24 - 25 November, 2015 | ILEC Conference Centre and Ibis London Earls Court, London, United Kingdom

Information Security and Risk Day 2

08:30 - 08:50 Registration & Coffee

08:50 - 09:00 Chair's Welcome

09:00 - 09:40 Keynote Panel: The Intersection of Privacy, Security and E-Discovery

The headlines of high profile cyber-attacks affecting some of the largest organisations continue to raise the stakes for corporate cyber security efforts. Developments in the legislative, judicial, and regulatory cyber security spheres implicate every aspect of an organisation's infrastructure, including and especially the legal implications. At the same time, the balancing act between privacy, security, and e-discovery continues to evolve across Europe. This kick off panel brings together a seasoned group of experts to discuss the many facets of these issues.

09:40 - 10:20 Developing a Risk Based Approach to Cyber Security

  • Cyber security as a key operational risk
  • Overcoming the stigma of a technological knowledge deficiency
  • Cyber risk management as an essential component of a robust risk management framework
  • Key Industry trends
  • Board engagement
  • Impact on regulatory capital
  • Cost benefits of cyber security risk management? Use of Insurance?

10:20 - 11:00 Reporting Requirements in Light of a Cyber Breach

This session will give examples of how companies have in the past communicated cyber breaches to regulators and to their customers, and how more changes in EU regulations on reporting requirements increase the business impact and reputational risk following a cyber-security incident.

11:00 - 11:30 Tech Demo & Networking Break

11:30 - 12:10 Cyber Fraud Threat Landscape- How Are Traditional Cyber Attacks Being Used to Perpetrate Fraud?

Cyber fraud is on the rise, but is often overlooked in light of DDoS cyber attacks – a much more aggressive threat vector. As the cyber and fraud criminal worlds converge, so too must the methods used to combat these criminals, and the view from the business perspective.

  • Is it possible to predict patterns in cyber fraud?
  • How should this be categorised from a risk perspective?
  • How can better data protection mitigate financial fraud risk?

12:10 - 12:50 Using Threat Intelligence to Stay a Step Ahead

The combination of rapidly advancing technology and an ever-changing demographic, political and economic landscape, creates huge new challenges for cyber security professionals. Attackers leverage highly tailored malware, advanced persistent threats, massive DDoS attacks and a plethora of other tools to compromise organisations of all types on a daily basis. To overcome these challenges, cyber defenders must create innovative new models for protecting their organizations from increasingly advanced threats. Here we look at the various advancements in cyber intelligence and how this understanding can help you protect your systems and processes.

12:50 - 13:30 The Insider Threat – Culture Oversight and Internal Fraud Prevention

Internal fraud is a huge threat to many businesses with focus shifting the the Human Capital risk. People are recognizing a change in focus from overarching anti-fraud controls to soft defences - cost effective methods to enhance your anti-fraud framework in light of internal breaches.
• How can you overcome the pitfalls of ethical decision making- the key signs of employee misconduct and how to respond
• How can you implement monitoring, enforcement and reviewing employees as an integral part of a quality management system?

13:30 - 14:30 Tech Demo & Networking Lunch

14:30 - 15:10 NATO and Cyber Defence: What Have we Learned Over the Last Ten Years?

What have we got right? What do we need to do better? How can Financial Services adapt by learning from Government programmes?
This talk will look at the key lessons learned from NATO’s growing involvement in cyber issues over the last decade. We will examine how NATO sees the threat and what we have done to counter that threat, both in the defence of NATO‘s own networks and the increasing level of technical assistance that we are able today to provide to our 28 Allies. We will also review the existing gaps and profile where NATO is likely to go in the future as cyber increasingly becomes a domain in its own right for military operation activity.

15:10 - 15:50 Enterprise Risk Management – The Cyber Blackhole?

A key concern for all Risk Managers should be whether the organisation’s Enterprise Risk Management programme has considered all relevant cybersecurity risks including legal and policy risks. With the rise of BYOD, it is even more important for CROs to be on top of the types of devices available to the company, from the outset.

Here we look at the various implications of enterprise and BYOD, and how to mitigate that risk from a strategic perspective.

15:50 - 16:30 Tech Demo & Networking Break

16:30 - 17:10 Open Source Software - The New Frontier for Cyber Risk Assessment

The security of a given network highly depends on the software used and the administrative practices followed for operating systems, network monitoring, corporate mail, office productivity and so on. The rapid growth in the industrial internet has resulted in several open source development communities which have previously not been factored into many business risk frameworks. This session will highlight the security concerns of the end users in considering open source software for their enterprise requirements and the risks pertaining to open source software.

• What guidelines should you be following to ensure these risks can be mitigated?
• How can you thoroughly evaluate open source software before they are considered for enterprise use?
• What effect does using OSS have on your insurance coverage?

17:10 - 17:50 User Education and Policy Building

Many IT Professionals overlook the impact they can have on the way the business puts in place their User Policies, leaving that element to HR teams – here we will hear from a panel of experts on the way the education and policy building with a business can mitigate your risk and be built in as a valuable addition your IT strategy, and the support IT and Info Security can give to building robust user policies.

17:50 - 23:59 End of Day 2 and Close of Conference