The Conference Chair’s Opening Address
SESSION One: The Future of Enterprise Security and Risk Management
From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm
- Governance, Risk and Compliance (GRC)
- Changing perceptions: Information Security as a Business Objective
- New Challenges: Enterprise Mobility, Cloud Computing and Big Data
- Effective Risk Management Strategies and Metrics
- Information Security as a business enabler
The Enterprise Immune System: Self-Learning Cyber Defence Through Machine Learning
In this session, you will learn:
- How new machine learning and mathematics are automating advanced cyber defense
- Why 100% network visibility allows you to detect threats as they happen, or before they happen
- How smart prioritisation and visualization of threats allows for better resource allocation and lower risk
- Real-world examples of unknown threats detected by ‘immune system’ technology
Importance of the Responsible Disclosure Process
One key risk elements to handle vulnerabilities in applications, systems and products is finding the way to communicate with those who are interested and motivated to discover these issues. Companies implementing a standards-based process to handle notification of researchers act with due diligence to mitigate the risk of having critical issues in their services by acting promptly and organized way before the issue gets publicity. In this presentation, the presenter will demonstrate how Philips Lighting implemented their Responsible Disclosure process and what benefits it brought within couple of months.
Synack: Trusted Hackers Who Want To Be Your Allies, Not Your Adversaries
To beat a hacker, you have to think like a hacker, but to protect an enterprise against constant, complex threats, you can’t just think like one, you have to ignite hundreds of the world’s best ethical hackers into rapid action. Synack is pioneering a trusted hacker-powered approach to protecting an organization’s digital surface, arming security teams with hundreds of the world’s best hackers who want to be your allies, not your adversaries
In this session, explore how organizations can utilize a crowdsourced team of trusted ethical hackers to:
- Proactively detect and report holes in an organization’s most sensitive systems, before a criminal hacker gets there first
- Understand how areas of weakness and subsequent exploitation relates to overall business risk, and how vulnerabilities can be prioritized for remediation accordingly
- Gain a true understanding of how an adversary views your networks and digital applications
For internal auditors, it is critical to understand the important aspects of managing IT security audit. This presentation will cover lessons learnt in managing contracted IT security audits, as well as procurement, managing field work, and reporting.
Questions to the Panel of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
The Resilience and Security Officer in a Corporate Ecosystem
Today any business is dependent on broad and deep knowledge of information, physical and environmental security, risk management, business continuity preparedness, and staff awareness. Companies need to be resistant to DDoS, hacktivist, spam, many shades of phishing, natural disasters, political changes, and riots. Businesses are facing multiple dangers including data leakages, personnel misconduct and insider violations.
In this presentation, we explore the role of a resilience and security officer, who needs to be supported by subject matter experts in order to provide a holistic approach, respond to threats and vulnerabilities.
Information Serenity in Financial Services
Now that cyber threats are well documented and senior management are aware of the risks all Financial Service corporations face, there is surely nothing to worry about now is there? Everyone is now on the same page, investing in robust security solutions and operating a companywide education programme that nothing could possibly go wrong now can it? But, as this presentation will explain, this isn’t the case for a lot of organisations and even for those that have invested, it isn’t all green pastures and blue skies.
Questions then Delegate Movement to the Seminar Rooms
Seminar - Compliance to Enablement: Enterprise Security Architecture & GDPR
With GDPR looming on the horizon for next year, many European enterprises are focusing on the very real challenges of compliance. In this session, we will show how the SABSA Enterprise Security Architecture Methodology’s focus on enabling the business delivers legal and regulatory compliance in ways that enable the business through improved effectiveness, efficiency and competitive advantage.
We will demonstrate business enablement throughout the SABSA lifecycle: from understanding enterprise goals and objectives; identifying the opportunities and threats related to new regulatory requirements to define enablement and control objectives into using these objectives to drive design, implementation, and operations. The SABSA approach provides the means to deliver business-driven compliance that enables a business to achieve its goals, rather than a compliance-driven business tied-up in regulatory knots.
Networking Lunch Served in the Exhibition Area
SESSION Two: Building Resilience, Mitigating Risks, Sharing Best Practice
Sharing lessons learned, new innovations and stratagems for operational risk management
Conference Chair’s Afternoon Address
Implementing an Information Security Management System (ISMS) to Make Compliance and Security a Sustainable Reality
In the last few years, both IT and Regulatory environments have been getting increasingly sophisticated which is requiring firms of all sizes, to find simpler and more sustainable solutions to keep their risks under control. To this end, the ISO organisation has introduced the ISO27001 standard to help identify, manage and reduce business and information Security risks. During this sitting, we will cover some of the key points related to the ISMS implementation, based on practical experience.
Business Continuity Management at Gemeente den Haag
The presentation covers the way in which a business continuity policy and process came to be implemented within a government organisation. Continuity plans contain disaster scenarios, risks associated with a given scenario, continuity measurements (like workarounds) and escalation and evaluation processes. The risk assessment helps management understand the dependencies of IT systems, the impact of a disaster on their (internal and external) clients and the benefits of possible measurements. However it’s a big challenge to understand all the processes and the dependencies of IT systems in a dynamic environment and to manage all future changes in a control environment.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments Served in the Exhibition Area
SESSION Three: Managing and Implementing a Secure ICT Infrastructure
Sharing best practice on how to analyse vulnerabilities in your ICT infrastructure and eliminate them
The Impact of EU General Data Protection Regulation on your (IT) Organisation
On December 15, 2015, the European Parliament, the Council and the Commission reached an agreement on the new data protection rules, establishing a modern and harmonised data protection framework across the EU – the General Data Protection Regulation (“GDPR”). You might have already adopted privacy processes and procedures, but are you confident you have covered all the new GDPR rules to prevent significant fines and penalties for non-compliant data controllers and processors once it comes into force in the spring of 2018?
Fighting Cybercrime: Risk and Responsibility in an Interconnected World
Today’s interconnectedness brings increased risks of theft, fraud and abuse. Law enforcement performs an essential role in deterring and defending against cybercrime and cyber-attacks. We explore current developments and defence mechanisms with a particular focus on what organisations can do to build resilience.
Seven Deadly Sins of a Risk Officer
Exploring the Risk Officer’s role in a changing environment and how to identify strengths and means to integrate into a new environment. The speaker will share his thoughts and reflections on lessons learned from having worked in risk management and internal controls in various environments.