The World Cyber Security Congress Day 2 - 28th March 2018

08:58

Day Two - Wednesday 28th March 2018

09:00

Chairperson’s opening remarks and welcome

Mark Weil
09:10

Insights from Insurance

  • Understand your exposure to cyber risk from an insurance point of view
  • Which aspects of cybercrime can be insured against and what can’t?
  • Results of the Marsh UK Survey: how involved are boards in combatting cyber attacks and responding to incidents?
09:30

Sponsor presentation: The biggest mistake companies make with data security is...

  • Not aligning security with business goals
  • Is your security team good at considering how your IT projects impact overall business goals and revenue?
  • Learn to position yourself as a business enabler not an expense
Rob Shaw
09:50

Healthcare under attack: what can we learn from this highly targeted industry about digital transformation and resilience in the face of attack?

  • Isolating infected parts of the network and containing the threat
  • Ransomware - to pay or not to pay?
  • Reducing the costs incurred and the data lost, and preventing life threatening disruption to services
Mark Testoni
10:10

Disruptive technology to solve cyber security problems in government and industry: AI and Machine learning

  • How will the next wave of disruptive technology affect the cyber security industry ?
  • Cutting through the hype surrounding AI and Machine learning
Steven Wilson
10:30

The inside story of cybercrime: a view from the front line of international cyber policing

  • Are cyber attacks on your enterprise a result of espionage, organised crime or a random attack?
  • What have we learned from high-profile attacks in the last year and how can you adjust your security processes accordingly?
  • International collaboration models and open source platforms to keep you ahead of the threat
10:50

Networking coffee break & exhibition visit

Stream One - Evolving roles in the C-suite

Stream Two - Managing a broad attack surface

Stream Three - Fraud and cyber crime

Stream Four - New ways to test security effectiveness

Stream One
11:40

What does the board want to hear from their CISO?

  • With only 15% of boards satisfied with the information they are getting from management, how can you best present your board report?
  • Where might you be missing the mark?
  • How can you communicate in a way that is actionable and useful?
Stream Two
11:40

How does King manage its attack surface with over 1 billion users?

  • How can your Development team build security into your applications?
  • Is it better to create these solutions in-house?
  • Tips for scaling your cyber security processes and protocols as your business booms
Stream Three
11:40

What can retailers and the financial sector do to combat fraud and cybercrime?

  • Could FIs do more to combat cybercrime through ‘Know your customer’ processes?
  • How can retailers work with law enforcement?
  • A perspective from ex-law enforcement turned security director
Stream Four
11:40

Deception-based cyber security: from reactionary to proactive defence

  • Using honey nets and honey pots to lure hackers into your network
  • Why would you want to?!
  • Shifting to a proactive defense strategy
Stream One
12:00

IT is the business – rethinking the role of the IT team

  • Different circumstances call for different leadership skills
  • The current cyber climate demands CIOs, CISOs and CTOs with a strong grasp on business strategy and value-creation
  • Cyber security is no longer considered a solely ‘operational’ risk and IT professionals are moving to the c-suite
  • Is your IT team prepared for their new responsibilities? Are you?
Stream Two
12:00

Standards-based approach to cyber security strategy

  • What does a sophisticated attack look like – a brief history of cyber attacks
  • Cyber Security and standards – what approaches are available
  • ISO 27932 and the NIST Framework – what approach did we take
  • Detect, Respond, Recover – cyber-attacks and incident response
  • Strategy execution – Benchmarking & tracking progress.
Stream Three
12:00

Anti-fraud and information security functions

  • New methods for conducting fraud-related inquiries and investigations
  • Reallocating resources to achieve your goals
  • How can we best maintain anti-fraud programmes and related plans?
Stream Four
12:00

Combatting the Insider Cyber Threat using AI

  • how are bug bounty programmes being used to expose vulnerabilities in a controlled way?
  • Can you use AI to inform your cyber defences?
Stream One
12:20

Panel: The emergence of the “BISO”

Panel: The emergence of the “BISO”
  • Implement an information security strategy that supports businesses goals and objectives
  • How much should CISOs understand finance?
  • Collaborate with security architects to discuss solutions with the business strategy in mind
  • Facilitate cross-department engagement to identify projects that enable business development while ensuring the necessary security controls are in place
Mike Pitman, BISO, Head of Information Security, John Lewis
 
Rich Baich, CISO, Wells Fargo
 
Simon Jenner, CISO, Booking.com
 
Tarun Samtani, CISO, Findel PLC
 
Jean-Francois Simons, CISO, Brussels Airlines
Stream Two
12:20

Panel: what is the future of mobile and app security?

