2018 Summit & Expo Agenda’s

Cyber Security Summit
Data Protection Summit
Theatre 1 Breach
Theatre 2 Recovery
Theatre 3 Prevention
Cyber Security Summit
Data Protection Summit
Theatre 1 Breach
Theatre 2 Recovery
Theatre 3 Prevention

8:00 am - Cyber Security Summit

Coffee and registration in the exhibition area

9:15 am - Cyber Security Summit

Chairman’s opening remarks

Mike StJohn-Green
Honorary Fellow and Technical Advisor
University of Warwick - Information Security Forum
9:20 am - Cyber Security Summit

Opening keynote: A look at the evolving nature of the cyber threat

  • Communication – A look at the disconnect between the CISO and the board
  • An analysis of the changing face of the cyber threat over the past 5 years
  • A look at the geopolitics of cybersecurity
Misha Glenny
International Journalist, Best Selling Author
10:20 am - Cyber Security Summit

Cyber security – Responding to the threat to the UK health service

Will Smart
CIO
NHS England
10:50 am - Cyber Security Summit

Morning coffee and networking in the exhibition area

11:30 am - Cyber Security Summit

Panel Discussion: Analysing the latest trends in cyber-attacks – A look at the risk landscape for 2019

  • An in-depth look at the motivations, behaviours, tactics and techniques of the cyber criminal
  • Exploring new areas of vulnerability and new opportunities for exploitation
  • Examining the changing nature of the threat
  • Understanding why AI and machine learning are crucial to your 2019 IT strategy
Mike StJohn-Green
Honorary Fellow and Technical Advisor
University of Warwick - Information Security Forum
Hasan Al-Saedy
Professor of Cyber Security
British Institute of Technology
12:05 pm - Cyber Security Summit

Utilising AI effectively to stay ahead of cyber security threats

  • Is AI the ‘saviour’ it is made out to be?
  • Using AI and machine learning to detect threats: Pipe dream or the future of combatting cyber security threats?
  • Harnessing AI to be in the position of planning forward strategically to counter future cyber risks, not reacting to the past.
  • Discover how AI will shape the future of cyber security and will it replace cyber security experts?
Stephen Browning
Interim Challenge Director - Next Generation Services
Innovate UK
12:40 pm - Cyber Security Summit

Understanding your threat landscape and protecting vulnerabilities around data as your core asset

  • Managing the operational risk and technical safeguards that surround your most important asset
  • Reviewing the risks of implementing new technologies notably IoT
  • How to provide assurance when it’s in the cloud
  • Understanding the legal issues surrounding breaches, data privacy and protection
1:00 pm - Cyber Security Summit

Lunch and networking in the exhibition area

2:00 pm - Cyber Security Summit

Security regulation – An outcome-focused approach to cyber risk exposure

  • Evidencing effective security plans and regimes that address the risks that effect the most important assets
  • Getting the best value from intelligence
  • What is it like to have outcome based as opposed to forced based regulations?
  • Understanding and addressing supply chain risk: Are you at risk from your own suppliers?
Tom Parkhouse
Head of Nuclear Cyber Security Regulation
‎Office for Nuclear Regulation
Sarabjit Purewal
Principal Specialist Inspector
HSE
2:30 pm - Cyber Security Summit

A look at the importance of content protection and content security from the perspective of the film and TV industries

  • Looking at acts of content piracy as a prelude to future major cyber security issues within the entertainment industry
  • Understanding the different types of content piracy threats
  • Addressing the need for proactive content security to counter threats
  • What are the most popular and most effective content protection strategies?
  • De-bunking the myths about pirates and anti-piracy when it comes to content protection and content security
  • Content protection as a business intelligence tool and getting the right return on investment when implementing anti-piracy remedies.
Pascal Hetzscholdt
Director of Content Protection for Europe and Africa
21st Century Fox
2:50 pm - Cyber Security Summit

The role of international global standards in cyber security in an uncertain world

  • ‘Herd immunisation’ – Understanding your place in the wider ecosystem when it comes to cyber security
  • A look at what other regulators are doing internationally
  • Developing cross-border technological collaboration to fight emerging cyber threats and address cyber security issues
  • Working in tandem with industry leaders and foreign governments to create a system of international cooperation and a culture of cyberspace norms
  • Complying with new standards in order to help implement a proven risk management framework without having to reinvent the wheel
Alison Barker
Director of Specialist Supervision
Financial Conduct Authority (FCA)
3:10 pm - Cyber Security Summit

Afternoon tea and networking in the exhibition area

3:50 pm - Cyber Security Summit

What are the risks of IoT to your organisation?

