3rd Annual <strong>Chief</strong> <strong>Information</strong> <strong>Security</strong> <strong>Officer</strong> <strong>Middle</strong> <strong>East</strong>Summit & Roundtable 201131st January – 2nd February 2011, Habtoor Grand Resort Hotel & Spa - Jumeirah Beach, Dubai – UAECISO <strong>Middle</strong> <strong>East</strong> Summit - Day Two: Tuesday 1st February 201107:30 - 08:00 BREAKFAST BRIEFING: “BACK TO BASICS: VULNERABILITYMANAGEMENT” KINDLY SPONSORED BY:Chaired by: Mr. Federico De-la-Mora, Director, nCirclePanellists: Mr. Emad Ali Maisari, Director of IT <strong>Security</strong>, Jumeirah Group;Mr. Mohammad Arif, <strong>Information</strong> <strong>Security</strong> <strong>Officer</strong>, Ahli Bank; Mr. RoshanDaluwakgoda, Director Strategy Planning, Risk Assessment and DR, DUTelecom; Mr. Suresh Kumar, CISO, ADSIC08:05 CHAIRMAN'S OPENING08:10 DIGITAL EVIDENCE: A JUDICIAL & LEGAL PERSPECTIVE FOR CISOS KEYNOTEJudge Dr. Ehab Maher Elsonbaty, Legal Expert, Amiri Diwan State of Qatar08:40 A CISO FOR THE NATION: THE NATIONAL AGENCY FOR COMPUTER SECURITY& THE TUNISIAN CERT KEY CASE STUDYMr. Haythem El Mir, Head of the Incident Response Team, cert-Tcc, (&Technical Manager, National Agency for Computer <strong>Security</strong>) Tunisia09:20 FORENSICS: THE IMPENDING PARADIGM SHIFT: USING FORENSICS TONAVIGATE TOMORROW'S CONSTANTLY EVOLVING DIGITAL THREATS• What is “Digital Forensics” & why is it being heralded as the future of IT security• What is the role of network, host, & memory forensics in providingadvanced situational cyber awareness• Why is this pervasive forensics approach so critical to achieving anorganizations information risk management goals• Why we have to overcome the “ attack prevention” status quo as animperfect & naive approach to IT security management• Making the shift to forensics oriented network protection using innovative& agile approaches to build more effective intrusion detection, analysis &management processesMr. Eddie Schwartz, <strong>Chief</strong> <strong>Security</strong> <strong>Officer</strong>, NetWitness Corporation09:50 MOBILE & WIRELESS SECURITY: PROTECTING YOUR TOP EXECUTIVES ON THEMOVE PANEL• Why do we need mobile security?• Top recommendations• Privacy versus security - specific regional challenges• Mobile security awareness - proven lessons learned• New threats & risksChaired by: Mr. Scott Totzke, VP, BlackBerry <strong>Security</strong> GroupPanellists: Mr. Marco Bresciani, Accenture; Mr. Jonathan Martin, TechnicalDirector, ArcSight10:30 - 10:50 SPEAKER TABLES - Please select the speaker that you would like toquestion further from the morning sessions & go to their corner of the room todrill down & get some answers!10:50 MORNING COFFEE & EXHIBITION11:10 THE FUNDAMENTAL FAILURES OF END-POINT SECURITYMr. Frei explores the fundamental failings of end-point security that continueto turn most Internet users (corporate and private) into easy prey forcybercriminals. Data from 3.0 Million users of Secunia PSI provide a uniqueinsight into the exposure end-point systems.Mr. Stefan Frei, Research Analyst Director, Secunia11:30 EMERGING SECURITY THREATS ASSOCIATED WITH THE CLOUD &VIRTUALIZATION TECHNOLOGYKEY CASE STUDY, FOLLOWED BY ROUNDTABLE DISCUSSION• Thoughts on Cloud computing architecture & security• Operating in the Cloud & the associated security threats.• Cloud computing threats, governance, compliance & risk management• Cloud-specific vulnerabilities• Cloud <strong>Security</strong> standards, initiatives, tools & certifications• Cloud computing vendors security insightsLed by: Mr. Mohamed El-Refaey, Head of R&D, EDC (subsidiary ofN2Venture), & Founder, Egypt Cloud Community Forum (ECF), Director,Cloud <strong>Security</strong> Alliance, Egypt Chapter & Mr. Dave Cullinane, CISO & VP,eBay & Chairman of the Board, Cloud <strong>Security</strong> Alliance - U.S.12:10 BE PREPARED: WHAT VERIZON'S 2010 DATA BREACH REPORT TELLS USCrucial to tackling data breaches is the ability to recognise patterns & knowwhere to focus your security efforts. Insight from Verizon's 2010 Data BreachInvestigations Report, including contributions from the U.S. Secret Service,will help you learn from the mistakes of others so you can be better preparedMr. Gavan Egan, Verizon EMEA <strong>Security</strong> Solution Sales Director, Verizon12:30 LUNCH13:30 SECURING MONEY TRANSFER PAYMENTS KEYNOTELady Olga Maitland, CEO, Money Transfer International & Founder,Defence and <strong>Security</strong> Forum14:00 DATA LEAKAGE: PUTTING A VALUE ON A SECURITY BREACHDr. Cheryl Hennell, Head of IT <strong>Security</strong> & <strong>Information</strong> Assurance, Openreach, BT14:30 CAPEX UTILISATION FOR INFOSEC: SERVICE BASED MODEL TO MAXI<strong>MIS</strong>ECOST EFFICIENCY & ENSURE THAT SECURITY IS INTEGRAL TO THE COREBUSINESS PANEL• How do you link with internal & external customers & building teams thatreturn money to business lines?