ESRM

Enterprise Security & Risk Management

19 April 2018

Victoria Park Plaza

SOCIAL


LATEST BLOGS


What’s In Store For The 2015 Network?

22nd April 2015

I’ll cut to the chase here. In my opinion 2015 will be the year that network and application convergence finally deliver for enterprises of all […]


Data security and IT Asset Disposal Today

21st April 2015

Information availability and risks are evolving. Is your ITAD strategy  With internet traffic set to cross the 1 zettabyte – that’s 1 followed by 21 […]


LATEST TWEETS

PROGRAMME

Session One – Securing the Connected Enterprise

From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm

  • Governance, Risk and Compliance (GRC)
  • Changing perceptions: Information Security as a Business Objective
  • New Challenges and Opportunities
  • Disruptive Technology Trends (Cloud, Social, Big Data) and Security
  • Effective Risk Management Strategies and Metrics
  • Information Security as a Business Enabler
  • Cyber Threat Risks – Guidance for Business Strategists and Boards
  • Defining Risk Appetite and allocating Cyber Security Resources Efficiently
09:15
Chair’s Opening Address
09:25
Security and Risk as a C-Suite Strategy: Information Security Leadership Development

From global payment systems and private customer data to mission-critical systems and core intellectual property – companies are pressed to step up their game against persistent cyber threats. In this opening session, we look at how C-level professionals need to elevate cyber risk mitigation and be directly involved in determining the risk appetite of their business. We also look at:

  • The evolving role of the CISO: Surviving and thriving in the new information security paradigm
  • Extracting business value from your security architecture
  • A guide to cyber security in the boardroom
  • Reflecting on the next generation CISO
09:40
The Information Enterprise: A New Way of Looking at Information Risk

How can your enterprise raise its game by implementing an effective value-adding information security governance framework? This session explores:

  • Accurately assessing and managing your real information risk exposure
  • Standards of good practice for information security
  • Achieving strategic goals through improved strategic decision-making
  • Sustaining buy-in and commitment from users and management
  • Benchmarking and information risk assessment methods
  • Ensuring compliance with policies, auditing guidelines and regulations
10.00
Developing a Comprehensive Operational Risk Management Plan

What does a proactive road map to evaluating your current risk look like?

This presentation covers:

  • What a sophisticated attack looks like
  • Proactive risk management – from detection and risk classification to impact analysis and mitigation
  • Building your risk plan – remediation of risk, developing actionable plans, real time analysis, pattern recognition, user behaviour, continuous visibility and monitoring
  • Penetration testing – putting your defences to the test to uncover any security issues
  • Identifying security best practices
  • Reducing the risk of human risk factors
10.15
Reaping the Benefits of Risk Analytics

“The amount of information that needs to be secured is growing faster than our ability to secure it” according to IDC. The adverse impact of a data breach are a clear and present threat to reputation and revenue in today’s business environment. This threat is all the more magnified in an age of big data – where the volume, variety and velocity of data is continually evolving, and where the appetite to capitalise on data to harness better business insights is growing.

Risks are ever-present for data stored in the cloud, on consumer devices as well as data locked in interconnected supply chains. Now more than ever, there is a pressing need to keep valuable information secure and protected. Preparedness strategies are a crucial factor for businesses.

This session looks at how to magnify the rewards of big data by applying risk analytics to security controls and measures in order to mitigate the risks.

10:35
Case Study: The Cyber Security Intelligence Imperative

Security must be intelligent in the new data-centric enterprise where the constant stream of threat data can overwhelm security professionals. Further complications arise with some threats not being detected by traditional security measures, and requiring an entirely different approach.

This session discusses how security professionals can assess their security intelligence maturity and appetite, and how they can identify early warning signs and bring visibility to immediate threats which require a prompt response.

10:50
Questions To The Panel Of Speakers
11:00
Morning Networking and Refreshments Served in the Exhibition Area
11:30
Using Risk Analysis in Supplier Management

This session explores the implementation of strategies to manage every day and exceptional risks along the supply chain with the objective of ensuring business requirements are met while also reducing information security risk.

