprise concern.
How can IAM provide administration,
access, analytics capabilities for
access to files, folders, and other
data formats? How can data access
governance truly become part of
identity governance and
administration? This presentation
explores this trend in IAM
Earl Perkins
Information Security
Neil MacDonald
D7. Good Authentication Choices
for Smartphones and Tablets
The price and complexity of
traditional authentication is more than
just unpopular with mobile users;
many platforms simply do not support
robust identity access methods. We
offer a path for making strategic
decisions about mobile authentication
and answer the question who
benefits from good authentication?
D8. Mobile Device
Policy Essentials
Mobile devices, particularly
consumer-level products, have
trampled over the well-crafted policies
that companies put in place for trusted
work systems. Businesses
must learn to prioritize the basic
configuration and security policies that
they will need to preserve. Attendees
learn the notes and feedback collected
in recent workshops and AURs.
24
rapidly becoming key components

in this process.
TBA
Mario de Boer
D11. Getting to Single
Sign-on Securely
The quest for single sign-on (SSO) is
the result of disparate identity silos,
increased password-related support
costs, and user frustration. This
session helps attendees make
decisions regarding strategies and
tools to achieve SSO securely.
Gregg Kreizman
D12. Panel: A World Without
Passwords and Tokens
Ant Allan, Avivah Litan, Ian Glazer
D13. Identity and Access
Management Gets Social
Ant Allan
Track E
IT Security
Content-Aware Data Loss
Prevention (DLP) Solutions
Organizations large and small report
that they face significant challenges in
properly locating and identifying their
sensitive data within their big data
environments. This session discusses
how content-aware DLP tools are
Eric Ouellet
E2. Cloud Encryption: Strong
Security, Obfuscation or
Snake Oil?
Encryption is often used as a primary
means to protect data. But does
encryption work in the cloud? Maybe
it does for all of it, or maybe just for
some of it and this does matter,
because incorrect use of encryption
can result in a complete lack of
security. Understanding algorithm
and architecture options, and
knowing which ones work and which
ones dont, is critical to keeping your
data safe in the public cloud.
Ramon Krikken
GTP
E3. TBA
E4. Security Monitoring of
Public Cloud
Cloud security monitoring is an
afterthought for most organizations,
and as cloud usage expands and
new risks emerge, it can be left
behind altogether. However, security
monitoring must be deployed across
public clouds, private clouds and
traditional infrastructure and
enterprises, not the providers, own
that responsibility. Organizations
should push their providers for more
data feeds and telemetry, and plan
their monitoring architectures.
Anton Chuvakin
GTP
E5. Using Managed Containers
to Protect Information on
Mobile Devices
Managed containers are a
mechanism to protect enterprise
information on the mobile device
while separating it from employee
data. Enterprises should consider

G Government
H Healthcare
EU Energy/Utilities
M Manufacturing
container technology but there are

downsides. This talk shows how
containers can be used to meet
enterprise needs and how enterprises
can benefit from the technology.
them. This presentation describes

new capabilities available from VA
tools, and explores how they can fit
into your portfolio of security controls.
Eric Maiwald
GTP

International Travel
International travelers face increasing
risks of data loss and compromise,
both to government officials and to
criminals. Attendees sharing
experiences based on travel
experiences that can be compared to
Gartners established best practices
can help enterprises protect traveling
employees and sensitive mobile data.

Budgeting the Mobile Device
Life Cycle
Any mobile device, whether it is
owned by the company or the
employee, has a measurable life cycle
impact on your companys business
processes. This presentation provides
attendees with a strategic road map
to get both cost and quality of
mobile IT under control as a first
step to realizing genuine
productivity benefits.
John Girard
E7. Keeping Bad Guys Out of
Your Accounts Using Five Layers
of Fraud prevention
This session looks at internal and
external threats against the enterprise
and how criminals are circumventing
common solutions in place today.
It delves into five layers of fraud
prevention and identity proofing
needed to mitigate these threats,
prevent account takeover and new
account fraud.
Kelly M. Kavanagh
Dionisio Zumerle
E11. Facing Information Sprawl:
Secure Synchronization of Data
on Endpoints
Organizations increasingly allow the
use of multiple endpoints for business
purposes. If no enterprise solution is
provided, users are creative in
synchronizing data to each of their
devices, increasing information
sprawl. Learn about the latest
synchronization solutions, their
security and deployment challenges.
E12. DLP Architecture and

Operational Processes
Data loss prevention (DLP) is an
essential data security technology,
but it suffers from deployment
and operations challenges.
This presentation reveals a guidance
framework that offers a structured
approach for planning, architecting
and operating a DLP technology at
a large enterprise.
Anton Chuvakin
GTP
Features, Products, Deployment
and Alternatives
In the absence of ubiquitous security
in software, Web application firewalls
are the technology of choice to
protect Web applications against
external attacks. This technology
overview focuses on the latest
features of leading Web application
firewalls, existing products,
deployment options and
alternative technologies.
Mario de Boer
GTP
Mario de Boer
GTP
Avivah Litan
Guidelines
TBA
E9. To the Point: Refresh
Vulnerability Assessment
Network vulnerability assessment is
a mature market. Vendors have
steadily added capabilities to their
VA scanning products to differentiate
25
descriptions
SESSION
IT SECURITY
PRECONFERENCE
SESSIONS
PC3. Now What? How to Use
Service Providers to Support
SIEM Operations
Gartner customers increasingly
request external services to support
their operational SIEM deployments.
In this presentation, we address the
best opportunities for external
support, and assess the capabilities
of several types of providers to
deliver operational support.
Kelly M. Kavanagh, Mark Nicolett
PC4. SIEM Architecture and
Operational Processes
Security information and event
management (SIEM) is a key
technology that provides security
visibility, but it suffers from challenges
with operational deployments.
This presentation reveals a guidance
framework that offers a structured
approach for architecting and
running an SIEM deployment at
a large enterprise or evolving a
stalled deployment.
Anton Chuvakin
GTP
PC5. Forget MDM: Extending

Security and Identity to
Mobile Apps
Mobile brings up old and new
security concerns. Three important
elements of the application
architecture the platform, clientside application and back end
affect and are affected by security
and other requirements.
Understanding the most critical
challenges and solutions around
identity and security for each of
these elements is the foundational
knowledge from which to build
mobile apps that are both secure
and delightful to use.
Ramon Krikken
GTP
PC7. Using MSSPs for Effective
Threat Management
Selecting an MSSP for effective threat
management, beyond compliancefocused or due-diligence monitoring,
requires asking the right questions.
It also means adjusting internal
processes to take advantage of the
MSSPs capabilities. This presentation
tells you what to look for in evaluating
MSSPs and how to make effective
use of the relationship.
Kelly M. Kavanagh
IT SECURITY
WORKSHOPS
W1. Information Security
Architecture 101
Information security architecture is a
foundational element of any security
program. However, the term
architecture means different things
to different people, resulting in
confusion about the role of security
architecture. Gartner experts facilitate
a structured discussion on the
elements and success criteria of
security architecture practice.
Tom Scholtz
W4. Build an Effective Security
and Risk Program
Security and risk management is
maturing. Creating and formalizing a
program is relatively inexpensive, but
developing a mature program requires
support, a strategic approach and
adequate time. Modern enterprises
must transform their programs to align
with business need and address
cultural gaps with the non-IT parts
of the business.
Tom Scholtz, Rob McMillan,
Jeremy DHoinne
W5. Gartner Network
Security Design
This workshop highlights elements of
modern technical network security
architecture. These elements are
drawn from principles of the Gartner
Network Security Reference Model.
The majority of the workshop is
focused on examining participants
architecture and design issues.
Greg Young
W7. Getting Value Out of IT
Security and Risk Metrics
Programs
Security and risk metrics are subjects
of never-ending discussions. In this
26

G Government
analyst-led collaborative workshop

we review a practical approach to
developing security and risk metrics,
and then break into small groups to
develop an example metrics list,
metrics dashboard, and/or metrics
program plan. The results are then
socialized with the whole group, so
that all participants can use this
knowledge in developing or
enhancing their metrics programs.
Ramon Krikken
GTP
W10. Meeting Business Needs for
Mobility and Security
At the root of the mobile strategy is
the information users need and for
which risk of disclosure needs to be
managed. BYOD adds another
dimension to the problem. This
workshop examines the conflicts
and trade-offs between security and
other use case requirements along
with decision logic to help navigate
through them.
Eric Maiwald
W11. Cloud Contracts:
Develop Your Own Security
and Risk Exhibits
This workshop covers key areas to
include as a part of a standard
boilerplate exhibit that security and
risk management teams can share
with procurement/vendor
management. We discuss key
areas such as disaster recovery, audit
rights, privacy, confidentiality, backup,
SLAs and security requirements.
Gayla Sullivan
W12. IT Risk Cloud Manifesto:
Defining What Enterprises Need
but Arent Getting!
Adoption of cloud services has lagged
expectations. In part this is because
H Healthcare
EU Energy/Utilities
M Manufacturing
cloud vendors arent addressing the IT

risk issues associated with hosting
restricted data or critical business
services. This workshop facilitates
creating a voice of the enterprise
set of common and prioritized
requirements that cloud vendors
need to address.
Erik T. Heidt
W13. Mobile Application Security
Neil MacDonald
W14. IT Security: Planning a
Self-Audit
Stop depending on the internal audit
team. Reset expectation conduct
self-audits for all IT security processes
and technology. Rely on internal
audit for independent insights,
not compliance violations, not
routine corrections.
Khushbu Pratap
IT SECURITY ANALYSTUSER ROUNDTABLES

