RSA Archer GRC Summit 2012 Program Guide - Dell EMC thank you for your support of RSA Archer GRC...

PROGRAM GUIDE

June 5–7, 2012Chicago, IL

1

Contents Welcome to RSA Archer GRC Summit 2012 ............................................................................................... 2

GENERAL INFORMATION ...................................................................................................................... 3

Registration Hours ................................................................................................................................ 3

Summit Badges ..................................................................................................................................... 3

Internet ................................................................................................................................................. 3

Onsite Contacts ..................................................................................................................................... 3

Partner Pavilion ..................................................................................................................................... 3

EMC GRC Showcase .............................................................................................................................. 4

Awards .................................................................................................................................................. 4

Community Lounge ............................................................................................................................... 4

Welcome Reception .............................................................................................................................. 4

Networking Dinner ................................................................................................................................ 5

First Time Attendee Orientation ........................................................................................................... 5

Scheduling a Meeting ............................................................................................................................ 5

Availability of Session Recordings and Presentations ........................................................................... 5

Transportation / Directions................................................................................................................... 6

AGENDA AT A GLANCE ......................................................................................................................... 7

Tuesday, June 5......................................................................................................................................................... 7

Wednesday, June 6 .................................................................................................................................................. 8

Thursday, June 7 ..................................................................................................................................................... 10

SESSION DESCRIPTIONS ..................................................................................................................... 12

Tuesday, June 5....................................................................................................................................................... 12

Wednesday, June 6 ................................................................................................................................................. 16

Thursday, June 7 ..................................................................................................................................................... 28

SPEAKER BIOGRAPHIES .................................................................................................................... 37

SPONSORS .............................................................................................................................................. 50

2

Welcome to RSA Archer GRC Summit 2012 Each year, the RSA Archer GRC Summit brings together the issues, challenges, resources and revolutionary thinking from across our dynamic and maturing industry, all in one place. Whether you’re a returning attendee or new to the Summit, you’re in for three days of thought-provoking discussion, debate and discovery. We’ve endeavored to make this the best Summit to date, as we’ve rounded up preeminent experts to bring you the knowledge you will need to further govern, protect and lead your organization. There are a myriad of resources to keep you abreast of the state of the GRC ecosystem with breakout sessions including three new tracks geared toward the Process Owner, Technical Owner and RSA Archer thought leadership. Join stimulating discussions with the contemporaries in your discipline—whether at the breakout sessions, the Industry Roundtables, Working Groups or during an impromptu chat during network breaks and special evening events. Spend some time exploring and discovering valuable technologies in the EMC GRC Showcase, visit the Community Lounge for a test drive and spend time visiting the Partner Pavilion. Our goal is to foster and strengthen our Community by providing the collaborative environment to learn and share—enabling you to take home the tools you need to tackle the very real issues that you’re faced with each day. We are excited about this year’s Summit program and look forward to the conversations ahead. We thank you for your support of RSA Archer GRC Summit 2012; it’s your commitment to learning and sharing that unites us. Sincerely,

David Walter 2012 Program Chair

3

GENERAL INFORMATION Registration Hours Tuesday, June 5th 9:00 AM – 5:00 PM Wednesday, June 6th 7:30 AM – 6:00 PM Thursday, June 7th 8:00 AM – 4:30 PM

Summit Badges Summit badges will be issued at the registration desk during registration hours. Photo identification will be required to retrieve your badges. Your badge will provide access to all sessions and we ask that you wear your badge throughout the Summit, including all evening events.

Internet Guest rooms: Special Summit in-room wireless access rate is $1/day. Public areas: There is complimentary wireless access in the hotel lobby and on the 2nd floor

around the tables overlooking the main floor.

Emergency Contact Information Dial 911 for all emergencies.

Onsite Contacts Event Logistics Cathy Long 978-994-9681 Partner Pavilion Ann King 508-265-1430 Community Lounge Denise Sposato 913-200-8437 Housing Becky Kavanagh 650-245-2916 Transportation Lori Kane 978-407-2932 Shipping Please visit the onsite FedEx Kinko’s on the 2nd Floor.

In addition to the above contacts, we’ll have concierge service available at the Summit registration desk (7th floor foyer). Have a question on which session would be most suited to your interest? We can help. Looking for a recommendation for dinner? We can help. Please allow us to assist you.

Partner Pavilion RSA extends a special thank you to all the companies who are sponsoring this year’s RSA Archer GRC Summit. Attendees will hear many of the sponsors present and interact with them during “Birds of a Feather” discussions. Please stop by the Partner Pavilion to learn more about their GRC products and services.

4

EMC GRC Showcase This year we are launching an EMC GRC Showcase. The idea is simple; provide our customers with a view of the breadth of EMC GRC offerings, all of which are integrated into the RSA Archer GRC Platform and Solutions. Representative Demonstrations:

· RSA Archer eGRC Platform v5.2 · RSA Security Management and Compliance Solutions · RSA Archer for Private and Public Cloud · Configuration Compliance with RSA Archer · Backup Recovery and Archive Solutions · eDiscovery, Cyber Response, and Digital Investigations · RSA Archer Professional Services · EMC GRC Advisory Services · EMC Office of the CTO: GRC Standards Leadership

Awards Each year at the RSA Archer GRC Summit, the RSA Archer Community honors companies that are implementing RSA Archer’s governance, risk and compliance solutions in unique ways. Award winners are also building cutting-edge applications and integrations using the RSA Archer Framework to support process automation, collaboration and reporting. We’ll take the opportunity to recognize our award winners during daily General Sessions. We’ll recognize companies for Innovation and Excellence as well as the winner of the GRC Application Showcase challenge. We also have the People’s Choice Award – “Best in Class” so please share your vote for best breakout session. Ballots will be available at the 7th floor registration desk. Voting in this category closes at 3:20 PM on Thursday, June 7th.

Community Lounge Take a ‘test drive’ of the re-energized RSA Archer Community and enjoy a complimentary microbrew while you leave the driving to us! We’re conveniently located on the 7th floor adjacent to the General Session room.

Welcome Reception Join us Tuesday, immediately following the Opening General Session while we celebrate with new and old friends alike. We’ll enjoy scrumptious hors d’oeuvres, cocktails, music and conversation. Tuesday, June 5th from 6:30 PM to 8:00 PM.

5

Networking Dinner Wednesday evening, we’ll board shuttle transportation for a short drive to the Shedd Aquarium. We’ll begin with cocktails on the patio, overlooking Lake Michigan, which quite possibly provides the best view of Chicago’s skyline. Dinner will then be served in this National Historic Landmark and Aquarium personnel will be on hand to educate the curious. Please join us for what promises to be a memorable evening at the “hottest destination in a cool town”. Wednesday, June 6th from 7:00 PM to 11:00PM.

First Time Attendee Orientation Not limited to first time attendees! The orientation will provide an introduction to all the resources available to you in the Archer ecosystem. Truly a session designed to appeal to the first time attendee and seasoned veteran. Tuesday, June 5th from 10:00 AM to 12:00 PM.

Scheduling a Meeting We have a number of small rooms set aside for executive level discussion. Please let us know if you’d like to arrange a meeting with any of the RSA/Archer executive team or sales leadership. Stop by the registration desk and we’ll be happy to facilitate.

Availability of Session Recordings and Presentations We’ll have session presentations available on the Archer Community site within a couple of weeks. Recordings for General Session content and some breakout sessions will also be available on the Community site. We’ll proactively notify you once they are posted.

6

Transportation / Directions Driving Directions Driving Directions: Chicago O’Hare International Airport →Chicago Marriott Downtown Magnificent Mile (15 miles) Take I-190 East into I-90 (Kennedy Expressway) East to the Ohio Street Exit (50B).

Ohio Street is a one-way street eastbound. Take Ohio Street to Rush Street. Turn right on Rush for hotel entrance.

Driving Directions: Chicago Midway International Airport →Chicago Marriott Downtown Magnificent Mile (12 miles) Cicero Avenue North, to I-55 North, to Lakeshore Drive. Go left (North) on LSD to

Illinois/Gran exit. Go left on Grand Avenue to Rush Street. Turn right, the hotel is on your right.

Parking Valet: $51.00 USD daily Offsite: $36.00 USD daily

Transfer to Airports Chicago Marriott Downtown Magnificent Mile → Chicago O’Hare International Airport or Chicago Midway International Airport Thursday, June 7th We’ve arranged departure transportation with Midwest Transit for Thursday, June 7th from the Chicago Marriott Downtown Magnificent Mile to O’Hare and/or Midway airports. The rate for a one-way transfer will be $21.00 per person.

Departure transportation tickets will be sold on Tuesday, June 5th and Wednesday, June 6th onsite near the Registration/Information Desk area on the 7th floor area. Plan for buses to depart following the closing session on Thursday, June 7th

7

AGENDA AT A GLANCE

Tuesday, June 5

9:00 AM – 5:00 PM

Summit Registration – 7th Floor

10:00 AM – 12:00 PM

First Time Attendee Orientation – 7th Floor, Salon III

12:00 PM – 12:30 PM

Networking Lunch – 7th Floor, Salon III

12:00 PM – 5:00 PM

Partner Pavilion – 7th Floor, Foyer

12:00 PM – 5:00 PM

EMC GRC Showcase – 7th Floor, Salon III

12:30 PM – 1:45 PM

Working Groups • Information Security Risk Management – 4th Floor, Addison & Clark • Enterprise Risk Management – 6th Floor, Indiana • Business Continuity Management – 6th Floor, Iowa

12:30 PM – 3:15 PM

Training: RSA Archer Best Practices – 6th Floor, Michigan

2:00 PM – 3:15 PM

Working Groups • Policy, Content and Regulatory Change Management – 4th Floor, Addison & Clark • Internal Controls & Financial Close Management – 6th Floor, Indiana • Big Data and eGRC – 6th Floor, Iowa

3:15 PM – 3:45 PM

Networking Break

3:45 PM – 4:45 PM

Roundtables • Financial Services/Insurance Industry – 5th Floor, Salon E • Healthcare Industry – 6th Floor, Indiana & Iowa • Energy/Utility/Federal Industries – 4th Floor, Addison & Clark • GRC Application Showcase– 6th Floor, Michigan

5:00 PM – 6:30 PM

Opening General Session – 7th Floor, Salon I & II • Welcome • Keynote Presentation – Derek O’Halloran, Global Leadership Fellow, World

Economic Forum • Awards

6:30 PM – 8:00 PM

Welcome Reception – 7th Floor, Salon III

8

Wednesday, June 6 7:30 AM – 6:00 PM

Summit Registration & Information Desk – 7th Floor

7:30 AM – 6:00 PM


7:30 AM – 6:00 PM


7:30 AM Networking Continental Breakfast – 7th Floor, Salon III 8:00 AM – 9:00 AM

General Session – 7th Floor, Salons I & II • State of the Business • RSA Archer Gold Sponsor Keynote – Greg Bell, Principal and Global Leader of

Information Protection, KPMG 9:00 AM – 9:15 AM

Networking Break

Indiana/Iowa/ Michigan

Northwestern/ Ohio State/ Purdue

Lincolnshire I&II

Great America I&II

9:15 AM – 10:00 AM

Automating IT Asset Operational Readiness Presented by First Data

Panel: Risk & Regulatory Intelligence – Getting to the Head of the Class Presented by Corporate Integrity; Northern Trust; Blackrock

Integrating RSA Archer with Enterprise Applications Presented by Humana, Inc.