• Moving ICT and information security into the service model sphere to addvalue to the business• Maximising the cost-efficiency ratio of the information security strategy• Capital expenditure utilisation - maximising information security cost efficiency• Measuring <strong>Security</strong> return on investment (key indicators, & ways to obtain them)• Implementing security policies that are effective in changing behaviourChaired by: Mr. Ghassan T. Youssef, CEO, T & K Investments LebanonPanellists: Mr. Peter Crowley, <strong>Chief</strong> <strong>Information</strong> <strong>Security</strong> <strong>Officer</strong>,Musanada; Mr. Floris Van Den Dool, <strong>Security</strong> Practice Leader, Europe,Africa and Latin America, Accenture; Dr. Cheryl Hennell, Head of IT<strong>Security</strong> and <strong>Information</strong> Assurance, Openreach, BT; Mr. Frank Coggrave,Vice-President, Guidance Software15:10 THE RISKS OF SOCIAL MEDIA KEY CASE STUDYThe dramatic rise of Web2.0 & Social Media has many benefits for bothindividuals & organisations, however there are many risks that a companyhas to manage if they allow their staff access from the workplace. Davidwill identify the risk that social media introduces & help your organisationto decide whether to educate or restrict your employees' access. David isresponsible for the group's information security programme; developing &implementing the security policies, coordinating standards & guidelineswithin a globally decentralised environment. He ensures that the Group'sinformation assets are given a level of protection consummate to theirvalue. David has recently been awarded a master's degree in Internet andTelecommunications Law (LLM) from Strathclyde University.Mr. David Cripps, <strong>Chief</strong> <strong>Information</strong> <strong>Security</strong> <strong>Officer</strong>, Investec Bank Group15:40 AFTERNOON TEA BREAK & SPONSORS PRIZE DRAW16:10 – 16:50 PLEASE SELECT YOUR PREFERRED BREAKOUT SESSION:EITHER THE RISE OF THE CISO – HOW WILL THE JOB EVOLVE?Dr. Eduardo Gelbstein, Adjunct Professor, Webster University, Geneva,Former Advisor, UN Board of Auditors & Former Director, UN InternationalComputing Centre<strong>Information</strong> security is not only “everybody’s job” it is large & complex &requires many parties to be accountable for specific aspects of it (informationrisk management, operational & often outsourced services, applicationsdevelopment, regulatory compliance, business continuity, etc., all of whichlead to fragmentation & potentially gaps between what is required & what isdelivered. Examine how the role & responsibilities of the CISO could evolve tomaximise the effectiveness of information security measures?OR TOP ICT RISK STRATEGIES FOR CONTINUITY WORKSHOP SCENARIOCHALLENGESDr. Sally Leivesley, Managing Director, Newrisk LimitedThe workshop teams will prepare a report on the top ICT risk strategies thatthey can design to defeat top risks to a government, a global company or asmall/ medium business. The statement is to cover the ICT riskmanagement strategies for continuity of operations in your organisation.This statement will show how your organisation has resilience & will beable to continue despite the top risks that may threaten its operations &cause a catastrophic failure. Two challenges for a global company, agovernment department or a local business.1. Prepare a simple paragraph or a simple table of the Top ICT Risks -When preparing this report, consider the consequences of any physicalsecurity risks in the list of top ICT risks2. Prepare a verbal statement no more than two minutes in length for thenews media (A team member will ‘volunteer’ to present this to theworkshop from the podium)16:50 ADVANCEMENTS IN ENDPOINT (CLIENT) SECURITY TECHNOLOGIESDr. Yasser Rasheed, Director, Business Client Architecture, IntelCorporation17:20 LEADERSHIP FROM THE FRONT: HOW CAN THE CISO MAXI<strong>MIS</strong>E THEEFFECTIVENESS OF INFORMATION SECURITY MEASURES? PANEL• Modern day challenges for the CISO• Technological, operational & people challenges• Innovative strategies & approaches to overcome operational,technological & people challenges• Bridging generational gaps• Change management, segregation of duties, encryption• <strong>Training</strong> & continual improvementChaired by: Mr. Ray Stanton, Global Head of Business Continuity, <strong>Security</strong>& Governance Practice, British TelecomPanellists: Mr. Vinoth Sivasubramanian, Project Manager-IT Department,UAE Exchange Centre L.L.C.; Mr. Kim Aarenstrup, <strong>Chief</strong> <strong>Information</strong><strong>Security</strong> <strong>Officer</strong>, A.P. Moller - Maersk A/S & Chairman, <strong>Information</strong> <strong>Security</strong>Forum (ISF)17:20 CLOSE OF DAY TWO18:00 DINNER KINDLY SPONSORED BY:
