Speaker Biographies and Session Details

Session 1: European Perspectives on Enterprise Risk Management

 

Presented by Rolf von Roessing, CISA, CISM, CGEIT, Chairman at FORFA AG

Most risk management frameworks can be universally applied, but still, risks differ from country to country, region to region. This session will look at enterprise risk frameworks from the perspective of UK/Europe-based firms and discuss the similarities and differences of their application with U.S.-based companies. In this session, attendees will learn about:

• An overview of enterprise risk frameworks
• Risks unique to UK/European companies
• Best practices for management and mitigation

A retired partner and now executive advisor at KPMG Germany, Rolf von Roessing holds nonexecutive directorships in several security consulting companies in Germany. In addition to working at KPMG, he has experience in large international banks and insurance companies, where he was responsible for business continuity management and information security. He is a former board member of the Business Continuity Institute (BCI), where he served from 2001-2008, and was chair of the BCI’s Audit Committee from 2003-2008. Von Roessing joined ISACA’s Security Management Committee in 2005. He chaired the working group for ITGI’s IT Control Objectives for Basel II publication and is currently a member of ISACA’s Framework Committee.

---

Spotlight Session: Practical Risk Management Approaches

Presented by Eric Holmquist, president at Holmquist Advisory

In approaching information security as a key business issue, this session will provide a foundation for risk governance within financial services organizations. Some of those key topics include:

• A sound information security policy
• Assessing information security risk
• Developing an information security strategy
• Management communication
• Incident response handling

---

Session 2: Enterprise Risk Management: Your Role in Reducing Risk to Business

Presented by Brian Barnier, principal at ValueBridge Advisors

Every person in a company has a role in enterprise risk management (ERM), and ERM must become part of the fabric of running a business. This "top-down" approach to ERM frameworks requires skillful coordination and reaching out to people in various risk roles, then integrating the practices. In this keynote session, Brian will answer:

• What are the pieces of an ERM framework?
• How to get the pieces to work together?
• Who should lead the path to ERM?

As a principal analyst and advisor at ValueBridge Advisors, Brian Barnier uses his cross-discipline, country and industry practical experience to improve business performance through risk management. A respected author (Operational Risk Handbook for Financial Companies) and speaker, Barnier has served on several industry and professional practices committees (ISACA’s Risk IT Based on COBIT and the OCEG Redbook), contributing risk management approaches to improve business performance and demonstrate compliance. He has led teams to nine US patents. He is equally conversant working across the C-suite to help executives seize opportunity in a challenging economy. He was selected one of the distinguished fellows of Open Compliance and Ethics Group and has authored over 100 articles.

---

Spotlight Session: Introduction to Pragmatic Data Security

Presented by Rich Mogull, analyst and CEO at Securosis

Most of the information out there on building a data security program is ridiculously complex, expensive, and unrealistic in today's operating environment. In this session, Rich Mogull will introduce a practical approach to data security. One that accounts for business, compliance, and security needs without breaking the budget. During this session you’ll learn:

• What tools offer the best bang for your buck for protecting your data
• Practical tips for integrating processes and procedures that cost-effectively improve your data security
• How to incorporate business needs and compliance into your data security to ensure maximum results
  
  

---

Session 3: Sustainability and Enterprise Risk Management

 

Presented by Adrian Bowles, vice president and principal analyst at Constellation Research Inc. and founder of SIG411 LLC

Sustainability includes any operational aspect that affects the long-term viability of a business. The concept is commonly associated with energy or supply chain management, which themselves have risk elements that must be mitigated. In this session, attendees will learn more about:

• The c-level executive's role in sustainable risk management
• Where sustainability fits into an ERM infrastructure
• How to implement and test sustainable practice

Adrian Bowles has more than 25 years of experience as an analyst, practitioner and academic in IT, with a focus on IT strategy and management. He is the founder of SIG411 LLC, a Westport, Conn.-based research and advisory firm that identifies, develops and promotes sustainable business practices. His research coverage includes sustainable business processes and technologies, corporate social responsibility, business intelligence/analytics, green IT, and IT governance, risk management and compliance. Bowles has directed global market research projects and advised hundreds of firms on technology trends and adoption strategies.

---

Session 4: Risk Management Strategies for Protecting Enterprise Supply Chains

Presented by Paul Kirvan, FBCI, CISA, independent consultant, author and educator and secretary of the Business Continuity Institute USA chapter

As companies' reach around the world expands, so does the complexity of supply chains and their increased interdependencies. Business continuity management techniques can be introduced as part of the risk identification, mitigation and recovery processes. In this session attendees will learn more about:

• Taking responsibility for supply
• Quantifying supply chain risk
• Steps to mitigate supply chain risk

Paul F. Kirvan, FBCI, CBCP, CISSP, has more than 20 years' experience in business continuity management as a consultant, author and educator. He is secretary of the Business Continuity Institute USA Chapter and Editor-in-Chief of Contingency Planning & Management (CPM) magazine. Kirvan has also served as senior consultant with Fortune Consulting and Telcordia Technologies where he worked on numerous business continuity projects and strategic plans for companies such as Chase Manhattan Bank, Wachovia Bank, Vanguard Cellular One and Florida Power & Light. He is the author of over 300 technical articles and several books on telecommunications and disaster recovery.

---

Spotlight Session: Raytheon seeks to innovate around IT security services
Presented by Michael Daly, director of IT security services and deputy CISO, Raytheon Corp

As large-scale security breaches become more commonplace, the challenge for most CIOs and chief information security officers (CISOs) is just trying to keep up with the threats -- never mind innovating around IT security services.
Michael Daly, director of IT security services and deputy CISO at Waltham, Mass.-based Raytheon Co., begs to differ.

In this session, Daly explains that it is possible to take innovative approaches to enterprise security and still "close the gap" between threats and vulnerabilities.

---

.

Session 5: Managing Network Security Threats with an ERM Strategy

 

Presented by Kevin Beaver, information security consultant, seminar leader and keynote speaker at Principle Logic LLC