A careful selection of one-hour seminars running in the morning and afternoon will allow delegates to understand complex areas of specific interest. You will have the opportunity to attend two seminars in total. These sessions will open up into an interactive discussion, giving you the chance to contribute and debate the hot topics of the day. Some of the seminar areas that will be covered are as follows:
-
Seminar A:
You Are Under Attack!
If you have a cyber presence you are being attacked every day. The attack vectors will depend on what your cyber presence is, but the one thing we can guarantee is that you are a target. It is not personal, they are not necessarily targeting you, they are just probing the Internet for vulnerable devices. The probing is constant, they only have to be right once, you have to be right every time!.
All independent statistics say that once you are compromised it will be weeks, months or even years before the breach is detected, furthermore you won’t detect the breach, an external agent will and will, eventually, inform you.
If you are a security professional this position is an uncomfortable place to be. In this seminar you will learn the key security controls you should prioritise to detect the breach, to detect vulnerable systems that are at risk of a breach and to detect the attack in real-time, so that you can respond appropriately.
Learn the importance of understanding:
• The current state of your systems security controls
• Zero-day attacks
• The ability to see “Changes” that Virus and Trojans make to a system once they have by-passed the AV systems
• How you can monitor changes to critical infrastructure devices
Speaker: Trevor Kennedy, Alliance Director Europe, Tripwire
-
Seminar B:
In Cyberspace No One Can Hear you Scream
Cyberspace finds Government, Military, Commercial, Civilian and Law Enforcement meeting in a common arena, the fifth theatre. The benefits enjoyed by Digital Society are significant, but so are the risks.We discuss the Information Security challenges in owning, policing and remediating your entire data estate: volatile data, data at rest and data in motion. What skills, technologies and methodologies are needed to proactively defend our most valuable assets? Can we any longer differentiate between protecting Critical National Infrastructure and securing our Homes and workplaces?
Speaker:
Adrian Culley, Global Sales Engineer, AccessData
-
Seminar C:
Cyberspace’s Invisible Enemy? Look Deeper with Protective Monitoring
The information required to manage your organisation’s cyber risks is already available, but not being used effectively.
You need greater visibility of real threats, quicker remediation, and forensic insight for Information Assurance.
With the Public Sector Network (PSN) initiative gaining momentum, time is running out to address the cyber security challenges that threaten its success. Without an automated Protective Monitoring strategy in place, detecting and responding to APTs, e-Crime, Nation State attacks and data breaches will be impossible.
In an interactive workshop LogRhythm, the only CCTM accredited Protective Monitoring provider, will show the business value of this approach, demonstrate the latest attack methodologies, what to monitor, and how to respond in real-time.
Speakers:
Ross Brewer
VP & MD International Markets
Martin Landless
Technical Director, International Markets
-
Seminar D:
CISO's Guide to APT and Industrialized Hacking
The world of hacking has evolved into two major varieties: industrialized attacks and advanced persistent threats (APT). The industrialized hacker wants money but also wants to keep costs down—it’s simply the “Tony Soprano” business model. If you have a web presence, you are a potential target for industrialized attacks—even if you are a small organization. You need to use timely updates on attack sources to quickly identify attackers. Since you are bound to be attacked, emphasis must be placed on easy management and operations, with protection against known vulnerabilities and common attack types, such as SQL Injection, XSS, and CSRF. Advanced persistent threats, on the other hand, are much more sophisticated and require a “James Bond” approach to impede the Dr. No’s. Consider yourself a target if you hold sensitive information beneficial to governments. This talk explores both approaches in detail and provides strategies CISOs can deploy to build cyber defenses.
Speaker:
Tal A. Be'ery, Web Security Research Team Leader, Imperva
-
Seminar E:
AM Session: Realising the Impossible: Improving Security and Access with Shrinking IT Budgets
Speakers:
Dan Ring, Oracle National Security Group
Mike More, Oracle National Security Group
Tonia Perry, Oracle Consulting
Alex Baxendale, Principal Security Architect, Logica
Discover how to improve mission capabilities through streamlined information sharing, while improving overall security and reducing IT infrastructure costs. This workshop will provide an overview of Oracle's Secure Information Tools, which provide the latest multi-domain capabilities, including the Cross-Domain Desktop and the Cross-Domain Security Express; the only cross-domain database approved by the US Unified Cross Domain Management Office. Additional capabilities include support for multiple information compartments within a single domain and ! securely integrating applications while preserving the user's identity and operating environment without application modification.
PM Session: Universal Credit - Addressing Citizen Authentication Challenges
Speakers:
Mike Pegman, Universal Credit IT Security, DWP
Paul Toal, Oracle Information Security Consultant
Dean Misquitta, Information Security Specialist
In-line with the UK Government's Digital by Default policy, more services are being deployed to the online channel, driving more requirements to enable transactional services that require higher levels of citizen authentication and trust. This introduces a number of challenges for Departments implementing these services. As one of the first services requiring these higher levels of citizen trust, Universal Credit is leading the way in addressing these challenges. In this session, you will hear from DWP about the challenges that they are facing, why existing citizen authentication solutions aren’t suitable and how, together with the help of Oracle, a new approach is being adopted which enables citizen choice and reduces the need for the UK Government to manage citizen credentials.
-
Seminar F:
AM Session Only: Anatomy/Case Study of detection, investigation and mitigation of a real-world commercial APT
The phrase Advanced Persistent Threat is thrown around a lot these days but many so-called APTs are little more than phishing attacks using old malware and are relatively easy to defeat. In this seminar Paul Vlissidis, Technical Director for NGS Secure will share insights into the range, complexity and sophistication of APTs, and go through in detail a real-world example of a true APT against a real commercial business. The case study will cover the complete lifecycle of the attack including detection, investigation, analysis and mitigation of the attack, and the lessons learned to help prevent future similar attacks.
Speaker:
Paul Vlissidis – Technical Director for NGS Secure – an NCC Group company
- Securing the grid - are our efforts sufficient? The cost of not investing
- The impact of security incident driven operations failure on reputation and business profile
- Sustaining compliance and comprehensive security
- Understanding the persistent and evolving threat
- Understanding what the threats are and where are they coming from - internal and external
- Future proofing your operational technology
- Strategies to ensure the cross over in education of operational engineers and cyber security practitioners
- Successful identity and asset management strategies
- Information assurance in the cyber age
- Are Smartphone’s your weakest link? Security solutions for your mobile Smartphone
- Integrating security solutions to increase efficiency and reduce cost
- Making the most of your security monitoring investment
- Information security governance and risk management
- Desktop virtualisation - secure by design?
- Cloud computing - information security and external suppliers
- Advanced protection against advanced malware - the next generation of threat protection
© GovNet Events 2011
