Lunch Session: An Overview of Privacy Issues for 2010 by Adam Wright (Manager at Ernst & Young)

Afternoon Session: Myths & Realities of Data Security & Compliance: The Risk-based Data Protection Solution by Ulf Mattsson (Chief Technology Officer at Protegrity Corporation)

Lunch Session: Ernst & Young will address the top privacy concerns for 2010, covering both compliance and risk issues. Ernst & Young will address specific matters such as changes in regulations in the US and abroad, the evolution of breach notification, cloud computing and its impact on privacy, vendor management, use of GRC tools to track privacy program controls, and emerging technologies.

Afternoon Session: Accepting the obligation to protect your customers’ data is a part of doing business today. Data security drives customer trust and loyalty, and can preserve the value of your brand and ultimately your bottom line – Protecting your data is protecting your business. The risks to sensitive data may be unrelated to the costs of a security breach. In today’s environment, every business that holds valuable customer data is a potential target for attack. Traffic in stolen consumer credit card data has become big business, and most experts agree that it is inevitable your systems will be attacked at some point. The goal is to fend off the attack and prevent a breach. Any reportable breach is extremely costly, but the question is how to measure the return on an investment made to prevent an attack from succeeding.

A risk model will incorporate both inherent (largely uncontrollable) risks as well as highly controllable risks which are related to the policies, procedures and technologies that are specifically put in place to reduce the risks to sensitive data. By switching your focus to a holistic view rather than the all too common security silo methodology, an enterprise naturally moves away from deploying a series of point solutions at each protection point, which results in redundant costs, invariably leaves holes in the process, and introduces complexity that will ultimately cause significant and costly rework.

Along with the agenda topics presented below, the session will focus on the 'fact's and fiction' around business drivers, compliance not equaling security and the pro's & con's in the remedies. This session will review data protection methods that enable organizations to achieve the right balance between cost, performance, usability, compliance demands and real-world security needs. This session will also guide you through a process for developing, deploying and managing a risk adjusted data security plan

Discussion topics of this seminar include:

• Why do PCI DSS and State Breach Legislation exist?
• Why do I care?
• Doing nothing is NOT an option
• How do I comply?
• What gets in the way - Industry challenges that organizations face and their drivers to remedy
• Quantifying data risk factors
• Review current/evolving data security risks
• Explore the methods that enable organizations to achieve the right balance between cost, performance, usability, compliance demands and real-world security needs
• Develop a risk adjusted methodology for securing data and evaluating security solutions
• Review case studies: protecting PII and PCI data throughout its entire lifecycle
• Discuss next steps - how to drill down further - each environment is different

Speaker Information:
Lunch Session: Adam S. Wright, Manager at Ernst & Young

Afternoon Session: Ulf Mattsson, Chief Technology Officer at Protegrity Corporation

Speaker Biography:
Adam S. Wright
Adam Wright is a Manager with Ernst & Young’s IT Risk & Assurance (ITRA) practice. He is the Phoenix office Privacy resource for Ernst & Young. Adam has used his privacy knowledge and other experience to serve a variety of financial services and technology clients in Arizona, Nevada, Colorado, and Texas. Adam has over six years of financial and information technology (IT) audit experience conducting business process controls assessments, IT security audits, and third-party reporting engagements. Adam is a CIPP (Certified Information Privacy Professional), CISA, and CISSP.

Ulf Mattsson
Mr. Mattson is the Chief Technology Officer and a founder of Protegrity Corporation, Stamford CT, for more than 10 years. He created the architecture of Protegrity’s database security technology. Prior to joining Protegrity, he has 20 years experience at IBM in software development and as a consulting resource to IBM's Research organization, specialized in the areas of IT Architecture and IT Security. He received his US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM Research in 2004.

He is the inventor of more than 20 patents in the areas of Encryption Key Management, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention. One line of his research during the last 15 years is in the area of managing and enforcing policies (security, encryption, and audit) for databases, including more than 10 joint projects with research and development teams at IBM, Microsoft, Hewlett-Packard, Oracle, Sybase, Informix, Teradata, and RSA.

He is a research member of the International Federation for Information Processing (IFIP) WG 11.3 Data and Application Security. Leading journals and professions magazines, including IEEE Xplore and IBM Journals, have published more than 100 of his in-depth professional articles and papers. He received Industry's 2008 Most Valuable Performers (MVP) award together with technology leaders from IBM, Cisco Systems., Ingres, Google and other leading companies. He has given a series of presentations at leading security and database conferences in US, Europe and ASIA, and frequent tutorials at the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). He received a master's degree in physics in 1979 from Chalmers University of Technology in Sweden, and degrees in electrical engineering and finance.


******************************************************************
Additional Information For This Meeting:

Location:
The DoubleTree Hotel
20 N 44th St
NW Corner of 44th Street and Van Buren
Phoenix, Arizona 85008
(602) 225-0500

There will be up to 3 CPEs available for attending this event.

The registration fee is $40 (for members) and $60 (for non-members).

Payments can be made in advance through CVENT using American Express, Visa, MC and Discover Card. We will no longer accept cash or check on the date of the event unless prior arrangements have been made in advance.

Registration: 11:30am

Lunch: 12:00pm

End of day: 3:00pm

Deadline for Registration by the end of the day on Monday, March 22, 2010.

Click here to register for this event