EXECUTIVE SUMMIT & ROUNDTABLE 2009 - MIS Training

More documents

Recommendations

Info

CISO EXECUTIVE SUMMIT & ROUNDTABLE 2009 DELIVERING PRAGMATIC & VALUE-ADDING SECURITY: REALISTIC SECURITY FOR BUSINESS REALITIES “Definitely worth the money within the first half day" IT Security Officer, European Court of Auditors MARRIOTT HOTEL, LISBON 10 – 12 JUNE 2009 CASE STUDY CASE STUDY PANEL KEY INSIGHTS CASE STUDY DAY TWO: THURSDAY 11TH JUNE 2009 INFORMATION SECURITY RISK: A COMPREHENSIVE & BALANCED RISK MANAGEMENT APPROACH 08:15 WELCOME BREAKFAST KINDLY SPONSORED BY: 08:40 CHAIRMAN’S RE-OPENING Charles V. Pask, Managing Director, ITSEC Associates Ltd 08:45 PATCH MANAGEMENT: INCREASINGLY A FACET OF EFFECTIVE RISK MANAGEMENT Patch management is nothing new; by now we should have moved away from the 'install & forget' days of old to a position of comprehensive patch management across the enterprise. Nevertheless, we still see the exploitation of vulnerabilities hitting the headlines with many organisations not only vulnerable to attack but successfully attacked & exploited. In this presentation we examine the increasingly critical role of Patch Management in the overall risk management framework & in doing so we look at: • The underlying trends driving the need for Patch Management to be proactive & preventative, not reactive & curative • What effective Patch Management looks like & what key considerations need to be taken into account • Why Patch Management in isolation is ineffective & how it fits into the bigger scheme of things • How people & process play as important a role as technology in making effective Patch Management a reality Marcus Alldrick, CISO, Lloyd's 09:20 MANAGING THIRD PARTY DATA SECURITY • Importance of managing data security across third parties & supply chain • Understand ownership & main responsibilities • Key contractual requirements • Future and trends in managing data security throughout the supply chain Daniel Barriuso, Head of IT Risk EMEA,Credit Suisse Daniel Barriuso is the Head of IT Risk for EMEA and Global Asset Management at Credit Suisse. He is responsible for managing IT Risk and Information Security across more than 18 countries in Europe, Middle East and Africa, as well as globally for the Asset Management Division. Prior to joining Credit Suisse, Daniel was the Director of the Europe Information Security and Technology Risk Assessment departments at ABN AMRO Bank N.V. in London, where he developed and pioneered successful risk assessment methodologies. Daniel also dedicates his time as a professor in the Security Post-Graduate Master course at the "Universidad Politecnica de Madrid", where he teaches and researches in the areas of IT governance and management of security investment. He is currently a member of the Investment Banking Information Security Group (IB SIG) and is a frequent speaker and contributor in IT risk forums and events. 09:50 WHAT EVERY CISO SHOULD KNOW ABOUT INDUSTRIAL ESPIONAGE: MANAGING THE BROADER THREATS TO INFORMATION SECURITY Tony Crilly, Managing Director, Saladin Technical Services plc Following on from a distinguished career in the British Army (which included five years in Northern Ireland on surveillance tasks involving the use of specialist technology on counter terrorist operations), Tony joined the commercial sector in 1988 & management consultancy in 1991. He has held a number of senior positions within the industry & has worked in countless countries worldwide on complex investigations & assignments including protective security during the critical negotiations for the multi-billion Al Yamamah II deal & for the world premier of the Eurofighter Typhoon Aircraft. More recently, in addition to managing Saladin Technical Services, he has been involved in the development of standards within the Security Industry & on International approaches to Nuclear and Radiological Security (non-proliferation), working in association with NATO, the NNSA (USA) & MinAtom (Russian Federation). 