Programme @

ESRM uk

Enterprise Security & Risk Management

28 November 2024

Victoria Park Plaza Hotel, London

Programme @ ESRM uk

Morning Session

Becoming a security and risk champion

  • Catastrophic Loss Risk
  • ThreatLocker Demo: Zero Trust in Action
  • Leveraging the Monte Carlo Method to Quantify Risks
  • City of Lethbridge Turns Risk Insights Into a Competitive Advantage with Diligent
  • How to maintain a steady ship in times of constant crises
  • Developing a Ransomware Playbook
  • DMARC – What is it and how can it defend my brand against email domain spoofing?
  • Phishing attacks – who is most at risk?

08:00 (GMT)

Registration and Exhibition Opens

Delegates collect their badge on arrival and refreshments are served amongst the Exhibitors

09:10 (GMT)

Conference Chair's Opening Address

Dr Gilad Rosner
Digital Identity, Privacy and Regulatory Consultant
view profile

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

09:25 (GMT)

Catastrophic Loss Risk

Tom Christophers
Global Head of Risk, Convatec plc.
view profile

Tom Christophers, Global Head of Risk, Convatec plc.

Major global, industrial, and financial catastrophes such as Covid-19, Piper Alpha, Bhopal, Enron, the Deepwater Horizon, and the most recent financial crises have contributed to the growing need for a formal strategy to combat and prepare for known and unknown risks.

Historically, business practices have relied heavily upon insurance policies to protect them against the financial impact of such incidents; however, it is clear that insurance is just one risk response and that companies have other less costly options, including resilience planning, risk acceptance, or mitigation. It is prudent to devise risk management measures to identify, measure, monitor, and report on risks across the business before they materialise into loss.

In order to obtain a clearer line of sight on different risk types and move towards a resilience model for businesses to operate within, it is necessary for businesses to get greater visibility on understanding, managing, and preparing for high-impact, low-likelihood risks (Catastrophic Loss Risk). Preventing, preparing, and responding to catastrophic loss events in a considered manner and ensuring that when events do occur businesses emerge more resilient from the experience, is a critical activity.

09:40 (GMT)

ThreatLocker Demo: Zero Trust in Action

Eoin McGrath
Solution's Engineer, Threatlocker
view profile

Eoin McGrath, Solution’s Engineer, Threatlocker

A demonstration of policies and controls to strengthen your security.

09:55 (GMT)

Leveraging the Monte Carlo Method to Quantify Risks

Jack Summerfield, Principal Cyber Security Risk Management Specialist, Collins Aerospace
Jack Summerfield
Principal Cyber Security Risk Management Specialist, Collins Aerospace
view profile

Jack Summerfield, Principal Cyber Security Risk Management Specialist, Collins Aerospace

Are you still struggling to obtain buy-in from stakeholders and senior leaders with control investment? Are you struggling to get your customers over the line with a control investment? Are you struggling to get people to buy into the value of a risk management process?

During this presentation you will learn:

  • What the Monte Carlo analysis is.
  • How to use it to quantify risks and turn “red,” “amber” and “green” into meaningful numbers.
  • How to use these numbers in business cases for controls and obtain that all-important buy-in from senior stakeholders.

10:10 (GMT)

City of Lethbridge Turns Risk Insights Into a Competitive Advantage with Diligent

Tom Ryan
Solution Engineer Director, Diligent Boardbooks
view profile

Tom Ryan, Solution Engineer Director, Diligent Boardbooks

The City of Lethbridge, a valued client of Diligent HighBond for their internal audit management needs since 2015, embarked on a transformative journey to enhance their Enterprise Risk Management program. This case study sheds light on their remarkable success story, showcasing how HighBond’s powerful tools and solutions have enabled the City to streamline risk management, elevate corporate awareness, and embed risk management principles into every facet of their municipal operations.

By leveraging HighBond’s tools, the City of Lethbridge successfully instilled a culture of risk management into every City program, making it an integral part of their organisational DNA. This newfound commitment to risk management has not only enhanced their ability to mitigate risks but has also positioned them as a model for other municipalities seeking to strengthen their risk management practices.

10:25 (GMT)

Bridging Visibility Gaps in Hybrid Cloud Monitoring

Federico Iaschi
Head of Cyber Security Resilience and Observability, Virgin Media O2
view profile
Federico Iaschi, Head of Cyber Security Resilience and Observability, Virgin Media O2

Hybrid cloud environments create dangerous visibility gaps that increase risk and stall innovation. “Bridging Visibility Gaps in Hybrid Cloud Monitoring” is a focused exploration of enhancing system transparency in complex cloud architectures. This session covers the urgent need for robust monitoring solutions, the criteria for selecting a scalable system, and the practical challenges and achievements of implementation. It highlights the significant improvements in security and efficiency achieved through strategic visibility enhancements. The talk concludes with actionable insights and future directions for integrating advanced analytics into cloud monitoring practices.

Summary Points:

  • Outlines the importance of visibility in hybrid cloud security and the selection of a fitting monitoring solution.
  • Describes real-world implementation challenges and the resulting operational benefits.
  • Presents future recommendations for adopting AI and predictive analytics in cloud monitoring.

10:40 (GMT)

Questions to the Panel of Speakers

Owen Miles
Field CTO, CEM Business Solutions, Everbridge
view profile

Joining the panel of this morning’s speakers will be Owen Miles from Everbridge.

11:00 (GMT)

Refreshment Break Served in the Exhibition Area

11:25 (GMT)

Welcome to Session Two

11:30 (GMT)

Developing a Ransomware Playbook

Bharat Thakrar
CISO and Principal Security Lead, Information Security Forum
view profile

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

Ransomware, unlike other security events, puts your organization on a countdown timer.

