EXECUTIVE SUMMIT & ROUNDTABLE 2009 - MIS Training

EUROPE’S PREMIER EVENT FOR INFORMATION SECURITY DIRECTORS 

6TH ANNUAL 

CISO 

EXECUTIVE SUMMIT & ROUNDTABLE 2009 

DELIVERING PRAGMATIC & VALUE-ADDING SECURITY: REALISTIC SECURITY FOR BUSINESS REALITIES 

MARRIOTT HOTEL, LISBON 10 – 12 JUNE 2009 

JOIN PEERS & BE INSPIRED! TOP REASONS TO JUSTIFY YOUR 

ATTENDANCE AT THIS YEARS’ SUMMIT 

• Discover how other organisations are ensuring that their security 

strategy remains uncompromised & integral to the business: managing 

threats day to day & preparing for the future 

• Seek assurance from peers that you aren't missing any tricks on how to 

manage the insider threat through periods of extensive change & 

development 

• ROI benchmarking for information security project delivery: linking with 

internal & external customers & building teams that return money to 

business lines 

• Innovative new case studies, keynotes, panel debates & roundtables 

that will probe the CISO role & changing business realities 

• NEW closed session at the CISO Roundtable where you can safely share 

solutions on existing security incidents with fellow thought leaders 

• Build trust based relationships with your security peers! Expand your 

global security network with professionals who face the same set of 

challenges as you at Europe's premier event for CISOs 

CISO Summit 2008 Budapest 

“Definitely worth the money 

within the first half day" 

IT Security Officer, 

European Court of Auditors 

CHIEF INFORMATION SECURITY OFFICERS & EXPERTS WILL SHARE 

EXPERIENCES & SUCCESS STORIES ON HOW THEY ARE DELIVERING 

MISSION-CRITICAL SECURITY FOR TODAY'S ECONOMY 

• Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG 

• Dr. Alastair MacWillson, Managing Director of Global Security Practice, Accenture 

• Bill Pepper, Director of Security Risk Management, Computer Sciences Corporation 

• Charles V. Pask, Managing Director, ITSEC Associates Ltd 

• Daniel Barriuso, Head of IT Risk EMEA, Credit Suisse 

• Dave Pope, Head of Information Security - Information Assurance Group, DVLA 

• Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach 

• Dr. Eduardo Gelbstein, Adjunct Professor, Webster University (Geneva), Former Advisor to 

the UN Board of Auditors and Former Director, UN International Computing Centre 

• Dr. Eduardo Solana, Senior Lecturer, University of Geneva 

• Dr. Frank Marsh, Associate, BurrillGreen Ltd 

• Edward P. Gibson, FBCS*, Chief Cyber Security Advisor, Microsoft Ltd (UK) 

• Janet Day, IT Director, Berwin Leighton Paisner LLP 

• Jay Libove, Global Data Protection Manager, Transcom Worldwide 

• John Colley, Managing Director EMEA, (ISC)2 EMEA 

• Jorge Pinto, Chief Security Officer, InfoSec.ONline.pt, Portugal 

• Julia Harris, Head of Information Security, BBC 

• Marcus Alldrick, CISO, Lloyd’s 

• Mark Chaplin, Senior Research Consultant, Information Security Forum 

• Mark Concar, AEB Data Security Director, Standard Chartered Bank 

• Mark Logsdon, Information Risk Management, Barclays 

• Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort 

• Neil Jarvis, Head of IT Security, IT Risk and Business Continuity, DHL Exel Supply Chain 

• Paul Hopkins, Head of Network Vulnerability Intelligence e-Security Group, 

University of Warwick 

• Paula J. Chlebowski, Head of Group Information Security, HSBC Holdings plc 

• Paul Wood, Group Chief Security Officer, Aviva 

• Phil Genge, Head of Information Security, Nationwide Building Society 

• Quentyn Taylor, Director of European Information Security, Canon Europe 

• Ray Stanton, Global Head of Business Continuity, Security & Governance Practice, BT 

• Robert Coles, Global CISO, Merrill Lynch 

• Tony Crilly, Managing Director, Saladin Technical Services plc 

• Valerie Jenkins, Head of Information Security, Zurich Financial Services 

• Walid Kamal, VP, Technology Security Risk Management, DU Telecom, United Arab Emirates 

AGENDA AT A GLANCE 

DAY ONE Delivering Pragmatic & Value-Adding Security 

DAY TWO Information Security Risk: 

A Comprehensive & Balanced Risk Management Approach 

DAY THREE CISO Roundtable – Applying Your Information Security Experience to Deliver 

Beneficial Results. Includes NEW Closed Session 

FREE GIFT 

Secure Your Place By 30th April 2009 & Receive 

a FREE 4GB Fast Secure Biometric Fingerprint 

USB 2.0 Flash Memory Drive 

Gold Sponsor 

Silver Sponsor 

CISO Roundtable 

Lead Sponsor 

Cocktail Sponsor 

Gigabyte Sponsor 

Supporting Associations 

Recruitment 

Partners 

Media Partners 

IT Risk Space 

UK & EMEA 

London & Belgium 

REGISTER NOW AT WWW.MISTIEUROPE.COM/CISO TEL: +44 (0) 20 7779 8944

CISO EXECUTIVE SUMMIT & ROUNDTABLE 2009 


“Definitely worth the money within the first half day" IT Security Officer, European Court of Auditors 

MARRIOTT HOTEL, LISBON 

10 – 12 JUNE 2009 

Dear Colleague, 

Defined by the Information Security Directors who attend this event, the 6th CISO Executive Summit & 

Roundtable 2009 will convene 10th – 12th June 2009 in the cultural city of Lisbon. The timely theme for 

2009 is “delivering pragmatic & value-adding security: realistic information security for business realities”. 

How can you ensure that your security strategy remains focused, uncompromised & integral to the 

business? What do you see as your leading security challenges & priorities for the year ahead? What are 

valid roles for today’s CISO? How do you manage information security to strategic advantage? 

The 2009 international speaker panel, made up of information security directors from Europe’s leading 

organisations such Novartis Pharma AG; BT, Credit Suisse; DVLA; Openreach; Microsoft; Lloyd's; 

Deutsche Bank; Information Security Forum; Standard Chartered Bank; Dresdner Kleinwort; DHL; Aviva; 

Canon Europe, is firmly placed to answer your most pressing questions. Case studies, panel debates & 

high profile keynotes will probe the CISO role & changing business realities - offering a rare & candid 

insight into how leading CISOs are approaching information security in today's economic climate. 

Agenda at a Glance… 

DAY ONE: Delivering Pragmatic & Value-Adding Security 

DAY TWO: Information Security Risk: A Comprehensive & Balanced Risk Management Approach 

DAY THREE: CISO Roundtable 2009 – Apply your information security experience to deliver beneficial 

results. Includes NEW closed session where those who have agreed to a confidentiality 

agreement can attend & discuss real life security issues! 

