Government IT Security Conference

9 May 2018

Victoria Park Plaza



£20Million Set to be Invested into Britain’s School Curriculum in a Bid to Boost Future Cyber Defences

15th March 2017

September 2017 will see the launch of a new government scheme aimed at providing teenagers with the cyber security skills they would require for a […]

Optimising Internet Access for staff and visitors in the NHS

14th April 2016

In a bid to help reduce costs and improve the use of technology within the health service, the Government has called for all NHS Organisations […]



Session ONE – Building Cyber Resilience across the Public Sector

  • Building cyber security resilience, awareness, preparedness, capability and skills across the public sector
  • Protecting vital interests and securing critical national infrastructure in a modern information economy
  • Reforming government services through new delivery models and ways of working
  • Operating securely and efficiently in the digital by default era
  • Unlocking key savings in a bid to make the public sector lean, efficient and more personal
  • Security as an enabler, rather than a barrier, for efficient lean government
The Conference Chair's Opening Remarks

John Thornton, Secretary, Digital Government Security Forum (DGSF)

Morning Keynote Address: Safeguarding the UK

National Cyber Security Centre (invited)

The National Cyber Security Strategy (NCSS) was launched over a year ago in response to the growing cyber security challenges and risks faced by the UK. As part of the strategy, the government invested £1.9bn in projects like the National Cyber Security Centre (NCSC) which has since responded to hundreds of cyber incidents.

In this opening keynote session we explore how the initiatives to date have supported public sector bodies and businesses, how skills are being harnessed to meet the need for cyber professionals, and how collaborative partnerships are countering cyber risks. We consider:

  • The NCSC’s progress in building capability and mitigating risks across the public sector
  • The important role of leadership in cyber risk management
  • Risk-based approaches to detecting and defeating threats
  • Working in partnership with the private sector with a view to increasing cyber situational awareness and sharing information
  • Strengthening law enforcement to tackle threats and response mechanisms
  • Security considerations for emerging technologies (cloud, big data, IoT)
Developing your Resilience against Cyber Attack

NHS England (invited)

A quarter of local councils – equating to 115 councils – say they fell victim to ransomware attacks last year. More than a third of NHS trusts were disrupted by the WannaCry ransomware attack in 2017, resulting in thousands of appointments and operations being cancelled.

  • What can organisations do to minimise the risk of being affected by a rnsomware attack?
  • How can they build a robust business continuity plan?                                                             

We hear about the importance of a collaborative approach in improving situational awareness and national incident management. This session covers how organisations can develop – and test – their resiliency and act on lessons learned.

Securing really big data – can it be done and still work for ‘the business’?

Andy Wall, Chief Security Officer, Office for National Statistics

The rapid development of business technology is facilitating the processing and analysis of more data, in richer and more complex forms, supported by appropriate methods and standards. Many Government departments are expanding their analytical capability to make better use of this to inform and improve their public services. At the Office for National Statistics this ability to exploit the power of data is a key ingredient for our success to enable official statistics to support the most important decisions facing the country. But, it also creates headaches for security. It pushes the boundaries of what can be secured without disrupting business operations. It creates tensions between business owners and security about access vs protection. How does security respond?

Gain insight into the challenges in managing security in fast-paced, evolving big data environments through our work to protect data within ONS. Learn about building a principles-driven security framework based on threat, an organisation-wide data handling approach, a consistent model to value the content data and how this flows through business decision-making on risk, supported by security.

Training a New Generation of Cyber Security Experts

Department for Culture, Media and Sport (DCMS) (invited)

It is estimated that the global cyber security workforce shortage will widen to 1.5 million by 2020. The UK government is acutely aware of this shortfall and is working to address the skills gap through various short and long term initiatives.

