Business Insights

  •  TYPE: Track   DATES: April 18 - April 19, 2012
Conference Tracks

This track is for CIOs, CISOs, IT Managers, and the project managers and IT people who want to better understand the business side of IAM, GRC, and Cloud Security – plus all the ones who are not primarily IT but have to drive the projects in these areas. Learn how IT really can help the business and provide business benefits.

After attending this track you will be able to:

  • Identify the risks of cyber-crime that apply to your industry
  • Deliver actionable recommendation to senior management based on a Structured Risk Identification and Evaluation Process
  • List and explain the reasons why information security is a strategic priority
  • Take steps to successfully implement IAM governance
  • Take steps to successfully manage the use of social media and BYOD within the organization.

This track in total qualifies for up to 14 Group Learning based CPEs depending on the number of sessions you attend.

KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance of individual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registry through its website: www.learningmarket.org

For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at our office's telephone +49 211 23707710, email: lk@kuppingercole.com


Moderators:

Tracks:

Making Information Security a Strategic Priority

Sessions:

Cyber Crime, Cloud, Social Media... - IS Threats for Banks are Constantly Increasing: What should we be doing?

Date: Wednesday, April 18, 2012 Time: 10:30-11:30 Location: Auditorium

Cyber Crime, Cloud, Social Media... - IS Threats for Banks are Constantly Increasing: What should we be doing?
Cyber Crime is the threat we are all facing. The Finance Industry is high on the target list of attackers, but what this session provides is relevant to all industries. Learn about how the situation has changed during the past years. Understand what really is behind the buzzword of APTs (Advanced Persistent Threats). See how to map what happens in Cyber Crime to a standardized risk rating. Look at what to do to mitigate these risks – on the organizational side and technology-wise....

Facing the Online Threats against Retail and Banking Customers - What are the Future Perspectives?
When looking at the risk surface around online threats against retail and banking customers, the question is: What will we do next to mitigate these risks? Some of the approaches like out-of-band are not always as secure as they should be, especially when they end up as in-band authentication. Others are tied to tools like Flash which aren’t supported on all devices. And there is the question of how to deal with that in the backend. How to best implement a risk- and context-based...

IT Strategies and Information Security in Banks - The Regulator´s View

Date: Wednesday, April 18, 2012 Time: 11:30-12:30 Location: Auditorium

IT Strategies and Information Security in Banks - The Regulator´s View
Dr. Markus Held of  BaFin, the German regulator for the finance industry will provide insights in what BaFin expects to find in banks. He will point out expectations concerning technical infrastructure and the related organization for Access Management and SoDs (Segregation of Duties). BaFin has audited a large number of financial institutions and issued expectations on mitigating risks in the circular MaRisk (Minimum Requirements for Risk Management ). This presentation is not only...

How to Address Regulatory Needs Fast and Lean

Making Information Security a Strategic Priority

Sessions:

IAM Governance in the New Commerzbank

Date: Wednesday, April 18, 2012 Time: 14:00-15:00 Location: Auditorium

IAM Governance in the New Commerzbank
After integration of Dresdner Bank, which was completed successfully in spring 2011, a new IAM (Identity & Access Management) governance model has been set up and implemented. Components of this model are governance structures and responsibilities (including processes and raci-matrix); a recertification process for critical application on a risk based assessment and the design and implementation of a new workflow tool for the requesting and approval of access rights. After having...

Munich Re’s Identity & Access Management - Experience Report and Best Practices
In May 2010, Munich Re started a project to define, coordinate and establish compliant, sustainable and efficient IAM processes and policies based on best practices; to provide matching and appropriate IT support for the IAM processes to enhance efficiency and to provide reliable data on Digital Identities. The Quest One Identity Manager (Quest OIM – former Voelcker ActiveEntry V4.2) was implemented and customized to fit into Munich Re’s IAM architecture. One of the main...

Delivering Actionable Recommendations to Senior Management based on a Structured Risk Identification and Evaluation Process

Date: Wednesday, April 18, 2012 Time: 15:00-16:00 Location: Auditorium

Delivering Actionable Recommendations to Senior Management based on a Structured Risk Identification and Evaluation Process
Selling IT projects to the business is complex – even in situations with significant regulatory pressure. One of the reasons is that IT still tends to be too technical. This panel will talk about how to use risk identification and evaluation to translate what IT wants to do into business terms. It is about speaking the language of the business and thinking in risks. It is as well about setting the focus right by understanding the priority of actions to take. Based on that, IT can...

How to successfully get business to participate in IAM and Access Governance
For introducing Access Governance and the underlying core IAM processes, business involvement is mandatory. This process requires guidelines, policies, role models, and especially the definition of ownerships and responsibilities in business. On the other hand, business is somewhat reluctant given that it has to do its business anyway, despite the need for requesting and recertifying access. Different stakeholders in the organization need to be involved to set up these policies: Auditors,...

Identity & Access Management as a Key Element for a Value focused Security Strategy

Date: Wednesday, April 18, 2012 Time: 17:00-18:00 Location: Auditorium

Identity & Access Management as a Key Element for a Value focused Security Strategy
The myriad number of security incidents reported by the media keeps on reminding us, that the risk from being hit by such an attack is increasing and that the damage can be very high. At the same time, IT departments are faced with the need to develop their infrastructure away from purely defensive reactions on threats to a proactively open attitude, aligned with business needs and allowing user driven initiatives like BYOD (Bring Your Own Device) to take place. In this session, you will...