No nonsense focus & dedicated discussion time on: 

• Demonstrating value of information security to the business 

• Balancing budget constraints to match economic realities 

• Creative user awareness & dealing with human greed & error! 

• Keeping up with security trends & new cyber risks 

• Meeting regulatory compliance & strengthening information governance 

• Attracting & retaining specialist security employees 

• Protecting data & intellectual property 

• Mission-critical security controls to avoid high profile incidents 

Gain ultimate value & benefit by staying on the CISO Roundtable Friday 12th June 2009! Lively debate 

is guaranteed at the unrivalled benchmarking forum– held under Chatham House Rule. A new closed 

session will allow people who have signed an agreement in advance to share solutions on sensitive 

security incidents & challenges as you expand your global security network with professionals who 

face the same set of challenges as you. 

Thank You 

Sincere thanks to the world-leading security experts, solution providers, associations, & delegates 

within the information security community who have played a major role in contributing to the 

programme. A special thank you goes out to all the speakers for their time & contribution, & also 

to the supporting organisations. MIS Training wishes you an enjoyable & productive time at the 

summit, and looks forward to meeting you in Lisbon this June. 

GOLD SPONSOR 

Accenture 

Accenture’s security practice helps clients secure their data, protect identities & build trusted relationships with their customers, constituents & partners, resulting in improved performance & increased business value. Accenture’s approach to security helps client reduce costs, 

increase profitability & reduce complexity, leveraging world class technology that addresses today’s needs and helps clients effectively prepare for the future. A global management consulting, technology services & outsourcing company, Accenture combines unparalleled 

experience, comprehensive capabilities across all industries & business functions, & extensive research on the world’s most successful companies to help clients become high-performance businesses & governments. With more than 186,000 people serving clients in over 120 

countries, the company generated net revenues of US$23.39 billion for the fiscal year ended Aug. 31, 2008. 

SILVER SPONSOR 

Seagate 

The worldwide leader in the design, manufacture & marketing of hard drives, providing products for a wide range of enterprise, desktop, mobile computing & consumer electronics applications. The Seagate business model leverages technology leadership & world-class 

manufacturing to deliver industry-leading innovations—like the Seagate Secure family of self-encrypting hard drives that automatically and transparently protect confidential information on all hardware platforms— & to be the low cost producer in all markets in which it 

participates. The company is committed to providing award-winning products, customer support and reliability to meet the world's growing demand for information storage. Seagate can be found around the globe & at www.seagate.com 

CISO ROUNDTABLE LEAD SPONSOR 

NetWitness 

NetWitness Corporation provides patented, next generation network and host-based security solutions that help public and private organizations discover, prioritize and remediate complex IT risks. Users of NetWitness NextGen and InSight solutions concurrently solve a wide 

variety of information security problems including: advanced persistent threat management; sensitive data discovery and data leakage protection; malware activity detection; insider threat management; policy and controls verification and e-discovery. Originally developed for the 

US Intelligence Community, NetWitness has evolved to provide enterprises around the world with breakthrough methods of network content analysis and host-based risk discovery and prioritization. NetWitness customers include Defense, National Law Enforcement and 

Intelligence Agencies, Top US and European Banks, Critical Infrastructure, and Global 1000 organizations. NetWitness has offices in the U.S. and the U.K. and partners throughout Europe, the Middle East, South America and Asia. For more information and to try our software visit: 

www.netwitness.com. 

COCKTAIL SPONSOR 

BT 

A global networked IT services organisation with a long-established, respected reputation for providing solutions that address all aspects of security & business continuity across all markets. It has a comprehensive suite of security services for customers, based on a proven 

consultancy approach, deep technical knowledge & extensive experience. BT's team includes world-leading security consultants with an unparalleled resource of knowledge & skill. It has an in-depth understanding of both national & international standards, & is accredited by a 

number of government organisations. BT has implemented security measures across its own global organisation where the scale & complexity of the operation is matched by few other companies. 

GIGABYTE SPONSOR 

Aveska 

Offering a new approach to access governance that orchestrates people, process, policy, & technology with business-friendly solutions that foster acceptance by business managers, collaboration among all stakeholders, & accountability in all appropriate areas of the 

organization. Our solutions: 

• Establish and maintain the visibility of user access entitlements wherever they reside within the enterprise’s information resources. Managers can easily see all access entitlements for which they are accountable. 

• Provide the context and processes that enable business managers to participate in governing user access. Managers can readily understand the processes and why they exist, and they can execute them quickly and easily to keep up with the rapid pace of change. 

• Enforce policies to ensure that access is appropriate, compliance objectives are met and business risks are avoided. Policy enforcement is automated and easy to monitor. 

• Work in conjunction with existing security enforcement technologies such as user provisioning. Seamless integration simplifies implementation and continuing operation of all Aveksa products. 

SUPPORTING PARTNERS 

Information Security Forum 

ISF is recognised as the world’s leading Information Security organisation & independent industry authority. Through its members, the ISF brings together & harnesses the knowledge & experience of over 300 major international business & government agencies to meet the 

increasing demand for practical, business-driven solutions to information security & risk management problems. Current ISF projects focus on a wide range of issues including security & legislation, identity management, patch management, information risk, & VOIP. This In-depth 

research eliminates the need for ISF members to develop their own in-house solutions & delivers rapid return on investment. The Information Security Forum is an independent, not-for-profit organisation, established in 1989. It is owned & governed by its members & managed by 

a professional team. For more information about the ISF visit www.securityforum.org 

ASIS International 

ASIS International (ASIS) is the largest organisation for security professionals, with more than 35,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness & productivity of security professionals by developing educational programs & 

materials that address broad security interests, such as the ASIS Annual Seminar & Exhibits and the Annual ASIS International 7th European Security Conference, 13-16 April 2008 in Barcelona, as well as specific security topics. ASIS also advocates the role & value of the 

security management profession to business, the media, governmental entities, standardisation bodies and the public. By providing members & the security community with access to a full range of programs & services, & by publishing the industry's number one magazine - 

Security Management - ASIS leads the way for advanced & improved security performance. www.asisonline.org 

(ISC)2 

The International Information Systems Security Certification Consortium, Inc. [(ISC)2®] is the internationally recognised Gold Standard for certifying information security professionals. Founded in 1989, (ISC)2 has certified over 54,000 information security professionals in 135 

countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong & Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP“) & related concentrations, Certification & Accreditation Professional (CAPCM), & 

Systems Security Certified Practitioner (SSCP“) credentials to those meeting necessary competency requirements. The CISSP, CISSP-ISSEP“, CISSPISSAP“ & SSCP are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC 

Standard 17024, a global benchmark for assessing & certifying personnel. (ISC)2 also offers a continuing professional education program, a portfolio of education products & services based upon (ISC)2’s CBK®, a taxonomy of information security topics, & is responsible for 

the annual (ISC)2 Global Information Security Workforce Study. More information is available at www.isc2.org. © 2007, (ISC)2 Inc. (ISC)2, CISSP, ISSAP, ISSMP, ISSEP, SSCP & CBK are registered marks & CAP is a certification mark of (ISC)2, Inc. (ISC)2® (“ISC squared”) is 

the non-profit global leader in educating & certifying information security professionals throughout their careers. 

