ESRM

Enterprise Security & Risk Management

19 March 2020

Victoria Park Plaza, London

SOCIAL


LATEST TWEETS

Programme

Session one – Strategic enterprise-wide risk management

  • Increasing security awareness from the board down
  • Reducing complexity in your security strategy
  • Defending the global enterprise
  • The value of engaging with risk positively
  • Effective incidence response planning
  • Investigating & resolving security events
  • Adding threat analytics to your security response
09:00
Conference Chair’s Opening Address
09:20
Increasing security awareness from the board down

Historically, CEO’s and Boards regarded security risk as a fringe issue rather than central to business performance.

The generational shift has ensured that security risk is no longer a siloed, IT department only issue, but recognised as central to business ecosystem functionality.

Despite this positive shift, communicating risk remains a major challenge for security practitioners when engaging with the board.

We address:

  • Communicating risk in business terms
  • Aligning security metrics with key business objectives
  • Highlighting the cost-benefit of investment
  • The cost of failing to protect against internal and external threats
  • Skills required for the future
09:40
Reducing complexity in your security strategy

Reducing complexity leads to increased visibility and better-informed decision making.

Sadly, many business leaders tend to rely on overtly reactive tactics rather than look to adopt a security posture which supports a simplified cybersecurity portfolio.

We explore:

  • How to consolidate capabilities to focus on business objectives
  • How to decrease data silos to limit friction for security teams
  • How to simplify your ecosystem to enhance response and recovery
09:55
Ingraining security into your organisation’s memory

When embarking on a digital transformation journey, organisations typically deploy disruptive technologies to support the adoption of new, cutting edge processes.

With such adoption comes an increased risk of an attack or breach as many digital transformation projects experience increased insecurity brought about by disruption.

Whether you’re moving to the cloud, looking to empower your workforce, or transitioning from traditional technologies to new and emerging offerings, ensuring there is no damage to your critical assets is vital.

10:10
Proving compliance

Achieving excellence in compliance means taking control of your security and risk strategy.

Easy to manage compliance tools have the power to free your workforce from manual, labour intensive exercises that limit the potential for innovative collaboration in other business areas.

In this presentation we consider:

  • How to prepare for regulatory changes
  • How to manage and implement changes in compliance
  • Use of automated tools to demonstrate compliance
  • Focusing on security operations
10:25
Effective incidence response planning: a governance led approach

It is the call that every security team dreads – that an attacker has severely compromised your organisation and gained widespread access to sensitive data. How prepared are you for this future scenario?

While most organisations have some frameworks in place to manage and respond to limited attacks, few feel confident that each employee in the pipeline fully understands their role in ensuring that each key business element is tied to the other in a complementary way.

There are four key questions you must ask yourself when assessing your organisational capabilities:

  • What’s the issue or problem?
  • What can I do to resolve the issue?
  • How am I going to implement the what?
  • Who?
10:40
Questions to the Panel of Speakers
10:50
Refreshment Break Served in the Exhibition Area
11:30
Investigate security events with incident forensics

On average, the number of daily security events experienced by a large-scale enterprise can number as many as 20. This is not only extremely serious and potentially fatal to an organisation’s ability to maintain business and end-user privacy, but also a significant lag on productivity.

To stop an attack, you have to identify it, assess its origins, where in your network it exists and how fast it is moving.

We look at:

  • Building a plan encompassing incident forensics
  • Mapping threat vector origins
  • Simplified deployment
  • Elimination of manual searches
11:45
Adding threat analytics to your security response

To a CISO and the wider security team, the value in complementing your human capital with AI analytics is clear.

From basic log collection to increased visibility across the business; to incident prioritisation, you can build and deliver a plan of action that contains within it a workflow and remediation plan.

We look at how best to deploy AI threat analytics for your business.

12:00
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
12:15
Seminar Sessions
13:10
Networking Lunch Served in the Exhibition Area

Session two – Building Resilience and Responsiveness

  • An Attacker’s Perspective: how and why they target your org
  • Mapping and measuring your IoT risk
  • AI as an enterprise enabler and disabler
  • Best practice examples of managing third-party risk
  • ROI of Data Protection Compliance Engineering
  • Open cybersecurity ecosystem collaboration
14:00
Conference Chair’s Afternoon Address
14:05
An Attacker's Perspective: how and why they target your sites

On a daily basis, businesses experience a torrent of automated attacks against their web and mobile applications by a variety of hostile actors. Some employ the use of credentials stolen from login applications, while others create thousands of accounts on account registration applications to validate stolen credit cards.

In this session, we explore how attackers target businesses depending on their business model and monetise the information they obtain.

  • Gaining a better understanding of the attacker’s motivations and tactics
  • Targeting web applications and mobile APIs
  • The exploiting of click farms to develop credential-based attacks
  • How they avoid detection by tunnelling through aggregators
14:20
Mapping and measuring your IoT risk: considering the risk and value

The IoT has proven to be as disruptive as any high technology development in recent years. While its application, both physical and digital, can be regarded as an innovation enabler, it is a technology fraught with risk and lacking in both security and privacy.

Despite this, businesses have enthusiastically deployed it due to the potential value to be gained.

Join this talk to discover:

  • How IoT is enabling new avenues of risk
  • Enabling new types of attack previously unseen
  • The heightened data exposure through ‘always on.’
  • How built-in assurance, security and governance can decrease exposure
14:35
Is AI an enterprise enabler or disabler?

AI drives business innovation, collaboration, and productivity, and better prepares you for a cyber-attack. AI also increases your threat potential, attack surface and magnifies existing vulnerabilities.

We explore the most prominent ways in which AI is being used by hackers to dig out and exploit existing vulnerabilities in a system, mine massive amounts of data to extract personally identifiable information, and automatically monitor emails and text messages to create personalised phishing emails for social engineering attacks.

14:50
Questions to the Panel of Speakers
15:00
Afternoon Networking and Refreshments served in the Exhibition Area
15:30
Best practice examples of managing third-party risk

We explore and map that most vexed of issues, third-party risk management.

Join us as we detail each key element in the business-provider relationship and the areas you need to address in order to maintain
compliance, security and productivity.

  • Ecosystems of 3rd parties and dependencies
  • Managing 3rd parties – onboarding and through life
  • Understanding critical processes
  • Consistency in scoring
  • Technical tools for management
15:45
ROI of Data Protection Compliance Engineering

The financial benefits of meeting compliance requirements do not only outweigh the costs of non-compliance but are also seen as business enablers if the right conditions are met.

How is this done? It starts with the right mindset and a proper data protection engineering checklist of legal requirements and controls, presented and briefly discussed.

  • Basic calculus of the ROI of data protection engineering
  • How to engineer data protection in a disruptive technology
  • How a practical Data Engineering Compliance Management Plan looks like
  • What contribution could the Data Protection Officer make in data protection engineering?
16:00
Open cybersecurity ecosystem collaboration

Open cybersecurity platforms support global innovation and collaboration, which helps leverage the power of the cybersecurity community. It powers the potential of stopping the vast majority of unknown malware, relates events across a broad set of threat intelligence metrics, and builds and delivers compliance solutions capable of supporting global customer databases.

In our closing address, we explore how opening a collaborative cybersecurity-platform drives industry adoption, supports the identification and deployment of best practices and helps deliver sustainable business and consumer-friendly solutions.

16:15
Questions to the Panel of Speakers
16:25
Closing Remarks from the Conference Chair
16:45
Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.