VIP Reception - Monday, October 19, 2015
|5:30 - 6:15 pm
||Check In and Networking
|6:20 - 6:25 pm
|6:25 - 6:45 pm
|7:05 - 7:30 pm
Tuesday, October 20, 2015
||Check-in Begins + Networking Breakfast
|8:00 – 8:15 am
||Welcome + Year in Review
|8:15 – 8:25 am
||Setting the Stage: The More You Know…
This brief talk will provide insight about how you may consider the various conference topics to aid you on your security journey. Knowledge of adversaries, threats, and mitigation techniques lead to improved security. No matter what you are securing…if you don’t know your systems AND what your adversaries capabilities are you will lose. This is Sun Tzu 101. Even more so...if you are unaware of your systems and adversaries then your mitigation techniques will be of little to no value. Increased knowledge and awareness ties directly to increased security. With that as a backdrop, some thoughts on how the great conference speakers will help you on your security journey will be shared.
Steen Fjalstad, MS, CISA, CISSP, CGEIT, CRISC, Security and Mitigation, Principal & President for MN ISACA, Midwest Reliability Organization, ISACA, InfraGard
|8:25 – 8:45 am
||The New Executive Order: The Impact on Public and Private Sectors
|8:45 – 8:55 am
||Opening Comments from Title Sponsor
|9:45 – 10:30 am
||Break in Exhibit Area
|10:30 – 11:45 pm
||Panel Discussion - Cyber Security vs Cyber Warfare
When does cyber security become warfare? Our panel of experts from the public and private sectors will explore the distinction between corporate defense against cyber intrusions and nation state defense against foreign aggression. Do these threats originate from different places, or is there a common enemy? Along the spectrum of response options, learn how the Department of Defense determines its course of action, and how the increasing use of corporate cyber-hunters is changing the game.
Todd Rosenblum, Former Principal Deputy Assistant Secretary of Defense for Homeland Defense and Global Security, U.S. Department of Defense; Senior Fellow, The George Washington University Center for Cyber & Homeland Security
Shéna Boswell Crowe, Special Agent, Federal Bureau of Investigation
Adam Meyer, Chief Security Strategist, SurfWatch Labs Inc.
|11:45am – 12:30 pm
||Lunch in Exhibit Hall + Atrium
|1:15 - 2:30 pm
||Panel Discussion - Team-Based Cyber Risk Management Programs
Anthem BlueCross. The IRS. The Houston Astros. They can all testify that cyber attacks damage an organization far beyond the breached data. The ripple effect is felt on your relations with customers, investors, employees and investigators. This expert panel will discuss best practices to bring together a team of stakeholders from across your organization – including information security, legal and communications – to define your organization’s unique risk profile and design a cost-effective, holistic security program that accounts for all forms of risk and, most importantly, prepares you for the inevitable data compromise incident when it does occurs.
Karl Mattson, CISSP, CISM, Senior Fellow, Technological Leadership Institute, University of Minnesota
Adam Meyers, Vice President Intelligence, CrowdStrike, Inc.
|2:30 - 3:00 pm
||Break with dessert in Exhibit Area
|3:00 - 3:20 pm
||Keynote - Cyber Response Strategies
Historically, the National Guard has been activated for State missions to provide emergency-relief support during natural disasters such as floods, earthquakes and forest fires; search and rescue operations. This evolving mission now encompasses cyber. In this session, MG Nash reviews how the MNARNG Cyber Response Strategy extends beyond defending military networks to include Coordination, Train, Advise, and Assist (C/TAA) functions, communication exercises and response exercises to increase NG capacity for accelerated response to a cyber incident.