ISSA - UK & EMEA 

The Information Systems Security Association (ISSA)® is a not-for-profit international organisation of information security professionals & practitioners. It provides education forums, publications & peer interaction opportunities that enhance the knowledge, skill & professional 

growth of its members. 

UK & EMEA 

London & Belgium 

ISACA – Belgium & London Chapters 

ISACA’s membership is more than 65,000 strong worldwide & is characterised by its diversity. Members cover a variety of professional IT-related positions, to name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer & internal 

auditor. ISACA has more than 170 chapters established in over 70 countries worldwide, & those chapters provide members education, resource sharing, advocacy, professional networking & a host of other benefits on a local level. Its Certified Information Systems Auditor (CISA) 

certification is recognised globally & has been earned by more than 50,000 professionals since inception. The Certified Information Security Manager (CISM) certification uniquely targets the information security management audience & has been earned by more than 6,500 

professionals. For more information e-mail the membership department at membership@isaca.org or visit to www.isaca.org 

Jericho Forum 

Members of the Jericho Forum recognize that over the next few years, as technology & business continue to align closer to an open, Internet-driven networked world, the current security mechanisms that protect business information will not scale to meet the increasing volumes 

of transactions & data of the future. A new approach is needed, to move from the traditional network perimeter down to the individual networked computers & devices – & ultimately to the level of the data being sent over the networks. This process has been described as ’reperimeterization' 

followed by ultimate 'de-perimeterization' 

RECRUITMENT PARTNERS 

Barclay Simpson 

Barclay Simpson is the leading company in corporate governance recruitment in the UK, having specialised in corporate governance since 1989. During this time, Barclay Simpson have developed close relationships with all of the recruiting companies in the corporate 

governance marketplace & built up a comprehensive candidate database. Because of the size of the market, this means that they know most of the people working within it. Barclay Simpson specialise in jobs within Compliance, Internal Audit, IT Audit, Information Security & Risk 

Management. 

Information Security Solutions 

Information Security Solutions are a specialist recruitment company, dealing with Information Security, IT Risk, IT Audit and Business Continuity/Disaster Recovery. Many of the world's most experienced security practitioners are exclusively registered with us and we have an 

extensive database of Candidates within the Information Security industry. Information Security Solutions offer very competitive rates. Please contact us today to discuss how we can help you with your requirements and to receive our Terms and Conditions. 

SSR® Personnel Service Ltd 

SSR® is the largest recruitment consultancy dedicated to the security, fire, health & safety sectors in Europe, operating in 20 countries. With a global presence in North America & partners in Asia & Eastern Europe, we are accredited with ISO 9001:2000. For details of our 

opportunities & open vacancies visit our web site www.ssr-personnel.com 

MEDIA SUPPORTERS 

IT Risk Space






DAY ONE: WEDNESDAY 10TH JUNE 2009 

DELIVERING PRAGMATIC & VALUE-ADDING SECURITY 

KEYNOTE 

CASE STUDY KEYNOTE 

CASE STUDY 

PANEL 

CASE 

STUDY 

08:00 REGISTRATION & COFFEE 

08:30 CHAIRMAN’S OPENING 

Marcus Alldrick, CISO, Lloyd's 

In his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood & adequately mitigated in a 

cost effective manner throughout the organisation, both in the UK and in its overseas locations, & that assurance to this 

effect is provided to Executive, Senior and Line Management. Marcus has worked in IT for over 30 years, specialising in 

information risk & security for the latter 17 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, 

working in IT Advisory & specialising in information security strategy definition & implementation. Before that Marcus was 

Head of Information Security for Abbey National plc, a leading UK bank, a position he held for six years following seven 

years as Information Risk and Security Manager for Barclaycard, part of Barclays plc & Europe’s largest credit card issuer. 

08:40 THE FUTURE OF INFORMATION SECURITY 

Michael Colao, Global CISO & Director Information Management, 

Dresdner Kleinwort 

Michael has been with Dresdner Kleinwort Wasserstein since 1999. He is the Director of Information Management.This role 

means that Michael is both the Global Head of Information Security for the Bank as well as the Global Head of Data 

Protection and Privacy. He has a strong side-interest in computer forensics & in the management of digital evidence. He 

graduated from the Massachusetts Institute of Technology in 1987 where he studied Mathematics & Computer Science. He 

has since lived in three continents & has lectured globally on security technology issues. Since 1996 has been working in 

Financial Technology in London. 

09:40 KEYNOTE 

Dr. Alastair MacWillson, Managing Director of Global 

Security Practice, Accenture 

10:10 FROM A TIME OF CRISIS COMES A TIME OF CHANGE 

• The crisis explained 

• Where are we now? 

• The time for change... 

• What's next for Nationwide? 

• Our principles for success • Top ten learning points 

• What's been achieved and how? 

Phil Genge, Head of Information Security, Nationwide Building Society 

Phil has over 15 years experience within the UK financial services industry. 10 of these 15 years have been spent as a 

qualified management consultant specialising in cultural change, business process reengineering & strategy design. In April 

2007 he assumed the role of Head of Information Security at Nationwide Building Society (a business with assets of c. 

£170bn with 13m customers and 20000 employees) with a specific brief to address the 133 issues raised as a result of a 

fine received from the FSA in respect of a data breach. 2 years on he remains in post leading a team of 52 professionals 

providing expert risk oversight, consultancy & security operations to the Group. 

10:40 MORNING COFFEE BREAK & EXHIBITION 

11:10 MANAGING INFORMATION SECURITY FOR STRATEGIC ADVANTAGE 

Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG 

Andreas, CISO, CISA, CISSP, leads IT Security & Security Emergency Response globally across the corporation. In this role 

he & his team are responsible for the planning & supervision of Novartis’ worldwide computer & network information security 

systems, defining the company’s IT security policies, baselines & standards & enhancing the security of Novartis IT services 

& global infrastructure. Andreas has more than 12 years’ experience managing all aspects of information technology 

management, with deep expertise in rapidly changing, highly demanding large-scale environments. Prior to joining Novartis 

Pharmaceuticals, Andreas worked for Ciba Geigy & IBM on various IT projects covering different aspects of information 

technology. 

11:40 LOCK UP THE DATA - NOT THE CEO. SAFEGUARDING DATA WITH SEAGATE 

SELF-ENCRYPTING HARD DRIVES 

Joel Bernard, Sales Development Manager, Seagate Technology 

12:05 IS INFORMATION SECURITY RELEVANT TO YOUR BUSINESS STRATEGY? 

Communicating with top management in business language is essential. A CISO 

needs to understand where information security can contribute to specific 

elements of your business strategy & must then convince senior managers that 

what you are doing is a benefit to the business. This tone-setting session will 

give examples of generic business strategy elements & the contribution 

information security can make to ensuring business success. 

