Comprehensive, benchmarking, and in-person networking forum on how to identify virtual export compliance risks, safeguard ITAR and EAR controlled data, and manage access to shared networks and collaborative platforms.
Information Security Officer Internet Resume Leon Blum Copy
IT Management of Export Controls Seminar 28 Feb13 Invite
1. Seminar Invite: IT Management of Export Controls
Event Date: 28 February 2013 in San Diego
Please allow me to invite you to the American Conference Institute’s IT Management of Export Controls
Seminar, being held on 28 February 2013 in San Diego which I will be a guest speaker.
This will be a very comprehensive, benchmarking, and in-person networking forum on how to identify virtual
export compliance risks, safeguard ITAR and EAR controlled data, and manage access to shared networks and
collaborative platforms.
Enclosed please find the IT Management of Export Controls brochure, as I will be speaking on two critical
issues affecting your business:
How to Identify Your Company’s Key Virtual Export Compliance Weaknesses, where we will dive
into conducting an IT Risk Assessment to detect threats, and developing the right IT Program for your
business model at 9:15 am
Selling Virtual Export Compliance to Senior Management, where we will describe how to
demonstrate ROI and Secure Buy-In for a more robust and compliant IT Program at 3:15pm
This events faculty includes Global Trade and IT perspectives’ from ITT Exelis, Eaton Corporation, BIS
Department of Commerce, SAP Business Objects, Lockheed Martin, Oracle Corporation, NextLabs, and Global
Resources Management Incorporated.
The American Conference Institute is offering a special discount for my clients and colleagues that will expire
on 07 December 2012, so I did want to give you the opportunity to register at the reduced rate of $1195. Group
rates are also available for employees from the same organization. Please contact Adina Schwartz at ACI, Tel:
310.295.9789 - or - Email: a.schwartz@americanconference.com to help you receive the discounted rates.
I hope to see you there!
Sincerely,
Brian D. Helfer
Brian D. Helfer
Principal & Managing Director
Global Resources Management Incorporated ♦ 809 Three Degree Road ♦ Butler, Pennsylvania 16002 ♦ United States of America
Tel: +1.724.822.1890 ♦ Fax: +1.724.586.9107 ♦ Email: info@GlobalResources.us ♦ www.GlobalResources.us
2. February 28, 2013 | Hotel Andaz San Diego, San Diego, CA
4th Industry Seminar on
IT Management
of Export Controls
Practical Strategies for Leveraging IT and Automation to Strengthen Virtual Export Compliance
As the only event of its kind, this unique seminar will bring together top IT and automation experts, who will provide you
with practical insights on how to identify virtual export compliance risks, protect ITAR and EAR-controlled data, and control
employee and third party access to shared networks and collaborative platforms.
8:00 Registration and Continental Breakfast –– how to monitor, measure, and report risk levels of each process
for compliance
8:30 Opening Remarks from the Co-Chairs • Supporting today’s export compliance requirements across your
supply chain
Matthew T. Henson –– the characteristics of ‘Best In Class’ export compliance programs
Manager, Trade Automation and Systems
–– identifying the business processes and compliance requirements
Integration Office of International Trade
throughout your enterprise
ITT Exelis (McLean, VA)
• Tailoring your IT infrastructure and support model based on your
Guy J. Leygraaf product line
Program Manager - IT Export Controls
Eaton Corporation (Willoughby, OH) 10:15 Networking Coffee Break
10:30 Safeguarding ITAR and EAR-Controlled Data
8:45 What Government Expects for Virtual Export Compliance: on Networks, Servers, Emails, Laptops and Mobile
Upgrading Your IT Controls in Response to Tightened Devices: How Far to Go in Tracking, Segregating,
Requirements and Pending Reforms Tagging, Marking and Storing Data
Bernard Kritzer Scott Fitch
Director, Office of Exporter Services Cyber Architect
Bureau of Industry and Security Lockheed Martin (Washington Depot, CT)
U.S. Department of Commerce (Washington, DC)
Rosalie Cmelak
Director, Global Trade Management Product Strategy
Oracle Corporation (Pleasanton, CA)
9:15 How to Identify Your Company’s Key Virtual Export Keng Lim
Compliance Weaknesses: Conducting an IT Risk Chairman & CEO
Assessment to Detect Threats, and Develop the Right NextLabs, Inc. (San Mateo, CA)
IT Program for Your Business Model
• Managing email transfers of technical data: Tracking and
Paul Pessutti marking sensitive communications, and designating emails
Vice President - Finance, EPM and GRC for North America • Segmenting data, and managing data markings for technical
SAP Business Objects (Palo Alto, CA) data and technology
Brian Helfer • Protecting US origin data on laptops and servers
Principal and Managing Director • Securing mobile devices to avoid an export violation
Global Resources Management Incorporated (Pittsburgh, PA) • Differences in effective laptop vs. server and email protections
• When foreign data can become subject to US export controls
• Creating today’s IT security risk program for export compliance • When to create separate servers for controlled information
–– what does the organization and infrastructure look like and/or partition drives
and where is it going • Using ERP systems to store and manage export-controlled data
–– how to identify and assign compliance rules to corporate • Key questions to address for determining the scope of IT controls:
policies and procedures –– where is data located?
