24 - 25 November, 2015 | ILEC Conference Centre and Ibis London Earls Court, London, United Kingdom

Information Security and Risk Day 1

08:00 - 08:30 Registration & Coffee

08:30 - 08:40 Chair's Welcome

Rob Pritchard, Founder,The Cyber Security Expert

Rob Pritchard

Founder
The Cyber Security Expert

08:40 - 09:20 Keynote Address: EU Cyber Security Regulation in Europe

Jakub Boratynski, Head of Unit,European Commission, DG CONNECT, Unit H.4 Trust and Security
This Keynote will provide an update on European cyber regulation – with the year seeing landmark privacy rulings including the Right to Be Forgotten and data processing legislation at the top of many business agendas. However, Europe holds its breath for the crucial next 12-24 months as the EU decides on a major regulatory overhaul – here we discuss the impact of this overhaul on your business strategy.

Jakub Boratynski

Head of Unit
European Commission, DG CONNECT, Unit H.4 Trust and Security

09:20 - 10:00 The Forces Shaping the Cyber Risk Market

With the Cyber Insurance market representing the fastest-growing insurance sector, many businesses are now reviewing their risk strategy and the forces causing the challenges and changing market. This session looks at the external and internal forces causing such huge changes in most Operational, Business Continuity and Business Risk strategies.

10:00 - 10:40 Leveraging Security Analytics to combat Cyber Threats

Both the threat landscape and the adversaries are evolving continuously. To prevent an arms race advanced security analytics leveraging security ‘big data’ can enhance ‘situational awareness’ to get ahead of the curve and respond to cyber threats in a timely fashion and minimize the impact on business.

10:40 - 11:10 Tech Demo & Networking Break


11:10 - 11:50 Panel Discussion: Emerging Regulatory Threats for Information Security Policies

The Cybersecurity Strategy for the European Union and the Commission proposal for a Directive on Network and Information Security is expected to add new requirements for breach notification to individuals, require organisations that handle personal data to conduct risk assessments and audits, and increase fines for compromised businesses. Other regulatory bodies have announced intentions to assess financial institutions for risk vulnerability and risk mitigation policies and procedures. How can you keep on top of the various different regulatory threats in relation to your Information Security Programme?

11:50 - 12:30 Identity & Access Management – Implementing Projects

An Identity and Access Management (IAM) Strategy should provide a roadmap for implementing a comprehensive and full-featured set of IAM services to encourage collaboration, facilitate stakeholder engagement, and support online interactions with a variety of users, while maintaining the security and integrity of the business’s digital assets.
  • What key elements should your IAM project cover?
  • How can you ensure full stakeholder engagement across the board?
  • How should you be assessing vendor solutions and who with the DMU should lead this element?

12:30 - 13:10 Infusing Security Into the Firm’s DNA

Most data breaches involve some kind of human action or inaction. It’s important that firms take steps to minimise risk and exposure from “the human layer” by making every employee responsible in some way for the security of the entire firm. All IT Professionals and staff need to understand the consequences of a data breach — to the firm and its clients — and the importance of recognizing and reporting warning signs to mitigate threats and minimize damages. The obvious solution is employee training — But who take this responsibility and how can CISOs drive this forward within the business?

13:10 - 14:10 Tech Demo & Networking Lunch


Roundtable 1

14:10 - 14:50 Best Practice Roundtables

Roundtable 2

14:10 - 14:50 Best Practice Roundtables

Roundtable 3

14:10 - 14:50 Best Practice Roundtables

Roundtable 4

14:10 - 14:50 Best Practice Roundtables

14:50 - 15:30 If Traditional Endpoint Security is Failing, What Comes Next?

There has been much debate about the end of anti-virus on the endpoint, and new detection methodologies. As the scope of what is an endpoint evolves and security requirements grow just what does the future of endpoint security look like; what are the benefits and challenges of emerging techniques. Can we drop traditional approaches or is this simply adding more to the security stack?

15:30 - 16:00 Tech Demo & Networking Break


16:00 - 16:40 Panel Discussion: Cloud Computing – Hype vs Reality

A hot topic of debate for IT and Legal teams alike, there is some disparity between the apparent benefits of utilising the Cloud and the uptake within large organisations. What factors should be taken into consideration when reviewing your data storage from an IT perspective?
  • Data Privacy regulation considerations
  • Negotiating up front as to Incident Response
  • Cross border data transfer for offshore servers
  • Export Controls and economic sanctions Issues

16:40 - 17:20 Cyber security as an Operational Risk- Overcoming the Stigma of a Technological Deficiency

• Cyber risk management as an essential component of good management practise
• Navigating a path from information overload to intelligence focussed risk management

17:20 - 18:00 Vendor Risk Management from the Legal Perspective

In today's environment, it would be nearly impossible to find a company that doesn't contract with a vendor. But the convenience and flexibility of outsourcing to third parties comes with significant risks, including the potential for regulatory penalties related to vendor incidents—penalties that have soared in recent years, costing institutions billions of dollars. Preventing risk events at third party service providers has always been a challenge, but now the stakes are far higher.

18:00 - 23:59 End of Day 1 and Networking Drinks Reception