Enterprise Security & Risk Management

21 September 2017

Mövenpick Hotel, Amsterdam




1st September 2017

The Identity Hub is a service platform developed by U2U Consult that facilitates mobile and web app developers to quickly setup and integrate with a […]

Public WiFi Security Tips and Tools

9th August 2017

As the number of consumers with mobile devices continues to rise, so too does the demand for reliable internet access. Out of necessity, many businesses […]



SESSION One: The Future of Enterprise Security and Risk Management

The Conference Chair’s Opening Address

Robert Garskamp, Entrepreneur, Advisor on Digital Identity Matters and Founder of the IDnextplatform

How secure do you want to be? – A risk based approach to protecting a company’s assets while retaining competitive advantage

Cristian Goiceanu, Chief Security Officer, Banca Comerciala Romana Erste Bank

How secure do you want to be? This is a tricky question and the answer begins with “it depends”. Security will vary depending on the risk appetite of a company, regulatory environment and inherited risks from the industry in which a company operates. In addition, business continuity management and resilience have great sway over the answer. How to combine security components in a cost effective way and how to assess the result are questions that each CSO/CISO should have on the daily dashboard.

The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

John Dyer, Director, Darktrace

In this session, learn: 

  • The implications of the new era of cyber-threats for business networks
  • Why legacy approaches like rules and signatures are proving insufficient on their own
  • How new immune system technologies are imperative for the next generation of cyber-defense
  • Why 100% network visibility and intelligence allow you to preempt emerging situations, in real time 
  • Real-world examples of subtle threats that routinely bypass traditional controls
Cybersecurity: Back to the basics

Dimitri Chichlo, Former VP Information Security & Business Continuity at Edmond de Rothschild

When we consider the recent ransomware campaigns, it seems so easy to grab money from victims. Why? Because when we look at the modus operandi, we can see that the criminals are using very basic vulnerabilities of our information technology networks. In this session, we explore the following questions:
– What kind of vulnerabilities are generally exploited?
– Why are they exploited?
– What actions can be undertaken to prevent attacks?
– Why establish a holistic approach? 

Metrics: The story so far

Phil Cracknell, Group CISO (Interim), Homeserve plc 

“CISOs need to speak the language of the board!” That phrase has been touted around as a general statement and call to arms for several years but have we learned that language yet?

“Report what you should not what you can” – Businesses are waking up to the fact that they need metrics/risk indicators that our board, audit committees and non-exec directors understand.

“What’s everyone else doing?” “How good should we be?” What good looks like is becoming increasingly important to the board. The metrics project, now in its fourth year and with initial help from ClubCISO UK members, has flourished through ongoing collaboration and participation of businesses. Metrics are very much the key to our future. They continue to be defined, validated and tested by CISOs and the end-user community and are starting to detail exactly how we demonstrate our effectiveness, measure our exposure and agility, test our culture and pinpoint the responsibilities, highlighting investment or lack of it.

Questions to the Panel of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
What Boards Need To Know About Cyber Risk

Vince Warrington, Cyber Security Specialist

Studies show that cyber risk is poorly understood at Board level. Too often the information presented is technical in nature, introduces concepts the Board may not be familiar with, or is just presented in a format which is incompatible with their requirements. This session will inform you on how best to present on cyber security risk at Board level, giving you confidence that your requirements will be understood and acted upon. We’ll also cover how using metrics can help your case, and how you should approach a security breach.

Great Security Starts with IT

Tyler Oliver, Director of Endpoint Detection and Response, Tanium

A good deal of data breaches could have been avoided or dealt with better if organisations had strong security fundamentals. It is vital to get the simple things right. How many endpoints are connected to your network? How many have the latest version of Flash installed? If you can’t answer these questions accurately with confidence and at speed, security hygiene is broken.

Followed by SEMINAR
Defending and Hunting Live

No marketing slides, no sales pitch. Together with our experts, you will hunt for threats in real-life scenarios. Being able to hunt for Indicators of Compromise both known and unknown at speed and scale is imperative. Our experts will illustrate how good security hygiene can improve your security posture significantly.

Networking Lunch Served in the Exhibition Area

SESSION Two: Building Resilience, Mitigating Risks, Sharing Best Practice

Sharing lessons learned, new innovations and stratagems for operational risk management

Conference Chair’s Afternoon Address

Robert Garskamp, Entrepreneur, Advisor on Digital Identity Matters and Founder of the IDnextplatform

Security in Times of Change

Plamen Dimitrov, Global IT Security Manager, Jacobs Douwe Egberts

This session looks at how to manage your cyber security strategy through business transformation, with particular reference to mergers, accusations or splits. The presenter will provide practical advice and recommendations on how to keep security and compliance levels at their highest possible level during company transformations.

Start your Cyber Resilience Strategy with Email

Johan Dreyer, Director of Technical Services, Europe, Mimecast

It was clear from both Petya and WannaCry attacks that advanced security, business continuity and backup procedures were either not present or failed to be executed successfully. These outbreaks have served as a wake-up call for organizations around the world to take the disruptive power of evolving threats more seriously. Virtually everyone in business today has access to email, this makes it the easiest way for threat actors to gain access to your organization, usually through a combination of social and technological engineering. In this talk we will discuss the complexity of these threats and how best to deal with them.

Business Continuity Management at a Government Organisation

Zari Haji Rasoul, Information Security Officer, Gemeente Den Haag

The presentation covers the way in which a business continuity policy and process came to be implemented within a government organisation. The process starts with a risk assessment resulted in the top 5 of the most critical processes. Continuity plans will then be designed and implemented based on the risk assessment. The continuity plans contain disaster scenarios, risks associated with a given scenario, continuity measurements (like workarounds) and escalation and evaluation processes. The risk assessment helps management understand the dependencies of IT systems, the impact of a disaster on their (internal and external) clients and the benefits of possible measurements. The big challenge is to understand the processes and the dependencies of IT systems in a dynamic environment and to manage all future changes in a control environment.

Pragmatic Information Risk Management

Wil van Egdom, Information Security Officer, Greenpeace International

Good information risk management is a challenge for many organisations, especially for smaller NGOs with less budget and limited resources. Often work stops at risk analysis, i.e. creating a risk register which will successively gather dust in a drawer. In this presentation we look at how Greenpeace have chosen a pragmatic approach to manage their information security risks. An approach that maps a best practice set of information security measures to ten most relevant risks and that uses the Risk & Compliance Management tool; Easy2Comply.

Questions to the Panel of Speakers
Afternoon Refreshments & Networking
Conference Close, Delegates Depart