Security Forum

8/8/2019 Security Forum

1/12

FORRESTERS SECURITY

FORUM EMEA 2010

Navigating The New Security & Risk RealityMarch 11-12, 2010 Guoman Tower Hotel London

www.forrester.com/security2010emea


2/12

FORRESTERS SECURITY

FORUM EMEA 2010

Dear Colleague,

In 2010, Security & Risk professionals will face a new landscape unlike any weve seen before.

Weve been discussing change for years: how the future of IT will bring dramatic changes

to workplace dynamics, sourcing models, and application portfolios. But this year will be

different. The confluence of the changing threat landscape, economy, and new technology

requirements are forcing more change than weve seen in a decade. We need to move beyond

discussions of the economy plunging into freefall and the resulting decrease in budgets, jobs,

and discretionary security projects. Security & Risk professionals need to understand how to

navigate this new security reality and continue to drive the business forward, moving beyond

focusing on security for the rapidly changing technology and instead focusing on mastering

two major shifts: 1) a shift in business expectations, and 2) a shift in ownership.

Forresters Security Forum EMEA will bring together industry experts and analysts to hold

practical sessions and panels on todays most difficult security and risk struggles. Together,

we will work to rethink the role of security within your enterprise by finding ways to get close to

the business, create efficiencies with governance, risk, and compliance (GRC), establish the

right set of priorities, and implement an architecture that responds to these security shifts.

I look forward to seeing you in London!

Two Forums For The Price Of One

Attendees of Forresters Security Forum EMEA 2010 will have access to Forresters co-located

Infrastructure & Operations Forum EMEA 2010. For more information, please see page 10.

Rob Whiteley

Vice President, Research DirectorForrester Research

Contents

Role-Based Forum

Speakers

Expert Advice

Agenda

Track Sessions

Forresters Co-LocatedInfrastructure &OperationsEMEA Forum 2010

Registration

Venue & Sponsors

3

4

6

7

8

10

11

12

2 www.forrester.com/security2010emea


3/12


4/12

POWERFUL CONTENT. EXCEPTIONAL SPEAERS

Building Trust As The Business Shifts To Online Services

Eirik Time, CISO, Statoil

Eirik Time is currently the Chief Information Security Officer (CISO) for Statoil. He is responsible for corporate information

management and IT risk management, compliance, and monitoring. Mr. Time joined Statoil as an engineer in 1997 and

has held many IT management positions, which included eBusiness, ICT security, security and usability, and Internet

technology responsibilities. Pr ior to joining Statoil, Mr. Time worked for companies such as Cambridge Technology Partners, Computas

AS, and TDI in consulting and management positions.

Key session takeaways:

Learn the value of building trust and implementing security controls for SaaS and other online services.

Identify the value of public key infrastructure (PKI), identity management, and establishing centralized digital identities for users

consuming online services.

Discuss recommendations and lessons learned with these technologies

How Changing Business Expectations Require CISOs To Own Even More

im Aarenstrup, Group Head of Information Security, A.P. Moller Maersk, and Council and

Executive Chairman, Internet Security Forum (ISF)

Kim Aarenstrup is the Group Head of Information Security/CISO of A.P. Moller Maersk and sits on the Council of the

Information Security Forum (ISF) as Executive Chairman. Mr. Aarenstrup is also the Deputy Chairman and Founder of

the public Danish IT-Security Council. He has a background in the police force as a criminal investigator and was a key player in

establishing the first national High Tech Crime unit in Denmark.

Key session takeaways: Examine Mr. Aarenstrups view of the CISO position from both his day-to-day role as Group Head of Information Security at Maersk

and Council and Executive Chairman at ISF.

Discuss why changing business needs require that CISOs own more, not less, security responsibility.

Hear some thought-provoking advice and future recommendations for reshaping your security and risk leadership role.

Where Is The EMEA Cloud?

James Staten, Principal Analyst, Forrester Research

With the economy beginning its slow recovery, does the value proposition behind the new outsourcing options such as

cloud computing still apply? Or should enterprise Infrastructure & Operations pros look to return services to the data

center? The evolution toward cloud computing isnt just about economics its about strategic right-sourcing, and cloud

services play a key role in making you more efficient and effective. Come learn what other leading enterprises are putting in the cloud

and why you should too. This session will cover:

What is real in the cloud and what still needs more work.

