Let’s get offensive: Using cyber-attack simulations to improve your cyber security posture

by Jonathan Gad, VP Business Development, Cymulate Show Profile

 

11:30

Is GDPR-regulated data hiding in pockets of your organisation?

by Richard Agnew, VP EMEA, Code42 Show Profile

 

11:30

How do you dynamically enforce the principle of “least privilege”

by IDAX Software

 

11:30

Negotiation approaches for CISOs engaging with vendors: Strategies to stay within budget

11:30

Why do CISOs fail? Overcoming the top five barriers to success and organisation-wide impact

11:30

Passive defence v Active defence – which of your operations require a different cyber security strategy

11:30

Which security metrics do you track, which can you track, and which should you ignore?

11:30

Is cyber security training a waste of your budget? Where to focus security education to have the greatest impact

11:30

AI and machine learning: Can you use legacy data to calculate the risk of future attacks?

11:30

How do you run your hacking and incident response exercises, and how do these replicate “live” threats?

11:30

Chair’s opening remarks

by David Topping, COO, BlueSky Show Profile

 

13:30

Integrating privacy engineering into your information security practices

CASE STUDY

• Where can privacy processes beat hackers, and where can security awareness beat them?
• Why a reliance on security is not the same as privacy
• Which legal, policy and operational processes need to be considered when implementing privacy engineering?
• Evaluating whether your systems fulfil users’ privacy needs

13:40

GDPR and global data protection variations: What have we learned and what are we still working on?

PANEL SESSION

• Update on the latest global data protection variations – is GDPR becoming the global data privacy standard
• Harmonising data protection approach for different legislative regions
• Brexit & data protection – latest update
• What is your long-term GDPR strategy?  Can your company ever be seen as GDPR-compliant?

 

by Jon Townsend, CIO, National Trust Show Profile

 

by Deborah Haworth, CISO, Penguin Random House UK Show Profile

 

by Rocio de la Cruz, Principal Associate, Gowling WLG Show Profile

 

by Shash Patel, Director, Information Risk Management & Privacy, Air Products Show Profile

 

14:05

Security innovations from Google: Preventing phishing and Zero Trust security

BEST-PRACTICE BRIEFING

• How Google prevents its employees being phished, having no reported or confirmed account takeovers since 2017
• What we are doing to protect billions of consumers and customers, and how they can prevent phishing like Google
• Zero Trust: How Google provides secure remote access to 80,000+ employees without the use of a VPN
• How you can take advantage of Google’s ongoing research and investment in security

by Tom Salmon, Customer Engineer for Google Cloud Platform, Google Show Profile

 

14:55

Chair’s opening remarks

by Paul Taylor, Partner and UK Lead for Cyber in the Boardroom, KPMG Show Profile

 

13:30

A New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

BEST-PRACTICE BRIEFING

• Leveraging machine learning and AI algorithms to defend against advanced, never-seen-before, cyber-threats
• How new immune system technologies enable you to pre-empt emerging threats and reduce incident response time
• Why automation and autonomous response is enabling security teams to neutralise in-progress attacks, prioritise resources, and tangibly lower risk
• Real-world examples of subtle, unknown threats that routinely bypass traditional controls

by Darktrace Show Profile

 

13:40

External Threats: Emerging recent trends in cyber criminality and the current risk landscape

PANEL SESSION

• Meeting the challenge of destructive and disruptive attacks from defence in depth intended to deter intrusive attacks
• Managing the nuances of a threat management discipline in a risk management culture
• The implications of new regulatory direction on cyber resilience as operational resilience
• Changing geo-political context affecting the threat environment for commerce and industry

by Tony Adams, Head of Investigations, Digital Forensics and Prevent Programme, National Cyber Crime Unit Show Profile

 

by Craig Rice, Chief Security Officer, Pay.UK Show Profile

 

by Niall MacLeod, Director of Solutions Engineering – EMEIA, Anomali Show Profile

 

14:05

Common failings of IoT – avoid providing attackers with toehold to exploit on your corporate network

BEST-PRACTICE BRIEFING

• Discuss the emergence of the IoT and it’s enabling technologies
• Explain why the security of IoT devices and apps is so poor
• Demonstrate exactly how devices can be compromised, and how that can put your corporate network at risk
• Show how you can make networks and users resilient to attack via IoT devices

by Ken Munro, Partner, Pen Test Partners Show Profile

 

14:55

Implementing secure single-factor authentication: The right and wrong way to end weak password use

BEST-PRACTICE BRIEFING

• The death of the password?
• Can SFA securely replace 2FA and MFA?
• When something you have replaces something you are or something you know
• Best-practice in deploying SFA across whole organisations

16:00

Blockchain beyond the marketing: Where is it currently in use, and what are the lessons for Information Security professionals?

PANEL SESSION

• Where is distributed ledger technology useful and where it can work?
• Current examples of blockchain technology improving operational processes
• Using blockchain technology to prevent data tampering
• Is blockchain technology in itself secure?

by Dr Maria Grazia Vigliotti, Founder & Director, Sandblocks Consulting Show Profile

 

by Roxanne Morison, Head of Digital Policy, CBI Show Profile

 

16:25

Real cases of Social Engineering: Hackers, competitors and insiders

CASE STUDY

• How attackers, in a real case over 13 months, used social engineering to turn a dedicated employee into a malicious insider, what the devastating consequences were for the victims and how a competitor got their hands dirty in the attack.
• What are the four social engineering attack vectors and how they are employed by attackers?
• Why does social engineering work so well as an attack vector and what to look out for when trying to defend against it?
• Some simple defensive steps you can take to make yourself a less appealing target of social engineering

by Lisa Forte, Partner, Red Goat Security Show Profile

 

16:00

The threat from AI – latest research into the cyber security of AI

RESEARCH BRIEFING

• Is AI going to stop cybercrime?
• The threat from smart malware and botnets
• Where is the intersection between AI, cyber security, and human-computer Interaction?
• How do we ensure security, privacy and transparency in complex and automated systems?

by Dr Jose Such, Associate Professor - Security and Privacy, King's College London - Academic Centre of Excellence in Cyber Security Research Show Profile

 

16:25

The problem of trust and how it can destroy your organisation

BEST-PRACTICE BRIEFING

• What is “trust” and how does it develop
• Why is trust a problem?
• How do hackers use trust to damage you and your organisation
• How can you prevent your employees from trusting the untrustworthy

by Jeremy Swinfen Green, Head of Consulting, TEISS Show Profile

 

16:50