AUR2. Government Identity:
Providing Constituents
With Secure Access to
Government Services
Governments continue to grapple
with providing online, convenient
citizen-facing services that require
higher levels of identity assurance
while keeping costs low. This
roundtable will provide a facilitated
opportunity to share best practices
and emerging trends for meeting
these challenges
Gregg Kreizman
AUR4. BYOD Security
The BYOD phenomenon presents
security risks, operational challenges
and the need for new policies. IT
must be flexible, but not too flexible,
to satisfy business requirements. In

this roundtable, compare notes with
your peers on BYOD initiatives and
discuss critical success factors and
lessons learned.
Lawrence Orans
IT SECURITY INDUSTRY
DAY SESSIONS
IG1. Case Study: Advanced,
Persistent and Threatening
Who Are the Attackers and
What Are They Doing?
Dave Monnier, Security Evangelist and
Fellow, Team Cymru; Lawrence Pingree
IG2. Critical Infrastructure
Protection Requirements Driving
New Security Demand
Government-led cybersecurity
initiatives and private sector critical
infrastructure protection activities
are pushing for greater industry
specific focus on security. This
session discusses how growing
pressure to protect from cyberthreat
will drive spend and strategies toward
information security.
Ruggero Contu
G
IG3. Best Practices for Mitigating
Advanced Persistent Threats
Advanced threats have increased in
recent years taking on much more
destructive characteristics than in the
past. This presentation covers
recommended best practices for
mitigating the risks associated with
advanced targeted attacks and teach
Gartner clients practical things they
can do.
Lawrence Pingree
G
IF1. Case Study
TBA
27
descriptions
SESSION
IH1. Dont Give Them The Keys to
the Kingdom Until You Know
Who They Are
This presentation outlines and
underscores the increasing
importance of identity management/
user provisioning within the
healthcare provider.
changing. Each change brings new

threats and breaks old security
processes. This session reviews the
hot trends in security for 2013 and
beyond while providing a road map
to the summit and relevant
Gartner research.
Barry Runyon
H
T3. IAM Myths and Monsters

The phrase identity and access
management can raise feelings both
of great hope and of great fear.
Horror stories abound. At the same
time, many people hold out great
hope for the promises of what IAM
can accomplish. Join us as we
explore IAMs myths and monsters.
IH3. Help Save Healthcare:

Tackling Fraud and Abuse at
an Enterprise Level
This session discusses the drivers
that make fraud and abuse such a
growing concern for the industry.
Most organizations focus on point
solutions and rely on pay and chase
methods of fraud recovery. It is
important to take an enterprise
approach to combat fraud using
newer technology and practices
to stop losing money on bad claims
and wrong practices.
Christina Lucero; Avivah Litan
H
IME3. Securing the
OT Environment
As the complexity of OT systems
increases, and the connectivity to
them becomes more ubiquitous, the
risk from vulnerabilities increases.
What used to be security through
obscurity can no longer be the case,
as OT systems move to Microsoft,
Linux and Unix platforms. This
session explores the vulnerabilities
and how to contain them.
EU
IT SECURITY TUTORIALS
T1. Top Security Trends and
Take-Aways for 2013 and 2014
With the Nexus of Forces driving
continuing trends in cloud,
consumerization, mobility and big
data, the way IT is delivered is
28
Ray Wagner
Ray Wagner
Track F
Risk Management
and Compliance
F2. Linking Risk to Business
Decision Making: Creating
KRIs That Matter
The term key risk indicator (KRI) has
come to mean our most important
metrics, but the criteria for most
important usually falls short of most
useful. The definition varies greatly
across different organizations, so there
are no standards. Good KRIs should
be tied to business impact and
influence business decision making.
Paul E. Proctor
F3. Security and Risk Management
Technologies for Social Media
Its all about social these days. Whether
it is social media, user behavior or the
interplay of society and your
organization, there are new risk and
security variables that must be
assessed and managed. This panel of
analysts will examine the risks and
potential benefits of social and

identify specific strategic and tactical
opportunities for security program
improvement and risk management.
Andrew Walls
F4. CEO Concerns 2013 and the IT
Implications
Based on our global CEO survey and
informed by other research sources,
we explain how CEOs see in the road
ahead for 2013, what they think about
you, and how both will shape your
agenda. This session is a high-level
view of opportunities and risks
be considered.
Jorge Lopez
F7. Road Map for Intelligent
Information Governance
With the influx of types and volume of
unstructured data, organizations are
struggling with how to manage the
governance and compliance issues
associated with this data. This session
reviews (1) the scope of the problem
with all the unstructured dark data, (2)
what the best policies are to implement
to govern this data and (3) what
technologies/tools are available to
implement the policies.
Alan Dayley
F8. Align Governance to Your
Organization for Success
IT governance must be tailored for
every organization. But many
governance efforts continue to fail
because they are not aligned to
the organization itself. Governance has
to align with the culture, structure and
politics of the organization. Understand
your organization and design and
implement governance for success.
Julie Short

G Government
F9. To the Point: Working With the

Board of Directors on Risk and
Technology for Competitive
Advantage
This presentation discusses how to
take advanced technology concepts
and make them presentable for the
board of directors for investment
decisions. Risk and competitive
advantage are the focal points in
this approach.
Jorge Lopez
F10. To the Point: Conquering the
Last Frontier of Governance With
Enterprise Legal Management
As companies look to improve
corporate governance practices in the
wake of the global financial crisis, the
corporate legal department is at the
forefront of change. To be successful,
legal professionals need better tools
to conquer the evolving governance
challenges. This session explores
how enterprise legal management
applications can help.
John A. Wheeler
F11. The Four Faces
of Governance
Governance is one of the most critical
leadership disciplines required to
enable organizations to execute on
their operational and strategic goals.
To help CIOs, CROs and IT leaders to
achieve targeted business outcomes,
Gartner clarifies the four faces of
governance: accountability, investment,
compliance and risk management.
F12. Ethics at the Nexus of
Security, Privacy and Big Data
Jay Heiser
H Healthcare
EU Energy/Utilities
M Manufacturing
F13. Shrink-Wrap Governance:

A Guide to Understanding GRC
Software and Services
The Hype Cycle for GRC Technologies
has over three dozen technologies
and services markets represented.
With so many vendors and service
providers claiming to do GRC, its
critical to understand what really
forms the core of this marketplace
and how to execute GRC programs
in your enterprise.
G4. Maverick Research:

Crowdsource Your Management
of Operational Risk
Traditional approaches to managing
operational risk are delivering
diminishing returns as the pace of
business accelerates. Crowdsourcing
techniques can change the way risk is
managed and decisions are made.
(Maverick research deliberately exposes
unconventional thinking and may not
agree with Gartners official positions.)
French Caldwell
Track G
G7. Defining Three Segments in

the Audit Technology Market
This session introduces the three
segments in the audit technologies
market: audit analytics, audit
management and continuous auditing.
Risk Management
and Compliance
G2. GRC 4G: How Social,
Big Data and Risk Analytics
Are Changing GRC
GRC vendors have a lot of catching up
to do. Most vendors have yet to offer
effective third generation GRC, which
focuses on performance, much less
apply fourth generation GRC, which
focuses on decision making. However,
risk managers can help push the
envelope on what will be within the art
of the possible for the fourth generation
of GRC.
French Caldwell
G3. A New Way Forward:
How to Create a Strategic Road
Map for Compliance
Senior IT and business leaders face
an increasing number of compliance
requirements and a continued rise in
associated costs. In this session, you
learn how to create a strategic road map
for compliance highlighting key initiatives
that promote a risk-aware compliance
culture and leads to real business value.
Khushbu Pratap
G8. Top 5 IT Audit Trends in
2012-2013
Khushbu Pratap
G9. To the Point: Is Your Business
Keeping Up With the Changes and
Best Practices for E-Discovery?
As information compliance and
regulatory requirements mature, so
does the need for organizations to
hone e-discovery best practices and
implementations. This session
discusses changes in the e-discovery
market and how you can best adhere
to these changes.
Alan Dayley
G10. To the Point: Anti-Bribery
Fear and Hype Limits and
Uses of FCPA Solutions
French Caldwell
G11. Case Study
TBA
John A. Wheeler
29
descriptions
SESSION
G12. Why ERM and GRC Depend
on Each Other to Succeed
This session defines and explores the
symbiotic relationship between
enterprise risk management (ERM) and
governance, risk and compliance
(GRC). Today, companies are
challenged with finding better ways to
understand and analyze risk. Some
may look to ERM and others may focus
on GRC. To be truly effective, however,
companies need both.
John A. Wheeler
G13. Debate: Cyberinsurance
Evolution or Revolution?
Cyberinsurance should be a great idea,
but Gartner sees challenges for the
industry and for the insured. There is an
evolution of cyberinsurance that will
make it a worthy vehicle for risk transfer
by 2016, but today it is more of a
gamble. This debate covers the pros
and cons of cyberinsurance so you can
make an informed decision.
Paul E. Proctor, John A. Wheeler
RISK PRECONFERENCE
SESSIONS
PC1. Sharing Data Without
Losing It
Todays security managers are
struggling to meet the growing
demands to share enterprise data
with personal devices and external
parties. This pitch will provide a use
case model for the choice of
collaborative systems with data
protection technology that matches
business needs for data protection.
Jay Heiser
PC8. Road Stories: Lessons
Learnt (and Fingers Burnt) in IT
Risk Management
Risk management is more art than
science. The best way to learn risk
management is to practice it. The
approach must suit the culture of the
30
organization. This presentation

