Enterprise Security & Risk Management

28 November 2018

Victoria Park Plaza




Session One – Securing the Connected Enterprise

From the IT department to the boardroom – Mapping and Prioritising the Security and Risk Landscape in the new Information Security paradigm

  • Governance, Risk and Compliance (GRC)
  • Changing perceptions: Information Security as a Business Objective
  • New Challenges and Opportunities
  • Disruptive Technology Trends (Cloud, Social, Big Data) and Security
  • Effective Risk Management Strategies and Metrics
  • Information Security as a Business Enabler
  • Cyber Threat Risks – Guidance for Business Strategists and Boards
  • Defining Risk Appetite and allocating Cyber Security Resources Efficiently
Conference Chair’s Opening Address

Sarb Sembhi, Past President, ISACA London

Resilience vs. Compliance culture: why modern day business needs to expect events and learn to adapt

Thomas Christophers, Group Enterprise Risk, Thames Water

Catastrophic and significant events are no longer necessarily the remote instances that business feared. As the environment moves towards one where the next crisis should be expected to happen this session seeks to help you consider how companies can plan for this state of constant uncertainty whilst maintaining stakeholder confidence and long-term sustainability.

Securing Complex Systems using Centralized Tokenization Service

Krešimir Jurišić, Enterprise Architecture Manager, Mercury Processing Services International (MPSI)

Hrvoje Rončević, Application Architect, Mercury Processing Services International (MPSI)

The presentation will cover these topics:

  • Short intro to MPSI
  • Explanation of complex system communication in various languages and technology, new and legacy systems
  • Reasons to use a centralized system, focusing on reducing risk and GDPR compliance
  • Challenges of card protection
  • High level overview of the implementation – Migration approach in phases
Creating a Risk Management Framework for the Public Sector

Mark Gray, Chief Risk Officer, British Business Bank

What are the key components of a risk management framework in the public sector? This presentation will deal with the role of risk registers, a risk taxonomy, assurance and the use of risk appetite. It will describe the purpose of the second line of defence in a three lines of defence model and talk to what makes an effective risk management framework. It will examine how best to secure engagement throughout an organisation and what to report to Board.

Determining the Important Incidents

Ollie Sheridan, CISSP, Principal Engineer, Security (EMEA), Gigamon

The industry is overwhelmed with security incidents, and with ever more alerts and limited expertise and budget, where do you start? Ollie will take you through his customer experiences and how to resolve this.

GDPR: The Long Term Strategy

Matthew Kay, Group Data Protection Officer, Balfour Beatty

The presentation will focus on the work of Balfour Beatty to prepare for the General Data Protection Regulation pre May 25th 2018.

The subsequent work since May 25th 2018, the challenges organisations may face going forward in their work to maintain compliance with GDPR and a vision as to what approach an organisation may take to maintain a sustainable and engaged culture within their organisation towards Data Protection and Privacy.

Engaging With The Bored - Overcoming executive apathy by answering the tough questions!

Chris Hodson, Chief Information Security Officer, EMEA, Tanium

CISOs have the difficult job of delivering meaningful metrics to a Board of Directors that is not comprised of security professionals. In order for them to communicate security and risk effectively, the CISO needs to convey indicators of the company’s security posture in a manner which is informative and tailored to the audience.

The c-suite require security metrics which align to business objectives, yet a percentage of security leaders continue to provide quantitative figures associated with malware outbreaks and esoteric security non-compliance. Other security leaders go down the ‘Red, Amber Green’ risk matrix route providing a lack of actionable data and a misunderstanding of their company’s exposure.

If the security function wants a return seat at the executive table, the CISO needs to have answers to the difficult questions of visibility and business resilience.  These are the same questions which have required answers for nearly two decades, made infinitely harder to answer in a world of endpoint heterogeneity, dynamic workloads, cloud computing and exponential growth in data creation.

In this plenary session, Chris Hodson, Tanium’s EMEA CISO will give his opinion on some fundamental security questions which many CISOs deem ‘unanswerable’ – a position which leaves business executives wondering why they bothered investing in cybersecurity in the first place.  Perhaps we cannot answer the age-old ‘when we will be secure?’, however, there are other questions that the security function should regularly be reporting to their executive community.