11:45
Navigating Global Legal and Regulatory Risks Post-Brexit – What comes next?
  • Rising to the compliance challenge, simplifying management of multiple compliance initiatives, managing costs
  • Carving out a roadmap for intelligent information governance
  • Anonymisation of data and privacy
  • Data protection reforms and safeguards
  • Exploration of global IT regulations keeping view of UK data protection laws
12:05
Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
12:15
Seminar Sessions
13:00
Networking Lunch Served in the Exhibition Area

Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice

Sharing lessons learned, new innovations and stratagems for operational risk management

14:00
Chair’s Afternoon Address
14:05
Achieving Cyber Resilience

With increasing numbers of transactions, interactions and data now online, bolstering cyber resilience is a critical component for businesses looking to secure their perimeter. In this session we look at how to:

  • Measure: Understanding the threat horizon, in particular corporate espionage and the threat of technical surveillance
  • Analyse: Carrying out cyber security assessments
  • Respond: Business continuity planning, incident analysis and mitigation.
  • Collaborate and work in partnership with other organisations on cyber security intelligence and strategies.
14.20
How to Prevent a Breach Before It Happens

We consider such things as:

  • Measuring organisational risk appetite and adopting an information-centric approach to measuring and managing risk
  • Best practice in securing endpoint computing devices
  • Establishing an acceptable usage policy
  • Trust-based policy controls and technical controls
  • A consideration of legal rights and user privacy
  • Creating user-awareness about responsibilities and standards
  • Remote lock/wipe facilities, data recovery methods
14:35
Is Cloud a Secure Place for your Data?

Managing the risks associated with housing your private and confidential company data offsite is a critical business issue. The adoption of Cloud creates risks that must be understood and properly managed. With data centres scattered across the globe, there are additional concerns about privacy regulations, different jurisdictions and compliance issues.

This presentation will demystify the complexity surrounding data integrity, ownership and privacy in the Cloud. The session will give guidance on how organisations can develop robust safeguards and good practice in managing their data.

14.50
Questions to the Panel of Speakers
15:00
Afternoon Networking and Refreshments served in the Exhibition Area

Session Three – Managing and Implementing a Secure ICT Infrastructure

Sharing best practice on how to analyse vulnerabilities in your ICT infrastructure and eliminate them

15:30
Case Study: Security Policies in Action

How can business balance the security imperative with user needs and experiences? This session evaluates the impact of user experience on resilience and how businesses can institute policies and apply controls to servers, networks, applications and endpoints.

15:45
Deriving Value from your IAM Project

We explore the business value of IAM, devoting focus to processes, technologies and policies designed to manage digital identities. The session covers:

  • Trends and drivers for next generation IAM
  • IAM standards across web and mobile
  • Approaches for managing federated SSO
  • Risks and rewards of Privileged Access Management
  • User accounts – why maintaining a clear overview is important
  • The “insider threat” – how real is it?
  • Vulnerability assessment methods, and mitigation strategies
16:00
Network Security: Creating a Unified, Secure Architecture

The network is the more complex than ever before and security concerns about networks have grown exponentially as a consequence. This presentation explores:           

  • Advanced and integrated intrusion prevention techniques
  • Risks associated with NFV and SDN
  • Creating a unified security architecture
  • Next generation firewalls, anti-malware, web filtering
  • Real-time threat intelligence monitoring and incidence response
16.15
The Security Practitioner's Dilemma: Creating a Risk-Aware Organisational Culture

Organisational culture is a key component in the success of any risk management initiative. Among the many facets of their roles, security practitioners are required to use psychology to create intuitive cyber security. In this session we impart advice on how you should:

  • Do your due diligence – designing and reviewing a risk strategy
  • Continuously monitor – standards, responsibilities
  • Extend training – identifying good awareness strategies for better uptake
  • Restrict access – managing privileges and reducing the impact of the human factor
16:30
Questions to the Panel of Speakers
16:40
Conference Chair’s Closing Remarks
16:45
Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.