EXECUTIVE SUMMIT & ROUNDTABLE 2009 - MIS Training

More documents

Recommendations

Info

CISO EXECUTIVE SUMMIT & ROUNDTABLE 2009 DELIVERING PRAGMATIC & VALUE-ADDING SECURITY: REALISTIC SECURITY FOR BUSINESS REALITIES “Definitely worth the money within the first half day" IT Security Officer, European Court of Auditors MARRIOTT HOTEL, LISBON 10 – 12 JUNE 2009 Dear Colleague, Defined by the Information Security Directors who attend this event, the 6th CISO Executive Summit & Roundtable 2009 will convene 10th – 12th June 2009 in the cultural city of Lisbon. The timely theme for 2009 is “delivering pragmatic & value-adding security: realistic information security for business realities”. How can you ensure that your security strategy remains focused, uncompromised & integral to the business? What do you see as your leading security challenges & priorities for the year ahead? What are valid roles for today’s CISO? How do you manage information security to strategic advantage? The 2009 international speaker panel, made up of information security directors from Europe’s leading organisations such Novartis Pharma AG; BT, Credit Suisse; DVLA; Openreach; Microsoft; Lloyd's; Deutsche Bank; Information Security Forum; Standard Chartered Bank; Dresdner Kleinwort; DHL; Aviva; Canon Europe, is firmly placed to answer your most pressing questions. Case studies, panel debates & high profile keynotes will probe the CISO role & changing business realities - offering a rare & candid insight into how leading CISOs are approaching information security in today's economic climate. Agenda at a Glance… DAY ONE: Delivering Pragmatic & Value-Adding Security DAY TWO: Information Security Risk: A Comprehensive & Balanced Risk Management Approach DAY THREE: CISO Roundtable 2009 – Apply your information security experience to deliver beneficial results. Includes NEW closed session where those who have agreed to a confidentiality agreement can attend & discuss real life security issues! No nonsense focus & dedicated discussion time on: • Demonstrating value of information security to the business • Balancing budget constraints to match economic realities • Creative user awareness & dealing with human greed & error! • Keeping up with security trends & new cyber risks • Meeting regulatory compliance & strengthening information governance • Attracting & retaining specialist security employees • Protecting data & intellectual property • Mission-critical security controls to avoid high profile incidents Gain ultimate value & benefit by staying on the CISO Roundtable Friday 12th June 2009! Lively debate is guaranteed at the unrivalled benchmarking forum– held under Chatham House Rule. A new closed session will allow people who have signed an agreement in advance to share solutions on sensitive security incidents & challenges as you expand your global security network with professionals who face the same set of challenges as you. Thank You Sincere thanks to the world-leading security experts, solution providers, associations, & delegates within the information security community who have played a major role in contributing to the programme. A special thank you goes out to all the speakers for their time & contribution, & also to the supporting organisations. MIS Training wishes you an enjoyable & productive time at the summit, and looks forward to meeting you in Lisbon this June. GOLD SPONSOR Accenture Accenture’s security practice helps clients secure their data, protect identities & build trusted relationships with their customers, constituents & partners, resulting in improved performance & increased business value. Accenture’s approach to security helps client reduce costs, increase profitability & reduce complexity, leveraging world class technology that addresses today’s needs and helps clients effectively prepare for the future. A global management consulting, technology services & outsourcing company, Accenture combines unparalleled experience, comprehensive capabilities across all industries & business functions, & extensive research on the world’s most successful companies to help clients become high-performance businesses & governments. With more than 186,000 people serving clients in over 120 countries, the company generated net revenues of US$23.39 billion for the fiscal year ended Aug. 31, 2008. SILVER SPONSOR Seagate The worldwide leader in the design, manufacture & marketing of hard drives, providing products for a wide range of enterprise, desktop, mobile computing & consumer electronics applications. The Seagate business model leverages technology leadership & world-class manufacturing to deliver industry-leading innovations—like the Seagate Secure family of self-encrypting hard drives that automatically and transparently protect