2018 Expo Agenda

Cyber Security Summit
Data Protection Summit
Theatre 1 Breach
Theatre 2 Recovery
Theatre 3 Prevention
Cyber Security Summit
Data Protection Summit
Theatre 1 Breach
Theatre 2 Recovery
Theatre 3 Prevention

8:00 am

Coffee and registration in the exhibition area

9:15 am

Chairman’s opening remarks

Mike StJohn-Green
Honorary Fellow and Technical Advisor
University of Warwick - Information Security Forum
9:20 am

Opening keynote: A look at the evolving nature of the cyber threat

  • Communication – A look at the disconnect between the CISO and the board
  • An analysis of the changing face of the cyber threat over the past 5 years
  • A look at the geopolitics of cybersecurity
Misha Glenny
International Journalist, Best Selling Author
10:20 am

Cyber security – Responding to the threat to the UK health service

Will Smart
NHS England
10:50 am

Morning coffee and networking in the exhibition area

11:30 am

Panel Discussion: Analysing the latest trends in cyber-attacks – A look at the risk landscape for 2019

  • An in-depth look at the motivations, behaviours, tactics and techniques of the cyber criminal
  • Exploring new areas of vulnerability and new opportunities for exploitation
  • Examining the changing nature of the threat
  • Understanding why AI and machine learning are crucial to your 2019 IT strategy
Mike StJohn-Green
Honorary Fellow and Technical Advisor
University of Warwick - Information Security Forum
Hasan Al-Saedy
Professor of Cyber Security
British Institute of Technology
12:05 pm

Utilising AI effectively to stay ahead of cyber security threats

  • Is AI the ‘saviour’ it is made out to be?
  • Using AI and machine learning to detect threats: Pipe dream or the future of combatting cyber security threats?
  • Harnessing AI to be in the position of planning forward strategically to counter future cyber risks, not reacting to the past.
  • Discover how AI will shape the future of cyber security and will it replace cyber security experts?
Stephen Browning
Interim Challenge Director - Next Generation Services
Innovate UK
12:40 pm

Understanding your threat landscape and protecting vulnerabilities around data as your core asset

  • Managing the operational risk and technical safeguards that surround your most important asset
  • Reviewing the risks of implementing new technologies notably IoT
  • How to provide assurance when it’s in the cloud
  • Understanding the legal issues surrounding breaches, data privacy and protection
1:00 pm

Lunch and networking in the exhibition area

2:00 pm

Security regulation – An outcome-focused approach to cyber risk exposure

  • Evidencing effective security plans and regimes that address the risks that effect the most important assets
  • Getting the best value from intelligence
  • What is it like to have outcome based as opposed to forced based regulations?
  • Understanding and addressing supply chain risk: Are you at risk from your own suppliers?
Tom Parkhouse
Head of Nuclear Cyber Security Regulation
‎Office for Nuclear Regulation
Sarabjit Purewal
Principal Specialist Inspector
2:30 pm

A look at the importance of content protection and content security from the perspective of the film and TV industries

  • Looking at acts of content piracy as a prelude to future major cyber security issues within the entertainment industry
  • Understanding the different types of content piracy threats
  • Addressing the need for proactive content security to counter threats
  • What are the most popular and most effective content protection strategies?
  • De-bunking the myths about pirates and anti-piracy when it comes to content protection and content security
  • Content protection as a business intelligence tool and getting the right return on investment when implementing anti-piracy remedies.
Pascal Hetzscholdt
Director of Content Protection for Europe and Africa
21st Century Fox
2:50 pm

The role of international global standards in cyber security in an uncertain world

  • ‘Herd immunisation’ – Understanding your place in the wider ecosystem when it comes to cyber security
  • A look at what other regulators are doing internationally
  • Developing cross-border technological collaboration to fight emerging cyber threats and address cyber security issues
  • Working in tandem with industry leaders and foreign governments to create a system of international cooperation and a culture of cyberspace norms
  • Complying with new standards in order to help implement a proven risk management framework without having to reinvent the wheel
Alison Barker
Director of Specialist Supervision
Financial Conduct Authority (FCA)
3:10 pm

Afternoon tea and networking in the exhibition area

3:50 pm

What are the risks of IoT to your organisation?