shares experiences, pitfalls and best
practices encountered by Gartner
analysts during their regular
interactions with clients.
Only companies that embrace this

change will retain the agility and
resilience needed to compete moving
forward. Oh, by the way, its
happening anyway.
Tom Scholtz
David Marquet, Author of the AwardWinning Book Turn the Ship

Around!; French Caldwell
RISK GENERAL SESSIONS

F1./G1. General Session:
Duck and Cover Preparing
for Cyberwar
Cyberwar is a reality, and current
defenses are inadequate for new
classes of massive coordinated
cyberattack. This presentation discusses
recent developments in massive
coordinated geopolitical and criminal
cyberattacks, and offers advice to
public and private-sector
enterprises on how to protect systems
in an era of cyberwar.
Richard Hunter, Avivah Litan
F5./G5. General Session: A Clash
of Forces Managing Emerging
Risks of the Nexus
Industry experts and analysts share
insights on risk and compliance issues
emerging from the Nexus of Forces,
their impacts and how to manage
them. Topics for discussion include
social media compliance, ethics and
anti-bribery, vendor risk management,
operational technology, legal and
cloud risks.
French Caldwell, Andrew Walls,
panelists
F6./G6. Leadership, Governance
and Risk
David Marquet speaks about the
relationship between leadership,
governance and risk with a focus
on decision making and the decisionmaking architecture in your
organization. From a leadership
perspective, he advocates moving
authority to information as opposed
to moving information to authority.
RISK WORKSHOPS
W3. Selecting Solutions for the
Control and Monitoring of Public
Social Media
Public social media are used by
enterprises and individuals within the
enterprise. Security professionals
must assess security and compliance
risks, and understand the strengths and
weaknesses of monitoring and control
solutions. In this workshop you assess
the risks to your organization, and
select a set of technologies to
mitigate these.
Mario de Boer
GTP
W8. Workshop
TBA
W9. IT Risk Management:
Selecting the Best Assessment
Methods and Tools
This workshop focuses on the best
effort to select the an appropriate IT
risk assessment method.
Jeffrey Wheatman, Khushbu Pratap
W15. The Gartner Network
Security Architecture Reference
Model
TBA
RISK ANALYST-USER
ROUNDTABLES
AUR6. Supply Chain Risks
Leif Eriksen
AUR9. Auditors Role in
Emerging Risks
Internal auditors are sometimes the

G Government
torch bearers for emerging risks that

the board always wants be informed
about. Where do internal auditors help,
what do they currently consider? Are
internal auditors responsible for
managing emerging risks?
Khushbu Pratap
RISK INDUSTRY DAY

SESSIONS
IME1. Understand OT:
The Emerging Risks From
Advanced Automation
Operational technology is hardware
and software that detects or causes
a change of state, through the direct
monitoring and/or control of physical
devices, processes and events in the
enterprise. While this promises better
access to data and visibility, it also
creates a portfolio of complex products
that need to be managed.
EU M
Supplier Doing?
Many enterprises are under greater
regulatory pressure to demonstrate
comprehensive and effective IT risk
controls not only with their primary
suppliers, but also throughout the
supply chain. We explore the risk
management challenges enterprises
face when their vendors leverage
vendors, as well as discussing solutions.
Erik T. Heidt
GTP
IME4. Responsibility and
Accountability of OT Systems
There is a temptation to respond to OT
issues by assigning the problem to the
IT department. In some cases, the
response is to build walls around
operations. The best approach is to
H Healthcare
EU Energy/Utilities
M Manufacturing
think of where IT can contribute to

better manage OT. We explore the
RACI model applied to OT to
determine where IT can have a
supporting role.
Kristian Steenstrup
EU M
IF2. Do I Need Cyberinsurance?
Following a number of significant
data privacy breaches and websites
attacks, there is a growing interest
in cyberinsurance coverage. In this
workshop you can discuss the
potential benefits of cyberinsurance
and assess whether this insurance is
relevant for your organization.
Juergen Weiss
F
IF3. Strategic Road Map for
Financial Services Enterprise Risk
Management
This presentation explains the state of
risk and compliance management
in the BIS industry, and how market
forces are driving risk management
transformation and will illuminate the
technology implications for financial
institutions for enabling more agile and
responsive risk management.
John A. Wheeler
F
IH2. HIPAA Bites: Getting Ready
for HIPAA Enforcement
This is a hot topic, with healthcare
provider spending on security going up
due to HIPAA enforcement. Healthcare
organization attendance at the last
U.S. conference was large enough to
ensure an interested audience.
Probable topics include risk-based
assessment, encryption, meaningful
use requirements and patient/member
engagement considerations.
Wes Rishel
H
RISK TUTORIALS
T2. Tell Me, Whats IT GRC Again?
(Solutions to Common Challenges)
IT GRC programs continue to be a
catch-all for policy, risk and compliance
activities. No clear and complete vision
of IT GRC has emerged, and GRC
activities tend to be matrixed across
the enterprise. Here a summary of
current research on IT GRC programs
will be reviewed, including
recommendations for planning and
executing IT GRC programs.
Erik T. Heidt
GTP
Track H
Business Continuity
Management (BCM)
H1. What Are the BCM Software
Markets and How to Get the
Most Out of Them
The BCM software market is a
subset of the broader response and
recovery marketplace for business
and IT disruptions. This session
provides the latest market analysis of
these tools so that organizations can
make the right tool choice for their
needs. It also discusses
complementary markets to ensure
better operational resilience.
Roberta J. Witty, John P. Morency,
Leif Eriksen, John Girard
H2. What You Can and Cannot
Do With Recovery Exercise
Management Automation
Exercising IT DRM plans is a must
do, not a would like to do activity.
However, increasing time and
resource costs demand more
efficient and effective approaches.
This session discusses recovery
31
descriptions
SESSION
exercise automation software, its
associated strengths and
weaknesses and how
it can be used to improve exercise
scope, execution and results.
trade-offs of critical technologies such

as data replication/synchronization,
clustering and disaster recovery
orchestration.
John P. Morency
H7. Case Study: Using the Fusion

Framework to Implement and
Manage BC/DR Program-Related
Activities
Roberta J. Witty
H3. Case Study: Business

Continuity Metrics From Project
to Program to Incident
Management
Roberta J. Witty BCM Metrics TBA
H4. Cloud Service Provider
Risk Management
When IT acquires public cloud services,
it must assure that the supplier will
deliver to contracted SLAs. This
presentation discusses the approach
to assess cloud service provider risk for
architecture/design, availability,
performance, data protection, recovery,
security, operational controls and other
contract terms and conditions.
Donna Scott, John P. Morency,
Jay Heiser
H5. Managing Global Recovery
and Continuity Risk
The challenge of orchestrating efficient,
effective and sustainable business
continuity across a global organization
requires addressing difficult people,
process and technology issues. This
session discusses how to develop the
structures and procedures to reduce
operating risk across different
geographies, time zones and
operating cultures.
H6. What You Need to
Know About Technical
IT-DRM Architectures
Few things are more technical than
automating application failover and
failback for resilience and disaster
recovery. The session discusses how
to make better architectural decisions
by addressing the technical details and
32
Donna Scott, John P. Morency
H8. Recovery Exercising

