SESSION One: The Future of Enterprise Security and Risk Management
From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm
- Governance, Risk and Compliance (GRC)
- Changing perceptions: Information Security as a Business Objective
- Disruptive Technologies – Exploring Opportunities and Risks associated with Mobile, Big Data, IoT, Machine Learning, AI, Cloud Computing
- Effective Risk Management Strategies and Metrics
- Information Security as a business enabler – Devising Policies and Response Mechanisms
- Cyber Threat Risks – Guidance for Business Strategists and Boards
- Defining Risk Appetite and allocating Cyber Security Resources Efficiently
Arrival and coffee break
Conference Chair’s Opening Address
James Dartnell, Editor, CNME
Defending Against Cyber Risk
Mohamed Roushdy, Chief Information Officer, Financial Services GCC
Cyber adversaries in the UAE regions are becoming sophisticated and stealthy, resulting in targeted attacks that often circumvent traditional security controls. New IT initiatives expand the attack surface and make cybersecurity more complex. And as a consequence many large organisations are losing ground as they attempt to address IT risk with an army of outdated tools and disparate manual processes. We explore how financial services are building resilience.
Assessing a Practical Risk-Based Approach for Cloud Security
Aladdin Dandis, Information Security Manager, Souq.com
Cloud deployments have a unique risk assessment style, in terms of connectivity, data storage and exchange, encryption, access and others. With a focus on AWS as the most common Cloud Service Provider, this session focuses on practical security checks and their corresponding impact on operations or business if not cared about or taken in to consideration.
The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defense
Elizabeth De Freitas, Regional Manager, Darktrace
From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network – before they turn into a full-blown crisis.
Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.
Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense, is relied upon by organizations around the world, and can cover up to millions of devices.
In this session learn:
• How new machine learning and mathematics are automating advanced cyber defense
• Why 100% network visibility allows you to detect threats as they happen, or before they happen
• How smart prioritization and visualization of threats allows for better resource allocation and lower risk
• Real-world examples of unknown threats detected by ‘immune system’ technology
Smart Cities & Cyber Security
Marios Panagiotis Efthymiopoulos, Program Director in the Masters in International Security & Strategy, and Assistant Professor at the American University in the Emirates
Questions to the Panel of Speakers
The Cyber Threat Landscape
Paul John, Senior Security Architect, SecureWorks
Paul will present the latest intelligence from the SecureWorks Counter Threat Unit on the cyber threat landscape. The SecureWorks CTU has unparalleled visibility into the latest threats and trends and Paul will share information on the latest targeted and commodity threats, as well as discuss some of our common recommendations to our customers on how best to protect themselves.
What attendees will learn:
• A view on the most recent emerging threats, trends and observations of the current landscape in Saudi Arabia and the Middle East
• What could make your organisation a target
• Examples of real world intrusions and lessons learnt
George Eapen, Chief Information Security Officer, General Electric MENAT
Disruptive technologies like the IoT, mobile, cloud, big data and blockchain are expanding the cyber-attack surface. The Dyn attack in 2016 showed how exploiting connected devices can have a colossal impact on the internet. As our personal, professional and social lives become more interconnected – and dependent on cyberspace – we ask what emerging risks lie ahead of us and how we can prepare for them.
SAP Enterprise Security & Risk Management
Andreas Fritz, Director Business Development , Virtual Forge GmbH
Ensuring security and compliance for an ERP system is a difficult and comprehensive undertaking. Understand how an SAP Security Operation Center can be optimized for SAP ERP and HANA systems,
in order to ensure as complete as possible measures for the prevention and defense of internal threats and cyber attacks.
The session will cover:
– SAP Security and Compliance Risks – An Overview
– Where threats emerge in SAP
– Securing company´s crown jewels
– SAP Security Roadmap
Networking Lunch Served in the Exhibition Area
SESSION Two: Building Resilience, Mitigating Risks, Sharing Best Practice
Sharing lessons learned, new innovations and stratagems for operational risk management
Conference Chair’s Afternoon Address
Afternoon Keynote Session: Safeguarding the Digital Enterprise
Ebrahim Al Alkeem, Head of information Security Governance, Emirates Nuclear Energy Corporation
As organisations embrace cloud, mobile and new emerging technologies along with apps and IT consumer trends designed to unlock greater productivity, the digital enterprise is proving to be more diverse and connected than ever before.
How can businesses improve resilience against targeted and persistent cyberattacks? What can business executives so to get better returns on cyber security investment? How can security help to move business in new directions?
Why Data Protection, Security and Privacy Matter to Business
Noor Bank (invited)
Organisations are acquiring, using and storing vast amounts of personally identifiable information – from information on employees through to customers, residents and patients. Precautions have to be taken to prevent loss, unauthorised access, leak or theft of this data. We cover what data is at risk and what you can do to protect it.
Intelligent Security in Action
Dubai Customs (invited)
Intelligent systems are becoming the must-have took to effectively respond to security challenges in real-time. We look at machine learning and advanced data analytics, and their role in modern threat detection.
A risk-based approach to Cyber Security
Irene Corpuz, Head of Information Security, Abu Dhabi Government Entity
During the Black Hat 2017 conference, a survey conducted by CIO from IDG to about 250 Black, Gray & White hat hackers revealed the following findings 1) 85% named humans as most responsible for data breaches, 2) only 10% blamed it on unpatched software, 3) 59% think threat intelligence solutions as least effective security protection measure, 4) 38% thought multi factor authentication was hardest to bypass, 5) Perimeter security technologies largely irrelevant, 7) Gaining access to privileged accounts and email passwords by exploiting humans was the key for most hackers. So why all the heavy expenses and investment on technology solutions if the hackers find an easy way to steal your crown jewels?
With the cost associated with the next generation security solutions & devices, Information Security standards put Governance & Risk Management on top of any technical controls. This holds true to ISO 27001, Abu Dhabi’s ADSIC Information Security Standards and NESA’s Information Assurance Standards. In fact, for the NESA IAS, all mandatory controls are in the management control family.
With risk-based approaches to cyber security, CISOs are in a better position to justify investment in your information security program, whether it is more focused on humans or technology.
Building Resilience and Incident Response
UAE Exchange (invited)
Maintaining a discipline of strong cybersecurity has become increasingly difficult at enterprise organisations for a number of reasons. This session explores how you can better manage incidents and respond to breaches.