Deploying Archer Solutions in an Effective Manner from Start to Finish Presented by RSA

10:15 AM – 11:00 AM

Aligning the Enterprise through GRC Program Strategy Presented by Microsoft; KPMG

Evolving Vulnerability Management with GRC Presented by Qualys

Becoming an Archer Administrator – Lessons Learned Presented by TD Ameritrade

CSI: Chicago – Configuration Syntax Investigation Presented by RSA

11:15 AM – 12:00 PM

Implementing an ISO 31000 Risk Program Presented by T-Systems

Continuous Monitoring, Compliance, and Operational Security: Real Experiences with GRC Presented by SAIC; NNSA

The Management of Archer Solution’s People, Processes, and Technology Utilizing Archer Automation – Change Management Focus Presented by PayPal; eBay Inc./PayPal

The Enterprise Risk Management Journey: Compliance to Performance Optimization Presented by RSA

12:00 PM – 1:00 PM

Networking Lunch – 7th Floor, Salon III

9

Wednesday, June 6 Indiana/Iowa/

Michigan Northwestern/

Ohio State/ Purdue

Lincolnshire I&II

Great America I&II 1:00 PM – 1:45 PM

Integrated Risk Management using Archer eGRC Framework Presented by KPMG; eBay Inc./PayPal

Cutting Costs through Tighter Supplier Governance Presented by Deutsche Post DHL

Own Your Universe: How to Scope and Manage your Archer Environment Presented by Microsoft; RSA

Drawing an Inside Straight: Bridging Your Data with Archer-to-Archer Feeds Presented by RSA

2:00 PM – 2:45 PM

Collaboration is the Key to Gaining Visibility and Acceptance for IT Policies and Standards Presented by Fifth Third Bank

Simplifying Regulatory Complexity with RSA Archer Presented by Bank of America

AT&T’s Road to 5.0 Presented by AT&T; KPMG

Authoring Your Success: Telling Your GRC Story Using Mail Merge Functionality Presented by RSA

2:45 PM – 3:00 PM

Networking Break



Lincolnshire I&II

Great America I&II

3:15 PM – 4:00 PM

Compliance Management Success Story at The Walt Disney Company Presented by The Walt Disney Company

Optimizing Information Security & Compliance Presented by Accuvant

Putting the Monster on a Diet – Aggregated Internal Datafeed Presented by EMC

The Practical Application of Enterprise Risks with the Board of Directors and the Control Framework Presented by EMC

4:15 PM – 5:00 PM

Operational Risk Management Presented by Kaiser Permanente

GRC Strategic Roadmap – A Customer Perspective Presented by The Hartford

Panel: Reading Rainbow Moments: Archer Admin Roundtable Presented by RSA; HCA; Visa; Western Union

Soup to Nuts…Getting your Business Continuity Management Program Underway Presented by EMC

7:00 PM – 11:00 PM

Networking Dinner/Evening Event – Shedd Aquarium

10

Thursday, June 7 8:00 AM – 4:00 PM

Summit Registration & Information Desk – 7th Floor

8:00 AM – 1:30 PM


8:00 AM – 1:30 PM


8:00 AM Networking Continental Breakfast – 7th Floor, Salon III 8:30 AM – 9:30 AM

General Session – 7th Floor, Salons I & II • Second City, World Famous Comedy Theater, Improvisation and GRC Skit • RSA Archer Gold Sponsor Keynote – Philippe Courtot, Chairman & CEO, Qualys

9:30 AM – 9:45 AM

Networking Break



Lincolnshire I&II

Great America I&II

9:45 AM – 10:30 AM

Driving Vendor Compliance with RSA Archer eGRC Presented by Humana, Inc.

Healthcare Risk and Compliance Management Solution Presented by Deloitte

Secure Configuration of RSA Archer eGRC Platform Presented by RSA

Responding to a Breach Presented by EMC

10:45 AM – 11:30 AM

Free Range SOX: Corralling the Self-Assessment Process through Automation Presented by Halliburton

Cyberconfidence™ Leveraging Archer as the Cornerstone of the Advanced SOC Presented by CSC

Panel: Archer 5.0 Migration Roundtable Presented by RSA; ING; Equifax; First Citizens Bank; Ameriprise

Evolving Threat Management Operations: Moving from Bastion Hosts to Body Armor Presented by RSA

11:45 AM – 12:30 PM

Driver-Based Cost Models on an RSA Platform Presented by Kaiser Permanente; Ernst & Young

Aligning Business Drivers, Compliance and Information Security Risk for the C-Level Presented by Kraft Foods

Data Feeds Beyond the Basics Presented by Lokion Interactive; Bank of America

Panel: The Future of Incident Response: Sharing Information to Meet Evolving Threats Presented by RSA; EMC

12:30 PM – 1:30 PM

Networking Lunch – 7th Floor, Salon I & II

11

Thursday, June 7 Indiana/Iowa/

Michigan Northwestern/

Ohio State/ Purdue

Lincolnshire I&II

Great America I&II 1:30 PM – 2:15 PM

Security Posture: Implementing Internal and Third Party Control Assurance in Archer Presented by NAB

Archer and SAP – Putting the Pieces Together for Enterprise Compliance Presented by LyondellBasell Industries; KPMG

Tools of the Trade: How to Administer Your Archer Environment Presented by RSA

Big Data: Providing Better Intelligence Presented by RSA

2:30 PM – 3:15 PM

Leveraging Converged Information Governance Presented by Turkcell İletişim Hizmetleri A.Ş

Managing Compliance – An Integrated Approach to Controls Testing, Issues and Vendors Presented by Sallie Mae Inc; Deloitte

Panel: Think Outside the Statistical Search Box: Ideas to Take your Data Visualization to the Next Level Presented by RSA; Humana; Kaiser Permanente; Equifax

Finishing Strong: Ensuring End User Adoption of Your eGRC Solution Presented by RSA

3:30 PM – 4:30 PM

Closing General Session – 7th Floor, Salons I & II • Panel Discussion: What Am I Going to Do Differently on Monday • Awards

12

SESSION DESCRIPTIONS Tuesday, June 5 Time Description Tuesday 12:30 PM – 1:45 PM

Working Group: Information Security Risk Management Location: 4th Floor – Addison & Clark Chris Hoover, eGRC Solution Manager, RSA Steve Schlarman, eGRC Solution Manager, RSA Share challenges and successes in implementing an effective Information Security Risk Management program, enabling a program utilizing Archer solutions, and discuss current and emerging best practices in information security risk management. Working Group: Enterprise Risk Management Location: 6th Floor - Indiana Marshall Toburen, eGRC Solution Manager, RSA Share challenges and successes in implementing an Enterprise Risk Management program, enabling a program utilizing Archer solutions, and discuss current and emerging best practices around enterprise risk management. Working Group: Business Continuity Management Working Group Location: 6th Floor - Iowa Patrick Potter, eGRC Solution Manager, RSA Share challenges and successes in implementing Business Continuity Management in the context of a larger GRC program, enabling a program utilizing Archer solutions, and discuss current and emerging best practices around business continuity planning, disaster recovery, and incident response.

13

Time Description Tuesday 12:30 PM – 3:15 PM

Training: There and Back Again: Best-Practice Strategies for Managing Your RSA Archer Environments Location: 6th Floor - Michigan Jonathan Kitchin, Practice Consultant, RSA With the advent of the new Packaging feature in the 5x version of the RSA Archer Platform, administrators now have even more options for managing updates across their development, test and production environments. During this session, the RSA Archer Services team provides insights into how to successfully manage the features and tools offered for implementing and managing changes within your infrastructure. In addition to best-practice, conceptual information, the session will include a demonstration of how to use these tools and provide guidance on establishing a solid and scalable RSA Archer implementation.

Tuesday 2:00 PM – 3:15 PM

Working Group: Policy, Content and Regulatory Change Management Location: 4th Floor – Addison & Clark Mason Karrer, eGRC Solution Manager, RSA Steve Schlarman, eGRC Solution Manager, RSA Share challenges and successes in effectively implementing a policy and content program, and managing regulatory changes to proactively respond to emerging regulatory activities. Working Group: Internal Controls & Financial Close Management Location: 6th Floor - Indiana Patrick Potter, eGRC Solutions Manager, RSA Marshall Toburen, eGRC Solution Manager, RSA Discuss the use of the Archer Compliance Management and value-add solutions to manage internal control programs, including financial close management, and SOX compliance. Share challenges and successes around program implementation and management and discuss current and emerging best practices.

14


Working Group: Big Data and eGRC Location: 6th Floor - Iowa Matt Alderman, Product Manager, RSA Peter Novosel, Lead GRC Evangelist, RSA Discuss the emerging imperative for large scale data handling and analytics in eGRC. Share use cases for big data and challenges and successes that you have experienced when implementing big data in your eGRC program.

Tuesday 3:45 PM – 4:45 PM

Industry Roundtable: Financial Services/ Insurance Location: 4th Floor – Addison & Clark Marshall Toburen, eGRC Solution Manager, RSA Make connections with other GRC professionals and engage in structured conversations on leveraging Archer to tackle challenges in the financial services and insurance industries. Industry Roundtable: Healthcare Location: 6th Floor – Indiana & Iowa Mason Karrer, eGRC Solution Manager, RSA Make connections with other GRC professionals and engage in structured conversations on leveraging Archer to tackle challenges in the healthcare industry. Industry Roundtable: Energy/Utility/Federal Location: 4th Floor - Halsted Chris Hoover, eGRC Solution Manager, RSA Patrick Potter, eGRC Solution Manager, RSA Make connections with other GRC professionals and engage in structured conversations on leveraging Archer to tackle challenges in the energy and utility industries and the federal sector.

15


GRC Application Showcase – Recognizing the Best and Brightest in the GRC Space Location: 6th Floor - Michigan Moderated by: Jonathan Kitchin, Practice Consultant, RSA Recognizing the Best and Brightest in the GRC Space Each year, RSA Archer identifies clients and partners that have excelled in the development of new applications to support their key GRC processes. Continuing this tradition, RSA Archer is again looking for the best and most innovative RSA Archer application that extends the functionality offered by our core solution suite.

16

Wednesday, June 6 Breakout Session Classifications Process Sessions focus on leveraging the RSA Archer platform to solve a critical business problem. Content centers around best practices and case studies and features information such as metrics and executive buy-in. Technical Sessions cover innovative uses of the platform, custom objects, data feeds, on demand applications, optimal platform administration and configuration, backup/recovery, system architecture and other best practices aimed at the Archer administrator.