How others are transitioning to the cloud.

What services they are transitioning and why.

Industry eynotes

Forrester eynotes

This is a joint Keynote session with Forresters co-located Infrastructure & Operations Forum EMEA 2010

4


5/12

Navigating The New Security & Risk Reality

halid ark, Principal Analyst, Forrester Research

Shift happens. And you need to deal with the consequences. Weve been discussing change for years: dramatic changesto workplace dynamics, new sourcing models, and evolving application portfolios. But change is no longer hypothetical

its real. This session will move beyond discussions of the economy and help you understand how to navigate the new

security reality. Session attendees will learn:

The major business trends you need to prepare for before the inevitable upturn in the global economy.

How to master three major shifts: 1) a shift in business expectations; 2) a shift in ownership; and 3) a shift in security architecture.

Why you need to move beyond asking questions of your CIO and business peers to providing guidance and evolving your SRM

practice.

Visible Clouds: How To Master A Shift To Cloud Computing

Chenxi Wang, Ph.D., Principal Analyst, Forrester Research

Cloud computing promises tremendous business and operational efficiencies but has fundamentally changed the way IT

procures capacity, software, and expertise. As a result, the way to the cloud is not without inhibitors. Lack of visibility into

cloud operations, possibility of non-compliance, and privacy concerns are only a few of the challenges. This session will

equip you with the best practices to empower information security to embrace cloud computing. Key takeaways from this session will be:

Learn where cloud computing may be a fit and where it is not.

Get concrete steps to prepare for the move to the cloud.

Discuss best practices to approach cloud security, privacy, and compliance.

Attend A Pre-Forum

Workshop

For added value, join a small group of

peers and work closely with Forrester

analysts during a full-day, hands-on

Workshop. Special discounted rates

for paying Security Forum EMEA 2010

attendees!

Pre-Forum Workshop pricing:

795 for paying Security Forum EMEA

2010 attendees (1295 regular rate)

to register call: +31 (0)20 305 4848.

Measuring The Effectiveness Of Your Security Organization

March 10, 2010Led by Principal Analyst Khalid Kark and Senior Analyst Andrew Jaquith

In the past, the ever-changing threat landscape ensured healthy budgets for

information security. But in today's economic climate, senior managers are no longer

willing to write blank checks for IT security. As a result, security and risk management

executives must increasingly find ways to measure and communicate the success of

their information security programs to senior management. Security metrics are the

keys to doing this successfully.

Through facilitated sessions and presentations, you will discuss:

Best practices for developing an effective strategy for IT security.

Marketing the value of security to build awareness with the business.

Essential strategies for improving security performance.

Measuring the effectiveness of the security program.

Turning operational metrics into business metrics.

Creating a Balanced Security Scorecard that communicates program effectiveness.

http://www.forrester.com/securityforumworkshop2010

5


6/12

Meet One-On-One With Forrester Analysts.

Participating Forrester Analysts And Coverage Areas:

Consistently rated as one of the most popular features of Forrester events, One-On-One Meetings give you the opportunity to discuss unique security and risk

issues facing your organization with Forrester analysts. Security Forum EMEA 2010 attendees may schedule two 20-minute One-On-One Meetings with the

Forrester analysts of their choice, depending on availability.

Andras Cser, Senior Analyst

Role Served: Security & Risk professionalsEnterprise Single Sign-On, Entitlement Management, Financial Services,

Healthcare & Life Sciences, Identity & Access Management, Mobile Services,

Passwords, Professional Services, Security & Risk, Strong Authentication,

Telecommunications Services, User Account Provisioning, Web Single Sign-On

Glenn ODonnell, Senior Analyst

Role served: Infrastructure & Operations professionalsApplication Development, Application Management, Application Performance

Monitoring, Business Service Management, CMDB, Capacity Modeling & Planning,

Data Center Automation, Data Center Management, IT Asset Management,

IT Infrastructure & Operations, IT Management, IT Organization, IT Process Automation, IT

Service Management, IT Services, IT Strategy, Planning, & Governance, ITIL, Infrastructure

Change Management, Infrastr ucture Configuration Management, Infrastructure Measurement,

Infrastructure Metrics, Integrated I T Management, Networking, Organizational Design & Change

Management, Server Management, Server Provisioning, Service-Level Management, Software

