Session one – Strategic enterprise-wide risk management
- Increasing security awareness from the board down
- Reducing complexity in your security strategy
- Defending the global enterprise
- The value of engaging with risk positively
- Effective incidence response planning
- Investigating & resolving security events
- Adding threat analytics to your security response
Conference Chair’s Opening Address
Increasing security awareness from the board down
Historically, CEO’s and Boards regarded security risk as a fringe issue rather than central to business performance.
The generational shift experienced by enterprises has ensured that security risk is no longer a siloed, IT department only issue, but recognised as central to business ecosystem functionality.
Despite this positive shift, communicating risk remains a major challenge for security practitioners when engaging with the board.
- Communicating risk in business terms
- Aligning security metrics with key business objectives
- Highlighting the cost-benefit of investment
- The cost of failing to protect against internal and external threats
- Skills required for the future
Reducing complexity in your security strategy
Reducing complexity leads to increased visibility and better-informed decision making.
Sadly, many business leaders tend to rely on overtly reactive tactics rather than look to adopt a security posture which supports a simplified cybersecurity portfolio.
- How to consolidate capabilities to focus on business objectives
- How to decrease data silos to limit friction for security teams
- How to simplify your ecosystem to enhance response and recovery
Ingraining security into your organisation’s memory
When embarking on a digital transformation journey, organisations typically deploy disruptive technologies to support the adoption of new, cutting edge processes.
With such adoption comes an increased risk of an attack or breach as many digital transformation projects experience increased insecurity brought about by disruption.
Whether you’re moving to the cloud, looking to empower your workforce, or transitioning from traditional technologies to new and emerging offerings, ensuring there is no damage to your critical assets is vital.
Achieving excellence in compliance means taking control of your security and risk strategy.
Easy to manage compliance tools have the power to free your workforce from manual, labour intensive exercises which limit the potential for innovative collaboration in other business areas.
- How to prepare for regulatory changes
- How to manage and implement changes in compliance
- Use of automated tools to demonstrate compliance
- Focusing on security operations
Effective incidence response planning: a governance led approach
It is the call that every security team dreads – that an attacker has seriously compromised your organisation and gained widespread access to sensitive data. How prepared are you for this eventual scenario?
While most organisations have some frameworks in place to manage and respond to limited attacks, few feel confident that each person situated within the business pipeline fully appreciates their role in ensuring that each key business element is tied to the other in a complementary way.
There are four key questions you must ask yourself when assessing your organisational capabilities:
- What’s the issue or problem?
- What can I do to resolve the issue?
- How am I going to implement the what?
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Investigate security events with incident forensics
On average, the number of daily security events experienced by a large-scale enterprise can number as many as 20. This is not only extremely serious and potentially fatal to an organisation’s ability to maintain business and end-user privacy, but also a major lag on productivity.
In order to stop an attack, you have to identify it, assess its origins and where in your network it exists and how fast it is moving.
- Building a plan encompassing incident forensics
- Mapping threat vector origins
- Simplified deployment
- Elimination of manual searches
Adding threat analytics to your security response
To a CISO, and the wider security team, the value of being able to complement your human capital with AI analytics is clear.
From basic log collection to increase visibility across the business; to the ability to prioritise all of the incidents that are happening so that you can order and segment according to seriousness. From that, you are able to build and deliver a plan of action which contains within it a workflow and remediation plan.
We address how best to deploy AI threat analytics for your business.
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session two – Building Resilience and Responsiveness
- An Attacker’s Perspective: how and why they target your org
- Mapping and measuring your IoT risk
- AI as an enterprise enabler and disabler
- Best practice examples of managing third-party risk
- ROI of Data Protection Compliance Engineering
- Open cybersecurity ecosystem collaboration
Conference Chair’s Afternoon Address
An Attacker's Perspective: how and why they target your sites
On a daily basis, businesses experience a torrent of automated attacks against their web and mobile applications by a variety of hostile actors.
Some employ the use of credentials stolen from login applications to take over accounts, whilst others create thousands of accounts on account registration applications to validate stolen credit cards.
In this session, we explore how attackers target businesses depending on their business model and monetise the information they obtain.
- Gaining a better understanding of attacker’s motivations and tactics
- Targeting web applications and mobile APIs
- The exploiting of click farms to develop credential-based attacks
- How they avoid detection by tunnelling through aggregators
Mapping and measuring your IoT risk: considering the risk and value
The IoT has proven to be as disruptive as any high technology development in recent years. Whilst its application, both physical and digital, can be regarded as an innovation enabler, it is a technology fraught with risk and lacking in both security and privacy.
Despite this, businesses have enthusiastically deployed due to the value to be gained from it through organisational competitiveness.
- How IoT is enabling new avenues of risk
- Enabling new types of attack previously unseen
- The heightened data exposure through ‘always on’
- How built-in assurance, security and governance can decrease exposure
Is AI an enterprise enabler or disabler?
AI drives business innovation, collaboration, productivity and better prepares you for a cyber-attack.
AI also increases your threat potential, attack surface and magnifies existing vulnerabilities.
We explore the most prominent ways in which AI is being used by hackers to dig out and exploit existing vulnerabilities in a system, mine large amounts of data to extract personally identifiable information, and automatically monitor emails and text messages to create personalised phishing mails for social engineering attacks.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Best practice examples of managing third-party risk
We explore and map that most vexed of issues, third-party risk management.
Join us as we detail each key element in the business-provider relationship and the areas you need to address in order to maintain
compliance, security and productivity.
- Ecosystems of 3rd parties and dependencies
- Managing 3rd parties – onboarding and through life
- Understanding critical processes
- Consistency in scoring
- Technical tools for management
ROI of Data Protection Compliance Engineering
The financial benefits of compliance with data protection requirements do not only outweigh the financial costs of non-compliance for data practitioners but can overall be seen as an important business enabler if the right conditions are met.
How is this done? It starts with the right mindset and a proper data protection engineering checklist of legal requirements and controls of which a generic version is presented and briefly discussed.
- Basic calculus of the ROI of data protection engineering
- How to engineer data protection in a disruptive technology
- What does a practical Data Engineering Compliance Management Plan look like?
- What contribution could the Data Protection Officer make in data protection engineering?
Open cybersecurity ecosystem collaboration
Open cybersecurity platforms support global innovation and collaboration which helps leverage the power of the cybersecurity community, powers the potential of stopping the vast majority of unknown malware, relate events across a broad set of threat intelligence metrics, and builds and delivers compliance solutions capable of supporting global customer databases.
In our closing address, we explore how open cybersecurity platform collaboration drives industry collaboration and adoption, supports the identification and deployment of best practice and helps deliver sustainable, business and consumer-friendly solutions.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.