RSA Archer Hear from the RSA Archer product and solutions teams as well as EMC practice managers on leading practices and implementation strategies as well as key features of the RSA Archer platform. Wednesday 8:00 AM – 9:00 AM

KEYNOTE: Evolving World of Risk Location: 7th Floor – Salon I & II Greg Bell, Principal and Global Leader of Information Protection, KPMG Organizations worldwide are viewing risk management as core to their strategic performance and operational well-being. This evolving trend has a high impact on decision making processes in the board rooms. The outcomes of such decisions are to effectively identify and manage risks across the extended enterprise. In this key note, Greg Bell, KPMG’s Global Leader of Information Protection will share trends and dynamics that are seen in today’s evolving world of risks from board rooms to company operations.

Wednesday 9:15 AM - 10:00 AM

Automating IT Asset Operational Readiness Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Jack Caranci, Information Security Officer, First Data Creation of a risk reducing Application Certification and Authorization process in the Archer environment. This session focuses on the construction of an Archer on-demand solution and assumes the attendee has basic Archer skills. All are welcome but the how-to content will be based on a basic understanding of calculated fields, notifications, etc.

17


Panel: Risk & Regulatory Intelligence – Getting to the Head of the Class Classification: Process Location: 6th Floor – Northwester/Ohio State/Purdue Michael Rasmussen, President, Corporate Integrity Kevin Novak, CISO/Technology Risk Manager, Northern Trust Marc Ashenberg, Director, Blackrock Bombarded with an array of risks and regulations impacting every phase of business operations, global organizations have much to manage. Resilient and agile organizations manage risk and regulations proactively to stay abreast of dynamic environments, risks, regulations, and case law across multiple jurisdictions. Staying alert to a diverse and dynamic world has become a competitive advantage. Join this esteemed panel of risk executives from a diverse set of global financial service institutions for an examination of the processes, technologies, and content needed for an organization to stay informed in dynamic risk and regulatory environments. Integrating RSA Archer with Enterprise Applications Classification: Technical Location: 6th Floor – Lincolnshire I & II Brian Olberz, Tech Consultant, Humana, Inc. Mark Klimesh, Technology Consultant, Humana, Inc. The Archer eGRC platform can deliver tremendous value when used to deploy out-of-the-box and custom developed solutions. But tightly integrating Archer with other enterprise applications can multiply that value. Join the Humana Enterprise Solution Point (ESP) team as they share the high-level architecture and details on technical implementation of their service-bus based data integration with their HR, Financial, security and other major enterprise systems.

18

Time Description Wednesday 9:15 AM - 10:00 AM

Deploying Archer Solutions in an Effective Manner from Start to Finish Classification: RSA Archer Location: 6th Floor – Great Americe I & II Ed Barone, Practice Consultant, RSA Erin Leonard, Practice Consultant, RSA There are many ways to implement Archer eGRC solutions; some more effective than others. This session will aim to cover leading practices around implementation strategies including waterfall versus agile approaches, pre-deployment, analysis and design, the build phase and finally to user acceptance testing, deployment and end user enablement. RSA Archer Professional Services will share methodologies and best practices around optimal Archer deployments.


Aligning the Enterprise through GRC Program Strategy Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Graham Hill, GRC Program Director, Microsoft Michael Lumia, Group Program Manager, Microsoft Lokesh Ramani, Senior Associate, KPMG Microsoft’s enterprise GRC landscape is comprised of several discrete risk and compliance management organizations. While maintaining our organizational need to enable autonomous GRC functions, Microsoft has set out to drive commonality of GRC across the enterprise in an effort to enhance normalized all-up reporting capabilities. We leverage Archer to drive process alignment to industry best practices and maintain a common GRC taxonomy. In a company that thrives on independent and creative thinking and prospers through the implementation of innovative ideas, we’ll discuss Microsoft has set out to connect the company through GRC and Archer. In this session, we’ll discuss several key elements of our GRC program and provide details of how Archer supports our efforts. They include: • All-up GRC program strategy • Industry alignment through out-of-the-box Archer functionality • Archer “Solutions as a Service” (multi-tenancy) Microsoft will co-present with our service partner, KPMG.

19


Evolving Vulnerability Management with GRC Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue Jason Creech, Director of Compliance Solutions, Qualys Laurie DiPietrantonio, Technical Account Manager, Qualys For many security teams, the process of vulnerability and threat management has been frustrating and expensive. Security teams generally overlook critical elements of security governance, including business risk, organizational security policy, non-technical control processes, and comprehensive collection of evidence. To effectively handle these issues, organizations must address technology, process, and policy. GRC products address these problems by binding together assets, threats, policies, and assessment capabilities in both technical and non-technical arenas. This session will examine how the leading retail pharmacy chain in America evolved its GRC program through integration with vulnerability management into a best of breed solution that automates collection of vulnerabilities and reports and tracks threat activity continuously. Qualys will discuss the technical and organizational considerations that must be taken into account in the planning and implementation stages of an enterprise GRC program. The session will review a real-world integration of QualysGuard with RSA Archer Threat Management as well as discuss the significance of taxonomies like OVAL and SCAP for integration purposes. Becoming an Archer Administrator - Lessons Learned Classification: Technical Location: 6th Floor – Lincolnshire I & II Andrea Dollen, Senior Security Analyst, TD Ameritrade If you are brand new to the Archer platform, this session will provide you with firsthand experience from someone who has been in your shoes. Find out what will really help you (or hurt you) as you become a top-notch Archer Administrator.

20


CSI: Chicago – Configuration Syntax Investigation Classification: RSA Archer Location: 6th Floor – Great America I & II Marshall Toburen, eGRC Solution Manager, RSA Jonathan Kitchin, Practice Consultant, RSA Translating business demands into an RSA Archer reality can often be a mystery. How does a concept run the course from an idea to an implemented Archer feature? Within this presentation members from RSA Archer’s Solution and Services team will walk through an idea session via whiteboard, whereby concepts within the core Risk Management solution go from ideas to executed and implemented functionality.

Wednesday 11:15 AM - 12:00 PM

Implementing an ISO 31000 Risk Program Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Eric Le Martret, Corporate Risk Manager, T-Systems Implementation of a Company Governance strategy, based on a revised ISO 31000 Risk Governance process supported by an Archer eGRC 5.1 home developped Risk Governance Solution and enabled with the Risk Governance Initiative (RGI) addressing Business and Cultural transformation. Continuous Monitoring, Compliance, and Operational Security: Real Experiences with GRC Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue William Whitman, Cyber Security Solutions Architect, SAIC Lisa Toland, Cyber Risk Management Lead, NNSA Complying with IT security policies and regulations has not traditionally equated to achieving operational IT security. This session will include experiences from two organizations on how they use RSA Archer to efficiently and effectively solve both security and compliance problems in the large commercial and government space. SAIC will present their risk management frameworks, trends in risk management and compliance, continuous monitoring, risk scoring, automated tools and scanners, and a live demonstration of their RSA Archer solution. The NNSA team is meeting the challenge to develop and integrate a Continuous Monitoring solution for the Nuclear Security Enterprise (NSE) to provide a common framework for reporting status based on various government requirements, including Congress’s expectations of what needs to be delivered through DOE/NNSA and OMB.

21

Time Description Wednesday 11:15 AM - 12:00 PM

The Management of Archer Solution’s People, Processes, and Technology Utilizing Archer Automation – Change Management Focus Classification: Technical Location: 6th Floor – Lincolnshire I & II Vicki Grunwald, eGRC Administrator and Developer, PayPal Rod Jackson, Program Manager – Information Risk and eGRC Applications, Ebay Inc. /PayPal Come learn about the method, process, documentation and automation for managing Archer. Developers can now practice what they preach by consolidating spreadsheets, word documents, emails and other change management information into an automated Archer process. The Enterprise Risk Management Journey: Compliance to Performance Optimization Classification: RSA Archer Location: 6th Floor – Great America I & II Marshall Toburen, eGRC Solution Manager, RSA Establishing a robust and sustainable enterprise-wide risk management program is a multi-year journey for most organizations. This session will review the typical progression of maturity of a risk management program, associated milestones, and the emerging future focus of risk management and risk management technology into the realm of performance management and optimization.

Wednesday 1:00 PM - 1:45 PM

Cutting Costs through Tighter Supplier Governance Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue Ralph Zwierzina, ISO MAIL, Deutsche Post DHL Talk demonstrates how a process could look like to tightly govern build and run providers in an enterprise relying on a federal sourcing strategy.

22

Time Description Wednesday 1:00 PM - 1:45 PM

Integrated Risk Management using Archer eGRC Framework Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Dhawal Thakker, Manager, KPMG Rod Jackson, Program Manager – Information Risk and eGRC Applications, Ebay Inc./PayPal This KPMG presentation will focus on how KPMG is helping PayPal to integrate its Operations risk with Enterprise risk management function as well as the lessons learned in extending the platforms capability to support PayPal's complex risk assessments and related calculations. The talk will show how the Archer eGRC platform is being leveraged and extended to create assessment questionnaires, calculations for risk metrics, and risk ratings and reports that reflect PayPal’s complex risk management needs. Finally, we will present how the platform is being leveraged to report on an integrated view of risks from Operations and Enterprise perspective, as well as methods of enhancing the Archer eGRC capabilities through APIs and custom tools for PayPal’s overall risk and compliance program. Own Your Universe: How to Scope and Manage your Archer Environment Classification: Technical Location: 6th Floor – Lincolnshire I & II Michael Lumia, Group Program Manager, Microsoft Anya Kricsfeld, Manager, Customer Support, RSA RSA Archer deployments can be big or small. In this session you will find out how to properly scope your deployment. You will also learn what strings can be pulled to get the most out of it as your configuration continues to grow. Drawing an Inside Straight: Bridging Your Data with Archer-to-Archer Feeds Classification: RSA Archer Location: 6th Floor – Great American I & II Jonathan Kitchin, Practice Consultant, RSA In RSA Archer design, there can often be a chasm between the data you have and the data you want. Using an Archer-to-Archer (A2A) data feed, you can manipulate your data sets to expand your options and increase your GRC luck. This session provides a tutorial on A2A feeds by dissecting three, real-world examples to showcase how these feeds can be implemented within the RSA Archer Platform.

