Session One – Detecting and Responding to Risk
From the IT department to the boardroom, our morning session looks at how enterprises can map and prioritise information security. We explore:
- Governance, Risk and Compliance (GRC)
- Changing perceptions: Information Security as a Business Objective
- New Challenges and Opportunities to Mitigate Risk
- Disruptive Technology Trends (Cloud, Social, Big Data, IoT, AI, Blockchain) and Security
- Effective Risk Management Strategies and Metrics
- Information Security as a Business Enabler
- Cyber Threat Risks – Guidance for Business Strategists and Boards
- Defining Risk Appetite and allocating Cyber Security Resources Efficiently
Conference Chair’s Opening Address
Security in an Age of Disruption
CISO, Santander UK (invited)
With the continued move to the cloud and the introductions of many disruptive technologies like the Internet of Things, Blockchain and Artificial Intelligence to our enterprise environments, the way we think needs to change. In this morning keynote we look at how the rules of the game are changing, and how organisations can unlock the full potential of new technologies with minimal risk.
- Top disruptive technologies – how they can fortify and weaken defences
- Why an adaptive security architecture is effective
- Anticipating unexpected risk to networks and data security
- Augmenting teams with the latest state-of-the-art technologies to respond effectively
- Convergence of physical security with digital security
- Managing devices “in the wild” and reducing the attack surface
- Designing for security and embedding a security-first approach across teams
InfoSec and Ownership: A Pragmatic Approach to Engaging Your Board
Information Security Director, Dixons Carphone (invited)
From global payment systems and private customer data to mission-critical systems and core intellectual property – companies are pressed to step up their game against persistent cyber threats. This session looks at how the C-suite can elevate cyber risk mitigation and be directly involved in determining the risk appetite of their business. We consider:
- Determining what to focus on and invest in
- Business and IT collaboration – establishing structures, functions, mobilising resources and achieving buy-in
- Extracting business value from your security architecture, and evaluating the effectiveness of your defences
- The role of the CISO – surviving and thriving in the new information security paradigm – and hiring the right leaders and talent to manage your IT estate
- Establishing cyber due diligence, key risk and performance indicators
- Defining, maintaining and updating your information security governance framework
Integrating Cyber Risk Assessment into your Organisation's Overall Risk Strategy
Head of Security Strategy & Innovation, BP (invited)
How can your enterprise raise its game by implementing an effective value-adding risk assessment and governance framework? We look at:
- Defining and measuring risk – why it matters and how it can be integrated into organisational risk strategies
- Standards of good practice for information security
- Benchmarking and information risk assessment methods
- How to develop tools to manage and monitor critical data over large systems ensuring it is accounted for and protected
- Patching and updating blind spots
- Managing the known unknowns and anticipating unknown unknowns
A Pragmatic Approach to Digital Transformation and Security
Director, IT Transformation & CISO, Opel (invited)
Digital transformation has become a cornerstone of growth. But faster, more agile, and open services for consumers and enterprises come with added risks.
What can enterprises do to generate business value? We explore:
- Key security considerations for a digital transformation strategy
- Why proactive data defence is crucial
- How to control where your data is created, stored and shared
- Data mapping, threat modelling, and third party risk assessment
A Revolutionary Approach to Security Regulation and Compliance
Air Commodore Peter Drissell MA, BSc, FCGI, FIoD, Director Aviation Security, and Transformation Director, Civil Aviation Authority
Following the route pioneered by our Aviation Safety Colleagues, CAA Aviation Security is moving towards a regulatory framework based on performance based regulation oversight, to replace its current prescriptive direct inspection regime.
An essential precursor to achieving this is the successful introduction of a Security Management System (SeMS) to offer industry an effective quality assurance process to manage risk. This presentation will set out our journey implementing this framework.
Questions To The Panel Of Speakers
Refreshment Break Served in the Exhibition Area
Reaping the Benefits of Risk Analytics: Can Algorithmic Intelligence Help your Security Architecture?
“The amount of information that needs to be secured is growing faster than our ability to secure it” according to IDC. The adverse impacts of a data breach are a clear and present threat to reputation and revenue in today’s business environment. This threat is all the more magnified in the age of Big Data – where the volume, variety and velocity of data is continually evolving, and where the appetite to capitalise on data to harness better business insights is growing.
