Legal & GRC
- TYPE: Track DATES: April 18 - April 19, 2012
CIO, CISO, Data Protection Officers, Risk and Compliance Officers, Internal Audit, line managers and project managers confronted with the legal and GRC issues, as well as all the ones involved in Access Governance, IT GRC, and Business GRC projects. Learn what to look at from the legal perspective and how to build a real Enterprise GRC covering all types of risks and integrating the Business and IT view of GRC.
After attending this track you will be able to:
- Define how the new EU rules on data protection will impact the way companies use and transfer personal data.
- Negotiate a good cloud service contract and recognize the pitfalls in standard cloud contracts.
- Describe how the EU handles personal data and how this will evolve into the future.
- Identify your critical information assets as the first step to quantify, and manage the risk of information access in the cloud environment.
- Describe the steps necessary to move to the next level of access governance.
This track in total qualifies for up to 14 Group Learning based CPEs depending on the number of sessions you attend.
 |
KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance of individual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registry through its website: www.learningmarket.org For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at our office's telephone +49 211 23707710, email: lk@kuppingercole.com |
Moderators:
Tracks:
Cloud Legal, Privacy, Data Protection I
Sessions:
New EU Data Protection Rules: What will cause the most Pain, who will suffer and how can you gear up for them?
Date: Wednesday, April 18, 2012 Time: 10:30-11:30
Location: Ammersee 2
New EU Data Protection Rules: What will cause the most Pain, who will suffer and how can you gear up for them?
A draft of the new "General Data Protection Regulation" has officially been published in January 2012. The draft Regulation intends greater harmonisation but will also bring a radical change to the existing legal framework and a significantly stricter data protection regime, requiring more action by companies with tough penalties of up to 2% of the annual worldwide turnover for the most serious data protection violations. In this session, you will receive an overview of the new rules and...
Unwanted Automated Profiling
Date: Wednesday, April 18, 2012 Time: 11:30-12:30
Location: Ammersee 2
Unwanted Automated Profiling
Privacy Governance in Software Organizations
Understanding business models that treat citizens’ personal data as the online platforms’ new business asset class, is key to helping users maintain their online privacy. Never before has it been as easy for software organizations to collect and link personal data across hundreds of daily user transactions. In this talk we review online platforms’ business models, recent guidelines for privacy governance for software organizations, and emerging guidelines at the level of...
Cloud Legal, Privacy, Data Protection II
Sessions:
Avoiding hidden Clauses and other Pitfalls - How to Deal a Good Cloud Service Contract
Date: Wednesday, April 18, 2012 Time: 14:00-15:00
Location: Galerie
Avoiding hidden Clauses and other Pitfalls - How to Deal a Good Cloud Service Contract
Like with all other immature and rapidly developing markets, there often is a significant difference between the expectations customers have when they contract a cloud computing service, and the reality of what they would get as one of many clients through some kind of standard contract. In this session, you will first and foremost learn, that most if not nearly all existing standard contracts from large cloud providers are crap, and how you easily can find out that they are crap, what your...
Identity Provider Business Models
Date: Wednesday, April 18, 2012 Time: 15:00-16:00
Location: Galerie
Identity Provider Business Models
Connecting who we are in the physical world to our online identity is at the center of some of today’s most important technical, commercial and policy issues. Verifying who we are, whether on the Internet, phone or watching television touches what we care about most; our security, privacy and how we do business. This agenda “unpacks” identity by reviewing the status of key identity standards like SAML, OAuth 2,0, OpenID Connect and Account Chooser by focusing on the roles...
Sociality by Design: How Google, Facebook & Co. can reconcile Privacy and Profit
Privacy and security as well as financial interests in developing and selling digital services and products can be united and end up in a win-win-situation. From a socio-scientific point of view there is no necessity for entrenched positions. When we talk about Privacy by Design, we can even strive towards Sociality by Design to achieve integrated satisfaction of every group of people involved in this process.
The talk will show that it is necessary to open up discussion, focus on...
How the EU handles Citizen Privacy at Present and how it will evolve in the Future
Date: Wednesday, April 18, 2012 Time: 17:00-18:00
Location: Galerie
How the EU handles Citizen Privacy at Present and how it will evolve in the Future
Modern public administration involves an inherent conflict between better responsiveness to citizens as clients and effective collaboration with them as partners, given the role of government as data caretakers. Service provisioning to citizens as customers requires flexibility, yet the usage of data to serve these customers has to meet with regulatory policy and good common sense on data privacy.
The changing nature of our relationship as citizens with our different levels of government...
Panel: The Future of Citizen Privacy
Governance, Risk Management & Compliance (GRC)
Sessions:
How to Mature GRC Processes Before you Buy a GRC Tool
Date: Thursday, April 19, 2012 Time: 10:30-11:30
Location: Galerie
How to Mature GRC Processes Before you Buy a GRC Tool
GRC projects quickly tend to struggle once it becomes obvious that there is a lack of clearly defined processes and responsibilities. Unfortunately, that still happens in a large number of these projects. The session will focus on what you need to define before without ending up in endless organizational projects. It is about the balance between moving forward quickly (and moving into the right direction) without missing to build the organizational foundation for a successful GRC...
Best Practice: IAM in a Complex and Security-Driven Environment
T-Systems standardizes Identity and Account Management processes and thereby reduces costs. With this motto, T-Systems has established secure and optimum process handling by means of a new and integrated Identity and Access Management solution. This slot will show the background and success of the project.
T-Systems employees now have the option of requesting access to applications online via a Web front-end in a user management tool based on syscovery Savvy Suite. The introduced standard...
Identifying your Critical Information Assets. Moving from System Security to Information Security
Date: Thursday, April 19, 2012 Time: 11:30-12:30
Location: Galerie
Identifying your Critical Information Assets. Moving from System Security to Information Security
Classical IT-Security is centered around the assets governed by the IT organization, and therefore in reality information security and IT security are used to describe that same thing. Protecting the assets of the IT organization is good, but at the end the real value of security is to protect the assets that are important for the overall organization. This becomes obvious when IT services more and more move into the Cloud, and users more and more bring their own devices to work with. Who...
Managing Cloud Computing Access Risks
Today’s cloud architecture increases the risk of access to a company’s critical data, such as intellectual property, personal privacy information, cardholder data, health information, financial data, etc. As a result, companies are asking themselves how do they ensure that their organization's most critical information is in the hands of the right individuals and that they're doing the right things with it?
During this panel session, we’ll outline what organizations need...
Governance, Risk Management & Compliance (GRC) II
Sessions:
Beyond the Pioneer Approaches - The next Level in Access Governance and Risk
Date: Thursday, April 19, 2012 Time: 14:00-15:00
Location: Galerie
Beyond the Pioneer Approaches - The next Level in Access Governance and Risk
Access Governance right now is a well-established technology, playing a central role in many Identity and Access Management environments. But despite to its increased use, it is still an emerging market, with a lot of innovation. There are five major trends in the market:
adding provisioning technology or improving interfaces to provisioning systems and Enterprise Service Bus systems for connectivity to target systems
improved analytical capabilities, using advanced business...
Integrating GRC Frameworks and Practices
Date: Thursday, April 19, 2012 Time: 15:00-16:00
Location: Galerie
Integrating GRC Frameworks and Practices
Although Cloud Computing has been helping enterprises to start improving the business value for invested money equation, most of the responsible professionals are still facing the same problems:
Too much risk for the value we are getting
Projects out of time and out of budget
Decisionmaking is too slow
Protection Levels and recoverability are outdated before going into production
Compliance as a surprise
All this costs money. In this session, you will get an overview...
Best Practice Experiences on how to Convince your Application Developers to Code Securely
How to get them using the standardized Application Security Infrastructure you provide.
Siemens HRS - Compliant Identity Management for Global HR Services and Applications
Date: Thursday, April 19, 2012 Time: 16:30-17:30
Location: Galerie
Siemens HRS - Compliant Identity Management for Global HR Services and Applications
Siemens CIT Human Resources Solutions provides national and international IT applications for every individual key aspect in Siemens’ HR environment.
Compliant, secure and effective management of user accounts and roles is required to fulfill the strong legal regulations and operational requirements.
With its DirX Service HRS operates an Identity and Access Management System for request, reactivation, modification and deactivation of user accounts in various systems and cloud...