3rd Annual <strong>Chief</strong> <strong>Information</strong> <strong>Security</strong> <strong>Officer</strong> <strong>Middle</strong> <strong>East</strong>Summit & Roundtable 201131st January – 2nd February 2011, Habtoor Grand Resort Hotel & Spa - Jumeirah Beach, Dubai – UAEDay Three: Wednesday 2nd February 2011CISO <strong>Middle</strong> <strong>East</strong> RoundtableAgenda timings:09:00 Start; 11:00 Coffee Break; 13:00 Lunch; 14:45 Close of DayChaired by:CISO <strong>Middle</strong> <strong>East</strong> Roundtable Sponsor:• Mr. Charles V. Pask, Managing Director, ITSEC Associates LtdFacilitators:• Mr. Eddie Schwartz, <strong>Chief</strong> <strong>Security</strong> <strong>Officer</strong>, NetWitness Corporation - U.S.• Mr. Marcus Alldrick, <strong>Chief</strong> <strong>Information</strong> <strong>Security</strong> <strong>Officer</strong> & Senior Manager, <strong>Information</strong> Risk and Protection, Lloyd's• Mr. Floris Van Den Dool, <strong>Security</strong> Practice Leader, Europe, Africa and Latin America, Accenture• Dr. Cheryl Hennell, Head of IT <strong>Security</strong> and <strong>Information</strong> Assurance, Openreach, BT• Mr. John Colley, Managing Director, EMEA, (ISC)2 EMEACISO Roundtable <strong>Middle</strong> <strong>East</strong> held under the Chatham House Rule is a progressive & open benchmarking forum on topics requesteddirectly by you the attendee around new e-business threats, information risk & governance, probing CISO leadership roles.The CISO <strong>Middle</strong> <strong>East</strong> Roundtable 2011 is well-established as the best place for thought-leaders in information security to discuss keysecurity challenges & strategy with peers & to develop team expertise & professional skills. Debates from the CISO Roundtable also influencebest practice approaches for the information security community at large. The focus is on roundtable discussion & group work, with sessionsfacilitated by established information security practitioners & industry experts. You will meet global security industry leaders & network withprofessionals who face a similar set of challenges as you in a 'hands on', proactive & inspirational environment.• Held Under The Chatham House Rule - No press are permitted. The entire session will be conducted as a 'closed doors' session, allowingparticipants to discuss real life information security incidents & benchmark proven & possible approaches• Notes from the session - each session has a dedicated 'note taker' who will write up discussion outlines & conclusions for distribution to allroundtable attendees following the event• Key topic areas of focus - will be determined by the input of participants beforehand & a briefing document will be distributed in advance toallow participants to fully contribute in the honest sharing of ideas. Draft items are listed below.ITEM 1 ACHIEVING INTEGRATED INFORMATION SECURITY GOVERNANCEITEM 2 HOW HAS INFORMATION RISK CHANGED IN THE GLOBAL FINANCIAL CRISIS FALL-OUT? HOW DOES THIS IMPACT THE CISO ROLE?ITEM 4 CURRENT & EMERGING E-BUSINESS THREATS: PHISHING ATTACKS, CREDIT CARD FRAUD & PCI COMPLIANCEITEM 5 TO BE DECIDED BASED ON AUDIENCE FEEDBACKITEM 6 WRAP UP DEBATE, FINAL QUESTIONS & ACTION POINTSWhy Sponsor or Exhibit at CISO <strong>Middle</strong> <strong>East</strong> Summit & Roundtable -Dubai UAE 2011•Meet senior decision-makers in information security, cyber crime & ICT riskfrom across business & governmental sectors in the <strong>Middle</strong> <strong>East</strong> who areseeking guidance on the latest security technologies & guidance•An excellent chance to influence branding or launch a product! This gathering ofnormally difficult to reach CISO executives is an excellent platform for you tomeet a guaranteed 98% 'practitioner' audience! Why not be remembered forhosting the ultimate reception or panel discussion highlight of the event?•Invite your clients for free & be seen with the best! All sponsorship packagesinclude a number of free client places, table top exhibition & speaking options.For more information, please contact klafferty@mistieurope.comor telephone +44 (0)20 7779 8293.TESTIMONIALS FROM CISO EXECUTIVE SUMMIT MIDDLE EAST 2009“Excellent networking with other CISOs from around the world”“The best opportunity to interact with security professionals from across theglobe & to share news on emerging security trends”“Smooth running, the lectures were challenging & reflected our real lifeproblems”“Very useful on risk decision taking & creating value & trust between IT security& the business”“An eye opening summit with engaging & informative speakers: you just can'thave enough of it. Highly recommended!”2 EVENTS, 1 TIME, 1 PLACE - DUAL EVENT PASS AVAILABLE!<strong>Middle</strong> <strong>East</strong> Fraud & Corruption Summit See back page for details