Risks are ever-present for data stored in the cloud, on consumer devices as well as data locked in interconnected supply chains. Now more than ever, there is a pressing need to keep valuable information secure and protected. Preparedness strategies are a crucial factor for businesses.
This session looks at how to magnify the rewards of Big Data by applying intuitive analytics to security controls and measures in order to mitigate the risks.
Is Cloud a Secure Place for your Data?
Managing the risks associated with housing your private and confidential company data offsite is a critical business issue. The adoption of Cloud creates risks that must be understood and properly managed. With data centres scattered across the globe, there are additional concerns about privacy regulations, data sovereignty and compliance issues.
This presentation will demystify the complexity surrounding safeguards and best practice in managing your IT estate, with particular focus on how you can:
- Assess the risk from your cloud deployment
- Increase visibility into your IT estate
- Help maintain sovereignty of your data
- Protect against high risk user behaviour
- Prevent data loss and improve control of cloud apps
Questions to the Panel of Speakers and Delegate move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice
Sharing lessons learned, new innovations and stratagems for operational risk management
Conference Chair’s Afternoon Address
Achieving Cyber Resilience
To fight today’s cyber threats, enterprises have to move beyond traditional security measures and harness intelligence defences. Our afternoon keynote session explores:
- How machine learning is driving predictive protection
- What autonomous threat detection and response looks like
- The advantages of real time visibility and response
- How to modernise your security with an intelligent end-to-end approach
You’ve Been Hacked! Mobilising Your Response
It can often takes weeks, sometimes months, to discover a breach. The ability to respond effectively rests on the robustness of processes you have in place once you detect an active threat. Incident response capabilities require that businesses have robust policies and procedures that minimise threat exposure and damage.
- How to run simulations of breaches, to put your defences to the test and uncover any issues
- Calculating the impact of a breach for your enterprise
- Cyber insurance – is it worth the investment?
- Managing your post-breach handling and communications strategy
- Creating user awareness about responsibilities and standards
- Remote lock/wipe facilities, data loss prevention and recovery methods
- Adopting an information-centric approach to measure and manage risk
- Embedding cyber incident response procedures with business continuity and disaster recovery plans
Stopping the Insider Threat – Why IAM Matters
Identity and Access Management (IAM) is essential to minimising the potential damage cause by users. We look at:
- How you can ensure that appropriate controls are in place
- Trends and drivers for next generation IAM
- Approaches to managing federated SSO
- Risks and rewards of Privileged Access Management
- Vulnerability assessment methods and mitigation strategies
- Detecting malicious insiders and negligence
- Compromised credentials and social engineering
The Security Practitioner's Dilemma: Creating a Risk-Aware Organisational Culture
Organisational culture is a key component in the success of all risk management initiatives. Security practitioners are ever pressed to step up their game to engage users and offer training.
Is it all a waste of time? Why is training so ineffective?
A real life trainer walks you through how to:
- Do your due diligence – design and review a risk strategy
- Develop training – how to identify good awareness strategies for better uptake
- Benchmark success – how to define evaluation metrics and performance indicators for improved outcomes
- Continuously improve – define standards, responsibilities and reporting thresholds
- Reduce the surface of attack – manage privileges and reduce the impact of the human factor
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Are you set for GDPR?
- What your enterprise needs to be doing to ready itself for GDPR
- How to assess current security policies and privileges
- Why GDPR will change how we process, manage, and protect data
- Why preventing inappropriate access to personal data makes good business sense
- How to limit your risk and complexity through encryption
Keeping up with the Cyber Criminal
Understanding how cyber criminals operate, and what motivates them, allows enterprises to take tangible steps to build resilience and stay one step ahead.
Join this session to:
- Understand how cybercriminals evade detection and use advanced evasion techniques – the risks they pose to your data and networks, and what you can do about them
- Identify new risks and attack vectors affecting enterprises in 2018
- Defend against phishing, spoofing and other malware threats
- Understand key tools at your disposal like email filtering, network segmentation and layered authentication mechanisms to limit privileges and increase visibility
Closing Keynote Address: Trust in the Digital World
The controls we use to make us feel safe online are being tested, exploited and breached on a daily basis. As we become reliant on technologies that penetrate deeper into our lives, we ask what trust means in the digital era.
We take a look at the ‘zero trust’ approach, what it looks like, and whether it is feasible with particular reference for assurance, trust frameworks and standards across industry sectors.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.