Distribution, Systems Management

Brad Day, Vice President, Principal Analyst

Role served: Infrastructure & Operations professionalsComputer Architectures, IT Infrastructure & Operations, Midrange Systems,Server Consolidation, Server Hardware, Server Operating Systems, Systems

Management, Unix Ser vers

Andrew Reichman, Senior Analyst

Role served: Infrastructure & Operations professionalsConsumer Electronics, Consumer Technology, Data Archiving, Data Protection, IT

Infrastructure & Operations, Next Generation DVDs, Storage & Data Management,

Storage Management, Storage Networking

James Staten, Principal Analyst

Role served: Infrastructure & Operations professionals

Blade Servers, Capacity On Demand & Utility Computing, Cloud Computing,Computer Architectures, Data Center Architecture, Data Center Consolidation,

Data Center Management, Grid Computing, IT Infrastructure & Operations, Server

Consolidation, Server Hardware, Server Virtualization, Systems Management, X86 Servers

Christopher Voce, Analyst

Role served: Infrastructure & Operations professionalsApplication Management, B2B Sales & Marketing, Clustering, Computer Architectur es,

Data Center Management, IT Infrastructure & Operations, L icense Management, Server

Hardware, Server Management, Server Operating Systems, Server Virtualization,

Software Distribution, Systems Management, Systems Partitioning & Virtualization, X86 Servers

Doug Washburn, Analyst

Role served: Infrastructure & Operations professionalsClient Computing Hardware, Data Center Management, Green IT, IT Infrastructure &

Operations, IT Management, IT Organization, Server Hardware, Server Management,

Storage & Data Management, Storage Management

Simon Yates, Vice President, Research Director


Application Management, Client Computing Hardware, Client Operating Syst ems & Software,Client Security & Management, Computer Displays, Enterprise Laptops, Enterprise Mobile

Devices, Enterprise Mobility, IT Infrastructure & Operations, Mobile Operating Systems,

Mobile Software & Platforms, PC Support, Peripheral Devices, Server-Based Computing

Galen Schreck, Principal Analyst

Role served: Enterprise Architecture professionalsCloud Computing, Computer Architectures, Data Center Management, Enterprise

Architecture, Enterprise Architecture Domains, High Availability/Fault Tolerance,

IT Infrastructure & Operations, IT Management, IT Strategic Planning, IT Strategy,

Planning, & Governance, Processor Architectures, Server Virtualization, Systems Management,

Systems Partitioning & Vir tualization, Technical Architecture

Chris Silva, Senior Analyst

Role served: Infrastructure & Operations professionalsBroadband & Remote Access, Convergence Services, Enterprise Mobile Devices,

Enterprise Mobility, Fixed-Mobile Convergence, IT Infrastructure & Operations,

LAN/WAN Performance Optimization, Local Area Networks, Mobile Operating

Systems, Mobile Phones, Mobile Software & Platforms, Network Performance & Security,

Networking, PDAs, Remote Access Infrastructure, Remote Work & Telecommuting, Smartphones,

Telecommunications Services, VPN - Internet/IPSec/SSL, Voice Services, Wide Area Networks,

Wide Area Wireless Networks/Wireless Broadband, Wireless LAN Infrastructure Hardware,

Wireless LAN Protocols & Standards, Wireless Voice Services - Mobile Voice & VoWi-Fi

Benjamin Gray, Senior Analyst

Role served: Infrastructure & Operations professionalsClient Computing Hardware, Client Operating Systems & Software, Enterprise

Desktops, Enterprise Laptops, Enterprise Mobile Devices, Enterprise Mobility, IT

Infrastructure & Operations, Mobile Operating Systems, Mobile Services, Mobile

Software & Platforms, Telecommunications Services

Evelyn Hubbert, Senior Analyst


Business Service Management, CMDB, Data Center Management, IT AssetManagement, IT Infrastructure & Operations, IT Process Automation, IT Service

Management, ITIL, Infrastructure Change Management

Elizabeth Herrell, Vice President, Principal Analyst

Role served: Infrastructure & Operations professionalsCall & Contact Center Outsourcing, Communications Infrastructure, Contact

Center Technologies & Processes, IT Services, Networking, Outsourcing, SIP/

SIMPLE Protocols, Speech Technologies, Unified Communications

Onica ing, Researcher

Role served: Infrastructure & Operations professionalsAlign people and processes with business needs, Data Center Management, Green