23


Simplifying Regulatory Complexity with RSA Archer Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue Robert Milden, Senior Vice President, Senior Business Executive – Technology, Bank of America Virtually all organizations (e.g. financial institutions, businesses, universities, etc.) have various control elements, such as regulations, procedures, controls, policies, etc. that require compliance. Many of these control elements are related to each other, therefore when a change occurs to one element, it necessitates a change to the other elements. As an entity grows in size and complexity the number of control elements to which they must adhere increases as well. Eventually it may become difficult to understand, track, and manage changes in the inter-relationship of the control elements. Learn more about a new capability that was developed to simplify the management of regulatory compliance and complexity by documenting the relationships between an organization’s control elements which also ensures that changes made to any one element are correctly adopted and incorporated into all related elements. Collaboration is the Key to Gaining Visibility and Acceptance for IT Policies and Standards Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Alicia Gamel, IT Governance Manager, Fifth Third Bank Archer provides the building blocks for developing IT Policies and Standards, but it is impossible to achieve compliance without the right visibility and acceptance for IT policies and standards. At Fifth Third Bank, a cross functional team is responsible for reviewing and ratifying IT policies, standards and guidelines. This committee leverages Archer to align IT controls with industry and regulatory requirements and is responsible for soliciting feedback from their teams. Engaging technology teams in the policy and standards ratification process has increased acceptance of IT controls. The Archer Policy Management solution is configured to improve efficiencies in this process and is used to track compliance to established requirements.

24


AT&T’s Road to 5.0 Classification: Technical Location: 6th Floor – Lincolnshire I & II Joe Morsbach, Sr. Technical Director, AT&T Jorge Perez, Senior Associate, Information Protection, KPMG AT&T will present on their experience migrating from the RSA Archer 4.x platform to the RSA Archer 5.x platform. Presentation will focus on overall migration strategy, enhancements in the RSA Archer 5.x platform that support AT&T’s eGRC program and Data Feed and API integration strategy. Authoring Your Success: Telling Your GRC Story Using Mail Merge Functionality Classification: RSA Archer Location: 6th Floor – Great America I & II Jonathan Kitchin, Practice Consultant, RSA By themselves, the individual data points captured within RSA Archer fields may fail to tell the complete story. In many cases, these data points support an over-arching narrative that is best viewed via a document rather than an online system. This session offers an overview of the Mail Merge feature and a variety of best-practice use cases and examples of how to leverage this feature to maximize your RSA Archer investment

Wednesday 3:15 PM - 4:00PM

Compliance Management Success Story at The Walt Disney Company Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Amy Lovik, Compliance Program Manager, The Walt Disney Company The Compliance Team at The Walt Disney Company has implemented an Archer Solution that demonstrated immediate success. In my presentation I will provide an overview of the steps we took from beginning to end on how this was completed.

25

Time Description Wednesday 3:15 PM - 4:00PM

Optimizing Information Security & Compliance Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue Keith White, Managing Principal, GRC, Accuvant Developing and executing on a reliable information security strategy is dependent on truly understanding risks. However, thousands of threats, dozens of regulations and hundreds of technology solutions make for a complex, convoluted and fragmented security and compliance landscape. Bridging the gap between security requirements and business goals is key to developing a truly comprehensive security and compliance program. This session will suggest a systematic methodology for: • Identifying and mapping your current information security framework and regulatory compliance requirements • Evaluating your current information security and compliance processes and procedures • Determining your current information security program’s maturity • Defining metrics to evaluate current state and the desired future state of your information security program An RSA Archer GRC solution integration case study will be presented including measurements of information security and compliance process improvement results. Putting the Monster on a Diet – Aggregated Internal Datafeed Classification: Technical Location: 6th Floor – Lincolnshire I & II Matthew Harding, Principal Risk Analyst, EMC Compliance and Risk reporting at a corporate level has suffered due to the amount of data created by compliance and risk assessments. It is time to put this data on a Diet. This session will show you the power of aggregating data using Archer to Archer datafeeds to allow a much clearer reporting, automated aggregated findings, and less cluttered environment.

26

Time Description Wednesday 3:15 PM - 4:00PM

The Practical Application of Enterprise Risk Management: Linking Risks with the Board of Directors and the Control Framework Classification: RSA Archer Location: 6th Floor – Great America I & II Mathew Allen, Senior Director, Global Practice Leader - Security & Risk Management, EMC Often times enterprise-wide risk management (ERM) efforts take excessive amounts of time, are cumbersome and never live up to the efficiency and effectiveness promises made at the beginning of the endeavor. There are, however, numerous examples of organizations that have gotten great benefit from the ERM effort. As one would expect, these organizations have several success factors in common, no factor is as important as the linkage between the control framework, risks and the intersection with the needs of the board of directors. Accordingly, this session will review the critically important relationship between the top risks to the organization, how those risks need to map to the control framework and, by extension how the board provides guidance relative to how the risks are addressed / treated as a result of those relationships.

Wednesday 4:15 PM - 5:00 PM

Opertational Risk Management Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Richard Seiersen, Director of Assessment Services, Kaiser Permanente Timothy Neyman, ORM Solutions Engineer, Kaiser Permanente The Operational Risk Management project applies security intelligence within Archer to allow Kaiser Permanente to identify and prioritize actionable security risk. Business intelligence practices are used to automate the collection of enterprise asset data, vulnerability data, and mitigation data into a “single pane of glass.” “Risk tolerance rules,” then operate on the aforementioned data, creating workflow for the purpose of protecting Kaiser's critical assets. The net result is a highly scalable and automated full-stack framework for addressing both vulnerability remediation and associated mitigation up and in the systems stack.

27


GRC Strategic Roadmap - A Customer Perspective Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue Jennifer Anderson, Director, GRC Services, The Hartford This session will define the business justification for the roadmap, review the roadmap process, outline the outcome and discuss future and ongoing initiatives Panel: Reading Rainbow Moments: Archer Admin Roundtable Classification: Technical Location: 6th Floor – Lincolnshire I & II Tim Rutherford, Sr. Manager, Product Management, RSA Betty Pawlik, Information Security Risk Specialist, HCA George Elefante, Business Leader, Visa Alex Yokely, Director of Information Security, Western Union “But you don’t have to take our word for it. . .” Come join some of the industry’s leading RSA Archer experts as they discuss their experiences developing, enhancing and deploying GRC solutions across a wide variety of industries. Participants in this session can expect to hear client-centered insights around how RSA Archer features and functionality were used to solve various problems and optimize existing processes. From the nuts and bolts of an implementation to the selling of GRC to upper management, you can leave this session with a better feel for the in-the-trenches lifestyle other admins experience while supporting the RSA Archer Platform. Soup to Nuts… Getting your Business Continuity Management Program Underway Classification: RSA Archer Location: 6th Floor – Great America I & II John Linse, BC/DR Practice Lead, EMC Many of the Business Continuity Methodologies start with a risk assessment and then a business impact analysis which are arguably the most important steps in the overall program. However, are they in fact the starting point for a program? The session will also take a look at outage stratification and how to establish an appropriate response matrix using the Archer BCM module to provide the foundation for your BCM program.

28

Thursday, June 7 Breakout Session Classifications Process Sessions focus on leveraging the RSA Archer platform to solve a critical business problem. Content centers around best practices and case studies and features information such as metrics and executive buy-in. Technical Sessions cover innovative uses of the platform, custom objects, data feeds, on demand applications, optimal platform administration and configuration, backup/recovery, system architecture and other best practices aimed at the Archer administrator.

RSA Archer Hear from the RSA Archer product and solutions teams as well as EMC practice managers on leading practices and implementation strategies as well as key features of the RSA Archer platform. Thursday 8:30 AM – 9:30 AM

KEYNOTE: Automating Compliance – Myth or Reality? Location: 7th Floor – Salon I & II Philippe Courtot, Chairman & CEO, Qualys Organizations invest tremendous amounts of energy on audit, compliance, controls, and in some cases risk management. At the same time, they seek to free staff resources from mundane tasks such as evidence gathering and simple reporting in order to reduce escalating costs and increase efficiency. This talk will discuss how governance, risk, and compliance management are ultimately processes, and how software tools can help to automate many tasks to lighten the compliance load and provide improved results through continuous audit, reporting and remediation. It will also present best practices from a customer’s view and proven methodologies used to build a successful IT-GRC program and increase business visibility on systems, applications and compliance processes.

Thursday 9:45 AM - 10:30 AM

Healthcare Risk and Compliance Management Solution Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue Mark Ford, Principal, Deloitte Healthcare organizations are required to conduct a Security Risk Analysis in order to comply with the meaningful use requirements. Learn how Deloitte’s Healthcare Risk and Compliance Management Solution, powered by RSA Archer eGRC, can help healthcare organizations comply with the meaningful use requirements. The solution provides an online repository of meaningful use security and privacy requirements and an automated workflow to conduct information security risk assessments (against the identified requirements). The solution provides a collection of reports that enable the senior management to quick review the risk assessment findings and take appropriate risk remediation decisions.

29

Time Description Thursday 9:45 AM - 10:30 AM

Driving Vendor Compliance with RSA Archer eGRC Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Andy Weeks, Director, Enterprise Solution Point, Humana, Inc. Regulatory agencies are increasingly demanding that organizations not only manage their own compliance, but also to be accountable for the compliance of their enterprise vendors. Join the Humana Enterprise Solution Point (ESP) team as they share how they are using RSA Archer eGRC to drive compliance for more than 500,000 business partners, including the architecture of their Partner Compliance Portal, questionnaire and attestation strategy, and some of the key lessons learned in the process. Secure Configuration of RSA Archer eGRC Platform Classification: Technical Location: 6th Floor – Lincolnshire I & II Andrea Doherty, Software Architect, RSA Peter Novosel, Lead GRC Evangelist, RSA The objective of this session is to present material from the new RSA Archer eGRC Security Configuration Guide. The purpose of the document is to guide customers on deploying, operating, and maintaining the RSA Archer eGRC Platform in a secure configuration. This presentation will cover Security Configuration Settings available in the Platform to ensure its secure operation, how to deploy and use the Platform securely, how to perform secure maintenance of the Platform, and physical security controls needed to ensure secure operation of the Platform. In addition, the session will provide an overview of how to configure the RSA Archer eGRC Platform for FIPS 140-2 Compliance. Note: This presentation is focused on the secure configuration of RSA Archer eGRC Platform in customers’ environments. The presentation is not intended to be a forum for discussing Archer product security. To learn more about EMC’s approach to secure product development, or to report security vulnerabilities, refer to http://www.emc.com/products/security/index.htm.

30

Time Description Thursday 9:45 AM - 10:30 AM

Responding to a Breach Classification: RSA Archer Location: 6th Floor – Great America I & II Julie Fitton, Sr. Manager - Risk, EMC A data security breach can significantly impact the way an enterprise views risk management forever. Fueled with the knowledge from the RSA Breach, EMC performed an enterprise wide risk assessment in 4 months time identifying key strategic risks across the entire business. This presentation will focus on how EMC leveraged RSA Archer to consolidate the collection points, manage large scale assessment data, and rationalize the results into meaningful reporting droving this to success for the organization.