  • What investments are being made to train a new generation of cyber security experts to combat the ever growing threats posed by cybercrime?
  • How can public sector bodies harness in-house talent to build capabilities and resilience?
Security and Building a Dynamic Delivery Team

Mahbubul Islam, Head of Secure Design, Department for Work and Pensions

Mahbubul will present on how DWP embarked on Agile Security for some of the key projects with the focus being on the “how”. Additionally the session will provide a brief overview on building a dynamic security team and how DWP achieve agile security whilst maintaining the GRC requirements and avoid being a blocker.


Case Study - HMCTS

‎Damon Norville, Deputy Director Digital Change, HM Courts and Tribunals Service (HMCTS)

Michael Hanley, Head of Information Security and Deputy SIRO, HM Courts and Tribunal Service (HMCTS)

Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Combatting Cybercrime

Detective Superintendent Andrew Gould, National Cybercrime Programme Lead, National Police Chiefs’ Council

Case Study

Rik Ferguson, VP Security Research, Trend Micro

Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO: Innovations and Best Practice

  • Implementing and Sharing Best Practice
  • Exploring Regulatory Frameworks and Guidance
The Conference Chair Opens the Afternoon Session
How to implement an incident response plan

Paul Newman, Head of IT, Royal College of Nursing

This walkthrough practical session covers cyber hygiene essentials like:

  • Emergency preparedness and regular impact assessments
  • Crisis communications, business continuity planning and disaster recovery
  • Keeping abreast of evolving threats
  • Utilising traditional channels during crises
  • Engaging stakeholders
Combatting Ransomware

Paul Edmunds, Head of Technology, National Cyber Crime Unit

The Human Factor in Information Security

Kieren Lovell, ‎Head of Computer Emergency Response, University of Cambridge

The problem with passwords
  • How passwords are compromised
  • How to help your users generate appropriate passwords and cope with password overload
  • Understand limitations of passwords
  • Protective monitoring and effective Identity and Access Management & Privileged User Control
  • Management techniques to manage users and critical data assets
  • Extending identity governance across your organisation
  • Leveraging multi-factor authentication for a seamless ecosystem
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
The Changing Nature of Identity

Dr Victoria Baines, ‎Visiting Associate at ‎Oxford Internet Institute

GDPR – Beyond Compliance

Tim Rodgers, Compliance and Information Governance Manager, Imperial College London

Public sector organisations are endowed with a huge responsibility and growing challenges to keep critical infrastructure operating and public data safe. Join this session to explore:

  • The importance of encryption in keeping information secure
  • Privacy and security of citizen data held by public sector organisations
  • Empowering employees to protect sensitive data
  • Moving the dialogue on GDPR from awareness to capabilities
  • Achieving good governance and a cyber-aware culture
Why users are the strongest link

As much as half of data loss is the result of user behaviour. Negligence and error pose serious risks to organisations. How do we empower users to work more effectively and securely? How can we overcome the problem of shadow IT?

In this session we discuss:

  • The design and implementation of awareness training for staff
  • How to listen to your users and identify user needs
  • Utilising analytics to root our risk to prevent data loss
  • Enhancing responses to data loss
The Essential Role of Academia in Cyber Research and Resilience

Research and innovation carried out by the UK’s academic sector underpins enhanced capabilities to develop new metrics and responses to evolving risks. Collaborative partnerships between academia and industry are vital for the cross-fertilisation of expertise, ideas and solutions.

What can academia do to enhance the quality and scale of cyber security research? How can the academic community develop a shared vision and aim with those inside and outside academia?

Keynote Closing Address: Closing Down Weaknesses In Public Sector Cyber Security By Opening Up To Innovation

Digital economies are built on a foundation of security and trust. Balancing the imperative to be innovative and cutting-edge with protecting critical systems and assets can be a tight-rope. This closing session looks at:

  • Balancing convenience, security and innovation
  • Ways in which public bodies can strengthen their security approach and posture to keep pace with disruptive technologies
  • The potential of emerging technologies to combat cybercrime and prevent cyberattack – an assessment of risks and opportunities
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.