Best Practices
Belinda Wilson
H9. To the Point: BCM Grows Up
How a Nexus of Technologies Is
Moving BCM Into the C-Suite
There are a number of technologies
that are making BCM a C-suite topic
because they provide management
with an entirely new and complete
picture of their organization. This
session discusses what these
technologies are and how they can be
used for expanded risk management
and improved business and operational
resilience.
Roberta J. Witty
H10. To the Point: The Business
Continuity Management Planning
Market in Depth
Organizations are realizing that
managing recovery plans using office
management software is not feasible.
Some firms have over 1,000 plans;
therefore automation is required. This
session presents the BCMP software
market Magic Quadrant and discuss
best practices for implementing and
using the tool for most effectiveness
within the organization.
Roberta J. Witty, John P. Morency
H11. Supplier Contingency
Planning: What You Need to Know
for Supplier Recovery
This session covers how BCM teams
can implement supplier contingency
plans so that supplier risk mitigation,

response, recovery and restoration
efforts are more successful. We
discuss how to determine which
suppliers require BCM and the activities
required in ongoing risk management,
and evaluate the viability of supplier
contingency plans.
Gayla Sullivan
H12. Designing and Architecting
for 24/7 Availability
Globalization and cost management
increase the need for continuous
availability for mission-critical
applications. Cloud computing raises
the visibility of designing for continuous
multisite availability. This presentation
looks at architecture and
management strategies to reduce
or eliminate planned and unplanned
application downtime.
Donna Scott
H13. How to Conduct an
Effective BIA
The Risk assessment and business
impact analysis are the most important
activities in the BCM planning process.
They provide the foundation on which
all recovery startegies and solutions are
built. This presentation discusses
different risk assessment approaches
and gives guidance on how best to
conduct a BIA for BCM.
Belinda Wilson
BCM PRECONFERENCE
SESSIONS
PC2. ISO 22301 Implementation
Session
Roberta J. Witty; John P. Morency;
Brian Zawada, ISO TC 223 U.S.
Representative, Avalution Consulting
PC6. End-User Case Study
TBA

G Government
BCM WORKSHOPS
W2. How to Develop Effective and
Efficient Disaster Recovery Plans
Regardless of size, industry or location,
every organization needs a BCM
program with a variety of recovery plans.
This workshop presents the steps and
processes required to develop effective
recovery plans. In addition, participants
are given a method to assess their
existing plans for improvement once
back at the office.
Brian Zawada, ISO TC 223 U.S.
Representative, Avalution Consulting;
Roberta J. Witty, John P. Morency,
Belinda Wilson
H Healthcare
Roberta J. Witty
AUR8. IT-DRM Management
Automation Roundtable
This roundtable allows conference
participants to discuss their
experience in using IT-DRM planning,
implementation and exercise
management automation software.
The focus is on the time and
cost required to implement the
software products, as well as the
related efficiency, effectiveness
and cost reduction benefits that
were achieved.
John P. Morency
AUR5. BCM Metrics: What Works,

What Doesnt
An increased focus on governance
and transparency is requiring many
BCM programs to provide timely and
meaningful program status
information to management on a
regular (monthly) basis. This
roundtable will allow participants to
discuss how they have best
implemented, managed and reported
on BCM program metrics.
T4. TBA
AUR7. How Does BCM Fit

Into the Enterprise Risk
Management Program?
Many organizations are integrating
many risk domains under one
management umbrella in a virtual
or direct reporting management
arrangement. This roundtable allows
conference participants to discuss
what works and doesnt work for
their organizations in regard to
integrating BCM into the
M Manufacturing
organizational or enterprise risk

management program.
BCM ANALYST-USER
RoUNDTABLES
Roberta J. Witty
EU Energy/Utilities
BCM TUTORIALS
Track J
he Business of
T
IT Security
J1. Global Security Markets:
Where Are We Going From Here?
This presentation covers the security
markets worldwide and details the
market dynamics that are changing the
future of information security globally.
Gartner Invest clients and technology
providers must understand market
competitive dynamics in order to
compete into the future.
Eric Ahlm, Ruggero Contu,
Lawrence Pingree
J2. Survey Analysis: Examining the
Gartner Global 2012 Security
Conference Survey Results
This session examines the results
of survey data from Gartners
global security and risk summits.

Attendees walk away with a better
understanding of the major technology
priorities, buying behaviors and
budgeting trends.
Eric Ahlm, Ruggero Contu,
Lawrence Pingree
J3. User Survey Analysis: Security
Services Market Trends
In 2012, Gartner conducted a survey of
users in the U.S. and EMEA to discover
the trends and buying behaviors for
consulting, managed and cloud
services providers. This session
discusses the key findings to help
security service providers better
understand the market direction.
Eric Ahlm
J4. Panel: Security Startups
Leading the Way to Success
Leaders from emerging startup
companies participate in a discussion
so that you can better understand the
direction of the latest techniques used
by attackers, the latest security
technologies and how these leaders
view their future success in todays
challenging technology market.
Ruggero Contu, Lawrence Pingree,
Gaurav Banga,CEO, Bromiun; Mike
Horn, CEO, NetCitadel; Pravin Kothari,
CEO, CipherCloud; George Kurtz,
CEO, Crowdstrike; Gordon Shevlin,
CEO, Allgress
J5. Buyers Are From Mars,
Vendors Are From Venus
The art of successful negotiation often
hinges on the ability of each side to
understand what drives the other.
Parties can often talk at crosspurposes because they do not
understand the culture, language and
goals of the other. This presentation
tells you what you need to know to
33
descriptions
SESSION
work efficiently and successfully on
your next deal.
Eric Ahlm, Rob McMillan
J6. Information Security: Process
or Technology Which Way Do
We Go?
The information security market is huge
and continually growing. Client
organizations have spent billions of
dollars on technology to solve the
information security problem; yet when
we speak to clients they dont really
feel any safer now than they did five or
10 years ago. Maybe throwing tools at
the problem is not the way to go!
Maybe the key to success is building
scalable, repeatable patterns of
behavior. This panel of analysts
discusses why process might be a
better point of focus than technology.
Jeffrey Wheatman, Jay Heiser,
Anton Chuvakin, Neil MacDonald,
Tom Scholtz
J7. Management Still Doesnt Get
Security (And What You Can Do
About That)
Many management teams just dont
get it. Security and IT risk become
priorities (for a while) after a failure but
after long periods without visible
failures they go back to not caring. A
modern security and IT risk program
needs continuously engaged decision
makers. Learn how to engage
executive management teams and
keep them continuously engaged.
Paul E. Proctor
34
J8. TBA
J9. To the Point: Security
Specialist Career Guide
Prosper, Survive or Leave
Cloud is a transformational
phenomenon that changes our
businesses and our IT organizations.
Will cloud transform IT workforce? Will
it threaten peoples job security?
Joseph Feiman
J10. The Evolving Security
Software Ecosystems: Gartner
Predictions for the Markets Future
The security market is being
transformed by new end-user
requirements as a result changes
brought by social, mobile, cloud and
big data. While consolidation remains
an important factor shaping the
marketplace, regeneration and
innovation introduced by constant
influx of startup players continues also
to be an influencer in this market. This
presentation analyzes the market-share
dynamics that have been shaping the
security ecosystem and discusses
potential future developments across
different segments.
Ruggero Contu
J12. Gartner Security Market

Magic Quadrant Reviews
Participate in an exciting review of the
leaders, challengers, visionaries and
niche players in Web fraud detection,
mobile device management, managed
security services, endpoint protection,
data masking, application security
testing and security information and
event management.
Avivah Litan, John Girard, Kelly M.
Kavanagh, Neil MacDonald, Joe
Feiman, Mark Nicolett
J13. Case Study
TBA
J11. Security: A Financial

