Session One – Detecting and Responding to Risk
From the IT department to the boardroom, our morning session looks at how enterprises can map and prioritise information security. We explore:
- Governance, Risk and Compliance (GRC)
- Changing perceptions: Information Security as a Business Objective
- New Challenges and Opportunities to Mitigate Risk
- Disruptive Technology Trends (Cloud, Social, Big Data, IoT, AI, Blockchain) and Security
- Effective Risk Management Strategies and Metrics
- Information Security as a Business Enabler
- Cyber Threat Risks – Guidance for Business Strategists and Boards
- Defining Risk Appetite and allocating Cyber Security Resources Efficiently
Conference Chair’s Opening Address
Dawn of the Anti-CISO
Simon Legg, Group CISO, Jardine Lloyd Thompson plc
Over the last few years debate and discussion has continued to consider the role of the Chief Information Security Officer, what skills they need, what qualifications they hold, what experience that have and who they should report to. Using the example of the exoneration of the incumbent CISO at the time of last year’s major data breach at Equifax, this presentation covers the “know who you are and know what you need to be” dimensions of the CISO position in the digital age.
Security in an Age of Disruption
With the continued move to the cloud and the introductions of many disruptive technologies like the Internet of Things, Blockchain and Artificial Intelligence to our enterprise environments, the way we think needs to change. In this morning keynote we look at how the rules of the game are changing, and how organisations can unlock the full potential of new technologies with minimal risk.
- Top disruptive technologies – how they can fortify and weaken defences
- Why an adaptive security architecture is effective
- Anticipating unexpected risk to networks and data security
- Augmenting teams with the latest state-of-the-art technologies to respond effectively
- Convergence of physical security with digital security
- Managing devices “in the wild” and reducing the attack surface
- Designing for security and embedding a security-first approach across teams
A New Era of Cyber Threats: The Shift to Self Learning, Self Defending Networks
Steffan Jones, Senior Cyber Security Manager, Darktrace
- Leveraging machine learning and AI algorithms to defend against advanced, never-seen-before, cyber-threats
- How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time
- How to achieve 100% visibility of your entire business including cloud, network and IoT environments
- Why automation and autonomous response is enabling security teams to neutralize in-progress attacks, prioritise resources, and tangibly lower risk
- Real-world examples of subtle, unknown threats that routinely bypass traditional controls
Building a Leading Cyber Security Culture
Andrew Rice, Information Security Strategist, Interpublic Group
Cyber Security has predominantly been seen as an “IT issue” and technology led, often leading to investment in IT rather than people, yet we have seen a significant shift by attackers to hacking the human. In specific industries such as government, defence and financial institutions, Cyber Security is indoctrinated into the organisation even before an employee comes onboard and extends to when they leave. For those outside, less so. With 91% of Cyber attacks starting with a click, now more than ever it is important to ensure a pervasive Cyber Security culture for all organisations. Done right, this can be the most cost effective investment in your defences you can make.
Software Intelligence to Build Security In
Richard Symmonds, Technical Director, CAST Software, UK
The latest in secure software development is to shift security as far left as possible. While many are focused on DevSecOps as the primary “shift left” method, you will see that it’s possible to shift security much further left by using Software Intelligence to design security in and to control software architecture during development. Also, the use of metrics and contextual software analysis can greatly improve the security posture of complex software.
Questions To The Panel Of Speakers
Refreshment Break Served in the Exhibition Area
Metrics – Speaking the language of the board
Phil Cracknell, Group Cyber Security Advisor, HomeServe
A dive into a rapidly spreading domain when consistency is brought to the reporting of an ever-increasingly critical part of your business – Information Security.
Forget how many viruses you detected this month or how many firewall breaches were repelled, these are often not facts you can act upon. Instead, how about a figure showing how exposed your business is, how long it is likely to be exposed, and what that figure should be for your sector?
A Revolutionary Approach to Security Regulation and Compliance
Air Commodore Peter Drissell MA, BSc, FCGI, FIoD, Director Aviation Security and Transformation Director, Civil Aviation Authority
Following the route pioneered by our Aviation Safety Colleagues, CAA Aviation Security is moving towards a regulatory framework based on performance based regulation oversight, to replace its current prescriptive direct inspection regime.
