This document provides information on the 2017 Lunch & Learn Series hosted by IBM on various information security topics. The sessions will be delivered live and onsite, customized for the audience and with time for discussion. Lunch will be provided. Contact information is provided for Jeff Miller to learn more. A list of potential session topics is given covering areas like risk management controls, securing mobile and cloud environments, identity and access management, cyber resilience practices, and using cognitive systems for security.

1. 2017 Lunch & Learn Series
Education and thought-leadership for information security
professionals and stakeholders
• Sessions are designed to be delivered live and onsite, customized to the
audience, and adapted to time requirements.
• Lunch will be provided by IBM and/or supporting business partner.
JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM

2. 2 IBM Security
SUMMARY: LUNCH & LEARN SERIES
Top 14 IT Risk Management Controls Securing the Mobile Enterprise; How IBM Keeps
IBM Safe While Going Mobile
IBM’s 10 Essential Security Practices Five Steps to Securing Your Companies “Crown
Jewels”
Cyber Resilience; Leading Incident Response
Practices
Security Considerations for the Cloud – SaaS,
PaaS, IaaS
Identity and Access Management; Challenges,
Trends, and Solutions
Big Data Requires Big Protection – Leading
Practices
Next Generation Cybersecurity – Cognitive
Systems and IBM Watson for Cybersecurity
Securing System Z (z/OS)
Implications of the EU’s General Data Protection
Regulation (GDPR)
JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM

3. 3 IBM Security
TOPIC AGENDA & DISCUSSION POINTS
Top 14 IT Risk Management
Controls
• Serves as a Security Program overview, includes findings from IBM's annual
CISO survey on the most adopted and invested IT Risk Management controls
• Represents a blend of popular frameworks, e.g. NIST, SANS, and COBIT
• Discusses top controls within the context of tiered maturity, e.g. Basic,
Proficient, and Optimized
Securing System Z • Top Mainframe Security Risks
• z/OS security challenges – policies & execution
• Leading practices—data, application, identity, access, security intelligence,
audit, compliance
• Introduction to zSecure
• Assessment programs & workshops
Application Security: Leading
Practices
• Why Application Security Matters—threat landscape (Ponemon, Verizon DBIR,
and OWASP)
• Understanding the Business Case—value drivers, metrics, and ROI
• Controls—Dynamic (DAST), Static (SAST), Interactive (IAST), Open Source
(OSS), Pen Testing
• Emerging innovation—IBM Watson for Application Security
• Leading practices—Risk-based approach, securing the SDLC, integrating with
DevOps practices
JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM

4. 4 IBM Security
TOPIC AGENDA & DISCUSSION POINTS
Cyber Resilience: Incident
Response Leading Practices
• Cyber Resiliency Trends—2016 Ponemon Research Study
• Proactive Response—leading IR practices in knowledge management,
orchestration, and workflow
• Breach Notification—managing privacy, compliance, regulatory requirements
• Day in the Life—an introduction to the Resilient IR platform
Identity and Access
Management (IAM): Trends,
Challenges & Solutions
• Digital transformation implications and identity as the new perimeter
• Aligning capabilities to business requirements, assessing maturity, and defining
priorities
• Apply Design Thinking Principles to your IAM program
• Leading practices—business centric terminology, roles vs entitlements,
recertification, multi-factor, privileged identity, self-service, risk-based and
context-aware access mgmt, bring your-own-ID, biometrics, on-time passwords,
separation-of-duties (SoD)
• Architecture considerations—cloud apps & platforms, mobile, micro-services,
APIs, open standards, cross-site authentication, and integrating legacy apps
• Intelligent governance and monitoring
JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM

5. 5 IBM Security
TOPIC AGENDA & DISCUSSION POINTS
Next Generation
Cybersecurity – Cognitive
Systems and IBM Watson for
Cybersecurity
• Research Findings—Cybersecurity in the Cognitive Era
• Watson for Cybersecurity—how it works
• Current Use Cases and Results—Security Intelligence and Application Security
Implications of the EU’s
General Data Protection
Regulation (GDPR)
• Overview & key terminology
• Stakeholders – Data Subjects, Controllers and Processors
• Accountability & enforcement
• Practical implications & preparation
• How IBM can help
Five Steps to Securing Your
Companies ‘Crown Jewels’
• Data Security & Exfiltration – Trends, Targets, and Business Impact
• Data Types – Understanding & Prioritizing Critical Data
• Protecting Critical Data – IBM’s 5 Step Methodology & Tools
• Leading Practices – the Crawl, Walk, Run Approach
Introduction, IBM’s 10
Essential Security Practices
• IBM’s 10 Essential Practices is a strategic security assessment methodology
that creates the foundation for all our security program recommendations and
improvements
• It can incorporate input from other recognized standards, such as the NIST
Cybersecurity Framework, ISO 27001 / ISO 27002 standards PCI-DSS 3.2, and
the OWASP Top 10 risks
JEFF MILLER | 317.437.4009 | JEFFLMIL@US.IBM.COM

6. ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU