Chief Information Security Officer Middle East 2009 - MIS Training

ALIGNING BUSINESS AND IT STRATEGIES FOR THE MIDDLE EAST
THE UNIQUE EVENT FOR
INFORMATION SECURITY
DIRECTORS IN THE MIDDLE EAST
Under the Patronage of ITA
2nd Annual
Agenda at a Glance
Day One Integrating information security into the core
business strategy & infrastructure to deliver pragmatic &
value-added security
Day Two Information security risk management
Stream A: The threat within / Stream B: The external threat
horizon: analysis & counter-measures
Day Three CISO Roundtable Middle East 2009: Delivering
Measurable Results During Tougher Times
Chief Information Security Officer
Middle East 2009
Executive Summit & Roundtable
Integrating Information Security Into The Core Business Strategy
& Infrastructure To Deliver Pragmatic & Value-Added Security
9-11 November 2009,
Intercontinental
Hotel, Muscat,
Sultanate of Oman
Top reasons to justify your
attendance at this years’
CISO Middle East Summit
& Roundtable 2009!
• Hear directly from international information
security practitioners & experts globally
how to ensure that information security
remains integral to the business: linking
with internal & external customers &
building teams that return money to
business lines.
• Gain assurance on managing threats day
to day & preparing for the future – are you
missing any tricks on how to manage the
human factor, the insider threat, data
leakage - especially through periods of
extensive change & development.
• Innovative new case studies, inspiring
keynotes, panel debates & roundtables
will probe the information security role &
interaction with other functions to address
real business realities.
• CISO Roundtable Middle East – held under
the Chatham House Rule: safely compare
& share challenges on IT risk metrics, the
key emerging security risks & security
technologies to enhance operational
capabilities.
• Dedicated time to build trust based
relationships with security peers from
across the Middle East, Europe & the US.
Perfect to expand your global security
network with professionals who face the
same set of challenges as you!
Reserve your place by
1st October 2009
& receive 3 FREE books on
information security,
authored by speakers at the
CISO Summit Middle East 2009!
Confirmed Chief Guest:
• Dr. Salim Sultan Al Ruzaiqi, Chief Executive Officer, The Information Technology Authority (ITA) of Oman
A Prestigious International Speaker Panel Includes
• Mr. Abdullah AlBrwani, Chief of Security, The Information Technology Authority (ITA) (OMAN)
• Mr. Ali Al-Otaibi, IT Security Department Manager - Technology Services Division,
Saudi Hollandi Bank (KINGDOM OF SAUDI ARABIA)
• Mr. Ameen Najm, Chief Information Security Officer, Samba Financial Group (KINGDOM OF SAUDI ARABIA)
• Mr. Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND)
• Mr. Badar Alsalehi, Director, Omani Cert. (OMAN)
• Mr. Charles V. Pask, Managing Director, ITSEC Associates Ltd (UK)
• Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach (UK)
• Mr. David Lacey, Information Security Management (UK)
• Dr. Eduardo Gelbstein, Adjunct Professor, Webster University, Geneva,
Former Advisor to the UN Board of Auditors and Former Director, UN International Computing Centre (SWITZERLAND)
• Mr. Eddie Schwartz, Chief Security Officer, NetWitness (U.S.)
• Judge Dr. Ehab Maher Elsonbaty, Senior Judge in Egypt & Secondment to the State of Qatar,
Legal Expert, Amiri Diwan, State of Qatar (QATAR)
• Mr. Ghassan T. Youssef, Executive Director, Saraya Holdings,
& Former Group Director, CISBC, Bank Audi Sal, Audi Saradar Group (UAE)
• Mr. Hugh Penri-Willams, Information Security Forum (FRANCE)
• Mr. John Colley, Managing Director EMEA, (ISC) 2 (UK)
• Colonel Kamel Alsuwaidi, Deputy Director of General Department of Operations, Dubai Police (UAE)
• Dr. Iman Baba, Head of Information Security & Business Continuity, BankMed (LEBANON)
• Mr. Lance Spitzner, Founder and President, HoneyTech (UAE)
• Mr. Lalit Gandhi, Divisional Manager Audit and Information Security, Oman Trading Establishment (OMAN)
• Mr. Marcus Alldrick, Chief Information Security Officer, Lloyd’s (UK)
• Mr. Mustafa Ali Mahmood Al Hemeid, Head of Legal Division, National Bank of Oman (OMAN)
• Mr. Osman Sultan, CEO, Du, (UAE) - INVITED
• Mr. Ray Stanton, Global Head of Business Continuity, Security & Governance Practice, BT (UK)
• Mr. Richard Cross, CISO, Toyota Motor Europe (BELGIUM)
• Major Robert Noble MBE, Managing Director/Partner, International Security Consultancy Group Gulf WLL (QATAR)
• Mr. Tariq Elsadik, Chief Excellence/Information Officer, Al Fahim Group (Abu Dhabi, UAE)
• Mr. Yousuf Alihamed Al Harty, Managing Director, InfoShield LLC (OMAN)
• Mr. Zaki Sabbagh, Chief Information Officer, Zamil Industrial Investment Co. (SAUDI ARABIA)
Register now at www.mistieurope.com/cisome Tel: +44 (0) 20 7779 8944
Lead CISO
Roundtable Sponsor
Lunch
Sponsors
Cocktail
Sponsor
Gigabyte
Sponsor
Oman
Partner
Association Partners
Publishing
Partner
Media Partners
Oman, Jeddah, Hyderabad,
Mumbai & Chennai Chapters

ALIGNING BUSINESS AND IT STRATEGIES FOR THE MIDDLE EAST
Chief Information Security Officer Middle East 2009
Executive Summit & Roundtable
9–11 November 2009, Intercontinental Hotel, Muscat, Sultanate of Oman
Under the Patronage of ITA
Dear Colleague,
MIS Training Institute is delighted to announce the 2nd Annual CISO Executive Summit & Roundtable Middle East 2009! A new international speaker panel of information security directors & experts will share
real life experiences & views on how they are approaching key security strategies & current threats & responses. The new programme has been designed to inspire & reinvigorate your information security
strategy with a programme dedicated to the upper echelon of the information security profession – the CISO or Head of Information Security. The interactive CISO Roundtable on the 11 November will provide the
ideal forum to benchmark your security strategy against peers & international thought leaders – held under The Chatham House Rule. The unique learning format – case studies, typically inaccessible keynote
speakers, panel discussions, thought leadership exercises, roundtables – makes this the ideal opportunity to innovate approaches to information security strategy amongst like-minded peers.
Agenda at a glance
Day One Integrating information security into the core business strategy &
infrastructure to deliver pragmatic & value-added security
Day Two Information security risk management
Stream A: The threat within / Stream B: The external threat horizon: analysis &
counter-measures
Day Three CISO Roundtable Middle East 2009: Delivering Measurable Results
During Tougher Times
Reserve Your Place by 1st October 2009
& Receive 3 FREE Books on Information Security,
Authored by Speakers at the CISO Summit Middle East 2009!