Perspective
In the presentation we will look at the
growth trends of the overall sector and
the growth trends of the sectors
sub-segments. The presentation will
also assess the vendors respective
positions in the market. Finally, the
vendors will be assessed from a
financial perspective using the Gartner
financial rating methodology as well as
other relevant financial metrics.
Frank Marsala
SOLUTION SHOWCASE
PREMIER SPONSORS
Cisco offers one of the largest portfolios of security solutions available. With these solutions, organizations can embrace new
market transformations, protect assets, empower employees, and accelerate business. Cisco takes a comprehensive approach
by integrating security into all parts of the network, and simplifies security challenges, such as: An increase of mobile devices on
the network; a move to a cloud-based infrastructure; and hackers that pose sophisticated and persistent threats to the network.
Dell SecureWorks uses cyber threat intelligence to provide predictive, continuous and responsive protection for thousands of organizations
worldwide. Enriched by intelligence from our Counter Threat Unit research team, Dell SecureWorks Information Security Services help
organizations predict threats, proactively fortify defenses, continuously detect and stop cyber-attacks, and recover faster from security
breaches. To learn more, visit www.secureworks.com.
Dell Software makes it easy to securely manage and protect applications, systems, devices and data to help organizations of all sizes fully
deliver on the promise of technology. Our simple yet powerful software combined with Dell hardware and services provide scalable,
end-to-end solutions to drive value and accelerate results. Whether its Windows infrastructure, the cloud and mobile computing, or networks,
databases and business intelligence, we dramatically reduce complexity and risk to unlock the power of IT. www.dell.com/software
HP provides complete information security solutions that protect the hybrid Enterprise. Our proactive approach to information security
optimizes your investment and improves your risk posture, thus enabling you to achieve better business results. HPs unrivalled capabilities
spanning security consulting, managed security services and market-leading products from HP ArcSight, HP Fortify, HP Atalla, and HP
TippingPoint deliver integrated security solutions to manage risk, deliver actionable security intelligence and integrated security operations.
HP is a trusted partner to thousands of global enterprise and government clients; We work with you to define and implement a holistic,
risk-based security strategy that supports your unique business requirements balancing risk with opportunity. www.hp.com
Lieberman Software provides award-winning privileged identity management and security management products to more than
1200 active customers worldwide, including 40% of the Fortune 50. By automatically discovering and managing privileged accounts
throughout the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external
security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. Lieberman Software products scale to the largest
enterprises in the world and deploy in minutes.
Qualys is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries,
and partnerships with leading managed service providers and consulting organizations worldwide. The QualysGuard Cloud Platform and
integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance, delivering critical security
intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and Web applications.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration.
RSA helps organizations solve their most complex and sensitive security challenges by bringing visibility and trust to millions of user identities,
the transactions they perform and the data that is generated. RSA delivers identity assurance, encryption & key management, SIEM, Data
Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services.
www.RSA.com
Symantec is a global leader in providing security, storage and system management solutions to help our customers from consumers and
small businesses to the largest global organizations secure and manage their information-driven world against more risks at more points,
more completely and efficiently. Our software and services protect completely, in ways that can be easily managed and with controls that can
be enforced automatically enabling confidence wherever information is used or stored.
Trend Micro is celebrating 25 years of innovation security and sharing our vision for a data-centric security framework. In our booth youll see
the Trend Micro Custom Defense Solution against advanced persistent threats (APTs). You will earn what we mean by complete end user
protection. And, youll understand how our virtualization and cloud customers are winning in the data center with integrated, agentless security.
Websense, Inc. (NASDAQ: WBSN), is a global leader in unified web security, email security, mobile security and data loss prevention
(DLP). The companys proven best-in-class information security solutions are available as appliance-based software or SaaS-based
cloud-based services. The Websense TRITON unified security solutions help organizations securely leverage traditional, social media
and cloud-based communications, while protecting from advanced threats, preventing loss of confidential information, and enforcing
Internet use and security policies.
Verizon Enterprise Solutions creates global connections that help generate growth, drive business innovation and move society forward.
With industry-specific solutions and a full range of global wholesale offerings provided over the companys secure mobility, cloud,
strategic networking and advanced communications platforms, Verizon Enterprise Solutions helps open new opportunities around the
world for innovation, investment and business transformation. Visit verizon.com/enterprise. Verizon Enterprise Solutions can help
safeguard your information from tomorrows threats and provide secure access where and when you need it. Access our dedicated
security solutions site to get the latest information, including insightful blogs from our engineers and consultants, plus in-depth papers,
video snapshots and our flagship Data Breach Investigations Report (DBIR), the most comprehensive review of security incidents
available. www.verizonenterprise.com/us/solutions/security/
PLATINUM SPONSORS
AirWatch is the leader in enterprise-grade mobility management and security solutions. Our highly scalable solution provides a real-time view
of an entire fleet of corporate and employee-owned Apple iOS, Android, Windows, BlackBerry and Symbian devices. As the largest MDM
provider, AirWatch offers the most comprehensive mobility management solution.
Akamai is the leading cloud platform for helping enterprises provide secure, high-performing user experiences on any device, anywhere.
Our Intelligent Platform removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and
enabling enterprises to securely leverage the cloud Akamai accelerates innovation in our hyperconnected world.
AT&T Inc. is a global leader in communications and a recognized leader in Business-related voice and data services, including global IP
services, hosting, applications, and managed services. Businesses all over the world, deploy AT&T services to improve productivity, manage
overall costs, and position themselves to take advantage of future technology enhancements.
Check Point Software Technologies Ltd. the worldwide leader in securing the Internet, provides customers with uncompromised protection
against all types of threats, reduces security complexity and lowers total cost of ownership. Customers include tens of thousands of
organizations of all sizes, including all Fortune and Global 100 companies. www.checkpoint.com
The Citrix Mobile Solutions Bundle, which is comprised of XenMobile MDM and CloudGateway, offers a complete enterprise mobility
management solution. It gives IT a comprehensive set of tools that make it easy to manage and secure devices, apps, and data. It allows
users to access any app from any device, giving them the freedom to experience work and life their way.
Fasoo has been successfully building its worldwide reputation as a leading enterprise DRM solution provider with the best-in-class solutions
and services. Fasoo has successfully retained its leadership in the enterprise DRM market by deploying solutions for more than 1,100
organizations in enterprise-wide level, securing more than 2 million users.
SOLUTION SHOWCASE
PLATINUM SPONSORS continued
FireEye is the leader in stopping todays new breed of cyber attacks such as zero-day and APT attacks that bypass traditional defenses
and compromise over 95% of networks. The FireEye solution is the worlds only signature-less protection against multiple threat vectors.
FireEye solutions are deployed by more than 25% of the Fortune 100.
Fortinet, a global provider of IT security, delivers customer-proven solutions that provide organizations with the power to protect and
control their IT infrastructure. Our customers rely on our technologies, solution architecture, and global security intelligence to block
threats and gain control of their network, data, and users.
IBM Security offers one of the worlds broadest, most advanced and integrated portfolios of enterprise security products and services.
The portfolio, supported by world-renowned IBM X-Force research and development, provides the security intelligence to help
holistically protect people, infrastructure, data and applications for protection against advanced threats in todays hyper-connected world.
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the worlds largest dedicated security technology company.
We are relentlessly focused on constantly finding new ways to keep our customers safe.
MetricStream is the market leader for integrated Governance, Risk, Compliance (GRC) Management Solutions, which includes solutions
for IT Risk & Compliance Management, Information Security Risk Management, Business Continuity Management, IT Disaster Recovery
Management, Audit Management, Policy Management, Supplier/Vendor Governance and Quality Management.
Palo Alto Networks is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy
control of applications and content at up to 20Gbps with no performance degradation regardless of port, protocol, evasive tactic or SSL
encryption.
Secunia is the leading provider of IT security solutions that help businesses and private individuals globally manage and control
vulnerability threats and risks across their networks and endpoints. This is enabled by Secunias award-winning Vulnerability Intelligence,
Vulnerability Assessment, and Patch Management solutions that ensure optimal protection of critical information assets.
SilverSky is the expert provider of cloud security services. The company delivers the industrys only advanced Security-as-a-Service
platform thats simple to deploy and transformational to use. By tirelessly safeguarding corporate communications and infrastructure,
SilverSky enables growth-minded leaders to pursue their business ambitions without security worry.
R E L EVA N T . I N T E L L I G E N T . S EC U R IT Y
Solutionary reduces the information security and compliance burden, providing flexible managed security and compliance services that
work the way clients want; enhancing existing initiatives, infrastructure and personnel. Our patented technology, systems and process,
and our actionable threat intelligence make our clients smarter. We call this relevant, intelligent security
Sonatype CLM fixes the risk in open source. Security teams and application developers rely on Sonatype CLM across the software
lifecycle to identify risky open source components, enforce policy, and fix flaws. http://www.sonatype.com/
Sourcefire, Inc. is world leader in intelligent cybersecurity solutions. Trusted by organizations and government agencies in more than
180 countries, Sourcefires solutions, including industry-leading next-generation network security appliances and advanced malware
protection, provide customers with Agile Security for continuous protection in a world of continuous change.
Stonesoft delivers software-based network security to secure information flow and simplify security management. The companys
products include next generation firewalls, intrusion prevention systems, and SSL VPN solutions. Stonesoft has the highest customer
retention rate in the industry due to low TCO, ease of management, and prevention of advanced evasion techniques.
Tripwire is a leading global provider of IT security solutions for enterprises, government agencies and service providers who need to
protect their sensitive data on critical infrastructure from breaches, vulnerabilities, and threats. Thousands of customers rely on Tripwires
critical security controls like security configuration management, file integrity monitoring, and log and event management.
Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud,
managed security services, software and appliances. Trustwave has helped hundreds of thousands of organization manage compliance
and secure their network infrastructures, data communications and critical information assets. For more information,
visit https://www.trustwave.com.
Veracode provides the worlds leading Application Risk Management Platform. Veracodes patented and proven cloud-based capabilities
allow customers to govern and mitigate software security risk across a single application or an enterprise portfolio with unmatched
simplicity. Veracode was founded with one simple mission in mind: to make it simple and cost-effective for organizations to accurately
identify and manage application security risk.
VMware is the global leader in virtualization and cloud infrastructure solutions that enable businesses to thrive in the Cloud Era.
With more than 400,000 customers and 55,000 partners, organizations of all sizes rely on VMware to help them transform the way
they build, deliver and consume Information Technology resources in a manner that is evolutionary and based on their specific needs.
Voltage Security, Inc. is the leading data protection provider, delivering secure, scalable, and proven data-centric encryption solutions,
enabling our customers to effectively combat new and emerging security threats. Our data protection solutions allow any company to
seamlessly secure all types of sensitive information, while efficiently meeting compliance and privacy requirements.
WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow
the window of risk. WhiteHat Sentinel, the companys flagship product family, is the most accurate and cost-effective website vulnerability
management solution available, delivering the visibility, flexibility, and control that organizations need to prevent website attacks.
www.whitehatsec.com.
36
SOLUTION SHOWCASE
SILVER SPONSORS
Absolute Software Corp.
Blue Coat Systems
EventTracker
Lancope
PhishMe, Inc.
Thycotic Software, Ltd.
AccessData
Bradford Networks
F5 Networks
LANDesk Software
Proofpoint, Inc.
TITUS
Adobe Systems Inc.
Brinqa
Fiberlink
LockPath
Radiant Logic, Inc.
TrustSphere
AgeTak
Bromium
FireHost
LogRythm
Rapid7
Tufin Technologies
Agiliance
Centrify
FireMon
Mandiant
RedSeal Networks
Venafi, Inc.
AhnLab
Core Security
Marble Security, Inc.
Rsam
Verdasys
AlertEnterprise Inc.
Courion Corporation
Fischer International
Identity
Modulo
SailPoint
Vormetric, Inc.
Appthority, Inc.
Coverity, Inc.
NetIQ
Sath Technologies
WatchDox
Aveksa
Critical Watch
Neustar
SecureAuth
Axis Technology
Cyber-Ark Software
HID Global
Norman AS
SOA Software
WatchGuard
Technologies, Inc.
Axway
CYBEROAM
Hitachi ID Systems
NSFOCUS
Software AG
Bay Dynamics, Inc.
Damballa
Identropy
NuData Security
Splunk
BeyondTrust
Digital Defense, Inc.
Imperva
Okta
Integralis
OpenTrust
SSH Communications
Security
Juniper Networks
Oracle
Bit9
Bloomberg Vault
DriveSavers Data
Recovery
FishNet Security
General Dynamics Fidelis
Cybersecurity Solutions
Wontok
Xceedium, Inc.
ZixCorp
Zscaler
Tenable Network Security
MEDIA PARTNERS
BECOME A SPONSOR
Jason Bonsignore
Account Manager
+1 203 316 6050
jason.bonsignore@gartner.com
Sponsors as of March 12, 2013, and subject to change
Silas Mante
Account Manager
+1 203 316 3778
silas.mante@gartner.com
John Forcino
Account Manager
+1 203 316 6142
john.forcino@gartner.com
David Sorkin
Sales Director
+1 203 316 3561
david.sorkin@gartner.com
Krista Way
Account Manager
+1 203 316 6763
krista.way@gartner.com
37
AGENDA at a glance
Agenda as of April 25, 2013, and subject to change
MONDAY, JUNE 10
9:45 a.m. IG1. Case Study: Advanced, Persistent and Threatening Who Are the Attackers and What Are They Doing? Dave Monnier, Security Evangelist and Fellow, Team Cymru;
Lawrence Pingree
11:30 a.m. IG2. Critical Infrastructure Protection Requirements Driving New Security Demand Ruggero Contu G
2:15 p.m. IG3. Best Practices for Mitigating Advanced Persistent Threats Lawrence Pingree G
CISO
4:30 p.m. A1. Transform Your Security and Risk Program or Find Another Job Paul E. Proctor
5:30 p.m. A2. Preparing a Security Strategic Plan F. Christian Byrnes
TUESDAY, JUNE 11
10:00 a.m. W6. Workshop: Use a Balanced Scorecard to Demonstrate Securitys Value Rob McMillan
11:15 a.m. A3. Organizing for Success: Developing Process-centric Security Teams Tom Scholtz
2:00 p.m. A4. Finding the Optimal Balance Between Behavioral and Technical Controls
Andrew Walls
4:15 p.m. A5. Maverick Research: Transform Your Security Program From Control-centric to People-centric Tom Scholtz
Vice President
Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing
WEDNESDAY, JUNE 12
and Never Eat Alone
Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of Whos Got Your Back
10:30 a.m. A6. That Frightening Phrase: The Standard of Due Care Rob McMillan
11:30 a.m. A7. The Care and Feeding of an Effective Awareness Program Andrew Walls
1:45 p.m. A8. Using Outside Resources: Security Consultants and Threat Intelligence Services Rob McMillan
4:00 p.m. A9. To the Point: The Risk Management Maturity Pathway Rob McMillan
4:30 p.m. A10. To the Point: The Information Security Maturity Pathway Rob McMillan
THURSDAY, JUNE 13
7:00 a.m. HC3. HIPPA Security (Registration required; end users only.) Irma Fabular, Wes Rishel, Alice Wang
8:30 a.m. A11. Case Study
TBA
9:30 a.m. A12. Panel: Reset Your IAM Planning! Lessons From the Veterans Gregg Kreizman, Earl Perkins
10:30 a.m. A13. Open Mic
F. Christian Byrnes

