Session One – Achieving value from security and risk
In our morning session, we will be looking at the evolution of security and risk from a cost implication to a valued asset, the importance of managing a successful ESRM implementation and management policy, building the appropriate culture for change and mastering your knowledge and understanding of the global threat picture
- Security concerns and risk management perception
- Information security as an asset
- Adopting a holistic approach to security and risk
- Managing risk: The role of the CRO
- Risk perception as a core business function
- Measuring, quantifying and managing your risk posture
- Leadership strategy
- Data privacy harmonisation regulations
- Third-party risk management
- Emerging technology disruption
Chair’s Opening Address
Eliza May Austin, Incident Responder, Founder of LLHS (Ladies Of London Hacking Society) Founder of TFTCyber (Tech For Troops Cyber)
How great risks lead to great deeds: strategic risk management
Louise McCarthy, Former Chief Operating Officer – Global Digital Transformation Director, HSBC
Often in life, to achieve a highly valued outcome, we must accept a certain level of risk. Not only must we accept this as a reality of high level decision making, but we must also understand the risk posed, learn how to navigate it and achieve the desired result without causing reputational harm, both for the individual and the business. Twinned with this concern is the security of information and processes required to ensure that the strategy adopted to positively engage with risk is secure from external interference and internal subterfuge from competing forces.
In this opening address, we discuss:
- The value of engaging with risk positively
- The evolution of risk from fear to opportunity
- Security as a profit factor and not an expense
- Security and risk as equal actors
- The challenges of its implementation across an entire organisation
How Will YOU Detect and Respond to a Data Breach
Mike Spradbery, Senior Technical Leader, IBM Security UK & Ireland
In the next two years, your company is likely to be the victim of a data breach. How can you be ready to respond successfully, decreasing the impact of the attack? And what have other organisations done to be as prepared as possible?
Defending the global enterprise
Ralf Overkamp, Vice President Security Governance, Strategy and Steering, Deutsche Telekom
As the methods by which large enterprises create, store, share and manage data continues to become ever more mobile and less fixed, so too does the possibility of having such data stolen by external actors. This in turn can result in a loss revenue, a loss of investor and customer confidence, and the terminal decline of your business.
- Mobile threat detection
- New and unexpected attack vectors
- The critical elements for establishing and evaluating mobile device fleet security posture
- Additional cloud authentication and authorisation considerations
- How to establish defendable macro and micro perimeters for enterprise resources
Not Becoming the Next Cybersecurity Headline is Difficult, Very Difficult!
Etienne Greeff, Chief Technology Officer and Founder, SecureData
The only certainty in Cybersecurity is that high profile compromises will continue to dominate the headlines. This leaves boards with the question: How do we prevent ourselves becoming the next headline?
Most companies know that they need to implement a threat detection program to get in front of the cyber challenge. Getting it right is hard, very hard.
This talk looks at the overall threat landscape and provides a recipe for designing a threat detection program whether you decide to outsource or do it yourself.
The key takeaways from this talk include understanding the building blocks and processes required to make sure you stand a chance of not becoming the next headline.
Managing risk: From Insight to Foresight – The Changing Role of the CRO
Nicola Crawford, Chief Risk Officer, Financial Services Compensation Scheme; Immediate Past Chair of the
Board, Institute of Risk Management
The Chief Risk Officer (CRO) is one of the most crucial members of the senior management team. As the importance of CRO’s continues to increase, so too does the complexity of risks facing organisations today, both local and globally. This provides the imperative for CROs to take a 360-degree review of their current role and assess what changes need to be made to adapt to the challenges arising from the changing risk landscape
We will discuss:
• Emerging trends – what is on the CRO radar
• CRO accountabilities and the three lines of defence
• Skills required for the future
• Linking risk and strategy: insight vs foresight
• The data challenge
Aligning IT with your business strategy: the role of the CIO
Enterprises must prepare themselves for the increasing enmeshing of people, devices, content and services created by models, platforms and the services that support business. This increasing complexity requires an aligning of your IT strategy with your business strategy into a single strategic approach designed to meet increasing security concerns and address the risk related to increasing opportunities.