• “Managing the Human Factor in Information Security: How to Win Over Staff and
Influence Business Managers”, by David Lacey
• “Honeypots: Tracking Hackers” by Lance Spitzner
• “Crossing the Executive Digital Divide, The Course Book” by Eduardo Gelbstein
5 more reasons to attend
• Hear a candid mix of how heads of information security are actually responding to current threats &
responses & what they would like to do in an ideal world
• Meet & build trust based relationships with peers & an international panel of security experts from across
the Middle East, Europe, The Americas, & Asia
• Bring back proven information security strategies to reinvigorate & hone a top information security team
• Stay one step ahead of rapidly changing business environments & emerging threats
• Don’t miss the interactive CISO Roundtable Middle East 2009 - the ideal place to meet global security industry
leaders & network with professionals who face a similar set of challenges as you
Thank You
Sincere thanks to the world-leading security experts, solution providers,
associations, & delegates within the information security community who have
played a major role in contributing to the programme. A special thank you goes
out to all the speakers for their time & contribution, & also to the supporting
organisations. MIS Training Institute wishes you an enjoyable & productive time
at the summit, & looks forward to meeting you in Muscat in November.
Sponsorship & Exhibition Opportunities at the 2nd Annual CISO Executive Summit Middle East 2009
Attendees at MIS Training’s CISO Executive Summit Middle East 2009 are senior decision makers within the information security community – from across business & governmental sectors from across the
Middle East region. This gathering of normally difficult to reach executives is an excellent platform for companies to influence with brand profiling & to ensure market position. Given MIS’ background in
training, delegates typically comprise 95% ‘practitioners’ (e.g. heads of information security/ CISOs, CIOs, CTOs, IT security managers & system security professionals). All sponsorship packages include: a
number of free client places, table top exhibition & speaking options. For more information, please contact: Sara Hook, Conference Director, Email: shook@mistieurope.com Tel: +44 (0)20 7779 7200
Extend your stay in Muscat by 1-day & attend (ISC) 2 ’s adjoining SecureMuscat Conference, Sunday 8th November 2009!
(ISC) 2 kindly invites you attend its unique event, SecureMuscat Conference, taking place at the Intercontinental Muscat the day prior to the 2nd Annual CISO Executive Summit & Roundtable Middle East 2009.
SecureMuscat Conference takes place on Sunday 8th November 2009 & (ISC)2 kindly offers all MIS Training Institute attendees a special discounted rate of 40% = $333 off the standard published fee of $555!
Under the Patronage of ITA
ITA / e.Oman - The Information Technology Authority (ITA), established by Royal Decree No. 52/2006 issued on 31 May 2006, is an independent national authority with financial and administrative independence. As an independent body, the ITA is
chiefly responsible for implementing the Digital Oman strategy – e.oman for short, promoting Information Communications Technologies (ICTs), and supervising all infrastructure projects to enable delivery of electronic services under the
framework of Digital Oman.
ITA serves as a competency centre on best practices in eGovernance and in harnessing Information and Communication Technologies (ICT), offering efficient and timely services, integrating processes and improving efficiency in service delivery.
ITA undertakes projects to increase technology penetration and empower its people with required digital literacy and higher levels of competence through training and innovation centres.
ITA is solely responsible for driving the Digital Oman Strategy which was approved on 30 November 2002, conceptualized from a future vision of the Omani economy in 2020 AD. e.oman comprises a wide range of the initiatives and services that
are designed and created to electronically transform the government, improve the efficiency of government services, enhance the activities of businesses and empower individuals with skills and knowledge in order to meet society’s needs and
expectations and to direct Oman towards becoming a knowledge-based economy.
Lead CISO Roundtable Sponsor
NetWitness - NetWitness Corporation provides patented, next generation network & host-based security solutions that help public & private organizations discover, prioritize & remediate complex IT risks. Users of NetWitness NextGen & InSight
solutions concurrently solve a wide variety of information security problems including: advanced persistent threat management; sensitive data discovery & data leakage protection; malware activity detection; insider threat management; policy &
controls verification & e-discovery. Originally developed for the US Intelligence Community, NetWitness has evolved to provide enterprises around the world with breakthrough methods of network content analysis & host-based risk discovery &
prioritization. NetWitness customers include Defense, National Law Enforcement & Intelligence Agencies, Top US & European Banks, Critical Infrastructure, & Global 1000 organizations. NetWitness has offices in the U.S. & the U.K. & partners
throughout Europe, the Middle East, South America & Asia. For more information & to try our software visit: www.netwitness.com
Lunch Sponsors
Qualys - Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing
customers an immediate and continuous view of their security and compliance postures. The QualysGuard® service is used today by more than 3,500 organizations in 85 countries, including 40 of the Fortune Global 100 and performs more than 200
million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company. Qualys has established strategic agreements with leading managed service providers and consulting organizations
including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, SecureWorks, Symantec, Tata Communications, TELUS and VeriSign. For more information, please visit: www.qualys.com
Oman, Jeddah, Hyderabad,
Mumbai & Chennai Chapters
Crypto AG – To Remain Sovereign- Crypto AG is your ideal partner for the efficient and secure handling of information, no matter what information or communication network you use. As a legally and economically independent Swiss company, we are
neither subject to export restrictions on powerful encryption technology nor governmental supervision. We have developed, manufactured and implemented customised security solutions for over 55 years. Our highly developed Security Architecture helps
support your organisation’s security policy. The package we offer features the latest technology solutions and comprehensive services; our efficient project management creates user-friendly systems in your organisation – with ciphering taking place in
the background. Our support services guarantee autonomous operation and high availability over the system’s entire lifetime, whatever the user environment. You too can rely on the expertise and capabilities of Crypto AG – just like governments,
ministries, diplomatic services, police, border control and armed forces in over 130 countries.
Cocktail Sponsor
e-Cop - e-Cop is the trusted partner for managed risk and information security services to enterprises, and governments. It offers a comprehensive suite of services to identify and deal effectively with threats and risks related to information security
management. These services include Managed Security Services, Technology Consulting Services, and Professional Security Services. Widely hailed as an innovative and leading information security industry bluechip , e-Cop operates and
maintains several Security Operations Centres (SOC) around the world. All of which are ISO/IEC 27001 certified and powered by its highly advanced, award-winning security event correlation technology developed internally by its R&D team. e-
Cop’s sedulous commitment to deliver a multi-pronged integrated suite of Professional Security Services and Technology Consultancy Services has earned itself numerous accolades as the industry’s leader. Our clients tell us that they value the
vision, leadership, and customised services and solutions that we bring to our projects. Entrusting their information security management needs in the hands of e-Cop allows them to focus on what they do best and respond to the market faster.
Gigabyte Exhibition Sponsor
Omnisec - Omnisec AG, an independent Swiss company, is a leading provider of information risk management services and ICT security solutions. They address the exacting demands for confidentiality set by government agencies, military
organizations, financial service institutions and industrial enterprises worldwide. With more than 60 years of experience, we have become famous for our secure collaboration, telephone, fax, multi-link, IP-VPN and security management solutions.