–– who should be governing risk assessments, and their roles –– what is the classification of the data?
and responsibilities –– who has access?
–– identifying the associated risks between business processes • Tracking classification of data under the ITAR and EAR,
and IT infrastructures and for DoD contracts
Register now: 888-224-2480 • Fax: 877-927-1563 • AmericanConference.com/ITExport
3. 11:45 Cloud Computing: Tightening IT Controls to Manage • Managing controlled technology located on a server in a restricted
Unique Data Storage, Distribution and Access country
• Identity Management: How identity is verified, managed
Security Risks and maintained
Guy J. Leygraaf • The intersection of identity management and export compliance
Program Manager — IT Export Controls
Eaton Corporation (Willoughby, OH) 3:00 Networking Coffee Break
• When and if you should include ITAR-controlled data in the cloud: 3:15 Selling Virtual Export Compliance to Senior
Determining where your data resides in the cloud, where it is stored,
who owns the servers and where data is going: Identifying who the Management: How to Demonstrate ROI and Secure
IT administrators are for the cloud service Buy-In for a Robust IT Program
• Implementing a CRM system to ensure the absence of ITAR- Brian Helfer
controlled data in the cloud Principal and Managing Director
• Integrating compliance business systems in the cloud: Complying Global Resources Management Incorporated (Pittsburgh, PA)
with State and Commerce Department requirements for access
to technical data • Building executive level commitment to Total Cost of Ownership
• Backing up data in the cloud and ROI
• Vetting prospective service providers: Understanding who is hosting • Garnering a commitment to the Business and IT processes and
and managing the network project management principles
• Determining the requisite level of virtual access controls for foreign • Outlining governing policies, procedures, and charters driving
national employees and third parties future landscape
• Negotiating and reaching agreements with cloud computing • Confirming Business and IT volumes, resources, processing times
service providers: Key areas of risk and clauses to incorporate and expenses
into your contracts • Comparing operational efficiencies and risk mitigation with new
solutions
12:30 Networking Luncheon • Leveraging resources to create AS-IS examples and TO-BE proof
of concepts
1:30 Implementing Effective Encryption Controls:
Determining When and How Much to Encrypt 3:45 Where Most Companies Go Wrong on Virtual
Export-Controlled Data, Emails and Network Access Export Compliance and Technology Control Plans:
Keng Lim Lessons Learned for Structuring Your IT Program in
Chairman & CEO an Ever-Changing Security and Trade Compliance
NextLabs, Inc. (San Mateo, CA) Environment
• Degree of required encryption: Industry standards and best practices Scott Fitch
• Managing heightened risks related to China Cyber Architect
Lockheed Martin (Washington Depot, CT)
• Identifying and assessing in-house encryption technologies
• When data must be individually encrypted Rosalie Cmelak
• When and how to encrypt wireless network access to controlled data Director, Global Trade Management Product Strategy
Oracle Corporation (Pleasanton, CA)
2:15 Implementing a Virtual Framework for Sharing
This practical roundtable discussion will provide attendees with a
Data with Foreign Parties, Parents, Subsidiaries worthwhile opportunity to hear how leading companies are integrating
and Affiliates: Verifying User Credentials to Protect trade compliance into their IT infrastructure and systems. Speakers
Networks and Collaboration via SharePoint and will provide concrete, real-life examples of how to troubleshoot, address
new and emerging threats, and prevent virtual export violations.
Other Platforms
Guy J. Leygraaf Take away best practices from companies on the cutting edge of IT
Program Manager — IT Export Controls export compliance. Learn how they are implementing processes
Eaton Corporation (Willoughby, OH) for exchanging and protecting technical data, and the most critical
pitfalls to avoid when rolling out your IT program.
Matthew T. Henson
Manager, Trade Automation and Systems
Integration Office of International Trade
ITT Exelis (McLean, VA) 4:45 Interactive Q & A and Brainstorming: How to Address
the Most Pressing Virtual Export Compliance
• How to evaluate the legitimacy of an individual’s credentials Challenges Keeping You Up at Night
provided through virtual channels
• Assessing administrator and user access based on identity, location Led by the seminar Co-Chairs, this interactive wrap-up session will
and rights cover the most important tips and tricks of the trade in developing
• Incorporating denied party screening into your IT systems a successful IT compliance program. Come prepared with all the
• Integrating trade compliance requirements into your user questions you thought of over the seminar, but didn’t get a chance to
verification and monitoring ask. This session will help you to wrap up your training and head back
• Monitoring engineering and scientific discussions, and exports to your office with best practices that can be implemented in real life.
of manuals with technical specifications
5:30 Seminar Concludes
FEE PER DELEGATE Register & Pay by Dec 7, 2012 Register & Pay by Jan 18, 2013 Register after Jan 18, 2013 Seminar Code: 781L13-SDO
For registration details, please see
o IT Management of Export Controls $1295 $1395 $1495 page 8 of main conference brochure
Register now: 888-224-2480 • Fax: 877-927-1563 • AmericanConference.com/ITExport