The 2018 CISO 360 Middle East Congress programme explored how can we leverage the tools within cyber security to drive forward thinking in future generations. What are communications and cultural transformation strategies for reputation and cyber security that work? How can we develop skills for industry focus – ehealth, fintech, renewables and sustainable technologies? What are emerging international public private partnerships? How can CISOs and CIOs use cybersecurity to drive revenue and increase shareholder value?
08:30 Welcome coffee and registration
09:00 Chairman’s Opening – Global Risk Horizon 2018 and Beyond
Marcus Alldrick, Former CISO, Lloyd’s of London & Current Advisor, Santander
09:20 Keynote Harnessing technology innovation and cybersecurity skills for the future generations – innovation, robotics, AI
– Skills for industry focus – ehealth, fintech, renewables and sustainable technologies
– International public private partnerships participation
– A government road-map to national security cyber threat
Senior UAE government representative – invited
09:40 Investor 360 Keynote Transformational cyber security investment initiatives – How can security reposition as enablers of business innovation? Is cybersecurity IP the next gold?
Hear the investor perspective on the advanced and emerging technologies that lie within cybersecurity – data analytics, robotics, cloud and assistive technologies. Where are the most patents being filed that directly link to cybersecurity? Is the security industry fully monetizing all the cybersecurity IP out there? How can this be monetized? What is the role of incubators – who are the key market players? Incumbents versus disruptors and game changers
Major technology investor – invited
10:00 Case study how M&S integrate security into rapid development
Agile Security… it’s not an oxymoron, but it is an accurate description of how we secure e-commerce development!
If you have in house software engineers and an ecommerce platform or even a team of developers working on a dynamic website then you will no doubt have pressure to release code quickly – with static code analysis and sometimes overzealous security colleagues, the process of securing that code base can become slow and cumbersome which leads to delays in your release cadence. M&S has developed an agile security process that integrates into the fast-flowing world of modern ecommerce. Lee will explain to you how his team do this and use gamification to ensure the security teams are finding the problems first. Why should I listen to this speaker? Lee has come up with a unique way of using gamification between Blue and Red teams which he has integrated into ecommerce development. A worked example of how M&S integrate security into rapid development and examples of gamification algorithms used in this process.
Lee Barney, Head of Information Security, Marks and Spencer
10:40 Case Study BlockChain, cyber resilience, and continuity
Eng. Manan Qureshi, Vice President / Head of Business Continuity, Riyad Bank
11:10 Morning Coffee Break
11:30 FinSec Panel How are banks and fintechs protecting themselves against organized crime and state nation threats in cyberspace?
– Who are the emerging attackers, what are their motives and what methods do they use?
– What are the new opportunities that will revolutionize payments, what would this mean for online security?
– Can the use of blockchain/distributed ledger technology improve security?
– How is AI being used in authentication?
– What are the key challenges of how sensitive data is protected now?
– Financial regulators – are their demands realistic and achievable?
– Insurance of cyber risk – How to manage the risk and not just transfer it?
Chaired by:
Eng. Manan Qureshi, Vice President – Head of Business Continuity, Riyad Bank
Panellists:
Michael Waheeb, Head of Information Security, Network International Africa
Marcus Alldrick, Former CISO, Lloyd’s of London & Current Advisor, Santander
Anshul Srivastav, Chief Information Officer, Information Technology, Union Insurance Company PSC
Joseph Makram, CIO, Egyptian Arab Land Bank
12:10 Case study How to Secure Your Business on the Cloud – Practical Approach from Strategy to Implementation
Hear how the region’s leading online retailer is approaching cloud security – from strategy to implementation. Why should I listen to
this speaker? You will leave with practical insights on how to promote the commercial advantages of managing information security risks in the cloud.
Aladdin Dandis, Information Security Manager, Souq.com- Subsidiary of Amazon
12:50 Futurist keynote + Panel Security implications of AI, Big Data, IoT, Blockchain
CISO and CIO as enablers of business innovation: What are the risks, opportunities and game-changers of AI, Big Data, IoT, Blockchain?