  • Effectively detecting automated bot attacks as newer and more sophisticated generations of bots are getting launched by attackers
  • How will consumer data be used and by whom? – The issue of privacy
  • Software security and privacy of IoT and mobile devices in the workplace
  • Implementing regular training to your staff to ensure they are able to spot attacks when they happen
  • Understanding the challenges associated with managing and keeping secure the expanding network of connected devices
  • Warning indicators that could set off a red flag
  • Preventing and recovering from serious attacks, protecting private and confidential data, and the emerging dangers that organisations face
4:20 pm - Cyber Security Summit

The cyber security evolution: Why being ‘secure’ is not enough

  • Uncovering how to raise threat awareness
  • Unlocking the value of your existing IT security investments and continuing to improve your security posture
  • A look at the distinction between being ‘secure’ and ‘safe’
  • How the approach to cyber security needs to evolve to ensure that you are fully remediated against the impact of any future attacks, while allowing for business continuity when they happen
  • Practical advice, using the ‘assess, plan, build, run and improve’ (APBRI) model
4:40 pm - Cyber Security Summit

A look at the UN’s role in cyberspace

  • The UN’s relevance in global cyberspace
  • Disarmament: Cyberwarfare, advanced persistent threats and evidential attribution
  • Politics & Governance: challenges and opportunities
  • Cybercrime & Sustainable Development: empowering communities and building peace
Neil Walsh
Chief of the Global Programme on Cybercrime
UN Office on Drugs and Crime
5:00 pm - Cyber Security Summit

Chairman’s closing remarks

Mike StJohn-Green
Honorary Fellow and Technical Advisor
University of Warwick - Information Security Forum

8:00 am - Data Protection Summit

Coffee and registration in the exhibition area

9:30 am - Data Protection Summit

Chairman’s opening remarks

Scott Sammons
Chair
Information and Records Management Society (IRMS)
9:45 am - Data Protection Summit

Panel discussion: A look at the first 6 months of GDPR – Implementation insights

  • Deep dive into the implications of the EU data economy for a long-term GDPR implementation strategy
  • What’s GDPR got to do with a “risk based approach/risk management”
  • Global implications: How GDPR has affected organisations outside of the EU
Peter Brown
Group Manager (Technology Policy)
Information Commissioners Office (ICO)
Stephen Latham
Data Protection Programme Manager
DEFRA
Richard Merrygold
Director of Group Data Protection
HomeServe
Rhiannon Lewis
Senior Region Counsel, Privacy & Data Protection
Mastercard
Jeremy Lilley
Policy Manager - GDPR
techUK
10:30 am - Data Protection Summit

GDPR is here, now what? Top predictions for the GDPR era

  • Now that the GDPR is here, what’s next for data privacy?
  • How will regulators assess accountability?
  • Will we see massive fines? And what about ePrivacy Regulation?
  • A look at top predictions and practical advice for an ongoing GDPR program.
Ian Evans
Managing Director - EMEA
OneTrust
10:50 am - Data Protection Summit

Morning coffee and networking in the exhibition area

11:30 am - Data Protection Summit

Data protection insights: The size of your company does not matter to data thieves

  • Addressing data protection challenges for SMBs as well as enterprises
  • Reducing risk by controlling the data that matters most to your company
  • Implementing a simplified approach to data protection
Kris Lahiri
Co-founder, Vice President of Operations and Chief Security Officer
Egnyte
Jeff Sizemore
Vice President of Governance and Compliance
Egnyte
12:00 pm - Data Protection Summit

Protecting your data from third party risk

  • Reducing the risk that your data will be lost, corrupted, or misused by implementing robust governance, standards and controls over third party suppliers
  • Developing an effective strategy to mitigate third party risk: What to do
Ailidh Callander
Legal Officer
Privacy International
12:20 pm - Data Protection Summit

How DPAs conduct technical investigations: A practical example from the Bavarian DPA

