ESRM DUBAI

Enterprise Security & Risk Management

11 October 2017

Conrad Dubai (United Arab Emirates)

SOCIAL


LATEST BLOGS


UAE Population Pose High Risk to the Safety of Their Data

18th September 2017

Research by Kaspersky Lab has found that the UAE is failing to protect their data properly. Even though the ever growing population recognises the danger […]


Public WiFi Security Tips and Tools

10th August 2017

As the number of consumers with mobile devices continues to rise, so too does the demand for reliable internet access. Out of necessity, many businesses […]


LATEST TWEETS

PROGRAMME

SESSION One: The Future of Enterprise Security and Risk Management

From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm

  • Governance, Risk and Compliance (GRC)
  • Changing perceptions: Information Security as a Business Objective
  • Disruptive Technologies – Exploring Opportunities and Risks associated with Mobile, Big Data, IoT, Machine Learning, AI, Cloud Computing
  • Effective Risk Management Strategies and Metrics
  • Information Security as a business enabler – Devising Policies and Response Mechanisms
  • Cyber Threat Risks – Guidance for Business Strategists and Boards
  • Defining Risk Appetite and allocating Cyber Security Resources Efficiently
08.30
Arrival and coffee break
09.30
Conference Chair’s Opening Address

James Dartnell, Editor, CNME

09.45
Defending Against Cyber Risk

Mohamed Roushdy, Chief Information Officer, Financial Services GCC

Cyber adversaries in the UAE regions are becoming sophisticated and stealthy, resulting in targeted attacks that often circumvent traditional security controls. New IT initiatives expand the attack surface and make cybersecurity more complex. And as a consequence many large organisations are losing ground as they attempt to address IT risk with an army of outdated tools and disparate manual processes. We explore how financial services are building resilience.

10.05
Assessing a Practical Risk-Based Approach for Cloud Security

Aladdin Dandis, Information Security Manager, Souq.com

Cloud deployments have a unique risk assessment style, in terms of connectivity, data storage and exchange, encryption, access and others. With a focus on AWS as the most common Cloud Service Provider, this session focuses on practical security checks and their corresponding impact on operations or business if not cared about or taken in to consideration.

10.25
The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defense

Elizabeth De Freitas, Regional Manager, Darktrace

From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network – before they turn into a full-blown crisis.

Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.

Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense, is relied upon by organizations around the world, and can cover up to millions of devices. 

In this session learn:
• How new machine learning and mathematics are automating advanced cyber defense
• Why 100% network visibility allows you to detect threats as they happen, or before they happen
• How smart prioritization and visualization of threats allows for better resource allocation and lower risk
• Real-world examples of unknown threats detected by ‘immune system’ technology

 

10.40
Smart Cities & Cyber Security

Marios Panagiotis Efthymiopoulos, Program Director in the Masters in International Security & Strategy, and Assistant Professor at the American University in the Emirates

11:00
Questions to the Panel of Speakers
11:10
Refreshment Break
11.40
The Cyber Threat Landscape

Paul John, Senior Security Architect, Secureworks

Paul will present the latest intelligence from the Secureworks Counter Threat Unit on the cyber threat landscape. The SecureWorks CTU has unparalleled visibility into the latest threats and trends and Paul will share information on the latest targeted and commodity threats, as well as discuss some of our common recommendations to our customers on how best to protect themselves.
What attendees will learn:
• A view on the most recent emerging threats, trends and observations of the current landscape in Saudi Arabia and the Middle East
• What could make your organisation a target
• Examples of real world intrusions and lessons learnt

 

12.00
IOT Risks

George Eapen, Chief Information Security Officer, General Electric MENAT

Disruptive technologies like the IoT, mobile, cloud, big data and blockchain are expanding the cyber-attack surface. The Dyn attack in 2016 showed how exploiting connected devices can have a colossal impact on the internet. As our personal, professional and social lives become more interconnected – and dependent on cyberspace – we ask what emerging risks lie ahead of us and how we can prepare for them.

12:20
SAP Enterprise Security & Risk Management

Andreas Fritz, Director Business Development , Virtual Forge GmbH

Ensuring security and compliance for an ERP system is a difficult and comprehensive undertaking. Understand how an SAP Security Operation Center can be optimized for SAP ERP and HANA systems,
in order to ensure as complete as possible measures for the prevention and defense of internal threats and cyber attacks.

The session will cover:
– SAP Security and Compliance Risks – An Overview
– Where threats emerge in SAP
– Securing company´s crown jewels
– SAP Security Roadmap

 

12:35
Diligent Case Study
12:55
Questions to the panel of speakers
13:00
Networking Lunch Served in the Exhibition Area

SESSION Two: Building Resilience, Mitigating Risks, Sharing Best Practice

Sharing lessons learned, new innovations and stratagems for operational risk management

14.00
Conference Chair’s Afternoon Address
14.05
Evolving Technologies and IoT: Is security a nightmare or the next great hope?

Ebrahim Al Alkeem, Head of information Security Governance, Emirates Nuclear Energy Corporation

As organisations embrace cloud, mobile and new emerging technologies along with apps and IT consumer trends designed to unlock greater productivity, the digital enterprise is proving to be more diverse and connected than ever before.

How can businesses improve resilience against targeted and persistent cyberattacks? What can business executives so to get better returns on cyber security investment? How can security help to move business in new directions?

14.25
ICT Asset Disposition - Minimizing Risk & Maximizing Value

Stephen Phelan, Managing Director for The Middle East, North Africa and Turkey, Sims Recycling Solutions

This session will discuss:

• Options to dispose of used corporate ICT assets
• Data Security Compliance
• Environmental Compliance
• Transparency & Reporting
• Compliance & Obtaining Cash for your Assets

14.40
A Risk Based Approach to Cyber Security

Irene Corpuz, Head of Information Security, Abu Dhabi Government Entity

During the Black Hat 2017 conference, a survey conducted by CIO from IDG to about 250 Black, Gray & White hat hackers revealed the following findings 1) 85% named humans as most responsible for data breaches, 2) only 10% blamed it on unpatched software, 3) 59% think threat intelligence solutions as least effective security protection measure, 4) 38% thought multi factor authentication was hardest to bypass, 5) Perimeter security technologies largely irrelevant, 7) Gaining access to privileged accounts and email passwords by exploiting humans was the key for most hackers! So why all the heavy expenses and investment on technology solutions if the hackers find an easy way to steal your crown jewels!
With the cost associated with the next generation security solutions & devices, Information Security standards put Governance & Risk Management on top of any technical controls.  This holds true to ISO 27001, Abu Dhabi’s ADSIC Information Security Standards and NESA’s Information Assurance Standards.  In fact, for the NESA IAS, all mandatory controls are in the management control family. 
With risk-based approaches to cyber security, CISOs are in a better position to justify investment in your information security program, whether it is more focused on humans or technology. 

 

15:00
Building Resilience and Incident Response

UAE Exchange (invited)

Maintaining a discipline of strong cybersecurity has become increasingly difficult at enterprise organisations for a number of reasons. This session explores how you can better manage incidents and respond to breaches.

15.20
Questions to the panel of speakers
15.45
Chair's Closing Remarks
15.50
Afternoon Networking and Refreshments served in the Exhibition Area
16.30
Conference Closes, Delegates Depart