Agenda
1
06:00 -
07:00
DAY 1
07:30 -
08:50
Registration & refreshments
08:50 -
09:00
Welcome to the e-Crime Congress by Dr Simon Moores, Chairman  
09:00 -
09:20
FBI cyber outlook
 
Kurt Pipal, Assistant Legal Attache - Cyber, FBI
  • Looking at law enforcement and private entity partnerships to take down Botnets
  • An examination of FBI cyber case studies
09:20 -
09:40
Security Analytics for a Strong Post-Breach Security Posture
 
James Stevenson, EMEA Security Director, Blue Coat Systems
  • Review of the Current Threat Landscape and challenges faced with traditional security technologies
  • Discussion around the Advanced Threat Protection Lifecyle to reduce time to detection and resolution
  • Real Case Study of the ATP lifecycle approach reducing Time to Detection from 8 months to 2 days
  • Discussion around Reactive and Pro-active breach discover methodology
09:40 -
10:00
Any time, any place, anywhere Quantifying the mobile malware threat
 
David Emm, Senior Regional Researcher, Global Research & Analysis Team, Kaspersky 
  • Challenges for securing corporate data as the 'work place' shifts to 'on the go' and personal device use increases
  • Quantifying the scale of the threat and why it's essential for organisations to establish a 'follow-me' security strategy that encompasses mobile devices
  • Analysis of types of mobile malware and how they spread, the platforms that will be affected, why it is a business problem and what can be done
10:00 -
10:20
The National Cyber Crime Unit Investigating crime in the digital age 
 
Andy Archibald, Deputy Director, NCA National Cyber Crime Unit
  • The NCA & NCCU - role and functions
  • International cooperation
  • Industry participation
  • Law enforcement capabilities
10:20 -
11:00
Education Seminar Session 1
 
Delegates will be able to choose from a range of seminars. Please click here for details
11:00 -
11:30
Networking break & refreshments 
11:30 -
11:50
Case study Channel 4 
 
Brian Brackenborough, CISO, Channel 4
  • Anatomy of a breach & the sequence of events that occurred
  • Navigating third party responsibility & accountability post-breach
  • Lessons learnt & using the learning curve for good
11:50 -
12:10
Today’s Security for Tomorrow’s Threats
 
Amnon Bar-Lev, President, Check Point Software Technologies
  • How exactly the cloud, social media and mobile devices affect corporate data flows & IT environments
  • Analysis of the new paradigm required to proactively protect an organizations critical data
  • Options for pragmatic architecture & methodology to keep infrastructures secure, modular & agile
12:10 -
12:30
The impact of email-borne threats Why companies should recognise & embrace the need for change
 
Ken Takahashi, General Manager, Anti-Phishing Solutions, Return Path 
  • Defining the “phishing” problem accurately using previously unavailable data & insights
  • Understanding the full, enterprise-wide impact of these threats: it is not just a concern for security professionals
  • Breaking ties with historical assumptions & solutions: a paradigm shift that will deliver both top- and bottom-line returns
  • Making significant leaps forward in combatting email-borne threats at an enterprise-wide level
12:30 -
12:50
Why security awareness fails and what you can do about It
 
Rohyt Belani, Co-Founder & CEO, PhishMe
  • Why employees are an integral part of your organization’s security posture
  • Why traditional security awareness and training have failed
  • How we can educate employees to change behavior towards cyber attacks
  • How employees can aid timely attack/breach detection and minimize damage caused by cyber attacks
12:50 -
13:30
Education Seminar Session 2
 
Delegates will be able to choose from a range of seminars. Please click here for details
13:30 -
14:30
Lunch & networking break
14:30 -
14:50
Data Breach Notification Current and future legislation in Europe
   
Olivier Proust, Of Counsel, Field Fisher Waterhouse LLP 
  • What is the current legal framework for telecom providers in the EU regarding data security breach notification?
  • What are the expected changes for data controllers with the upcoming legislative proposals?
  • What are the main proposals under the EU Data Protection Regulation and Cyber security Directive?
14:50 -
15:10
Understanding risk – your defence against the perfect cyber storm
 