Cut through the hype and hear strategy and predictions from innovators, investors and CISOs on how disruptive technologies are radically transforming modern business and where the opportunities lie for cybersecurity.
– Futurist view of security implications of AI, Big Data, IoT, Blockchain – predicted game changers?
– How AI will help on achieving UAE 100 years vision which is the first Vision in the world
– Role of innovation in future foresight and future accelerations
– Change management and convergence of security disciplines for next generation security
– Security controls/ standards/ considerations for safe city architecture built based on AI, Big Data, IoT, Blockchain without compromising public safety
– Cyber resilience that became national resilience – what are the strategical actions to be adopted for readiness to response to cyber resilience?
Co-chaired by:
Dr. Mohammad Khaled, CIO, IT Digital Transformations, Regulation & Supervision Bureau – RSB
Kumar Prasoon, Group Chief Information Officer (CIO), Al Safeer Group
Dr. Major. Hamad Khalifa Al Nuaimi, Head of Telecommunications Security, Abu Dhabi Police GHQ
13:20 Lunch
14:40 Diversity in Infosecurity
Irene Corpuz, Head of the IT Security Section & acting CISO, Western Region Municipality Abu Dhabi
15:00 Role-Playing Exercises Threat from business espionage
Hear advanced methods of intelligence gathering, insights on the insider threat and counter intelligence and how security is compromised by human nature with a series of case studies through the medium of role playing exercises and case studies. Why should I listen to this speaker? Learn from real world examples of the sheer breadth of vulnerabilities in almost all organisations, all facilitated by freely and legally obtainable information and how to mitigate the risks.
-Who collects intelligence and why, advanced methods of intelligence collection
– Physical and Information security methods
– Counter intelligence and the insider threat
– How security is compromised by human nature
– Role playing of intelligence gathering techniques and security responses
Robert Shaw, Senior Advisor, United Nations, and Co-Founder, TEG7 LLP
15:40 Afternoon Tea Break
16:00 Panel IoT cybersecurity with energy and renewables
Discuss emerging cyber threats and technical issues and solutions for control room operations relating to AI and IoT challenges.
– Securing data across big data processing and analytics
– Identifying how to mitigate human errors in the energy infrastructure
– Specific cybersecurity challenges with IoT and critical national infrastructure
– Sustain operations under all- hazards events – change management techniques
– New threats from interconnected systems
Led by:
Dr. Sally Leivesley, Director, Newrisk Limited and TEG7 LLP
Ray Stanton, SVP/Group Chief Security Officer, TDC Group (Denmark)
16:30 Open Source Hacking Workshop Open Source Intelligence (OSINT) – penetrating organisations infrastructure cyber vulnerability assessment
No matter how well defended the organisation’s intellectual property is against cyber attack, the staff are the way in. The talk focuses on the mindset and techniques of the attacker, whether a cyber criminal, a state actor, a corporate spy or frivolous hacker, and shows how surprisingly low-tech most attacks are – often deriving cyber attack-enabling information from nothing more than a search engine before launching a devastating exploitation of infrastructure or the human workforce. Why should I listen to this speaker? Hear real world examples from a covert online operations and digital forensics expert on the sheer breadth of vulnerabilities in almost all organisations – all facilitated by freely and legally obtainable information and how to mitigate the risks!
Former Intelligence Officer, North Cyber Limited (UK)
17:10 Close of day one
18:00 Dinner
08:30 Breakfast Briefing – Emerging Risks and Opportunities Training
Robert Shaw, Senior Advisor, United Nations, and Co-Founder, TEG7 LLP
Intelligence Specialist, North Cyber Ltd
Dr. Sally Leivesley, Director, Newrisk Ltd, A Founder Member, The Exercise Group7
09:05 Chairman’s Re-opening
Marcus Alldrick, Former CISO, Lloyd’s of London & Current Advisor, Santander
09:10 CxO Cyber Risk Governance and Assurance Boardroom
– How can CISOs reposition cybersecurity as a robust business investment strategy to keep the Board happy?
