e-Crime Congress Mid Year

06 October 2009

08:00 - 09:00	Registration
09:00 - 09:10	Welcome to the e-Crime Congress Dr. Simon Moores, Chairman
09:10 - 09:35	The security infrastructure paradigm shift; causes and consequences Norman Hoppé, Information Risk Subject Matter Expert, ING Group Why is it necessary today to radically change the ISMS (Information Security Management System)? And now for something completely different; how do we change from a ‘standards driven’ to an ‘event driven' ISMS? What does the resulting structure look like and what is it made up of? What are the right supporting tools and processes for the job? Justifying it all for the Board and budgeting
09:35 - 10:00	Managing security in the era of the disappearing perimeter; time to forget the network? Emeric Miszti, CISSP, Director of Security and Change Management, Tiscali What technical, practical, and philosophical business dynamics suggest the starting point for security should no longer be the network? Attack vectors, devices, and data; how does a 'not the network' approach open up a new understanding of the relationship between business and technology? What does this approach mean in terms of the roles of both I.T. and I.T. Security professionals, as well as the skills which are required? Where does this leave businesses in terms of the age old problem of needing to educate employees?
10:00 - 10:25	What you don't know about the world's worst breaches Peter Tippett, Vice President of Technology and Innovation, Verizon Business What methods, often considered as 'best practice', are failing to mitigate security vulnerabilities and why? What trends have been demonstrated by successful attacks on systems in terms of 'the worst offenders' for security oversight? What are the methods most often cited for securing customer or employee data that is accessible to business partners and third parties, and why is it likely that business imperatives will force you to seek more innovative solutions as practices continue to inherently create risks? Based on trends over the past few months, where should your focus be over the next 6 months to make sure your technologies are working as hard as possible to prevent intrusion into your systems?
10:25 - 11:05	Education Seminars The truth about identity theft Jason Hart, CISSP CISM, Senior Vice President, CRYPTOCard Online fraud, counterattack; taking them down, keeping them down Andy Churley, Head of Products, Envisional 2010: Anatomy of an Attack – Fraud Detection and Prevention Colby DeRodeff, Enterprise Strategist, ArcSight
11:05 - 11:25	Refreshments Break
11:25 - 11:50	The threat from within; combating the changing face of “Insider Risk” Andrew Moloney, Director of EMEA Marketing, RSA The five key trends that are changing the face of our Information Infrastructure The curse of the “were” laptop and the potential convergence of enterprise and consumer fraud? The problem with traditional mitigation strategies and disconnect exposed in a recent IDC study Preparing for the new Insider risk paradigm – a seven step approach
11:50 - 12:15	Data leakage monitoring; implementation gotchas! Becky Pinkard, Head of Attack and Data Protection Monitoring, Barclays Bank PLC We already have an information classification procedure in place - why do we need DLM? Get your stakeholder buy-in early! Implementing DLM is truly a case of buy-in now, act later. How do the complexities involved with monitoring data sourced and handled by your employees impact the stakeholder relationship? Event overload - what happens when you enable DLM and start drowning under a sea of alerts? Defining event severity and integrating into a unified response plan. Could also be called "How to NOT get sued by your employees!"
12:15 - 12:40	Keynote Presentation Analysing the e-Crime threat landscape; the IBM X-Force research view of 2009 and beyond James Rendell, Senior Technology Specialist, IBM Internet Security Systems Drawing on data from the most recent X-Force 2009 half year threat trends report, what are the key threat trends affecting real-world IT infrastructures today? What is driving today's emerging threat landscape and what can we expect to see during 2010 and beyond? What are the unique challenges presented to commonplace "best practice" security technologies by the emerging threat landscape? What strategies will be effective during 2010 and beyond to manage the key threat trends identified by the X-Force?