IT, IT Asset Management, IT Infrastructure & Operations, IT Process Automation,

ITIL, Make smarter infrastructure choices by balancing technical and business

justifications, Make your infrastructure more efficient, Navigate the evolving ecosystem of IT suppliers

Bill Nagel, Analyst

Role Served: Security & Risk profes sionalsAuthentication, Authentication, Authorization, & Audit, Biometrics, Digital &

Electronic Signatures, Digital Certificates & Digital Signatures, Financial Services,

Fraud Management, Governance, Risk, & Compliance, Government, Healthcare &

Life Sciences, High-Tech, Identity & Access Management, Infrastructure Security, Mobile Security,

Passwords, Privacy, Security & Risk, Security Operations, Security Policies, Security Program

Governance, Smart Cards, Strong Authentication

Usman Sindhu, Researcher

Role Served: Security & Risk profes sionalsEndpoint Security, Infrastructure Security, Network Access Control, Network

Performance & Security, Network Security, Net working, Regulations & Legislation,Security & Risk, Security Operations, Security Standards, Regulations, &

Legislation, Vulnerability & Threat Management

Rob Whiteley, Vice President, Research Director

Role Served: Security & Risk profes sionalsNetwork Access Control, Network Performance & Security, Networking, Security

& Risk

Chenxi Wang, Ph.D., Principal Analyst

Role Served: Security & Risk profes sionalsApplication Security, Content Security, Security & Risk, Security Operations, Threat

Management, Vulnerability & Threat Management

Andrew Jaquith, Senior Analyst

Role Served: Security & Risk professionalsData Classification, Data-Centric Security, Electronic Signatures, Encryption,

& Rights Management, Encryption, Information Leak Prevention, Information

Protection, Security & Risk

halid ark, Principal Analyst

Role Served: Security & Risk professionalsGovernance, Risk, & Compliance, IT Compliance Management, IT Risk

Management, Regulations & Legislation, Security & Risk, Security Performance

Management, Security Policies, Security Program Governance, Security Services,

Security Standards, Regulations, & Legislation, Security Strategy

John indervag, Senior Analyst

Role Served: Security & Risk professionalsData Classification, Data-Centric Security, Encryption, Enterprise Firewalls,

Information Leak Prevention, Information Protection, Infrastructure Security,

Mobile Security, Network Security, Personal Firewalls, Protect Your Organization's

Information, Regulations & Legislation, Security & Risk, Security Appliances, Security

Architecture, Security Configuration Management, Security Event Management, Security

Operations, Security Performance Management, Security Program Governance, Security

Services, Security St andards, Regulations, & Legislation, Security Strategy, Threat Management,

Vulnerability & Threat Management

Chris McClean, Analyst

Role Served: Security & Risk profes sionalsCorporate Governance, Corporate Social Responsibility, Enterprise Compliance

Management, Enterprise Risk Management, Governance, Risk, & Compliance,

Green Business Strategy, IT Compliance Management, IT Management, IT Risk

Management, IT Strategy, Planning, & Governance, Security & Risk

EXPERT ADVICE

Security Forum EMEA 2010 attendees can also choose to meet with analyst from the co-located Infrastructure & Operations EMEA Forum including:

6


7/12

AGENDA

All session speakers, themes, and times are subject to change. 7


8/12


9/12

The Security Of B2B: Enabling An UnboundedEnterpriseUsman Sindhu, Researcher, Forrester Research

The need to work with third-party organizations is

accelerating. Todays global economy requires more

interactions with suppliers, partners, and even customers.

But how do you make sure youre not exposing the businessto new risks? This session will explore how organizations

are putting security controls and policies in place to protect the

blurring enterprise boundary. Attendees will:

Learn best practices in securing todays business-to-businessinteractions.

Understand the right security controls that protect your businesswithout sacrificing flexibility.

Discuss updated policies and contractual language to reflect newbusiness risks.

Building An Identity Strategy To HarnessConsumerization And Cloud ComputingBill Nagel, Analyst, Forrester Research

Consumer technologies have invaded the workplace, and

enterprise boundaries are expanding outward into the

cloud. This loss of control can be a daunting prospect

for security pros charged with employee authenticationand authorization. This session will discuss ways to

safely harness the consumer electronics revolution using identity

management technologies and cloud services. Attendees at this

session will:

Learn how technologies and processes for both enterprise andconsumer authentication are being used today.

