emerging challenges of information security and … · organisations need to know how to integrate...
TRANSCRIPT
`
Emerging Challenges of Information Security and Mobile Devices
1-Day Conference
PREVENT – PROTECT - PREVAIL
EMERGING CHALLENGES OF INFORMATION SECURITY AND MOBILE DEVICES
When: 11 July 2013 Time: 8.30 am to 6.30 pm Where: Hotel London Kensington, W11 4UL Organisers: Spinlondon Network Limited and Unicom Seminars Ltd. Supporters: KPMG Software Engineering Institute University of Greenwich University of Hull Eversheds Blackberry Diageo Royal Holloway College Demco Communications Institute of Information Security Professionals DCH Technology Services IBM Aberystwyth University
`
EMERGING CHALLENGES OF INFORMATION SECURITY AND MOBILE DEVICES
In today’s networked world it has become a business imperative to protect information as it impacts all as-pects of our society - finance, healthcare, government, defence, education as well as entertainment. The appearance of employees’ own portable devices into the workplace has added another dimension of com-plexity. As mobile technology develops rapidly, organisations need to know how to integrate these devices securely within the corporate IT infrastructure. So they are under constant pressure to secure their IT in-frastructures and the corporate data against security breaches.
Information Security has now become a business requirement, and in many cases also an ethical and legal requirement. But instead of responding to frequently occurring, each and every threat, senior executives need information security to become more predictable and manageable. This conference will be on under-standing:
The Information Security landscape - threats that may affect an organisation How to put cyber defenses in place to address these risks effectively and protect the business? Legal issues to consider when implementing a BYOD programme in an organisation? How can we tackle the challenges and risks within information security? What solutions are available and how can we implement them?
“Loss, theft, spam, Trojans, spyware, data breach,
and aggressive advertising are some of the few
threats facing vulnerable devices.” - ABI Research
EMERGING CHALLENGES OF INFORMATION SECURITY AND MOBILE DEVICES
Why attend the workshop?
273 organisations quantified their financial losses: the total bill came to $265m
Sony confirmed that individual pieces of personally identifiable information from each of the 77 million accounts appeared to have been stolen.
2011 Texting and Blackberry Messenger are said to have been used during England riots that brought widespread rioting, looting and arson
What are the benefits of attending the workshop?
Participants will learn how to deal with the increasing threats to Information and mobile devices security.
Understand the importance of information security and security of mobile devices.
Hear from speakers in their areas or expertise and find out how to deal with threats to security.
Share your ideas in panel discussions and open forums on how your organisation deals with current threats.
Meet and network with speakers and participants within the information security and mobile devices technology.
Who should attend?
Security and business continuity professionals Risk management professionals
Legal and Compliance professionals Knowledge Management Professionals
Process improvement professionals Operational resilience professionals
Change management professionals GRC
EMERGING CHALLENGES OF INFORMATION SECURITY AND MOBILE DEVICES
Programme Agenda
Time Activity Description
09:30 – 09.45 Introduction to Exhibitors and Supporting Bodies
09.45 – 10.00 Setting the scene, Conference Chair
10.00 – 10.30
To BYOD or Not To BYOD – Legal Considerations Victoria Mann & Simon Cloke, Eversheds
10.30 – 11.00 Coffee Break
11.00 – 11.30
BYO Risks and Benefits, an Antiquated Balancing Act Nader Henein, Regional Director of the Advisory Division Blackberry
11.30 – 12.00
Panel: Implementation & Experience of Use Dragan Pendic, Chief Security Architect, Global Information Management & Security, Diageo Geraint Price, Information Security Group, Royal Holloway College, University of London.
Linda Demetriou, Demco Communications Nader Henein, Regional Director of the Advisory Division Blackberry
1300 – 1330
BYOD and Unified Communications Linda Demetriou, Demco Communications
1330 - 1400
Skills and Professionalism Amanda Finch, General Manager, The Institute of Information Security Professionals
1400 – 1430
The trade-off between security and usability (Mobile apps) David Hunt, Director, DCH Technology Services
1430 - 1500 Tea
1500 - 1530
Topic to be confirmed Jon Harry, Snr. IT Specialist for IBM Software Security
1530 – 1600
The CERT Oracle Secure Coding Standard for Java Fred Long, Senior Lecturer, Department of Computer Science, Aberystwyth University.