Tom Salkield – UK Professional Services Director, NTT Com Security
  • Do you trust your organisation’s defences?
  • How organisations gain a competitive advantage using active risk management to make informed decisions and investments in line with their business objectives
  • What are the practical steps to establishing active risk management?
  • How understanding your information security and risk management profile in context improves confidence and control in the face of the cyber threat
15:10 -
15:30
eCrime 2014 - past, present and future
 
Don Smith, Technology Director, Dell SecureWorks
  • The threat landscape today, who are the threat actors, what malevolent activity does the Counter Threat Unit see in action?
  • What differences in behaviours have been seen over the last 12 months ?
  • Where is the threat landscape going next, how may behaviours change or evolve?
15:30 -
16:10
Education Seminar Session 3
 
Delegates will be able to choose from a range of seminars. Please click here for details
16:10 -
16:30
Networking break & refreshments 
16:30 -
16:50
Case study The rule of three:  managing cyber-security risks in a fast-changing world

Daniel Barriuso, Group CISO, BP
  • Three walls to structure controls and contingencies against cyber attack
  • Three principles to drive the design of practical and focused cyber defences 
  • Three strategies to maintaining agile, adaptive and sustainable counter-measures to meet the cyber challenge
16:50 -
17:10
I steal data everyday and you won’t want to stop me!
 
Kevin Bailey, Head of Market Strategy, Clearswift
  • Make information disappear to comply with Governance, Regulations and Compliance
  • Expose the Insider threat to protect your employees, supply chain and reputation
  • How Data Loss Prevention has been given a face lift, uses the internal skills from compliance to security personnel and does not put your business operations at risk
17:10 -
17:30
Security in the supply chain
 
Neil Jarvis, Chief Information Security Officer, DHL Supply Chain
  • Data is at the heart of all business, where data goes and where it is stored is the main consideration of every CISO
  • Organisations are increasingly sharing data with suppliers and in these cases are we making sure that our suppliers understand the value of information to us?
  • Analysis of the aspects of security in the supply chain which may not have been considered
  • Recommendations on how to make sure that your supplier takes as much care of your data as you do
17:30 -
18:30
Drinks reception & networking 
21:00 -
22:00
DAY 2
2
08:00 -
09:00
Registration & refreshments
09:00 -
09:20
Hardening the human firewall - The key elements of a user awareness programme
 
Robert O’Brien, Managing Director, Metacompliance
  • Getting a modern awareness approach to modern risks and behaviours – Cloud, Mobile, Social
  • Why targeting the user with appropriate and relevant content is important
  • The importance of blending the different mediums of policy and training to obtain user mindshare
  • How automation can save money whilst mitigating the risk of insider incidents
09:20 -
09:40
Keynote presentation Address from the Home office

Karen Bradley MP, Minister for Modern Slavery and Organised Crime, Home Office 
09:40 -
10:00
Secure Software Defined Futures
 
Simon Totterdell, EMEA Director, Unisys
  • Proactive security: Reducing attack surface
  • Software defined: increasing infrastructure agility
  • Borderless: enabling organizations to counter the increasing sophistication of cyber-crime in today’s borderless environment
  • Segments assets - diamonds and paperclips: reclassifying data based on need-to-know access
10:00 -
10:20
Moving your data centre to the cloud How the security of your data assets needs to change
 
Edgard Capdevielle, VP Product Management and Product Marketing, Imperva
  • Where are your most valuable assets in the data centre, and why isn't your security tagging along?
  • Why today's enterprise security isn't preventing today's sophisticated attacks
  • How the adoption of different cloud deployments opens up dangerous security gaps
  • Why you should change the security posture of key data assets in the cloud for better protection (and compliance)
10:20 -
11:00
Education Seminar Session 4
 
Delegates will be able to choose from a range of seminars. Please click here for details
11:00 -
11:30
Networking break & refreshments 
11:30 -
11:50
Information Security & Cyber Risk The CISO's Role and Responsibilities
 
Don Randall, Chief Information Security Officer, Bank Of England 
  • Why have a CISO? Investigating the structure behind the face of information security within a business
  • Threat and risk: principle drivers of a CISO's establishment
  • The CISO driving partnerships: gaining advantages from information-sharing without losing commercial interest
11:50 -
12:10
Case study  Using social media to impersonate brands, build trust, and commit fraud
 