confidential information on all hardware platforms— & to be the low cost producer in all markets in which it participates. The company is committed to providing award-winning products, customer support and reliability to meet the world's growing demand for information storage. Seagate can be found around the globe & at www.seagate.com CISO ROUNDTABLE LEAD SPONSOR NetWitness NetWitness Corporation provides patented, next generation network and host-based security solutions that help public and private organizations discover, prioritize and remediate complex IT risks. Users of NetWitness NextGen and InSight solutions concurrently solve a wide variety of information security problems including: advanced persistent threat management; sensitive data discovery and data leakage protection; malware activity detection; insider threat management; policy and controls verification and e-discovery. Originally developed for the US Intelligence Community, NetWitness has evolved to provide enterprises around the world with breakthrough methods of network content analysis and host-based risk discovery and prioritization. NetWitness customers include Defense, National Law Enforcement and Intelligence Agencies, Top US and European Banks, Critical Infrastructure, and Global 1000 organizations. NetWitness has offices in the U.S. and the U.K. and partners throughout Europe, the Middle East, South America and Asia. For more information and to try our software visit: www.netwitness.com. COCKTAIL SPONSOR BT A global networked IT services organisation with a long-established, respected reputation for providing solutions that address all aspects of security & business continuity across all markets. It has a comprehensive suite of security services for customers, based on a proven consultancy approach, deep technical knowledge & extensive experience. BT's team includes world-leading security consultants with an unparalleled resource of knowledge & skill. It has an in-depth understanding of both national & international standards, & is accredited by a number of government organisations. BT has implemented security measures across its own global organisation where the scale & complexity of the operation is matched by few other companies. GIGABYTE SPONSOR Aveska Offering a new approach to access governance that orchestrates people, process, policy, & technology with business-friendly solutions that foster acceptance by business managers, collaboration among all stakeholders, & accountability in all appropriate areas of the organization. Our solutions: • Establish and maintain the visibility of user access entitlements wherever they reside within the enterprise’s information resources. Managers can easily see all access entitlements for which they are accountable. • Provide the context and processes that enable business managers to participate in governing user access. Managers can readily understand the processes and why they exist, and they can execute them quickly and easily to keep up with the rapid pace of change. • Enforce policies to ensure that access is appropriate, compliance objectives are met and business risks are avoided. Policy enforcement is automated and easy to monitor. • Work in conjunction with existing security enforcement technologies such as user provisioning. Seamless integration simplifies implementation and continuing operation of all Aveksa products. SUPPORTING PARTNERS Information Security Forum ISF is recognised as the world’s leading Information Security organisation & independent industry authority. Through its members, the ISF brings together & harnesses the knowledge & experience of over 300 major international business & government agencies to meet the increasing demand for practical, business-driven solutions to information security & risk management problems. Current ISF projects focus on a wide range of issues including security & legislation, identity management, patch management, information risk, & VOIP. This In-depth research eliminates the need for ISF members to develop their own in-house solutions & delivers rapid return on investment. The Information Security Forum is an independent, not-for-profit organisation, established in 1989. It is owned & governed by its members & managed by a professional team. For more information about the ISF visit www.securityforum.org ASIS International ASIS International (ASIS) is the largest organisation for security professionals, with more than 35,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness & productivity of security professionals by developing educational programs & materials that address broad security interests, such as the ASIS Annual Seminar & Exhibits and the Annual ASIS International 7th European Security Conference, 13-16 April 2008 in Barcelona, as well