Session One – Securing the Connected Enterprise
From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm
- Governance, Risk and Compliance (GRC)
- Changing perceptions: Information Security as a Business Objective
- New Challenges and Opportunities
- Disruptive Technology Trends (Cloud, Social, Big Data) and Security
- Effective Risk Management Strategies and Metrics
- Information Security as a Business Enabler
- Cyber Threat Risks – Guidance for Business Strategists and Boards
- Defining Risk Appetite and allocating Cyber Security Resources Efficiently
Chair’s Opening Address
Security and Risk as a C-Suite Strategy: Information Security Leadership Development
From global payment systems and private customer data to mission-critical systems and core intellectual property – companies are pressed to step up their game against persistent cyber threats. In this opening session, we look at how C-level professionals need to elevate cyber risk mitigation and be directly involved in determining the risk appetite of their business. We also look at:
- The evolving role of the CISO: Surviving and thriving in the new information security paradigm
- Extracting business value from your security architecture
- A guide to cyber security in the boardroom
- Reflecting on the next generation CISO
The Information Enterprise: A New Way of Looking at Information Risk
How can your enterprise raise its game by implementing an effective value-adding information security governance framework? This session explores:
- Accurately assessing and managing your real information risk exposure
- Standards of good practice for information security
- Achieving strategic goals through improved strategic decision-making
- Sustaining buy-in and commitment from users and management
- Benchmarking and information risk assessment methods
- Ensuring compliance with policies, auditing guidelines and regulations
Developing a Comprehensive Operational Risk Management Plan
What does a proactive road map to evaluating your current risk look like?
This presentation covers:
- What a sophisticated attack looks like
- Proactive risk management – from detection and risk classification to impact analysis and mitigation
- Building your risk plan – remediation of risk, developing actionable plans, real time analysis, pattern recognition, user behaviour, continuous visibility and monitoring
- Penetration testing – putting your defences to the test to uncover any security issues
- Identifying security best practices
- Reducing the risk of human risk factors
Reaping the Benefits of Risk Analytics
“The amount of information that needs to be secured is growing faster than our ability to secure it” according to IDC. The adverse impact of a data breach are a clear and present threat to reputation and revenue in today’s business environment. This threat is all the more magnified in an age of big data – where the volume, variety and velocity of data is continually evolving, and where the appetite to capitalise on data to harness better business insights is growing.
Risks are ever-present for data stored in the cloud, on consumer devices as well as data locked in interconnected supply chains. Now more than ever, there is a pressing need to keep valuable information secure and protected. Preparedness strategies are a crucial factor for businesses.
This session looks at how to magnify the rewards of big data by applying risk analytics to security controls and measures in order to mitigate the risks.
Case Study: The Cyber Security Intelligence Imperative
Security must be intelligent in the new data-centric enterprise where the constant stream of threat data can overwhelm security professionals. Further complications arise with some threats not being detected by traditional security measures, and requiring an entirely different approach.
This session discusses how security professionals can assess their security intelligence maturity and appetite, and how they can identify early warning signs and bring visibility to immediate threats which require a prompt response.
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Using Risk Analysis in Supplier Management
This session explores the implementation of strategies to manage every day and exceptional risks along the supply chain with the objective of ensuring business requirements are met while also reducing information security risk.
Navigating Global Legal and Regulatory Risks Post-Brexit – What comes next?
- Rising to the compliance challenge, simplifying management of multiple compliance initiatives, managing costs
- Carving out a roadmap for intelligent information governance
- Anonymisation of data and privacy
- Data protection reforms and safeguards
- Exploration of global IT regulations keeping view of UK data protection laws
Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice
Sharing lessons learned, new innovations and stratagems for operational risk management
Chair’s Afternoon Address
Achieving Cyber Resilience
With increasing numbers of transactions, interactions and data now online, bolstering cyber resilience is a critical component for businesses looking to secure their perimeter. In this session we look at how to:
- Measure: Understanding the threat horizon, in particular corporate espionage and the threat of technical surveillance
- Analyse: Carrying out cyber security assessments
- Respond: Business continuity planning, incident analysis and mitigation.
- Collaborate and work in partnership with other organisations on cyber security intelligence and strategies.
How to Prevent a Breach Before It Happens
We consider such things as:
- Measuring organisational risk appetite and adopting an information-centric approach to measuring and managing risk
- Best practice in securing endpoint computing devices
- Establishing an acceptable usage policy
- Trust-based policy controls and technical controls
- A consideration of legal rights and user privacy
- Creating user-awareness about responsibilities and standards
- Remote lock/wipe facilities, data recovery methods
Is Cloud a Secure Place for your Data?
Managing the risks associated with housing your private and confidential company data offsite is a critical business issue. The adoption of Cloud creates risks that must be understood and properly managed. With data centres scattered across the globe, there are additional concerns about privacy regulations, different jurisdictions and compliance issues.
This presentation will demystify the complexity surrounding data integrity, ownership and privacy in the Cloud. The session will give guidance on how organisations can develop robust safeguards and good practice in managing their data.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Session Three – Managing and Implementing a Secure ICT Infrastructure
Sharing best practice on how to analyse vulnerabilities in your ICT infrastructure and eliminate them
Case Study: Security Policies in Action
How can business balance the security imperative with user needs and experiences? This session evaluates the impact of user experience on resilience and how businesses can institute policies and apply controls to servers, networks, applications and endpoints.
Deriving Value from your IAM Project
We explore the business value of IAM, devoting focus to processes, technologies and policies designed to manage digital identities. The session covers:
- Trends and drivers for next generation IAM
- IAM standards across web and mobile
- Approaches for managing federated SSO
- Risks and rewards of Privileged Access Management
- User accounts – why maintaining a clear overview is important
- The “insider threat” – how real is it?
- Vulnerability assessment methods, and mitigation strategies
Network Security: Creating a Unified, Secure Architecture
The network is the more complex than ever before and security concerns about networks have grown exponentially as a consequence. This presentation explores:
- Advanced and integrated intrusion prevention techniques
- Risks associated with NFV and SDN
- Creating a unified security architecture
- Next generation firewalls, anti-malware, web filtering
- Real-time threat intelligence monitoring and incidence response
The Security Practitioner's Dilemma: Creating a Risk-Aware Organisational Culture
Organisational culture is a key component in the success of any risk management initiative. Among the many facets of their roles, security practitioners are required to use psychology to create intuitive cyber security. In this session we impart advice on how you should:
- Do your due diligence – designing and reviewing a risk strategy
- Continuously monitor – standards, responsibilities
- Extend training – identifying good awareness strategies for better uptake
- Restrict access – managing privileges and reducing the impact of the human factor
Questions to the Panel of Speakers
Conference Chair’s Closing Remarks
Conference Closes, Delegates Depart
Whitehall Media reserve the right to change the programme without prior notice.