How to Deliver Business Value through your IAM Solution
The Europol IAM initiative started back in 2007 with the analysis of requirements and strategic planning, involving all key business stakeholders. Based on the results of this analysis and the strategic drivers identified, the implementation started in a phased process consisting of eight releases until now which has reached its current level of maturity. The solution nowadays serves a wide range of different groups of users, from internal employees of Europol, to the member state users and...
New EU Data Protection Rules: What will cause the most Pain, who will suffer and how can you gear up for them?
Date: Wednesday, April 18, 2012 Time: 10:30-11:30
Location: Ammersee 2
New EU Data Protection Rules: What will cause the most Pain, who will suffer and how can you gear up for them?
A draft of the new "General Data Protection Regulation" has officially been published in January 2012. The draft Regulation intends greater harmonisation but will also bring a radical change to the existing legal framework and a significantly stricter data protection regime, requiring more action by companies with tough penalties of up to 2% of the annual worldwide turnover for the most serious data protection violations. In this session, you will receive an overview of the new rules and...
Unwanted Automated Profiling
Date: Wednesday, April 18, 2012 Time: 11:30-12:30
Location: Ammersee 2
Unwanted Automated Profiling
Privacy Governance in Software Organizations
Understanding business models that treat citizens’ personal data as the online platforms’ new business asset class, is key to helping users maintain their online privacy. Never before has it been as easy for software organizations to collect and link personal data across hundreds of daily user transactions. In this talk we review online platforms’ business models, recent guidelines for privacy governance for software organizations, and emerging guidelines at the level of...
Sessions:
Avoiding hidden Clauses and other Pitfalls - How to Deal a Good Cloud Service Contract
Date: Wednesday, April 18, 2012 Time: 14:00-15:00
Location: Galerie
Avoiding hidden Clauses and other Pitfalls - How to Deal a Good Cloud Service Contract
Like with all other immature and rapidly developing markets, there often is a significant difference between the expectations customers have when they contract a cloud computing service, and the reality of what they would get as one of many clients through some kind of standard contract. In this session, you will first and foremost learn, that most if not nearly all existing standard contracts from large cloud providers are crap, and how you easily can find out that they are crap, what your...
Identity Provider Business Models
Date: Wednesday, April 18, 2012 Time: 15:00-16:00
Location: Galerie
Identity Provider Business Models
Connecting who we are in the physical world to our online identity is at the center of some of today’s most important technical, commercial and policy issues. Verifying who we are, whether on the Internet, phone or watching television touches what we care about most; our security, privacy and how we do business. This agenda “unpacks” identity by reviewing the status of key identity standards like SAML, OAuth 2,0, OpenID Connect and Account Chooser by focusing on the roles...
Sociality by Design: How Google, Facebook & Co. can reconcile Privacy and Profit
Privacy and security as well as financial interests in developing and selling digital services and products can be united and end up in a win-win-situation. From a socio-scientific point of view there is no necessity for entrenched positions. When we talk about Privacy by Design, we can even strive towards Sociality by Design to achieve integrated satisfaction of every group of people involved in this process.
The talk will show that it is necessary to open up discussion, focus on...
How the EU handles Citizen Privacy at Present and how it will evolve in the Future
Date: Wednesday, April 18, 2012 Time: 17:00-18:00
Location: Galerie
How the EU handles Citizen Privacy at Present and how it will evolve in the Future
Modern public administration involves an inherent conflict between better responsiveness to citizens as clients and effective collaboration with them as partners, given the role of government as data caretakers. Service provisioning to citizens as customers requires flexibility, yet the usage of data to serve these customers has to meet with regulatory policy and good common sense on data privacy.
The changing nature of our relationship as citizens with our different levels of government...
Panel: The Future of Citizen Privacy
Governance, Risk Management & Compliance (GRC)
Sessions:
How to Mature GRC Processes Before you Buy a GRC Tool
Date: Thursday, April 19, 2012 Time: 10:30-11:30
Location: Galerie
How to Mature GRC Processes Before you Buy a GRC Tool
GRC projects quickly tend to struggle once it becomes obvious that there is a lack of clearly defined processes and responsibilities. Unfortunately, that still happens in a large number of these projects. The session will focus on what you need to define before without ending up in endless organizational projects. It is about the balance between moving forward quickly (and moving into the right direction) without missing to build the organizational foundation for a successful GRC...