  • Effectively detecting automated bot attacks as newer and more sophisticated generations of bots are getting launched by attackers
  • How will consumer data be used and by whom? – The issue of privacy
  • Software security and privacy of IoT and mobile devices in the workplace
  • Implementing regular training to your staff to ensure they are able to spot attacks when they happen
  • Understanding the challenges associated with managing and keeping secure the expanding network of connected devices
  • Warning indicators that could set off a red flag
  • Preventing and recovering from serious attacks, protecting private and confidential data, and the emerging dangers that organisations face
4:20 pm

Topic Tbc

4:40 pm

A look at the UN’s role in cyberspace

  • The UN’s relevance in global cyberspace
  • Disarmament: Cyberwarfare, advanced persistent threats and evidential attribution
  • Politics & Governance: challenges and opportunities
  • Cybercrime & Sustainable Development: empowering communities and building peace
Neil Walsh
Chief of the Global Programme on Cybercrime
UN Office on Drugs and Crime
5:00 pm

Chairman’s closing remarks

Mike StJohn-Green
Honorary Fellow and Technical Advisor
University of Warwick - Information Security Forum

8:00 am

Coffee and registration in the exhibition area

9:15 am

Chairman’s opening remarks

Scott Sammons
Information and Records Management Society (IRMS)
9:20 am

Opening keynote

9:50 am

Government keynote

10:50 am

Morning coffee and networking in the exhibition area

11:30 am

Panel discussion: A look at the first 6 months of GDPR – Implementation insights

  • Deep dive into the implications of the EU data economy for a long-term GDPR implementation strategy
  • What’s GDPR got to do with a “risk based approach/risk management”
  • Global implications: How GDPR has affected organisations outside of the EU
Peter Brown
Group Manager (Technology Policy)
Information Commissioners Office (ICO)
Stephen Latham
Data Protection Programme Manager
Richard Merrygold
Director of Group Data Protection
Rhiannon Lewis
Senior Region Counsel, Privacy & Data Protection
Jeremy Lilley
Policy Manager - GDPR
12:05 pm

Topic Tbc

12:40 pm

Protecting your data from third party risk

  • Reducing the risk that your data will be lost, corrupted, or misused by implementing robust governance, standards and controls over third party suppliers
  • Developing an effective strategy to mitigate third party risk: What to do
Ailidh Callander
Legal Officer
Privacy International
1:00 pm

Lunch and networking in the exhibition area

2:00 pm

”How to DPO like a boss” – Integrating the role of the DPO into your business

  • Who should be the DPO?
  • Understanding the duties, obligations and liabilities of the DPO
  • Elevating the role within the organisation
  • Creating an effective reporting structure; ensuring all data breaches are reported to the DPO immediately to facilitate an effective and adequate response
Samantha Simms
Senior Principal and Founder
The Information Collective
2:20 pm

Understanding what a good data compliance culture looks like

  • Investing in a programme of staff training and making the case for greater investment
  • Creating awareness of data protection and its significance to your organisation
  • Addressing internal risk factors and what measures should be taken to avoid internal data breaches
  • Raising awareness among your organisation’s management to set the appropriate ‘tone from the top’
  • Identifying the personal information your organisation holds about employees, customers and suppliers and the level of risk associated
  • Checking your use of data is compliant and overcome misinformation concerning the requirement for consent
Brian Shorten
Charities Security Forum
2:40 pm

ePrivacy regulation current status

  • Understanding the scope: who is the ePrivacy regulation for?
  • Reconciling ePrivacy with the GDPR
Kimon Zorbas
SVP Government Relations & Public Policy
3:00 pm

How DPAs conduct technical investigations: A practical example from the Bavarian DPA

  • Analysing how DPAs select companies and how the Bavarian Data Authority conduct audits
  • A look at the technical equipment and laboratories available to the Bavarian DPA
  • An insight into results and conclusions by the Bavarian DPA
  • Helpful “tips and tricks” on how to deal with DPAs in general
Thomas Kranig
Bavarian Data Protection Authority
3:20 pm

Afternoon tea and networking in the exhibition area

4:00 pm

Data mapping: What needs to be done to comply with GDPR

  • Maintaining Accountability of the data for the full data lifecycle
  • Evidence for the organisation that the data is protected in its full cycle
Rebecca Turner
Head of Compliance and Privacy
The Trainline.com
4:20 pm

Using ISO 27001 to achieve GDPR compliance

  • Implementing ISO 27001 Information Security Management System (ISMS) within your organisation
  • Putting processes in place that protect all information assets, not just customer information or information that is stored electronically
  • Setting a realistic scope to improve the chances of success
Bridget Kenyon
Head of Information Security
University College London
4:40 pm

Chairman’s closing remarks

Scott Sammons
GDPR Implementation Lead

9:45 am

Taking a proactive approach to cyber defence

Paul Midian
10:20 am

Stopping malware pre and post-infection in a single endpoint security platform

Roy Katmor
Co-Founder & CEO
10:55 am

How AI-powered cyberattacks will make fighting hackers even harder!