Thursday 10:45 AM - 11: 30 AM

Free Range SOX: Corralling the Self-Assessment Process through Automation Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Manette Maddox, Financial Controls Manager, Halliburton While the term “free range” is considered a positive in the farming world, it does not lead to a positive when referring to users within an online, regulatory compliance process. Using the automation features found within RSA Archer, the Halliburton Financial Controls team deployed a scalable, consistent SOX solution to nearly one-thousand stakeholders across six continents. This session will discuss how the Compliance Management solution was enhanced to meet the needs of the global business.

31

Time Description Thursday 10:45 AM - 11: 30 AM

Cyberconfidence™ Leveraging Archer as the Cornerstone of the Advanced SOC Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue Gordon Archibald, Global Security Solutions (GSS) Director Portfolio & Sales Enablement, CSC The emerging threat landscape has become more challenging, organizations are being targeted and threatened by sophisticated, automated and coordinated attacks. Traditional efforts to address these dynamic threats and challenges have been through narrow approaches with bolted-on technologies, resulting in numerous point solutions which present information in different formats, store it in different places and then report to different locations. This approach is no longer effective for the current and future landscape. Organizations require assurance and confidence their systems and data are protected. During this session the speaker will discuss the activities which organizations need to embrace in order to achieve CyberconfidenceTM. We will demonstrate how the global partnership between CSC and RSA has successfully resulted in an Enterprise Situational Awareness framework and Security Dashboard (based on RSA Archer) providing CSC's Security Operation Centres the ability to integrate silo'd security controls, facilitate continuous controls based monitoring, integrate threat intelligence and better manage the evolving threat landscape. Panel: Archer 5.0 Migration Roundtable Classification: Technical Location: 6th Floor – Lincolnshire I & II Peter Novosel, Lead GRC Evangelist, RSA Donna Fountain, IT Security Director, ING Jay Reid, Senior Director of Security Compliance, Equifax Tom Moses, Business Continuity Planner, First Citizens Bank Michelle Popel, Senior Information Security Analyst, Ameriprise RSA Archer 5.x represents the largest product update in Archer history with more than 290 customer requested enhancements. Over half of RSA Archer customers are leveraging the new functionality. If you are planning to migrate to RSA Archer 5.x or currently going through the process, come hear the experiences of customers in real time. The roundtable will cover their insights on migration planning, completing the process and how they maximized the utilization of the new functionality. Get your questions ready and feel free to fire away!

32

Time Description Thursday 10:45 AM - 11: 30 AM

Evolving Threat Management Operations: Moving from Bastion Hosts to Body Armor Classification: RSA Archer Location: 6th Floor – Great America I & II Steve Schlarman, eGRC Solution Manager, RSA In the last two years, the information security industry has seen an upheaval in the understanding and definition of “threat management”. A string of high visibility, high impact data breaches have clearly defined a turning point in the world of information security. This presentation will walk through the RSA framework for an Enterprise Threat Management program highlighting the need for a cohesive combination of people, process and technology.

Thursday 11:45 AM - 12:30 PM

Aligning Business Drivers, Compliance and Information Security Risk for the C-Level Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue Abhishek Agarwal, Privacy Manager, Kraft Foods In today's environment, from a C-Level perspective, a Governance Risk Compliance (GRC) program is not only a compliance requirement but also needs alignment with the organizational strategy to make a difference at the bottom line. This session will highlight a methodology that aligns with the prevailing regulatory requirements, such as GLBA, FTC regulations, EU DPA and with industry best practices such as ISO 27001/2, PCI. The depicted framework from the methodology incorporates alignments with information security functions and business drivers to reflect the key leading risk indicators. The audience will be familiarized with two scoring methodologies to calculate overall risks, i.e., average and weighted and how the overall scoring roles up to the key risk indicators. The session will also include a case study of a successfully executed strategy of a GRC risk assessment program from a large financial institution including examples of executive level information security risks reporting. In the end, the audience will walk away with a "must to do", "to do" and "not to do" essential list of a successfully executed GRC program.

33

Time Description Thursday 11:45 AM - 12:30 PM

Driver-Based Cost Models on an RSA Platform Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Steve Abdelmalek, Information Security Consultant/Specialist Project Manager, Kaiser Permanente Warren Kist, Manager, Ernst & Young Tushar Padhiar, Senior Manager, Ernst & Young Barry McAvoy, Executive Director - Security Strategic Services, Kaiser Permanente Kaiser Permanente Information Security (KPIS) developed a driver-based costing model to assist with the pricing of costs related to new business opportunities. Historically, KPIS had difficulty determining approximate costs or workload requirements to service requests from other KP business units. The driver-based model provided KPIS Managers with the ability to accurately price out costs and FTE requirements based on key information security drivers. The process and model is being rolled out leveraging RSA Archer to automate the workflow, enable project tracking, ease cost estimation efforts through automated calculations, and provide executive and function level reporting. As a result, KPIS has realized two benefits: 1) improved project results by project costing and 2) improved resource planning and the ability to request new resources from KP funding committees. Data Feeds Beyond the Basics Classification: Technical Location: 6th Floor – Lincolnshire I & II Meka Egwuekwe, Director of Development, Lokion Interactive Susan Ingenluyff, VP, Consultant - Systems Engineering, Bank of America Aggregating data from disparate sources into the Archer Smart Suite Framework provides organizations with the information needed to make business critical decisions. Often this vital function proves to be challenging due to large volumes of data and numerous sources that contain the needed information. Join this session to learn how to get the most out of data feeds using the web services API, performance enhancement recommendations, and other advanced tips for taking data feeds beyond the basics.

34

Time Description Thursday 11:45 AM - 12:30 PM

Panel: The Future of Incident Response: Sharing Information to Meet Evolving Threats Classification: RSA Archer Location: 6th Floor – Great America I & II Steve Schlarman, eGRC Solution Manager, RSA Kathleen Moriarty, GRC Strategy, EMC Lorenzo Montessi, Senior Director, Corporate Strategy, EMC The evolution of incident handling and response needs innovative mechanisms to improve sharing incident data between security functions and even companies under siege. This panel discussion will cover some leading edge thinking on the future of incident response, information sharing and containing threats within the changing technological landscape.

Thursday 1:30 PM - 2:15 PM

Archer and SAP – Putting the Pieces Together for Enterprise Compliance Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue Scott vonFischer, CISO, LyondellBasell Industries Gavin Mead, Director, KPMG LyondellBasell will provide an overview of our strategy, implementation, and long term vision for using the Archer eGRC platform to provide value in concert with SAP’s GRC product suite. Security Posture: Implementing Internal and Third Party Control Assurance in Archer Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Mark Leadbetter, Head of Security Operational Governance, NAB With a board mandated Information Security Strategy, Security is now on the agenda of business executives across the organisation. In a constantly and rapidly changing threat environment, measuring and communicating the security posture of the organisation is becoming more and more critical. It provides the ability to demonstrate the value of Information Security but more critically to shape the strategy for future years, consistent with an organisational risk appetite. This presentation will focus on NAB's journey to measure our security posture and Archer's role in enabling this. It will describe our journey to measure the effectiveness of our current control environment, both internally and across our third party partners. It will focus on an environment with many best of breed security products in place that do not easily aggregate together to provide an enterprise view of security and Archer's role in bringing that enterprise view together.

35

Time Description Thursday 1:30 PM - 2:15 PM

Tools of the Trade: How to Administer Your Archer Environment Classification: Technical Location: 6th Floor – Lincolnshire I & II Doug Swarts, Manager Software Engineering, RSA Craig Lee, Technical Support Supervisor, RSA With the increasing complexity of the Archer Platform, the need to tools to help administer the environment is ever-growing. This session will give an overview of available tools and scripts that help administrators to understand the depths of their environments and help them identify and resolve problems faster and easier. Panel will include senior engineering and support resources for RSA Archer. Big Data: Providing Better Intelligence Classification: RSA Archer Location: 6th Floor – Great America I & II Matt Alderman, Product Manager, RSA Big Data continues to capture all the headlines, but few fully understood it or how to utilize it for business intelligence purposes. As the leader in GRC and a division of the leader in Big Data, this presentation will walk through the RSA Archer strategy for assembling massive amounts of data and providing better intelligence for your security, compliance, and risk programs.

Thursday 2:30 PM - 3:15 PM

Leveraging Converged Information Governance Classification: Process Location: 6th Floor – Indiana/Iowa/Michigan Ahmet Zerey, CSI (Continual Service Improvement) Unit Head, Turkcell İletişim Hizmetleri A.Ş The business invests in IT because they need the information to be secure and reliable. There are many standards and frameworks which IT should comply. The information is scattered in the organization as the data form. While eGRC collects these data and converts them to the wisdom level, the standards and frameworks are assured.

36

Time Description Thursday 2:30 PM - 3:15 PM

Managing Compliance - An Integrated Approach to Controls Testing, Issues and Vendors Classification: Process Location: 6th Floor – Northwestern/Ohio State/Purdue David Day, Sr. Information Security Project Manager, Sallie Mae Inc Grant Harris, Manager, Deloitte Learn how Sallie Mae manages controls testing, issues and vendors leveraging Archer and Deloitte’s integrated assessment methodology. This session will highlight and demonstrate the quality and optimization derived from this approach. Panel: Think Outside the Statistical Search Box: Ideas to Take your Data Visualization to the Next Level Classification: Technical Location: 6th Floor – Lincolnshire I & II Eric Roebuck, Product Manager, RSA Brian Olberz, Tech Consultant, Humana Tim Neyman, ORM Solutions Engineer, Kaiser Permanente Brian Dejno, CISSP, Director of Security Compliance, Equifax Come join us as we show and tell real world examples from your fellow peers as well as discuss forward thinking ideas direct from RSA Archer Research and Development team. Learn valuable tips and tricks to visually get the most out of your data, then stick around to discuss how your organization could benefit from future charting concepts. Finishing Strong: Ensuring End User Adoption of Your eGRC Solution Classification: RSA Archer Location: 6th Floor – Great America I & II Jonathan Kitchin, Practice Consultant, RSA Megan Olvera, Senior Technical Education Specialist, RSA Developing and designing the most powerful and flexible solution man has ever known is not enough to ensure the success of your GRC program. When front-line users are not fully prepared to participate in your new system, they devise their own, unexpected work-arounds, take shortcuts, or even worse, sabotage your solution. This session provides best practice techniques from RSA Archer’s Services teams on ways to ensure day-one.

37

SPEAKER BIOGRAPHIES Steve Adbelmalek, Information Security Consultant/Specialist Project Manager, Kaiser Permanente Steve has 13 years of IT experience, including 10 years with Kaiser. He has served several roles in his career, including program manager, project manager, application manager, and senior technical support. Steve obtained his bachelor's from Penn State and is pursuing an MBA with an emphasis in Healthcare from George Washington. Steve aspires to make a significant impact to patient healthcare by leveraging technology to offer improved benefits. Abhishek Agarwal, Privacy Manager, Kraft Foods Abhishek Agarwal, MBA, CIPP/US, a senior information security and compliance professional, has provided his expert services to Fortune 500 like Kraft Foods, HSBC, JPMorgan Chase, and Cap Gemini Ernst & Young. He experience includes establishing compliance programs such as risk assessments, cyber security, & privacy and vendor governance in technology environments like BYOD, cloud & virtualization. Matthew Alderman, Product Manager, RSA As Sr. Consultant Product Manager, Matt is responsible for the “Big Data” strategy for Archer. Matt has over 20 years of experience in information security and GRC. Prior to joining RSA, Matt was Director of Product Management for Qualys and Founder/CTO of ControlPath. While at ControlPath, Matt (and Sean Molloy) were issued United States Patent 7,788,150: Method for assessing risk in a business.