as specific security topics. ASIS also advocates the role & value of the security management profession to business, the media, governmental entities, standardisation bodies and the public. By providing members & the security community with access to a full range of programs & services, & by publishing the industry's number one magazine - Security Management - ASIS leads the way for advanced & improved security performance. www.asisonline.org (ISC)2 The International Information Systems Security Certification Consortium, Inc. [(ISC)2®] is the internationally recognised Gold Standard for certifying information security professionals. Founded in 1989, (ISC)2 has certified over 54,000 information security professionals in 135 countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong & Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP“) & related concentrations, Certification & Accreditation Professional (CAPCM), & Systems Security Certified Practitioner (SSCP“) credentials to those meeting necessary competency requirements. The CISSP, CISSP-ISSEP“, CISSPISSAP“ & SSCP are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing & certifying personnel. (ISC)2 also offers a continuing professional education program, a portfolio of education products & services based upon (ISC)2’s CBK®, a taxonomy of information security topics, & is responsible for the annual (ISC)2 Global Information Security Workforce Study. More information is available at www.isc2.org. © 2007, (ISC)2 Inc. (ISC)2, CISSP, ISSAP, ISSMP, ISSEP, SSCP & CBK are registered marks & CAP is a certification mark of (ISC)2, Inc. (ISC)2® (“ISC squared”) is the non-profit global leader in educating & certifying information security professionals throughout their careers. ISSA - UK & EMEA The Information Systems Security Association (ISSA)® is a not-for-profit international organisation of information security professionals & practitioners. It provides education forums, publications & peer interaction opportunities that enhance the knowledge, skill & professional growth of its members. UK & EMEA London & Belgium ISACA – Belgium & London Chapters ISACA’s membership is more than 65,000 strong worldwide & is characterised by its diversity. Members cover a variety of professional IT-related positions, to name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer & internal auditor. ISACA has more than 170 chapters established in over 70 countries worldwide, & those chapters provide members education, resource sharing, advocacy, professional networking & a host of other benefits on a local level. Its Certified Information Systems Auditor (CISA) certification is recognised globally & has been earned by more than 50,000 professionals since inception. The Certified Information Security Manager (CISM) certification uniquely targets the information security management audience & has been earned by more than 6,500 professionals. For more information e-mail the membership department at membership@isaca.org or visit to www.isaca.org Jericho Forum Members of the Jericho Forum recognize that over the next few years, as technology & business continue to align closer to an open, Internet-driven networked world, the current security mechanisms that protect business information will not scale to meet the increasing volumes of transactions & data of the future. A new approach is needed, to move from the traditional network perimeter down to the individual networked computers & devices – & ultimately to the level of the data being sent over the networks. This process has been described as ’reperimeterization' followed by ultimate 'de-perimeterization' RECRUITMENT PARTNERS Barclay Simpson Barclay Simpson is the leading company in corporate governance recruitment in the UK, having specialised in corporate governance since 1989. During this time, Barclay Simpson have developed close relationships with all of the recruiting companies in the corporate governance marketplace & built up a comprehensive candidate database. Because of the size of the market, this means that they know most of the people working within it. Barclay Simpson specialise in jobs within Compliance, Internal Audit, IT Audit, Information Security & Risk Management. Information Security Solutions Information Security Solutions are a specialist recruitment company, dealing with Information Security, IT Risk, IT Audit and Business Continuity/Disaster Recovery. Many of the world's most experienced security practitioners are exclusively registered with us and we have an extensive database of Candidates within the Information Security industry. Information Security Solutions offer very competitive rates. Please contact us today to discuss how we can help you with your requirements and to receive our Terms and Conditions. SSR® Personnel Service Ltd SSR® is the largest recruitment consultancy dedicated to the security, fire, health & safety sectors in Europe, operating in 20 countries. With a global presence in North America & partners in Asia & Eastern Europe, we are accredited with ISO 9001:2000. For details of our opportunities & open vacancies visit our web site www.ssr-personnel.com MEDIA SUPPORTERS IT Risk Space
