Session One – Aligning people, processes and technology with governance and strategy
- Governance and management
- Breaking down risk
- The cyber skills gap
- The human factor in security
- Embedding IT & business strategy
- Defending your digital infrastructure
- Re-thinking mobile trust
Conference Chair’s Opening Address
Why some enterprises thrive while others fail: governance and management lessons
We live in an increasingly complex world, and one of the results of this increasing complexity is that several organisations are surprised when risks emerge that produce a state of terminal decline. Sometimes being prepared for risk means having difficult conversations with senior decision influencers and makers to mitigate the impact of such disruption. The reason for this is because people who sit at the top of organisations are typically positioned in such a way that they are oblivious to oncoming hazards whereas those who have a more granular role within an organisation are hesitant to highlight dangers.
We address why some companies successfully navigate crises whilst others fail, the importance of information flows across silos, what warning signs to be put in place and how to build a big risk culture.
Breaking down risk
How do you prepare to expand your business, establish a new revenue streams or modify the value of an existing model and demystify the risk associated with each of these opportunities? You start by breaking down risk into key areas.
First you observe the landscape in which you operate, the likely impact of your venture and the most common impediments to success. You then compartmentalise each risk element, factor it in to your planning and test your agreed protocols. Lastly, you must adopt a confident, forward facing approach to problem solving when issues occur; turning away out of fear will result in failure and reduce your risk appetite.
We address what it means to break down risk, how to establish agreed protocols, stress test them and adopt a forward-facing approach to problem solving.
The cyber skills gap: is it real?
We are led to believe that there exists across all industry and sectors a skills gap in cyber-security. Industry, media, academia have all come to consider this popularised opinion as fact. Whilst it is true that demand is outstripping supply, it is more the case that there is simply a misalignment in focus as to how best to address such a perceived gap in capabilities.
Rather than looking for the type cast cyber-security practitioner, organisations need to start looking for talent in unoriginal contexts to plug the gap in recruitment. Being able to teach the technology and taking advantage of transferable skills is key if you are to secure the right talent for your organisation regardless of background.
- The value in abandoning the checklist of security qualifications
- Treating the right behaviours as a valuable asset
- The value of on the job training
- Looking beyond traditional recruitment metrics
- Breaking down the institutionalised nature of security recruitment
Addressing internal and external error: the human factor
Even with the most secure, sophisticated architecture in place, human error, both internal and end user, represents the biggest gap in your defence.
Humans are susceptible to phishing attacks, using sensitive information off site or deploying security services in either unnecessary contexts or not deploying them when most needed. Added to this, we live in age of enterprise information overload in which both human centred and automated processes lead to false flag alerts, which highlights both a lack of organisational scalability and technological innovation.
- Development of company policies
- Deployment of holistic standard tools
- Investment in training
- Adopting a long-term approach to upskilling
Aligning IT with your business strategy: the role of the CIO
Enterprises must prepare themselves for the increasing enmeshing of people, devices, content and services created by models, platforms and the services that support business. This increasing complexity requires an aligning of your IT strategy with your business strategy into a single strategic approach designed to meet increasing security concerns and address the risk related with increasing opportunities.
We explore how to position information and technology at the heart of your business strategy, the CIO’s role in shaping such a strategy, its components, where IT is embedded and how to continuously recalibrate to maximise business benefit.
Questions To The Panel Of Speakers
Refreshment Break Served in the Exhibition Area
Information security: defending your digital infrastructure
As is common within the enterprise landscape, every so often a new, dynamic threat appears and highlights the shortcomings in existing security architecture.
An effective and dynamic security architecture allows you to signpost how you should manage the evolving threat, what action to take following successful penetration and how to maintain a suitably aggressive posture.
Such threats emanate from well-funded criminals who are working to steal your data to benefit either themselves, third parties or state actors. To combat this, you must maximise the extent to which you are able to defend your digital ecosystem.
- Today’s threat landscape
- Threat character and motivation
- Adopting a zero-trust model
- Developing robust detection and incident response capabilities
Re-imagining mobile device trust
Mobile devices have long since evolved from consumer devices to become vital tools for enterprise activity. With this innovation comes an extra layer of trust that many businesses have yet secure.
