TOPICS:
- Super-Crunching Your Way through Security Metrics
- Governance in the Global Enterprise: Bringing Together Manageable Metrics, Risk, and Compliance
- Going Global: Controlling the Extended organisation
- Data Security: More than the Reach of the Breach
- Conducting Secure Business Over Open Networks
THEMES:
- The Dynamic Data Centre
- The End of Command/Control Is Near
- Security Vital Signs
- Everything Wireless
- Succeeding with SOA
- The New Ways of Work
THEME: Security Vital Signs: Topics
Governance in the Global Enterprise: Bringing Together Manageable Metrics, Risk, and Compliance
What do over 136 academic studies tell us that we don’t already know? That evidence-based quantitative research is almost always better than qualitative, subjective opinions. Measuring things matters. But metrics are unhelpful if they’re not communicated clearly to the right people. Governance is the process that causes these metrics to be translated into something executives can understand and take action in a timely, accurate way. Unfortunately, the tools for such communication are hot market buzzwords—Governance, Risk, and Compliance management (GRC)—that are broad, ill defined, and drive a large amount of vendor messaging.
These sessions will help codify the challenges in a global security organization, clarify the solutions space, and detail how security metrics must play a critical role:
- What are the Top Ten Strategic Security Metrics?
- What is the market landscape for so-called GRC tools?
- How can risk management and compliance be made into regular business units instead of cost centres?
- How to create a controls structure in a geographically dispersed work environment
Data Security: More than the Reach of the Breach
Staying out of the news (bad news, specifically) is an admirable goal. But data security is more than merely avoiding breaches, disclosures, and reputation blemishes. Enterprises have vast data landscapes with varied needs. In the land of data, those who control data are king. Such control includes protection of data in motion, use, and at rest—to be sure—but it also involves classifying, architecting, and discovering information properly. It also requires appropriate technical responses to conflicting compliance requirements: some of which require greater confidentiality and others that require greater availability.
The session will cover:
- How data protection must evolve in a service-oriented application environment
- How organisations are responding to protection requirements from Payment Card Industry (PCI) and other regulations
- Why enterprises should start thinking strategically about encryption and key management
- What data services and information architecture can do to help reduce risk
Conducting Secure Business over Open Networks
For many enterprises the network perimeter firewall is unable to guarantee that only trusted users and traffic are present on the managed network. Network and security vendor attempts to shore up the network with Network Access Control solutions are incomplete and over-hyped. Burton Group experts and customers will propose an overlay architecture approach that shifts defenses to the endpoints, application systems, information systems, and data centres and challenge vendors to justify the value of NAC products and their strategy for building security intelligence into networks.
Topics to be covered include:
- The reasons why a single enterprise perimeter will fail
- Do we really need NAC products?
- How to overlay secure business on untrusted networks
- Learning from NAC projects that failed
- Defending endpoints, applications, information, and data centres
- Burton Group’s architecture for secure networks and secure data centres
- Industry panel to challenge leading network and security vendors on the wisdom of attempts to lock down networks