  • Analysing how DPAs select companies and how the Bavarian Data Authority conduct audits
  • A look at the technical equipment and laboratories available to the Bavarian DPA
  • An insight into results and conclusions by the Bavarian DPA
  • Helpful “tips and tricks” on how to deal with DPAs in general
Dorit Buschmann
Department for Cybersecurity and Privacy Engineering
Bavarian Data Protection Authority
12:40 pm - Data Protection Summit

Lunch and networking in the exhibition area

2:00 pm - Data Protection Summit

”How to DPO like a boss” – Integrating the role of the DPO into your business

  • Who should be the DPO?
  • Understanding the duties, obligations and liabilities of the DPO
  • Elevating the role within the organisation
  • Creating an effective reporting structure; ensuring all data breaches are reported to the DPO immediately to facilitate an effective and adequate response
Samantha Simms
Senior Principal and Founder
The Information Collective
2:20 pm - Data Protection Summit

Understanding what a good data compliance culture looks like

  • Investing in a programme of staff training and making the case for greater investment
  • Creating awareness of data protection and its significance to your organisation
  • Addressing internal risk factors and what measures should be taken to avoid internal data breaches
  • Raising awareness among your organisation’s management to set the appropriate ‘tone from the top’
  • Identifying the personal information your organisation holds about employees, customers and suppliers and the level of risk associated
  • Checking your use of data is compliant and overcome misinformation concerning the requirement for consent
Brian Shorten
Chairman
Charities Security Forum
2:40 pm - Data Protection Summit

ePrivacy regulation current status

  • Understanding the scope: who is the ePrivacy regulation for?
  • Reconciling ePrivacy with the GDPR
Kimon Zorbas
SVP Government Relations & Public Policy
Nielsen
3:00 pm - Data Protection Summit

Afternoon tea and networking in the exhibition area

3:40 pm - Data Protection Summit

Data mapping: What needs to be done to comply with GDPR

  • Maintaining Accountability of the data for the full data lifecycle
  • Evidence for the organisation that the data is protected in its full cycle
Rebecca Turner
Head of Compliance and Privacy
The Trainline.com
4:00 pm - Data Protection Summit

Using ISO 27001 to achieve GDPR compliance

  • Implementing ISO 27001 Information Security Management System (ISMS) within your organisation
  • Putting processes in place that protect all information assets, not just customer information or information that is stored electronically
  • Setting a realistic scope to improve the chances of success
Bridget Kenyon
Head of Information Security
University College London
4:30 pm - Data Protection Summit

Chairman’s closing remarks

Scott Sammons
GDPR Implementation Lead
IRMS

9:45 am - Theatre 1 Breach

Taking a proactive approach to cyber defence

  • What is cyber threat intelligence?
  • How does cyber threat intelligence enable a proactive approach to developing an effective cyber risk management programme?
  • How does cyber threat intelligence improve understanding of your relevant cyber threats?
  • How and why are Regulators expecting organisations to use cyber threat intelligence?
Oliver Church
CEO
Orpheus Cyber Ltd
10:20 am - Theatre 1 Breach

Stopping malware pre and post-infection in a single endpoint security platform

Roy Katmor
Co-Founder & CEO
enSilo
10:55 am - Theatre 1 Breach

How AI-powered cyberattacks will make fighting hackers even harder!

11:30 am - Theatre 1 Breach

Cybersecurity and BYODs: Combating the internal threat

  • Analysing the challenges mobile devices are imposing on conventional services and browser-oriented communication
  • Reacting so as not to have the need to service a variety of platforms still enabling all of them in a secure way.
  • Looking at the increasing range of vulnerabilities created by the introduction of new technologies and business models like BYOD, Cloud, Network Access to Industrial Control Systems and so forth
  • Analysing the next-generation endpoint security triggers
  • The ABCs of a Successful Security Awareness Program
Reinhard Posch
CIO
Federal Government of Austria
12:00 pm - Theatre 1 Breach

Lunch and networking in the exhibition area

12:30 pm - Theatre 1 Breach

Analysing the increased sophistication of phishing attacks

Robert O’Brien
CEO
MetaCompliance
1:15 pm - Theatre 1 Breach

Managing cyber security risks in major hazard industries and complying with legal regulations

  • How industrial control systems can be compromised
  • What the business risks are and how they relate to compliance with the law including health and safety and NIS directive regulations
  • Steps that can be taken to mitigate the risks
  • Key issues looking ahead and what the regulators will be looking for
Sarabjit Purewal
Principal Specialist Inspector
HSE
1:50 pm - Theatre 1 Breach