– What do Board members and other GRC assurance leaders need to know to ask the right questions?
Investors are increasingly asking questions of the board about cybersecurity because of litigation risks and disclosures. In this session you will hear and share how to align culture and mindset across security-business-technology and legal. How can CISOs improve their offering? What can CIOs, GCs, CPOs, CROs offer the CISO internally? What will you learn? Practical take-aways on how we can best reposition cybersecurity as a robust business investment strategy.
– How can we take current security practices to create new models and strategies to build security value?
– How can we strive for higher quality security practices, standards and sharing?
– GDPR – challenges for the region
– What best practice security strategy looks like now and how is this rapidly evolving with digital transformation?
– Quantitative risk models applied to security – can we leverage internal knowledge to apply financial risk models
– How can we place measures on controls – balancing process and power to increase the surface areas of attacks?
– How will CFOs, GCs and CCOs provide compliance in the era of digital transformation?
Co-led by:
Jonathan Martin, EMEIA Operations Director, Anomali
Lady Olga Maitland, Chairman, Copenhagen Compliance
Richard Hollis, CEO, Risk Crew
Ray Stanton, SVP/Group Chief Security Officer, TDC Group (Denmark)
09:50 Panel Advancing tomorrow’s holistic security leaders
The tools within cyber security are useful for their forward thinking to 2071 and education and innovation to be competitive in the world with the younger generation. Innovation and harnessing key skills to build the UAE into the world leading nation of technologists. This panel discussion will ask how can we leverage the tools within cyber security to drive forward thinking in future generations?
– Communications and cultural transformation strategies for security/ IoT/ IT/ threat/ response/ intelligence disciplines
– Skills for industry focus – ehealth, fintech, renewables and sustainable technologies
– Defending people, systems and infrastructure – building national resilience
– International public private partnerships participation
– Changes in international salary trends and expectations
– Advancing younger security leaders – passing on the legacy merged with new ways
Chaired by:
Mrs. Bhavani Suresh, President, ISACAUAE Chapter
Panellists:
Aladdin Dandis, Information Security Manager, Souq.com
Irene Corpuz, Section Head – Planning & IT Security & Acting CISO, Western Region Municipality – Abu Dhabi Government
Sofiane Chafai, EMEA Advisory Board Member, (ISC)²
Jenny Reid, CEO, iFacts
Dr. Vasileios Karagiannopoulos, Senior Lecturer in Law and Cybercrime; Director of the Cybercrime Awareness Clinic; Course Leader for BSc Criminology and Cybercrime; Chair of ICJS Ethics Committee, University of Portsmouth
10:30 Keynote + Discussion What makes for a world-class business intelligence, BCP, investigations and cybercrime unit?Insights on managing cybercrime investigations from a highly experienced and sought after investigative and security subject matter expert, who has directed and led law enforcement and corporate investigation teams for nearly 30 years into matters of regulatory compliance, fraud, bribery, corruption, money laundering, employee misconduct and reputational risk across the globe.
– How do you leverage the value and investment from cyber threat intelligence?
– What makes for a world-class threat intelligence team? Who do you share this with internally?
– How does this leverage value and actionable intelligence to the board to advise appropriate strategy?
– Practical steps to conduct an insider threat investigation
– Sharing ROI of strategic decisions made on the back of cybercrime investigations, intelligence, data and the patterns of employee behaviour
Chaired by:
Simon Scales, Recently Head of Investigations EMEA, BP plc.
10:50 Morning Coffee break
11:20 Integrating cyber function into BCP to deal with the massive attacks
Sofiane Chafai, EMEA Advisory Board Member, (ISC)²
11:35 ‘Live’ Response Exercise Shamoon Version X – What is next?
New threats to technology in the region can be reduced by innovative team thinking and effective response planning within companies and government departments. This ‘live’ group scenario exercise draws on 2018 public information on the Spectre threat to hardware. Working in table groups with fellow participants, this is an interactive challenge for participants to build defensive and offensive actions within their organisation to protect against future advanced threats to the sustainability of infrastructure and business operations in the region. You will tasked to deliver information that is vital to CISOs and senior company managers in government, telecommunications, energy, banking and other critical infrastructure.