More recently we have made a name for ourselves in the complex areas of secure radio and satellite communications. All Omnisec's products are based on our proprietary OmnicryptTM Security Architecture, including 256-bit symmetric-key
encryption methods. Omnisec’s extensive consulting, system engineering, project management and education services empower our customers to manage their complex ICT systems securely. Where a standard solution is inadequate, we are
ready to work together with our customer's specialists to develop an integrated security solution tailored to their specific requirements.
Oman Partner
InfoShield LLC. - InfoShield LLC is the leading security solutions provider based in Muscat. It provides a wide range of information security services from risk assessment to implementation of security solutions to protect your information.
InfoShield offers the broadest range of professional, effective & affordable security awareness products & services. An active security awareness program can greatly reduce many risks which cannot be addressed through security software
and hardware devices. In these cases, it's the human element of security that must be addressed which is exactly what our products are designed to do. By implementing InfoShield products you can immediately begin to increase the level of
security awareness in your organization. Training - InfoShield offers world class & up to date Information Security Training. Our educational team is composed of certified instructors that are proficient in the field of information security backed
by several years of experience in handling the security products, thus adding real world knowledge & experience. Consultancy - InfoShield's Security Consulting Services help companies understand information security requirements, laws &
regulations, security vulnerabilities, attacks response, reduce risk, & meet the security compliance requirements of your business & industry. Security tools - InfoShield provide world leading information security tools to satisfy the various
security needs. Mainly we focus on data & endpoint security solutions. Our main goal is to offer effective security solutions that are easy to implement & maintain while providing high returns on investment. www.information-shield.com
Association Partners
Information Security Forum - ISF is recognised as the world’s leading Information Security organisation & independent industry authority. Through its members, the ISF brings together & harnesses the knowledge & experience of over 300
major international business & government agencies to meet the increasing demand for practical, business-driven solutions to information security & risk management problems. The Information Security Forum is an independent, not-for-profit
organisation, established in 1989. It is owned & governed by its members & managed by a professional team. www.securityforum.org
ISACA – Oman, Jeddah, Hyderabad, Mumbai & Chennai Chapters - ISACA’s membership – more than 65,000 strong worldwide – is characterised by its diversity. Members live & work in more than 140 countries & cover a variety of
professional IT-related positions—to name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer & internal auditor. ISACA has more than 170 chapters established in over 70 countries worldwide,
& those chapters provide members education, resource sharing, advocacy, professional networking & a host of other benefits on a local level. www.isaca.org
ISSA – EMEA & Egypt - The Information Systems Security Association (ISSA)® is a not-for-profit international organisation of information security professionals & practitioners. It provides education forums, publications & peer interaction
opportunities that enhance the knowledge, skill & professional growth of its members. www.issa.org
(ISC) 2 - The International Information Systems Security Certification Consortium, Inc. [(ISC)2®] is the internationally recognised Gold Standard for certifying information security professionals. Founded in 1989, (ISC)2 has certified over 54,000
information security professionals in 135 countries. The CISSP, CISSP-ISSEP“, CISSP-ISSAP“& SSCP are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024. (ISC)2® is the
non-profit global leader in educating & certifying information security professionals throughout their careers. www.isc2.org
ASIS International - ASIS International (ASIS) is the largest organisation for security professionals, with more than 35,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness & productivity of security
professionals by developing educational programs & materials that address broad security interests. ASIS also advocates the role & value of the security management profession to business, the media, governmental entities, standardisation
bodies & the public. By publishing the industry's number one magazine - Security Management - ASIS leads the way for advanced & improved security performance. www.asisonline.org
The CSO Roundtable of ASIS International - The CSO Roundtable of ASIS International brings together senior security executives from the world's largest & most influential organizations. This by-invitation only organization is dedicated both to
assisting security executives in their careers & to elevating the status of security professionals in the C-suite. Benefits include CSO-only educational & networking opportunities, special sessions at ASIS events, & an annual conference. Contact
Peter Piazza at ppiazza@asisonline.org
Media Partners

Chief Information Security Officer Middle East 2009 Executive Summit & Roundtable
9–11 November 2009, Intercontinental Hotel, Muscat, Sultanate of Oman
Day One: Monday 9 November 2009
Integrating Information Security Into The Core Business Strategy & Infrastructure to Deliver Pragmatic & Value-Added Security
KEYNOTE
KEYNOTE KEYNOTE KEY NOTE
KEYNOTE
KEY CASE STUDY
06:45 REGISTRATION & COFFEE
07:00 CHAIRMAN’S OPENING
07:30 CREATING A SECURE GLOBAL BUSINESS INFRASTRUCTURE FOR THE
MIDDLE EAST
•What does the current security landscape look like for the Middle East?
•What are some of the approaches to increase coordination among
governments?
• Emerging challenges around cyber-crime & information infrastructure protection
•Counter-measures to combat growing cyber threats to public & private sector
organisations
Senior Omani Government Speaker - to be announced
08:00 ROLE PLAYED BY CERT OMAN AS PART OF THE NATIONAL INFORMATION
SECURITY
The Director of the esteemed Omani Cert will talk about role that is played by
CERT as part of the national IS infrastructure.
Mr. Abdullah Al-Brwani, Chief of Security, The Information Technology
Authority (ITA) (OMAN)
Mr. Badar Al-Salehi, Director, Omani Cert. (OMAN)
08:40 SECURITY & THE YOUNGER GENERATION
Mr. Ray Stanton, Global Head of Business Continuity, Security & Governance
Practice, BT
09:20 MANAGING THE HUMAN FACTOR IN INFORMATION SECURITY
We all know that it’s people, not computers that commit crime. It’s also people
that create security breaches through bad system design or misuse. But people
also identify risks, report incidents & manage crises. Their influence is
increasing as we become a networked society. Using social networks we can
now extend the size of our security function to encompass the whole
organisation & every networked customer. But people pay little attention to
policies & rules. We need a more sophisticated approach, one that understands
the human dimension. David will explain how to transform culture & behaviour,
drawing on lessons from psychology, criminology & marketing, as well as many
years of practical experience.
Mr. David Lacey, Information Security Management (UK)
David is a leading expert on information security & risk management with more than 25 years professional experience, most recently
as Director of Security and Risk Management for the Royal Mail Group. Prior to that, David was responsible for global information
security policy & standards for the Royal Dutch/Shell Group & Head of Computer Security for the UK Foreign & Commonwealth Office.
David is now an independent director, researcher & writer. He writes a blog for Computer Weekly & is the author of the John Wiley
book ‚”Managing the Human Factor for Information Security”. David is a keen futurist & innovator, believing that the best way to
predict the future is to invent it. He originated & pioneered many contemporary techniques for information security, including
developing the original content of the British Standard BS7799 & gaining the world’s first accredited certification for Shell IT Services
across Europe. David has also pioneered many new concepts such as de-perimeterisation, computational immunology for fraud
detection & real-time analysis of human behaviour in digital communications. David is a regular speaker at international conferences
and has served on many advisory boards in the energy, banking & government sectors. Amongst many other affiliations, he is a
founder of the Jericho Forum, of which he is an Honorary Fellow.