Cyber security – A back to basics approach

  • Are you getting the best return on investment (ROI) on your cyber security investments?
  • Learning to co-exist in a malware infested environment
  • Have you identified your crown jewels? If not what are they and how do you protect them?
  • Developing the right risk metrics for your organisation
2:25 pm - Theatre 1 Breach

Reforming security strategies for secure mobile working

2:55 pm - Theatre 1 Breach

A look at how an organisation should react to a breach

  • Setting the scenario: What do you do when you get a call from someone in your organisation saying that there has been a breach
  • Examples and background on the Yahoo data breach
  • What are the challenges an organisation will face when a breach occurs?
  • What action should your organisation take
  • A look at the potential consequences of a breach and lessons learnt
Simon Citron
CEO
Full Frame Technology Limited

9:45 am - Theatre 2 Recovery

Planning security under uncertainty

  • How can a CISO deliver effective change and security improvement when the business is constantly changing, evolving, and making step changes through mergers, acquisitions and divestments?
  • How can a CISO deliver IT improvements when the evolution and development of new technology is exponentially increasing in speed?
  • How can a CISO remain secure when the threat actors are constantly evolving and developing new techniques?
Robert Coles
Visiting Professor
RHUL
10:20 am - Theatre 2 Recovery

Thwarting a cyberphysical attack in the IoT era

11:05 am - Theatre 2 Recovery

Analysing the implications for cybersecurity post Brexit

  • Dealing with the shortage of cyber professionals in Britain and what will the impact of Brexit be?
  • Analysing the impact of the exchange rate on cyber security investment in the UK
  • Will there be an increase in cyber threats once Britain has left the EU?
  • Will current uncertainty about the terms of the UK’s exit from the EU and its future trade agreements and border controls deter important investment in cybersecurity?
11:40 am - Theatre 2 Recovery

The cloud challenge: The changing role of corporate IT security teams

  • The challenges of doing ITSEC in the cloud and how to configure hybrid incident detection and response
  • Making sure that the system owner is clear about the remaining responsibilities for security patching and vulnerability management: not all cloud options have the same ITSEC implications
12:15 pm - Theatre 2 Recovery

General cyber resilience: No absolutes and no certainties

  • Understanding that resilience is more than prevention alone
  • Appreciating that IT systems should not be looked at in isolation as they are all connected to the global digital environment
  • Recognising that 100% risk mitigation is not possible in any complex system and that the goal of a risk-based approach to cybersecurity is system resilience to survive and quickly recover from attacks and accidents
  • Establishing a good cyber resilience through a complete, collaborative approach driven by the board and involving everyone in the organisation and extending to the supply chain, partners and customers
Tim Watson
Director, Cyber Security Centre
WMG Cyber Security Centre
12:35 pm - Theatre 2 Recovery

Lunch and networking in the exhibition area

1:00 pm - Theatre 2 Recovery

Identifying potential weaknesses in your organisation network before the hacktivists can!

  • Monitoring and detecting online activities to check whether a hacktivist attack is being prepared
  • Looking out and monitoring for internal attacks
  • Enhancing proactive monitoring of what is being said about your organisation online to stop an attack before it starts
1:35 pm - Theatre 2 Recovery

Smart cities security: How policy smart are you?

  • Protecting individual identities first
  • Securing information at the source
  • Standardising the need to know
  • Implementing appropriate deterrents
  • How to scale up to urban context through planning and policy
Dr Theo Tryfonas
Reader - Smart Cities
Bristol University
2:10 pm - Theatre 2 Recovery

Using machine learning and graph analytics to detect fraud in high volume consumer facing websites

  • Challenges in identifying fraud
  • Finding anomalies using machine learning
  • Leveraging graphs analytics to analyse suspicious relationships
  • Using graphs and machine learning in your organisation
Richard Freeman
Lead Data and Machine Learning Engineer
JustGiving
2:45 pm - Theatre 2 Recovery

Planning and preparing for a DDoS attack

  • Understanding how to identify and eliminate any single points of failure in your company’s infrastructure, including third-party ones like DNS
  • Modelling your risk when different parts of your infrastructure are under attack
  • Developing a human response plan for addressing attacks when they arise including best practice for running DDoS drills
3:20 pm - Theatre 2 Recovery

