ESRM

Enterprise Security & Risk Management

25 November 2019

Victoria Park Plaza

SOCIAL


LATEST TWEETS

Programme

Session One – Cyber Risk Mitigation and Management Strategies

From the board to the IT department, our morning session looks at how enterprises can prioritise risks and create strategies that efficiently prevent and detect threats. We explore:

  • Risk mitigation for digital transformation strategies
  • The importance of an engaged executive suite in cybersecurity
  • Designing risks assessments
  • Prioritising cultural challenges for risk mitigation
  • Data Risk Management best practices
  • Effective risk management strategies and risk metrics
  • Defending against threats through strategic partnerships
09:00
Conference Chair’s Opening Address
09:15
Morning Keynote - Smart risk-takers in digital transformation

Only 22% of chief executives believe the data they receive to be comprehensive enough to inform their data-driven decisions – a figure that has remained unchanged for the past 10 years. Smart risk management professionals far from obstructing digital initiatives can help their enterprises meet or beat their digital transformation goals. We explore:

  • When to begin assessing risk for your digital transformation strategy
  • Why an engaged executive suite in cybersecurity drive business growth
  • Where successful digital risk-handlers stand out
  • What effective risk managers can bring to help establish digital governance, source talent, find the right fit for emerging technologies and engage key stakeholders of digital initiatives.
09:35
The role of the CISO - The Security Leader’s Play Book

With digital technologies infused in every gear of the business machinery, cyber risk has been elevated, and so has the value and importance of the CISO, to the executive suite.

To enable the business, CISOs must speak the language of business. Today, CISOs must identify themselves as business enablers and, just as critically, be recognised in the same way by others — from the executive suite to the multiple lines of departments. It is no longer a job that fundamentally implies managing the firewall and securing the perimeter against threats.

What are today’s key attributes of an effective CISO? How will the position evolve in the upcoming years? Is there a talent shortage for the CISO role? We explore CISOs’ key challenges and the security leaders’ horizon.

09:55
Make the Business Case: Articulating Risk to the Board

Just a small percentage of boards report having a full level of engagement in cybersecurity and digital transformation. More importantly, very few — 5 per cent or less — full-board meetings focus on cybersecurity.

Join this session to:

  • Understand the importance of articulating cybersecurity risk to the board
  • Learn ways to frame strategic cybersecurity discussions that are more akin to the way organisations consider other risks
  • Elevate the discussion to financial risks – how to present business metrics and market growth to impact decision-makers
  • Acquire tools that leverage storytelling to create compelling cases
10:15
Creating a Risk-Aware Culture to Mitigate Risk

With more than 60% of incidents being credited to the human factor of cyber risk, more enterprises are looking for the root causes of risky employee behaviours and the aspects of workplace culture that could positively contribute to mitigating this risk. We consider:

  • The importance of creating a risk-aware culture
  • Gathering incident benchmarks that help prioritise culture challenges and needs
  • Obtaining ideas for improvement directly from employees
  • Segmenting the workforce to identify the most vulnerable populations
  • Identifying the practices that drive security-conscious behaviours
10:35
Data Risk Management: Protect your Critical Data

An exponential amount of data is being created and monetised around the globe, and such data growth means new liabilities and risks. With the global average cost of a data breaches reaching $3.86 million, it is high time for enterprises to reinforce their data risk management approaches. In this presentation, we cover:

  • Why data risk management matters
  • Creating a successful data security governance strategy
  • Mapping data to the corresponding value in the business
  • Finding the missing link – how to incorporate third-party vendors in your data map
  • Employing financial risk assessments – how to manage the different data-risk categories and apply the appropriate investment
  • Ensuring data protection compliance – encryption, tokenisation and masking
10:55
Questions To The Panel Of Speakers
11:10
Refreshment Break Served in the Exhibition Area
11:40
Distilling key lessons from the Banking industry: Cyber Defence Alliance

While the threats from hackers and fraudsters continue growing, a small group of UK banks and law enforcement agencies, called the Cyber Defence Alliance, are working together to share cybersecurity intelligence insights to combat threats.

This notable collaboration builds up casework for law enforcement to better investigate, capture and convict cybercriminals to transform the UK financial services sector in a safer industry. We distil key lessons of this alliance with takeaway insights for other sectors.

