Programme @

ECS UAE & GULF

Enterprise Cyber Security

11 September 2023

Dubai Habtoor Palace, Dubai

Programme @ ECS UAE & GULF

Morning Session

Building the team, acquiring the tools and sourcing the technologies you need

  • Moving project security from checklist compliance to real business value generation
  • Building Diverse Security Teams: Different Points of View to Complex Problems
  • Creating a Global culture of privacy with Diversity & Inclusion in mind
  • CTI: Challenging the Implementation of Cyber Threat Intelligence programs at any organization
  • All-source threat intelligence
  • Striking the balance between innovation, security and regulatory compliance

09:00 (GMT)

Conference Chair's Opening Address

09:05 (GMT)

Moving project security from checklist compliance to real business value generation

When development and implementation projects look at security, the call far too often goes in the direction of ‘’What do I need to do to get this into production?“.

This leads to the projects just checking off their security list at best, or having the projects come to a grinding halt just pre-release at worst.

This session will show how to employ a Business-Led Unified Enterprise Security (BLUES) approach to clearly focus on the business objectives of a project, leading to greater acceptance by business leaders of Security by Design principles and the cybersecurity team as a business-enabling partner.

  • Ensuring that the cyber security approach is aligned with the business objectives that a project is aiming to achieve
  • Identifying threats and opportunities towards the business goals from a cyber security perspective
  • Defining cyber security objectives and measures for the projects
  • Assisting in implementation and ongoing operation of the measures in order to ensure business success

09:20 (GMT)

Building Diverse Security Teams: Different Points of View to Complex Problems

Charlotte Sinclair
Cyber Security Senior Awareness & Engagement Manager, Unilever
view profile

With the growing demand for security talent, recruiting and building a good security team is a tremendous challenge. We want to bring people in to support already stretched teams and to fit in culturally with us and our organisations. Is it difficult to find people because they aren’t there, or is it because we’ve narrowed our own perception?

  • Building good security means solving many complex problems that need to be looked at from different angles. Just as we layer our solutions to mitigate as many risks as possible, we need to apply the same to our teams
  • A strong security team needs to have at diverse skillsets and different modes of thought and that also means diverse backgrounds.
  • Not all people are given equal opportunities in life. Recruiting requirements should stop being limited to backgrounds that will only open doors to a small subset of people
  • The real change should start with us. We must take time and learn to listen to people different from us, choosing a creative and proactive approach towards developing and growing our security teams

09:35 (GMT)

Creating a Global culture of privacy with Diversity & Inclusion in mind

The presentation focuses on the importance of taking a risk-based approach to privacy when handling data.

  • What is Data Privacy? It is a human right
  • Why is it important?
  • Consumers are more and more aware of how data is handled and the value of data
  • Increased legislation and Regulators fines
  • Sources of threats and the Size of the beast
  • How have we built a global legal data privacy programme taking a risk-based approach?
  • What has industry achieved?
  • Why this is important as part of a business-wide security and risk upgrade
  • How to build a culture of privacy?
  • Why is Privacy important for diversity and inclusion strategy?
  • Balancing implementing D&I strategy in line with adhering to privacy regulations

 

 

09:50 (GMT)

CTI: Challenging the Implementation of Cyber Threat Intelligence programs at any organization

Marco Essomba
Head of Cybersecurity for Carrefour Group
view profile

In this presentation, we will discuss the value of engaging in trial and error, what works and what hasn’t when it comes to developing and driving a successful Cyber Threat Intelligence program.

Areas to cover:

  • You have no CTI program, where do you even begin?
  • Do you really need all of those paid vendor intelligence tools?
  • How do you scope intelligence collection and communication? Establishing Priority Intelligence Requirements
  • CTI for Incident Response, SecOps, Red Team, Third Party Risk, and more

10:05 (GMT)

All-source threat intelligence

It is of vital importance that you build, support and sustain a culture of building your own in-house solutions instead of always having to rely on third parties.

Same relates to your CTI programme.

The presentation will take you through the process of building a cyber threat intelligence programme from scratch in the company based on cloud infrastructure.

It will also address the importance of having the in-built ability to identify sources of collection, extract valuable data and convert it to actionable insights.

By combining manual and in-house built automated techniques you can better ably identify and counter the threats surrounding your business and our customers.

10:20 (GMT)

Questions to the Panel of Speakers

10:35 (GMT)

Refreshment Break Served in the Exhibition Area

11:05 (GMT)

Striking the balance between innovation, security and regulatory compliance

Currently Financial institutions that operate globally across multiple geographic regions are facing various challenges with multiple regulatory requirements with Cybersecurity and Data Privacy requirements.