– Benchmark innovative solutions and assess off-the-shelf solutions currently available
– Integrate business continuity and CISO security to avert a catastrophic threat
– Integrating cyber function into BCP to deal with the massive attacks
– Assess company-wide effects on delivery and supply chain
Co-led by:
Irene Corpuz, Section Head – Planning & IT Security, Western Region Municipality UAE Government
Dr. Sally Leivesley, Director, Newrisk Ltd, A Founder Member, The Exercise Group7
12:10 Case study Sweden Psychology in practice of social engineering
Social engineering is nothing new, but it has become the “king of attacks”, being (relatively) easy to deploy and requiring minimal commitment from the attackers’ side. Why listen to this speaker? MTG has seen its fair share of social engineering attacks. You will hear how MTG has chosen to deal with this threat. Key takeaways:
– The 6 influence principles (by Dr. Cialdini) and how these principles are utilized to improve the success rate of social engineering attacks
– The driving forces of what makes us “click on the link” and how we should defend against them
– What MTG is doing to prevent these types of social engineering attacks
Dimitrios Stergiou, Chief Information Security Officer, Modern Times Group MTG AB (Sweden)
12:30 Security Collaboration Challenges and best practice
– Why is collaboration across the business essential?
– What needs to be disseminated, what doesn’t and why?
– What are the benefits? What are the obstacles?
– How do you overcome them?
Richard Hollis, CEO, Risk Crew
12:50 Lunch
14:00 Social Media Scandals Human factor – social media risk and policies
– Current figures indicate that over 6,000 tweets are made per second globally, 5 new Facebook profiles are opened every 10 seconds
– Social Media gives a glimpse into the person that will enter your workplace and gives a good indication of whether they will fit the corporate culture of your organisation and if they could pose a possible risk to your organisation
– All it takes is one person to gain media exposure and traction, costing an organisation millions in losses
– Social media scandals cost South African businesses in excess of R500 million during 2016 alone
Jenny Reid, CEO, iFacts
14:20 Case study Understanding hacktivism as a first step to mitigating its cybersecurity implications
Dr. Vasileios Karagiannopoulos, Senior Lecturer in Law and Cybercrime; Director of the Cybercrime Awareness Clinic; Course Leader for BSc Criminology and Cybercrime; Chair of ICJS Ethics Committee, University of Portsmouth
14:40 Artefacts of Innovation Roundtable
CISO and CIO as enablers of business tranformers. How can we truly achieve security by design?
Co-facilitated by:
Kamran Ahsan, Senior Director/Digital Security Solutions, Etisalat Digital
By 2018, it is estimated that 70% of enterprise cybersecurity environments will use cognitive/AI technologies to assist humans in dealing with the vastly increasing scale and complexity of cyber threats. The artefacts of innovation that constitute the transformative digital economy are: big data & analytics; the cloud & mobility; IoT; Artifical Intelligence. Combine peer group brain power on the different risk perspectives associated with each technology to share the latest approaches and updates on security deployments.
Format:
Each of the 4 tables will focus on a given different ‘perspective’ of security. Attendees will select 2 out of the possible 4 roundtables below, rotating in groups. Facilitators and a note-taker will remain fixed to each table to lead and capture the key discussion points, observing The Chatham House Rule. This Roundtable is ideal to benchmark with other CISOs and CIOs to share experiences with peers to strengthen your capacity – including receiving threat intelligence about cloud vulnerabilities, due diligence for 3rd party supply chain, incident response, measures and defending appropriately. Notes will be taken throughout all of the roundtable discussions, observing the Chatham House Rule.
Roundtable 1– Cloud and mobility
Roundtable 2 – IoT
Roundtable 3 – AI
Roundtable 4 – Big data and analytics
15:40 Close of congress, afternoon tea and goodbyes