Dr. Frank Marsh, Associate, BurrillGreen Ltd 

Frank is an exceptional & internationally renowned information security specialist covering all aspects of information security 

including physical, digital, oral & intangible forms, & the prevention, detection and investigation of information leakage. He 

has a PhD from Liverpool University where he worked under Professor (now Sir) David King. He did post-doctoral research 

before working in the University Computer Laboratory. For 25 years, until 2008, he worked for BAT Industries/British American 

Tobacco in a broad range of business roles, & from 1995 as Global Information Security Manager. Working with BAT‘s 

business operations globally, he also became the deputy CSO. In 2001, he was elected, by the UK membership, to the global 

Council of the Information Security Forum (ISF) and was elected by that council of his peers to the ISF Executive a year later. 

12:45 LUNCH 

13:45 CREATING VALUE & TRUST BETWEEN INFORMATION SECURITY & THE 

BUSINESS DURING DIFFICULT TIMES: TRANSFORMING INFORMATION 

SECURITY TO MISSION-CRITICAL SECURITY 

As executive boards are threatening to reduce security resource & IT budgets are 

cut, how can you ensure that your security strategy remains integral to the business 

& that security is not compromised? Evidence suggests that information leakage & 

industrial sabotage activity increases in such an economic climate so this is no time 

to be cutting back on intelligence, security controls & governance operations! 

• Measuring true security benefits while avoiding reliance on key 

performance indicators 

• Can the trust brought by online security really drive bottom line results? 

• Adopting cost cutting strategies versus maintaining business security & 

sustainability 

• Top tips to create value between information security & the business 

• Understanding the urgent imperative for your business 

• Steering a top security team through the global downsizing trend 

• Finding new ways to do things 

Chaired by: Ray Stanton, Global Head of Business Continuity, Security & 

Governance Practice, BT 

Panellists: Daniel Barriuso, Head of IT Risk EMEA, Credit Suisse; Dave Pope, Head 

of Information Security - Information Assurance Group, DVLA; Mark Concar, AEB 

Data Security Director, Standard Chartered Bank; Walid Kamal, VP, 

Technology Security Risk Management, DU Telecom, United Arab Emirates; 

Valerie Jenkins, Head of Information Security, Zurich Financial Services; 

Julia Harris, Head of Information Security, BBC 

14:20 LINING UP ASSURANCE & IDENTIFYING YOUR TOP INFORMATION RISKS: 

INTERNAL AUDIT & INFORMATION SECURITY 

Dave will run an interactive session of value to those who have audited risk 

frameworks, as well as those who have responsibility for them. The session will 

cover how to identify your top information risks & will include a 

case study on DVLA, how the risk framework was introduced, the role of the 

CISO & Internal Audit in this process & how to “keep it real”. 

Dave Pope, Head of Information Security - Information Assurance Group, DVLA, UK 

Dave is also a Member of the Institute of Internal Auditors, a Registered Risk Practitioner & Member of the Institute of Risk 

Management. Currently the Head of Information Security at DVLA, he is also the Network Accreditor. He has the 

responsibility for the security of one of the UK’s biggest on line organisations, & has responsibility for ensuring compliance 

with the recent Cabinet Office data handling guidelines. Previously Dave was the Corporate Risk Manager at DVLA & won 

the award given by ALARM as UK Risk Manager of the year. Dave started his working life as an Internal Auditor & has 

worked in several public organisations including HM Treasury & Ordnance Survey, mainly in the IT field. He has managed IT 

infrastructures as well as audited them so has experience of seeing both sides of information handling. He lectures within 

the UK and internationally on Risk Management, and is an Associate Lecturer for the National School of Government. Dave 

also runs a small sheep farm in West Wales! 

14:50 SECURING INFORMATION THROUGH TIMES OF EXTENSIVE CHANGE 

Mark Concar, AEB Data Security Director, Standard Chartered Bank 

15:20 HOW TO USE YOUR INFORMATION SECURITY SKILLS TO ADD TO THE 

BOTTOM LINE 

Quentyn Taylor, Director of European Information Security, Canon Europe 

15:50 AFTERNOON TEA BREAK 

16:20 COP TO CONSULTANT - DELIVERING GLOBAL CONSISTENCY IN 

INFORMATION SECURITY 

Paula J. Chlebowski, Head of Group Information Security, HSBC Holdings plc 

16:50 SECURITY & PRIVACY ASSURANCE IN OUTSOURCING & OFFSHORING A 

NEW CHALLENGE 

• The seven lifecycle stages of outsourcing contracts 

• Maintaining security & privacy throughout the contact lifecycle 

• Are there new/additional security risks? • What needs to be considered 

during due diligence of offshore suppliers? 

• Assurance & conformance audits 

• Change management • Incident management 

• Specification of subject access request (SAR) process with the vendor 

• Ensure vendor continuity plans meet specified business needs including; 

backups, recovery, standby & people 

• Management & change of cryptographic keys 

• Agree the security & business processes for the transformation of IT & 

security solutions over the life of the contract 

• Third parties & subcontracts • What are the future challenges? 

Bill Pepper, Director of Security Risk Management, 

Computer Sciences Corporation 

Bill has a lifetime of experience as a professional corporate & information security & privacy manager. Following a 

distinguished career in information security with thee Royal Air Force he has obtained a significant reputation as an expert in 

these areas, & particularly in privacy & security risk management. In addition to all aspects of security, including information, 

personnel & physical, Bill is also responsible for Data Protection within CSC’s EMEA Northern Region supported by a 

specialist Data Protection team. Latterly he has developed significant experience in the areas of outsourcing & off-shoring 

from the perspectives of both outsourcing services & also running other organisations outsourced services. 

17:20 HUMAN ERROR: THE TOP SECURITY CONCERN IN A MULTI-NATIONAL 

ORGANISATION? 

• Creating an effective (& fun!) training & awareness programme 

• To recommendations for writing an awareness policy that works 

• Enforcing consequences 

• Make it easy to do the right thing 

Paul Wood, Group Chief Security Officer, Aviva Group 

Paul has over 30 years experience in the security arena, dealing with crime, fraud, information security, counter-terrorist & 

executive protection. He worked in a number of security roles within government from 1974 until he retired in 1995 from 

the Directorate of Security Policy, at the Ministry of Defence. He joined the Civil Aviation Authority / National Air Traffic 

Services as the Head of Corporate Security. From Jul 99 – Apr 06 he was the Chief Security Officer for UBS Investment 

Bank, with responsibilities for all aspects of physical & information security. In April 06 he assumed the appointment of 

Group Chief Security Officer for Aviva Group; he has responsibility for all aspects of security across the Group. Paul is a 

regular speaker on security matters. He was awarded the MBE in the 1995 New Years’ Honours List. 

