Opening Keynote:
Strategic Information Security Management Planning: The NASA Case Study

Keynote Synopsis:
In an economy that is stressed under the burden of a global recession, organizations are forced to identify opportunities that promote cost savings and efficiencies, while still providing critical services to the consumer. This discussion will describe how IT within the business arena is evolving, the challenges of security in keeping pace with this evolution and how we as security professionals can embrace these challenges, enable and influence new business initiatives such as cloud computing, virtualization and the proliferation of consumer products in the business environment.  The NASA cyber security framework will serve as the underlying theme in this discussion.

Mr. Jerry L. Davis, CISSP, PMP
Deputy CIO, IT Security
National Aeronautics and Space Administration (NASA), US

Keynote One:
Innovations in Network Security

Keynote Synopsis:
Threats to corporate networks have become more complex and require solutions tailored to protect against multiple vulnerabilities. In addition to protecting against many entry points, a solid threat management solution must have the capability to evolve and maintain robust protection from the growing number of complex threats coming from internal and public origination points. During his presentation, Mr. John Mulligan will discuss the evolution of network security, how threats flowing through public networks can effect your operations, as well as the importance of using best practices for developing, scaling, and deploying advanced networking and security solutions.

Keynote Two:
Be ready to get PCI certified

Keynote Synopsis:
Credit card data security requirements are now a permanent feature of business compliance obligations. The Payment Card Industry Data Security Standard was designed to protect the privacy of customers, as well as payment card and merchant data. However, meeting PCI requirements has proved to be a challenge for many businesses.

Most industry experts agree that the best way to achieve and maintain PCI compliance is to adopt a strategic, holistic approach to network security risk management and compliance that includes the network infrastructure, policies, and procedures. The ability to centrally manage systems, network services, and security is essential to a holistic solution.

This session will discuss the PCI standard and requirements. How to kick start the PCI compliance process and what Businesses should do in order to comply with the PCI standard.

Keynote Three:
Beyond Identity Management  

Keynote Synopsis:
Identity management is a must for all enterprises. Over the years, the fundamentals of identity management such as Directory, Enterprise Single Sign On, and User Provisioning are well understood and implemented in many enterprises. However, with rapid changes of organization and systems (growth, merger, downsizing, and restructuring), effective enterprise identity management requires next generation of solutions. The key issues enterprises facing include ineffective user provisioning, proliferations of online security threats, and inability to support enterprise wide application infrastructure security. This presentation will address these issues with next generation solutions using flexible role based provisioning of user identity, real time risk profiling for user access and integrating identity services within enterprise applications infrastructure.  

Mr. Stuart Fenwick
Senior Director, Fusion Middleware
Oracle Corporation APAC Division

Keynote Four:
NAC 2.0 - Beyond Admission Control

Keynote Synopsis:
As today’s high-performance businesses leverage IT as a strategic competitive asset, access to networks and applications must be pervasive, yet remain secure and controlled. NAC’s mission has evolved beyond simply managing pre-admission network access and ensuring endpoint policy assessment. NAC solutions today must dynamically address post admission control, role-based application access control and network and application visibility and monitoring.  Today’s NAC must expand access control to network traffic, delivering ubiquitous protection by implementing simultaneous security enforcement deeper in the network’s core and outward to the network’s edge. And, with its expanded abilities, NAC can allow different users with varying needs and levels of network and application authorization to access and share networked resources securely.

Keynote Five:
Emerging Threats–An insight into Online Fraud and Data Loss Prevention

Keynote Synopsis:
Today's businesses are very concerned with the external threats that can be posed by having a significant online presence, but what about the threats coming from inside your own organisation. This presentation gives an insight into the emerging threats that are currently top of mind for security professionals, how online fraud is committed and by who, and how data loss prevention from inside your environment is becoming the new threat.

Mr. Jason Pearce, CISSP
Director, Sales Engineering Asia-Pacific & Japan
RSA, The Security Division of EMC

CIO Insights Panel 1:
Redefining Information Security

Panel Synopsis:
Security spending continues to rise, but few organizations feel safer today than they did five years ago. In fact, conventional wisdom tells us that the approach most organizations take in developing an information security strategy is largely ineffective. This panel will explore this paradox and discusses how focusing on the key variables of vulnerability, probability and materiality will enable organizations to successfully balance the risk-reward equation.

Moderator:
Mr. William Yin, Managing Director, Boston Consulting Group

Executive Panelist:
Mr. Daniel Lai, Head of Information Technology, MTR
Mr. Jerry L. Davis, CISSP, PMP, Deputy CIO, IT Security, National Aeronautics and Space Administration (NASA), US
Dr. NT Cheung, Chief Medical Information Officer, Hospital Authority
Mr. Raymond Ngai, Head of IT Infrastructure, The Hong Kong Jockey Club

CIO Networking Luncheon Roundtables (By Invitation Only)

How Economic Downturn Change Your Priority? No surprise, we are now in the middle of a global economic downturn which has never been seen before. Organizations worldwide are trying to adapt to the crisis with all kinds of cost-cutting and restructurings. So how's this is going to change the priority of the CIO and CISO? With limited and even shrinking budget, where should the money be spent? Despite all the cut back, there is one particular area which most CIO and CISO agree that more should be invested. You are invited to join this session to find out that particular area is and whether it is the same as yours. Presentation by Mr. William Tam Senior Head of Technical Consultancy - Asia Pacific and Middle East Websense

CIO Insights Panel 2:
Best Practices in Information Protection and Risk Management

Panel Synopsis:  This panel of enterprise security executives representing different vertical industries will discuss key challenges associated with security and information risk management. Panelists will share their challenges and successes in creating an integrated approach to assess risk, establish priorities and budget, and develop best practices to support governance and regulatory compliance.