Mathew Allen, Senior Director, Global Practice Leader – Security & Risk Management, EMC Mat Allen is a Global Practice Leader at EMC Consulting. He is responsible for business continuity and security program management services. Mat has over 17 years of experience in consulting and has provided financial risk and capital market risk management services. Mat has degrees from the London School of Economics, Harvard University and Washington State University. Jennifer Anderson, Director, GRC Services, The Hartford With The Hartford since 2003, Certified Archer Professional since 2009, manages the governance, risk and compliance teams (part of Enterprise Risk management), other experience includes developing and operationalizing programs, project management for large scale system implementations. Gordon Archibald, Global Security Solutions (GSS) Director Portfolio & Sales Enablement, CSC Gordon Archibald is CSC’s Global Security Solutions (GSS) Director Portfolio & Sales Enablement. In his various security focused roles, including Chief Technology Officer, Gordon managed CSC’s Service Development, Security Architecture and Engineering teams based in Australia, Asia, EMEA, and North America. He ensures the global security services and controls meet CSC’s global customer’s regulatory, compliance and security requirements.

38

Marc Ashenberg, Director, Blackrock Marc Ashenberg is a Director at BlackRock overseeing GRC and Service Organization Reporting. Marc is responsible for enhancing efficiency and coordination between risk and control functions globally, developing methodologies for consolidated monitoring/reporting of risks and controls, and producing global reports on critical aspects of BlackRock’s businesses. Marc has 16 years of internal controls experience in the financial services industry. Ed Barone, Senior Practice Consultant, RSA Ed Barone, a Senior Practice Consultant at RSA Archer, has more than 6 years of experience in the governance, risk and compliance space. With a history of success, he has delivered a variety of engagements ranging from eGRC strategy roadmaping through solution design and implementation. Ed graduated from the University of Massachusetts with a Bachelor’s degree in Organizational Behavior. Greg Bell, Principal an Global Leader of Information Protection, KPMG Greg is a principal in the Atlanta office of KPMG’s Advisory Services Practice and serves as KPMG’s Global Service leader for our Information Protection (Security, Privacy and Continuity) practice. He is experienced with various areas of Information Management and Information Security with particular specialization in the fields of IT risk management and business enablement. Bell has extensive knowledge and experience managing complex projects implementing, administrating and securing complex client-server and heterogeneous network technologies.

Jack Caranci, Information Security Officer, First Data Ph.D. ABD in International Business, Information Security Officer and Security Analyst. 15 years in security field. Married, 2 children, live in Iowa. Worked for First Data, TD Ameritrade, ACI Worldwide, and Nexterna in the security/quality fields. Philippe Courtot, Chairman and CEO, Qualys Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor's Award in 2004 for bringing on demand technology to the network security industry and co-founding the CSO Interchange to share information in the security industry. He was named 2011 CEO of the Year by SC Magazine Awards Europe, and is on the board of directors for StopBadware.org and TechAmerica. Philippe also recently founded the Trustworthy Internet Movement (TIM), a non-profit organization aimed to resolve major lingering security issues on the Internet. Before Qualys, he was Chairman and CEO of Signio, Chairman and CEO of Verity and Chairman and CEO of cc:Mail. He has a Masters Degree in Physics from the University of Paris.

39

Jason Creech, Director of Compliance Solutions, Qualys With over 17 years in IT, Jason Creech is director of compliance solutions at Qualys. Creech has spent the last 10 years promoting enterprise IT security and compliance solutions including product management, project management, security and compliance consulting, presales engineering, evangelism and product training, and has assisted much of the Fortune 1000 in the creation of IT security policy. He also co-authored IT Policy Compliance for Dummies. David Day, Sr. Information Security Project Manager, Sallie Mae, Inc. David Day has 22 years’ experience in IT and Corporate Security. He has held various roles ranging from software development & project management work to Director of multiple operational business teams. Currently, Mr. Day directs the Controls Team responsible for IT continuous monitoring and risk assessment. He is an Archer Certified Administrator and Certified in Risk and Information Systems Control (CRISC). Brian Dejno, CISSP, Director of Security Compliance, Equifax Brian Dejno, CISSP, is a technology consultant and Archer application architect at Equifax and has ten years of IT experience in infrastructure and information security. He is part of the team responsible for the development and implementation of Equifax’s eGRC program. Brian has played an integral part in development and deployment of multiple RSA Archer eGRC solutions including, BC/DR, Incident, Compliance, Vendor, and Enterprise Management.

Laurie DiPietrantonio, Technical Account Manager, Qualys With 15 years in the IT and Information Security industries, Laurie is a Technical Account Manager for Qualys, providing technical support and best practice guidance to enterprise accounts. Prior to Qualys, Laurie was the vulnerability program coordinator for CVS. Her previous roles also include serving as a Project Manager at Dell SecureWorks and Security Analyst and SOC Team Lead for VeriSign. Andrea Doherty, Software Architect, RSA Andrea Doherty is the Security Champion, Security Architect, and EMC Vulnerability Response Team Representative for Archer. She has been working in the area of application security and information security product development for the past 17 years, the last 12 of which were with RSA-The Security Division of EMC. Andrea represented RSA in the IETF KEYPROV Working Group, and was editor of RFC6063. Andrea Dollen, Senior Security Analyst, TD Ameritrade Andrea Dollen is a Senior Security Policy and Training Analyst and Archer Administrator at TD Ameritrade in Omaha, NE, where she has worked for 13 years. TD Ameritrade has been a customer of Archer since 2007.

40

Meka Egwuekwe, Director of Development, Lokion Interactive After earning his master’s degree, Meka worked for companies such as HP, Metatomix, and Hilton Hotels. His client list includes Beazer Homes, Regions Bank, FedEx, and the Florida Supreme Court. Meka’s background spans Internet Security, Conjoint Analysis, Systems Integration, and Web Portals – to name only a few. Meka joined Lokion in 2007 and has a BS and MS in Computer Science from Morehouse College and Duke University, respectively. George Elefante, Business Leader, Visa George Elefante, Business Leader: Visa Corporate Business Systems. George has been with Visa for 13 years in various IT positions, the last 3 years managing the technology platforms for Enterprise Risk and Compliance. That time includes direct administration of the Archer platform and also managing a support team of Archer administrators. George and team develop/manage Archer solutions used across Visa, supporting risk and compliance processes. Julie Fitton, Sr. Manager - Risk, EMC Julie Fitton leads Information Risk Management at EMC. Julie has been a driving force in Risk to “get it done” and a catalyst for positive changes within the organization. Julie has an MBA from Assumption College and a BBA in Finance from UMass Amherst, and holds many industry certifications. Julie also sits on the Board of Directors and Audit Committee of a Massachusetts based community bank.

Mark Ford, Principal, Deloitte Mark Ford, Principal, Deloitte& Touche LLP, Security & Privacy (S&P), is the S&P Health Sciences Industry champion responsible for driving the Health Care Provider and Health Plans sectors. Mark has over 28 years of information security and controls experience starting with the U.S. Army Military Intelligence Corp and including 18 years of consulting with professional services firms. He is a Certified Information Systems Security Professional (CISSP). Donna Fountain, IT Security Director, ING Donna Fountain has over 25 years of experience ranges between Application Migration Control & IT Controls & audit. For the past 3 years, she managed the IT Controls team that is part of the Technical, Risk & Security team for ING. As part of her role she is responsible for the IT Controls Library, Risk Dashboard, and entry point to IT for all audits. As part of this role she is responsible for the rollout of Archer eGRC platform. Alicia Gamel, IT Governance Manager, Fifth Third Bank Alicia Gamel has over 15 years of experience in IT governance, security and audit. For the past five years, she managed the policy and standards program for a large regional bank. She leverages the Archer eGRC platform to support this program. Vicki Grunwald, eGRC Administrator and Developer, PayPal An Archer Certified Professional, Vicki has worked with Archer as an administrator and developer for 3 years. Prior to working in the Archer tool she was responsible for workflow automation design for the IRA department at a major broker dealer.

41

Matthew Harding, Principal Risk Analyst, EMC Working for EMC for the last 6 years as a principle Risk Analyst Matt has been the lead architect for EMC’s internal deployment of the Archer framework. He has also been responsible for the development controls and tools used for SOX control testing and development of many Risk programs at EMC. Outside of work he coaches high school track and is a semi professional photographer. Grant Harris, Manager, Deloitte Grant Harris has over 12 years experience in a wide-range of IT and operational risk management activities, and has worked on multiple clients across industry sectors to implement RCSA processes and applications. Mr. Harris is a Manager in the Security & Privacy Services practice, specializing in IT Risk Management services from performance of risk and vulnerability assessment through full implementation of GRC applications and enterprise processes. Graham Hill, GRC Program Director, Miscrosoft Graham Hill is the GRC Program Director for Microsoft’s Information Security and Risk Management (ISRM) organization. Graham has over 13 years of experience in the field of Information Security, Governance, Privacy and Business Continuity. Over the years, Graham has driven several GRC strategic planning and tool deployment efforts for Microsoft and other companies. Graham is a primary member of the leadership team driving GRC and Archer throughout the Microsoft enterprise.

Susan Ingenluyff, VP, Consultant - System Engineering, Bank of America As a highly accomplished Information Technology professional with Bank of America, Susan’s more than 25 years of experience spans across various areas of technology. For the past six years, she has supported multiple Archer environments first for Global Information Security and continuing with 5.1 implementations for the Home Loans division and Global Technology & Operations risk management. Rod Jackson, Program Manager – Information Risk and eGRC Applications, Ebay Inc./PayPal Rod is the Information Risk & eGRC leader at eBay / PayPal. 25 years in, IT Systems, Security, and Governance; with success in roles in IT Audit, Quality, and Compliance director in healthcare & pharma. As well as practical IT mgt. he has trained a vast number of Networkers and MS Engineers. Rod held over 25 certifications, consulted to Fortune 500, and is a veteran of the US Air Force. Warren Kist, Manager, Ernst & Young Warren has 10+ years of consulting experience while leading finance & accounting improvement projects for public and private companies. Warren has specialized in developing business requirements for large Finance Transformation projects. Prior to joining EY, Warren served as Finance Director of an advertising agency. Warren obtained an MBA in Finance from the Chicago Booth School of Business and is a licensed CPA in Illinois and California.