17:50 THE COMMON SENSE & NONSENSE OF JUSTIFYING SECURITY 

INVESTMENTS 

Infosecurity accounts for 10% or less of IT budgets - & increasingly management 

demands robust business cases to justify expenditures. Experienced practitioners 

know that this is the equivalent of writing technology fiction - the costs are 

reasonably well known but the benefits are often pure fantasy as security metrics 

are not a mature topic &management is not interested in technical metrics - they 

want to know the cost of information leaks, corrupt data & downtime & some of 

these events are outside the control of the IT function. 

• Metrics that make sense to non-IT & non-security people 

• The need to identify accountability for delivering benefits 

• The true cost of insecurity 

• The language that helps get a business case approved 

• How the audit function can help support the business case 

• How to identify a nonsensical business case 

Dr. Eduardo Gelbstein, Adjunct Professor, Webster University (Geneva), 

Former Advisor to the UN Board of Auditors and Former Director, UN 

International Computing Centre 

Ed has been an IT practitioner since the 1960s, during which time he worked as project manager, systems architect & 

executive in several organisations & different countries until 2002, when he was invited to become an auditor, an activity that 

he continues to develop as an advisor to the United Nations Board of Auditors & the French National Audit Office. Ed also 

teaches an MBA course on business systems management in Geneva, Switzerland & is a Senior Fellow of the United 

Nations Institute for Training & Research. He has authored several books & articles. 

18:20 CHAIRMAN’S CLOSE OF DAY ONE 

18:30 - 20:00 CISO Port & Wine Tasting Reception, Lisbon: 

Kindly Sponsored by: 

20:00 - 22:00 CISO FADO DINNER, LISBON (PROVISIONAL) 

STUDY 

CASE STUDY 

CASE 

CASE STUDY 

CASE STUDY 

CASE 

STUDY 

KEY CASE 

STUDY






CASE STUDY 

CASE STUDY 

PANEL KEY INSIGHTS 

CASE STUDY 

DAY TWO: THURSDAY 11TH JUNE 2009 

INFORMATION SECURITY RISK: A COMPREHENSIVE & BALANCED RISK MANAGEMENT APPROACH 

08:15 WELCOME BREAKFAST KINDLY SPONSORED BY: 

08:40 CHAIRMAN’S RE-OPENING 

Charles V. Pask, Managing Director, ITSEC Associates Ltd 

08:45 PATCH MANAGEMENT: INCREASINGLY A FACET OF EFFECTIVE RISK MANAGEMENT 

Patch management is nothing new; by now we should have moved away from 

the 'install & forget' days of old to a position of comprehensive patch 

management across the enterprise. Nevertheless, we still see the exploitation of 

vulnerabilities hitting the headlines with many organisations not only vulnerable 

to attack but successfully attacked & exploited. In this presentation we examine 

the increasingly critical role of Patch Management in the overall risk 

management framework & in doing so we look at: 

• The underlying trends driving the need for Patch Management to be proactive 

& preventative, not reactive & curative 

• What effective Patch Management looks like & what key considerations need 

to be taken into account 

• Why Patch Management in isolation is ineffective & how it fits into the bigger 

scheme of things 

• How people & process play as important a role as technology in making 

effective Patch Management a reality 


09:20 MANAGING THIRD PARTY DATA SECURITY 

• Importance of managing data security across third parties & supply chain 

• Understand ownership & main responsibilities 

• Key contractual requirements 

• Future and trends in managing data security throughout the supply chain 

Daniel Barriuso, Head of IT Risk EMEA,Credit Suisse 

Daniel Barriuso is the Head of IT Risk for EMEA and Global Asset Management at Credit Suisse. He 

is responsible for managing IT Risk and Information Security across more than 18 countries in 

Europe, Middle East and Africa, as well as globally for the Asset Management Division. Prior to 

joining Credit Suisse, Daniel was the Director of the Europe Information Security and Technology 

Risk Assessment departments at ABN AMRO Bank N.V. in London, where he developed and 

pioneered successful risk assessment methodologies. Daniel also dedicates his time as a professor 

in the Security Post-Graduate Master course at the "Universidad Politecnica de Madrid", where he 

teaches and researches in the areas of IT governance and management of security investment. He is 

currently a member of the Investment Banking Information Security Group (IB SIG) and is a frequent 

speaker and contributor in IT risk forums and events. 

09:50 WHAT EVERY CISO SHOULD KNOW ABOUT INDUSTRIAL ESPIONAGE: 

MANAGING THE BROADER THREATS TO INFORMATION SECURITY 

Tony Crilly, Managing Director, Saladin Technical Services plc 

Following on from a distinguished career in the British Army (which included five years in Northern 

Ireland on surveillance tasks involving the use of specialist technology on counter terrorist 

operations), Tony joined the commercial sector in 1988 & management consultancy in 1991. He has 

held a number of senior positions within the industry & has worked in countless countries worldwide 

on complex investigations & assignments including protective security during the critical 

negotiations for the multi-billion Al Yamamah II deal & for the world premier of the Eurofighter 

Typhoon Aircraft. More recently, in addition to managing Saladin Technical Services, he has been 

involved in the development of standards within the Security Industry & on International approaches 

to Nuclear and Radiological Security (non-proliferation), working in association with NATO, the NNSA 

(USA) & MinAtom (Russian Federation). 

10:20 MORNING COFFEE BREAK & EXHIBITION 

10:50 WHAT ARE THE KEY EMERGING SECURITY & E-CRIME RISKS? 

DETECTING MASSIVE CONTROL FAILURES – IS THIS A ROLE FOR 

TODAY’S SECURITY CHIEFS? 

Heads of Information Security & experts list their top ‘hot buttons’ & focus for 

2009 & beyond, sharing the latest threats they face, as well as their planned 

security strategy going forward & key lessons for other industry sectors. 

• What are the top 3 technology risks & trends on your priority list? 

• How has the global financial crisis & the uncovering of recent high profile 

frauds impacted your approach to security? 

• How to manage social networking vulnerabilities 

• The threat of social engineering to hijack sensitive information 

• How far to police or trust staff, & how to maintain thought leadership across 

highly networked groups of staff 

• How will emerging risks (malware & attack vectors, viruses) affect your organisation? 

• What are your plans to test your security strategy & take a proactive stance? 

• Recommendations going forward 

• Protecting your organisation from the greed of top execs: a valid role for today’s CISO? 

