Programme @

ESRM uk

Enterprise Security & Risk Management

23 November 2022

London

Programme @ ESRM uk

Session One

09:00 (GMT)

Conference Chair's Opening Address

09:05 (GMT)

How to become a security-savvy board of directors

By 2025, it is estimated 40% of boards of directors will have a dedicated cybersecurity committee overseen by qualified board members, up from less than 10% today.

Given that cybersecurity is regarded as the second-highest source of risk after regulatory compliance, prioritising the establishment of a board-level security-focused committee led by a security expert is an obvious pivot.

We address, the value of treating security as a permanent boardroom level concern, what is needed to make it functional and relevant to the wider business, as well as the value of having a neuro-diverse leadership.

09:20 (GMT)

Remote working is here to stay, but is the necessary support?

According to recent statistics, 64% of large-scale enterprises can work remotely, with an estimated 40% continuing to work from home post-covid.

The great migration to remote working and the permanency this is set to create has required many to reimagine their policies and security tools. One such example is the need to move endpoint protection to cloud-delivered services.

We address the key security features that need to be re-defined in the post-covid era.

  • Ensuring everything will function for remote staff
  • Shifting to cloud-first delivered services
  • How to best protect your data, disaster recovery and backup

09:35 (GMT)

Identity-first security

From an idea to an essential, identity-centric security is fast becoming the centrepiece of the enterprise security strategy.

By shifting to an identity-first philosophy you can put identity at the centre of your security design.

As illustrated by the SolarWinds attack, the management and monitoring of identities is clear far too static and lacking in the responsiveness and zero-trust approach needed in the modern enterprise.

We address, why enterprises need to prioritise effective monitoring of authentication to identify attacks against business-critical infrastructure.

09:50 (GMT)

Centralisation of your security and risk controls

Deploying controls where they are most needed is essential for cybersecurity mesh, a modern security approach that enables tools to interoperate by providing foundational security services and centralized policy management and orchestration, rather than security tools running in a silo.

A cybersecurity mesh architecture allows organisations to extend security controls to distributed assets, especially valuable now since many IT assets now operate outside the traditional enterprise perimeter.

Join us as we highlight the increasingly integral role that cybersecurity mesh plays in enterprise security management and risk mitigation.

10:05 (GMT)

Why do we need to revolutionise our approach to risk?

Why do we need to revolutionise our approach and how best can we drive the need for dynamic risk management?

These are the two most common concerns and queries of risk practitioners.

As with all technological leaps, the digital age has facilitated significant social, economic and cultural disruption. This disruption has witnessed the digitalisation of business operations into cyberspace that is not easily governable.

In response, risk practitioners need to reimagine how they best mitigate risk and unlock value in a business-to-consumer environment in which enterprises have become fully virtualised and customers have accelerated their adoption of digital channels.

10:20 (GMT)

Questions to the Panel of Speakers

10:35 (GMT)

Refreshment Break Served in the Exhibition Area

11:05 (GMT)

Panel Discussion and Q&A: adding privacy-enhancing computation to your tech stack

We address, the increasing prioritisation of privacy-enhancing computation as how organisations can best protect their data in use as opposed to at rest or in motion.

This more dynamic approach to data security means you can better secure your data processing, sharing, cross-border transfers and analytics, even in untrusted environments.

Join us to discover why 50% of businesses by 2025 are estimated to have adopted privacy-enhancing computation for processing data in untrusted environments and how such an approach can assist in fraud analysis, intelligence gathering, and data sharing across a range of industries.

11:35 (GMT)

Questions to the Panel of Speakers & Delegates move to the Seminar Rooms

11:50 (GMT)

Seminar Sessions

12:30 (GMT)

Networking Lunch Served in the Exhibition Area

Session Two

13:30 (GMT)

Conference Chair’s Afternoon Address

13:35 (GMT)

Breach and attack simulation in action

Breach and attack simulation tools are tasked with maintaining a continuous defensive posture and designed to challenge limited visibility from annual point assessments like penetration testing. When CISO’s include BAS as a part of their regular security assessments, teams can identify security posture gaps more effectively and better prioritise security initiatives.

We discuss, how to operationalise the MITRE ATT&CK framework to challenge, assess and optimise your security posture against threat evolutions, simply and comprehensively.

13:50 (GMT)

Managing machine identities: tracking the health of your apps and devices

Managing machine identities is now a vital part of an organisations security strategy due to the exponential rise in the number of non-human entities that are now present within its physical and cyberinfrastructure.