Access Governance Case Study: Friends Life Realizes Quick Time To Value
In order to meet access-related compliance requirements and reduce the risk of security breaches, enterprises around the world have made significant investments in access governance automation software solutions. Many of these companies have experienced fast time to value by implementing solutions that can be easily implemented enabling IT and the business to quickly realize the benefits of automating access governance processes. In this presentation you will hear from Julia Bernal, Group...

Planning, Managing and Governing IAM & Cloud I

Sessions:

VRM and the Intention Economy: Now What?

Date: Thursday, April 19, 2012 Time: 10:30-11:30 Location: Auditorium

VRM and the Intention Economy: Now What?
Doc Searls' vision of VRM just rings true. The common reaction is "Of course that's how things ought to work!" Now with his new book out—The Intention Economy: When Customers Take Charge—the vision is even stronger and clearer. How do we build the intention economy? What infrastructure will undergird it? How will our understanding of identity, privacy, and rights change to support it?  This session will explore the infrastructure for the intention economy and the...

How the API Economy Leverages our Capabilities for Delivering Business Services

Date: Thursday, April 19, 2012 Time: 11:30-12:30 Location: Auditorium

How the API Economy Leverages our Capabilities for Delivering Business Services
The KuppingerCole IT Model describes how IT can deliver the services business really needs, by managing, orchestrating, and securing services from different providers and deployment models. The API Economy is a key enabler for that model because this is what provides the granularity customers are requesting. It allows customers to use APIs for granular services when they need them instead of relying only on big, fat SaaS applications. The API Economy gives customers the choice – from...

API Economy: The Consumer View
There are two sides of the API Economy: The Provider view which focus on delivering Cloud Services and exposing the APIs. And the Consumer view, which makes use of these services. When looking at the consumers, there are two types: The one are the real consumers, e.g. the organizations building business services by orchestrating the exposed services – by making use of the API Economy. They pay for the ability to build better business services by using those APIs, paid or for free....

API Economy: The Provider View
The other side of the API Economy is about the providers. Why should providers support this concept? Why should they expose APIs and which ones? How to manage them? How to make money out of it? What does this mean for the business model in contrast to offering big fat SaaS applications? And is there a new, emerging market for small and specialized vendors of only a few services? How to deal with security and accounting? What about meeting service levels in heavily orchestrated environments...

Planning, Managing and Governing IAM & Cloud II

Sessions:

From Virtualization to the Cloud and Beyond

Date: Thursday, April 19, 2012 Time: 14:00-15:00 Location: Auditorium

From Virtualization to the Cloud and Beyond
Many companies have started virtualization quite a while ago. Nevertheless, they still frequently are in the first wave of virtualization, focusing on Windows servers and their virtualization. The second wave with virtualizing business-critical applications is still at the beginning in many data centers. These systems often have a continuously high workload, so the benefit of reducing the number of servers is somewhat limited. And they are business-critical, so touching them is something...

Security for Virtualized Environments, Privileged Users and PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is one of the most detailed compliance requirements published to date. A new version was released in October of 2010 along with supplemental guidance for virtual environments. In this session leading access control and endpoint security vendors will provide their insight on emerging compliance solutions and strategies for virtualization and PCI compliance. The session will also address PCI DSS requirements with an emphasis on their...

What Federation is About – in Theory and in Practice

Date: Thursday, April 19, 2012 Time: 15:00-16:00 Location: Auditorium

What Federation is About – in Theory and in Practice
Synchronization of Identities and their distribution to many different identity stores is a common approach in IAM. However, Federation is gaining momentum massively – and that will further increase with the growth in Cloud Computing. However, even there you’ll find synchronization approaches, like the ones supported by the upcoming SCIM standard. Finding the balance between Federation and Synchronization is an art of itself. In this session, you’ll learn how to deal with...

Federation or Synchronization – the Future of the Cloud
In this panel industry experts will discuss the evolution in the cloud. For quite a while, SAML was the de-facto standard. Right now, other lightweight approaches (with somewhat different features) like OAuth are gaining momentum as well as SCIM, which supports the proprietary APIs of cloud services. What is the future? Will some approach win or will they co-exist? What fits really to the needs of the customer? Or do we need fundamentally different approaches?

Exchanging Metadata through Different Federations on a Global Scale
One of the most successful advancements in IT within the education and research sector in recent years has been the emergence of identity federations. There are now over 27 identity federations worldwide, operating a very successful standards-based solution for access and identity transactions. The REFEDs group, coordinated by TERENA, is a working group representing all of these federations. REFEDs is actively developing new tools and concepts to improve and enhance the work of identity...

Database Firewalls: Advancing Security for Enterprise Data

Date: Thursday, April 19, 2012 Time: 16:30-17:30 Location: Auditorium

Database Firewalls: Advancing Security for Enterprise Data
Millions of organizations worldwide have been breached using SQL injection attacks. Network firewalls protect networks, however, they fail to protect the target of these attacks: data. Two thirds of critical data in organizations resides in databases, and hence the need for protecting databases. In this session, we will look into the will describe this new product category, typical capabilities, how they work with other firewalls, and successes in protecting data and addressing...

Best Practice: Database Security

Quick Links

Stay Connected

Information

Congress

European Identity & Cloud Conference 2012

Language:
English
Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
lk@kuppingercole.com
  • Apr 17 - 20, 2012 Munich, Germany

Partners

The European Identity & Cloud Conference 2012 is proud to present a large number of partners
Learn more

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00