An essential precursor to achieving this is the successful introduction of a Security Management System (SeMS) to offer industry an effective quality assurance process to manage risk. This presentation will set out our journey implementing this framework
Questions to the Panel of Speakers and Delegate move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice
Sharing lessons learned, new innovations and stratagems for operational risk management
Conference Chair’s Afternoon Address
IoT security and the status of things
John Moor, Managing Director, IoT Security Foundation
The digital transformation is firmly underway and we are now in the era of IoT. The scale and scope of IoT is vast and this is challenging conventional thinking on how we manage security in hyper-connected systems. In this talk, John Moor will provide a high level overview of the IoT security challenges, where solutions are likely to be found and highlight some of the work the IoT Security Foundation is engaged in to address contemporary and emerging threats.
You’ve Been Hacked! Mobilising Your Response
It can often takes weeks, sometimes months, to discover a breach. The ability to respond effectively rests on the robustness of processes you have in place once you detect an active threat. Incident response capabilities require that businesses have robust policies and procedures that minimise threat exposure and damage.
- How to run simulations of breaches, to put your defences to the test and uncover any issues
- Calculating the impact of a breach for your enterprise
- Cyber insurance – is it worth the investment?
- Managing your post-breach handling and communications strategy
- Creating user awareness about responsibilities and standards
- Remote lock/wipe facilities, data loss prevention and recovery methods
- Adopting an information-centric approach to measure and manage risk
- Embedding cyber incident response procedures with business continuity and disaster recovery plans
Cybersecurity on Industrial Control and Safety Systems (ICSS)
Heinz Janiec, Senior Project Manager, Oil and Gas Industry
This presentation provides a deep dive into the cyber security of Industrial Control and Safety Systems, focusing on the threats and challenges of keeping these systems safe and the best ways to protect them from insider threats and external actors.
It’s Time to Treat Software Engineers as Security Evangelists
Darren Hickling, Senior Software Developer, Bud Systems, formerly Senior Developer, Vitality UK
Security and software engineering are often treated as two different disciplines. However, modern developers have an incredible number of responsibilities – often including securing their products – to tight deadlines and budgets. As you will see, there is an incredible opportunity for security products that are fast to adopt, scale with demand, suit DevOps pipelines, and evangelise developers to promote them in the future.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Integrating Cyber Risk Assessment into your Organisation's Overall Risk Strategy
Nicola Lishak, Information Security Risk Lead, Royal Mail Group
How can your enterprise raise its game by implementing an effective value-adding risk assessment and governance framework? We look at:
- Defining and measuring risk – why it matters and how it can be integrated into organisational risk strategies
- Standards of good practice for information security
Benchmarking and information risk assessment methods
- How to develop tools to manage and monitor critical data over large systems ensuring it is accounted for and protected
- Patching and updating blind spots
- Managing the known unknowns and anticipating unknown unknowns
GDPR - A Game Changer
Junaid Farooqui, Local Information Security Officer (Interim), Volkswagen Financial Services (UK)
Is personal data security a new concept? It’s not, and GDPR is not presenting any new or alien concept, some of the data subject rights given are the same as DPA 1998. However, GDPR has a lot more bite due to the heavy fines and potentially huge reputational damage it can inflict. GDPR is therefore a good opportunity to improve the information security posture across your organisation and change the culture of how the personal data of customers, staff and other data subjects are handled. In this presentation I will attempt to highlight some of the IT Security areas which might need risk assessment with a GDPR lens to deploy new controls or alter existing ones.
Closing Keynote Address: Trust in the Digital World
Omid Raghimi, Senior Cyber Security Engineer – Incident Response (DFIR), Lloyds Banking Group
The controls we use to make us feel safe online are being tested, exploited and breached on a daily basis. As we become reliant on technologies that penetrate deeper into our lives, we ask what trust means in the digital era.
We take a look at the ‘zero trust’ approach, what it looks like, and whether it is feasible with particular reference for assurance, trust frameworks and standards across industry sectors.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.