EU Energy/Utilities
G Government
H Healthcare
M Manufacturing
AGENDA at a glance
MONDAY, JUNE 10
9:45 a.m. IF1. Case Study TBA
IH1. Dont Give Them the Keys to the
IME1. Understand OT: The Emerging
Kingdom Until You Know Who They Are
Risks From Advanced Automation
Barry Runyon H
Earl Perkins, Kristian Steenstrup EU M
Supplier Doing? Erik T. Heidt GTP
11:30 a.m. IF2. Do I Need Cyberinsurance? Juergen Weiss
IH2. HIPAA Bites: Getting Ready for HIPAA IME3. Securing the OT Environment
F
2:15 p.m. IF3. Strategic Road Map for Financial Services
Enterprise Risk Management John A. Wheeler
Enforcement Wes Rishel H

IH3. Help Save Healthcare: Tackling
Fraud and Abuse at an Enterprise Level
Christina Lucero, Avivah Litan H
Earl Perkins, Kristian Steenstrup EU

IME4. Responsibility and Accountability
of OT Systems Kristian Steenstrup
EU M
IT SECURITY
4:30 p.m. B1. Practicing Safe SaaS Jay Heiser
C1. Securing Private, Public and Hybrid

Cloud Computing Neil MacDonald
D1. Panel: Getting IAM Going Best

Practices for Formalizing Your IAM
Content-Aware Data Loss Prevention
Program Ant Allan, Earl Perkins,
Solutions Eric Ouellet
Ray Wagner
W5. Workshop: Gartner Network Security Design Greg Young
W4. Workshop: Build an Effective Security and Risk Program Tom Scholtz,
Rob McMillan, Jeremy DHoinne
5:30 p.m. B2. Cyberthreat Lawrence Orans
C2. Panel: What Is the Future of Mobile
Management and Security?
John Girard
D2. Cost, Consequence and Value: The

Economics of IAM Earl Perkins
E2. Cloud Encryption: Strong Security,

Obfuscation or Snake Oil?
Ramon Krikken GTP
TUESDAY, JUNE 11
10:00 a.m. W7. Getting Value Out of IT Security and Risk Metrics Programs Ramon Krikken GTP
11:15 a.m. B3. Presenting a Hard Target to Attackers:
C3. Top 10 Security Myths Jay Heiser
Operationally Effective Vulnerability Management
Mark Nicolett
2:00 p.m. B4. Panel: Real-World Case Studies in Mobile
C4. How Can You Leverage Content-Aware
Banking Security Moderator: Avivah Litan;, Dave
DLP to Ensure Your Corporate Policies and
Jevans, Chairman, Anti-Phishing Working Group,
Processes Are Effective? Eric Ouellet
Marble Security; Vas Rajan, Chief Information
Security Officer, CLS Bank; Tim Wainwright,
Managing Director, CISSP, Security Risk Advisor
4:15 p.m. B5. Mobile Device Security Exploits in Depth John
C5. Endpoint Security When the
Girard, Dionisio Zumerle
Consumer Is King Peter Firstbrook

E3. TBA
D4. Your Cloud and Mobile Devices Broke

My IAM Gregg Kreizman
E4. Security Monitoring of Public

Cloud Anton Chuvakin GTP
D5. IAM for Applications and Data: The

E5. Using Managed Containers to
Rise of Data Access Governance
Protect Information on Mobile Devices
in IAM Earl Perkins
Eric Maiwald GTP
WEDNESDAY, JUNE 12
Never Eat Alone
10:30 a.m. B6. Preparing Your Security Program for BYOD
Eric Ahlm
C6. Cybersecurity! (The Biggest Scam

Since the Ponzi Scheme) Greg Young
W10. Workshop: Meeting Business Needs for Mobility and Security

11:30 a.m. B7. Predictions: Your Network Security
in 2018 Greg Young
Keith Ferrazzi, CEO, Ferrazzi Greenlight; Author of Whos Got Your Back and

Information Security Neil MacDonald

Budgeting the Mobile Device Life
Cycle John Girard
Eric Maiwald
C7. User Activity Monitoring for Early