Help you understand the challenges and opportunities offederation and user-centric identity.

Identify how authentication can help organizations integratepersonal mobile computing, telecommunications, and storage

devices into the workplace.

Find out how organizations are working on securely movingcorporate information resources into the cloud.

Securing Bring-Your-Own-PC (BYOPC) ProgramsRobert Whiteley, Vice President & Research Director, Forrester Research

Bring-your-own-PC (BYOPC) programs lower IT costs,

decrease complaints from employees, and produce fewer

conflicts with the business. Employees require more

flexibility and better technology from IT, and IT has no

choice but to give in. This session will describe a security

architecture using endpoint security, virtualization, and management

technologies to secure this IT inevitability. This session will cover:

Why organizations are desperate to make BYOPC work. The underlying technologies required to make BYOPC a reality.

How to design a new security architecture that enables this levelof employee flexibility.

Protecting Information When You Dont Own The AssetsAndrew Jaquith, Senior Analyst, Forrester ResearchOutsourcing, offshoring, Tech Populism, and executive

bling present a common problem: sensitive data stored

on assets your company does not own. In this session, we

reveal key strategies for extending the reach of the data

security controls so that data stays secure regardless of

who owns the asset. In this session, you will:

Hear essential strategies for future-proofing data protection.

Get guidelines for working with business partners and gear-totingemployees.

Understand lessons learned from pioneering enterprises.

Assessing Cloud Security: Examining Top ProvidersSecurity And Privacy Practices

Chenxi Wang, Ph.D., Principal Analyst, Forrester Research

IT professionals remain skeptical and concerned about

security and privacy of outsourcing to the cloud. In this

session, we will take a look at how top cloud providers like

Salesforce, Google, and Microsoft handle security and privacy issues;

go through mock case studies of security/privacy requirements; and

conclude with best practices for protecting your data in the cloud.

At this session you will:

Learn how the top cloud providers handle security and pr ivacy.

Understand how to assess risk and reward tradeoffs of cloudoutsourcing.

Examine best practices for dealing with cloud providers andtrusting your data to the cloud.

IN-DEPTH TRACS

Track B Shift In Ownership: Protecting Data Outside Your Four WallsA new generation of outsourcing and the consumerization of IT are usurping control from IT. The introduction of cloud computing gives

IT the flexibility to tactically outsource IT services. At the same time, your workforce is demanding more flexibility, and employees

sporting consumer-grade gear are eroding traditional security controls. The result? You dont own your data anymore. Moreover,

enterprises know the weakening security perimeter is no longer sufficient for companies to embrace cloud computing, hosted services,

Web 2.0, consumer devices, and vir tualized assets. To help, well get you up to speed on how to: govern and secure data housed with

external providers and employees; rethink new outsourcing and employee contracts; embrace Tech Populism; extend audit controls to

third parties; and determine which security services belong in the cloud.

9


10/12

FORRESTERS INFRASTRUCTURE & OPERATIONS FORUM EMEA 2010

Postponed, delayed, curtailed, or outright canceled you heard these words too often in the past 18 months. But as the global

economy recovers, your company wants to come out of the starting gate fast with new applications and new market initiatives. Is yourfirms infrastructure ready to answer the call? Will you need to refresh network, server, or storage gear to meet the demand? Should you

consider cloud or other strategic outsourcing alternatives? Do you have the skills you need to leverage new virtualization and automation

tools? Can you finally fulfill that long-held dream of transforming the infrastructure and operations (I&O) function from an organization

based on technology silos to a true service delivery team? These are the tough questions you need to prepare for as 2010 arrives.

This years I&O Forum will focus on the enormous tasks of planning, prioritizing, justifying, and carefully executing the wide range of people,

process, and technology projects needed to get your firm back in the black. Specifically, the Forum will answer questions such as:

How will I&O drive a fast recovery for firms by planning and prioritizing infrastructure initiatives that best align with business goals?

How will I&O teams adapt and apply the recessionary behaviors of business case justification and financial acumen and tune

them to the new norm for communicating with business leaders?