11:30 am

Cybersecurity and BYODs: Combating the internal threat

  • Analysing the challenges mobile devices are imposing on conventional services and browser-oriented communication
  • Reacting so as not to have the need to service a variety of platforms still enabling all of them in a secure way.
  • Looking at the increasing range of vulnerabilities created by the introduction of new technologies and business models like BYOD, Cloud, Network Access to Industrial Control Systems and so forth
  • Analysing the next-generation endpoint security triggers
  • The ABCs of a Successful Security Awareness Program
Reinhard Posch
Federal Government of Austria
12:00 pm

Lunch and networking in the exhibition area

12:30 pm

Analysing the increased sophistication of phishing attacks

1:15 pm

Managing cyber security risks in major hazard industries and complying with legal regulations

  • How industrial control systems can be compromised
  • What the business risks are and how they relate to compliance with the law including health and safety and NIS directive regulations
  • Steps that can be taken to mitigate the risks
  • Key issues looking ahead and what the regulators will be looking for
Sarabjit Purewal
Principal Specialist Inspector
1:50 pm

Cyber security – A back to basics approach

  • Are you getting the best return on investment (ROI) on your cyber security investments?
  • Learning to co-exist in a malware infested environment
  • Have you identified your crown jewels? If not what are they and how do you protect them?
  • Developing the right risk metrics for your organisation
2:25 pm

Reforming security strategies for secure mobile working

2:55 pm

Are we living in a cyber thriller?

9:45 am

Planning security under uncertainty

  • How can a CISO deliver effective change and security improvement when the business is constantly changing, evolving, and making step changes through mergers, acquisitions and divestments?
  • How can a CISO deliver IT improvements when the evolution and development of new technology is exponentially increasing in speed?
  • How can a CISO remain secure when the threat actors are constantly evolving and developing new techniques?
Robert Coles
10:20 am

Thwarting a cyberphysical attack in the IoT era

11:05 am

Analysing the implications for cybersecurity post Brexit

  • Dealing with the shortage of cyber professionals in Britain and what will the impact of Brexit be?
  • Analysing the impact of the exchange rate on cyber security investment in the UK
  • Will there be an increase in cyber threats once Britain has left the EU?
  • Will current uncertainty about the terms of the UK’s exit from the EU and its future trade agreements and border controls deter important investment in cybersecurity?
11:40 am

The cloud challenge: The changing role of corporate IT security teams

  • The challenges of doing ITSEC in the cloud and how to configure hybrid incident detection and response
  • Making sure that the system owner is clear about the remaining responsibilities for security patching and vulnerability management: not all cloud options have the same ITSEC implications
12:15 pm

General cyber resilience: No absolutes and no certainties

  • Understanding that resilience is more than prevention alone
  • Appreciating that IT systems should not be looked at in isolation as they are all connected to the global digital environment
  • Recognising that 100% risk mitigation is not possible in any complex system and that the goal of a risk-based approach to cybersecurity is system resilience to survive and quickly recover from attacks and accidents
  • Establishing a good cyber resilience through a complete, collaborative approach driven by the board and involving everyone in the organisation and extending to the supply chain, partners and customers
Tim Watson
Director, Cyber Security Centre
WMG Cyber Security Centre
12:35 pm

Lunch and networking in the exhibition area

1:00 pm

Identifying potential weaknesses in your organisation network before the hacktivists can!

  • Monitoring and detecting online activities to check whether a hacktivist attack is being prepared
  • Looking out and monitoring for internal attacks
  • Enhancing proactive monitoring of what is being said about your organisation online to stop an attack before it starts
1:35 pm

Smart cities security: How policy smart are you?