Major General Richard C. Nash, Adjutant General, Minnesota National Guard
|3:20 - 4:00 pm
||Keynote - Critical Security Controls to reduce Cyber Risk
Security controls are essential for reducing cyber threats yet seem daunting and time consuming to implement. Leading threat research highlights how cyber hygiene through security controls could significantly reduce cyber threats. SANS Critical Security Controls (CSC) has emerged as a risk based list of security controls to mitigate the most common and damaging threats with a cost effective and consistent set of prioritized controls. This presentation evaluates threat report trends that emphasize the need for cyber hygiene, and reviews the CSCs top 20 security controls to reduce cyber risk and increase an organization's operational resilience. Use information to maximize communication efforts to business managers to explain the importance and benefit of implementing security controls.
Col. Stefanie Horvath, MSS, Colonel, MN Army National Guard
|4:00 - 5:30 pm
||Networking Reception in Exhibit Area
|5:00 - 6:00 pm
||Hands-on Tool Workshop available to Full Summit attendees
Wednesday, October 21, 2015
|7:45 – 8:45 am
||CEO Breakfast - Invitation Only
|8:00 – 9:00 am
||Check-in + Light Networking Breakfast
|9:00 – 9:30 am
||Welcome + Scholarship Presentation
|9:30 – 10:20 am
||Keynote – Why the Future Security Operation Center (SOC) must understand its Adversaries and their Intentions
Most Security Operations Centers (SOCs) today focus on detection, remediation and prevention, placing less emphasis on the source of the attack or breach. To be truly effective today, however, SOCs should focus on not just the what and when, but also the who (Threat Actor) and the how and why (Threat Vector). While this holistic intelligence approach is not new to the traditional national security and defense intelligence operations, it is new to Cyber Defense strategies. IBM i2 Enterprise Insight Analysis arms intelligence analysts with game changing investigative and analytical capabilities that perform at speed and scale, to create a comprehensive cyber threat intelligence picture. By combining critical data from both the physical and digital world with cyber event intelligence, organizations can visualize, correlate and analyze cyber data to identify threat actors, their purpose, intentions, employers, sponsors, as well as infrastructure location & weaknesses. This enables them to extend network defense perimeters to asymmetric areas not addressed and conquered by traditional security solutions, and turn their cyber defense strategy into a proactive one.
Michael Kehoe, MBA, Professional, IBM Worldwide IR Enterprise Insight Analysis Leader, IBM
|10:20 – 11:00 am
||Networking Break in Exhibit Area
|11:00 am– 12:15 pm
Panel Discussion - Cyber Intelligence Sharing – Has the Time Finally Come for Real Collaboration?
Cyber security is rarely an area where information sharing is instictive. In the wake of President Obama’s Executive Order on cyber intelligence sharing, how is our nation’s information sharing ecosystem being transformed? Our panel will explore the impact the new requirements are having on organizations at all levels of government and industry, particularly on existing sector-based Information Sharing and Analysis Centers (ISACs).
Chris Buse, CISA, CISSP, Assistant Commissioner and Chief Information Security Officer, State of Minnesota; MS-ISAC Executive Committee Member
Carlos P. Kizzee, JD, LL.M, Executive Director, Defense Security Information Exchange
|12:15 – 1:30 pm
|1:30 – 2:45 pm
||Panel Discussion- What financial, retail and heath care companies can learn from 2015’s data breaches
They say you should never let a good disaster go to waste. After more than eighty million financial, retail and health records were compromised in the first half of 2015, companies found ample opportunity in the aftermath to review and update their data security practices. Today, however, a routine internal IT audit isn’t a sufficient response. The scale of recent incidents has prompted the courts to weigh-in on how companies should be responding. This panel brings together data security experts from the financial, retail and health sectors to discuss key lessons learned from recent data breaches and how they are being impacted by recent court rulings.
Eran Kahana, J.D., Attorney, Maslon LLP; Research Fellow, Stanford Law School; General Counsel and Member of the Board of Directors, InfraGard
Barry Caplin, Vice President + Chief Information Security Officer, Fairview Health Services
Robert E. Booker, Vice President + Chief Information Security Officer, UnitedHealth Group
|2:45 - 3:15 pm
||Break + Dessert in the Exhibit Hall
|4:20 - 5:00 pm
||Closing Summit Remarks