CISO EXECUTIVE SUMMIT & ROUNDTABLE 2009 DELIVERING PRAGMATIC & VALUE-ADDING SECURITY: REALISTIC SECURITY FOR BUSINESS REALITIES “Definitely worth the money within the first half day" IT Security Officer, European Court of Auditors MARRIOTT HOTEL, LISBON 10 – 12 JUNE 2009 DAY ONE: WEDNESDAY 10TH JUNE 2009 DELIVERING PRAGMATIC & VALUE-ADDING SECURITY KEYNOTE CASE STUDY KEYNOTE CASE STUDY PANEL CASE STUDY 08:00 REGISTRATION & COFFEE 08:30 CHAIRMAN’S OPENING Marcus Alldrick, CISO, Lloyd's In his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood & adequately mitigated in a cost effective manner throughout the organisation, both in the UK and in its overseas locations, & that assurance to this effect is provided to Executive, Senior and Line Management. Marcus has worked in IT for over 30 years, specialising in information risk & security for the latter 17 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, working in IT Advisory & specialising in information security strategy definition & implementation. Before that Marcus was Head of Information Security for Abbey National plc, a leading UK bank, a position he held for six years following seven years as Information Risk and Security Manager for Barclaycard, part of Barclays plc & Europe’s largest credit card issuer. 08:40 THE FUTURE OF INFORMATION SECURITY Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort Michael has been with Dresdner Kleinwort Wasserstein since 1999. He is the Director of Information Management.This role means that Michael is both the Global Head of Information Security for the Bank as well as the Global Head of Data Protection and Privacy. He has a strong side-interest in computer forensics & in the management of digital evidence. He graduated from the Massachusetts Institute of Technology in 1987 where he studied Mathematics & Computer Science. He has since lived in three continents & has lectured globally on security technology issues. Since 1996 has been working in Financial Technology in London. 09:40 KEYNOTE Dr. Alastair MacWillson, Managing Director of Global Security Practice, Accenture 10:10 FROM A TIME OF CRISIS COMES A TIME OF CHANGE • The crisis explained • Where are we now? • The time for change... • What's next for Nationwide? • Our principles for success • Top ten learning points • What's been achieved and how? Phil Genge, Head of Information Security, Nationwide Building Society Phil has over 15 years experience within the UK financial services industry. 10 of these 15 years have been spent as a qualified management consultant specialising in cultural change, business process reengineering & strategy design. In April 2007 he assumed the role of Head of Information Security at Nationwide Building Society (a business with assets of c. £170bn with 13m customers and 20000 employees) with a specific brief to address the 133 issues raised as a result of a fine received from the FSA in respect of a data breach. 2 years on he remains in post leading a team of 52 professionals providing expert risk oversight, consultancy & security operations to the Group. 10:40 MORNING COFFEE BREAK & EXHIBITION 11:10 MANAGING INFORMATION SECURITY FOR STRATEGIC ADVANTAGE Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG Andreas, CISO, CISA, CISSP, leads IT Security & Security Emergency Response globally across the corporation. In this role he & his team are responsible for the planning & supervision of Novartis’ worldwide computer & network information security systems, defining the company’s IT security policies, baselines & standards & enhancing the security of Novartis IT services & global infrastructure. Andreas has more than 12 years’ experience managing all aspects of information technology management, with deep expertise in rapidly changing, highly demanding large-scale environments. Prior to joining Novartis Pharmaceuticals, Andreas worked for Ciba Geigy & IBM on various IT projects covering different aspects of information technology. 