Breach Detection Mark Nicolett
1:45 p.m. B8. Encryption Planning Made Simple! Follow the

Data Brian Lowans
C8. Big Security Data Is Neither Big

Security Nor Big Intelligence
Joseph Feiman
W11. Workshop: Cloud Contracts Develop Your Own Security and Risk Exhibits
Gayla Sullivan
4:00 p.m. B9. To the Point: The Database Security Manual
C9. To the Point: Deny Denial of Service
What You Need to Know Brian Lowans
Attacks Lawrence Orans
4:30 p.m. B10. To the Point: Cybersecurity for the Internet of
C10. To the Point: Playing Chess With
Everything Earl Perkins
APTs Anton Chuvakin; Ramon Krikken
GTP
D7. Good Authentication Choices for

Smartphones and Tablets
D8. Mobile Device Policy Essentials
E7. Keeping Bad Guys Out of Your

Accounts Using Five Layers of Fraud
Prevention Avivah Litan
Guidelines
TBA
W12. Workshop: IT Risk Cloud Manifesto Defining What Enterprises Need but
Arent Getting! Erik T. Heidt
D9. Case Study TBA
E9. To the Point: Refresh Vulnerability
Assessment Kelly M. Kavanagh
Mario de Boer
International Travel Dionisio Zumerle
THURSDAY, JUNE 13
8:30 a.m. B11. The Seven Dimensions of Context-Aware
Security Avivah Litan
C11. Top Mobile Gear: Mobility Road Trip!

W13. Workshop: Mobile Application Security

Neil MacDonald
9:30 a.m. B12. Is Cloud Encryption Ready for Prime Time?
Eric Ouellet
W14. Workshop: IT Security Planning a Self-Audit Khushbu Pratap
10:30 a.m. B13. Software-Defined Networking and Its Impact on

Security Eric Maiwald GTP
C12. Adapting the Secure Web Gateway

D11. Getting to Single Sign-on Securely

Gregg Kreizman
D12. Panel: A World Without Passwords

and Tokens Ant Allan, Avivah Litan,
Ian Glazer
D13. Identity and Access Management
Gets Social Ant Allan
E11. Facing Information Sprawl: Secure

Synchronization of Data on Endpoints
Mario de Boer GTP
E12. DLP Architecture and Operational

Processes Anton Chuvakin GTP
C13. Panel: Hackers Are Not a Threat to

Security A Future of Internet Security
Features, Products, Deployment and
Joseph Feiman, John Girard, Avivah Litan,
Alternatives Mario de Boer GTP
Eric Ahlm, Neil MacDonald, Lawrence
Pingree, Eric Ouellet, Peter Firstbrook
AGENDA at a glance
MONDAY, JUNE 10
9:45 a.m. PC2. ISO 22301 Implementation Session Roberta J. Witty; John P. Morency; Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting
11:30 a.m. T4. TBA
2:00 p.m. W3. Workshop: Selecting Solutions for the Control and Monitoring of Public Social Media
2:15 p.m. PC7. Using MSSPs for Effective Threat Management Kelly M. Kavanagh
Mario de Boer
GTP
BCM
4:30 p.m. H1. What Are the BCM Software Markets and How to Get the Most Out of Them
Roberta J. Witty, John P. Morency, Leif Eriksen, John Girard
5:30 p.m. H2. What You Can and Cannot Do With Recovery Exercise Management Automation
John P. Morency
TUESDAY, JUNE 11
F. Christian Byrnes
11:15 a.m. H3. Case Study: Business Continuity Metrics From Project to Program to Incident Management Roberta J. WittyBCM Metrics
TBA
2:00 p.m. H4. Cloud Service Provider Risk Management Donna Scott, John P. Morency, Jay Heiser
4:15 p.m. H5. Managing Global Recovery and Continuity Risk
WEDNESDAY, JUNE 12
and Never Eat Alone
10:30 a.m. H6. What You Need to Know About Technical IT-DRM Architectures Donna Scott, John P. Morency
11:30 a.m. H7. Case Study TBA
1:45 p.m. H8. Recovery Exercising Best Practices Belinda Wilson
4:00 p.m. H9. To the Point: BCM Grows Up How a Nexus of Technologies Is Moving BCM Into the C-Suite Roberta J. Witty
4:30 p.m. H10. To the Point: The Business Continuity Management Planning Market in Depth Roberta J. Witty, John P. Morency
THURSDAY, JUNE 13
8:30 a.m. H11. Supplier Contingency Planning: What You Need to Know for Supplier Recovery Gayla Sullivan
9:30 a.m. H12. Designing and Architecting for 24/7 Availability Donna Scott
10:30 a.m. H13. How to Conduct an Effective BIA Belinda Wilson

EU Energy/Utilities
G Government
H Healthcare
M Manufacturing
AGENDA at a glance
MONDAY, JUNE 10
9:45 a.m. W1. Workshop: Information Security Architecture 101 Tom Scholtz, Doug Simmons
10:15 a.m. T1. Tutorial: Top Security Trends and Take-Aways for 2013 and 2014 Ray Wagner
PC1. Sharing Data Without Losing It Jay Heiser
11:30 a.m. PC4. SIEM Architecture and Operational Processes Anton Chuvakin GTP
PC5. Forget MDM: Extending Security and Identity to Mobile Apps Ramon Krikken GTP
2:00 p.m. W2. Workshop: How to Develop Effective and Efficient Disaster Recovery Plans Brian Zawada, ISO TC 223 U.S. Representative, Avalution Consulting; Roberta J. Witty,
John P. Morency, Belinda Wilson
2:15 p.m. T3. Tutorial: IAM Myths and Monsters
PC6. End-User Case Study TBA
Ray Wagner
RISK MANAGEMENT AND COMPLIANCE

4:30 p.m. F1. /G1. General Session: Duck and Cover Preparing for Cyberwar Richard Hunter, Avivah Litan
5:30 p.m. F2. Linking Risk to Business Decision Making: Creating KRIs That Matter
Paul E. Proctor
G2. GRC 4G: How Social, Big Data and Risk Analytics Are Changing GRC
French Caldwell
TUESDAY, JUNE 11
F. Christian Byrnes
11:15 a.m. F3. Security and Risk Management Technologies for Social Media
Andrew Walls
2:00 p.m. F4. CEO Concerns 2013 and the IT Implications Jorge Lopez
4:00 p.m. W8. Workshop: TBA
4:15 p.m. F5./G5. General Session: A Clash of Forces Managing Emerging Risks of the Nexus
G3. A New Way Forward: How to Create a Strategic Road Map for Compliance
John A. Wheeler
G4. Maverick Research: Crowdsource Your Management of Operational Risk
W9. Workshop: IT Risk Management Selecting the Best Assessment Methods and
Tools Jeffrey Wheatman, Khushbu Pratap
WEDNESDAY, JUNE 12
and Never Eat Alone
10:30 a.m. F6./G6. Leadership, Governance and Risk David Marquet, Author of the Award-Winning Book, Turn the Ship Around!; French Caldwell
11:30 a.m. F7. Road Map for Intelligent Information Governance Alan Dayley
G7. Defining Three Segments in the Audit Technology Market Khushbu Pratap
1:45 p.m. F8. Align Governance to Your Organization for Success
Julie Short
4:00 p.m. F9. To the Point: Working With the Board of Directors on Risk and Technology for
Competitive Advantage Jorge Lopez
4:30 p.m. F10. To the Point: Conquering the Last Frontier of Governance With Enterprise Legal
Management John A. Wheeler
G8. Top 5 IT Audit Trends in 2012-2013 Khushbu Pratap

G9. To the Point: Is Your Business Keeping Up With the Changes and Best Practices for
E-Discovery? Alan Dayley
G10. To the Point: Anti-Bribery Fear and Hype Limits and Uses of FCPA Solutions
French Caldwell
THURSDAY, JUNE 13
8:30 a.m. F11. The Four Faces of Governance
G11. Case Study TBA
W15. The Gartner Network Security Architecture Reference Model

9:30 a.m. F12. Ethics at the Nexus of Security, Privacy and Big Data Jay Heiser
G12. Why ERM and GRC Depend on Each Other to Succeed
John A. Wheeler
10:30 a.m. F13. Shrink-Wrap Governance: A Guide to Understanding

G13. Debate: Cyberinsurance Evolution or Revolution?
GRC Software and Services French Caldwell
Paul E. Proctor, John A. Wheeler

