ESRM

Enterprise Security & Risk Management

19 March 2020

Victoria Park Plaza, London

SOCIAL


LATEST TWEETS

Programme

Session one – Strategic enterprise-wide risk management

  • Increasing security awareness from the board down
  • Reducing complexity in your security strategy
  • Defending the global enterprise
  • The value of engaging with risk positively
  • Effective incidence response planning
  • Investigating & resolving security events
  • Adding threat analytics to your security response
09:00
Conference Chair’s Opening Address

David R Bird, Chairman, UKNCSA

09:20
Increasing security awareness from the board down

Historically, CEO’s and Boards regarded security risk as a fringe issue rather than central to business performance.

The generational shift has ensured that security risk is no longer a siloed, IT department only issue, but recognised as central to business ecosystem functionality.

Despite this positive shift, communicating risk remains a major challenge for security practitioners when engaging with the board.

We address:

  • Communicating risk in business terms
  • Aligning security metrics with key business objectives
  • Highlighting the cost-benefit of investment
  • The cost of failing to protect against internal and external threats
  • Skills required for the future
09:40
Reducing complexity in your security strategy

Reducing complexity leads to increased visibility and better-informed decision making.

Sadly, many business leaders tend to rely on overtly reactive tactics rather than look to adopt a security posture which supports a simplified cybersecurity portfolio.

We explore:

  • How to consolidate capabilities to focus on business objectives
  • How to decrease data silos to limit friction for security teams
  • How to simplify your ecosystem to enhance response and recovery
09:55
How to Securely Embed Disruptive Technologies into your Organisation

The rules of the game are changing as more disruptive technologies colonise modern enterprises. Organisations are looking forward to unlocking their fullest potential, but how can this be done with minimal risk? We explore:

  • How disruptive technologies can fortify and weaken defences
  • Exploring top disruptive technologies: IoT, AI/ML, augmented analytics, blockchain, digital twins, smart spaces, edge computing, quantum computing
  • How can the risk associated be mitigated (e.g. ensuring accurate and free of prejudice data in your AI model)
  • Discussing the need for current regulatory guidelines to evolve as fast as technology is
10:10
Proving compliance

Achieving excellence in compliance means taking control of your security and risk strategy.

Easy to manage compliance tools have the power to free your workforce from manual, labour intensive exercises that limit the potential for innovative collaboration in other business areas.

In this presentation we consider:

  • How to prepare for regulatory changes
  • How to manage and implement changes in compliance
  • Use of automated tools to demonstrate compliance
  • Focusing on security operations
10:25
Effective incidence response planning: a governance led approach

It is the call that every security team dreads – that an attacker has severely compromised your organisation and gained widespread access to sensitive data. How prepared are you for this future scenario?

While most organisations have some frameworks in place to manage and respond to limited attacks, few feel confident that each employee in the pipeline fully understands their role in ensuring that each key business element is tied to the other in a complementary way.

There are four key questions you must ask yourself when assessing your organisational capabilities:

  • What’s the issue or problem?
  • What can I do to resolve the issue?
  • How am I going to implement the what?
  • Who?
10:40
Questions to the Panel of Speakers
10:50
Refreshment Break Served in the Exhibition Area
11:30
The Cyber Imperative: DevSecOps

Michael Macpherson, Lead Information Security Architect, ClearBank

Businesses around the world are continually on a mission to operate at a reduced cost while maintaining the competitive advantage and maximising profit, this is where the blend between developers and operations, comes into its own.

Where do traditional security teams fit into the DevOps world?

The truth is they don’t; there need to be a cultural shift and security teams need to start breaking down the walls between internal silos in order to understand how to create the balance between enforcing traditional security controls and adopting a more functional security approach.

Let’s discuss some of the pain points that DevOps teams have with the traditional security approach and how we, as security professionals, can become an integral part of securing the DevOps pipeline.

We explore automated security testing and the integration of DevSecOps to elevate, embed and evolve your risk response.

11:45
Adding threat analytics to your security response

To a CISO and the wider security team, the value in complementing your human capital with AI analytics is clear.

From basic log collection to increased visibility across the business; to incident prioritisation, you can build and deliver a plan of action that contains within it a workflow and remediation plan.

We look at how best to deploy AI threat analytics for your business.

12:00
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
12:15
Seminar Sessions
13:10
Networking Lunch Served in the Exhibition Area

Session two – Building Resilience and Responsiveness

  • An Attacker’s Perspective: how and why they target your org
  • Mapping and measuring your IoT risk
  • AI as an enterprise enabler and disabler
  • Best practice examples of managing third-party risk
  • ROI of Data Protection Compliance Engineering
  • Open cybersecurity ecosystem collaboration
14:00
Conference Chair’s Afternoon Address

David R Bird, Chairman, UKNCSA

14:05
Measurable business benefits from effective enterprise risk management

Dr Abdul Mohib, Group Head of Risk and Assurance, Peabody Trust

Is risk management really a new concept or has it been going on for thousands of years?  One can imagine a proto-risk manager burning a fire at night to keep wild animals away thereby reducing the risk of attack.  How did we transition from proto-risk manager to the world of insurance risk, financial risk and what we now know as enterprise risk management?  What does it all mean and how could we maximise the opportunities of embedding effective enterprise risk management to add value and help us maintain focus on achieving the organisational strategic objectives?

14:20
Case Study – Security Lessons from the Life Sciences Sector

Helen Rabe, CSO, Abcam (TBC)

M&A and alliance transactions frequently occur in the Life Sciences sector, creating a high-security risk for the serial acquires. A relative immaturity in smaller organisations leads to an increased risk in cyber breach security.

We discuss the lessons learnt from an industry that has been dealing with alliances, mergers and acquisitions, and due diligence processes for a long time.

14:35
Managing Data Risks: Lessons from Using International Open Data Sets

Carina Wangwe, Head ICT, The Commonwealth Secretariat

Many organisations use open data to inform their activities and to make business and policy decisions. While such data are convenient, freely available, the methodology and data quality checks used to collate the data are not immediately available to the End User.

Organisations using open data sets need to have internal risk management mechanisms embedded in their Data Governance practices in order to mitigate such risks.

14:50
Is AI an enterprise enabler or disabler?

AI drives business innovation, collaboration, and productivity, and better prepares you for a cyber-attack. AI also increases your threat potential, attack surface and magnifies existing vulnerabilities.

We explore the most prominent ways in which AI is being used by hackers to dig out and exploit existing vulnerabilities in a system, mine massive amounts of data to extract personally identifiable information, and automatically monitor emails and text messages to create personalised phishing emails for social engineering attacks.

15:05
Questions to the Panel of Speakers
15:15
Afternoon Networking and Refreshments served in the Exhibition Area
15:45
Open Cyber Security Ecosystem Collaboration

Open cybersecurity platforms support global innovation and collaboration, which helps leverage the power of the cybersecurity community. It powers the potential of stopping the vast majority of unknown malware, relates events across a broad set of threat intelligence metrics, and builds and delivers compliance solutions capable of supporting global customer databases.

In our closing address, we explore how opening a collaborative cybersecurity-platform drives industry adoption, supports the identification and deployment of best practices and helps deliver sustainable business and consumer-friendly solutions.

16:00
Panel Discussion – Career Expectations in Security Risk Management and Cyber Security
16:40
Closing Remarks from the Conference Chair

David R Bird, Chairman, UKNCSA

16:45
Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.