11:40 LOCK UP THE DATA - NOT THE CEO. SAFEGUARDING DATA WITH SEAGATE SELF-ENCRYPTING HARD DRIVES Joel Bernard, Sales Development Manager, Seagate Technology 12:05 IS INFORMATION SECURITY RELEVANT TO YOUR BUSINESS STRATEGY? Communicating with top management in business language is essential. A CISO needs to understand where information security can contribute to specific elements of your business strategy & must then convince senior managers that what you are doing is a benefit to the business. This tone-setting session will give examples of generic business strategy elements & the contribution information security can make to ensuring business success. Dr. Frank Marsh, Associate, BurrillGreen Ltd Frank is an exceptional & internationally renowned information security specialist covering all aspects of information security including physical, digital, oral & intangible forms, & the prevention, detection and investigation of information leakage. He has a PhD from Liverpool University where he worked under Professor (now Sir) David King. He did post-doctoral research before working in the University Computer Laboratory. For 25 years, until 2008, he worked for BAT Industries/British American Tobacco in a broad range of business roles, & from 1995 as Global Information Security Manager. Working with BAT‘s business operations globally, he also became the deputy CSO. In 2001, he was elected, by the UK membership, to the global Council of the Information Security Forum (ISF) and was elected by that council of his peers to the ISF Executive a year later. 12:45 LUNCH 13:45 CREATING VALUE & TRUST BETWEEN INFORMATION SECURITY & THE BUSINESS DURING DIFFICULT TIMES: TRANSFORMING INFORMATION SECURITY TO MISSION-CRITICAL SECURITY As executive boards are threatening to reduce security resource & IT budgets are cut, how can you ensure that your security strategy remains integral to the business & that security is not compromised? Evidence suggests that information leakage & industrial sabotage activity increases in such an economic climate so this is no time to be cutting back on intelligence, security controls & governance operations! • Measuring true security benefits while avoiding reliance on key performance indicators • Can the trust brought by online security really drive bottom line results? • Adopting cost cutting strategies versus maintaining business security & sustainability • Top tips to create value between information security & the business • Understanding the urgent imperative for your business • Steering a top security team through the global downsizing trend • Finding new ways to do things Chaired by: Ray Stanton, Global Head of Business Continuity, Security & Governance Practice, BT Panellists: Daniel Barriuso, Head of IT Risk EMEA, Credit Suisse; Dave Pope, Head of Information Security - Information Assurance Group, DVLA; Mark Concar, AEB Data Security Director, Standard Chartered Bank; Walid Kamal, VP, Technology Security Risk Management, DU Telecom, United Arab Emirates; Valerie Jenkins, Head of Information Security, Zurich Financial Services; Julia Harris, Head of Information Security, BBC 14:20 LINING UP ASSURANCE & IDENTIFYING YOUR TOP INFORMATION RISKS: INTERNAL AUDIT & INFORMATION SECURITY Dave will run an interactive session of value to those who have audited risk frameworks, as well as those who have responsibility for them. The session will cover how to identify your top information risks & will include a case study on DVLA, how the risk framework was introduced, the role of the CISO & Internal Audit in this process & how to “keep it real”. Dave Pope, Head of Information Security - Information Assurance Group, DVLA, UK Dave is also a Member of the Institute of Internal Auditors, a Registered Risk Practitioner & Member of the Institute of Risk Management. Currently the Head of Information Security at DVLA, he is also the Network Accreditor. He has the responsibility for the security of one of the UK’s biggest on line organisations, & has responsibility for ensuring compliance with the recent Cabinet Office data handling guidelines. Previously Dave was the Corporate Risk Manager at DVLA & won the award given by ALARM as UK Risk Manager of the year. Dave started his working life as an Internal Auditor & has worked in several public organisations including HM Treasury & Ordnance Survey, mainly in the IT field. He has managed IT infrastructures as well as audited them so has experience of seeing both sides of information handling. He lectures within the UK and internationally on Risk Management, and is an Associate Lecturer for the National School of Government. Dave also runs a small sheep farm in West Wales! 