  • How to balance cybersecurity and regulatory compliance
  • Scale regulatory assessments on cybersecurity (use once and share to many)
  • A change is coming to cybersecurity regulations

11:35 (GMT)

Questions to the Panel of Speakers & Delegates move to the Seminar Rooms

11:50 (GMT)

Seminar Sessions

12:30 (GMT)

Networking Lunch Served in the Exhibition Area

Afternoon Session

Sourcing, implementing the tools, technologies and techniques needed to master enterprise cybersecurity

  • Risk Based Investment: supporting the business strategy while improving cyber security posture
  • Expanding Zero Trust with email security
  • Just how secure is your MFA solution?
  • Privacy in the 21st Century
  • Operationalising MITRE ATT&CK Framework
  • DDoS Attack Threat Landscape — Tracking DDoS Attack Trends
  • Securing Hybrid Work: Using Zero Trust Principles to Secure your Data and Hybrid Workforce

13:30 (GMT)

Conference Chair’s Afternoon Address

13:35 (GMT)

Risk Based Investment: supporting the business strategy while improving cyber security posture

In a heavily federated business model, how do you effectively communicate risk to the Board to generate appropriate investment in cybersecurity, and demonstrate a ROI on that investment?

Being able to link investment in cyber security with the broader technology strategy, itself designed to support the business strategy, is key.

We address:

  • Framing risk through a business lens
  • Using security to enable business strategy
  • Understanding your drivers of cost
  • Capturing the return on investment

13:50 (GMT)

Expanding Trust with email security

In today’s digital and distributed workplace, phishing, business email compromise (BEC), and other targeted email attacks remain more frequent and dangerous than ever.

Targeted email attacks continue to evade existing email security controls and exploit trusted relationships to remain undetected.

14:05 (GMT)

Just how secure is your MFA solution?

Exploration of the weakest link in multi-factor authentication, and how businesses should be approaching this method of securing their customer data.

Learn about what security teams are fighting against, and the impact it is having on the MFA solutions.

Summary:

  • There has been an increase of smishing attempts seen across enterprise – and customers giving up their creds as a result of this
  • Lack of personal security measures on your customers email accounts means OTACs are often stolen from there – but what about via SMS?
  • Theft of your customers mobile number results in OTAC being redirected to fraudster
  • Is in-App the way forward for MFA?

14:20 (GMT)

Questions to the Panel of Speakers

14:35 (GMT)

Afternoon Networking and Refreshments served in the Exhibition Area

15:05 (GMT)

Privacy in the 21st Century

Niels den Otter
Head of Cybersecurity at ABN AMRO
view profile

We will explore how privacy has changed in the 21st century, why privacy is more important than ever before, the relationship between data and power, how privacy is crucial for trust and trustworthiness, and how we can take back control of our personal data.

15:35 (GMT)

Afternoon Networking and Refreshments served in the Exhibition Area

16:05 (GMT)

Operationalising MITRE ATT&CK Framework

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

We demonstrate how to use the ATT&CK knowledge base as a foundation for the development of specific threat models for cyber adversary behaviour,

reflecting on the various phases of an adversary’s attack lifecycle and the platforms they are known to target.

  • MITRE ATT&CK Overview
  • Contextualising MITRE ATT&CK within the Enterprise
  • Demonstrating the Use of MITRE ATT&CK in action

16:20 (GMT)

DDoS Attack Threat Landscape — Tracking DDoS Attack Trends

DDoS attacks are on the rise. Ransom attacks reached an all-time high in June 2022, with the Ukraine-Russia war having provoked new attacks against broadcast media and banking companies, and both application-layer and network-layer attacks rose by over 70% since 2021.

In this session, we analyse DDoS attacks that are detected and mitigated across our global network — spanning over 270 data centres worldwide — to uncover key patterns and insights into both known and emerging attack types.

16:35 (GMT)

Securing Hybrid Work: Using Zero Trust Principles to Secure your Data and Hybrid Workforce

In the two years since offices globally closed, sending employees to work from home, many organisations have sought a permanent happy middle ground, embracing ”hybrid” work models to create competitive advantage and employee experience.

However, desk location is not the only variable in ”hybrid”. Devices, applications, identities, and organisational structures are now hybrid, leading to new security challenges – particularly around securing sensitive data from loss and theft, whilst enhancing/simplifying user experience.

Join us as we explore the risks and opportunities of a hybrid work environment, discover global trends in securing disparate organisational structures, and gain insights into enabling secure new workplace models.

This interactive session highlights how to decrease business risk and enhance the experience for our people at the same time.

16:50 (GMT)

Questions to the Panel of Speakers

17:00 (GMT)

Closing Remarks from the Conference Chair

17:05 (GMT)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Motorola and Google Cloud: A Partnership for Safety and Security
Motorola Solutions and Google Cloud this week announced their multi-year agreement aimed at innovating cloud solutions across the mobile powerhouse’s safety and security technologies. The move will prioritize the advancement of assistive intelligence – including highly accurate and reliable delivery of video content, AI, and mapping capability to address real-world safety challenges. Motorola Movements Motorola...
Microsoft Provides Defence Guidance After Nation-State Compromise
Microsoft has provided new details for responders to the Russian nation-state attack that compromised its systems earlier in January. Alongside this announcement, the company has issued guidance for users on how to combat this ongoing, real threat. On January 12, 2024, Microsoft detected malicious activity on its network by “Midnight Blizzard”  (aka, Nobelium, APT29, Cozy...
Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers
Data theft is a primary concern for IT decision-makers, forging its way ahead of ransomware attacks, according to a survey conducted by integrity360. The company has also recently inaugurated a new security operations centre in Dublin, Ireland. Speaking to Infosecurity Brian Martin, head of product development, innovation and strategy at Integrity360, said: “We were expecting ransomware to...