Best Practice: IAM in a Complex and Security-Driven Environment
T-Systems standardizes Identity and Account Management processes and thereby reduces costs. With this motto, T-Systems has established secure and optimum process handling by means of a new and integrated Identity and Access Management solution. This slot will show the background and success of the project.
T-Systems employees now have the option of requesting access to applications online via a Web front-end in a user management tool based on syscovery Savvy Suite. The introduced standard...
Identifying your Critical Information Assets. Moving from System Security to Information Security
Date: Thursday, April 19, 2012 Time: 11:30-12:30
Location: Galerie
Identifying your Critical Information Assets. Moving from System Security to Information Security
Classical IT-Security is centered around the assets governed by the IT organization, and therefore in reality information security and IT security are used to describe that same thing. Protecting the assets of the IT organization is good, but at the end the real value of security is to protect the assets that are important for the overall organization. This becomes obvious when IT services more and more move into the Cloud, and users more and more bring their own devices to work with. Who...
Managing Cloud Computing Access Risks
Today’s cloud architecture increases the risk of access to a company’s critical data, such as intellectual property, personal privacy information, cardholder data, health information, financial data, etc. As a result, companies are asking themselves how do they ensure that their organization's most critical information is in the hands of the right individuals and that they're doing the right things with it?
During this panel session, we’ll outline what organizations need...
Governance, Risk Management & Compliance (GRC) II
Sessions:
Beyond the Pioneer Approaches - The next Level in Access Governance and Risk
Date: Thursday, April 19, 2012 Time: 14:00-15:00
Location: Galerie
Beyond the Pioneer Approaches - The next Level in Access Governance and Risk
Access Governance right now is a well-established technology, playing a central role in many Identity and Access Management environments. But despite to its increased use, it is still an emerging market, with a lot of innovation. There are five major trends in the market:
adding provisioning technology or improving interfaces to provisioning systems and Enterprise Service Bus systems for connectivity to target systems
improved analytical capabilities, using advanced business...
Integrating GRC Frameworks and Practices
Date: Thursday, April 19, 2012 Time: 15:00-16:00
Location: Galerie
Integrating GRC Frameworks and Practices
Although Cloud Computing has been helping enterprises to start improving the business value for invested money equation, most of the responsible professionals are still facing the same problems:
Too much risk for the value we are getting
Projects out of time and out of budget
Decisionmaking is too slow
Protection Levels and recoverability are outdated before going into production
Compliance as a surprise
All this costs money. In this session, you will get an overview...
Best Practice Experiences on how to Convince your Application Developers to Code Securely
How to get them using the standardized Application Security Infrastructure you provide.
Siemens HRS - Compliant Identity Management for Global HR Services and Applications
Date: Thursday, April 19, 2012 Time: 16:30-17:30
Location: Galerie
Siemens HRS - Compliant Identity Management for Global HR Services and Applications
Siemens CIT Human Resources Solutions provides national and international IT applications for every individual key aspect in Siemens’ HR environment.
Compliant, secure and effective management of user accounts and roles is required to fulfill the strong legal regulations and operational requirements.
With its DirX Service HRS operates an Identity and Access Management System for request, reactivation, modification and deactivation of user accounts in various systems and cloud...
How to Deliver Business Value through your IAM Solution
The Europol IAM initiative started back in 2007 with the analysis of requirements and strategic planning, involving all key business stakeholders. Based on the results of this analysis and the strategic drivers identified, the implementation started in a phased process consisting of eight releases until now which has reached its current level of maturity. The solution nowadays serves a wide range of different groups of users, from internal employees of Europol, to the member state users and...
How to Mature GRC Processes Before you Buy a GRC Tool
Date: Thursday, April 19, 2012 Time: 10:30-11:30
Location: Galerie
How to Mature GRC Processes Before you Buy a GRC Tool
GRC projects quickly tend to struggle once it becomes obvious that there is a lack of clearly defined processes and responsibilities. Unfortunately, that still happens in a large number of these projects. The session will focus on what you need to define before without ending up in endless organizational projects. It is about the balance between moving forward quickly (and moving into the right direction) without missing to build the organizational foundation for a successful GRC...
