Session One – Securing the Connected Enterprise
From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm
- Governance, Risk and Compliance (GRC)
- Changing perceptions: Information Security as a Business Objective
- New Challenges and Opportunities
- Disruptive Technology Trends (Cloud, Social, Big Data) and Security
- Effective Risk Management Strategies and Metrics
- Information Security as a Business Enabler
- Cyber Threat Risks – Guidance for Business Strategists and Boards
- Defining Risk Appetite and allocating Cyber Security Resources Efficiently
Chair’s Opening Address
Dan Raywood, Contributing Editor, Infosecurity Magazine
Security and Risk as a C-Suite Strategy: Information Security Leadership Development
From global payment systems and private customer data to mission-critical systems and core intellectual property – companies are pressed to step up their game against persistent cyber threats. In this opening session, we look at how C-level professionals need to elevate cyber risk mitigation and be directly involved in determining the risk appetite of their business. We also look at:
- The evolving role of the CISO: Surviving and thriving in the new information security paradigm
- Extracting business value from your security architecture
- A guide to cyber security in the boardroom
- Reflecting on the next generation CISO
Have I got my security fundamentals right?
Senior Director of Technical Account Management, Tanium
A good deal of data breaches could have been avoided or dealt with better if organisations had strong security fundamentals. It is vital to get the simple things right. How many endpoints are connected to your network? How many have the latest version of Flash installed? If you can’t answer these questions accurately with confidence and at speed, security hygiene is broken.
Demonstrable Accountability through Assurance
Sue Milton, Nominations Committee Chair and Past President, ISACA London Chapter
This session looks at the demands on organisations to explain outcomes through actions and words. The demands stem from two ongoing shocks, the financial crash and cyber threats. We, the public, have high expectations and want to know how firms are protecting us from adverse circumstances and the remedies they will use when things go wrong.
This requires a higher level of accountability, hence the need to demonstrate what decisions, actions and reactions were and will be taken to unintended outcomes. These changes in client, customer and consumer attitudes, bolstered by social media, place considerable pressure on organisations commensurate to what Regulators expect. Both require organisations to prove, as well as state, the reasons for the delivery and quality of business relationships, products, services and outcomes.
Welcome to the world of demonstrable accountability through assurance. This session will show that we need at least three lines of assurance. Together, we will provide a framework covering their purpose and what Boards, C-Suite and their equivalents in non-corporate organisations need to do to achieve demonstrable accountability.
Reaping the Benefits of Risk Analytics
“The amount of information that needs to be secured is growing faster than our ability to secure it” according to IDC. The adverse impact of a data breach are a clear and present threat to reputation and revenue in today’s business environment. This threat is all the more magnified in an age of big data – where the volume, variety and velocity of data is continually evolving, and where the appetite to capitalise on data to harness better business insights is growing.
Risks are ever-present for data stored in the cloud, on consumer devices as well as data locked in interconnected supply chains. Now more than ever, there is a pressing need to keep valuable information secure and protected. Preparedness strategies are a crucial factor for businesses.
This session looks at how to magnify the rewards of big data by applying risk analytics to security controls and measures in order to mitigate the risks.
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Synack: Trusted Hackers Who Want To Be Your Allies, Not Your Adversaries
Co-Founder & CEO Synack
To beat a hacker, you have to think like a hacker, but to protect an enterprise against constant, complex threats, you can’t just think like one, you have to ignite hundreds of the world’s best ethical hackers into rapid action. Synack is pioneering a trusted hacker-powered approach to protecting an organization’s digital surface, arming security teams with hundreds of the world’s best hackers who want to be your allies, not your adversaries.
In this session, explore how organizations can utilize a crowdsourced team of trusted ethical hackers to:
- Proactively detect and report holes in an organization’s most sensitive systems, before a criminal hacker gets there first
- Understand how areas of weakness and subsequent exploitation relates to overall business risk, and how vulnerabilities can be prioritized for remediation accordingly
- Gain a true understanding of how an adversary views your networks and digital applications
Navigating Global Legal and Regulatory Risks Post-Brexit – What comes next?
Samuel Korpi, Information Security Specialist at Neste
- Rising to the compliance challenge, simplifying management of multiple compliance initiatives, managing costs
- Carving out a roadmap for intelligent information governance
- Anonymisation of data and privacy
- Data protection reforms and safeguards
- Exploration of global IT regulations keeping view of UK data protection laws
Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
To view seminars click here
Networking Lunch Served in the Exhibition Area
Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice
Sharing lessons learned, new innovations and stratagems for operational risk management
Chair’s Afternoon Address
Findel Case Study
Tarun Samtani, Group Cyber Security Advisor, Findel plc
How to Prevent a Breach Before It Happens
We consider such things as:
- Measuring organisational risk appetite and adopting an information-centric approach to measuring and managing risk
- Best practice in securing endpoint computing devices
- Establishing an acceptable usage policy
- Trust-based policy controls and technical controls
- A consideration of legal rights and user privacy
- Creating user-awareness about responsibilities and standards
- Remote lock/wipe facilities, data recovery methods
IoT 101: Thinking Like A Criminal
Nick Ioannou, Head of IT, Ratcliffe Groves Partnership
This presentation explores how by understanding how criminals make money we can take steps to reduce our IoT risks, new opportunities IoT gives criminals, and practical IoT security steps to take to prevent breaches.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Session Three – Managing and Implementing a Secure ICT Infrastructure
Sharing best practice on how to analyse vulnerabilities in your ICT infrastructure and eliminate them
Responding to the Challenges of Change – The HMIC Improvement Programme
Joan Ogbebor, Improvement Programme Manager, Her Majesty’s Inspectorate of Constabulary
This presentation will share her insight from her HMIC and Whitehall experience of designing leadership and innovative strategies to effectively, efficiently and legitimately respond to the ongoing challenges of change in an increasingly volatile and global landscape.
Principles on identification for sustainable Development: towards the Digital Age
Dr. Louise Bennett, Chair of the Security Community of Expertise, British Computing Society
The World Bank Group and Centre for Global Development have recently published ten Principles on Identification on behalf of a large number of UN organisations and other International bodies. These principles cover inclusion, design and governance. Louise will focus on the governance principles that cover building trust by protecting privacy and user rights. She hopes to convince delegates that these are global principles that all organisations should sign up to. Identification systems must be built on a legal and operational foundation of trust and accountability between government agencies, international organisations, private sector actors and individuals. People must be assured of the privacy and protection of their data, the ability to exercise control and oversight over its use, and processes for independent oversight and the redress of grievances. Only then will every individual and organisation both feel and be safe online.
Information Serenity in Financial Services
Keith Ellis, Information Security Consultant
Now that cyber threats are well documented and senior management are aware of the risks all Financial Service corporations face, there is surely nothing to worry about now is there? Everyone is now on the same page, investing in robust security solutions and operating a companywide education programme that nothing could possibly go wrong now can it? But, as this presentation will explain, this isn’t the case for a lot of organisations and even for those that have invested, it isn’t all green pastures and blue skies.
Questions to the Panel of Speakers
Conference Chair’s Closing Remarks
Conference Closes, Delegates Depart
Whitehall Media reserve the right to change the programme without prior notice.