Chaired by: Paul Wood, Group Chief Security Officer, Aviva 

Panellists: Philippe Huard, Seagate Technology; Jorge Pinto, Chief Security 

Officer, InfoSec.ONline.pt, Portugal; 

Edward P. Gibson, FBCS*, Chief Cyber Security Advisor, Microsoft Ltd (UK); 

Sarb Sembhi, President, ISACA London Chapter; Robert Coles, Global CISO, 

Merrill Lynch Neil Jarvis, Head of IT Security, IT Risk and Business 

Continuity, DHL Exel Supply Chain 

11:35 AWARENESS RAISING: MAKING ‘THE RISK, OUR INFORMATION, YOUR 

RESPONSIBILITY’ & OTHER AWARENESS MATERIAL 

As you know, raising the awareness of colleagues about information risks is 

becoming increasingly important. However, the impact of many of the older 

ways of doing this has declined, perhaps given that they have become rather 

tied & dated. One of Mark’s responsibilities has been to address this, which has 

involved the making of a film, road shows, poster campaigns etc. The Barclays 

approach has been different & innovative, & these initiatives have attracted a 

number of awards. This is a multimedia presentation that will grab your attention 

& will stimulate further debate amongst the audience 

• Our approach 

• The impact it’s had 

• The lessons learned 

• Next steps 

Mark Logsdon, Information Risk Management, Barclays 

12:35 WHY SECURE CODING IS NOT ENOUGH 

John Colley, Managing Director EMEA, (ISC)2 EMEA 

13:10 LUNCH 

14:15 INTERACTIVE SESSION – PLEASE SELECT YOUR PREFERRED BREAK- 

OUT…. 

BREAK-OUT A: HOW HACKERS GET & CRACK PASSWORDS? 

Jason Hart 

BREAK-OUT B: THE CONVERGING WORLDS OF PHYSICAL & DIGITAL 

SECURITY – INTERACTIVE SESSION! 

An interactive session - participants will examine some of the processes where 

convergence can cause conflict. You will work in small groups & consider 

processes such as investigations & physical/digital access control. How are 

operational boundaries defined? How are responsibilities managed? Who controls 

the budget & resources? What are the key steps for a CISO to take? 

Dr. Frank Marsh, Associate, BurrillGreen Ltd 

14:55 PRIVACY ENHANCING TECHNOLOGIES (PET's) 

Although privacy enhancing technologies have been researched for the past 20 

years, it's only recently that they have found a new & enthusiastic audience, 

spurred on by data breaches in the public & private sector. The UK's Information 

Commissioners Office has embedded their use into their privacy by design 

initiative & the European Commission publicly backs the development & 

application of these technologies within industry & through its research 

programme. PET's: What are they anyway? Why should I care? What options are 

available to me now? How are they likely to develop in the short to medium term? 

What tools are available to me enable them to be embedded into my organisation? 

Paul Hopkins, Head of Network Vulnerability Intelligence e-Security Group, 

University of Warwick 

15:30 AFTERNOON TEA BREAK & SPONSORS’ PRIZE DRAW 

15:50 SECURITY VS. PRIVACY 

The panel will discuss how to deal with areas of potential conflict between 

privacy & security. 

• What do we mean by privacy? Information about us? Information belonging 

to us? Space we regard as ours like a phone or bag? Our physical privacy - 

searches? 

• What is the privacy role of the CISO? 

• Should there be a "privacy officer" separately from the Security team? 

• How does a CISO balance the need for privacy during investigations? 

• Do you prevent, allow and monitor or allow & not monitor? Who sets the rules? 

Chaired by: Dr. Frank Marsh, Associate, BurrillGreen Ltd 

Panellists: Michael Colao, Global CISO & Director Information Management, 

Dresdner Kleinwort; Marcus Alldrick, CISO, Lloyd's; Paul Hopkins, Head of 

Network Vulnerability Intelligence e-Security Group, University of Warwick; 

Mark Chapman, Senior Research Consultant, Information Security Forum; 

Janet Day, IT Director, Berwin Leighton Paisner LLP 

16:30 CONSUMER APPLICATIONS: CREATING SECURITY PROBLEMS? 

Consumer applications such as Skype & Gmail have caught the imagination of 

the corporate world. With easy access & zero cost many organisations are 

assessing these applications for use internally. Users are also demanding 

access to some of these applications on the basis of productivity, ease of use & 

personal experience. Whilst there are business versions of these applications the 

uptake may be via the consumer products. This presentation explores the risks 

that organisations may be exposed to by adopting these applications or allowing 

users to access these applications with insufficient guidelines. 

Neil Jarvis, Head of IT Security, IT Risk and Business Continuity, DHL Exel 

Supply Chain 

With over 14 years experience in both commercial & government information systems security & a proven track record in the 

specification, design & implementation of complex IT & security infrastructure solutions to meet business requirements. Neil’s 

experience includes network infrastructure, server infrastructure, operating systems security, application security, information 

security, penetration testing, disaster recovery, business continuity, business requirements gathering, analysis, interpretation & 

delivery of pragmatic cost effective solutions. 

17:10 PROTECTING INFORMATION IN THE END USER ENVIRONMENT 

Mark Chaplin, Senior Research Consultant, Information Security Forum 

17:50 SINTRA DINNER - KINDLY SPONSORED BY: 

Networking Diary at CISO Summit 2009! 

Meeting your information security peers to exchange ideas & build trust-based 

networks is an integral part of the CISO Summit. As such, MIS & Sponsors have 

set aside dedicated time for networking, which will allow you to enjoy your time in 

Lisbon. Activities listed below are provisional. Further details will be announced 

soon! 

9TH JUNE 2009 - Welcome Drinks in the Garden of the Marriott Lisbon Hotel Meet 

& make strong first impressions as participants arrive the evening before the summit 

starts! 

10TH JUNE 2009 

CISO Port & Wine Tasting Reception, Lisbon: Kindly Sponsored by 

Taste a selection of ports & wines with security peers at an historical Pombal cellar in 

the heart of Lisbon historical city centre, with a presentation on the Portuguese 

vineyard, different regions, different types of Port wines & the Portuguese 

grape varieties. 

Followed by CISO Fado Dinner, Lisbon Join the group for dinner at one of 

the most reputable & authentic Fado Houses, where several singers will 

perform during the course of the evening. 

11TH JUNE 2009 

Sintra Evening Tour & Dinner Overlooking the Beach: Kindly 

Sponsored by 

Sample the rich history & culture that the region has to offer with peers in rustic 

Sintra, just outside Lisbon. Explore the charming picturesque town of Sintra, 

stopping off for drinks at one of the quaint bars for a reception. A short drive 

away, a delicious fish dinner will then be served in a restaurant overlooking the 

sea. 

ACADEMIC INSIGHT 

PANEL 

CASE STUDY

CISO EXECUTIVE ROUNDTABLE 2009 





DAY THREE: FRIDAY 12TH JUNE 2009 

CISO ROUNDTABLE: APPLY YOUR SECURITY EXPERIENCE TO DELIVER BENEFICIAL RESULTS 

AGENDA TIMINGS: 

9:00 START 

10:30 COFFEE BREAK 

12:30 LUNCH 

15:00 TEA BREAK 

16:00 CLOSE 

ABOUT THE CISO ROUNDTABLE: 

The CISO Roundtable 2009 provides the ultimate forum for heads of information 

security to discuss key security challenges & benchmark strategy with peers to 

develop team expertise & professional skills, as well as to advance standards & 

approaches for the information security community at large. All participants will have 

the opportunity to input into the agenda beforehand. The focus is on roundtable 

discussions & group work, with sessions facilitated by established information security 

practitioners & industry experts. This is the ideal opportunity to meet global security 

industry leaders & network with professionals who face a similar set of challenges as 

you. At the end of the day, there will be an opportunity for those who have agreed to a 

confidentiality agreement in advance to attend a ‘closed door’ 30 minute session 

where participants can discuss real life information security incidents & discuss 

possible solutions. 

