Boston CISO Executive Summit

Governing Body members host this dinner for attendees to launch the event with an evening of peer networking.

How do CISOs choose where to invest and whether they have the time and energy to spend on aspects of a new security program? A strong framework is essential to help evaluate the state of your security program and to identify where there are gaps in coverage. CISOs can do this by examining 4 areas: asset coverage, control comprehensiveness, risk context, and maturity continuity.

Join this session to learn:

• How do the four building blocks work to create a solid security program
• Why developing a security rubric is imperative
• What a holistic view can reveal about your security program

The cyber insurance application process is taking longer and has become more complicated in the last few years. Premiums are rising. Leaders from organizations big and small are questioning the value of cyber insurance.

 Join this session to discuss:

• Perspectives on the changing cyber insurance landscape
• Emerging carrier requirements for cyber insurance
• Your personal cyber insurance concerns

Data doesn’t move itself. People—whether they are negligent, compromised or malicious—move data in secure and risky ways. The growth in remote work from anywhere and everywhere has redefined the global security perimeter and increased the risk of insider-led data loss for organizations. At the same time, the frequency and volume of insider threats keeps rising, placing a significant burden on security teams to keep pace. Where do you start to stop insider threats?

Join this session to discuss:

• Moving beyond legacy data loss prevention approaches
• Managing insider threats and risks in your organization
• Increasing visibility across multiple channels to accelerate incident response

Third parties expose businesses to strategic, operational, financial, and compliance risks. Moreover, leaders have less visibility into third parties than into their own businesses. For many organizations, the pandemic exposed the fragility of the organization’s third-party network and impressed the need to flex quickly to new third and fourth parties in the extended enterprise to meet demand without increasing risk exposure.

Join this session to discuss:

• Standardizing third-party risk management assessments to be used by business units
• Maintaining visibility of all ongoing third-party relationships
• Identifying and mitigating the risks of the third-party network

Organizations of every size are accelerating digital transformation to become more agile — but in the process, they’re greatly expanding their attack surfaces and exposing themselves to new threats. Once-stalwart castle-and-moat security architectures built on VPNs and virtual or physical firewalls are ill-equipped to address these new challenges. IT and security teams need to rethink networking and security, moving away from perimeter-based and network-focused solutions. That’s why today’s progressive leaders are turning to zero trust.

In this session, you’ll hear:

• What exactly is zero trust
• The essential elements of a true zero trust solution
• How to successfully implement a zero trust architecture across your organization

Cyber-risk is here to stay and ever-increasing. After repeated wake-up calls, the Board of Directors is under pressure to add cybersecurity skills to their responsibilities, they are held accountable for cyber-risk. The SEC have even proposed new rules to force public companies to add skilled cybersecurity members to their boards, a tactic that worked 20 years ago for financial expertise. But can it work again? It’s not going to be an easy shift, corporate governance requires specialized expertise, deep operational competency, an understanding of business value and how to manage exposure to risk.

Join this session to discuss:

• Why not all boards are created equal - what you should know around board oversight
• What organizations are looking for in board members with a security background
• What you can do to prepare now

When it comes to security, automation should not be the end goal; it’s simply a means to an end. While security automation is certainly an incredibly valuable tool, it is just that: a tool. So how do you identify which areas of your security operation are the best candidates for automation, and which should stay in the hands of your team (at least for now)?

During this peer-discussion you will explore:

• Creating a framework for evaluating automation use cases
• Whether the “single pane of glass” vision of automation is truly achievable
• Innovative ways other CISOs have used security automation

In an effort to establish agility and flexibility, the modern CISO must prioritize cloud maturity while securing traditional resources in the datacenter. Yet, resiliency opportunities continue to evolve in protecting, observing, and remediating your organization's most precious data resources, regardless of where data may reside.

Join a room of your executive peers and discuss how today's CISOs:

• Manage critical data and plan to recover it in times of cyber distress
• Capitalize on cloud benefits, while avoiding cloud pitfalls
• Protect and secure on-prem and cloud apps without ignoring cost

Connect with like-minded peers in a one-on-one setting through Evanta’s Peer-to-Peer Meetings. You will be matched with peers in your community based on your shared interests and priorities.

Whether it comes from across the globe or down the street, the ever-looming threat of a ransomware attack is always in the back of the IT and security executive’s mind. Get your collaborative and creative juices flowing in this gamified choose your own adventure.

In this interactive session attendees will:

• Collaborate to identify threat responses
• Respond to choices and forces out of their control
• Discuss pitfalls and best practices

The cost of cyber insurance is skyrocketing. In response to a string of high-profile attacks, record-setting ransomware numbers and government regulations, insurers are being forced to significantly increase premiums for cyber coverage. It’s not matter of “if”, it’s a matter of “when” (or even “when again?”) you’ll need protection from cyber insurance carriers.

Join this boardroom hosted by Mimecast to discuss:

• Strategies to understand and quantify your firm’s risk and threat profile
• Techniques to demonstrably reduce your attack surface and enhance your ecosystem of controls
• Methods to communicate your program’s effectiveness in order to maximize cyber insurance coverage

The path to a stronger IAM strategy lies within an agile digital system. CISOs are often challenged with keeping an entire company up to date, as well as identity-related breaches and core business operations being interrupted - but easy to use technology (when leveraged correctly) can be a game changer.

Join this boardroom to discuss:

• What the essentials are for building an efficient IAM system
• The challenges faced when protecting a hybrid workforce environment
• Readying your staff when adopting a user access program

The CIO and CISO roles are evolving to become customer-facing, revenue-driving, and cost-saving experts. While these terms may have different meanings to every organization, the basic goal remains the same — to better serve customers and the business without increasing risks.

Join CISO Robyn Ready and CIO Jaap van Riel, with ascena Retail Group to hear how they navigate:

• Working collaboratively and achieving more even when they have conflicting paths
• Risk reduction and increased velocity of business change
• Fostering a growth mindset while ensuring Security, Privacy, and Compliance don’t lose ground

Stay after the summit to catch a Boston Celtics game! Transportation to and from TD Garden will be provided, starting at 5:30pm.