Enterprise Security & Risk Management

28 November 2017

Victoria Park Plaza



So You’ve Been Hacked: Timely Reporting in the Age of Big Breaches

15th September 2017

By J Connolly Big hacks are back in the news this month with up to 143 million customer details exposed by the hack of credit […]

Must read for enterprises sending employees abroad: The SonicSpy malware family

14th August 2017

Lookout recently released information about a new spyware family called SonicSpy. Lookout Security Intelligence researchers discovered the spyware in Google Play and connected it to […]



Session One – Securing the Connected Enterprise

From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm

  • Governance, Risk and Compliance (GRC)
  • Changing perceptions: Information Security as a Business Objective
  • New Challenges and Opportunities
  • Disruptive Technology Trends (Cloud, Social, Big Data) and Security
  • Effective Risk Management Strategies and Metrics
  • Information Security as a Business Enabler
  • Cyber Threat Risks – Guidance for Business Strategists and Boards
  • Defining Risk Appetite and allocating Cyber Security Resources Efficiently
Chair’s Opening Address

Sarb Sembhi, Past President, ISACA London Chapter

Big Data Kills People

William Binney, NSA Whistleblower
J. Kirk Wiebe, NSA Whistleblower

William Binney and J. Kirk Wiebe are National Security Agency (NSA) whistleblowers who openly challenged the mismanagement of the Trailblazer bulk data collection programme which illegally spied on people around the world.

The Future Impact of AI in Cybercrime

Dave Palmer, Director of Technology, Darktrace

The risks from the digital era have changed; intellectual property and financial theft have been a frustration, but we should now expect attacks on enterprise physical assets as well as the deliberate undermining of data-driven strategic decisions aimed to cause damage in the long term. AI and machine learning developments offer new opportunities for resilience across the whole digital business but will how will these same developments be used by digital criminals?

Developing a Comprehensive Operational Risk Management Plan

What does a proactive road map to evaluating your current risk look like?

This presentation covers:

  • What a sophisticated attack looks like
  • Proactive risk management – from detection and risk classification to impact analysis and mitigation
  • Building your risk plan – remediation of risk, developing actionable plans, real time analysis, pattern recognition, user behaviour, continuous visibility and monitoring
  • Penetration testing – putting your defences to the test to uncover any security issues
  • Identifying security best practices
  • Reducing the risk of human risk factors
Reaping the Benefits of Risk Analytics

“The amount of information that needs to be secured is growing faster than our ability to secure it” according to IDC. The adverse impact of a data breach are a clear and present threat to reputation and revenue in today’s business environment. This threat is all the more magnified in an age of big data – where the volume, variety and velocity of data is continually evolving, and where the appetite to capitalise on data to harness better business insights is growing.

Risks are ever-present for data stored in the cloud, on consumer devices as well as data locked in interconnected supply chains. Now more than ever, there is a pressing need to keep valuable information secure and protected. Preparedness strategies are a crucial factor for businesses.

This session looks at how to magnify the rewards of big data by applying risk analytics to security controls and measures in order to mitigate the risks.

Transitioning to GDPR

How can organisations ready themselves for the heightened scrutiny and consequences attached with the new EU General Data Protection Regulation set to come into force in May 2018. We look at how you can:

  • Drive commercial performance through enhanced data accuracy and hygiene
  • Develop better insights into customer needs to improve satisfaction and ROI
  • Reduce your IT infrastructure footprint while plugging gaps between GDPR requirements and your technology capabilities
  • Simplify your IT estate, giving you better value for money
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
The Top 10 Cyber Risk Predictions for 2018

Raef Meeuwisse, ISACA Governance Expert and Author of ‘Cybersecurity for Beginners’

Based on ISACA research of its membership – made up of global professionals in IT risk, audit and security – Raef Meeuwisse presents the top risks security professionals have on their radar for 2018. The presentation will also demonstrate:

  • The use and value of a model of inherent and residual risk to reflect the level of danger before and after countermeasures are in place.
  • How the actual risk picture for your company looks different depending on what industry your organization is in, where it is located and more importantly, how robust your security practices are.
  • The Top 10 Cyber Risks, although overwhelming to organizations without good basic security practices in play, are manageable for organizations that follow the security principles and adhere to the industry frameworks in place.
Case Study

Marc Hammoud, Product Manager – Technology and Data, NHS Improvement

At least 1.8 million UK companies have been victims to some form of cyber-attack in 2015/2016. Your company being hacked is not a question of if but when (or already). Reputation damage for some companies has simply been beyond repair. Join this session for a few great tips on preparing your war scenario and how to survive various types of cyber-attacks at a reasonable cost.


Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice

Sharing lessons learned, new innovations and stratagems for operational risk management

Chair’s Afternoon Address
Achieving Cyber Resilience

With increasing numbers of transactions, interactions and data now online, bolstering cyber resilience is a critical component for businesses looking to secure their perimeter. In this session we look at how to:

  • Measure: Understanding the threat horizon, in particular corporate espionage and the threat of technical surveillance
  • Analyse: Carrying out cyber security assessments
  • Respond: Business continuity planning, incident analysis and mitigation.
  • Collaborate and work in partnership with other organisations on cyber security intelligence and strategies.
The Spectrum of Mobile Risk – the threat in your employee’s pocket

Mike Murray, VP Security Intelligence, Lookout

What are the full spectrum of mobile risks
Mobile security best practices
The in’s and out’s of threat intelligence
How everyday employee behaviors can jeopardize your data, systems, and compliance policies

Case Studies of Social Engineering within the University of Cambridge

Kieren Lovell, ‎Head of Computer Emergency Response, University of Cambridge

Exploring how a leading university is responding to the challenges around social engineering.

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area

Session Three – Managing and Implementing a Secure ICT Infrastructure

Sharing best practice on how to analyse vulnerabilities in your ICT infrastructure and eliminate them

Liar, Liar, Pants On Fire: The Cyber Skills Gap

Christian Toon, Chief Information Security Officer, Pinsent Masons LLP

A perspective that the gap in cyber security skills is nothing more than a media storm in a tea cup. There is currently a rift between attitudes and job requirements and the realities of a modern security or protection programme. Post-nominals and memberships only get you past the recruitment teams. How can you build a security capability and team that works for you? By breaking the mould and defying expectations of what you’re after. This presentation will explore how organisations can overcome the challenges of recruiting for security roles and how professionals can move through the industry successfully.

Deriving Value from your IAM Project

We explore the business value of IAM, devoting focus to processes, technologies and policies designed to manage digital identities. The session covers:

  • Trends and drivers for next generation IAM
  • IAM standards across web and mobile
  • Approaches for managing federated SSO
  • Risks and rewards of Privileged Access Management
  • User accounts – why maintaining a clear overview is important
  • The “insider threat” – how real is it?
  • Vulnerability assessment methods, and mitigation strategies
Network Security: Creating a Unified, Secure Architecture

The network is the more complex than ever before and security concerns about networks have grown exponentially as a consequence. This presentation explores:

  • Advanced and integrated intrusion prevention techniques
  • Risks associated with NFV and SDN
  • Creating a unified security architecture
  • Next generation firewalls, anti-malware, web filtering
  • Real-time threat intelligence monitoring and incidence response
GDPR: Leave Your Ego at the Door

Mark Evans, Head of IT, Rider Levett Bucknall (UK)

This presentation will discuss how it is only by representatives from IT, Legal, Compliance, HR, Ops and Marketing getting together that we can achieve a truly positive, business-oriented approach to GDPR and grasp some of the positive elements around it.

Dwelling on “twenty million euros or 4% of global turnover” doesn’t move things forward. This presentation will offer a light-hearted reflection on building a team and the benefits which can be gathered from using GDPR as a tool for teamwork and improving service to customers: all within the framework of becoming/being compliant.

Questions to the Panel of Speakers
Conference Chair’s Closing Remarks
Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.