Session One – Achieving value from security and risk
In our morning session we will be looking at the evolution of security and risk from a cost implication to a valued asset, the importance of managing a successful ESRM implementation and management policy, building the appropriate culture for change and mastering your knowledge and understanding of the global threat picture
- Security concerns and risk management perception
- Information security as an asset
- Adopting a holistic approach to security and risk
- Risk perception as a core business function
- Measuring, quantifying and managing your risk posture
- Leadership strategy
- Data privacy harmonisation regulations
- Third party risk management
- Emerging technology disruption
Chair’s Opening Address
Eliza May Austin, Incident Responder, Founder of LLHS (Ladies Of London Hacking Society) Founder of TFTCyber (Tech For Troops Cyber)
How great risks lead to great deeds
Often in life, to achieve a highly valued outcome, we must accept a certain level of risk. Not only must we accept this as a reality of high level decision making, but we must also understand the risk posed, learn how to navigate it and achieve the desired result without causing reputational harm, both for the individual and the business. Twinned with this concern is the security of information and processes required to ensure that the strategy adopted to positively engage with risk is secure from external interference and internal subterfuge from competing forces.
In this opening address, we discuss:
- The value of engaging with risk positively
- The evolution of risk from fear to opportunity
- Security as a profit factor and not an expense
- Security and risk as equal actors
- The challenges of its implementation across an entire organisation
Ensuring the success of your security programme
Most security professionals believe that excellent business management, leadership, and communication skills—not security expertise, are the competencies needed.
- Incorporating your security function within overall strategy, goals, mission, and objectives
- Organisational processes
- Security roles and responsibilities
- Control frameworks
- Measure progress and milestones
- Measure success and establish metrics
Defending the global enterprise
As the methods by which large enterprises create, store, share and manage data continues to become ever more mobile and less fixed, so too does the possibility of having such data stolen by external actors. This in turn can result in a loss revenue, a loss of investor and customer confidence, and the terminal decline of your business.
- Mobile threat detection
- New and unexpected attack vectors
- The critical elements for establishing and evaluating mobile device fleet security posture
- Additional cloud authentication and authorisation considerations
- How to establish defendable macro and micro perimeters for enterprise resources
Utilising disruptive enterprise technology for business advantage
As support networks continue to be disrupted, enterprises need to accept that no technology remains fixed and unencumbered by emerging trends as new high-technology spheres of influence emerge and challenge existing technology support networks (TSNs).
Given that the need for enterprises to remain competitive is set to increase exponentially, one of the ways in which organisations are seeking to address the challenge of supporting existing networks is by making real the concept of the networked enterprise.
- Developing serious cloud strategies for enterprise collaboration
- Connect and integrate cloud collaboration investments and strategies
- Drive not only productivity gains but better insight and automation
- Disrupting more traditional and collaboration methods, and helping to transform business models and operations
Managing organisational risk in a fragmented workplace
The globalisation of the economy, and with it trade, has produced large scale enterprises with divergent modes of production, complex supply chains and a multitude of premises from which core business functions are required to report back to headquarters. Such technological developments, whilst bringing many positive developments, also carry with them increased exposure, both to information security and less well thought of business functions.
- Ensuring that controls and expenditure are fully commensurate with the risks to which your organisation is exposed
- Ways to engage your organisation’s employees and board
- Overcoming challenges of siloed organisation
- Shadow IT
- Risk acceptance, ownership, mitigation strategies
Questions To The Panel Of Speakers
Refreshment Break Served in the Exhibition Area
A year on from GDPR
At the time that 3 billion user accounts had been breached at Yahoo in 2013-2014, it represented the largest data breach in history. Not only was the scope significant, the company didn’t disclose the breadth of the breach within 72 hours like the GDPR requires; in fact, it took them until October 2017 to fully acknowledge the extent of multiple breaches that occurred in 2013-2014. With revenue more than $4 billion for 2012, Yahoo would have faced millions of dollars in fines if GDPR would have been in place—$80 million but potentially as much as $160 million depending on the variable factors of GDPR including the culpability of the company and how cooperative they were.
Whilst the 25th May 2018 has been and gone, post implementation does not mean that the journey toward compliance has ended. In fact, as recent examples have shown, adherence has only increased in significance. Whilst pre-implementation fines were of a considerable value, the new terms under which companies can be fined have increased substantially and directly take account of annual turnover.
How to manage third party risk
As businesses work with vendors and partners around the world, levels of complexity and risk are rising. They need an end-to-end third-party risk management program that provides increased visibility and control, greater speed and scalability, reduced cost, and the ability to predict potential outcomes throughout global operations.