11:55
Cyber Risk Metrics: How to measure a fast-moving target

New tech introduces a dependency that didn’t exist before and fosters new opportunities for cybercriminals to exploit. Efficiently and objectively identifying ever-changing risks is the foundation of cybersecurity strategies and responses. We look at:

  • Defining and measuring risk – why it matters and how it can be integrated into organisational risk strategies
  • The importance of identifying your liabilities to create contingency plans
  • Identifying and establishing meaningful metrics for your responsibilities and vulnerabilities
  • How machine learning is helping to drive predictive protection to detect moving targets
  • Creating coherent frameworks to attach risk metrics to your liabilities
12:05
Questions to the Panel of Speakers and Delegate Movement to the Seminar Rooms
12:15
Seminar Sessions
13:00
Networking Lunch Served in the Exhibition Area

Session Two – Cyber Resilience, Tech Insights and the Threat Landscape

  • Exploring disruptive technology trends and risks and security solutions
  • Predictive Prioritisation of risks to tackle your main vulnerabilities
  • Exploring cloud security risks and vulnerabilities
  • Implementing DevSecOps to achieve cyber resilience
  • Understanding the threat landscape
14:00
Conference Chair’s Afternoon Address
14:05
Predictive Prioritisation: How to focus on the most critical vulnerabilities

With CVSS disclosing more than 15,000 new vulnerabilities per year – most of them categorised as high or critical – how can you identify the biggest threats to your business, and know what to patch first? We explore:

  • Why precise predictive prioritisation matters
  • Why rules-based prioritisation approaches and traditional vulnerability management efforts fall short
  • Applying machine learning to build and compare a series of remediation strategies
  • Adopting ML approaches that consider multiple data sources of vulnerability data, third party vulnerability and threat data
14:20
Cloud Security: Evaluating risks, suppliers and vulnerabilities

More than 40% of organisations report every year an attack on their cloud environments, but more than half of the enterprises had easily remediable network vulnerabilities. This presentation will demystify the intricacy of cloud security, its suppliers and security solutions, and how you can:

  • Assess cloud security risk – cloud risk framework components and capabilities, and first-priority risks
  • Build a sustainable cloud cyber risk governance program
  • Understand the considerations when enhancing cloud security capabilities: risks and gaps, strategic investment, security architecture dependencies, and costs and efforts
  • Achieve a balance between leveraging the existing security products and augmenting security with new products
  • Address key liabilities – IAM, data protection, network and infrastructure security, and more
  • Adapt DevSecOps vigilance – comprehensive visibility of cloud assets, usage, vulnerabilities and risk exposure, and continuous compliance
14:35
The Road Map to Flawlessly Integrate DevSecOps

The work of the DevSecOps team is never done to keep up with the threat landscape and resiliently perform in a hybrid environment. This session investigates:

  • Why DevSecOps is key to cyber resilience and risk mitigation
  • Creating feedback loops integrated with DevSecOps to make informed, actionable security decisions
  • Marrying security and engineering culture to encourage collaboration
  • Providing end-to-end visibility across the entire hybrid IT landscape
  • Enabling delivery velocity and high cadence response
  • Treating everything as code – Infrastructure as code
14:50
Questions to the Panel of Speakers
15:00
Afternoon Networking and Refreshments served in the Exhibition Area
15:30
How to Securely Embed Disruptive Technologies into Your Organisation

The rules of the game are changing as more disruptive technologies colonise modern enterprises. Organisations are looking forward to unlocking their fullest potential, but how can this be done with minimal risk? We explore:

  • How disruptive technologies can fortify and weaken defences
  • Exploring top disruptive technologies: IoT, AI/ML, augmented analytics, blockchain, digital twins, smart spaces, edge computing, quantum computing
  • How can the risk associated be mitigated (e.g. ensuring accurate and free of prejudice data in your AI model)
  • Discussing the need for current regulatory guidelines to evolve as fast as technology is
15:45
AI: a target and a tool

AI is improving cybersecurity, but it has not gone unnoticed by attackers. What is today, a tool for security teams, could very well become the next target of attack. As we become more reliant on AI/ML, there is an increasing need to understand how adversaries can attack security solutions based on ML. It is imperative to look at training and prediction stages and how ML can accelerate innovation in attackers’ techniques.

In this presentation, we consider different scenarios to understand the security issues that AI and ML introduce to organisations.

16:00
Closing Keynote: How companies can proactively prepare themselves for the evolving threat landscape

What are the risks plaguing enterprises today? What risks are on the horizon? What should companies be doing to prepare for the risks of tomorrow? Join this session to:

  • Assess your company’s approach: proactive, reactive or both
  • Improve your current practices with practical adjustments
  • Understand which risk management strategies actually generate risk
  • Learn which methods are beyond saving, and worse than doing nothing
  • Discover the future threat landscape
16:15
Questions to the Panel of Speakers
16:25
Closing Remarks from the Conference Chair
16:30
Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.