Moderator:
Mr. Derek P Jackson, COO, Risk Advisory Services, KPMG (China)

Executive Panelists:
Mr. Jerry L. Davis, CISSP, PMP, Deputy CIO, IT Security, NASA
Mr. Lui Sieh, Area Head of IT - Greater China Area, British American Tobacco
Mr. Mark Ross, VP & CIO, Sun Life Financial, Asia
Mr. Michael Leung, Senior VP & CIO, China Construction Bank (Asia) Ltd.
Mr. Pack Ling, CIO, Greater China, GE

Keynote Six:
Laptop Data Leakage? Worry No More!

Keynote Synopsis:
For the most organization, the wide adoption of laptops and mobility offers unique productivity gains, but it also introduces a mobile blind spot. Often identified as an area of serious vulnerabilities, which is how can we adequately secure mobile laptop user. This extends from ensuring secure access through to protecting sensitive information stored on mobile laptop, especially in the event of loss or theft. When a mobile laptop leaves the enterprise, their IT department loses visibility of the laptop and, as a result, loses its ability to protect either the laptop or its sensitive data. The sustained uptake of mobile laptops and devices had made this a major growth area for security services

Mr. Ricky S.K. Ong
Director, Security Solution, Enterprise Business Group, Asia Pacific Region
Alcatel Lucent

Keynote Seven:
Achieving the PCI Compliance Standard (Final Topic to be advised)

Keynote Synopsis:
Customer expectations in the area of data security have reached new height, and achieving PCI compliance has become both a response to customer expectation as well as an important investment in a company’s reputation. But achieving PCI compliance can be difficult, as organisations grapple with understanding the real challenges of becoming compliant, and then struggle to map PCI to their overall risk and governance strategies. In this session, Fortinet will share on the importance to be PCI compliance, security risks from new applications that business embraces and the countermeasures to achieve PCI requirements and beyond.

Keynote Eight:
Enterprise Data Protection: Security That Pays

Keynote Synopsis: 
True Enterprise Data Protection must be a strategic approach comprised of encryption, secure key management, centralized policy and controls, and ongoing management to achieve data protection across databases, applications, networks and endpoint devices. By deploying a holistic encryption strategy, companies streamline processes across their security constituency and the ongoing administration of their systems, thereby reducing the overall management and upkeep costs of their security infrastructure. Through a comprehensive presentation, SafeNet will clearly define enterprise data protection and show how companies can meet both security and compliance needs while reaping the cost savings benefits of an enterprise data protection strategy.

Mr. Ng Sheung Chi
Senior Security Consultant, APAC
SafeNet Inc.

Keynote Nine:
Next Generation of Messaging Security: Security-as-a-Service (SaaS)

Keynote Synopsis:
Imagine that your business received several hundred letters and parcels for each employee every day and suppose that the majority was junk mail but some of it, just by opening, could shut down the entire company. Would you rather run your own post office with dozens of employees to process the mail heaps or would it be easier to let someone else do the filtering and guarantee that all the mail that came through your front door was clean and safe? This type of outsourcing over the internet is known as Software as a Service (SaaS) and for messaging security, we name them “Security-as-a-Service”. In this session, MessageLabs speaker will tell you more about the latest threat landscape and explain why the traditional messaging security solutions alone may not be sufficient for today’s ever changing markets.

Mr. Nigel Mendonca
Regional Director, Asia
MessageLabs

CIO Insights Panel 3:
Driving Business Value with Security Innovation

Panel Synopsis:
Emerging technologies are changing the way we do business in this globally integrated, fast paced, mobile and cost-critical world. Companies are becoming more innovative with how technology enables them to do business, and each business innovation creates new security risks and compliance issues. This panel will share insights on moving security from a yesterday mind-set as a cost-center, to a business issue that drives value. IT professionals must do more than simply respond to the acceleration of security threats learning instead how security innovation, when aligned with business strategy, creates real business value.

Moderator:
Mr. Thomas Parenty, Managing Director, Parenty Consulting Limited

Executive Panelists under invitation:
Ms. Fanny Cheng, Director of IT, MGM Grand Macau
Mr. Fren Chan, Senior Regional IT Director, PPG Industries
Mr. Loic Buelens, CIO, Asia Pacific and China, Louis Vuitton
Mr. Micky Lo, Managing Director, Head of Asia IT Risk Management, JPMorgan Chase Bank N.A.