1600 - 1630
Topic to be confirmed Anthony Robinson, Managing Director, UK & Ireland Security Practice Lead at Accenture
1630 - 1715 Moderated Q & A
1715 - 1745 Chair’s closing remarks
Evening
1745 - 1830 Drinks reception
EMERGING CHALLENGES OF INFORMATION SECURITY AND MOBILE DEVICES
Victoria Mann, Eversheds Vicky is an associate in the commercial law practice group and undertakes a wide range of data protection, e-commerce, commercial contracts, IT and telecoms work. Vicky's recent privacy law experience includes advising on: website privacy policies and fair processing notices; marketing consents and the law applicable to direct marketing; location tracking software and related data protection compliance issues and employee monitoring (including intercepting live communications).
Vicky's experience also includes project managing a number of multi-jurisdictional privacy compliance projects for international clients and she has recently managed a project involving 29 jurisdictions worldwide for one US multi-national. Vicky regularly advises on DP provisions and arrangements in the context of service and supply agreements as well as the DP implications of corporate transactions.
Simon Cloke, Senior Associate, Eversheds Simon Cloke is a technology and communications senior associate in our commercial practice. Simon provides advice on a broad range of issues that impact network operators, equipment, software and service providers in the fixed, mobile and satellite sectors in both the provision of communication and broadcasting services. In addition to technology and communications regulation, Simon also advises on the commercial aspects of both technology and communications transactions and projects.
His recent experience includes:
advising on the application of, and compliance with, communications regulation;
drafting software, technology and equipment contracts, terms and conditions, resale and interconnection agreements for a software communications provider; and
advicing on the licensing, importation and exportation of encrypted software. Topic: BYOD or not to BYOD – Legal Considerations Has appropriate communications infrastructure been put in place to take advantage of the use of BYOD/CYOD devices? An explanation of some of the legal implications of putting in place such infrastructure, including issues relating to the Wireless Telegraphy Act 2006, Wireless Telegraphy (Exemption) Regulations 2003, RTTE Regulations 2000 and the General Conditions of Entitlement. What are the associated privacy/security issues with implementing a BYOD policy? An overview of how to balance BYOD with legal obligations around the use of personal data under the Data Pro-tection Act 1998 and considerations to bear in mind under the monitoring and interception frame-work.
Nader Henein, Regional Director of the Advisory Division, Blackberry Nader brings over a decade of tactical experience in the architecture, development and management of secure, scalable systems. He has worked in a wide range of organizations from startups to multinationals allowing for both depth and breadth of experience focused on privacy and security. Today, his role hinges on providing solutions to current challenges faced by BlackBerry’s strategic customers in banking, governance, security and beyond.
Topic: BYO Risks and Benefits, an Antiquated Balancing Act The prevailing mentality that we have to choose between usability and security, between BYO and safe-guarding corporate secrets has long been seen as gospel. We have employed the same controls to reel in the user on laptops and desktops for decades, and today we are applying these same controls to mobile devices. Trying to standardize a device that was chosen by the user for its individuality is an exercise in futility, there are far too many devices, too many operating systems and too many users to keep an army of administrators perpetually frustrated. Over the course of this presentation we will look at new techniques in managing data agnostically, understanding risk and applying a measured response transparently so as not to hinder the user while protecting them and corporate data. In the cold light of day the risks are not new to the Infosec community, what has changed is the user.
Amanda Finch, General Manager, The Institute of Information Security Professionals The principal objective of the Institute is to advance the professionalism of information security practitioners and thereby the professionalism of the industry as a whole. The Institute aims to provide a universally-accepted focal point for the information security profession. The Institute is an independent not-for-profit body governed by its members, ensuring standards of professionalism - for training, qualifications, operating practices and individuals.
Topic: Skills and Professionalism
Speakers
EMERGING CHALLENGES OF INFORMATION SECURITY AND MOBILE DEVICES
Linda Demetriou, Managing Director, Demco Communications Demco Communications is a " Solutions driven by our customers which will grow with the development of their business. A total Voice and Data solutions platform based on the highest level of Consultancy, utilising quality products and implemented by superior technical competence. Maximising customer benefits with training, ongoing support and maintenance. Utilising the latest technology, developed for reliability,
performance, expandability and growth". Topic: BYOD and Unified Communications
David Hunt, Director, DCH Technology Services David Hunt is a Senior IT professional with proven ability to lead a world-class architecture community and to apply a striking diversity of skills and technical knowledge to today’s key corporate issues. He is skilled at complex assignments involving business change, new technology infrastructures and systems integration and has extensive experience of working alongside senior business managers as well as programme managers.
