Session ONE – Securing your Enterprise
- Securing Digital Transformation and innovation
- Communicating with senior managers and executives about security
- Building a strong security culture
- Creating frameworks that allow secure software development
- New threats, and creative solutions to tackle them
The Conference Chair’s Opening Remarks
Dr Gilad L. Rosner, Founder: IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher
Can I Break Your Cloud? Cybersecurity Toolset and Strategy to Survive Cloud Transformations
Francesco Cipollone, Director of Events, Cloud Security Alliance UK; Head of Security Architecture & Strategy, HSBC Global Banking and Markets
Are you a practitioner or a CISO? Are you considering or doing cloud transformation of some sort?
If yes, this talk is for you…The talk will be useful also to specialists and practitioners of all fields to discover best practices (regardless of cloud)
Are you concerned that the cloud will break you, chase your security posture and beat it in the ally?
Join me in this journey of scary stories from the cloud and how to do cloud right.
The talk will take you through different cloud transformations and how to fit security inside the transformation pipeline.
How CISOs Need to Communicate Risk to the Board
This presentation tackles the key ways CISOs and senior security managers can better communicate risk to the board, by:
- Creating useful metrics so the board can properly evaluate your organisation’s security posture
- Communicating technicalities in easy-to-understand business terms
- Setting realistic goals and expectations
- Moving beyond handling incident response, from reactive to proactive defence
Why User Engagement Matters
While phishing tests and online guidance are the first steps towards building a better security culture, the most effective way to truly change behaviours is through personal training and engagement.
Join this presentation as we cover ways in which you can:
- Democratise responsibility to ensure security belongs to everyone
- Introduce better lines of communication
- Deliver effective training
- Meaningfully measure engagement
Mitigating Social Engineering Threats in the Enterprise
For all the discussions of technology, the fact remains that human manipulation is normally the easiest and most effective way to breach corporate defences, especially when used in conjunction with technical expertise.
- How can you prepare your employees against the evolving risks?
- How can you implement frameworks to mitigate the worst effects of social engineering?
- What are some ways you can test and measure your defences?
Implementing Continuous Security Across the Development Lifecycle
We tackle how you can introduce the concept of continuous security into your development process. We will explore the ways you can ensure risk is understood at every stage of development, how to instil good practices around security, and create a framework that automates several aspects of the continuous security programme.
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
New Criminal Communities on the Dark Web
The dark web is now an integral part of the cybercrime world, essential for the dissemination of stolen data, hacking tools for hire, and a key conduit for stolen financial information.
In this presentation we explore the new ways criminal communities are forming on the dark web, and what the implications are for tackling cybercrime.
Lessons from the Introduction of a Public Bug-Bounty Programme
We examine the introduction of a public bug bounty programme, covering executive buy-in, cultural changes, streamlining the submissions process, and the impact on an organisation’s overall security posture.
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session TWO – Establishing Innovative Defences in an Evolving Risk Landscape
- Securing new enterprise IT architectures and Complex Industrial Systems
- Understanding risk, through threat intelligence and hunting
- Incident response and DFIR
- Improving on the resilience of your infrastructure
- Understanding adversary behaviour
- Using new techniques to strengthen your defences
The Conference Chair Opens the Afternoon Session
Container Security in Enterprise Deployments
Containers have certain features that make them easier to secure than traditional architectures such as their isolation from other services, but as they are deployed in complex enterprise environments, they also raise new challenges for security teams.
We look at how enterprises need to manage container security to overcome these challenges. We examine:
- Access control with a scaling number of services
- Dealing with increased network traffic
- Improving asset management, security testing and quality control
Overcoming the Challenges of Securing ICS / SCADA
As the number and sophistication of ICS attacks grows, we look at how the industrial sector is overcoming challenges related to protecting vital infrastructure.
- Vulnerability management, and managing updates in systems that cannot be taken down
- Improving intruder detection and response
- Incorporating redundancies into systems
Do You Need a Threat Hunting Programme?
This presentation discusses whether you need a threat hunting programme in your organisation – to reduce hacker dwell times and seek out potential attackers before an incident appears.
- Why and how to implement threat hunting
- Identifying business environments best suited to threat hunting
- Successful deployments and common challenges
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Writing the Incident Response Playbook
When an incident occurs, it is essential that your organisation follows a playbook to ensure that the response is effective and adequately protects infrastructure, data and customers.
Join this presentation, as we look at the key elements of building a playbook that is deliverable, comprehensive, and able to function regardless of who has to carry it out. We examine:
- Groundwork and coordinating drills in advance
- Coordinating with other departments
- The questions any breach will pose, and how you build a framework that can accommodate a variety of scenarios
Boosting IT Infrastructure Resilience to Respond to Widespread Threats
If your systems are seriously comprised, how long would it take you to respond and restore your infrastructure?
If the answer is too long, you’re not alone.
We deep-dive into how one organisation improved its own IT resilience thorough improved risk management frameworks, classification of essential services and comprehensive drills.
Mapping Adversary Behaviour Within Your System
Sometimes to stop an attacker, you have to think like an attacker. This session looks at the ways attackers behave once they have gained access, and how security teams can leverage this information to better defend their network.
New Techniques to Exploit the Potential of OSINT (Open-Source Intelligence)
There’s a rich source of intelligence out there on employees, privileged account holders, and senior managers that can be used to exploit corporate defences.
To protect it and prevent it falling into the hands of potential hackers, InfoSec professionals need to utilise the newest OSINT tools and methods to stay ahead.
In this presentation we test some of the search engines, unlikely sources of data and useful techniques to improve on OSINT capacity.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Close, Delegates Depart
Whitehall Media reserve the right to change the programme without prior notice.