Whether you’ve already begun your third-party security risk management program or are looking for ways to improve what you have in place, third party risk remains a core issue for businesses.
Many companies have realised that creating a third-party risk management program is critical to the overall security of their networks, but simply do not possess the knowledge and understanding to manage effectively.
- Inherent risk and maturity
- Business case and investment
- Centralised control
- Technology platforms
- Sub-contractor risk
- Organisational imperatives and accountability
Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice
- Mastering big data for security and risk perception
- Governing risk and security in the digital age
- The role of CRO’s
- The role of IoT in business performance
- Structuring and managing IAM
- How to defend against the cyber threat
- Business continuity plan case study
- How to maximise the value in security and risk
Chair’s Afternoon Address
Addressing Security Threats with Analytics
No matter the security architecture in place, and no matter the expertise of your personnel, total protection from external threats and internal mismanagement is simply not attainable. Given that it is now possible for machines to act independently to rectify security concerns, detect breaches and improve human performance by learning from data how to drive better decisions, understanding how to incorporate such technology into your network is vital.
With the use of predictive behavioural analytics enterprises can simplify operations, ensure processes are less labour intensive and automate remediation.
Managing risk: The role of the CRO
The Chief Risk Officer (CRO) is one of the most crucial members of the management team. As the importance of CRO’s continues to increase, so too does the number of regulatory risks which provide the legal framework for global business.
Protecting your assets, both cyber and physical, by identifying and managing the risks and addressing your security and resilience needs is of paramount importance. When considering how to protect your business and its assets, you need to identify the threats posed and your existing vulnerabilities.
We will discuss:
- Emerging trends
- The challenge of IT risks
- Regulatory risks associated with global business
- Definitions of risk
- Quantifying and measuring risk
- Continuous monitoring and prioritisation
How the intersection of IAM and IoT affords privacy advantages, and can help satisfy aspects of the GDPR
The number of IoT devices increased 31% year-over-year to 8.4 billion in the year 2017 and it is estimated that there will be 30 billion devices by 2020. The global market value of IoT is projected to reach $7.1 trillion by 2020. Not only are enterprises increasingly making use of IoT, with a current estimate of 9.1 billion EIoT devices in use, but the reason for such usage is multiplying. EIoT usage cuts across all industries and sectors, is used for a multitude of performance and production purposes and brings with it increasing risk and issues around security, which range from external interference with automated systems to the theft of highly sensitive consumer data.
In this talk we will address the core security concerns around EIoT initiatives.
Defining access and measuring IAM performance
As a discipline, IAM can be difficult to master in an increasingly heterogeneous technology environment with increasingly rigorous compliance requirements. It is therefore vital that enterprises realise the harm that can be done by personnel mismanaging data, gaining access to elements of the business which they are not entitled to and ensure that the number of segmented networks and segregated access points are not vulnerable to hostile actors.
- How do users gain identity?
- How do enterprises protect that identity?
- What technologies should be deployed to support protection?
- How to implement and manage the appropriate identity management systems
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
The ever evolving and diversifying nature of the cyber threat
From state and non-state actors, transnational entities and politically motivated underground societies, the nature of the cyber threat continues to pose a potentially fatal threat to enterprise security. This threat cuts across all sectors and industry, from investment and retail banking, insurance, legal and e-commerce. Whilst the threat does indeed cut across all elements of enterprise activity, the tools by which you can ensure security to the greatest possible extent are available. What is required is an understanding of how to deploy, monitor and operate such tools.
- Tactics, techniques and procedures (TTPs) being employed
- How to leverage security capabilities and resources
- Robust intelligence programme
- The current global threat landscape
- Emerging trends
- Best practice strategies
In case of system failure: how to respond to an attack
How prepared is your IT department or administrator to handle security incidents? Many organizations learn how to respond to security incidents only after suffering attacks. By this time, incidents often become much costlier than needed. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy
We discuss how to:
- Minimise the number and severity of security incidents
- Assemble the core Computer Security Incident Response Team (CSIRT)
- Define an incident response plan
- Contain the damage and minimize risks
Closing Keynote Address: Achieving value from security and risk
The benefits of the fourth industrial revolution to enterprise are clear. The ability to expand into different industries and sectors made easier by the technological advancements witnessed over the last decade. The ability to globalise production and trade has seen enterprises evolve from local, regional, national to worldwide. But, with great advancements, comes increased security needs and risk perception. We must learn that with increased opportunities comes increased competition, potential for malice and a failure in risk management.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.