Topic: The trade-off between security and usability (Mobile apps) Security is becoming increasingly important in our emerging digital age, however increasing the level of security on the APPS we provide our consumers also has the potential to create a poor end user experience. This can lead to the consumer rejection of the technologies and capabilities we might want to deploy.The emergence of big data and its ability to be used to create a more consistent view of the context of user interactions, can we merge big data analytics with conventional security techniques to create secure usable APPS?
Jon Harry, Senior IT Specialist, Pre-sales at IBM Jon is an Identity and Access Management specialist with experience in a wide range of security and general IT disciplines. He has a worldwide subject matter expert in IBM Security Access Manager and IBM Tivoli Federated Identity Manager software having written education material and supported early customer deployments since these products were introduced by IBM. He has design, deployment, and operational experience following four years in services roles and, more recently, he has experience of selling the IBM security portfolio.
Topic: IBM Mobile Security Solutions: Delivering Confidence to PutMobile First.
Fred Long, Senior Lecturer, Department of Computer Science, Aberystwyth University Fred’s research interest is in software security, especially the development of rules for the production of secure programs in Java. He has been an auxiliary coastguard for over thirty years. He is a member of the St. David's Society of Pittsburgh, and I'm also interested in history, particularly the history of Roman Britain.
Topic: The CERT Oracle Secure Coding Standard for Java Fred will introduce the work of the CERT Secure Coding Initiative at the Software Engineering Institute. He
will concentrate on the "CERT Oracle Secure Coding Standard for Java" which was published in 2011. The talk will provide examples from the Standard and discuss how adoption of the Standard will promote the production of code containing fewer software vulnerabilities.
Anthony Robinson, Managing Director, UK & Ireland Security Practice Lead, Accenture Anthony is the UKI Security Practice Lead specialising in helping clients implement high performance solutions for Cyber Security. Over the past 15 years he has worked on, and led major IT and Information Security transformation programmes for some of the world’s largest organisations. This includes completing a cyber-security readiness assessment for clients in the insurance industry, working to shape cyber defence services and associated operating models for multi-national telecoms, and working for a major financial services organisation helping set-up a cyber-defence capability.
Ian Seward, Visual Management, Individual Consultant Ian has been the Bid Manager, architect and deployment lead for the BCS' certification scheme for Information Assurance practitioners in response to a CESG tender aimed at improving professionalism within IA for public sector programmes. He is a SFIA Accredited Consultant, PRINCE2 practitioner, Chartered Information Technology Professional and Fellow of the BCS.
EMERGING CHALLENGES OF INFORMATION SECURITY AND MOBILE DEVICES
Our Supporters The Carnegie Mellon Software Engineering
Institute (SEI) works closely with defence and government organisations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organisations such as yours to improve their software engineering capabilities and to develop or acquire the right software, defect free, within budget and on time, every time. http://www.sei.cmu.edu/
Students are at the heart of everything we do... whether it's our high performance teaching results, outstanding alumni, internationally-recognised research or exceptional student experience. At the University of Hull - an empowered and engaged institution - we're constantly
'going beyond' and investing in every facet of our culture in a bid to demonstrate our commitment to becoming the competitive, responsive and resilient community that will help you fulfil your potential during your time with us.
HP is a technology company that operates in more than 170 countries around the world. We explore how technology and services can help people and companies address their problems and challenges, and realize their possibilities, aspirations and dreams. We apply new thinking and ideas to create more simple, valuable and trusted experiences with technology, continuously improving the way our customers live and work.
Accenture is a global management consulting, technology services and outsourcing company, with more than 244,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions,
and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US $25.5 billion for the fiscal year ended Aug. 31, 2011. http://www.accenture.com
Since its foundation in 1901 as the Engineering Standards Committee, BSI Group has grown into a leading global independent business services organisation providing standard-based solutions in more than 140 countries. http://www.bsigroup.com/
We are part of BAE Systems, a global defence and security company with over 100,000 employees worldwide. BAE Systems delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and
customer support services. http://www.baesystemsdetica.com/
ArcSight helps protect enterprises and government agencies by providing complete visibility and critical insights into their IT infrastructure across all users, networks, datacenters and applications. The market-leading ArcSight platform enables organisations to proactively safeguard their digital assets, control the risks associated with cybertheft, cyberfraud,
cyberwarfare and cyberespionage and comply with corporate and regulatory policy. http://www.arcsight.com
KPMG in the UK has over 10,000 partners and staff working in 22 offices and is part of a strong global network of member firms. Our vision is simple - to turn knowledge into value for the benefit of our clients, people and our capital markets. http://www.kpmg.com/global/en/pages/default.aspx
The University of Greenwich has three stunning campuses, over 1,200 programmes, and first-class research. Let us open your eyes, to one of the grandest university settings in the world. http://www2.gre.ac.uk/
Unicom a specialist provider of business to business communication products and services through commissioning of seminars, workshops, conferences and accredited training. http://www.unicom.co.uk/
EMERGING CHALLENGES OF INFORMATION SECURITY AND MOBILE DEVICES
Workshop Organising Committee
Kavita Gulati, Director – Operations – Spinlondon Network Ltd Kavita is responsible for all operational aspects of running Spinlondon including Public Relations, Web Development, and day-to-day operations. She holds a bachelor’s degree from Mumbai University and has been associated with many organisations in different capacities like World Health Organisation, India (WHO), National Health Service (NHS), in UK, Sensient Pharmaceutical Technologies in USA. Kavita has been involved in social organisations like Girl Scouts, Delaware, New Jersey and Leo Club, Mumbai. Kavita has participated in
several charitable projects including fund raising, organising events for and raising membership and building awareness. In addition to education she has a passion for music.