We explore how to position information and technology at the heart of your business strategy, the CIO’s role in shaping such a strategy, its components, where IT is embedded and how to continuously recalibrate to maximise business benefit.
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Implementing AI and Machine Learning to Support Real-time Monitoring and Decision Making
Andrew Tsonchev, Director of Technology, Darktrace
In this session, learn:
•How to use artificial intelligence to detect emerging threats and latent vulnerabilities
•Achieving 100% visibility across OT, IT and Industrial IoT
•Real-world case studies of stealthy cyber-threats identified early by the Industrial Immune System – before a crisis occurred
Mastering big data for security and risk perception
Securing your big data differs from traditional enterprise security. Whilst the enterprise data hub plays an important role in breaking down silos and provides for a single repository within the enterprise environment in which data related to finance, marketing and production exists, this also creates an obvious security-related shortcoming as the previous application silos acted as an important compartmentalisation of sensitive data designed for only interested parties and designated individuals to interact with.
• Securing your big data enterprise hub
• Developing strong access controls
• Strong authentication for both users and systems
• Full audit lineage
• Compliant protection through encryption
• Reduce complexity
Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice
- Mastering big data for security and risk perception
- Governing risk and security in the digital age
- The role of IoT in business performance
- Structuring and managing IAM
- How to defend against the cyber threat
- Business continuity plan case study
- How to maximise the value in security and risk
Chair’s Afternoon Address
How to manage third party risk
Graeme Park, Head of Global Security Operations, The Hut Group
- 3rd party risk issues in the last year
- Ecosystems of 3rd parties and dependencies
- Managing 3rd parties – onboarding and through life
- Understanding critical processes
- Consistency in scoring
- Technical tools for management
The ever evolving and diversifying nature of the cyber threat
From state and non-state actors, transnational entities and politically motivated underground societies, the nature of the cyber threat continues to pose a potentially fatal threat to enterprise security. This threat cuts across all sectors and industry, from investment and retail banking, insurance, legal and e-commerce.
- Tactics, techniques and procedures (TTPs) being employed
- How to leverage security capabilities and resources
- Robust intelligence programme
- The current global threat landscape
- Emerging trends
- Best practice strategies
Ensuring the success of your security programme
Ian Brown, Head of Information Security, British Heart Foundation
Most security professionals believe that excellent business management, leadership, and communication skills—not security expertise, are the competencies needed.
- Incorporating your security function within overall strategy, goals, mission, and objectives
- Organisational processes
- Security roles and responsibilities
- Control frameworks
- Measure progress and milestones
- Measure success and establish metrics
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Addressing Security Threats with Analytics
Claus Murmann, Head of Risk Analytics Systems, Standard Chartered Bank
No matter the security architecture in place and no matter the expertise of your personnel, total protection from external threats and internal mismanagement is simply not attainable. Given that it is now possible for machines to act independently to rectify security concerns, detect breaches and improve human performance by learning from data how to drive better decisions, understanding how to incorporate such technology into your network is vital.
With the use of predictive behavioural analytics, enterprises can simplify operations, ensure processes are less labour intensive and automate remediation.
In case of system failure: how to respond to an attack
How prepared is your IT department or administrator to handle security incidents? Many organizations learn how to respond to security incidents only after suffering attacks. By this time, incidents often become much costlier than needed. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy
We discuss how to:
- Minimise the number and severity of security incidents
- Assemble the core Computer Security Incident Response Team (CSIRT)
- Define an incident response plan
- Contain the damage and minimize risks
Closing Keynote Address: Making IoT more secure and private
Renaud Di Francesco, Director Europe Technology Standards Office, Sony
What is IoT?
- Looking at its owners and beneficiaries
- Threat categories and response
- How to turn the GDPR constraint into value creation
- Digital Transformation at the Edge between Physical and Digital segments of the world
- Users and beneficiaries: consumer and worker’s viewpoints
- My IoT helping me versus their IoT obstructing my way
- Mixed physical and digital methodology differing from genuine cybersecurity
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.