How will I&O assess the post-recession readiness of its infrastructure to meet current and future business needs?

ey Questions The Infrastructure & Operations Forum Will Answer

Attendees of the Infrastructure & Operations Forum will learn how to manage and optimize I&O people, processes, and technologies

to fuel growth and improve efficiency in the post-recession era. They will learn the answers to questions such as:

How do I prioritize new I&O opportunities that will drive business growth and reduce the cost of operations against the backlogof projects already on the list?

How do I effectively plan, justify, select, and optimize critical I&O solutions over the next five years?

What impact will these technology investments have on people, skills, and the process of running I&O teams?

How do I accelerate the transformation of I&O from an organization led by technology silos to one that emphasizes service delivery?

Who Should Attend?

Forresters Infrastructure & Operations Forum EMEA 2010 will examine crucial ways to make I&O organizations successful and well

aligned with business objectives. This years theme, Back In Black: Planning And Executing Your Post-Recession Initiatives addresses

issues relevant to all technology professionals, but its content will focus most closely on these roles:

Infrastructure & Operations professionals.

Enterprise Architecture professionals.

Sourcing & Vendor Management Professionals focusing on infrastructure issues.

CIOs.

IT professionals involved in consolidation and virtualization projects, automating IT processes, building business continuity plans,

and hiring and training the next generation of I&O professionals.

TWO FORUMS, ONE PRICE

Attendees of Forresters Security Forum EMEA 2010 will have access to

Forresters co-located Infrastructure & Operations Forum EMEA 2010.

The Forums will open with a joint keynote session and then attendees

can choose which keynotes and track sessions they wish to attend.

Twice the content, twice the value!

Track Sessions Give You Takeaways You Can Use Immediately

Now that we are looking beyond the recession to the next period of growth and investment, IO leaders face some tough decisions

about their priorities, as not every project will come back.

Track A: Building An I&O Technology Plan For The Post-Recession Era.

Track B: Embracing The New Norm To Plan, Prioritize, And Execute I&O Projects.

www.forrester.com/infrastructure2010emea

Back In Black: Planning And ExecutingYour Post-Recession Initiatives

CO-LOCATED WITH SECURITY FORUM:

March 11-12, 2010 Guoman Tower Hotel London

0


11/1211


12/12

VENUE & SPONSORS

Sponsors

Guoman TowerSt Katharine's Way, London E1W 1LD, UK

Phone: +44 845 305 8335http://www.guoman.com

The Tower is a uniquely calm and tranquil place to stay in. Inspired by the slow roll

of the Thames just outside, this four-star London hotel provides a feeling of serenity

and peace, away from the bustle of London and the city. The hotel offers a range of

bedrooms, suites, and apartments.

Enterprise Architecture Forum USFebruary 11-12, San Diego

Enterprise Architecture ForumEMEAMarch 2-3, London

Security Forum EMEAMarch 11-12, London

Infrastructure & Operations ForumEMEAMarch 11-12, London

Infrastructure & Operations Forum US

March 17-18, Dallas

Marketing Forum USApril 22-23, Los Angeles

IT Forum USMay 26-28, Las Vegas

IT Forum EMEAJune 9-11, Lisbon

Customer Experience Forum USJune 2010

Security Forum USSeptember 16-17, 2010

Services & Sourcing Forum USOctober 2010

Business Technology Forum USOctober 2010

Consumer Forum USOctober 2010

Marketing Forum EMEANovember 2010, London

Services & Sourcing ForumEMEANovember 2010, London

For details of accommodation at the Guoman Towers or other hotels in the area, please go to:

www.forrester.com/security2010emea and select the Venue tab

Forrester Events 2010UPCOMING...

Gold Sponsors Silver Sponsor Platinum Sponsors

For a complete list of all upcoming Forrester Forums, including Workshops, please visit www.forrester.com/events.

Be Visible. Create Excitement. Generate New Business.

Sponsor A Forrester Event

Sponsors of the co-located Security Forum EMEA 2010 and Infrastructure & Operations Forum EMEA 2010 are:

For sponsorship information, please contact us at: [email protected] or call the event sponsorship lines on +31 (0)20 305 4351 (4337)

Forrester Blog

Join the conversation on The Forrester Blog For Security & Risk Professionals: http://blogs.forrester.com/srm.

Forum Venue

Security Forum

Documents

Transcript of Security Forum