Enterprise Security & Risk Management

26 March 2019

Victoria Park Plaza




Session One – Achieving value from security and risk

In our morning session, we will be looking at the evolution of security and risk from a cost implication to a valued asset, the importance of managing a successful ESRM implementation and management policy, building the appropriate culture for change and mastering your knowledge and understanding of the global threat picture

  • Security concerns and risk management perception
  • Information security as an asset
  • Adopting a holistic approach to security and risk
  • Managing risk: The role of the CRO
  • Risk perception as a core business function
  • Measuring, quantifying and managing your risk posture
  • Leadership strategy
  • Data privacy harmonisation regulations
  • Third-party risk management
  • Emerging technology disruption
Chair’s Opening Address

Eliza May Austin, Incident Responder, Founder of LLHS (Ladies Of London Hacking Society) Founder of TFTCyber (Tech For Troops Cyber)

How great risks lead to great deeds: strategic risk management

Louise McCarthy, Former Chief Operating Officer – Global Digital Transformation Director, HSBC 

Often in life, to achieve a highly valued outcome, we must accept a certain level of risk. Not only must we accept this as a reality of high level decision making, but we must also understand the risk posed, learn how to navigate it and achieve the desired result without causing reputational harm, both for the individual and the business. Twinned with this concern is the security of information and processes required to ensure that the strategy adopted to positively engage with risk is secure from external interference and internal subterfuge from competing forces.

In this opening address, we discuss:

  • The value of engaging with risk positively
  • The evolution of risk from fear to opportunity
  • Security as a profit factor and not an expense
  • Security and risk as equal actors
  • The challenges of its implementation across an entire organisation
  • Digitalisation vs regulations
How Will YOU Detect and Respond to a Data Breach

Mike Spradbery, Senior Technical Leader, IBM Security UK & Ireland

In the next two years, your company is likely to be the victim of a data breach. How can you be ready to respond successfully, decreasing the impact of the attack? And what have other organisations done to be as prepared as possible?

Defending the global enterprise

Ralf Overkamp, Vice President Group Security Governance, Deutsche Telekom 

As the digitization of business processes continues to increase at cyberspeed, so too does the possibility of having important data stolen, manipulated or destroyed. This in turn can result in direct damages, a loss revenue, a loss of investor and customer confidence, and the terminal decline of your business.

The presentation spotlights challenges and solution approaches for a global security management in a digitized world from the standpoint of a big Telco provider.
We discuss:

• Be Aware: New Risks in a digitized world
• Take the chance: Security as enabler of digitization
• Keep it flexible: Simple policies and controls, agile operations
• Be transparent: Vulnerabilities and attacks

Not Becoming the Next Cybersecurity Headline is Difficult, Very Difficult!

Etienne Greeff, Chief Technology Officer and Founder, SecureData

The only certainty in Cybersecurity is that high profile compromises will continue to dominate the headlines. This leaves boards with the question: How do we prevent ourselves becoming the next headline?

Most companies know that they need to implement a threat detection program to get in front of the cyber challenge. Getting it right is hard, very hard.

This talk looks at the overall threat landscape and provides a recipe for designing a threat detection program whether you decide to outsource or do it yourself.

The key takeaways from this talk include understanding the building blocks and processes required to make sure you stand a chance of not becoming the next headline.

Managing risk: From Insight to Foresight – The Changing Role of the CRO

Nicola Crawford, Chief Risk Officer, Financial Services Compensation Scheme; Immediate Past Chair of the
Board, Institute of Risk Management

The Chief Risk Officer (CRO) is one of the most crucial members of the senior management team. As the importance of CRO’s continues to increase, so too does the complexity of risks facing organisations today, both local and globally. This provides the imperative for CROs to take a 360-degree review of their current role and assess what changes need to be made to adapt to the challenges arising from the changing risk landscape

We will discuss:

• Emerging trends – what is on the CRO radar
• CRO accountabilities and the three lines of defence
• Skills required for the future
• Linking risk and strategy: insight vs foresight
• The data challenge

Engaging With The Bored by Answering the Tough Questions!

Simon Mullis, Regional Technical Officer, Tanium

CISOs have the difficult job of delivering meaningful metrics to a Board of Directors that is not comprised of security professionals. In order for them to communicate security and risk effectively, the CISO needs to convey indicators of the company’s security posture in a manner which is informative and tailored to the audience.

The c-suite require security metrics which align to business objectives, yet a percentage of security leaders continue to provide quantitative figures associated with malware outbreaks and esoteric security non-compliance. Other security leaders go down the ‘Red, Amber Green’ risk matrix route providing a lack of actionable data and a misunderstanding of their company’s exposure.