Best Practice: IAM in a Complex and Security-Driven Environment
T-Systems standardizes Identity and Account Management processes and thereby reduces costs. With this motto, T-Systems has established secure and optimum process handling by means of a new and integrated Identity and Access Management solution. This slot will show the background and success of the project.
T-Systems employees now have the option of requesting access to applications online via a Web front-end in a user management tool based on syscovery Savvy Suite. The introduced standard...
Identifying your Critical Information Assets. Moving from System Security to Information Security
Date: Thursday, April 19, 2012 Time: 11:30-12:30
Location: Galerie
Identifying your Critical Information Assets. Moving from System Security to Information Security
Classical IT-Security is centered around the assets governed by the IT organization, and therefore in reality information security and IT security are used to describe that same thing. Protecting the assets of the IT organization is good, but at the end the real value of security is to protect the assets that are important for the overall organization. This becomes obvious when IT services more and more move into the Cloud, and users more and more bring their own devices to work with. Who...
Managing Cloud Computing Access Risks
Today’s cloud architecture increases the risk of access to a company’s critical data, such as intellectual property, personal privacy information, cardholder data, health information, financial data, etc. As a result, companies are asking themselves how do they ensure that their organization's most critical information is in the hands of the right individuals and that they're doing the right things with it?
During this panel session, we’ll outline what organizations need...
Sessions:
Beyond the Pioneer Approaches - The next Level in Access Governance and Risk
Date: Thursday, April 19, 2012 Time: 14:00-15:00
Location: Galerie
Beyond the Pioneer Approaches - The next Level in Access Governance and Risk
Access Governance right now is a well-established technology, playing a central role in many Identity and Access Management environments. But despite to its increased use, it is still an emerging market, with a lot of innovation. There are five major trends in the market:
adding provisioning technology or improving interfaces to provisioning systems and Enterprise Service Bus systems for connectivity to target systems
improved analytical capabilities, using advanced business...
Integrating GRC Frameworks and Practices
Date: Thursday, April 19, 2012 Time: 15:00-16:00
Location: Galerie
Integrating GRC Frameworks and Practices
Although Cloud Computing has been helping enterprises to start improving the business value for invested money equation, most of the responsible professionals are still facing the same problems:
Too much risk for the value we are getting
Projects out of time and out of budget
Decisionmaking is too slow
Protection Levels and recoverability are outdated before going into production
Compliance as a surprise
All this costs money. In this session, you will get an overview...
Best Practice Experiences on how to Convince your Application Developers to Code Securely
How to get them using the standardized Application Security Infrastructure you provide.
Siemens HRS - Compliant Identity Management for Global HR Services and Applications
Date: Thursday, April 19, 2012 Time: 16:30-17:30
Location: Galerie
Siemens HRS - Compliant Identity Management for Global HR Services and Applications
Siemens CIT Human Resources Solutions provides national and international IT applications for every individual key aspect in Siemens’ HR environment.
Compliant, secure and effective management of user accounts and roles is required to fulfill the strong legal regulations and operational requirements.
With its DirX Service HRS operates an Identity and Access Management System for request, reactivation, modification and deactivation of user accounts in various systems and cloud...
How to Deliver Business Value through your IAM Solution
The Europol IAM initiative started back in 2007 with the analysis of requirements and strategic planning, involving all key business stakeholders. Based on the results of this analysis and the strategic drivers identified, the implementation started in a phased process consisting of eight releases until now which has reached its current level of maturity. The solution nowadays serves a wide range of different groups of users, from internal employees of Europol, to the member state users and...
Quick Links
Stay Connected
Information
European Identity & Cloud Conference 2012
- Language:
- English
- Registration fee:
-
€1980.00
$2475.00
S$3168.00
INVOICE
- Contact person:
-
Mr. Levent Kara
+49 211 23707710
lk@kuppingercole.com
- Apr 17 - 20, 2012 Munich, Germany
Partners
The European Identity & Cloud Conference 2012 is proud to present a large number of partners
Learn more