EU Energy/Utilities
G Government
H Healthcare
M Manufacturing
AGENDA at a glance
MONDAY, JUNE 10
9:45 a.m. PC3. Now What? How to Use Service Providers to Support SIEM Operations Kelly M. Kavanagh, Mark Nicolett
11:30 a.m. T2. Tutorial: Tell Me, Whats IT GRC Again? (Solutions to Common Challenges) Erik T. Heidt GTP
2:15 p.m. PC8. Road Stories: Lessons Learnt (and Fingers Burnt) in IT Risk Management
Tom Scholtz
Business OF IT SECURITY
4:30 p.m. J1. Global Security Markets: Where Are We Going From Here? Eric Ahlm, Ruggero Contu, Lawrence Pingree
5:30 p.m. J2. Survey Analysis: Examining the Gartner Global 2012 Security Conference Survey Results Eric Ahlm,
Ruggero Contu, Lawrence Pingree
TUESDAY, JUNE 11
11:15 a.m. J3. User Survey Analysis: Security Services Market Trends Eric Ahlm
2:00 p.m. J4. Panel: Security Startups Leading the Way to Success Ruggero Contu, Lawrence Pingree, Gaurav Banga,CEO, Bromiun; Mike Horn, CEO, NetCitadel; Pravin Kothari, CEO,
CipherCloud; George Kurtz, CEO, Crowdstrike; Gordon Shevlin, CEO, Allgress
4:15 p.m. J5. Buyers Are From Mars, Vendors Are From Venus Eric Ahlm, Rob McMillan
Vice President
Andrew Walls , Vice President and Conference Chair; F. Christian Byrnes, Managing
WEDNESDAY, JUNE 12
HC2. Healthcare Moderated Breakfast: BYOD Best Practices in Healthcare Barry Runyon; Irma Fabular (Registration required; end users only.)
and Never Eat Alone
10:30 a.m. J6. Information Security: Process or Technology Which Way Do We Go? Jeffrey Wheatman, Jay Heiser, Anton Chuvakin, Neil MacDonald, Tom Scholtz
11:30 a.m. J7. Management Still Doesnt Get Security (And What You Can Do About That)
Paul E. Proctor
1:45 p.m. J8. TBA

4:00 p.m. J9. To the Point: Security Specialist Career Guide Prosper, Survive or Leave Joseph Feiman
4:30 p.m. J10. The Evolving Security Software Ecosystems: Gartner Predictions for the Markets Future Ruggero Contu
THURSDAY, JUNE 13
8:30 a.m. J11. Security: A Financial Perspective Frank Marsala
9:30 a.m. J12. Gartner Security Market Magic Quadrant Reviews
10:30 a.m. J13. Case Study
Avivah Litan, John Girard, Kelly M. Kavanagh, Neil MacDonald, Joseph Feiman, Mark Nicolett
TBA

EU Energy/Utilities
G Government
H Healthcare
M Manufacturing
REGISTRATION AND PRICING

Gartner events deliver what you need
3 WAYS TO REGISTER
Weve developed conference essentials to ensure that your time at a Gartner

summit results in real value and delivers everything you need efficiently
and effectively.
Web: gartner.com/us/securityrisk
Email: us.registration@gartner.com
Phone: 1 866 405 2511

REGISTER TODAY
Standard price: $2,375
Gartner event tickets
Team Attendance Program:

Leverage more value across your organization
Knowledge creates the capacity for effective action. Imagine the impact on
your organization when knowledge multiplies: common vision, faster
responses, smarter decisions. Thats the Gartner Team Attendance effect.
Youll realize it in full when you attend a Gartner event as a group. Maximize
learning by participating together in relevant sessions. Split up to cover more
ground, sharing your session take-aways later. Leverage the expertise of a
Gartner analyst in a private group meeting.
Team benefits
Complimentary registrations
Team meeting with a Gartner analyst

(end users only)
Role-based agendas
On-site team support: Work with a
single point of contact for on-site
team deliverables
Complimentary registrations
1 for every 3 paid registrations

For more information, email us.teamsend@gartner.com or contact your

Gartner account manager.
Event Approval Tools

For use pre-event, on-site and post-event, our Event Approval Tools make it
easy to demonstrate the substantial value of your Gartner event experience
to your manager. They include a customizable letter, cost-benefit analysis,
top reasons to attend and more. Visit gartner.com/us/securityrisk for details.
EARN CPE CREDITS

Attending the summit helps you advance your continuing professional
education (CPE). Registered participants are eligible to earn CPE
credits toward (ISC)2, ISACA, DRII, and IAPP certification programs.
Learn more at gartner.com/us/securityrisk.
We accept one Gartner summit ticket or one

Gartner Catalyst ticket for payment. If you are
a client with questions about tickets, please
contact your sales representative or call
+1 203 316 1200.
SPECIAL GARTNER
HOTEL ROOM RATE
$247 per night (plus tax) at
Gaylord National Resort and
Convention Center
201 Waterfront Street
National Harbor, MD 20745
Phone: +1 301 965 4000
gaylordhotels.com
43
Gartner, Inc.
56 Top Gallant Road
Stamford, CT 06902-7700
Presorted
Standard
U.S. Postage
PAID
Gartner
PO Box 29307
Shawnee, KS 66201
Take a deep-dive into the full spectrum of

IT security and risk management topics
Change Service Requested
Gartner Security &

Risk Management
Summit 2013
Priority code
June 10 13 | National Harbor, MD

gartner.com/us/securityrisk
Dont Miss Out!
3 WAYS TO REGISTER
Web: gartner.com/us/securityrisk
Email: us.registration@gartner.com
Phone: 1 866 405 2511
ABOUT GARTNER
Gartner is the worlds leading information technology research and advisory
company. We deliver to our clients the technology-related insight and intelligence
necessary to make the right decisions, every day. Our pivotal advantage: More
than 900 analysts delivering independent thinking and actionable guidance to
clients in over 13,000 organizations worldwide the majority from the Fortune
1000 and Global 500. This extensive body of knowledge, insight and expertise
informs all of our 60+ events around the world. You simply wont find this
unique quality of content at any other IT conference. Why? Because no one
understands the impact of technology on global business like we do.
2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a
registered trademark of Gartner, Inc. or its affiliates. For more information,
email info@gartner.com or visit gartner.com.

Gartner Security and Risk MGMNT Summit 2013

Uploaded by

Copyright:

Available Formats

Gartner Security and Risk MGMNT Summit 2013

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Gartner Security and Risk MGMNT Summit 2013

Uploaded by

Copyright:

Available Formats

What are the main topics covered at the summit?

What are the main topics covered at the summit?

What benefits does attending the summit provide?

What benefits does attending the summit provide?

Gartner

Security & Risk Management

FIVE COMPLETE PROGRAMS

Reset Your World: The Evolving Role of Risk

Key benefits of attending

Who should attend

Reset your security and risk strategy to focus on enabling

CIOs, CSOs, CISOs, CTOs, CROs, CPOs

Stay relevant in your role as the Nexus of Forces

Network managers, security executives and directors

Implement BCM best practices to make the business

Enterprise architects and planners

Understand, anticipate and mitigate the risks of new

IT vice presidents, directors and managers

Craft a strategy to deal with emerging BYOD and

Gartner Security & Risk Management Summit 2013

Finance, audit, legal risk and compliance managers

Management and Information Security

Whats new for 2013

Advanced CISO Program that addresses strategic issues for success

Revamped agenda offering more types of sessions

New Mastermind Interview keynote: Steve Bennett, CEO and

New Super Roundtable Session 20 roundtable discussions with your peers

Interaction with more than 120 vendors

MEET ONE-ON-ONE WITH

Five role-based programs for

Gartner Security & Risk Management Summit 2013

Industry Day Perspective Forums

IG1. Case Study: Advanced, Persistent and

IH1. Dont Give Them the Keys to the Kingdom Until

IG2. Critical Infrastructure Protection

IH2. HIPAA Bites: Getting Ready for HIPAA

IH3. Help Save Healthcare: Tackling Fraud and

IG3. Best Practices for Mitigating Advanced

Christina Lucero, Avivah Litan

IF2. Do I Need Cyberinsurance?

Energy/Utilities and Manufacturing

IME2. Supply Chain IT Risk Challenges: What

IF3. Strategic Road Map for Financial Services

IME3. Securing the OT Environment

Earl Perkins, Kristian Steenstrup

IME4. Responsibility and Accountability of

Visit gartner.com/us/securityrisk for agenda updates and to register

Vertical Industry Tracks

Mobility and Security

Social and Security

Gartner Security & Risk Management Summit 2013

Whos Got Your Back: Creating and Developing

As founder and CEO of Ferrazzi Greenlight, Keith Ferrazzi works to transform

The Gartner Mastermind Interview

CEO and Chairman of

The Gartner Five-Year Security and Risk Scenario

CHIEF INFORMATION SECURITY OFFICER (CISO) PROGRAM

Go beyond the CISO fundamentals to

Meet the analysts

Reset your security and risk strategy to focus on enabling

CIOs, CSOs, CISOs, CTOs, CROs, CPOs

Stay relevant in your role as the Nexus of Forces

Implement BCM best practices to make the business

Understand, anticipate and mitigate the risks of new

Craft a strategy to deal with emerging BYOD and

Advanced CISO Program that addresses strategic issues for success

New Mastermind Interview keynote: Steve Bennett, CEO and

A Clash of Forces: Managing Emerging Risks of the Nexus