42

Jonathan Kitchin, Practice Consultant, RSA Jonathan Kitchin works with the RSA Archer Consulting team, empowering clients to get the most from their GRC solutions. Jonathan’s 6 years with Archer span a variety of experiences, including owning the technical documentation portfolio, developing the Advanced RSA Archer Administration course, delivering training to over 500 Archer professionals and authoring the RSA Archer Certification exam. Mark Klimesh, Technology Consultant, Humana, Inc. Mark Klimesh is a Technology Consultant at Humana Inc. He is part of the Enterprise Solution Point (ESP) team responsible for the Archer eGRC platform at Humana. Mark implements RSA Archer solution development and integration, especially using the Web Services API. Mark has nine years of IT experience in systems development and support. Outside of Humana, Mark enjoys spending time with his wife and two sons. Anya Kricsfeld, Manager, Customer Support, RSA Anya Kricsfeld is Customer Support Manager at RSA. Anya has been with Archer support for over five years. Previous to Archer, Anya worked as a vulnerability research engineer for CA. Anya has a Master’s degree in Computer Science from Purdue University and BS degrees in Computer Science and Mathematics from East Central University in Oklahoma. She also holds a CISSP certification.

Eric Le Martret, Corporate Risk Manager, T-Systems Corporate Risk Manager for T-Systems Ltd (UK); Group Business Risk Manager for Capgemini Holding (Group); CeO of RM Partners (Risk Management Partners) (France); CoO of Capgemini North-East (France); Deputy Group Internal Audit Manager for Capgemini Holding (Group). Mark Leadbetter, Head of Security Operational Governance, NAB Mark is an experienced information security professional, with over 17 years experience across both technical and managerial aspects of information security. He has been with the National Australia Bank's Security Services team for over 7 years and currently heads the Bank's Security Operational Governance function. His qualifications include a Bachelor of Science, in Mathematics and Computer Science and he holds the CISSP certification. Craig Lee, Technical Support Supervisor, RSA Craig Lee is currently a Technical Support Supervisor, and has been with RSA for the previous two years. Craig has extensive experience supporting both the 4.x and 5.x platforms. Prior to joining RSA, Craig spent eight years in various Information Security positions while serving in the United States Air Force. He currently holds a BS degree in Computer Information Systems. Erin Leonard, Practice Consultant, RSA Erin Leonard is a Senior Practice Consultant in the Professional Services team at RSA Archer. In this role, Erin works with customers through requirements gathering, architecture design, solution construction and final implementation. Erin holds degrees from the University of Vermont, Bryant University and Boston University and is a Certified Information Systems Security Professional (CISSP).

43

John Linse, BC/DR Practice Lead, EMC Mr. Linse leads a practice that focuses on providing recoverability and resiliency to EMC’s customers across many verticals. John has assisted customers in developing recovery strategies focusing both on business and technology recovery programs. John is a regular speaker at Disaster Recovery events, seminars and conferences. John has published white papers and articles on recovery practices. Amy Lovik, Compliance Program Manager, The Walt Disney Company Amy Lovik is a Compliance Program Manager for The Walt Disney Company supporting multiple programs. Amy started her career at Disney as a program manager for the Disney Advertising System. A few years ago she transitioned to the Disney Compliance Team and been a part of the substantial improvements of that organization including the Archer implementation. Michael Lumia, Group Program Manager, Miscrosoft Michael Lumia is a Principle Program Manager at Microsoft for the corporate Information Security and Risk Management organization where he is the Lead Program Manager responsible for the implementation of the Archer Smartsuite application. In addition, he is a primary member of the leadership team driving GRC and Archer throughout the Microsoft enterprise.

Manette Maddox, Financial Controls Manager, Halliburton Manette has been with Halliburton for 8 years, all of which have been spent in the Financial Controls Group. Prior to joining Halliburton, Manette’s experience includes public accounting, financial management with Fortune 500 companies as well as non-profits and consulting work. She graduated with an accounting degree from Texas A&M University and is a CPA and a CFE. She is also married and the mother of 3 grown and 2 “almost-grown” children. Barry McAvoy, Executive Director - Security Strategic Services, Kaiser Permanente Barry has responsibility over Kaiser IT Security’s Program Mgmt Office, Business Mgmt Office, Security Business Relationship Mgmt, and Governance groups. Prior to joining Kaiser, Barry served as a VP in Wells Fargo’s On-line Banking group. Barry has also worked for the Mayor of San Francisco on a specially appointed telecom technology role. Barry started his career at CitiCorp working his way up to a VP role in the International Division. Gavin Mead, Director, KPMG Gavin Mead, KPMG LLP Director, leads the InformationProtection’s innovation program. Hisprojects span Identity and Access Management, Security and TechnologyAssessment, Business and Technology Resiliency, Information Privacy, SecurityStrategy and Governance, and Security and IT GRC. Gavin previously led theSecurity and Technology Assessment and IT-GRC Centers of Enablement.

44

Robert Milden, Senior Vice President, Senior Business Executive – Technology, Bank of America Robert has 18 years of global leadership experience at Bank of America; currently leading the Control Environment & Standards group. This team enables control element inventory management and testing while providing actionable business information. These capabilities combined with strong routines and partnerships ensure that improvement opportunities are continuously identified and implemented. Lorenzo Montessi, Senior Director, Corporate Strategy, EMC Lorenzo Montesi is a Senior Director of Corporate Strategy at RSA, the Security Division of EMC. He leads RSA strategy to address advanced threats and adoption of hybrid cloud technologies. He was previously Senior Director of Corporate Strategy at EMC and Principal at BCG. He holds an MBA from MIT Sloan and a joint degree in Theoretical Physics at University of Pisa and Scuola Normale Superiore. Kathleen Moriarty, GRC Strategy, EMC Kathleen Moriarty works in EMC’s Office of the CTO, shaping technology strategy for information governance, risk, and compliance, with a focus on information security and incident response. She is a chair for MILE in the IETF and primary author of multiple standards in the ITU-T and IETF. Previously, she held CISO roles for MIT Lincoln Laboratory, FactSet Research Systems, and EMC clients.

Joe Morsbach, Sr. Technical Director, AT&T Joe has over 15 years with AT&T and brings experience in IT operations, Product Management, IT Architecture, Data Modeling and Analysis, and IT security, policy, compliance, and threat management. Joe's current responsibility in AT&T's Chief Security Office is to automate the discovery, security testing, reporting, and compliance monitoring of enterprise applications and infrastructure. Tom Moses, Business Continuity Planner, First Citizens Bank Tom Moses has 15 years experience in the Business Continuity and Disaster Recovery areas within the banking industry. He has assisted in developing and exercising both operational and technical recovery plans. He is a Certified Business Continuity Planner and Archer Certified Professional. He is the RSA Archer implementation person responsible for integrating the Business Continuity program for First Citizens into the RSA Archer framework. Timothy Neyman, ORM Solutions Engineer, Kaiser Permanente Tim Neyman has been a developer and technical consultant for over 14 years, and he has worked at Kaiser Permanente for the last 11. Tim joined KP Information Security in 2011, and he is responsible for the Archer eGRC Platform within KPIS. His current focus is on utilizing Archer to help assess, prioritize and govern business-impacting IT security risk via the Operational Risk Management project.

45

Kevin Novak, CISO/Technology Risk Manager, Northern Trust Kevin Novak is CISO, and IT Risk Manager at Northern Trust. He is responsible for the security of Company and Client information and for the management of information technology risk globally. Prior to joining Northern Trust Kevin managed Information Security, Records Management, and Enterprise Risk at Discover Financial, and served as COO and Director of Consulting for Neohapsis. Peter Novosel, Lead GRC Evangelist, RSA As Lead GRC Evangelist for RSA, Peter Novosel is responsible for articulating the vision for GRC technology and its potential to transform the way companies approach governance, risk and compliance processes. Mr. Novosel engages directly with GRC practitioners and industry experts to share technology insights and communicate RSA’s unique value proposition in the GRC space. Derek O’Halloran, Global Leadership Fellow, World Economic Forum Derek O’Halloran leads the World Economic Forum’s Information Technology Industry. The World Economic Forum provides a neutral platform for business leaders, policymakers, civil society and academics to convene and define the agenda at the industry, regional and global level. Derek has led the Forum’s work on cyber resilience as a governance and accountability issue for leaders across all sectors and manages the Global Agenda Council on the Future of the Internet.

Brian Olberz, Tech Consultant, Humana Brian Olberz is an Applications Architect at Humana, Inc. He is part of the Enterprise Solution Point (ESP) team responsible for the Archer eGRC platform at Humana. Brian has been a key architect of Humana's implementation over the last three years. He has ten years of IT experience in development and security, including five years of Information Security/Risk Management at Humana. When he finds the time, Brian enjoys all things outdoors. Megan Olvera, Senior Technical Education Specialist, RSA Megan Olvera, Senior Technical Education Specialist, has been part of the Archer Education team since 2007. Megan’s solid foundation in Archer coupled with her approachable demeanor and an ability to identify core learning objectives make her a natural at helping clients scope out and create training for admins and end users alike. Tushar Padhiar, Senior Manager, Ernst & Young Tushar Padhiar is a Senior Manager in the Advisory Services practice of Ernst & Young LLP with 14 years experience in information systems and systems security. Tushar specializes in: policy development, identity and access management, security organization design, security architecture and network security. Tushar has worked for clients across multiple industries including media and entertainment, technology distribution, financial services and health care.

46

Betty Pawlik, Information Security Risk Specialist, HCA, Inc. Ms. Pawlik has over 16 years of information security and IT audit experience. During the past five years, she has been involved in compliance activities, including leading company efforts in Office for Civil Rights HIPAA security audit response and remediation activities. In her current role at HCA, she is a member of the IS Risk Management team and is responsible for overseeing Archer activities. Jorge Perez, Senior Associate, Information Protection, KPMG Jorge Perez is a Senior Associate in KPMG’s Advisory practice. He has over 7 years of experience in developing and delivering strategies and solutions for KPMG’s Fortune 500 clients in the areas of Information Technology, IT-GRC, Information Protection, and Archer eGRC. He is based in KPMG’s New York office. Michelle Popel, Senior Information Security Analyst, Ameriprise Archer System Administrator since 2009. BS from the Univ of Minnesota. MBA from the Univ of St. Thomas. Employed with Ameriprise since 1995. Current Responsibilities Include: Lead Archer System Administrator for Ameriprise. Focus on developing Archer enterprise capabilities, best practices and supporting the Archer tool from a GRC perspective. Lead for Archer 5.0 migration (target is May 25).