Delays in decision-making and response can significantly increase the risk to the business.

In addition to your incident-response plan, a specific ransomware playbook is needed. This addresses the key decision points that are essential, the team that will support you and the testing and rehearsal required for you to turn this into muscle memory.

In this talk, we will provide you with the tools and techniques needed to create a playbook specific to your organization and the process for exercising these.

11:45 (GMT)

DMARC – What is it and how can it defend my brand against email domain spoofing? 

Andrew Dillon
Sales Engineer, Mimecast
view profile

Andrew Dillon, Sales Engineer, Mimecast

The State of Email Security 2023 has found that efforts to impersonate companies are on the rise, with an eyewatering 91% of respondents reporting attempts to misappropriate their email domain.

Enter the DMARC protocol which helps stop bad actors delivering malicious emails that appear to come from your organisation to protect customers and your supply chain. When combined with a Secure Email Gateway that protects your employees being targeted by sophisticated attackers posing as trusted senders, it completes a powerful multi-layered approach to tackling brand abuse.

An effective DMARC deployment provides control of organisational domains and better governance for sending email sources but can be difficult and time consuming to implement without the right tools. Most organisations take an average 6 to 9 months to achieve full compliance, which doesn’t leave much time for DMARC implementation and compliance alongside PCI-DSS V4.0 auditing. Implementing DMARC becomes critical to ensure comprehensive email authentication and protect against email spoofing and phishing attacks.

This session will cover:

  • The Basics: What it is and how it works.
  • The Benefits: How you can preserve trust in your email and where this fits in a holistic approach to protecting your brand, customers, and employees.
  • The Journey: One customer’s path to compliance and how they overcame the challenges associated with DMARC enforcement.

12:00 (GMT)

Phishing attacks – who is most at risk?

Phishing scams continue to pose a significant threat for both individuals and businesses. The growth in the number of cyberattacks can be attributed to several factors, ranging from inadequate network security to sophisticated hacking methods. Among all the variants, phishing attacks have been prevailing since the dawn of the internet era.

12:15 (GMT)

Questions to the Panel of Speakers: Delegates move to the Seminar Rooms

12:30 (GMT)

Delegates move to the Seminar Rooms

13:15 (GMT)

Networking Lunch Served in the Exhibition Area

Afternoon Session

  • Managing Risk in The Digital Age
  • Cyber-resilience and How to Utilise Zero Trust to Achieve it Now
  • Cybersecurity Mesh Deep Dive: Architecture

14:00 (GMT)

Conference Chair’s Afternoon Address

Dr Gilad Rosner
Digital Identity, Privacy and Regulatory Consultant
view profile

Dr. Gilad Rosner, Digital Identity, Privacy and Regulatory Consultant

14:05 (GMT)

Managing Risk in The Digital Age

Dragana Radisic
Global Head Internal Controls & Policy, Lipton Teas and Infusions
view profile

Dragana Radisic, Global Head Internal Controls & Policy, Lipton Teas and Infusions

  • Challenges in setting up enterprise risk management in the company in the digital age
  • Best Practice Cybersecurity Framework
  • How to sell the risk framework to the Board

14:20 (GMT)

Cyber-resilience and How to Utilise Zero Trust to Achieve it Now

Phil Williams
Senior Systems Engineer, Illumio
view profile

Phil Williams, Senior Systems Engineer, Illumio

While we all have the target of 2030 to achieve compliance with the UK Cyber-security strategy, we need to be able to maintain services today. Having recently seen too many examples where patients are diverted, food is not delivered, and energy supplies disrupted, we need to be able to build more resiliency into our systems. The evolution of security over the last 35 years has made this too complex. In this session we will look at how we can use some of the principles of Zero Trust to simplify this process and introduce more resilience.

14:35 (GMT)

Cybersecurity Mesh Deep Dive: Architecture

We deep dive on how to build the cybersecurity mesh architecture (CSMA).

We will discuss the evolution of best-of-breed to the new CSMA along with pros and cons of each approach.

Finally, we will discuss the vendor landscape from larger security vendors with full stacks to open source/distributed CSM solutions.

14:50 (GMT)

Questions to the Panel of Speakers

15:05 (GMT)

Afternoon Networking and Refreshments served in the Exhibition Area

15:30 (GMT)

Seminars

Delegates have the chance to attend another one of the Seminars

View the Seminar Sessions

16:15 (GMT)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Changes to Financial Reporting Council: UK Corporate Governance Code 2024
Blog by: Acuity Risk Management The Financial Reporting Council (FRC) has introduced the newest edition of the UK Corporate Governance Code, demonstrating a substantial move towards enhancing corporate governance practices. The changes follow from the FRC review of the UK Corporate Governance, Corporate Reporting, and Audit systems in response to three independent reviews on the audit...
The SEC’s Cybersecurity Rules Have Come Into Effect – How to Make it Easier to Comply
Blog by: Acuity Risk Management The U.S. Securities and Exchange Commission (SEC)’s rules on reporting material cybersecurity incidents and disclosing information regarding their cybersecurity risk management, strategy and governance have come into effect. From December 18th, 2023, publicly listed companies (other than smaller reporting companies) must begin complying with the incident disclosure requirements.  Smaller reporting...
A Practical Guide to Implementing ‘Secure by Design’
Secure by Design is a new initiative from the UK Government, aimed at bolstering digital security. Its core mission is to empower organisations with a standardised approach to secure digital services. It’s not just a government priority; it’s a mandate for commercial organisations, including critical national infrastructure and third-party entities. Acuity’s in-depth whitepaper delves into the...