Questions to the Panel of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
A New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

James Martin, Senior Cyber Security Manager, Darktrace

This session will discuss:

• Leveraging machine learning and AI algorithms to defend against advanced, never-seen-before, cyber-threats
• How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time
• How to achieve 100% visibility of your entire business including cloud, network and IoT environments
• Why automation and autonomous response is enabling security teams to neutralize in-progress attacks, prioritise resources, and tangibly lower risk

Security for the Future: Work Smart and Stay Safe

Oliver Madden, Chrome Enterprise Browser Specialist, Google Cloud

For organizations today, cybersecurity can feel like a moving target. As IT teams look to step up their endpoint security strategy, a managed web browser can offer multiple layers of protection that help reduce the risk of malware, ransomware and other exploits that often target your users. In this session, a Google expert will help IT leaders identify key ways to improve their current web browser security, while still empowering users to access the web and be productive.

Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
Seminar Sessions

To view the seminars  please click here

Networking Lunch Served in the Exhibition Area

Session Two – Building Resilience, Mitigating Risks, Sharing Best Practice

Sharing lessons learned, new innovations and stratagems for operational risk management

Conference Chair’s Afternoon Address

Sarb Sembhi, Past President, ISACA London

Enterprise Cyber Security Reference Architecture

Boris Taratine, Chief Cyber Security Architect, Lloyds Banking Group

Fast evolving cyber threats challenge the industry cyber capabilities and agility to respond. The awareness of cyber has become unprecedented and must be a factor in future development.  Holistic active collaborative approach is required to build cyber resilient businesses.

Cloud Talk – Yes, You Can Get Burned When It’s Cloudy

Chris Beckett, Cloud Security Architect, Check Point Technologies

Public and hybrid cloud adoption is exploding among enterprises, but so are cloud hacks and breaches. Cloud assets are at risk from the same types of threats targeting physical networks. What’s more, cybercriminals are using increasingly automated and sophisticated techniques to target and penetrate cloud environments. Cloud-enabled businesses need to understand where they are vulnerable and how to leverage advanced threat prevention security to keep their cloud assets protected. Join us for a thought-provoking session to gain practical knowledge of not only the risks but also how to close your security gaps in the cloud.

No One Is Safe - Cyber Crime And The Threat Landscape

Mohsin Choudhury, UK Head of Information Security, Bank of Ireland (First Line Defence)

Cyber Criminals pose significant threats to individuals, organisations and nation states with devastating consequences.
The speaker will highlight the motives, means and opportunities of Cyber Criminals and the impact they are having on our society. He will show the changing threat landscape and why your business will be a target for Cyber Criminals.

This session will cover identity theft, financial fraud, ransomware, organised crime and conclude with best ways to protect your business from Cyber Criminals.

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area

Session Three – Managing and Implementing a Secure ICT Infrastructure

Sharing best practice on how to analyse vulnerabilities in your ICT infrastructure and eliminate them

Insights from a Fast Growing UK Fin-Tech Provider

Kate Dunckley, Senior Fraud Strategy Manager, NewDay

This session will provide a brief insight into the digital transformation journey of NewDay, a major UK financial services company with products and services in the Near Prime and Co-brand credit market sectors. Their proprietary risk management models and segmented approach have enabled NewDay to tailor products to meet the specific needs of their customers.

Risk Management for Cloud Services

Peter Avamale, Vulnerability Management,

Cloud environments are fast becoming part of our technology infrastructure. However, they present a different paradigm for risk and vulnerability management efforts, or do they? This talk explores ideas for managing risk in cloud environments and shows that they may not be as different as we think.

Mitigating the Risk of Data Breaches from Within

Simon Sharp, Vice President International, ObserveIT

The greatest cyber security threat an organisation faces is no longer the malicious outsider hacking from beyond network firewalls. It is the insiders – the contractors, vendors, and privileged users who already have access to your company’s systems and sensitive data. According to The Ponemon Institute’s Insider Threats Global Report 2018, the average cost of an insider threat annually is $8.76 million.

Addressing this type of threat requires a different approach to addressing external threats; whether unintentional or malicious, organisations need to have visibility, real-time detection and prevention that enables them to respond quickly, eliminate insider threats and is proven to reduce the risk to business. In this session you will learn about best practices and real life examples for building and maintaining an effective insider threat program and why you need to focus on people, process and technology in that order – to mitigate the risk of a data breach from within.

Questions to the Panel of Speakers
Closing Remarks from the Conference Chair

Sarb Sembhi, Past President, ISACA London

Conference Close – Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.