Lokesh Ramani, Senior Associate, KPMG Lokesh Ramani, KPMG LLP, is part of the InformationProtection and Business Resiliency Services practice. His professionalexperience spans IT GRC strategy, design and process automation with specificfocus on Archer SmartSuite Framework. He has extensive experience ininformation security assessments, building methodologies and frameworks toachieve business resiliency for large organizations. Michael Rasmussen, President, Corporate Integrity Michael Rasmussen, President of Corporate Integrity, LLC and OCEG Fellow, is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of corporate compliance, business ethics, policy management, and corporate culture. With 18+ years of experience, Michael helps organizations improve GRC processes and choose technologies that are effective, efficient, and agile. Jay Reid, Senior Director of Security Compliance, Equifax Jay Reid is a Senior Director of Security Compliance at Equifax. Jay leads a team in the development and implementation of Equifax’s GRC program. Jay provides 7 years of experience in management and GRC consulting. Jay has provided direct guidance and oversight to more than 100 GRC projects for over 25 fortune 1000 companies.

47

Eric Roebuck, Product Manager, RSA Eric is a member of the RSA Archer Product Management team with responsibilities including Data Access and Visualization, and Product Globalization. Before joining RSA in 2010, Eric held various positions in R&D as well as Sales and Professional Services at other software companies for over 10 years. He also holds a Bachelor’s degree in Computer Science with a Business Minor from the University of South Dakota. Tim Rutherford, Sr. Manager - Product Management, RSA Tim leads product management of the Archer GRC Platform. Tim has significant experience in enterprise software spanning almost 20 years in the industry. Having worked in many different roles, Tim brings a truly cross-functional view to product management, and leverages that experience to create the best possible solution for his customers. Steve Schlarman, eGRC Solution Manager, RSA Mr. Schlarman brings over 18 years of deep IT compliance, security and audit expertise to RSA. As an eGRC Solution Manager, Mr. Schlarman is responsible for applying his experience in IT security and management into product design and architecture of RSA Archer’s GRC solutions. Steve is responsible for the RSA Archer Threat and Incident Management solutions as well as team lead for the RSA Archer eGRC Solutions Suite. Richard Seiersen, Director of Assessment Services, Kaiser Permanente Richard Seiersen is security leader with over 15 years experience in network security; governance, risk and compliance; enterprise. At

Kaiser, he directs the organization’s Assessment Services group. His current focus is delivering programs and solutions that scale resources and prioritize actionable security risks. Doug Swarts, Manager Software Engineering, RSA Doug Swarts currently serves in the Engineering group managing customer escalations. A long-time employee with over six years of service. He has been involved with numerous functional areas of the application and has years of experience troubleshooting the Archer application from early versions to the most current. Dhawal Thakker, Manager, KPMG Dhawal has 13 years of Information Technology & IT Security consulting experience. It includes security strategy, security policy, UCF, regulatory compliance, BCP, DR & network security. Actively involved in implementing eGRC solutions for last four years for some of the leading technology & financial companies. Dhawal is an Archer Certified Consultant, CIPP, CISSP & CISA certifications. Marshall Toburen, eGRC Solution Manager, RSA Marshall Toburen is the Archer Risk Solutions Mgr. He has 30+ yrs experience in risk management, most recently as Sr VP at a large financial services company with responsibility for ERM practices & technology, info security, insurance, loss control, & vendor mgmt. His credentials include: M.A. in Economics, Univ of MO; B.A.s in Econ & Political Sci, Baker Univ; & CIA, CISA, & CBA certifications.

48

Lisa Toland, Cyber Risk Management Lead, NNSA

Ms. Toland has over thirteen years of experience in computer security, information security, and risk management. Currently Ms. Toland assists in managing the OCIO cyber staff support contract concerning all IT/cyber security governance and oversight, policy, procurement support, and is responsible for managing an enterprise cyber security rollout of Continuous Monitoring across the NNSA complex. Scott vonFischer, CISO, LyondellBasell Industries Scott vonFischer is the CISO for LyondellBasell and manages the IT compliance and protection of corporate electronic data assets. Scott has built large global event management solutions, e-commerce sites, and security architecture that protect customer information largest financial institutions. Scott is a frequent speaker on best practices for information privacy for young adults. CISSP, CIPP/IT. Andy Weeks, Director, Enterprise Solution Point, Humana, Inc. Andy Weeks is Director for Enterprise Solution Point at Humana Inc. Andy is responsible for the design and operation of the company’s eGRC platform, and aligning the business behind the massive cultural change this brings. Humana Inc., headquartered in Louisville, KY, is a leading health care company offering a wide range of insurance products and health and wellness services.

Keith White, Managing Principal, GRC, Accuvant Keith White brings over 20 years’ GRC experience to Accuvant’s Governance, Risk, and Compliance (GRC) practice. As GRC Practice Manager, he is responsible for technical leadership and personnel management. His presales responsibilities include developing and maintaining content relevant to the practice area. Mr. White’s varied experiences include founding, growing, and managing practices in various risk areas for corporations, many of them global in scale. William Whitman, Cyber Security Solutions Architect, SAIC William Whitman, a Cyber Security Solutions Architect with SAIC, has over ten years of experience in traditional and non-traditional development environments and methodologies. He specializes in commercial and government cyber security risk and compliance. Alex Yokley, Director of Information Security, Western Union Alex started with Western Union in 2002 and has worked in the Information Security department for the last 5 years. His team is directly responsible for security awareness training, security metrics, and all Archer development/administration. Western Union currently uses Archer to manage security policies, risk assessments, business continuity planning, forensic investigations, training activities, and other security-related processes.

49

Ahmet Zerey, CSI (Continual Service Improvement) Unit Head, Turkcell İletişim Hizmetleri A.Ş Ahmet Zerey is CSI (Continual Service Improvement) Unit Head at ICT, Turkcell in Istanbul, Turkey, where his responsibility is IT’s Compliance, Performance and Improvement activities. He is also responsible for process improvement of Turkcell ICT’s ITIL, ISO 20000, ISO 27001, ISO 9001, COBIT and SOX compliant processes. Currently he is holding ITIL v3 Expert and PMP Certification.

Ralph Zwierzina, ISO MAIL, Deutsche Post DHL Ralph Zwierzina holds a degree in Chemistry from Heinrich-Heine Universität, Düsseldorf. He was 2 years Project Manager global (build and run) for TELESET datacentres for one of global leading postage meter companies. After 5 years as a Senior Consultant with an international Management Consultancy in Banking/Finance he became Chief Information Security Officer for Global Business and Services&Corporate Centre division with Deutsche Post DHL. In 2009 he started after three years within GBS his work on Information Risk &Business Continuity Management for MAIL division within Deutsche Post DHL.

50

SPONSORS We thank our Sponsors for their support in making RSA Archer GRC Summit 2012 a success!

GOLD SPONSORS

www.kpmg.com

KPMG KPMG's Information Protection & Business Resilience (IPBR) practice assists global organizations transforming their security, privacy, and continuity controls into business-enabling platforms while maintaining the confidentiality, integrity, and availability of critical business functions. KPMG has over 3,000 Information Protection & Business Resilience and information risk management resources in over 75 countries around the globe.

www.qualys.com

Qualys Qualys is the pioneer and leading provider of information security and compliance cloud solutions with 5,500+ customers in 85 countries, including 51 of the Forbes Global 100. The QualysGuard Cloud Platform and integrated suite of applications helps businesses simplify security operations and lower costs, delivering critical security intelligence on demand.

SILVER SPONSORS

www.accuvant.com

Accuvant Accuvant is the only research-driven information security partner delivering alignment between IT security and business objectives, clarity to complex security challenges and confidence in complex security decisions. Based on our clients’ unique requirements, Accuvant assesses, architects and implements the policies, procedures and technologies that most efficiently and effectively protect valuable data assets.

www.csc.com

CSC CSC provides enterprise-class cybersecurity services that have evolved in some of the world's most sophisticated, disparate and challenging environments. Everyday around the globe, CSC serves the diverse missions of government and the private sector. CSC offers Managed Security Services, Identity and Access Management, Consulting, Application Protection and Business Continuity and Disaster Recovery.

http://www.kpmg.com/�

http://www.qualys.com/�

http://www.accuvant.com/�

http://www.csc.com/�

51

Deloitte Deloitte & Touche LLP's Security & Privacy Services offers services to help companies with their information risk management initiatives. We work to advance and evolve security solutions, improve enterprise security and value, and develop risk aware programs and processes. * Identity Access Management * Enterprise Application Integrity * Information Technology & Risk Management http://www.deloitte.com/us/securityandprivacysolutions

www.ey.com

Ernst& Young About Ernst & Young’s Advisory Services The relationship between risk and performance improvement is an increasingly complex business challenge, with business performance directly connected to the effective management of risk. Our 23,000 advisory professionals form one of the broadest global advisory networks. We use proven, integrated methodologies to help you achieve your strategic priorities.

BRONZE SPONSORS

www.beyondtrust.com

BeyondTrust BeyondTrust is the global leader in securing the perimeter within to mitigate internal threat and the misuse of privileges. BeyondTrust offers consistent policy-driven, role-based access control, monitoring, logging, and reporting to protect internal assets from the inside out. The company's products empower IT governance to strengthen security, improve productivity, drive compliance, and reduce expense across physical, virtual, public, private, and hybrid cloud environments.

www.coresecurity.com

Core Security CORE Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business.

http://www.deloitte.com/us/securityandprivacysolutions�

http://www.ey.com/�

http://www.beyondtrust.com/�

http://www.coresecurity.com/�

52

www.courion.com

Courion Courion, the leader in identity and access management (IAM) solutions that effectively and securely manage user access risk, helps companies identify, quantify and manage the risks associated with information access. With more than 14 million users in 500 organizations worldwide, Courion’s on-premise and cloud-based solutions deliver the industry’s fastest time to value and lowest cost of ownership.

www.securityforum.org

Information Security Forum (ISF)

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organisations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organisations and developed through an extensive research and work program.

www.knowledgent.com

Knowledgent Knowledgent is a leading industry information consultancy. It combines advanced information management and analysis capabilities with deep industry domain expertise to maximize the value of information to empower clients with actionable business insights. Knowledgent leverages big data analytics, unstructured data mining, semantic enrichment and master information management to help clients optimize business operations. Knowledgent has offices in Boston, Massachusetts, New York City, New York and Warren, New Jersey.

www.openskycorp.com

OpenSky OpenSky is an award winning IT professional services company and RSA ASN Partner with deep experience in GRC program development and Archer implementation across all nine core solutions as well as on-demand applications. OpenSky GRC experts have unprecedented experience with over 10 years in Archer, GRC, and ITRMS with expertise in Health, Pharma, Financial, and Insurance industries.

http://www.courion.com/�

http://www.securityforum.org/�

http://www.knowledgent.com/�

http://www.openskycorp.com/�

53

www.rapid7.com

Rapid7 Rapid7 is the leading provider of unified vulnerability management and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

http://www.rapid7.com/�

Date post:	18-Mar-2018
Category:	Documents
Upload:	vuanh
View:	220 times
Download:	4 times

RSA Archer GRC Summit 2012 Program Guide - Dell EMC thank you for your support of RSA Archer GRC...

Documents