Enterprise Security & Risk Management

25 April 2017

Victoria Park Plaza



‘Vault 7’ material defines the largest intelligence leak in CIA history

15th March 2017

WikiLeaks enlightened the World on Monday 6th March 2017 with its publication of a substantial collection of confidential CIA documents which detail many of the […]

Detecting Cyber Crime With Artificial Intelligence

30th January 2017

Author: Cyberseer.Net Security professionals face a difficult task in keeping enterprise networks safe. Cyber-attacks continue to grow as criminals find new ways to infiltrate and […]



Session One – Securing the Connected Enterprise

From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm

  • Governance, Risk and Compliance (GRC)
  • Changing perceptions: Information Security as a Business Objective
  • New Challenges and Opportunities
  • Disruptive Technology Trends (Cloud, Social, Big Data) and Security
  • Effective Risk Management Strategies and Metrics
  • Information Security as a Business Enabler
  • Cyber Threat Risks – Guidance for Business Strategists and Boards
  • Defining Risk Appetite and allocating Cyber Security Resources Efficiently
Chair’s Opening Address

Dan Raywood, ‎Contributing Editor, Infosecurity Magazine

Harnessing Culture

Chris Rivinus, Head of Business Systems, Tullow Oil

This presentation explores:
– How mobile devices and mobile working are challenging the ability to establish a “corporate culture”
– The critical importance of understanding how home and community culture are impacting work behaviour and decisions
– Research linking specific digitally-related attitudes and behaviours and home and community culture influences
– Links point towards specific remediation steps to ensure maximum impact of compliance and security awareness content

Have I got my security fundamentals right?

Dylan DeAnda, Senior Director of Technical Account Management, Tanium

A good deal of data breaches could have been avoided or dealt with better if organisations had strong security fundamentals. It is vital to get the simple things right. How many endpoints are connected to your network? How many have the latest version of Flash installed? If you can’t answer these questions accurately with confidence and at speed, security hygiene is broken. 

Demonstrable Accountability through Assurance

Sue Milton, Nominations Committee Chair and Past President, ISACA London Chapter

This session looks at the demands on organisations to explain outcomes through actions and words. The demands stem from two ongoing shocks, the financial crash and cyber threats. We, the public, have high expectations and want to know how firms are protecting us from adverse circumstances and the remedies they will use when things go wrong.
This requires a higher level of accountability, hence the need to demonstrate what decisions, actions and reactions were and will be taken to unintended outcomes. These changes in client, customer and consumer attitudes, bolstered by social media, place considerable pressure on organisations commensurate to what Regulators expect. Both require organisations to prove, as well as state, the reasons for the delivery and quality of business relationships, products, services and outcomes.

Welcome to the world of demonstrable accountability through assurance. This session will show that we need at least three lines of assurance. Together, we will provide a framework covering their purpose and what Boards, C-Suite and their equivalents in non-corporate organisations need to do to achieve demonstrable accountability.

The Critical Role of DNS in DDoS Mitigation

Paul Heywood, Senior Director EMEA & APAC, Oracle + Dyn

Distributed Denial of Service (DDoS) attacks are increasing in regularity and complexity making DDoS mitigation a hot topic for security professionals across the globe.

Businesses who are serious about DDoS protection build resilience into their DNS architecture which greatly reduces the risk of service disruption should an attack happen. With a relatively small investment, adopting a dual DNS strategy hardens online infrastructure and helps protect online assets from the impact of DDoS attacks.

In this session you will learn the practices that enterprises are adopting to protect their infrastructure from DDoS attacks:

  • Why DNS is critical infrastructure and how to avoid it being a single point of failure
  • How to build resilience into the DNS architecture
  • Why an external managed DNS provider is the best DDoS defence.
Presenting Cyber Risk to the Board

Vince Warrington, Cyber Security Specialist

Studies show that cyber risk is poorly understood at Board level. Too often the information presented is technical in nature, introduces concepts the Board may not be familiar with, or is just presented in a format which is incompatible with their requirements. This session will inform you on how best to present on cyber security risk at Board level, giving you confidence that your requirements will be understood and acted upon.