14:50 SECURING INFORMATION THROUGH TIMES OF EXTENSIVE CHANGE Mark Concar, AEB Data Security Director, Standard Chartered Bank 15:20 HOW TO USE YOUR INFORMATION SECURITY SKILLS TO ADD TO THE BOTTOM LINE Quentyn Taylor, Director of European Information Security, Canon Europe 15:50 AFTERNOON TEA BREAK 16:20 COP TO CONSULTANT - DELIVERING GLOBAL CONSISTENCY IN INFORMATION SECURITY Paula J. Chlebowski, Head of Group Information Security, HSBC Holdings plc 16:50 SECURITY & PRIVACY ASSURANCE IN OUTSOURCING & OFFSHORING A NEW CHALLENGE • The seven lifecycle stages of outsourcing contracts • Maintaining security & privacy throughout the contact lifecycle • Are there new/additional security risks? • What needs to be considered during due diligence of offshore suppliers? • Assurance & conformance audits • Change management • Incident management • Specification of subject access request (SAR) process with the vendor • Ensure vendor continuity plans meet specified business needs including; backups, recovery, standby & people • Management & change of cryptographic keys • Agree the security & business processes for the transformation of IT & security solutions over the life of the contract • Third parties & subcontracts • What are the future challenges? Bill Pepper, Director of Security Risk Management, Computer Sciences Corporation Bill has a lifetime of experience as a professional corporate & information security & privacy manager. Following a distinguished career in information security with thee Royal Air Force he has obtained a significant reputation as an expert in these areas, & particularly in privacy & security risk management. In addition to all aspects of security, including information, personnel & physical, Bill is also responsible for Data Protection within CSC’s EMEA Northern Region supported by a specialist Data Protection team. Latterly he has developed significant experience in the areas of outsourcing & off-shoring from the perspectives of both outsourcing services & also running other organisations outsourced services. 17:20 HUMAN ERROR: THE TOP SECURITY CONCERN IN A MULTI-NATIONAL ORGANISATION? • Creating an effective (& fun!) training & awareness programme • To recommendations for writing an awareness policy that works • Enforcing consequences • Make it easy to do the right thing Paul Wood, Group Chief Security Officer, Aviva Group Paul has over 30 years experience in the security arena, dealing with crime, fraud, information security, counter-terrorist & executive protection. He worked in a number of security roles within government from 1974 until he retired in 1995 from the Directorate of Security Policy, at the Ministry of Defence. He joined the Civil Aviation Authority / National Air Traffic Services as the Head of Corporate Security. From Jul 99 – Apr 06 he was the Chief Security Officer for UBS Investment Bank, with responsibilities for all aspects of physical & information security. In April 06 he assumed the appointment of Group Chief Security Officer for Aviva Group; he has responsibility for all aspects of security across the Group. Paul is a regular speaker on security matters. He was awarded the MBE in the 1995 New Years’ Honours List. 17:50 THE COMMON SENSE & NONSENSE OF JUSTIFYING SECURITY INVESTMENTS Infosecurity accounts for 10% or less of IT budgets - & increasingly management demands robust business cases to justify expenditures. Experienced practitioners know that this is the equivalent of writing technology fiction - the costs are reasonably well known but the benefits are often pure fantasy as security metrics are not a mature topic &management is not interested in technical metrics - they want to know the cost of information leaks, corrupt data & downtime & some of these events are outside the control of the IT function. • Metrics that make sense to non-IT & non-security people • The need to identify accountability for delivering benefits • The true cost of insecurity • The language that helps get a business case approved • How the audit function can help support the business case • How to identify a nonsensical business case Dr. Eduardo Gelbstein, Adjunct Professor, Webster University (Geneva), Former Advisor to the UN Board of Auditors and Former Director, UN International Computing Centre Ed has been an IT practitioner since the 1960s, during which time he worked as project manager, systems architect & executive in several organisations & different countries until 2002, when he was invited to become an auditor, an activity that he continues to develop as an advisor to the United Nations Board of Auditors & the French National Audit Office. Ed also teaches an MBA course on business systems management in Geneva, Switzerland & is a Senior Fellow of the United Nations Institute for Training & Research. He has authored several books & articles. 18:20 CHAIRMAN’S CLOSE OF DAY ONE 18:30 - 20:00 CISO Port & Wine Tasting Reception, Lisbon: Kindly Sponsored by: 20:00 - 22:00 CISO FADO DINNER, LISBON (PROVISIONAL) STUDY CASE STUDY CASE CASE STUDY CASE STUDY CASE STUDY KEY CASE STUDY
Page 1: EUROPE’S PREMIER EVENT FOR INFORM
Page 5 and 6: CISO EXECUTIVE ROUNDTABLE 2009 DELI

EXECUTIVE SUMMIT & ROUNDTABLE 2009 - MIS Training

Create successful ePaper yourself

Delete template?

Save as template?