10:00 MORNING COFFEE BREAK
10:20 HOW TO PREVENT DATA LEAKAGE? SECURING YOUR MOST VALUABLE
INFORMATION ASSETS
•Who is most likely to remove sensitive data from your organisation?
•What technology is available to address the problem?
•When is data most likely to be removed?
•Where will the leak occur?
•Why is it happening?
•How will it most likely be removed?
•What can you do to stop it?
•Top tips to secure your CEO
•Top tips to counter the PDA & mobile device threat
Panellists:
Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach (UK)
Dr. Iman Baba, Head of Information Security & Business Continuity, BankMed (LEBANON)
Mr. Richard Cross, CISO, Toyota Motor Europe (BELGIUM)
11:00 CYBER THREATS: WILL CYBER THREATS LEAD TO ANOTHER 9/11?
Reports indicates that nuclear weapon & a cyber attack on critical government
or private computer networks top the list of concerns for intelligence agencies.
•Definition of cyber threats
•Examples
•Sources description
•How to protect ourselves
• Introduction to IMPACT (International Multilateral Partnership Against Cyber Threats)
•Q&A
Mr. Ameen Najm, CISO, Samba Financial Group (KINGDOM OF SAUDI ARABIA)
Ameen Najm is a senior information technology professional with 16+ years of experience. He is currently the CISO of Samba
Financial Group, a leading financial services group in the Kingdom of Saudi Arabia with presence in, Dubai, Pakistan, and UK. His
expertise includes devising IS policies and standards, security framework and strategy, security program management, & security
architecture. Skilled in access assurance, risk management, legal/regulatory compliance, system configuration & availability, network
security, system security, information security awareness, security operations, audit & assessment, incident management, & computer
forensic investigation. Ameen is a Member of several IT & Information Security organizations & Chairman of the Banking Committee
for Information Security in Saudi Arabia.
11:40 WAR STORIES FROM THE IT SECURITY & COMPLIANCE EDGE (AKA COULD
THIS HAPPEN TO YOU?!)
Software companies have been automating IT security and compliance
processes for over a decade. This session will provide true stories and lesson
learned from companies that sought to automate IT Governance, Risk and
Compliance (IT-GRC) initiatives. It also offers insight into what’s needed for a
successful IT Security and Compliance program to stay relevant with the
challenges faced today.
Amer Deeba, Chief Marketing Officer, Qualys, Inc.
Amer is responsible for product direction, marketing and customer relations activities. Amer has been in the security industry for the
last 10 years with a proven track record in driving company growth in fast moving technology fields. Amer came to Qualys from
VeriSign, where he was the General Manager for the Payment Services Division, and helped establish VeriSign as a leader in the online
payments space. Amer earned MS and BS degrees in Computer Sciences and he is a frequent speaker at customers’ events and
security forums.
11:55 LUNCH - KINDLY SPONSORED BY QUALYS
13:10 SECURITY AWARENESS & CULTURE
Mr. Yousuf Alihamed Al Harty, Managing Director, InfoShield LLC(OMAN)
13:40 GOVERNANCE IS NOT AN OPTION ANYMORE - IT IS A MUST
Mr. Ghassan T. Youssef, Executive Director, Saraya Holdings, (DIFC - DUBAI) &
Recently Group Director, CISBC, Bank Audi Sal, Audi Saradar Group, (LEBANON)
14:20 UNDERSTANDING THE GLOBAL THREAT ENVIRONMENT & HOW TO DEAL
WITH ADVANCED THREATS FROM NATION-SPONSORED & ORGANIZED
CRIME GROUPS & INSIDERS
Mr. Eddie Schwartz, Vice President, Chief Security Officer, NetWitness Corporation
15:00 AFTERNOON TEA BREAK & EXHIBITION
15:20 e-Cop CASE STUDY
Speaker to be confirmed
15:35 OPERATIONS SYSTEMS & TECHNOLOGIES TO SUPPORT DUBAI POLICE
SECURITY EFFORTS
A unique look at security issues from the operational perspective, you will hear
insights on practical operations systems & technologies used by Dubai Police to
support security efforts & enhance operational capabilities.
Colonel Kamel Alsuwaidi, Deputy Director of General Department of Operations,
Dubai Police (UAE)
16:10 WHAT ARE THE KEY EMERGING SECURITY RISKS IN 2009 & BEYOND?
DETECTING MASSIVE CONTROL FAILURES - IS THIS A ROLE FOR TODAY’S
SECURITY CHIEFS?
CISOs / CSOs list their Top 3 ‘Hot Buttons’ & Focus for 2009 & beyond, sharing
the latest threats they face, as well as their planned security strategy going
forward & key lessons for other industry sectors. Panellists will also reveal their
views on how recent high profile scandals have impacted their role & whether
this should be the ideal role for today’s CISO.
•What are the top 3 technology risks on your priority list?
•How has the global financial crisis & the uncovering of recent high profile
frauds impacted your approach to security & controls?
•Growth of organised crime - how will trends affect your organisation?
•What is the next big technology threat & enabler?
•What are your plans to take a proactive stance?
•Does information security need redefinition?
Panellists:
Mr. Ameen Najm, CISO, Samba Financial Group (KINGDOM OF SAUDI ARABIA)
Colonel Kamel Alsuwaidi, Deputy Director of General Department of Operations,
Dubai Police (UAE)
Mr. Ray Stanton, Global Head of Business Continuity, Security & Governance Practice, BT
Zaki Sabbagh, Chief Information Officer, Zamil Industrial Investment Co.
(SAUDI ARABIA)
16:40 CLOSE OF DAY ONE
16:50 CISO SUNSET DHOW CRUISE RECEPTION - KINDLY SPONSORED BY e-COP
All networking activities are provisional to date.
KEY CASE
STUDY
KEY CASE
STUDY
KEYNOTE
KEYNOTE
PANEL

Chief Information Security Officer Middle East 2009 Executive Summit & Roundtable
9–11 November 2009, Intercontinental Hotel, Muscat, Sultanate of Oman
Day Two: Tuesday 10 November 2009
Information Security Risk Management: The Threat Within & the External Threat Horizon & Counter-Measures
06:45 COFFEE
06:55 CHAIRMAN’S RE-OPENING
KEYNOTE 07:00 DIGITAL EVIDENCE – A JUDICIAL & LEGAL PERSPECTIVE
Judge Dr. Ehab Maher Elsonbaty, BA, MA, LLM, PhD, Senior Judge in Egypt & Secondment to the State of Qatar, Legal Expert, Amiri Diwan, State of Qatar (QATAR)
Judge Dr. Ehab Maher Elsonbaty is a senior judge & a member of the civil, criminal &commercial panel of the Damanhor Court. He lectures on cyber law topics & technology in litigation to the Arab Academy for Science and Technology and Private International Law. He is a consultant to the Council of Europe, UNODC & ITU.
