Programme @ ESRM uk

Dr Gilad Rosner, Founder, IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher

Stephen Owen, CISO, Esure 

This 25-minute session will provide practical highlights on how to:

• Take the myth away that its difficult
• Breadcrumb trail on how to start the process
• Evolve your Risk register
• Justify budgets to CFO based on Return on Security Investment

Ange Johnson de Wet, Head of Technology Change Risk, Lloyds Banking Group 

A sustainable business strategy is one which encompasses the global economic climate, the industry-specific financial landscape, and the social and cultural factors which are relevant to your organisation.

By catering to each of these key elements, businesses are able to successfully grow in a stable and manageable way.

By improving the process by which you plan out your activities you will be better able to create long term value for the company, its shareholders, and customers.

We address:

• Identifying the appropriate model for your business
• Restructuring where required
• Understanding the organisational challenges
• Securing employee buy-in
• Mapping out your intended outcomes
• Marking against milestones
• Measuring against expected and unexpected disruption

Andy Giles, Head of Security GRC & Centre of Excellence, Nationwide Building Society

This presentation will attempt to provide a summary of how current and near-term events are shaping the future of technology adoption, the application of cybersecurity in a rapidly evolving global innovation market, against a backdrop of global and environmental uncertainties that are causing organisations to consider physical and pollical developments when applying cybersecurity strategies.

Specific sections:

• The impact of cloud on threat innovation vs the security industry’s skills uplift progress – are we moving fast enough in UK Plc?
• The march of automation, AI and ML – what the security industry can do get ahead of the global technical race
• The need for closer collaboration in a post-Brexit world, increasing offensive cyber activity and geopolitical impacts on UK Plc cyber exposure

With the right platform, you can maintain business continuity and minimise data loss while saving valuable budget and time. When a major disruption occurs, with disaster recovery as a service, you can activate failover in an instant and recover critical data to get your operations back online with the hour, reduce data loss with the automatic replication of virtual machine data, and achieve real cost versus usage benefit compared to traditional disaster recovery services.

We address:

• Faster response times
• Minimise IT hassle
• Optimise site separation
• Make it yours

In an age of ever-increasing complexity, in which the global quickly becomes the local, business leaders are having to pay greater attention to risks which threaten their fortunes and create the potential for catastrophic disruption. Prioritization of risk into manageable, accessible, and solvable issues is no easy task, with many organisations falling into the trap of creating silos rather than maintaining a business wide approach.

We address:

• Protecting sources of value creation
• Realising game changing moves for your organisation
• Innovation through disruption
• The role of emerging technologies
• Business model transformation
• Adapting to ecosystem changes
• Organisational success through strategic decision making

Businesses invest significantly in enterprise software. Despite this investment, many SAM practitioners still find themselves having to manage time-consuming, inaccurate, and unreliable manual processes which are hosted on spreadsheets or out of date SAM tools. This leaves the possibility of optimisation a distant dream due to the lack of visibility.

We address why existing SAM approaches do not work, the benefits of a single system of action, how to establish a SAM strategy and how to get started

Mike Baier, Lead, Third Party Information Security Risk Management, Takeda

Each third-party relationship brings with it a number of risks that need to be identified at the time. These risks are often multi-dimensional as they extend across suppliers, vendors, contractors, service providers, and other parties, and can have an impact on different levels of the organisation such as product lines, business units, and geographies.

We address:

• Comprehensively identifying third-party risks
• An analysis of the specific drivers that increase third-party risk.
• Focus strongly on contracts that govern third-party relationships
• Frame policies, and implement controls to mitigate third-party risks

Monica M. Minkel, VP, Executive Risk Enterprise Leader, Holmes Murphy & Associates

Being able to accurately identify and prioritise security threats and threats that affect the enterprise is vital. Equally important is the ability to respond at speed and scale no matter the size and scope of the challenge.

We address:

• Visibility into data whether on site or in the cloud
• Automate intelligence with AI threat and incident detection
• Create an ecosystem of continuous improvement through detection of vulnerabilities and malware

By successfully leveraging behaviour analytics, businesses can better map their internal vulnerabilities and act accordingly once a real entity risk has been identified.

We address, how you can identify users exhibiting risky behaviour, prevent bad actors from accessing critical assets and analyse communications-based data sources for potential code of conduct breaches.

With the expansion of remote working now part of the new normal, the value of a reliable, secure, and dynamic cloud platform is more important than ever.

Added to this new trend is the growing abandonment of the historical approach to security which placed an emphasis on building walls in favour of the worker as your first line of defence in an increasingly virtualised setting.

We address:

• Convergence as a key feature
• Security-as-a-service
• Flexible, hybrid deployment
• Data on a global scale
• Securing your users, no matter the time or place

Lydia Payne-Johnson, JD, CIPP, Director, Information Security, Identity & Access Management and Risk, The George Washington University 

As organizations incorporate machine learning/artificial intelligence models into strategic business initiatives, there a growing need for responsible management by IT and key business stakeholders to protect and defend AI given the dearth of AI-related regulations.

• Framing Its role in ML/AI Management: Owner or Enabler?
• Practicable considerations for protecting AI-enabled digital business systems
• Addressing business, legal and ethical challenges to AI algorithms

Today’s business-consumer relationship is dynamic, varied, and multi-dimensional with a wide variety of established contact points, from twitter to the high street. Of paramount importance to the business is how secure each and every customer feels when engaging with the company, whatever the platform. Trust lost is also business lost and revenue not generated.

We address:

• Moving away from discreet group management
• Moving towards cross-functional trust
• Safety teams overseeing all interactions
• Ensuring a standard level of safety across each space
• Supporting consumer-business interaction