24 - 25 November, 2015 | ILEC Conference Centre and Ibis London Earls Court, London, United Kingdom

Cyber for General Counsel and Human Factors Day 2

08:30 - 08:50 Registration & Coffee

08:50 - 09:00 Chair's Welcome

09:00 - 09:40 The Insider Threat- Culture Oversight and Internal Fraud prevention

Internal fraud is a huge threat to many businesses with focus shifting the Human Capital risk. People are recognizing a change in focus from overarching anti-fraud controls to soft defences - cost effective methods to enhance your anti-fraud framework in light of internal breaches.
• How can you overcome the pitfalls of ethical decision making- the key signs of employee misconduct and how to respond
• How can you implement monitoring, enforcement and reviewing employees as an integral part of a quality management system?

09:40 - 10:20 Cyber security and the tool sets around People, Processes and Technology

Cyber security is seen typically as a Technology issue. There is now increasing awareness of the importance of managing People and Process risks to achieve the required level of cyber security resilience. This session covers significant cyber security breaches that could have been avoided if People and Process risks had been addressed, and talks through the toolsets available to mitigate cyber security risk from the three perspectives of People, Process, and Technology.

10:20 - 11:00 Using Threat Intelligence to Stay a Step Ahead

The combination of rapidly advancing technology and an ever-changing demographic, political and economic landscape, creates huge new challenges for cyber security professionals. Attackers leverage highly tailored malware, advanced persistent threats, massive DDoS attacks and a plethora of other tools to compromise organisations of all types on a daily basis. To overcome these challenges, cyber defenders must create innovative new models for protecting their organizations from increasingly advanced threats. Here we look at the various advancements in cyber intelligence and how this understanding can help you protect your systems and processes.

11:00 - 11:30 Tech Demo & Networking Break

11:30 - 12:10 The Intersection of Privacy, Security and E-Discovery

The headlines of high profile cyber-attacks affecting some of the largest organisations continue to raise the stakes for corporate cyber security efforts. Developments in the legislative, judicial, and regulatory cyber security spheres implicate every aspect of an organisation's infrastructure, including and especially the legal implications. At the same time, the balancing act between privacy, security, and e-discovery continues to evolve across Europe. This session discusses the many facets of these issues.

12:10 - 12:50 The Legalities of Enterprise and BYOD Management

A key concern for all businesses should be whether the organisation’s Enterprise and BYOD Management programme has considered all relevant cybersecurity risks including legal and policy risks. With the rise of BYOD, it is even more important for employees to be on top of the types of devices available to the company, from the outset.

Here we look at the various implications of enterprise and BYOD, and how to mitigate that risk from a strategic perspective.

12:50 - 14:00 Tech Demo & Networking Lunch

14:00 - 14:40 Panel Discussion: Creating Your Ideal Secure Workforce

14:40 - 15:20 Facing the Breach - Preparing to Handle Incidents and Crisis

No security programme is perfect; incidents will take place. The key to handling them well is preparation that can prevent an incident from becoming a crisis. Risk Management is an essential part of a security response team and should participate and help guide periodic tabletop sessions that help prepare the organization. Risk-specific issues that bear advance planning include considering when and how risk mitigation will be asserted in the event of an incident and how the response will have an effect on future risk strategy.

In this interactive tabletop session, you’ll be guided through the key milestones to creating a solid plan for handling a breach including -
  • Identifying risk managers to participate in and counsel the incident response team and process
  • Being familiar with cybersecurity concepts, fact patterns, and terms in relation to the organization structure
  • Identifying and qualifying further key internal and external resources (e.g., forensics, outside counsel, communications)
  • Ensuring the team and process are exercised regularly to prepare for incidents
  • Regularly engaging senior management in a training exercises

15:20 - 15:50 Tech Demo & Networking Break

15:50 - 16:30 Reporting Requirements in Light of a Cyber Breach

This session will give examples of how companies have in the past communicated cyber breaches to regulators and to their customers, and how more changes in EU regulations on reporting requirements increase the business impact and reputational risk following a cyber-security incident.

16:30 - 17:10 Panel Discussion : Cybercrime prevention governance

Most data breaches involve some kind of human action or inaction. It’s important that firms take steps to minimise risk and exposure from “the human layer” by making every employee responsible in some way for the security of the entire firm. All General Counsel and staff need to understand the consequences of a data breach — to the firm and its clients — and the importance of recognizing and reporting warning signs to mitigate threats and minimize damages. The obvious solution is Cybercrime prevention governance— But who take this responsibility and how can GCs drive this forward within the business?

17:10 - 23:59 End of Day 2 and Close of Conference