Alec McCutcheon is Partner, Sales and marketing Director at Unicom.
Jeremy Glover, Partner at Reed Smith Jeremy is a partner at Reed Smith LLP. Reed Smith is one of the 15 largest law firms in the world. Jeremy heads up the UK employee benefits and corporate governance practice and advises companies from start-ups to multinationals. Jeremy has worked for Big 4 consultancies and has an MBA from CASS Business School. Jeremy lectures often on corporate governance, employee incentives, corporate social responsibility and the interaction of law, finance, strategy, human resources and best practice.
Dhira Mitra, Events Commissioner, Unicom Seminars Ltd. She has worked in UNICOM Seminars and worked in multiple roles of research publication editor and events commissioner. She joined the management team and played a major role in the sale of the company. After the MBO of UNICOM (repurchase) she has returned from retirement to lead the commissioning team and direct the integration with the Indian branch of the company. Her hobbies include travel, reading, gardening, and more recently Bee keeping.
Vinay Gulati, Programme Concept and Chair for this workshop Vinay has worked in innovative ways within large corporate, social entrepreneurial organisations bringing new ideas to fruition. His work has focused on improving business performance, information security and business continuity, organisational maturity and process capability, reducing costs, improving productivity, while ensuring risk and compliance. Vinay is an Information Security Architect, working for Accenture, leading the Delivery Innovation and Industrialisation Program for their Delivery Centres in UK. He is also a BSi Registered Lead Auditor
for ISO27001 and BS25999. He is the founder and chair of Spinlondon Network. Trained by Al Gore as a volunteer for the climate project he is helping drive the environmental and global climate agenda. He graduated from Indian Institute of Technology (IIT) Kanpur with a Bachelor of Technology degree in Computer Science and Engineering.
EMERGING CHALLENGES OF INFORMATION SECURITY AND MOBILE DEVICES
About Us
Spinlondon Network Ltd.
Spinlondon is an active community of professionals who share their successes and challenges with an aim to improve
organisational performance, excellence and contribution to the society. Our member base includes corporate professionals representing various local and global firms, independent contractors and SMEs (Subject Matter Experts), including academics. OUR VISION To provide an open and independent forum to promote and accelerate sustainable excellence both at individual and organisational levels. OUR MISSION
Act as a platform for professionals to promote, share and learn best practices
Encourage innovation in professional services industry
Facilitate professional networking among our members
Provide a channel for effective information sharing and
Act as a stage for professionals and innovators to share and get feedback on new ideas.
WHAT WE DO We provide a platform to share knowledge, experience, opinions, ideas, innovations and networking. We do this through conducting various events such as meetings | panel discussions | conferences & seminars | forums | workshops | round tables and sports events.
Our events are geared towards exploring topics of interest in depth, providing practical experience and share real life case studies.
Unicom Seminars Ltd.
UNICOM Seminars' mission is to be a global but a specialist provider of business to business communication products and services. We are active in commissioning new seminars, forums and training events. We try to stay in touch with :
technology developments
evolving business concepts and management thinking, and
respond to our clients' information and training needs
1. development and commissioning of seminars, workshops, specialist reports and newsletters, based on market research, technology analysis from a business perspective and peer group review
2. specialisation and acquisition of business knowledge in the fields of information technology, management principles and best practices, financial engineering and modelling.
3. use of leading edge networking, computing and new media technologies for the delivery of its products and services.
We would like to thank all our speakers and attendees for supporting this event!