Enterprise Security & Risk Management

28 November 2017

Victoria Park Plaza



Must read for enterprises sending employees abroad: The SonicSpy malware family

14th August 2017

Lookout recently released information about a new spyware family called SonicSpy. Lookout Security Intelligence researchers discovered the spyware in Google Play and connected it to […]

Public WiFi Security Tips and Tools

9th August 2017

As the number of consumers with mobile devices continues to rise, so too does the demand for reliable internet access. Out of necessity, many businesses […]



Session One – Securing the Connected Enterprise

From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm

  • Governance, Risk and Compliance (GRC)
  • Changing perceptions: Information Security as a Business Objective
  • New Challenges and Opportunities
  • Disruptive Technology Trends (Cloud, Social, Big Data) and Security
  • Effective Risk Management Strategies and Metrics
  • Information Security as a Business Enabler
  • Cyber Threat Risks – Guidance for Business Strategists and Boards
  • Defining Risk Appetite and allocating Cyber Security Resources Efficiently
Chair’s Opening Address
Security and Risk as a C-Suite Strategy: Information Security Leadership Development

From global payment systems and private customer data to mission-critical systems and core intellectual property – companies are pressed to step up their game against persistent cyber threats. In this opening session, we look at how C-level professionals need to elevate cyber risk mitigation and be directly involved in determining the risk appetite of their business. We also look at:

  • The evolving role of the CISO: Surviving and thriving in the new information security paradigm
  • Extracting business value from your security architecture
  • A guide to cyber security in the boardroom
  • Reflecting on the next generation CISO
The Future Impact of AI in Cybercrime

Dave Palmer, Director of Technology, Darktrace

The risks from the digital era have changed; intellectual property and financial theft have been a frustration, but we should now expect attacks on enterprise physical assets as well as the deliberate undermining of data-driven strategic decisions aimed to cause damage in the long term. AI and machine learning developments offer new opportunities for resilience across the whole digital business but will how will these same developments be used by digital criminals?

Developing a Comprehensive Operational Risk Management Plan

What does a proactive road map to evaluating your current risk look like?

This presentation covers:

  • What a sophisticated attack looks like
  • Proactive risk management – from detection and risk classification to impact analysis and mitigation
  • Building your risk plan – remediation of risk, developing actionable plans, real time analysis, pattern recognition, user behaviour, continuous visibility and monitoring
  • Penetration testing – putting your defences to the test to uncover any security issues
  • Identifying security best practices
  • Reducing the risk of human risk factors
Reaping the Benefits of Risk Analytics

“The amount of information that needs to be secured is growing faster than our ability to secure it” according to IDC. The adverse impact of a data breach are a clear and present threat to reputation and revenue in today’s business environment. This threat is all the more magnified in an age of big data – where the volume, variety and velocity of data is continually evolving, and where the appetite to capitalise on data to harness better business insights is growing.

Risks are ever-present for data stored in the cloud, on consumer devices as well as data locked in interconnected supply chains. Now more than ever, there is a pressing need to keep valuable information secure and protected. Preparedness strategies are a crucial factor for businesses.

This session looks at how to magnify the rewards of big data by applying risk analytics to security controls and measures in order to mitigate the risks.


In the last few years, both IT and Regulatory environments have been getting increasingly sophisticated which is requiring firms of all sizes, to find simpler and more sustainable solutions to keep their risks under control. To this end, the ISO organisation has introduced the ISO27001 standard to help identify, manage and reduce business and information Security risks. During this sitting, we will cover some of the key points related to the ISMS implementation, based on practical experience.

Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Transitioning to GDPR

How can organisations ready themselves for the heightened scrutiny and consequences attached with the new EU General Data Protection Regulation set to come into force in May 2018. We look at how you can:

  • Drive commercial performance through enhanced data accuracy and hygiene
  • Develop better insights into customer needs to improve satisfaction and ROI
  • Reduce your IT infrastructure footprint while plugging gaps between GDPR requirements and your technology capabilities
  • Simplify your IT estate, giving you better value for money
Risk Based Approach to Security - Challenges and Lessons Learned
  • Rising to the compliance challenge, simplifying management of multiple compliance initiatives, managing costs
  • Carving out a roadmap for intelligent information governance
  • Anonymisation of data and privacy
  • Data protection reforms and safeguards
  • Exploration of global IT regulations keeping view of UK data protection laws
Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice

Sharing lessons learned, new innovations and stratagems for operational risk management

Chair’s Afternoon Address
Achieving Cyber Resilience

With increasing numbers of transactions, interactions and data now online, bolstering cyber resilience is a critical component for businesses looking to secure their perimeter. In this session we look at how to:

  • Measure: Understanding the threat horizon, in particular corporate espionage and the threat of technical surveillance
  • Analyse: Carrying out cyber security assessments
  • Respond: Business continuity planning, incident analysis and mitigation.
  • Collaborate and work in partnership with other organisations on cyber security intelligence and strategies.
How to Prevent a Breach Before It Happens

We consider such things as:

  • Measuring organisational risk appetite and adopting an information-centric approach to measuring and managing risk
  • Best practice in securing endpoint computing devices
  • Establishing an acceptable usage policy
  • Trust-based policy controls and technical controls
  • A consideration of legal rights and user privacy
  • Creating user-awareness about responsibilities and standards
  • Remote lock/wipe facilities, data recovery methods
Is Cloud a Secure Place for your Data?

Managing the risks associated with housing your private and confidential company data offsite is a critical business issue. The adoption of Cloud creates risks that must be understood and properly managed. With data centres scattered across the globe, there are additional concerns about privacy regulations, different jurisdictions and compliance issues.

This presentation will demystify the complexity surrounding data integrity, ownership and privacy in the Cloud. The session will give guidance on how organisations can develop robust safeguards and good practice in managing their data.

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area

Session Three – Managing and Implementing a Secure ICT Infrastructure

Sharing best practice on how to analyse vulnerabilities in your ICT infrastructure and eliminate them

Case Study: Security Policies in Action

How can business balance the security imperative with user needs and experiences? This session evaluates the impact of user experience on resilience and how businesses can institute policies and apply controls to servers, networks, applications and endpoints.

Deriving Value from your IAM Project

We explore the business value of IAM, devoting focus to processes, technologies and policies designed to manage digital identities. The session covers:

  • Trends and drivers for next generation IAM
  • IAM standards across web and mobile
  • Approaches for managing federated SSO
  • Risks and rewards of Privileged Access Management
  • User accounts – why maintaining a clear overview is important
  • The “insider threat” – how real is it?
  • Vulnerability assessment methods, and mitigation strategies
Network Security: Creating a Unified, Secure Architecture

The network is the more complex than ever before and security concerns about networks have grown exponentially as a consequence. This presentation explores:

  • Advanced and integrated intrusion prevention techniques
  • Risks associated with NFV and SDN
  • Creating a unified security architecture
  • Next generation firewalls, anti-malware, web filtering
  • Real-time threat intelligence monitoring and incidence response
The Security Practitioner's Dilemma: Creating a Risk-Aware Organisational Culture

Organisational culture is a key component in the success of any risk management initiative. Among the many facets of their roles, security practitioners are required to use psychology to create intuitive cyber security. In this session we impart advice on how you should:

  • Do your due diligence – designing and reviewing a risk strategy
  • Continuously monitor – standards, responsibilities
  • Extend training – identifying good awareness strategies for better uptake
  • Restrict access – managing privileges and reducing the impact of the human factor
Questions to the Panel of Speakers
Conference Chair’s Closing Remarks
Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.