The session will cover;
•How Boards currently perceive cyber risk
•How to build the ‘Cyber Story’ to convey complex security topics
•Tools that allow you to get the cyber message embedded at Board level

Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Synack: Trusted Hackers Who Want To Be Your Allies, Not Your Adversaries

Jim Hyman, Chief Revenue Officer, Synack

To beat a hacker, you have to think like a hacker, but to protect an enterprise against constant, complex threats, you can’t just think like one, you have to ignite hundreds of the world’s best ethical hackers into rapid action. Synack is pioneering a trusted hacker-powered approach to protecting an organization’s digital surface, arming security teams with hundreds of the world’s best hackers who want to be your allies, not your adversaries.
In this session, explore how organizations can utilize a crowdsourced team of trusted ethical hackers to:

  • Proactively detect and report holes in an organization’s most sensitive systems, before a criminal hacker gets there first
  • Understand how areas of weakness and subsequent exploitation relates to overall business risk, and how vulnerabilities can be prioritized for remediation accordingly
  • Gain a true understanding of how an adversary views your networks and digital applications
Risk Based Approach to Security - Challenges and Lessons Learned

Samuel Korpi, ‎Information Security Specialist, Neste

In the end, everything we do in information security comes down to risk. Usually it is a cat-and-mouse game of threat and control – either something happens in our environment or we identify a potential threat that causes us to take action. On the enterprise risk management level, security is often considered one risk area among many, even though nowadays IT is everywhere and thus information security affects all aspects of the organization.

In this session we explore what a risk based approach to security might look like, from the perspective of one company. Challenges and lessons learned will be shared from real-world experiences.

Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
Seminar Sessions

To view seminars click here

Networking Lunch Served in the Exhibition Area

Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice

Sharing lessons learned, new innovations and stratagems for operational risk management

Chair’s Afternoon Address
Turn your weakest link into your strongest link

Tarun Samtani, Group Cyber Security Advisor, Findel plc

Stop complaining about your users! They are your customers first and no longer are they the weakest link. Social engineers or human hackers have been duping victims from the very beginning of human existence. We have to live with it and help our customers (staff, stakeholders, board) be the strongest link in the cyber security portfolio. This session is more about how to build the security programme right from the strategy to the final delivery and beyond…

Proactive Defence During a Digital Transformation

Ian Greenwood, UK & Ireland Commercial Accounts Director, Thales e-Security

This session will shine a light on how organisations can take a proactive data defence strategy when it comes to digital transformation, taking a leaf out of enterprises’ book – learning from their expertise –to maximise the level of control organisations have over the data they look after, even when it is physically out
of reach.

• Learn how to take proactive defence during a digital transformation
• Exploring user cases: why a proactive data defence strategy is crucial as well as the benefits of maximising the level of control over data irrespective of where it is created, store or shared

IoT 101: Thinking Like A Criminal

Nick Ioannou, Head of IT, Ratcliffe Groves Partnership

This presentation explores how by understanding how criminals make money we can take steps to reduce our IoT risks, new opportunities IoT gives criminals, and practical IoT security steps to take to prevent breaches.

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area

Session Three – Managing and Implementing a Secure ICT Infrastructure

Sharing best practice on how to analyse vulnerabilities in your ICT infrastructure and eliminate them

Responding to the Challenges of Change – The HMIC Improvement Programme

Joan Ogbebor, Improvement Programme Manager, Her Majesty’s Inspectorate of Constabulary

This presentation will share her insight from her HMIC and Whitehall experience of designing leadership and innovative strategies to effectively, efficiently and legitimately respond to the ongoing challenges of change in an increasingly volatile and global landscape.

Principles on identification for sustainable Development: towards the Digital Age

Dr. Louise Bennett, Chair of the Security Community of Expertise, British Computing Society

The World Bank Group and Centre for Global Development have recently published ten Principles on Identification on behalf of a large number of UN organisations and other International bodies. These principles cover inclusion, design and governance. Louise will focus on the governance principles that cover building trust by protecting privacy and user rights. She hopes to convince delegates that these are global principles that all organisations should sign up to. Identification systems must be built on a legal and operational foundation of trust and accountability between government agencies, international organisations, private sector actors and individuals. People must be assured of the privacy and protection of their data, the ability to exercise control and oversight over its use, and processes for independent oversight and the redress of grievances. Only then will every individual and organisation both feel and be safe online.

Information Serenity in Financial Services

Keith Ellis, Information Security Consultant

Now that cyber threats are well documented and senior management are aware of the risks all Financial Service corporations face, there is surely nothing to worry about now is there? Everyone is now on the same page, investing in robust security solutions and operating a companywide education programme that nothing could possibly go wrong now can it? But, as this presentation will explain, this isn’t the case for a lot of organisations and even for those that have invested, it isn’t all green pastures and blue skies.

Questions to the Panel of Speakers
Conference Chair’s Closing Remarks
Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.