Compliance 2.0: Next Steps for Security Leadership. A free one-day seminar to build a smarter security program that's ready to pass your next audit

Compliance isn't going away. And while organizations may have met SOX, HIPAA or GLBA requirements, a host of new industry requirements such as PCI, e-discovery and FFIEC are forcing organizations to continue to develop and refine their compliance processes and map their policies and technologies to host new regulations. Steep PCI fines and costs associated with e-discovery is an impetus for organizations to get their security house in order.

What's more, the regulations are changing. PCI is expected to be further refined with new rules mandating application security this year. You need a way to keep track, streamline and apply controls and technologies to map to all aspects of compliance not just one particular initiative.

Attend and discover the common mistakes most organizations make when refining their compliance processes. Plus, you'll learn strategies for mapping technologies and frameworks to these extensive regulations.

Admission is FREE but seating is limited. Apply today.

Session Descriptions

Keynote: Stop chasing compliance: Dealing with today's regulatory demands

In this keynote session, Richard Mackey and our NSS labs specialist lay the foundation of today's regulations to help you integrate compliance into your risk management strategies. They'll explore the hidden secrets of compliance readiness, and help you determine if you need more tactical information or technical knowledge.

Track One: Tactical and Technical

Session 1: Practical approaches to choosing products that help with compliance

Technology isn't the cure-all for your compliance woes but it can help if mapped out and implemented properly. This track explains how you can accurately determine your requirements. Discover you how to:

Determine the protection requirements at various locations within the network
Clarify security and compliance objectives
Prepare for an audit, including justifying products and their configurations
Determine what questions to ask product vendors in order to right-size buying decisions
Defend decisions made in an audit

Session 2: Products in compliance case studies

Review real-world examples of how to map compliance to technology. Through case studies, including an international retail franchise, a medium-sized hospital network, and a large manufacturing organization, you learn how to:

Get the maximum out of products to support sustainable security and compliance programs
Avoid "fad" technologies
Defend product purchasing decisions

Panel Discussion

General Session: Compliance strategy panel

In this session we'll get the perspective of industry vendor experts who advise numerous customers on how to tactically solve PCI compliance challenges. Panelists will be joined by seminar speakers/moderators to explore how to leverage IT security tools to address business compliance imperatives. Topics include:

From the front lines: Vendors relate common customer problems and solutions via case studies
Tips on how to select the right solutions for your enterprise without breaking the bank
The process of "continuous improvement" - how to get better at compliance over time
Technology must-haves for all security-focused compliance tools - reporting, visualization, data capture, etc.

Track Two: Foundational and Strategic

Session 1: The commonalities and differences of today's regulations

Today's regulations require different treatment of information -- SOX is all about integrity and accuracy of financials, not about confidentiality. However, HIPAA and PCI are focused on confidentiality. In this session, Mackey proves that the key to having a strong compliance program is having a framework that can adjust to the demands of various regulations. Attend and discover:

The focus of various regulations (PCI, HIPAA, SOX, and banking regulations)
How regulatory requirements map to security frameworks
The difference between compliance and audit results / validation
Examples of how specific regulations require special treatment of data and operations
How understanding the scope of systems affected by regulations can allow organizations to reduce effort
How a general compliance program helps meet multiple goals

Session 2: Mapping regulatory requirements to policies, processes and technology

In this session, Mackey outlines the various aspects of regulations including data classification and handling, policy and governance, change control and business continuity. He provides tips how to map those items to your policies and processes through:

Training
Data handling
Testing
Compliance activities - audits specific to regulations and contracts
Vulnerability management
Identity and Access control management

General Session: Compliance and Outsourcing: What to Consider

In an interview style Q&A session, Mackey will outline what you need to consider when you outsource services and how those partnerships are subject to regulatory requirements. He'll discuss how to:

Interpret various regulations that address outsourcing partnerships
Create clear SLAs that state the responsibilities of both parties
Review service provider practices
Monitor relationships and establish triggers for further review

Click here to register.

Complete this web registration to reserve your seat today or call or e-mail Chris King at 508-621-5594.

Giveaways

Along with receiving expert advice, complimentary breakfast and lunch, all related seminar materials and a complete PowerPoint presentation with all our speakers' notes and slides, you'll also have the chance to return home with a Sling Media Slingbox SOLO and a Garmin GPS when you attend!