SESSIONS FOR DISCUSSION INCLUDE: 

1. THE 10 MISTAKES CISOS MAKE WITH THEIR CAREERS: WHAT 

WOULD ESTABLISHED CISOS ADVISE YOU TO THINK ABOUT TO 

MAKE YOUR NEXT STEP? 

2. STEERING A TOP SECURITY TEAM THROUGH THE GLOBAL 

DOWNSIZING TREND & HOW TO RECRUIT & KEEP A TOP TEAM 

3. INCREASING SECURITY CREDIBILITY TO THE BOARD 

4. ESTABLISHING AN IMAGINATIVE SECURITY AWARENESS 

CAMPAIGN WITH A LIMITED BUDGET 

5. NEW INTERACTIVE SESSION - HOW CAN SENSITIVE 

INFORMATION STAY FAITHFUL TO ITS ORGANISATION? 

This will be an interactive session with the audience split into three groups: The 

disaffected employee 2. The exiting employee 3. The CISO. The challenge: We all 

have security policies & measures in place that aim to protect the business from 

data leakage from our systems & our people. Backing up data & holding 

documents in central repositories provide a sense of well-being & comfort. We have 

the technology - we can achieve. However, the fact remains that to protect 

corporate data & intellectual property is a real challenge when we consider the 

people aspect. Where are all your data stored? Do you know? Greed, Envy, 

ambition, desperation & poverty are key characters in this play that convert even the 

most corporately versioned employee. Add ignorance; lack of training, education & 

awareness; time pressure & general lack of ability into the pot & the mix becomes 

worse. This exercise is about protecting your most valuable corporate asset. 

CHAIRED BY: 

Charles V. Pask, Managing Director, ITSEC Associates Ltd 

Charles is responsible for delivering global IT security & IT audit services, including public training 

courses, in-house training courses, conferences & symposiums. Previously, he was a Director with MIS 

Training,& Director of Information Security Institute (ISI) European & Middle East e-Security Services. Mr. 

Pask has over 20 years’ experience in IT, IT audit,& IT security, & was the Information Security Manager 

for Alliance & Leicester plc prior to joining MIS. More recently Charles was the Global Head of Strategy, 

Development & Globalisation for he BT Business Continuity, Security & Governance Practice. 

FACILITATORS: 

Floris Van Den Dool, Security EMEA Lead, Accenture 

Floris provides services to several of Accenture’s main clients across all industries. Floris has been active 

in IT consulting & security for 20 years & lectures at Erasmus University in Rotterdam on the topics like 

Computer Architectures, IT auditing & Security. Currently he is helping a number of organisations with 

the security aspects of outsourcing as well as outsourced security services. 


In his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood & 

adequately mitigated in a cost effective manner throughout the organisation, both in the UK and in its 

overseas locations, & that assurance to this effect is provided to Executive, Senior and Line 

Management. Marcus has worked in IT for over 30 years, specialising in information risk & security for 

the latter 17 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, working in IT 

Advisory & specialising in information security strategy definition & implementation. Before that Marcus 

was Head of Information Security for Abbey National plc, a leading UK bank, a position he held for six 

years following seven years as Information Risk and Security Manager for Barclaycard, part of Barclays 

plc & Europe’s largest credit card issuer. 

information security. He has worked in diverse roles from consultancy to information security governance 

and strategy for blue-chip organisations. Prior to joining the ISF Mark was responsible for information 

security at a multinational FTSE 250 company. He believes in a risk-based, business-oriented approach 

to managing information risk, while complying with the requirements of internal standards, contracts, 

regulation and legislation. Mark runs global research projects for the ISF on all aspects of information 

security, including governance, standards, risk management and compliance. Mark is also responsible 

for the ISF’s Standard of Good Practice for Information Security. 

Michael Colao, Global CISO & Director Information Management, 

Dresdner Kleinwort 

Michael has been with Dresdner Kleinwort since 1999. He is the Director of Information Management. This role means 

that Michael is both the Global Head of Information Security for the Bank as well as the Global Head of Data Protection 

and Privacy. He has a strong side-interest in computer forensics & in the management of digital evidence. He 

graduated from the Massachusetts Institute of Technology in 1987 where he studied Mathematics & Computer 

Science. He has since lived in three continents & has lectured globally on security technology issues. Since 1996 has 

been working in Financial Technology in London. 

Paul Wood, Group Chief Security Officer, Aviva 

Paul has over 30 years experience in the security arena, dealing with crime, fraud, information security, counter-terrorist 

& executive protection. He worked in a number of security roles within government from 1974 until he retired in 1995 

from the Directorate of Security Policy, at the Ministry of Defence. He joined the Civil Aviation Authority / National Air 

Traffic Services as the Head of Corporate Security. From Jul 99 – Apr 06 he was the Chief Security Officer for UBS 

Investment Bank, with responsibilities for all aspects of physical & information security. In April 06 he assumed the 

appointment of Group Chief Security Officer for Aviva Group; he has responsibility for all aspects of security across the 

Group. Paul is a regular speaker on security matters. He is a member of the ISSA Advisory Board; a founder member 

& now Director on the Board of IISP & a member of many other professional security forums. He was awarded the 

MBE in the 1995 New Years’ Honours List. 

Dr. Cheryl Hennell, Head of IT Security and Information Assurance, 

Openreach 

Prior to her current position, Cheryl was a Senior Lecturer at the University of Portsmouth. Following 3 decades in the 

IT industry working for the Ministry of Defence, The Office of Population, Censuses & Surveys & as a European 

consultant for a blue chip organisation, she entered academia. Cheryl is an active CISSP & has recently been 

appointed as an ambassador for Childnet delivering training sessions in schools. Her academic interests lie in the 

analysis & design of information systems; developing secure information systems; business continuity & disaster 

recovery, & digital forensics. She designed, developed & led lectures on the BSc (Hons) Digital Forensics degree for 

the University of Portsmouth. 

EXPAND YOUR REACH (& BUDGET!) - MEET EUROPE’S FINEST 

INFORMATION SECURITY DIRECTORS ALL IN ONE PLACE! 

A learning & high level networking forum rather than a ‘trade show’, the CISO 

Summit is designed for people to share ideas & build trust based relationships – a 

unique event designed for the world’s elite information security directors & normally 

elusive & difficult to reach executives! Use this platform to influence clients & ensure 

your leading market position. CISO networking sponsorships have included 

receptions on a boat on the River Danube, a catamaran cruise in Barcelona, an 

exclusive beach front venue in Nice, through to dinner in the ancient wine cellars of 

Budapest & Grand Prix receptions. Other options range from exhibiting to 

participating on a panel discussion, presenting a keynote or sponsoring a facilitator 

for the ultimate benchmarking event - the interactive CISO Roundtable! Given that 

MIS’ background is in security & audit training, delegates typically comprise 95% 

‘practitioners’ (e.g. CISOs, Heads of IT Security rather than consultants or vendors). 