12:40 - 13:15	Education Seminars Understanding the insider threat Martin Borrett, Lead Security Architect NE Europe - WW Tivoli Tiger Team, IBM Understanding and mitigating enemies at the water cooler Including a Live Web Application and Database Hacking Demonstration Brian Contos, Chief Security Strategist, Imperva Malware: What you need to know Jacques Erasmus, Director of Malware Research, Prevx
13:15 - 14:00	Lunch and Networking
14:00 - 14:10	Special Address; e-Crime Survey 2010 Malcolm Marshall, Partner, KPMG
14:10 - 14:35	Keynote Presentation De-mist-ifying 'the Cloud'; myths, risks, and bad puns Simon Wardley, Software Services Manager, Canonical Ltd What is 'Cloud Computing'? Why does it matter? Benefits; the unavoidable inevitability of Cloud as an operational model for enterprise IT A larger exploration of the transitional and outsourcing risks involved
14:35 - 15:00	Application security; taming the product and service frontier Chris Cook, Application & Infrastructure Security, Cable&Wireless The dynamics of application development in large enterprises; why is controlling the frontier going to get more complicated? When applications meet compliance! Beware, the difference between standard and critical applications is subject to change How driving security earlier affects the application life-cycle, costs and life-expectancy, of products and services What does the changing landscape of the e-crime threat and compliance requirements mean for application security in the future?
15:00 - 15:25	Analysing the advances, advantages, and disadvantages of new techniques for the measurement and detection of malware; phishing, web apps, fraud, and corporate laptops David Barroso, e-crime Director, S21sec & Daniel Brett, Business Development Manager, S21sec Current techniques for phishing detection; why these techniques are not so useful when dealing with malware If malware is configured for your web application does that mean you are being attacked, and how can you discover new malware samples that are really targeting your organization? How can you estimate the number of infected customers that are connecting to your online application and how can you manage their actions? What is the link between malware configuration files and fraud? How can new strains of malware be identified that are detected on corporate laptops, and what do you do if you think your CEO has been Spearphished and his laptop is toxic?
15:25 - 16:00	Education Seminars Introducing Visa CodeSure Riten Gohil, Senior Manager, Payment Authentication Innovations, New Channels & Product Development, Visa Data Loss Prevention: How to protect your sensitive customer and business data Peter Craig, Senior Product Marketing Manager EMEA, Trend Micro Make certain that your systems are kept clean from child abuse content Christian Sjöberg, CEO NetClean Technologies
16:00 - 16:20	Refreshments
16:20 - 16:45	Regulation and security controls; looking for drivers that prevent the business from taking a path of least resistance Christopher North, Head of IT Security, MF Global The down (and up) sides of building security in response to compliance or prescriptive regulations How can businesses avoid creating pockets of security controls that deliver no real benefit, and where are existing pockets likely to be located? Challenges presented by varied regulatory requirements across the globe, and the opportunities for increasing security coverage across the enterprise Security as an enabler, enforcing security vs. building security into business processes
16:45 - 17:10	Internet enterprise risk management; the next evolution of security Michael Kiefer, General Manager, Brand Protect Looking outside the network; surveying the threat landscape to clients, employees, and customers The need to correlate security and GRC frameworks that look at internal and external threat convergence; what examples show that change is inevitable? Working towards security assessments for Internet monitoring; who, how, and why? Botnets, search engine optimisation, sub-domains, and tricky business; should your business be more concerned about revenue, rights or reputation on the Internet?
17:10 - 17:35	The problem of controlling risk; choosing between education vs. lock-down Daniel Chapman, Forensic Investigations Manager, TNT Express Do the dynamics of how risk is perceived, understood and calculated mean that education is a lost cause? The influence of Fear Uncertainty and Doubt (FUD) Are automated risk analysis systems any better than their human equivalents? The problems if we get it wrong: Over-control / under-control / no-control, and what that means for business Managing to sleep at night
17:35 - 18:00	A [down]load of trouble? The impact on business David Emm, Senior Technology Consultant, Kaspersky Lab The malware landscape; what are the most significant and recent changes? Cybercrime and malware – how to mitigate the risk to your business What is the role of the Trojan Downloaded in compromising online victims? How malware affects the security landscape
18:00 - 19:00	Drinks reception