Cyber security and the relationship with records management

  • The role of Records Management and Cyber Security Experts in handling information
  • Winning colleagues round to a successful records management implementation and/or maintenance
  • Improving the relationship between records management and cyber security experts in your organisation
Martin Fletcher
Consultant
DQM GRC

9:45 am - Theatre 3 Prevention

Analysing the best solutions to the ever evolving cyber threat

  • An analysis of current and future threats
  • Latest results from academic research
Professor Chris Hankin
Co-Director, Institute for Security Science and Technology
Imperial College London
10:20 am - Theatre 3 Prevention

Session Tbc

10:55 am - Theatre 3 Prevention

Building a human firewall: A look at how the first line of defence is always your employees!

  • Raising the awareness of employees so that they become a solid line of defence against attempts to compromise your systems or organisation
  • Stopping humans from being the weak point in your organisational security by ‘upgrading’ users to think securely to minimise human error
  • The importance of teaching employees to think like security professionals
  • Getting ahead of new threats
11:30 am - Theatre 3 Prevention

Understanding how new cyber exposures are shaping the insurance industry

  • Analysing what is covered and what is not covered by cyber insurance
  • How to quantify cyber exposures and risk within your organisation
  • How the insurance sector is responding with changes in business models and product initiatives.
  • How do you distinguish between the various tools available?
Dan Trueman
Chief Innovation Officer & Head of Cyber
Novae
12:05 pm - Theatre 3 Prevention

Phishing and users: Improving on imperfection

  • Educating your workforce as a first line of defence – How email is at the heart of this evolving threat
  • Coping with the limitations of password management to protect against phishing attacks
  • Ensuring that when users fall foul of scams there are other controls in place
  • How do phishers use websites, domain names of social sources for phishing
  • What companies can do to improve protection, detection and response
Piers Wilson
Director
Institute of Information Security Professionals
12:40 pm - Theatre 3 Prevention

Improving managements view and understanding of information security as a strategic priority

  • Do business leaders really understand cyber threats?
  • Making information security everyone’s responsibility: The importance of an enterprise wide strategy to develop and embed a collective approach to information security
  • Overcoming organisational barriers and gaining C-Level buy-in
  • Understanding the core elements of an effective enterprise wide corporate plan for Information Security
  • Establishing a structure so that directors can meet their duty of care with regard to cybersecurity
Matt Argyle
Head of Information Technology
Children's Hospital South West
1:00 pm - Theatre 3 Prevention

Lunch and networking in the exhibition area

1:30 pm - Theatre 3 Prevention

Zero Trust: The future of cyber security?

  • Identifying your sensitive data
  • Mapping the data flows of your sensitive data to understand how data flows across the network and between users and resources
  • Architecting your network to identify where micro-perimeters should be placed and segmented with physical or virtual appliances
  • Creating an automated rule base
  • Monitoring the ecosystem effectively and efficiently
Giacomo Collini
Director of Information Security
HelloFresh
2:05 pm - Theatre 3 Prevention

Management view from the board – Leading the way on data and information

  • Data and Information – protecting and exploiting precious assets
  • Leading the way – governance and culture
  • Understanding the landscape: Threats, vulnerabilities and actions
  • Management information and assurance
  • Legal and regulatory responsibilities – GDPR, NISD and beyond
  • Stimulating innovation
2:40 pm - Theatre 3 Prevention

A breakdown of what businesses and the public can do to protect themselves from a cyber attack

  • Helping organisations prepare, protect, prevent, respond and recover from cyber threats
  • Engaging with local enterprise partnerships to create a shared awareness culture
  • Encouraging organisations to help prevent attacks from spreading through the Cyber Security information Sharing Partnership (CiSP)
  • Working with national partners across government, crime sector and industry to provide regular updates on attack trends
Jennie Williams
Cyber Protection Officer
TITAN - North West Regional Organised Crime Unit
3:15 pm - Theatre 3 Prevention

Implementing an effective ‘fool proof’ cyber security programme

3:50 pm - Theatre 3 Prevention

Addressing the cyber security talent shortage through effective training

  • A look at how difficult is it to recruit people for cybersecurity roles and why this is
  • Is the skills gap worse in some industries? – A look at the private and public sectors
  • Analysing the best ways to get the next generation involved and educated in cyber security
  • What is the most effective training for your organisation
  • Improving overall cyber security awareness within your organisation