Enterprise Security & Risk Management

21 September 2017

Mövenpick Hotel, Amsterdam



UK Hits Record Growth in Cyber Security Personnel

10th February 2017

With the threat of an international cyber security skills shortage looming, the UK’s intensive efforts to reduce the gap in recent years seems to be […]

How does security visibility help your cybersecurity posture?

16th August 2016

Cybersecurity is a constant battle to stay ahead. The Cybersecurity Capability Maturity Model (C2M2) outlines a process to move your security posture to the next […]



The Conference Chair’s Opening Address
Keynote Address

SESSION One: The Future of Enterprise Security and Risk Management

From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm

  • Governance, Risk and Compliance (GRC)
  • Changing perceptions: Information Security as a Business Objective
  • New Challenges: Enterprise Mobility, Cloud Computing and Big Data
  • Effective Risk Management Strategies and Metrics
  • Information Security as a business enabler
The Enterprise Immune System: Self-Learning Cyber Defence Through Machine Learning

In this session, you will learn:

  • How new machine learning and mathematics are automating advanced cyber defense
  • Why 100% network visibility allows you to detect threats as they happen, or before they happen
  • How smart prioritisation and visualization of threats allows for better resource allocation and lower risk
  • Real-world examples of unknown threats detected by ‘immune system’ technology
The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

John Dyer, Director, Darktrace

In this session, learn: 

  • The implications of the new era of cyber-threats for business networks
  • Why legacy approaches like rules and signatures are proving insufficient on their own
  • How new immune system technologies are imperative for the next generation of cyber-defense
  • Why 100% network visibility and intelligence allow you to preempt emerging situations, in real time 
  • Real-world examples of subtle threats that routinely bypass traditional controls
Synack: Trusted Hackers Who Want To Be Your Allies, Not Your Adversaries

To beat a hacker, you have to think like a hacker, but to protect an enterprise against constant, complex threats, you can’t just think like one, you have to ignite hundreds of the world’s best ethical hackers into rapid action. Synack is pioneering a trusted hacker-powered approach to protecting an organization’s digital surface, arming security teams with hundreds of the world’s best hackers who want to be your allies, not your adversaries
In this session, explore how organizations can utilize a crowdsourced team of trusted ethical hackers to:

  • Proactively detect and report holes in an organization’s most sensitive systems, before a criminal hacker gets there first
  • Understand how areas of weakness and subsequent exploitation relates to overall business risk, and how vulnerabilities can be prioritized for remediation accordingly
  • Gain a true understanding of how an adversary views your networks and digital applications
Security Audits

For internal auditors, it is critical to understand the important aspects of managing IT security audit. This presentation will cover lessons learnt in managing contracted IT security audits, as well as procurement, managing field work, and reporting.

Questions to the Panel of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
The Resilience and Security Officer in a Corporate Ecosystem

Today any business is dependent on broad and deep knowledge of information, physical and environmental security, risk management, business continuity preparedness, and staff awareness. Companies need to be resistant to DDoS, hacktivist, spam, many shades of phishing, natural disasters, political changes, and riots. Businesses are facing multiple dangers including data leakages, personnel misconduct and insider violations.

In this presentation, we explore the role of a resilience and security officer, who needs to be supported by subject matter experts in order to provide a holistic approach, respond to threats and vulnerabilities.


Information Serenity in Financial Services

Now that cyber threats are well documented and senior management are aware of the risks all Financial Service corporations face, there is surely nothing to worry about now is there? Everyone is now on the same page, investing in robust security solutions and operating a companywide education programme that nothing could possibly go wrong now can it? But, as this presentation will explain, this isn’t the case for a lot of organisations and even for those that have invested, it isn’t all green pastures and blue skies.

Questions then Delegate Movement to the Seminar Rooms
Seminar - Compliance to Enablement: Enterprise Security Architecture & GDPR

With GDPR looming on the horizon for next year, many European enterprises are focusing on the very real challenges of compliance. In this session, we will show how the SABSA Enterprise Security Architecture Methodology’s focus on enabling the business delivers legal and regulatory compliance in ways that enable the business through improved effectiveness, efficiency and competitive advantage.

We will demonstrate business enablement throughout the SABSA lifecycle: from understanding enterprise goals and objectives; identifying the opportunities and threats related to new regulatory requirements to define enablement and control objectives into using these objectives to drive design, implementation, and operations. The SABSA approach provides the means to deliver business-driven compliance that enables a business to achieve its goals, rather than a compliance-driven business tied-up in regulatory knots.

Networking Lunch Served in the Exhibition Area

SESSION Two: Building Resilience, Mitigating Risks, Sharing Best Practice

Sharing lessons learned, new innovations and stratagems for operational risk management

Conference Chair’s Afternoon Address
Implementing an Information Security Management System (ISMS) to Make Compliance and Security a Sustainable Reality

In the last few years, both IT and Regulatory environments have been getting increasingly sophisticated which is requiring firms of all sizes, to find simpler and more sustainable solutions to keep their risks under control. To this end, the ISO organisation has introduced the ISO27001 standard to help identify, manage and reduce business and information Security risks. During this sitting, we will cover some of the key points related to the ISMS implementation, based on practical experience.

Business Continuity Management at Gemeente den Haag

The presentation covers the way in which a business continuity policy and process came to be implemented within a government organisation. Continuity plans contain disaster scenarios, risks associated with a given scenario, continuity measurements (like workarounds) and escalation and evaluation processes. The risk assessment helps management understand the dependencies of IT systems, the impact of a disaster on their (internal and external) clients and the benefits of possible measurements. However it’s a big challenge to understand all the processes and the dependencies of IT systems in a dynamic environment and to manage all future changes in a control environment.


Questions to the Panel of Speakers
Afternoon Networking and Refreshments Served in the Exhibition Area

SESSION Three: Managing and Implementing a Secure ICT Infrastructure

Sharing best practice on how to analyse vulnerabilities in your ICT infrastructure and eliminate them

The Impact of EU General Data Protection Regulation on your (IT) Organisation

On December 15, 2015, the European Parliament, the Council and the Commission reached an agreement on the new data protection rules, establishing a modern and harmonised data protection framework across the EU – the General Data Protection Regulation (“GDPR”). You might have already adopted privacy processes and procedures, but are you confident you have covered all the new GDPR rules to prevent significant fines and penalties for non-compliant data controllers and processors once it comes into force in the spring of 2018?

Pragmatic Information Risk Management

Wil van Egdom, Information Security Officer, Greenpeace International

Good information risk management is a challenge for many organisations, especially for smaller NGOs with less budget and limited resources. Often work stops at risk analysis, i.e. creating a risk register which will successively gather dust in a drawer. In this presentation we look at how Greenpeace have chosen a pragmatic approach to manage their information security risks. An approach that maps a best practice set of information security measures to ten most relevant risks and that uses the Risk & Compliance Management tool; Easy2Comply.

Seven Deadly Sins of a Risk Officer

Exploring the Risk Officer’s role in a changing environment and how to identify strengths and means to integrate into a new environment. The speaker will share his thoughts and reflections on lessons learned from having worked in risk management and internal controls in various environments.

Questions to the Panel of Speakers
Conference Chair’s Closing Remarks
Conference Closes, Delegates Depart