07:40 EVACUATION PLANNING – EMERGENCY RESPONSE & BUSINESS REINSTATEMENT
• Corporate Emergency Contingency Plans • Local Intelligence • Post evacuation action
• Evacuation Planning • Recovery & reinstatement • Pre evacuation tasks
Major Robert Noble MBE, Managing Director/Partner, International Security Consultancy Group Gulf WLL (QATAR)
Mr. Noble has nearly 30 years experience in international security of precious metals & minerals, protection of diplomats, diplomatic missions & corporates, technical & physical security & training of police & security personnel. Mr. Noble is a veteran of some 15 military coups & insurgency actions & was involved in safe
evacuations of diplomatic & corporate staff in various African countries, most notably in Mogadishu, Somalia, in 1991 when, under constant hostile fire, he ensured the safe movement of diplomats & their families, from Oman, Qatar, UAE, Kuwait, Sudan, Kenya, Nigeria, Turkey, Germany, Great Britain, Russia & USA, from
their exposed city locations, to the relative safety of the US Embassy compound, prior to evacuation to Muscat, Oman by US Naval forces. In 1995, he also managed the evacuation of some 3000 multi national personnel & families from the northern industrial & mining areas of Sierra Leone, whilst under attack by rebel
insurgents, to safety in the port of Freetown. This evacuation was accomplished under his personal supervision, at night & by sea, with no loss of life. Mr. Noble was awarded the MBE for services to British overseas security interests & is a holder of the US Secretary of State's Superior Honor Award for Heroism. In addition,
he has over 30 awards & commendations from amongst others, the US Diplomatic Security Service, German Diplomatic Protection Police and several other entities. He wrote the Global Emergency Response Plan for a major US IT Corporation & served 10 years in British military in armored, airborne & MOD posts.
08:20 THE EASY WAY TO AVOID BECOMING THE NEXT DATA LEAKAGE HEADLINE
Data security is a legal, operational & reputational risk issue for any organisation in any part of the world. Hear top tips for avoiding becoming the next headline.
• Data loss/breach legislation - how does it apply to me, what does it mean to me? • Evaluating data loss management & encryption technology
• How to enable the safe use of removable storage such as USB memory sticks • Integration - data controls
• What data loss prevention (DLP) can bring to the enterprise • Top tips & best practice
Mr. Richard Cross, CISO, Toyota Motor Europe (BELGIUM)
09:00 THE BUSINESS CASE FOR INFORMATION SECURITY & ITS BOUNDARIES WITH MATURE IT PROCESSES
Dr. Eduardo Gelbstein, Adjunct Professor, Webster University, Geneva, Former Advisor to the UN Board of Auditors and Former Director, UN International Computing Centre (SWITZERLAND)
Ed has worked in IT for over 40 years in the private & public sectors of several countries, & in executive positions since the mid 1980s. In 2002 he “retired” from the UN, where he was Director of the International Computing Centre with 24*7 operations in Geneva, New York, & Brindisi for clients including UN
Peace Keeping, the World Food Programme & the UN High Commission for Refugees – an environment where responding to crises are common events. He then became an IT advisor & auditor, for the UN Board of Auditors and the Cour des Comptes (National Audit Office of France). Ed is author of several books
& publications, he is adjunct professor of Business Systems Management at Webster University in Geneva, an advisor to the Master of Advanced Studies programme of Zürich Technical University & a senior fellow of the Diplo Foundation, dedicated to the training of young diplomats from all over the world.
KEYNOTE
PANEL CASE STUDY
KEY CASE STUDY
CASE STUDY KEY CASE STUDY
PANEL DEBATE
KEY CASE
STUDY
SPECIAL
KEYNOTE
CASE
STUDY
09:40 MORNING COFFEE BREAK
10:00 CREATING VALUE & TRUST BETWEEN INFORMATION SECURITY & THE BUSINESS THROUGH EXTENSIVE CHANGE & DURING DIFFICULT TIMES
As executive boards globally are threatening to reduce security & IT budgets, how can you resist the pressure to cut corners & ensure that your security strategy remains focused, integral to the business &
that security is not compromised? How can security add real business value? Evidence suggests that information leakage & industrial sabotage activity increases in such an economic climate so this is no time
to be cutting back on your intelligence, security controls & governance operations.
• Measuring cost efficiency of information security while avoiding reliance on
• Finding new ways to do things
key performance indicators
• Potential pitfalls
• Can the trust brought by online security really drive bottom line results?
• Winning the trust of the business
• Adopting cost cutting strategies versus maintaining business security & sustainability
• Understand the urgent imperative for your business
• Top tips to create value between information security & the business
• Plan in advance to remain flexible & adaptable
Chaired by: Mr. Ray Stanton, Global Head of Business Continuity, Security & Governance Practice, BT
Panellists: Mr. Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND)
Dr. Iman Baba, Head of Information Security & Business Continuity, BankMed (LEBANON)
Dr. Eduardo Gelbstein, Senior Security Advisor, United Nations Board of External Auditors (SWITZERLAND)
Mr. Tariq Elsadik, Chief Excellence/Information Officer, Al Fahim Group (Abu Dhabi, UAE)
10:35 THE FAST SPEED OF CHANGE: BUSINESS OPPORTUNITIES & RISKS GOING ALONG WITH THE USE OF SOCIAL MEDIA
Why should you care about Social Media
• How to address the topic • What are the risks • One solution approach which has worked
Mr. Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND)
11:10 PATCH MANAGEMENT: INCREASINGLY A FACET OF EFFECTIVE RISK MANAGEMENT
Patch management is nothing new; by now we should have moved away from the 'install & forget' days of old to a position of comprehensive patch management across the enterprise. Nevertheless, we still
see the exploitation of vulnerabilities hitting the headlines with many organisations not only vulnerable to attack but successfully attacked & exploited. In this presentation we examine the increasingly critical
role of Patch Management in the overall risk management framework & in doing so we look at:
• The underlying trends driving the need for Patch Management to be proactive & preventative, not reactive & curative
• What effective Patch Management looks like & what key considerations need to be taken into account
• Why Patch Management in isolation is ineffective & how it fits into the bigger scheme of things
• How people & process play as important a role as technology in making effective Patch Management a reality
Mr. Marcus Alldrick, Chief Information Security Officer, Lloyd’s (UK)
11:50 LUNCH
13:15 PLEASE SELECT YOUR PREFERRED STREAMED SESSIONS:
The Threat Within
13:15 – 14:00 CONDUCTING AN EFFECTIVE INFORMATION SECURITY & RISK ASSESSMENT
Mr. Lalit Gandhi, Divisional Manager Audit and Information Security, Oman Trading
Establishment (SULTANATE OF OMAN)
Lalit is a qualified chartered accountant. Currently Divisional Manger Audit at Oman Trading Establishment (OTE), one of the largest private sector
organizations in Oman. Lalit is also responsible for Information Security at OTE as Information Security Manager, & is Project Manager for the
ISO27001 implementation project at OTE.