10:20 MORNING COFFEE BREAK & EXHIBITION 10:50 WHAT ARE THE KEY EMERGING SECURITY & E-CRIME RISKS? DETECTING MASSIVE CONTROL FAILURES – IS THIS A ROLE FOR TODAY’S SECURITY CHIEFS? Heads of Information Security & experts list their top ‘hot buttons’ & focus for 2009 & beyond, sharing the latest threats they face, as well as their planned security strategy going forward & key lessons for other industry sectors. • What are the top 3 technology risks & trends on your priority list? • How has the global financial crisis & the uncovering of recent high profile frauds impacted your approach to security? • How to manage social networking vulnerabilities • The threat of social engineering to hijack sensitive information • How far to police or trust staff, & how to maintain thought leadership across highly networked groups of staff • How will emerging risks (malware & attack vectors, viruses) affect your organisation? • What are your plans to test your security strategy & take a proactive stance? • Recommendations going forward • Protecting your organisation from the greed of top execs: a valid role for today’s CISO? Chaired by: Paul Wood, Group Chief Security Officer, Aviva Panellists: Philippe Huard, Seagate Technology; Jorge Pinto, Chief Security Officer, InfoSec.ONline.pt, Portugal; Edward P. Gibson, FBCS*, Chief Cyber Security Advisor, Microsoft Ltd (UK); Sarb Sembhi, President, ISACA London Chapter; Robert Coles, Global CISO, Merrill Lynch Neil Jarvis, Head of IT Security, IT Risk and Business Continuity, DHL Exel Supply Chain 11:35 AWARENESS RAISING: MAKING ‘THE RISK, OUR INFORMATION, YOUR RESPONSIBILITY’ & OTHER AWARENESS MATERIAL As you know, raising the awareness of colleagues about information risks is becoming increasingly important. However, the impact of many of the older ways of doing this has declined, perhaps given that they have become rather tied & dated. One of Mark’s responsibilities has been to address this, which has involved the making of a film, road shows, poster campaigns etc. The Barclays approach has been different & innovative, & these initiatives have attracted a number of awards. This is a multimedia presentation that will grab your attention & will stimulate further debate amongst the audience • Our approach • The impact it’s had • The lessons learned • Next steps Mark Logsdon, Information Risk Management, Barclays 12:35 WHY SECURE CODING IS NOT ENOUGH John Colley, Managing Director EMEA, (ISC)2 EMEA 13:10 LUNCH 14:15 INTERACTIVE SESSION – PLEASE SELECT YOUR PREFERRED BREAK- OUT…. BREAK-OUT A: HOW HACKERS GET & CRACK PASSWORDS? Jason Hart BREAK-OUT B: THE CONVERGING WORLDS OF PHYSICAL & DIGITAL SECURITY – INTERACTIVE SESSION! An interactive session - participants will examine some of the processes where convergence can cause conflict. You will work in small groups & consider processes such as investigations & physical/digital access control. How are operational boundaries defined? How are responsibilities managed? Who controls the budget & resources? What are the key steps for a CISO to take? Dr. Frank Marsh, Associate, BurrillGreen Ltd 14:55 PRIVACY ENHANCING TECHNOLOGIES (PET's) Although privacy enhancing technologies have been researched for the past 20 years, it's only recently that they have found a new & enthusiastic audience, spurred on by data breaches in the public & private sector. The UK's Information Commissioners Office has embedded their use into their privacy by design initiative & the European Commission publicly backs the development & application of these technologies within industry & through its research programme. PET's: What are they anyway? Why should I care? What options are available to me now? How are they likely to develop in the short to medium term? What tools are available to me enable them to be embedded into my organisation? Paul Hopkins, Head of Network Vulnerability Intelligence e-Security Group, University of Warwick 15:30 AFTERNOON TEA BREAK & SPONSORS’ PRIZE DRAW 15:50 SECURITY VS. PRIVACY The panel will discuss how to deal with areas of potential conflict between privacy & security. • What do we mean by privacy? Information about us? Information belonging to us? Space we regard as ours like a phone or bag? Our physical privacy - searches? • What is the privacy role of the CISO? • Should there be a "privacy officer" separately from the Security team? • How does a CISO balance the need for privacy during investigations? • Do you prevent, allow and monitor or allow & not monitor? Who sets the rules? Chaired by: Dr. Frank Marsh, Associate, BurrillGreen Ltd Panellists: Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort; Marcus Alldrick, CISO, Lloyd's; Paul Hopkins, Head of Network Vulnerability Intelligence e-Security Group, University of Warwick; Mark Chapman, Senior Research Consultant, Information Security Forum; Janet