Trent Youl, CEO, FraudWatch International
  • Learn how criminals are using Social Media and Mobile Apps to gain the trust of your customers, and then commit fraud!
  • Explore a case study of how one criminal stole thousands from two respected brands by building trust through Social Media
  • Social media and mobile apps are great tools that marketing departments rush to meet market demand. What critical vulnerabilities should your security strategy address to minimise the risks to your organisation?
  • What are the implications of corporations ignoring outside threats, such as Social Media and Mobile Apps?
12:10 -
12:30
Putting application security on the board’s agenda
 
Marco Morana, SVP Technology Risks & Controls, Citi & Leader, OWASP
  • Understanding systems and their environments through metrics to streamline the detection, qualification and monitoring of events
  • Effectively communicating the impact of application security to business executives and highlighting the relevance of application security best practices in protecting critical assets
  • Using established processes to manage risk, spend budgets wisely, determine a roadmap and to measure the capabilities of your organisation
12:30 -
12:50
You are known by the company you keep: Introducing a secure software vendor exchange program

Chris Wysopal, CTO, Veracode
  • As network perimeters have hardened, attackers looking for the path of least resistance are increasingly targeting the software supply chain
  • Examination of the risk posed by third-party applications and why the software supply chain is the new perimeter for every enterprise
  • How do IT teams respond to business demands fast, whilst performing due diligence to determine which applications, components or libraries possess critical vulnerabilities?
  • Chris Wysopal will outline what the industry group FS-ISAC has done around this issue and ask whether industry groups and financial services companies in other regions should follow suit
 
12:50 -
13:30
Education Seminar Session 5
 
Delegates will be able to choose from a range of seminars. Please click here for details
13:30 -
14:30
Lunch & networking break
14:30 -
14:50
First Aid in forensic situations 
 
Hanns Proenen, CISO Europe, General Electric 
  • Why do we need forensics first aid and what are the goals to achieve
  • What equipment (hardware and software) must be available to execute the forensic first aid
  • What processes must be followed to execute forensics first aid in a sound manner
14:50 -
15:10
Measuring security in the software lifecycle: BSIMM
 
Paco Hope, Principal Consultant, Cigital
  • How the Building Security In Maturity Model (BSIMM) measures security in the software lifecycle
  • The 110 software security activities observed at 64 different firms building software
  • Comparing firms, verticals, and geographic regions using measurements
  • Measuring improvement over time with multiple measurements
15:10 -
15:30
Cyber Threats & Trends: in-depth analysis of the iDefense Security Intelligence annual report

Rob Coderre, Managing Director, VeriSign
  • Marked Increase in Application-Layer DDoS Attacks
  • Regionalization of Hacktivism
  • Vulnerability and Exploit Trends
  • The Rise of Bitcoin
  • Point-of-Sale and ATM Attacks
 
15:30 -
16:00
Networking break & refreshments 
16:00 -
16:20
Taking a business-focused approach to security and compliance
 
Len Svitenko, Head of EU IT Security and Compliance, Staples
  • Protect data, enable commercial objectives: how can security and compliance stakeholders take a different view of the need to meet these two requirements in order to move away from saying "No, and this is why" and move towards saying "Yes, and this is how"?
  • Understand, articulate, then mitigate appropriately: structuring a risk-based approach to overcome challenges and deal with day-to-day realities such as tight timeframes for delivering services, changing organisational needs and the need to remain nimble and competitive
  • Strategic and tactical perspectives on delivering the right solution for the business: from working with assessors and auditors to implementing changes in process or technology, how does the theory work in practice?
16:20 -
16:40
How does your website security stack up against your peers? Analysis of the Whitehat Security Statistics Report
 
Gareth O'Sullivan Director Solutions Architecture WhiteHat Security EMEA
  • What notable market trends and attack techniques have emerged since 2006?
  • Real life examples: which website & custom web application vulnerabilities are common across the 30,000 websites we surveyed?
  • Solutions: what realistic steps can organisations take to safely conduct business online?
16:40 -
17:00
Case study Turning conversations into budget!
 
Alex Booroff, Head of Information Security, Carphone Warehouse
  • Overview of a business requirement and how security added value to the project
  • Gaining traction and buy-in to make the product and sensitive information secure
  • Engaging with the business through governance to keep processes running smoothly
17:00 -
17:00
Conference Close