14:00 – 14:40 NEW INTERACTIVE SESSION - HOW CAN SENSITIVE INFORMATION STAY
FAITHFUL TO ITS ORGANISATION?
This will be an interactive session with the audience split into three groups: 1. The
disaffected employee; 2. The over-worked employee; 3. The CISO. The challenge: We all
have security policies & measures in place that aim to protect the business from data
leakage from our systems & our people. Backing up data & holding documents in central
repositories provide a sense of well-being & comfort. We have the technology – we can
achieve. However, the fact remains that to protect corporate data & intellectual property is
a real challenge when we consider the people aspect. Where are all your data stored? Do
you know? Greed, Envy, ambition, desperation & poverty are key characters in this play
that convert even the most corporately versioned employee. Add ignorance; lack of
training, education & awareness; time pressure & general lack of ability into the pot & the
mix becomes worse. This exercise is about protecting your most valuable corporate asset.
Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach
Prior to her current position, Cheryl was a Senior Lecturer at the University of Portsmouth. Following 3 decades in the IT industry working for the
Ministry of Defence, The Office of Population, Censuses & Surveys & as a European consultant for a blue chip organisation, she entered academia.
Cheryl is an active CISSP & has recently been appointed as an ambassador for Childnet delivering training sessions in schools. Her academic
interests lie in the analysis & design of information systems; developing secure information systems; business continuity & disaster recovery, &
digital forensics. She designed, developed & led lectures on the BSc (Hons) Digital Forensics degree for the University of Portsmouth. In her
current position she is responsible for delivering & maintaining strategy & policy for all issues relating to IT Security & Information Assurance within
Openreach which is part of the BT Group.
14:40 AFTERNOON TEA BREAK
The External Threat Horizon & Counter-Measures
13:15 – 14:00 OUTSOURCING CHALLENGES & ETHICAL ISSUES
• The seven lifecycle stages of
• What are the future challenges?
outsourcing contracts
• Third parties & subcontracts
• Maintaining security & privacy throughout • Agree the security & business processes for the
the contact lifecycle
transformation of IT & security solutions over
• Are there new/additional security risks? the life of the contract
• What needs to be considered during due • Management & change of cryptographic keys
diligence of offshore suppliers?
• Ensure vendor continuity plans meet specified
• Assurance & conformance audits
business needs including; backups, recovery,
• Change management
standby & people
• Specification of subject access request • Incident management
(SAR) process with the vendor
Mr. Hugh Penri-Willams, Information Security Forum
14:00 – 14:40 IDENTITY & ACCESS CONTROL
The management of administrative passwords such as ‘root,’ in Unix , ‘administrator,’ in Windows & ‘sa,’ in
Database & 'enable’ in Routers is a problem that has existed since distributed systems made their way into
business environments. Traditionally, this issue has been dealt with through procedure based controls, which is not
always effective. Saudi Hollandi Bank had implemented a Password Auto Repository & sessions recording solution
that was designed to solve the problem of shared administrative passwords & record their activities. Hear about the
how these core features operate to enhance control of users to:
• Protects infrastructure from rogue users, compromised devices, & applications
• Assist with regulatory compliance through granular access control
• Capture keystroke logging to provide a complete recording of internal support activities
• Deliver clear, centralized reporting through the collection & aggregation of access & management logs
• Offer session recording for event reconstruction purposes
Mr. Ali Alotaibi, IT Security Manager, Saudi Hollandi Bank & Vice-Chairman for Information Security, Saudi
Banking Committee (KINGDOM OF SAUDI ARABIA)
Mr. Ali Alotaibi brings with him 17 years of experience in IT, mostly in banks in the field of Communication & IT security. He is also currently a vice chairman of
Saudi Banking Committee for Information Security.
15:00 WHAT ARE THE CEO’S EXPECTATIONS OF THE INFORMATION SECURITY FUNCTION?
Mr. Osman Sultan, CEO, Du, (UAE) - INVITED
15:30 LEGAL ASPECTS OF INFORMATION SECURITY
Mr. Mustafa Ali Mahmood Al Hemeid, Head of Legal Division, National Bank of Oman (OMAN)
16:00 PRIVACY, SECURITY & IDENTITY MANAGEMENT: CAN THEY CO-EXIST? WHAT IS THE PAY OFF?
• Can they co-exist? What is the pay off? • Identity management & signature technologies • What are you doing to safeguard intellectual assets?
• Security vs. privacy: which is more important? • Vulnerabilities of emerging identity technologies • Managing federated identities – what is the reality?
• The problems of security in an organisation without perimeters
Chaired by: Mr. Marcus Alldrick, Chief Information Security Officer, Lloyd’s (UK)
Panellists: Major Robert Noble MBE, Managing Director/Partner - International Security Consultancy Group Gulf WLL (UAE), Mr. Ali Alotaibi, IT Security Manager, Saudi Hollandi Bank & Vice-
Chairman for Information Security, Saudi Banking Committee (KINGDOM OF SAUDI ARABIA), Mr. Yousuf Alihamed Al Harty, Managing Director, InfoShield LLC (OMAN)
Mr. Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND)
16:30 CLOSE OF DAY TWO
CASE STUDY
CASE STUDY
16:45 TOUR OF MUSCAT FOLLOWED BY RECEPTION AT BAIT AL ZUBAIR MUSEUM
All networking activities are provisional to date.

Chief Information Security Officer Middle East 2009 Executive Summit & Roundtable
9–11 November 2009, Intercontinental Hotel, Muscat, Sultanate of Oman
Day Three: Wednesday 11 November 2009
CISO Roundtable Middle East 2009 - Delivering Measurable Results During Tougher Times
The CISO Roundtable - Middle East is the benchmarking highlight of the event. The agenda is set in advance by the participants who
all have the opportunity to input directly into the 2009 agenda prior to the event! A further vote of agenda priorities is voted upon at the
event itself. This facilitated roundtable briefing is for heads & senior managers of information security to drive & influence security
strategy & policy, while benchmarking approaches to the key security challenges of the day. The challenge for the CISO role today is how to stay relevant & effective in an ever
changing environment. How do you recognise when you need to change approach? Are there transferable skills & approaches you can use to address new challenges? Has
the profile of the staff changed? Distinguished security experts & seasoned practitioners will co-ordinate interactive roundtable discussions & streamed group work. These
open exchanges will ensure that you take away important new ideas to implement in your organisation. This is the ideal opportunity to compare strategy & tactics with global
security industry leaders & network with professionals who face the same set of challenges as you. Furthermore, it is you the participant who sets the agenda! *The Chatham
House Rule applies. No press permitted.