Harnessing the mobile ecosystem is a difficult task given the complexity of such devices in terms of how they are produced, and the potential of external interference achieved through hacking the components which make up the device; from the apps to the chips.
We address, the anatomy of mobile devices and the threat posed from apps, operating systems, firmware, hardware and how you can begin to build trust at the hardware level by resolving shared processing limitations and chip-based vulnerabilities.
Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session Two – Aligning governance & strategy with technology
- Designing secure IoT devices
- State of application security
- Deploying CASB in the cloud
- Architectural trends in IAM
- Centralised risk management
- Deception as a key security tool
- Preventing highly evasive attacks
Conference Chair’s Afternoon Address
Securing IoT: enhancing enterprise visibility
Making assumptions about your enterprise’s connectivity security is an error many make when utilising such high technology for personal and industrial use.
The degree of connectivity offered by IoT is impressive, but so too is the risk in security it represents as the organisational attack surface continues to expand; the more device types and form factors that are required to deal with, the more difficult it is to maintain visibility.
- Penetration testing beyond traditional boundaries
- Use attacker tools and techniques to test IoT devices
- Deploy effective change control & network security access controls
- Moving beyond a baseline of security
The role of automation in application security
The reality is that application security is worsening. Throughout 2018 applications have continued to provide malicious hackers with ease of access compared to other potential attack vectors. The question is why?
Some point to the increasing role of DevOps teams and the fact that many have yet to evolve towards DevSecOps.
This is not the fault of DevOps team, but rather a symptom of the continuing drive away from perfect to fast application development to decrease time to market. Equally true is the fact that security teams either lack the workforce or the time to maintain application security review processes.
Rather than reducing the speed of development, and therefore impacting brand reputation, it is better to look to the role of automation as an established technique to improve security.
We address automated security testing in a continuous delivery pipeline.
Architectural trends in enterprise IAM
The delineation between IAM, security, risk and privacy has all but faded away from the enterprise landscape as more identities, data sources and technologies are introduced.
One of the key reasons for such alignment is the shifting of applications to the cloud, proliferation of devices and the diversity of users. In response businesses of all sizes and scale have placed increasing importance on investing heavily in perfecting their IAM architecture to resolve workforce to SaaS, on-prem workforce, customer and B2B IAM cases.
- Identity analytics
- Data privacy and consent rules
- The challenge of IoT
- The future of blockchain
Deploying CASB in your cloud: making your data more secure
A cloud access security broker has emerged in recent years to become a valuable security tool that assists businesses to set policy, monitor behaviour, and manage risks across the entire set of enterprise cloud services and providers.
As with all developments in network access control, the capabilities of CASB continues to evolve to meet key challenges.
- Governing access and activities in sanctioned and unsanctioned cloud services
- Securing sensitive data and preventing its loss
- Protecting against internal and external threats
- Inform functional & architectural requirements through use case analysis
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Centralising your security and risk-related activities
The application of effective risk management software provides the opportunity to identify, analyse, monitor, review and treat existing and potential threats and risks throughout your organisation. True also is its ability to align with risk-centric standards.
Deployment of a user-friendly tool will give you the cutting edge in strategic management, mitigation and prevent risk in your organisation.
Securing effective deception across your environment
It is universally accepted that conventional security methods will fail at some point no matter the architecture and supporting infrastructure, which is why organisations are increasingly deploying deception as a key technology against malicious attacks.
Rather than view deception negatively, businesses are increasingly turning the tables on hackers and mimicking their deceptive practices in the face of highly sophisticated phishing, malware and ransomware.
- Exercising deception-based detection at every layer
- Making the entire network a trap for the attacker
- Deception as an alternative to big data analysis
- Enhancing both network and IT security
Beyond Detection: understanding security patterns to prevent evasive threats
The reality is that hackers do not reuse carbon copy methods to attack your network and instead deploy previously unused techniques and tactics. Equally true is the fact that security professionals cannot rely on threat intelligence alone for detecting such efforts.
We address identifying the key security patterns to prevent evasive threats without relying on detection tools alone.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.