ESRM

Enterprise Security & Risk Management

28 November 2018

Victoria Park Plaza

SOCIAL


LATEST TWEETS

SEMINARS

28 November 2018

The Seminars will take place from 12.15 – 13.00.
Delegates will be able to attend one seminar at the event. No pre selection is required – delegates will be able to select which session they attend onsite.

SESSIONS

SEMINAR 1
Victoria (Main Conference Room)
Real-Time Metrics is Critical for Security or Operational Challengers

Trevor Kennedy, Technical Account Manager, Tanium

When Wanna-Cry, notpetya and the Struts vulnerabilities hit, organisations went in to crisis management mode. Executives demanded live information from the enterprise, but for most organisations, tools that are using 25 year old technologies and architectures meant hours or days delay in receiving critical metrics. Even when data could be provided it was incomplete and could not be acted upon.

When it is all going wrong access to live, up-to-date data is imperative, including access to data that you currently don’t know you need. Once you have the right metrics to make an informed decision about a response, being able to act at scale across the entire enterprise is just as important.

After the crisis has been resolved, the ability to feed the correct data in to a risk matrix allows organisations to continue to ensure risk levels are maintained within risk tolerance appetites. We call this being a Resilient Business. Come and see how an enterprise platform can provide you with the data you need pre- and post- incident to ensure your business can bounce back from critical events.

SEMINAR 2
Edward 1
Streamline Your Security Operations and Incident Response and Gain Visibility Into Encrypted Traffic

Ollie Sheridan, CISSP, Principal Sales Engineer, Security (EMEA), Gigamon

Learn how you can streamline your Security Operations Centre team and provide swifter responses to Security Incidents by having actionable data for each event available to your Security Teams as events unfold. In this session will we also discuss how to gain visibility into encrypted traffic coming into and leaving your environment, thereby mitigating data exfiltration and APT threats from and to your organisation. In this session you will learn:

– How to provide visibility into encrypted traffic
– How to leverage the knowledge and expertise of seasoned Security Professionals to immediately import your Security Posture
– How to increase the reach of your tools and increase the life and effectiveness of your Security Countermeasures
– How to spot the tell-tale signs of stolen credentials being used for nefarious purposes

SEMINAR 3
Edward 3
Crowdsourcing Security Risk Assessment

Laurie Mercer, Security Engineer, HackerOne

Every year we spend more on cybersecurity, and every year the data breaches get more rampant. Cybersecurity should be a healthy and constructive practice, but for many, it is a nightmare.

Vulnerabilities exist. More often than not, someone already knows about them. The best way to prevent getting hacked is to try to get hacked by people you trust. Furthermore, sharing vulnerability information once issues are resolved can help other organizations resolve similar issues before they’re exploited.

In this talk we will learn how, as an industry, we can:
• engage positively with the global hacking community
• employ best practice in launching vulnerability disclosure programs
• scale security efforts to keep up with rapid release cycles and dev ops digital transformation
• build a culture where we can learn from our own and each other’s weaknesses

SEMINAR 4
Edward 5
The CIO Challenge – How to Stay Relevant in a Fast Paced, Mobile World

Alex Teteris, Principal – Technology Evangelist, Zscaler

A customer’s journey: Security in a ‘cloud first’ world – challenges, obstacles, trends and solutions
– The Internet is becoming the new corporate network and the cloud is the new data center. Companies should adapt their security and network infrastructure accordingly
– Enterprises can secure their digital transformation by enabling local internet breakout points at each branch – and by moving internet security to the cloud
– How to handle a hybrid architecture, with on-premise DC applications, as well as SaaS.
– Setting the foundation for a Zero-Trust model

SEMINAR 5
Edward 7
Mind the Risk Intelligence Gap – Putting Third Party Risk Management Theory Into Practice

Bob Lewis MBE, former Global Head of Supplier Assurance & Controls Testing, Barclays
Sean O’Brien CTPRP, Managing Director, DVV Solutions
Brad Keller JD, CTPRP, Sr. Director Third Party Strategy, Prevalent Inc.

What does a robust and effective Third Party risk management program really look and feel like? And what added-value can it deliver your organisation?
This panel and open Q&A session with risk assurance experts will explore what it takes to:
– establish a TPRM framework that supports greater operational resilience,
– achieve regulatory alignment for GDPR, SM&CR etc, and
– gain oversight of “nth party” risks throughout the digital supply chain

We’ll also look at the benefits and pitfalls of adopting processes and tooling designed to help you develop more effective and efficient risk assurance practices.

SEMINAR 6
Albert 1
Securing Privileged Access: Windows and Active Directory

Derek Melber, Technical Evangelist, ManageEngine

Hackers and attackers constantly try to gain access to our network and servers. Ideally, privileged access is desired so that full control access allows them to access everything they want. Organizations and administrators need to know where privileges are granted, so privileges can be configured and controlled. In this session, MVP Derek Melber will dive into the areas that privileges are granted, giving direct instruction on how to protect each area. When you leave the session, you will have a clear direction on protecting your privileges access.

SEMINAR 7
Albert 3
Bad Analogies Make Bad Realities: Are We Sitting on a Security Debt Crisis?

Etienne Greeff, Chief Technology Officer & Founder, SecureData

This presentation explores the idea that making cybersecurity analogous to risk is holding us back. How about we talk about security ‘debt’ instead? Technical Debt is already a well understood concept in software development – the cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer or cost more. Changing our language changes how we think and how we behave. This presentation argues that such a change could have a significant impact on software security.

In this presentation we will comment on the power of ‘analogies’ and how they’ve shaped our industry. We’ll then consider the difference between the ‘security as risk’ and the ‘security as debt’ paradigms and explore how changing paradigms may change the way we think about, talk about and measure software security. We believe this could have a very empowering effect on development managers and other security professionals who are struggling to articulate the relative benefits of security (or a lack of security) to a software product.