If the security function wants a return seat at the executive table, the CISO needs to have answers to the difficult questions of visibility and business resilience. These are the same questions which have required answers for nearly two decades, made infinitely harder to answer in a world of endpoint heterogeneity, dynamic workloads, cloud computing and exponential growth in data creation.

Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Implementing AI and Machine Learning to Support Real-time Monitoring and Decision Making

Andrew Tsonchev, Director of Technology, Darktrace

In this session, learn:

•How to use artificial intelligence to detect emerging threats and latent vulnerabilities
•Achieving 100% visibility across OT, IT and Industrial IoT
•Real-world case studies of stealthy cyber-threats identified early by the Industrial Immune System – before a crisis occurred

The Spectrum of Mobile Risk from a Customer’s Perspective

Burak Agca, Enterprise Sales Engineer, Lookout

This session will explore:

• The reasons for needing Mobile Threat Defense
• Lookout security cloud, dataset and data privacy
• End user communication and customer success
• Risk Matrix, Jailbreaking and rooting
• Cost of mobile breach, compliance, reduction of helpdesk calls due to self remediation
• Post perimeter security messaging
• Phishing AI, Conditional Access, SIEM feeds

Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice

  • Mastering big data for security and risk perception
  • Governing risk and security in the digital age
  • The role of IoT in business performance
  • Structuring and managing IAM
  • How to defend against the cyber threat
  • Business continuity plan case study
  • How to maximise the value in security and risk
Chair’s Afternoon Address

Eliza May Austin, Incident Responder, Founder of LLHS (Ladies Of London Hacking Society) Founder of TFTCyber (Tech For Troops Cyber)

Ensuring the success of your security programme

Ian Brown, Head of Information Security, British Heart Foundation

Most security professionals believe that excellent business management, leadership, and communication skills—not security expertise, are the competencies needed.

We explore:

  • Incorporating your security function within overall strategy, goals, mission, and objectives
  • Organisational processes
  • Security roles and responsibilities
  • Control frameworks
  • Measure progress and milestones
  • Measure success and establish metrics
How Cadence Inc. Overcame their Cloud Security Challenges

Richard Flanders, UK Head of Cloud Security, Check Point SoftwareTechnologies

Cadence knew that migrating to the cloud would bring challenges in the realm of network security, compliance and visibility. They needed to be sure that any Cloud management integrated solutions would be compatible and effective across the major public cloud infrastructures-as-aservice (iaas) providers, which included AWS,Azure, and GCP. Due to their anticipation of these security challenges, Cadence began using Check Point Cloudguard Dome9 as soon as they moved to the cloud.

Check Point helped Cadence to meet the following challenges:

• Visibility in a Multi-Cloud Environment Providing User Flexibility
• Maintain Access Control
• Compliance Reporting for Customers

Addressing Security Threats with Analytics

Claus Murmann, Head of Risk Analytics Systems, Standard Chartered Bank

No matter the security architecture in place and no matter the expertise of your personnel, total protection from external threats and internal mismanagement is simply not attainable. Given that it is now possible for machines to act independently to rectify security concerns, detect breaches and improve human performance by learning from data how to drive better decisions, understanding how to incorporate such technology into your network is vital.

With the use of predictive behavioural analytics, enterprises can simplify operations, ensure processes are less labour intensive and automate remediation.

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Making IoT more secure and private

Renaud Di Francesco, Director Europe Technology Standards Office, Sony BV

What is IoT?

We address:

  • Looking at its owners and beneficiaries
  • Threat categories and response
  • How to turn the GDPR constraint into value creation
  • Digital Transformation at the Edge between Physical and Digital segments of the world
  • Users and beneficiaries: consumer and worker’s viewpoints
  • My IoT helping me versus their IoT obstructing my way
  • Mixed physical and digital methodology differing from genuine cybersecurity
Todays CISO and Management challenges of Cyber Security

Steve Mulhearn, Director Enhanced Technologies UKI & DACH, Fortinet

In today’s world with the speed of change of technology we discuss the other challenges faced by Middle and Senior Management in the Cyber Security world.

• Day to Day CISO And Middle management challenges
• Organised Cyber Criminals Why are they successful?
• AI Myth or Magic
• Being realistic while communication is the key

Closing Keynote: Cybersecurity-getting Boards on board

Nadine Thomson, Former Group Director of Technology, Conde Nast International; Digital Technology Advisor, News UK

How do you get cybersecurity to the top of your companies Boardroom agenda?

Data breaches, ransomware attacks, and zero-day vulnerabilities are making headlines. CEOs and senior executives now realise how fatal a cybersecurity failure can be for their company, but Boards are not always prioritising cybersecurity and the subsequent investment, nor are they incorporating security into their business strategy.

How can you ensure your company is making the right investment in security? How do you get your Board on board?

Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.