Enterprise Security & Risk Management

19 March 2020

Victoria Park Plaza, London




Session one – Strategic enterprise-wide risk management

  • Increasing security awareness from the board down
  • Reducing complexity in your security strategy
  • Defending the global enterprise
  • The value of engaging with risk positively
  • Effective incidence response planning
  • Investigating & resolving security events
  • Adding threat analytics to your security response
Conference Chair’s Opening Address
2030 Cybersecurity Horizons

Andy Giles, Head of Security GRC & Centre of Excellence, Nationwide Building Society

This opening presentation will attempt to provide a summary of how current and near-term events are shaping the future of technology adoption, the application of cybersecurity in a rapidly evolving global innovation market, against a backdrop of global and environmental uncertainties that are causing organisations to consider physical and pollical developments when applying cyber security strategies.

Specific sections:

  • The impact of cloud on threat innovation vs the security industry’s skills uplift progress >> are we moving fast enough in UK Plc?
  • The march of automation, AI and ML – what the security industry can do get ahead of the global technical race
  • The need for closer collaboration in a post Brexit world, increasing offensive cyber activity and geopolitical impacts on UK Plc cyber exposure
Reducing complexity in your security strategy

Reducing complexity leads to increased visibility and better-informed decision making.

Sadly, many business leaders tend to rely on overtly reactive tactics rather than look to adopt a security posture which supports a simplified cybersecurity portfolio.

We explore:

  • How to consolidate capabilities to focus on business objectives
  • How to decrease data silos to limit friction for security teams
  • How to simplify your ecosystem to enhance response and recovery
How to Securely Embed Disruptive Technologies into your Organisation

The rules of the game are changing as more disruptive technologies colonise modern enterprises. Organisations are looking forward to unlocking their fullest potential, but how can this be done with minimal risk? We explore:

  • How disruptive technologies can fortify and weaken defences
  • Exploring top disruptive technologies: IoT, AI/ML, augmented analytics, blockchain, digital twins, smart spaces, edge computing, quantum computing
  • How can the risk associated be mitigated (e.g. ensuring accurate and free of prejudice data in your AI model)
  • Discussing the need for current regulatory guidelines to evolve as fast as technology is
Proving compliance

Achieving excellence in compliance means taking control of your security and risk strategy.

Easy to manage compliance tools have the power to free your workforce from manual, labour intensive exercises that limit the potential for innovative collaboration in other business areas.

In this presentation we consider:

  • How to prepare for regulatory changes
  • How to manage and implement changes in compliance
  • Use of automated tools to demonstrate compliance
  • Focusing on security operations
Measurable business benefits from effective enterprise risk management

Dr Abdul Mohib, Group Head of Risk and Assurance, Peabody Trust

Is risk management really a new concept or has it been going on for thousands of years?  One can imagine a proto-risk manager burning a fire at night to keep wild animals away thereby reducing the risk of attack.  How did we transition from proto-risk manager to the world of insurance risk, financial risk and what we now know as enterprise risk management?  What does it all mean and how could we maximise the opportunities of embedding effective enterprise risk management to add value and help us maintain focus on achieving the organisational strategic objectives?

Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Effective incidence response planning: a governance led approach

It is the call that every security team dreads – that an attacker has severely compromised your organisation and gained widespread access to sensitive data. How prepared are you for this future scenario?

While most organisations have some frameworks in place to manage and respond to limited attacks, few feel confident that each employee in the pipeline fully understands their role in ensuring that each key business element is tied to the other in a complementary way.

There are four key questions you must ask yourself when assessing your organisational capabilities:

  • What’s the issue or problem?
  • What can I do to resolve the issue?
  • How am I going to implement the what?
  • Who?
Adding threat analytics to your security response

To a CISO and the wider security team, the value in complementing your human capital with AI analytics is clear.

From basic log collection to increased visibility across the business; to incident prioritisation, you can build and deliver a plan of action that contains within it a workflow and remediation plan.

We look at how best to deploy AI threat analytics for your business.

Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session two – Building Resilience and Responsiveness

  • An Attacker’s Perspective: how and why they target your org
  • Mapping and measuring your IoT risk
  • AI as an enterprise enabler and disabler
  • Best practice examples of managing third-party risk
  • ROI of Data Protection Compliance Engineering
  • Open cybersecurity ecosystem collaboration
Conference Chair’s Afternoon Address
The Cyber Imperative: DevSecOps

Michael Macpherson, Lead Information Security Architect, ClearBank

Businesses around the world are continually on a mission to operate at a reduced cost while maintaining the competitive advantage and maximising profit, this is where the blend between developers and operations, comes into its own.

Where do traditional security teams fit into the DevOps world?

The truth is they don’t; there need to be a cultural shift and security teams need to start breaking down the walls between internal silos in order to understand how to create the balance between enforcing traditional security controls and adopting a more functional security approach.

Let’s discuss some of the pain points that DevOps teams have with the traditional security approach and how we, as security professionals, can become an integral part of securing the DevOps pipeline.

We explore automated security testing and the integration of DevSecOps to elevate, embed and evolve your risk response.

Case Study – Security Lessons from the Life Sciences Sector

Helen Rabe, CSO, Abcam (TBC)

M&A and alliance transactions frequently occur in the Life Sciences sector, creating a high-security risk for the serial acquires. A relative immaturity in smaller organisations leads to an increased risk in cyber breach security.

We discuss the lessons learnt from an industry that has been dealing with alliances, mergers and acquisitions, and due diligence processes for a long time.

Managing Data Risks: Lessons from Using International Open Data Sets

Carina Kabajunga, Head ICT, The Commonwealth Secretariat

Many organisations use open data to inform their activities and to make business and policy decisions. While such data are convenient, freely available, the methodology and data quality checks used to collate the data are not immediately available to the End User.

Organisations using open data sets need to have internal risk management mechanisms embedded in their Data Governance practices in order to mitigate such risks.

Is AI an enterprise enabler or disabler?

AI drives business innovation, collaboration, and productivity, and better prepares you for a cyber-attack. AI also increases your threat potential, attack surface and magnifies existing vulnerabilities.

We explore the most prominent ways in which AI is being used by hackers to dig out and exploit existing vulnerabilities in a system, mine massive amounts of data to extract personally identifiable information, and automatically monitor emails and text messages to create personalised phishing emails for social engineering attacks.

Things Are Only Secure Until They Are Not. Distributed Ledgers Secure Things Again

Jon Geater, Co-Founder & CTO, Jitsuin

Operators of Essential Services face invisible supply chain risks from connected Things while having to demonstrate compliance with cyber security regulations.

Strengthening threats, thinning airgaps and complex operational technology compound the challenge for CISOs to manage risk with fewer resources. Check-box compliance audits and spreadsheets won’t keep up with proving when who did what to a Thing and how it impacts cyber-risk in real-time.

Distributed ledgers bring the visibility, continuity, collaboration and automation that’s needed by all stakeholders in the connected device ecosystem to manage cyber security risk. The talk will outline how new technologies are needed to gain greater visibility of risks, collaboratively remediate and prove that security and compliance are possible.

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Neurological Insights of Human Technology Habits
Panel Discussion – Career Expectations in Security Risk Management and Cyber Security
Closing Remarks from the Conference Chair
Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.