Day, IT Director, Berwin Leighton Paisner LLP 16:30 CONSUMER APPLICATIONS: CREATING SECURITY PROBLEMS? Consumer applications such as Skype & Gmail have caught the imagination of the corporate world. With easy access & zero cost many organisations are assessing these applications for use internally. Users are also demanding access to some of these applications on the basis of productivity, ease of use & personal experience. Whilst there are business versions of these applications the uptake may be via the consumer products. This presentation explores the risks that organisations may be exposed to by adopting these applications or allowing users to access these applications with insufficient guidelines. Neil Jarvis, Head of IT Security, IT Risk and Business Continuity, DHL Exel Supply Chain With over 14 years experience in both commercial & government information systems security & a proven track record in the specification, design & implementation of complex IT & security infrastructure solutions to meet business requirements. Neil’s experience includes network infrastructure, server infrastructure, operating systems security, application security, information security, penetration testing, disaster recovery, business continuity, business requirements gathering, analysis, interpretation & delivery of pragmatic cost effective solutions. 17:10 PROTECTING INFORMATION IN THE END USER ENVIRONMENT Mark Chaplin, Senior Research Consultant, Information Security Forum 17:50 SINTRA DINNER - KINDLY SPONSORED BY: Networking Diary at CISO Summit 2009! Meeting your information security peers to exchange ideas & build trust-based networks is an integral part of the CISO Summit. As such, MIS & Sponsors have set aside dedicated time for networking, which will allow you to enjoy your time in Lisbon. Activities listed below are provisional. Further details will be announced soon! 9TH JUNE 2009 - Welcome Drinks in the Garden of the Marriott Lisbon Hotel Meet & make strong first impressions as participants arrive the evening before the summit starts! 10TH JUNE 2009 CISO Port & Wine Tasting Reception, Lisbon: Kindly Sponsored by Taste a selection of ports & wines with security peers at an historical Pombal cellar in the heart of Lisbon historical city centre, with a presentation on the Portuguese vineyard, different regions, different types of Port wines & the Portuguese grape varieties. Followed by CISO Fado Dinner, Lisbon Join the group for dinner at one of the most reputable & authentic Fado Houses, where several singers will perform during the course of the evening. 11TH JUNE 2009 Sintra Evening Tour & Dinner Overlooking the Beach: Kindly Sponsored by Sample the rich history & culture that the region has to offer with peers in rustic Sintra, just outside Lisbon. Explore the charming picturesque town of Sintra, stopping off for drinks at one of the quaint bars for a reception. A short drive away, a delicious fish dinner will then be served in a restaurant overlooking the sea. ACADEMIC INSIGHT PANEL CASE STUDY
CISO EXECUTIVE ROUNDTABLE 2009 DELIVERING PRAGMATIC & VALUE-ADDING SECURITY: REALISTIC SECURITY FOR BUSINESS REALITIES “Definitely worth the money within the first half day" IT Security Officer, European Court of Auditors MARRIOTT HOTEL, LISBON 10 – 12 JUNE 2009 DAY THREE: FRIDAY 12TH JUNE 2009 CISO ROUNDTABLE: APPLY YOUR SECURITY EXPERIENCE TO DELIVER BENEFICIAL RESULTS AGENDA TIMINGS: 9:00 START 10:30 COFFEE BREAK 12:30 LUNCH 15:00 TEA BREAK 16:00 CLOSE ABOUT THE CISO ROUNDTABLE: The CISO Roundtable 2009 provides the ultimate forum for heads of information security to discuss key security challenges & benchmark strategy with peers to develop team expertise & professional skills, as well as to advance standards & approaches for the information security community at large. All participants will have the opportunity to input into the agenda beforehand. The focus is on roundtable discussions & group work, with sessions facilitated by established information security practitioners & industry experts. This is the ideal opportunity to meet global security industry leaders & network with professionals who face a similar set of challenges as you. At the end of the day, there will be an opportunity for those who have agreed to a confidentiality agreement in advance to attend a ‘closed door’ 30 minute session where participants can discuss real life information security incidents & discuss