Compliance 2.0: Next Steps for Security Leadership. A free one-day seminar to build a smarter security program that's ready to pass your next audit

Compliance isn't going away. And while organizations may have met SOX, HIPAA or GLBA requirements, a host of new industry requirements such as PCI, e-discovery and FFIEC are forcing organizations to continue to develop and refine their compliance processes and map their policies and technologies to host new regulations. Steep PCI fines and costs associated with e-discovery is an impetus for organizations to get their security house in order.

What's more, the regulations are changing. PCI is expected to be further refined with new rules mandating application security this year. You need a way to keep track, streamline and apply controls and technologies to map to all aspects of compliance not just one particular initiative.

Attend and discover the common mistakes most organizations make when refining their compliance processes. Plus, you'll learn strategies for mapping technologies and frameworks to these extensive regulations.

Admission is FREE but seating is limited. Apply today.

Session Descriptions

Keynote: Stop chasing compliance: Dealing with today's regulatory demands

In this keynote session, Richard Mackey and our SecurityCurve experts lay the foundation of today's regulations to help you integrate compliance into your risk management strategies. They'll explore the hidden secrets of compliance readiness, and help you determine if you need more tactical information or technical knowledge.

Track One: Today's Regulations

Session 1: The commonalities and differences of today's regulations

Today's regulations require different treatment of information -- SOX is all about integrity and accuracy of financials, not about confidentiality. However, HIPAA and PCI are focused on confidentiality. In this session, Mackey proves that the key to having a strong compliance program is having a framework that can adjust to the demands of various regulations. Attend and discover:

  • The focus of various regulations (PCI, HIPAA, SOX, and banking regulations)
  • How regulatory requirements map to security frameworks
  • The difference between compliance and audit results / validation
  • Examples of how specific regulations require special treatment of data and operations
  • How understanding the scope of systems affected by regulations can allow organizations to reduce effort
  • How a general compliance program helps meet multiple goals

Session 2: Mapping regulatory requirements to policies, processes and technology

In this session, Mackey outlines the various aspects of regulations including data classification and handling, policy and governance, change control and business continuity. He provides tips how to map those items to your policies and processes through:

  • Training
  • Data handling
  • Testing
  • Compliance activities - audits specific to regulations and contracts
  • Vulnerability management
  • Identity and Access control management

Panel Discussion

General Session: Compliance strategy panel

In this session we'll get the perspective of industry vendor experts who advise numerous customers on how to tactically solve PCI compliance challenges. Panelists will be joined by seminar speakers/moderators to explore how to leverage IT security tools to address business compliance imperatives. Topics include:

  • From the front lines: Vendors relate common customer problems and solutions via case studies
  • Tips on how to select the right solutions for your enterprise without breaking the bank
  • The process of "continuous improvement" - how to get better at compliance over time
  • Technology must-haves for all security-focused compliance tools - reporting, visualization, data capture, etc.

Track Two: Straight Talk on PCI

Compliance is a necessity for all organizations in the payment process, but how far do merchants need to go in addressing PCI requirements? This track delivers the latest on PCI, advice on how to meet today's PCI compliance challenges, including when implementing compensating controls is sufficient, and how to prepare for the possible changes to come.


Session 1: The PCI Audit: Scope, Zoning, and Requirements 1-6

In this session, Ed Moyle and Diana Kelley review the first six requirements for PCI while showing you how to set the appropriate scope for a compliance assessment.  Learn strategies for defining physical and technical boundaries that help reduce the scope of PCI assessment, saving time, energy and resources.

They explain how to institute a preliminary gap analysis to show where you might be deficient in your audit and how to use the results of the gap analysis to locate potential compensating controls. Save your company money by understanding when implementing compensating controls is sufficient for achieving compliance and when purchasing new solutions is necessary. Review the documentation, procedural and technical implementations for each of the first six requirements:

  • Requirement 1: Firewalls
  • Requirement 2: Vendor-supplied defaults
  • Requirement 3: Protect stored data
  • Requirement 4: Network encryption
  • Requirement 5: Anti-virus software
  • Requirement 6: Develop and Maintain Secure Systems and Applications

Session 2: The PCI Audit: Requirements 7-12

Ed Moyle and Diana Kelley continue assessment of the PCI audit and its requirements by reviewing requirements 7-12. They show you the documentation, procedural and technical implementations for these requirements and conclude with a list of top recommendations for successfully meeting PCI.

  • Requirement 7: Restrict Access to Cardholder Data
  • Requirement 8: Authorization and Authentication
  • Requirement 9: Restrict Physical Access
  • Requirement 10: Track Access
  • Requirement 11: Test Security Systems and Processes
  • Requirement 12: Policy
  • Recommendations for success

 

General Session: Compliance and Outsourcing: What to Consider

In an interview style Q&A session, Mackey will outline what you need to consider when you outsource services and how those partnerships are subject to regulatory requirements. He'll discuss how to:

  • Interpret various regulations that address outsourcing partnerships
  • Create clear SLAs that state the responsibilities of both parties
  • Review service provider practices
  • Monitor relationships and establish triggers for further review

 

Register online to gain FREE admission or call Annabelle Bozin at 508-621-5530 to reserve your seat today.

Click here to register.

Complete this web registration to reserve your seat today or call or e-mail Annabelle Bozin at 508-621-5530.

Giveaways

Along with receiving expert advice, complimentary breakfast and lunch, all related seminar materials and a complete PowerPoint presentation with all our speakers' notes and slides, you'll also have the chance to return home with a Sling Media Slingbox SOLO and a GPS navigation system when you attend!

Event Sponsor

Platinum Sponsor

Gold Sponsor

Silver Sponsors

 

 

Trusted CPE Provider

Keynote Speakers

Richard E. Mackey,
Vice President, SystemExperts View Bio

Diana Kelley,
Partner
SecurityCurve View Bio

Ed Moyle,
Manager
CTG View Bio

Date & Locations

Thursday, Nov 20
Atlanta, GA
Venue: TBD

Tuesday, Nov 25
Toronto, ON
Venue: TBD

Agenda

8:00 am
Registration and Breakfast

8:45 am
Welcome and Introductions

9:00 am
Keynote: Stop Chasing Compliance: Dealing with Today's Regulatory Demands

9:30 am
Track One: Session 1
Track Two: Session 1

10:30 am
Peer Networking / Refreshment Break

11:10 am
Compliance Strategy Panel

11:55 am
Lunch and Exhibits Open

1:10 pm
Track One: Session 2
Track Two: Session 2

2:10 pm
Peer networking / refreshment break

2:30 pm
Compliance and Outsourcing: What to Consider

3:00 pm
IT Governance, Risk and Compliance Process Automation / Grand Prize Giveaway

3:30 pm
Seminar Adjourns