24 - 25 November, 2015 | ILEC Conference Centre and Ibis London Earls Court, London, United Kingdom

Cyber for General Counsel and Human Factors Day 1

08:00 - 08:50 Registration & Coffee

08:50 - 09:00 Chair's Welcome

09:00 - 09:40 Keynote Address: EU Cyber Security Regulation in Europe

This Keynote will provide an update on European cyber regulation – with the year seeing landmark privacy rulings including the Right to Be Forgotten and data processing legislation at the top of many business agendas. However, Europe holds its breath for the crucial next 12-24 months as the EU decides on a major regulatory overhaul – here we discuss the impact of this overhaul on your business strategy.

09:40 - 10:20 Changing Human Behaviour to Improve Information Security

Understanding how human behaviour can contribute to information security weaknesses, and looking at strategies to understand the impact of such behaviour, and how to influence and change it.

10:20 - 11:00 The Board’s role in leading the mitigation of cyber insider risk

In this presentation Chris will focus on the leadership role which boards should play in bringing together enterprise-wide resources to counter the cyber insider threat, articulate the organisation’s insider risk appetite, define and lead the security culture, and create an environment in which security is an integral part of business process and not a retrospective add-on. He will offer suggestions for the role of NEDs and audit committees in overseeing the corporate insider risk mitigation strategy in order to prevent the silo-based thinking that all too often enables serious insider events to take place in organisations with the inevitable consequences for the CEO and board members.

11:00 - 11:30 Tech Demo & Networking Break

11:30 - 12:10 Cyber Security Skills: From Boardroom to Basement

What your organization needs to take account of and how Government, industry and academia can work together to address the current cyber skills gap.

12:10 - 12:50 Achieving Regulatory Compliance – Getting through the hoops of DLP

Depending on an organization’s industry and geographic presence, a number of data security and privacy laws and regulations may apply to it, such as EU data security and data breach notification laws, as well at the to-soon-be-introduced DLP Regulation. With an effective regulatory compliance programme, organisations can avoid broader types of liability, and at the same time implement more effective cybersecurity measures in compliant framework.
• Assessing security-related regulatory compliance obligations.
• Assessing sufficiency and efficiency of existing regulatory compliance efforts and how to streamline as needed
• Ensuring training and preparation of incident response team to confirm that process followed is fully coordinated with (if not part of) cyber incident responses

12:50 - 14:00 Tech Demo & Networking Lunch

14:00 - 14:40 Can I Trust Cloud Security?

Moving to the cloud introduces a whole new set of issues, not asking the right questions before you sign up can cost you a lot of money. It is important to know what you are getting into, the costs going in, staying there and getting out.

Roundtable 1

14:40 - 15:20 Best Practice Roundtables

Roundtable 2

14:40 - 15:20 Best Practice Roundtables

Roundtable 3

14:40 - 15:20 Best Practice Roundtables

Roundtable 4

14:40 - 15:20 Best Practice Roundtables

15:20 - 15:50 Tech Demo & Networking Break

15:50 - 16:30 Combatting Information Security Confusion in the Company

One of the most common complaints from business units around the IT team is the lack of understanding of terminology employed by the Information Security and IT department when it comes to discussing forward strategies for Cyber Security. In this session, led by a leading GC, we’ll discuss combatting the confusion of IT terminology and structure to allow for better collaboration between business functions.

16:30 - 17:10 Infusing Security Into the Firm’s DNA

Most data breaches involve some kind of human action or inaction. It’s important that firms take steps to minimise risk and exposure from “the human layer” by making every employee responsible in some way for the security of the entire firm. All staff need to understand the consequences of a data breach — to the firm and its clients — and the importance of recognizing and reporting warning signs to mitigate threats and minimize damages. The obvious solution is employee training — But who take this responsibility and how can various element s of the DMU drive this forward within the business?

17:10 - 23:59 End of Day 1 and Networking Drinks Reception