All sponsorship packages include a number of free client places, exhibition & 

speaking options. For more information, please contact Sara Hook, Conference 

Director on: +44 (0)20 7779 7200, or email shook@misteurope.com 

ABOUT THE VENUE 

Lisbon, the town of the seven hills & the Tagus river, capital of Portugal since 1147. 

With its gentle climate, abundant attractions & rich cultural diversity, it is a city with 

much to offer. One of the main saints' days will take place during your stay in Lisbon. 

There is a big parade on the night of the 12th June for St Antonio which makes its 

way along the Avenida da Liberdade. The old quarters of Alfama & Mouraria are 

particularly busy & celebrations continue until dawn. The Lisbon Marriott Hotel is 

only a 15 minute drive from Lisbon airport, & is situated in the business district. 

Mark Chaplin, Senior Research Consultant, Information Security Forum 

Mark is an information risk management professional with over 18 years of experience in IT and






5 EASY WAYS TO REGISTER 

Tel: +44 (0)20 7779 8944 Email: mis@mistieurope.com 

Fax: +44 (0)20 7779 8293 Web: www.mistieurope.com/CISO 

Mail: Guy Cooper, MIS Training, Nestor House, Playhouse Yard, London 

EC4V 5EX UK 

CUSTOMER INFORMATION 

When registering please quote ref: WEB 

(please print or attach business card) 

Title First name 

Surname 

Position 

Organisation 

E-Mail Address (Required) 

Address 

Country 

Postcode 

FREE GIFT 

Secure Your Place By 30th April 2009 & Receive 

a FREE 4GB Fast Secure Biometric Fingerprint USB 

2.0 Flash Memory Drive 

REGISTRATION INFORMATION (fees must be paid in advance of the event) 

Fee 

Free Gift (book 

by 30th April 2009) 

CISO Executive Summit & Roundtable 2009 (3-Days) £1,850 

CISO Executive Summit Only 2009 (2-Days) £1,495 

Included in the Fee 

Entry to 3-Day Event, CISO Dinner, CPEs, Certificates, Official Summit 

Workbook, Web-link to All Updated Presentation Materials. 

MIS Training Institute Terms & Conditions: MIS Training operates a 20 working 

day cancellation policy. Any cancellations received after 20 days or any delegate 

that does not attend will be subject to full payment. You may transfer to another 

conference for a transfer fee of 25% of the initial booking fee plus the difference 

between the value of the conference you are transferred to. Please note that the 

replacement course/conference must take place within 9 months of the initial 

application. Alternatively you may send another colleague to the initial booked 

course/conference without incurring any additional fees. 

PLEASE SEND ME INFORMATION ON 

3rd Annual Fraud & Corruption Summit 2009, 

18 - 20 March 2009, The Dominican Hotel, Brussels - Belgium 

Effective Audit & Investigation for Improved Tax Compliance - Africa 2009, 

11 - 14 May 2009, Abuja - Nigeria 

4th Annual Audit, Risk & Governance Africa Conference 2009, 

21 - 24 July 2009, The Speke & Commonwealth Munyonyo Resort‚ Uganda 

3rd Annual Chief Security Officer (CSO) Summit 2009, 

16 - 18 September 2009, Barcelona‚ Spain 

Conferencia Latinoamericana: Gobernanza, Riesgo y Auditoria 2009, 

13 -16 Octubre 2009 - Mexico 

Audit, Risk & Governance Middle East 2009, 

2 - 4 November 2009, Dubai - UAE 

2nd Annual CISO Executive Summit - Middle East 2009, 

9 - 11 November 2009, Shangri-La’s Barr Al Jissah Resort, Muscat -Sultanate of Oman 

2nd Annual Security Africa Summit 2009, 

17 -20 November 2009, Labadi Beach Hotel, Accra - Ghana 

2nd Annual Digital Evidence Conference, 7th - 9th December 2009, Doha - Qatar 

Founded in 1978, MIS Training Institute is the international leader in providing training & 

conferences to information security, audit, fraud & IT audit professionals. With offices in 

the USA, UK, & Asia, MIS is a division of Euromoney Institutional Investor Plc (FTSE250) 

and is part of the Daily Mail & General Trust (DMGT). www.mistieurope.com 

Telephone 

Fax 

The information you provide will be safeguarded by the Euromoney Institutional Investor Plc. group whose 

subsidiaries may use it to keep you informed of relevant products and services. We occasionally allow 

reputable companies outside the Euromoney Institutional Investor Plc. group to contact you with details of 

products that may be of interest to you. As an international group we may transfer your data on a global 

basis for the purposes indicated above. If you object to contact by telephone , fax , or email 

please tick the relevant box. If you do not want us to share your information with other reputable companies 

please tick this box 

PAYMENT METHOD 

(all fees must be paid in advance of the event) 

Pay Online at www.mistieurope.com 

Cheque enclosed 

Please invoice my company PO# 

(payable to MIS Training) 

Credit cards can be taken over the phone only. Please call +44 (0)20 7779 8944 

Please include billing address if different from address given above 

Please note that in completing this booking you undertake to adhere to the 

cancellation policy and payment terms. 

Signature 

Approving Manager 

Date 

Position 

SUMMIT VENUE & ACCOMMODATION 

The CISO Executive Summit & Roundtable will take place at: 

Marriott Lisbon, Avenida Dos Combatentes 45, Lisbon, PT 1600-042, Portugal 

Tel: +351 217 235 562, Fax: +351 217 264 418 

www.marriott.com/lispt 

Discounted bedroom rate for CISO Summit 2009 - 140 euros B&B (inc. tax). 

The Marriott Lisbon Hotel is one of the 

best hotels in Lisbon, providing the 

warmest introductions to this 

spectacular area. Guest rooms achieve 

an extraordinary balance of luxury & 

function, with the comfort of the new 

Marriott bedding, high-speed Internet 

connection & balconies with dazzling 

views of the city. Or upgrade to one of 

our Concierge levels, with its enhanced 

amenities & services. Visit the wellequipped 

fitness room for an 

invigorating workout. For a relaxing 

repast, Citrus Bar & Restaurant offers 

fine Portuguese & Mediterranean cuisine 

paired with a selection of local wines. 

24-hour room service is available. 

TO REGISTER CALL +44 (0) 20 7779 8944 FAX +44 (0) 20 7779 8293 

EMAIL MIS@MISTIEUROPE.COM OR VISIT WWW.MISTIEUROPE.COM/CISO

EXECUTIVE SUMMIT & ROUNDTABLE 2009 - MIS Training

Create successful ePaper yourself

Delete template?

Save as template?