  • Protecting individual identities first
  • Securing information at the source
  • Standardising the need to know
  • Implementing appropriate deterrents
  • How to scale up to urban context through planning and policy
Dr Theo Tryfonas
Reader - Smart Cities
Bristol University
2:10 pm

Using machine learning and graph analytics to detect fraud in high volume consumer facing websites

  • Challenges in identifying fraud
  • Finding anomalies using machine learning
  • Leveraging graphs analytics to analyse suspicious relationships
  • Using graphs and machine learning in your organisation
Richard Freeman
Lead Data and Machine Learning Engineer
2:45 pm

Planning and preparing for a DDoS attack

  • Understanding how to identify and eliminate any single points of failure in your company’s infrastructure, including third-party ones like DNS
  • Modelling your risk when different parts of your infrastructure are under attack
  • Developing a human response plan for addressing attacks when they arise including best practice for running DDoS drills
3:20 pm

Cyber security and the relationship with records management

  • The role of Records Management and Cyber Security Experts in handling information
  • Winning colleagues round to a successful records management implementation and/or maintenance
  • Improving the relationship between records management and cyber security experts in your organisation
Martin Fletcher

9:45 am

Analysing the best solutions to the ever evolving cyber threat

  • An analysis of current and future threats
  • Latest results from academic research
Professor Chris Hankin
Co-Director, Institute for Security Science and Technology
Imperial College London
10:20 am

Session Tbc

10:55 am

Building a human firewall: A look at how the first line of defence is always your employees!

  • Raising the awareness of employees so that they become a solid line of defence against attempts to compromise your systems or organisation
  • Stopping humans from being the weak point in your organisational security by ‘upgrading’ users to think securely to minimise human error
  • The importance of teaching employees to think like security professionals
  • Getting ahead of new threats
11:30 am

Understanding how new cyber exposures are shaping the insurance industry

  • Analysing what is covered and what is not covered by cyber insurance
  • How to quantify cyber exposures and risk within your organisation
  • How the insurance sector is responding with changes in business models and product initiatives.
  • How do you distinguish between the various tools available?
Dan Trueman
Chief Innovation Officer & Head of Cyber
12:05 pm

Phishing and users: Improving on imperfection

  • Educating your workforce as a first line of defence – How email is at the heart of this evolving threat
  • Coping with the limitations of password management to protect against phishing attacks
  • Ensuring that when users fall foul of scams there are other controls in place
  • How do phishers use websites, domain names of social sources for phishing
  • What companies can do to improve protection, detection and response
Piers Wilson
Institute of Information Security Professionals
12:40 pm

Improving managements view and understanding of information security as a strategic priority

  • Do business leaders really understand cyber threats?
  • Making information security everyone’s responsibility: The importance of an enterprise wide strategy to develop and embed a collective approach to information security
  • Overcoming organisational barriers and gaining C-Level buy-in
  • Understanding the core elements of an effective enterprise wide corporate plan for Information Security
  • Establishing a structure so that directors can meet their duty of care with regard to cybersecurity
Matt Argyle
Head of Information Technology
Children's Hospital South West
1:00 pm

Lunch and networking in the exhibition area

1:30 pm

Zero Trust: The future of cyber security?

  • Identifying your sensitive data
  • Mapping the data flows of your sensitive data to understand how data flows across the network and between users and resources
  • Architecting your network to identify where micro-perimeters should be placed and segmented with physical or virtual appliances
  • Creating an automated rule base
  • Monitoring the ecosystem effectively and efficiently
Giacomo Collini
Director of Information Security
2:05 pm

Management view from the board – Leading the way on data and information

  • Data and Information – protecting and exploiting precious assets
  • Leading the way – governance and culture
  • Understanding the landscape: Threats, vulnerabilities and actions
  • Management information and assurance
  • Legal and regulatory responsibilities – GDPR, NISD and beyond
  • Stimulating innovation
2:40 pm

A breakdown of what businesses and the public can do to protect themselves from a cyber attack

  • Helping organisations prepare, protect, prevent, respond and recover from cyber threats
  • Engaging with local enterprise partnerships to create a shared awareness culture
  • Encouraging organisations to help prevent attacks from spreading through the Cyber Security information Sharing Partnership (CiSP)
  • Working with national partners across government, crime sector and industry to provide regular updates on attack trends
Jennie Williams
Cyber Protection Officer
TITAN - North West Regional Organised Crime Unit
3:15 pm

Implementing an effective ‘fool proof’ cyber security programme

3:50 pm

Addressing the cyber security talent shortage through effective training

  • A look at how difficult is it to recruit people for cybersecurity roles and why this is
  • Is the skills gap worse in some industries? – A look at the private and public sectors
  • Analysing the best ways to get the next generation involved and educated in cyber security
  • What is the most effective training for your organisation
  • Improving overall cyber security awareness within your organisation