possible solutions. SESSIONS FOR DISCUSSION INCLUDE: 1. THE 10 MISTAKES CISOS MAKE WITH THEIR CAREERS: WHAT WOULD ESTABLISHED CISOS ADVISE YOU TO THINK ABOUT TO MAKE YOUR NEXT STEP? 2. STEERING A TOP SECURITY TEAM THROUGH THE GLOBAL DOWNSIZING TREND & HOW TO RECRUIT & KEEP A TOP TEAM 3. INCREASING SECURITY CREDIBILITY TO THE BOARD 4. ESTABLISHING AN IMAGINATIVE SECURITY AWARENESS CAMPAIGN WITH A LIMITED BUDGET 5. NEW INTERACTIVE SESSION - HOW CAN SENSITIVE INFORMATION STAY FAITHFUL TO ITS ORGANISATION? This will be an interactive session with the audience split into three groups: The disaffected employee 2. The exiting employee 3. The CISO. The challenge: We all have security policies & measures in place that aim to protect the business from data leakage from our systems & our people. Backing up data & holding documents in central repositories provide a sense of well-being & comfort. We have the technology - we can achieve. However, the fact remains that to protect corporate data & intellectual property is a real challenge when we consider the people aspect. Where are all your data stored? Do you know? Greed, Envy, ambition, desperation & poverty are key characters in this play that convert even the most corporately versioned employee. Add ignorance; lack of training, education & awareness; time pressure & general lack of ability into the pot & the mix becomes worse. This exercise is about protecting your most valuable corporate asset. CHAIRED BY: Charles V. Pask, Managing Director, ITSEC Associates Ltd Charles is responsible for delivering global IT security & IT audit services, including public training courses, in-house training courses, conferences & symposiums. Previously, he was a Director with MIS Training,& Director of Information Security Institute (ISI) European & Middle East e-Security Services. Mr. Pask has over 20 years’ experience in IT, IT audit,& IT security, & was the Information Security Manager for Alliance & Leicester plc prior to joining MIS. More recently Charles was the Global Head of Strategy, Development & Globalisation for he BT Business Continuity, Security & Governance Practice. FACILITATORS: Floris Van Den Dool, Security EMEA Lead, Accenture Floris provides services to several of Accenture’s main clients across all industries. Floris has been active in IT consulting & security for 20 years & lectures at Erasmus University in Rotterdam on the topics like Computer Architectures, IT auditing & Security. Currently he is helping a number of organisations with the security aspects of outsourcing as well as outsourced security services. Marcus Alldrick, CISO, Lloyd's In his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood & adequately mitigated in a cost effective manner throughout the organisation, both in the UK and in its overseas locations, & that assurance to this effect is provided to Executive, Senior and Line Management. Marcus has worked in IT for over 30 years, specialising in information risk & security for the latter 17 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, working in IT Advisory & specialising in information security strategy definition & implementation. Before that Marcus was Head of Information Security for Abbey National plc, a leading UK bank, a position he held for six years following seven years as Information Risk and Security Manager for Barclaycard, part of Barclays plc & Europe’s largest credit card issuer. information security. He has worked in diverse roles from consultancy to information security governance and strategy for blue-chip organisations. Prior to joining the ISF Mark was responsible for information security at a multinational FTSE 250 company. He believes in a risk-based, business-oriented approach to managing information risk, while complying with the requirements of internal standards, contracts, regulation and legislation. Mark runs global research projects for the ISF on all aspects of information security, including governance, standards, risk management and compliance. Mark is also responsible for the ISF’s Standard of Good Practice for Information Security. Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort Michael has been with Dresdner Kleinwort since 1999. He is the Director of Information Management. This role means that Michael is both the Global Head of Information Security for the Bank as well as the Global Head of Data Protection and Privacy. He has a strong side-interest in computer forensics & in the management of digital evidence. He graduated from the Massachusetts Institute of Technology in 1987 where he studied Mathematics & Computer Science. He has since lived in three continents & has lectured globally on security technology issues. Since 1996 has been working in Financial Technology in London. Paul Wood, Group Chief Security Officer, Aviva Paul has over 30 years experience in the security arena, dealing with crime, fraud, information security, counter-terrorist & executive protection. He worked in a number of security roles within government from 1974 until he retired in 1995 from the Directorate of Security Policy, at the Ministry of Defence. He joined the Civil Aviation Authority / National Air Traffic Services as the Head of Corporate Security. From Jul 99 – Apr 06 he was the Chief Security Officer for UBS Investment Bank, with responsibilities for all aspects of physical & information security. In April 06 he assumed the appointment of Group Chief Security Officer for Aviva Group; he has responsibility for all aspects of security across the Group. Paul is a regular speaker on security matters. He is a member of the ISSA Advisory Board; a founder member & now Director on the Board of IISP & a member of many other professional security forums. He was awarded the MBE in the 1995 New Years’ Honours List. Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach Prior to her current position, Cheryl was a Senior Lecturer at the University of Portsmouth. Following 3 decades in the IT industry working for the Ministry of Defence, The Office of Population, Censuses & Surveys & as a European consultant for a blue chip organisation, she entered academia. Cheryl is an active CISSP & has recently been appointed as an ambassador for Childnet delivering training sessions in schools. Her academic interests lie in the analysis & design of information systems; developing secure information systems; business continuity & disaster recovery, & digital forensics. She designed, developed & led lectures on the BSc (Hons) Digital Forensics degree for the University of Portsmouth. EXPAND YOUR REACH (& BUDGET!) - MEET EUROPE’S FINEST INFORMATION SECURITY DIRECTORS ALL IN ONE PLACE! A learning & high level networking forum rather than a ‘trade show’, the CISO Summit is designed for people to share ideas & build trust based relationships – a unique event designed for the world’s elite information security directors & normally elusive & difficult to reach executives! Use this platform to influence clients & ensure your leading market position. CISO networking sponsorships have included receptions on a boat on the River Danube, a catamaran cruise in Barcelona, an exclusive beach front venue in Nice, through to dinner in the ancient wine cellars of Budapest & Grand Prix receptions. Other options range from exhibiting to participating on a panel discussion, presenting a keynote or sponsoring a facilitator for the ultimate benchmarking event - the interactive CISO Roundtable! Given that MIS’ background is in security & audit training, delegates typically comprise 95% ‘practitioners’ (e.g. CISOs, Heads of IT Security rather than consultants or vendors). All sponsorship packages include a number of free client places, exhibition & speaking options. For more information, please contact Sara Hook, Conference Director on: +44 (0)20 7779 7200, or email shook@misteurope.com ABOUT THE VENUE Lisbon, the town of the seven hills & the Tagus river, capital of Portugal since 1147. With its gentle climate, abundant attractions & rich cultural diversity, it is a city with much to offer. One of the main saints' days will take place during your stay in Lisbon. There is a big parade on the night of the 12th June for St Antonio which makes its way along the Avenida da Liberdade. The old quarters of Alfama & Mouraria are particularly busy & celebrations continue until dawn. The Lisbon Marriott Hotel is only a 15 minute drive from Lisbon airport, & is situated in the business district. Mark Chaplin, Senior Research Consultant, Information Security Forum Mark is an information risk management professional with over 18 years of experience in IT and
Page 1 and 2: EUROPE’S PREMIER EVENT FOR INFORM
Page 3: CISO EXECUTIVE SUMMIT & ROUNDTABLE

EXECUTIVE SUMMIT & ROUNDTABLE 2009 - MIS Training

Create successful ePaper yourself

Delete template?

Save as template?