  • Mobile-readiness in the artificial intelligence age
  • Customer interaction at multiple touchpoints
  • The human side of mobile channels
 
Giacomo Collini, Director of Information Security, King
 
Greg Hawkins, CTO, Starling bank
 
Emilio Vacca, Director, Mobile channel, Telegraph Media Group
Stream Three
12:20

How have breaches changed in scope, motivation and cost?

  • Cyber security breaches today can see 5% of a company’s GDP wiped overnight
  • How have cyber security breaches changed historically?
  • What will the future hold?
 
Maria Vello, COO, Cyber Defence Alliance
 
Stefano Ciminelli, Deputy CISO, Swift
 
David Pope, CISO, DVLA
 
Mike Wyeth, Group Security Director, Shopdirect
 
Bruno Kalhoj, Head of Division, Security and Safety Division, Directorate General Administration, European Central Bank
 
Stream Four
12:20

Panel: The threat from Artificial Intelligence – who is right, Elon or Mark?

  • Mark Zuckerberg argues that AI is benign while Elon Musk has said “competition for AI superiority at national level most likely cause WW3”
  • Should we embrace new smart automation technology?
  • What place will it have in cyber security?
 
George Zarkadakis, Digital Lead, Willis Towers Watson
James Bynoe, Head of Information Security and Compliance, eBay
 
12:40

Networking lunch break & exhibition visit

Networking lunch break & exhibition visit 

LOOKING TO THE FUTURE

MANAGING LEGACY IT

WHERE CULTURE MEETS SECURITY

Stream One
14:00

Lessons Learned from a legacy IT overhaul at the Student Loans Company

  • SLC began their IT overhaul two years ago
  • What lessons were learned along the way and what advice would I give to IT professionals grappling with legacy IT transformation issues?
Stream Two
14:00

The Future of the IoT and connected devices

  • The connected world presents both challenges and opportunities for cyber security
  • Panasonic Avionics deals with fleets of planes flying all around the world, each connected to the internet
  • How do they manage their risk in such a connected and high-stakes environment?
Stream Three
14:00

Social engineering tactics

  • SEBs program for increasing awareness among SEB client executives and our customers
  • Why are people so susceptible to social engineering attacks?
  • Why are hackers sometimes better able to engage your workforce than you are?
Stream One
14:20

Panel: Should you bring your SOC in-house?

 
  • How should high value assets be monitored, and by whom?
  • Do the costs of building up an in-house security operations center outweigh the benefits?
  • Which other traditionally externally outsourced IT tasks should be brought in-house?
  • Which elements of your SOC should you outsource?
  • What will the next generation of SOCs look like?
Jonathan Lloyd-White, CISO, SMBC EMEA
 
Stream Two
14:20

Panel: the future of encryption

  • Will technology companies have to do more to support counter terrorism operations?
  • Is encryption as secure as we think?
  • Is it as anonymous as we think?
  • Is quantum encryption coming sooner than we think?
 
Alun McGlinchy, Chief Information Technology Security Officer, Student Loans Company
 
Stream Three
14:20

Panel: Cyber culture eats security strategy for breakfast

  • With the best intentions, your cyber security culture can undermine your security strategy
  • How to cultivate the best cyber security culture for your enterprise
 
George Zarkadakis, Digital Lead, Willis Towers Watson
Simon Jenner, CISO, Booking.com
Jonathan Kidd, CISO, Hargreaves Lansdown
 
David Lenoe
14:40

When Security Tools Collide: testing the real-world usefulness of two services


What’s the best way to test out a new security service? We decided it might be interesting to try testing two services at once – not in a traditional side-by-side bake-off, but testing them against each other, pitting a penetration testing service against a web application defense service. The results were interesting, illuminating, and helped us make decisions about the real-world usefulness of both services. 
 
Simon Jenner
15:00

How do you prevent a breach from evolving into a business-crippling attack

  • Companies often fail to understand the true threat against their employees, suppliers and ultimately, their data
  • Does your board view data security as a "business problem" and not just an "IT problem"?
  • Moving beyond legacy IT solutions, from obsolete ‘perimeter protection' strategy vs. ‘data-centric' strategy
  • Staying on top of evolving cyber threat intelligence is key to strengthening your data security strategy
Martyn Booth
15:20

How can we close the intelligence gap?

  • Encouraging knowledge sharing between industry, academia and public sector
  • Overcoming the main collaboration hurdles
  • Successful partnerships
  • creating a ‘public sector alumni’ program in the private sector, and using these networks to build a collaborative framework
15:40

Plenary wrap up session

16:00

Chair’s closing remarks and close of conference

last published: 20/Nov/17 10:25 GMT