CHAIRED BY: Charles V. Pask, Managing Director, ITSEC Associates Ltd
FACILITATORS: Eddie Schwartz, Chief Security Officer, NetWitness (U.S.), Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND)
John Colley, Managing Director EMEA, (ISC) 2 , Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach (UK)
Marcus Alldrick, Chief Information Security Officer, Lloyd’s (UK), Richard Cross, CISO, Toyota Motor Europe (BELGIUM)
Mr. Badar Al-Saleh, Director, Omani Cert. (OMAN), Mr. Abdullah Al-Barwani, Chief of Security, The Information Technology Authority (ITA) (OMAN)
PROVISIONAL AGENDA- you will be asked for your input on the topics in advance to set the agenda based around your current challenges!
08:30 – 09:00 REGISTRATION & COFFEE
09:00 – 09:10 WELCOME, GROUP INTRODUCTIONS & SETTING OF AGENDA PRIORITIES
Chaired by: Charles V. Pask
09:10 – 10:10 SESSION 1: RISK DECISION TAKING: ARE DECISIONS MORE INSTINCT THAN INFORMED JUDGEMENT?
Lead Facilitator: Marcus Alldrick
10:10 – 11:00 SESSION 2: IT RISK METRICS: WHAT’S WRONG WITH THEM & WHAT NEEDS TO BE FIXED TO MAKE THEM WORK
Lead Facilitator: Eddie Schwartz
11:00 – 11:20 MORNING COFFEE BREAK
11:20 – 12:00 SESSION 3: TOPIC BE CONFIRMED BASED ON PARTICIPANTS FEEDBACK
Lead Facilitator: Richard Cross
12:00 – 13:00 LUNCH
13:00 – 13:45 SESSION 4: BREAKOUT SESSIONS
The group will break into two teams for specific discussions. Each team will have the support of 4 facilitators, including a 10-minute presentation by the facilitator, 30-minutes of
group discussion, and 5-minutes to present the key learning points from each session back to the full group after the break.
SESSION 4A: TOPIC BE CONFIRMED BASED ON PARTICIPANTS FEEDBACK
Lead Facilitator: John Colley
13:45 – 14:00 FEEDBACK FROM THE BREAKOUT SESSIONS TO THE FULL GROUP
14:00 – 14:50 SESSION 5: TOPIC BE CONFIRMED BASED ON PARTICIPANTS FEEDBACK
14:50 – 15:15 AFTERNOON TEA BREAK
15:15 – 15:45 SESSION 6: OPTIONAL - 30 MINUTE CLOSE SESSION FOR REAL-LIFE SECURITY INCIDENTS
Lead Facilitator: Charles V. Pask
Supported by: All Facilitators
16:00 CHAIRMAN’S SUMMARY, GOODBYES & CLOSE OF DAY
Lead CISO Roundtable Sponsor
Don’t miss the new information survey
for heads of information security
conducted by security vendor
NetWitness, Lead Sponsor of the CISO
Roundtable Middle East 2009 & MIS
Training Institute! Survey live soon on
www.mistieurope.com/CISOMEsurvey
SESSION 4B: TOPIC BE CONFIRMED BASED ON PARTICIPANTS FEEDBACK
Lead Facilitator: Andreas Wuchner-Bruehl
ABOUT THE CISO ROUNDTABLE MIDDLE EAST 2009 FACULTY
CHAIRMAN: Mr. Charles V. Pask, Managing Director, ITSEC Associates Ltd
Charles is responsible for delivering global IT security & IT audit services, including public training courses, in-house training courses,
conferences & symposiums. Previously, he was a Director with MIS Training,& Director of Information Security Institute (ISI) European & Middle
East e-Security Services. Mr. Pask has over 20 years’ experience in IT, IT audit,& IT security, & was the Information Security Manager for Alliance
& Leicester plc prior to joining MIS. More recently Charles was the Global Head of Strategy, Development & Globalisation for the BT Business
Continuity, Security & Governance Practice.
FACILITATORS: Mr. Eddie Schwartz, Vice President, Chief Security Officer, NetWitness
Corporation
Eddie is Chief Security Officer of NetWitness and has 25 years experience in the information security and privacy fields. Previously, he was Chief
Technology Officer of ManTech Information Systems and Technology Corporation, EVP and General Manager for Global Integrity/Predictive Systems,
SVP of Operations at Guardent, CISO for Nationwide Insurance; a Senior Computer Scientist at CSC where he was Technical Director of the DSS
Information Security Laboratory, and a Foreign Service Officer with the U.S. Department of State. Mr. Schwartz has advised a number of security
companies, and served on the Executive Committee for the Banking Information Technology Secretariat (BITS). Mr. Schwartz has a B.I.S. in
Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management.
Mr. Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG
(SWITZERLAND)
Andreas, CISO, CISA, CISSP, leads IT Security & Security Emergency Response globally across the corporation. In this role he & his team are responsible
for the planning & supervision of Novartis’ worldwide computer & network information security systems, defining the company’s IT security policies,
baselines & standards & enhancing the security of Novartis IT services & global infrastructure. Andreas has more than 12 years’ experience managing all
aspects of information technology management, with deep expertise in rapidly changing, highly demanding large-scale environments. Prior to joining
Novartis Pharmaceuticals, Andreas worked for Ciba Geigy & IBM on various IT projects covering different aspects of information technology.
Mr. John Colley, Managing Director EMEA, (ISC) 2
Mr. Colley, CISSP, is the Managing Director for EMEA & Co- Chair of the European Advisory Board for (ISC)2 , a non-profit professional
consortium which has certified over 60,000 members worldwide. He served on the (ISC)2 Board of Directors for eight years including two as
chairman. John has over fifteen years experience in information security. He has formerly held posts as Head of Risk Services at Barclays, Group
Head of Information Security at the Royal Bank of Scotland Group, Director of Information Security at Atomic Tangerine & as Head of Information
Security at ICL. John has also worked as an independent consultant providing value added advice and guidance to blue chip organisations.
Mr. Marcus Alldrick, CISO, Lloyd's
In his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood & adequately mitigated in a cost
effective manner throughout the organisation, both in the UK and in its overseas locations, & that assurance to this effect is provided to
Executive, Senior and Line Management. Marcus has worked in IT for over 30 years, specialising in information risk & security for the
latter 17 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, working in IT Advisory & specialising in information
security strategy definition & implementation. Before that Marcus was Head of Information Security for Abbey National plc, a leading UK
bank, a position he held for six years following seven years as Information Risk and Security Manager for Barclaycard, part of Barclays
plc & Europe’s largest credit card issuer.
Mr. Richard Cross, CISO, Toyota Motor Europe (BELGIUM)
Richard has been the Corporate Security Officer in Toyota Motor Europe since 2002 & has led the organisation through a maturing process in
implementing a full Information Security lifecycle. His journey in Toyota has been a cross-cultural one both in terms of business approach &
nationalities, understanding how to apply the world famous “Toyota Production System” into security activities. The focus of his activity has
moved away from pure Information Security into the broader sphere of Corporate Risk Management, with a corresponding change in reporting
line, from CIO to the Corporate Planning Offices. Further back in his career he worked for a British Government intelligence agency in a technical
security role, involving the design of systems to support data warehouse analysis.
Networking Opportunities - Build Trust-Based Relationships In Muscat!