We address:

  • Today’s machine identity-driven enterprise environment
  • Why it is growing twice as fast as human identities
  • Its increasing role in RPA, roboticization, and IoT
  • Why more than 50% of businesses find it so challenging to protect against bad actors

14:05 (GMT)

CTI: Challenging the Implementation of Cyber Threat Intelligence programs at any organization

In this presentation, we will discuss trial/error, what works and what hasn’t when it comes to developing and driving a successful Cyber Threat Intelligence program.

Areas to cover:

  • You have no CTI program, where do you even begin?
  • Do you need all of those paid vendor intelligence tools?
  • How do you scope intelligence collection and communication? Establishing Priority Intelligence Requirements
  • CTI for Incident Response, SecOps, Red Team, Third-Party Risk, and more

14:20 (GMT)

Questions to the Panel of Speakers

14:35 (GMT)

Afternoon Networking and Refreshments served in the Exhibition Area

15:05 (GMT)

Panel Discussion and Audience Q&A: how well do you understand your vulnerabilities?

The global pandemic spurred a digital revolution. From purchasing goods and services to visiting their healthcare providers, to working and learning from home, people doubled the amount of time spent online. Not surprisingly, with this massive digital migration, cybercrime has reached an all-time high.

Strikingly, attacks involving usernames and passwords increased an alarming 450% in 2020 from 2019, translating into billions upon billions of compromised records globally.

We address, to maintain consumer trust and avoid costly breaches, we need to prioritise the protection of digital identities.

In our discussion, we include key details on prominent data breaches impacting consumers across various industries and regions in 2020, the primary methods of attack and the identified best practice security responses to such attacks.

15:35 (GMT)

Afternoon Networking and Refreshments served in the Exhibition Area

16:05 (GMT)

Centralisation of your security and risk controls

Deploying controls where they are most needed is essential for cybersecurity mesh, a modern security approach that enables tools to interoperate by providing foundational security services and centralized policy management and orchestration, rather than security tools running in a silo.

A cybersecurity mesh architecture allows organisations to extend security controls to distributed assets, especially valuable now since many IT assets now operate outside the traditional enterprise perimeter.

Join us as we highlight the increasingly integral role that cybersecurity mesh plays in enterprise security management and risk mitigation.

16:20 (GMT)

Harmonising today’s operating models with new and emerging security and risk challenges

New technology capabilities have enabled automation and process at speed, replacing repetitive manual tasks and even augmenting humans in decision making and judgement calls. This is transforming the enterprise, creating a level of organisational agility that accelerates change in both business models and business practices.

These changes are acutely felt at the boundary between humans and machines. Today’s operating model invariably features a complex system of processes that bring together human and machine, a world that is hard to observe and arguably hard to manage.

We address how, as we adapt our practices, we, therefore, need to take a closer look into, and beyond, how humans and machines work and act in an enterprise, and what that means for the resilience of the services delivered to consumers and society at large.

16:35 (GMT)

Responding to a problem before it becomes a failure

It is the call that every security team dreads – that an attacker has seriously compromised your organisation and gained widespread access to sensitive data.

But how prepared are you for this eventual scenario?

While most organisations have some frameworks in place to manage and respond to limited attacks, few are prepared for the widespread disruption and compromise caused by a serious breach.

This presentation looks at how you can develop a key playbook for responding to serious incidents and implementing it within your organisation.

16:50 (GMT)

Questions to the Panel of Speakers

17:00 (GMT)

Closing Remarks from the Conference Chair

17:05 (GMT)

Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Google Takes Stand on Android Enterprise Security
This past week, Google launched the Android Enterprise Vulnerability Rewards Program, the latest boosting of Android Enterprise security, accompanied by several new capabilities and tools within Android 12. Boasting Features Android 12, currently available on Pixel phones and launching on multiple devices later in the year, boasts more default enterprise security features over its operating...
Killware is the Next Big Cyberthreat
It may sound like some scary direct-to-DVD horror movie or video game, but the safety of industries, businesses and the general public are gleaming no entertainment or enjoyment about the next big threat. As ransomware has seen a huge increase over the last two years thanks to the global pandemic and the pandora’s box it...
The New Dark Web is Telegram
During October 4th’s full blackout of Facebook, Messenger, Instagram and WhatsApp, millions of people suddenly found themselves scrambling for the 6-hour window towards other means of communication, such as Twitter and LinkedIn. To continue talking with friends and family, many flocked to alternative communication tools such as Viber and Telegram to communicate. In the case...