IT Risk Management – Virtual Summit

12 December 2018
10:00 AM – 2 :00 PM EST

SESSION 1
10:05 AM – 11:05 AM

How Security Ratings Allow You to Prioritize Your

Risk Management Efforts

Today, navigating the evolving cyber threat landscape is critical—

and understanding your ecosystem's security posture is the starting
point. Security ratings are a key tool to do this. Gartner estimates
that "by 2020, cybersecurity ratings will become as important as
credit ratings when assessing the risk of business relationships."

Security ratings play a critical part in shaping risk management

programs today and also complement existing risk assessments. In
Nurah Muhamad this session, we will delve into what security ratings are and how to
CSM Manager leverage them to prioritize your risk management efforts internally.
BitSight
In this session, Nurah Muhamad (Manager, Customer Success) and
Chris Poulin (Principal Consulting Engineer) will discuss:

● How to use security ratings to prioritize your risk management

and mitigation efforts within your organization.
● How to leverage security ratings within your cyber risk
management program, as well as how to utilize them to
complement your existing risk assessment processes.
● How security ratings can help you map your risk management
program to certain frameworks, like NIST and ISO.

Chris Poulin
Principal Consulting Engineer
BitSight

Session Break – 11:05 AM – 11:15 AM

 IT Risk Management – Virtual Summit
12 December 2018
10:00 AM – 2 :00 PM EST

SESSION 2
12:15 AM – 12:15 PM

Want Better Management of Security Risk?

Live Where Your People Live

Expecting your (relatively) small staff of security specialists we all have to

handle security, risk management, and good governance entirely on their
own is a recipe for disaster. While specialists are critical to ensuring products
and processes are designed well, promote security, and ease compliance,
real security and good governance requires dissemination of knowledge
throughout the organization. To truly understand what you are securing, and
who does that work, you have to play in their sandbox, integrate into their
existing processes, remove overhead wherever possible, and gather that
Julia Knecht data, data, data… did I mention the data? To scale, push knowledge and
Manager of Security and requirements downstream as much as possible, in the language your teams
Privacy Architecture can use.
Adobe Experience Cloud
To scale to properly meet evolving risk management and compliance
challenges, your own teams need to operate as a service. Automate
processes wherever possible to help capture the necessary data to ensure
good security is happening – and constantly evolve and improve the quality
of that information to ensure it is driving expected behavior. Flow that data
into simple dashboards that can help executives understand that things are
really working as expected, and where they need to take action. After all, if
you can't explain it simply, you don't understand it well enough. In this talk
you’ll learn from Julia how Adobe was able to make this work in relatively
short order and how you can take all of the best practices we learned and
developed back to your organization and create your own “culture of
security.”

Session Break – 12:15 PM – 12:25 PM

 IT Risk Management – Virtual Summit
12 December 2018
10:00 AM – 2 :00 PM EST

SESSION 3
12:25 PM – 1:25 PM

How to Provide a 360° View of the

Biggest IT Risks and Vulnerabilities

Organizations are looking to efficiently manage their risks, arising from

numerous compliance regulations, standards, internal policies, and
threats. IT teams are managing vast ecosystems of devices and users,
which are causing the severity of threats to multiply. Therefore,
establishing proper governance and oversight allows you to carefully
assess risks to ensure they are informed by effective controls,
procedures and policies.

To establish proper governance and oversight—that allows you to

assess risk that is informed by effective controls, procedures, and
Phil Shomura policies—IT leaders need to ensure they have the right technology in
Senior Product Manager place. A centralized IT GRC platform ultimately provides oversight of all
ACL risks and vulnerabilities, connecting data from your entire ecosystem
and providing assurance that issues and threats are being remediated.

SESSION 4
1:25 PM – 2:00 PM

Interactive Panel Discussion