Meeting your security peers to exchange ideas & build trust-based networks is an integral part of the CISO
Executive Summit & Roundtable Middle East. As such, MIS & Sponsors have set aside dedicated time for
networking, which will allow you to enjoy your time in Muscat. Please note that all activities are all provisional to
date & are sponsorship-related.
MONDAY 9TH NOVEMBER SUNSET DHOW CRUISE WELCOME DRINKS
Join information security peers for the Sunset Dhow cruise – a leisurely cruise down the coast.
The ‘dhow’ has been in use for centuries, & is an essential part of Oman’s proud maritime
tradition. Enjoy the dramatic mountains cascading into the sea from a different perspective, while
enjoying drinks & talking to peers. Followed by a typical Arabic dinner (BBQ) on the beach
TUESDAY 10TH NOVEMBER TOUR OF MUSCAT FOLLOWED BY DRINKS RECEPTION AT
BAIT AL ZUBAIR MUSEUM
Drive along the waterfront Corniche visiting the Fish Market & the colourful Muttrah Souq that
awaits you with sights, sounds & aroma of the orient. Stop at the Bait Al Zubair Museum for
an introduction that traces Oman’s history & development, followed by a drinks reception.
About the Venue
The hotel is situated in the prime
residential, government & diplomatic
quarter, only 15 minutes from the
airport. Set in 35 acres of palm
gardens between the imposing Hajjar
Mountains & the pale sand of the Gulf
Coast, offering stunning views on
each side, it is a ‘resort within the
city’. With its proximity to the capital’s
business & commercial district, the
hotel is the ideal place to stay for
business or leisure & to host
meetings, company conventions, gala
dinners or receptions! See back page
for more details.

Chief Information Security Officer Middle East 2009
Executive Summit & Roundtable
9–11 November 2009, Intercontinental Hotel, Muscat, Sultanate of Oman
Under the Patronage of ITA
5 Easy Ways to Register
Tel: +44 (0)20 7779 8944 Email: mis@mistieurope.com
Fax: +44 (0)20 7779 8293 Web: www.mistieurope.com/CISOME
Mail: Guy Cooper, MIS Training, Nestor House, Playhouse Yard, London
EC4V 5EX UK
Customer Information
(please print or attach business card)
Title
Surname
Position
Organisation
First name
E-Mail Address (Required)
Address
Country
Postcode
When registering please quote reference: WEB
Reserve Your Place by 1st October 2009
& Receive 3 FREE Books on Information Security,
Authored by Speakers at the CISO Summit Middle East 2009!
• “Managing the Human Factor in Information Security: How to Win Over Staff and
Influence Business Managers”, by David Lacey
• “Honeypots: Tracking Hackers” by Lance Spitzner
• “Crossing the Executive Digital Divide, The Course Book” by Eduardo Gelbstein
* Please note that these book titles are subject to availability at the time.
Registration Information (fees must be paid in advance of the event)
Fee
2nd Annual CISO Executive Summit & Roundtable £1,750
Middle East 2009 (9-11 November 2009)
Included in the Fee:
• Entry to 3-Day Event
• CPEs & Certificates
• Official Summit Materials & USB Stick
• Web-link to Updated Presentation Materials Will be Made Available
Immediately Following the Summit (Subject to Speaker’s Permission)
• All Lunches & Daily Refreshments
• Networking Functions (Subject to Further Confirmation)
Please send me information on
3rd Annual Chief Security Officer (CSO) Summit 2009,
14 - 16 October 2009, Hotel R Juan Carlos I, Barcelona – Spain
2nd Annual Security Africa Summit 2009, 1 – 4 December 2009,
La Palm Beach Royal Beach Hotel, Accra – Ghana
4th Annual Fraud & Corruption Summit 2010, 17 - 19 March 2010, UK
Conferencia Latinoamericana: Gobernanza, Riesgo y Auditoria 2010,
23 – 26 marzo 2010, Panama
7th Annual CISO Executive Summit 2010, 9 - 11 June 2010, Madrid
5th Annual Audit, Risk & Governance Africa Conference 2010,
19 - 23 July 2010, Africa (location TBC)
Audit, Risk & Governance Middle East 2010, 1 – 3 November 2010, Dubai – UAE
Telephone
Fax
The information you provide will be safeguarded by the Euromoney Institutional Investor Plc. group whose subsidiaries may
use it to keep you informed of relevant products and services. We occasionally allow reputable companies outside the
Euromoney Institutional Investor Plc. group to contact you with details of products that may be of interest to you. As an
international group we may transfer your data on a global basis for the purposes indicated above. If you object to contact by
telephone , fax , or email please tick the relevant box. If you do not want us to share your information with other
reputable companies please tick this box
Payment Method
Pay Online at www.mistieurope.com (all fees must be paid in advance of the event)
Cheque enclosed
Please invoice my company PO#
(payable to MIS Training)
Credit cards can be taken over the phone only. Please call +44 (0)20 7779 8944
Please include billing address if different from address given above
Please note that in completing this booking you undertake to adhere to the
cancellation policy and payment terms.
Signature
Approving Manager
Date
Position
Summit Venue & Accommodation
The CISO Executive Summit & Roundtable Middle East 2009 will take place at:
Intercontinental Muscat P.O. Box 398, Muscat, Sultanate of Oman. Phone: +968 24 680 000
www.ichotelsgroup.com/intercontinental/en/gb/locations/overview/muscat
• To get the best available rate, please contact Mrs Mercy Anil directly on + 968 24 680 000
or email mercy.anil@icmuscathotel.com
• When making your booking with the hotel, please quote: 'MIS Training Institute's 2nd Annual CISO Summit & Roundtable'.
• Limited rooms are available, so to avoid any disappointments, please book early.
• MIS Training Institute is not liable & responsible for any hotel bookings & cannot guarantee availability or specific rates
• Delegates are responsible for the arrangement & payment of their own accommodation while in Muscat
About the Intercontinental Muscat – please view the full fact sheet & map via this web-link:
www.ichotelsgroup.com/intercontinental/en/gb/locations/overview/mscha
The hotel is only 15 minutes from the airport. High speed/broad-band Internet is available in all guest rooms & all function
What other potential NEW conferences would you or colleagues be interested in
attending in the Middle East?
Fraud & Corruption Summit Middle East
(for internal auditors & fraud prevention professionals)
Digital Evidence Conference Middle East
(for heads of IT investigations / legal professionals & in-house counsel)
Tax Audit & Compliance Conference Middle East
(for tax authorities & corporate tax directors)
Chief Security Officers Summit Middle East
(for corporate / physical / business security directors)
Other conferences – please list focuses
Cancellation Policy: Should a delegate be unable to attend, a substitute may attend in his or her place. A credit
or refund, minus 10% administration charge, is available if written notification is received by 20th October 2009.
Thereafter, no refunds will be given. MIS reserves the right to change or cancel this programme due to
unforeseen circumstances. Founded in 1978, MIS Training Institute is the international leader in providing
training & conferences to information security, audit, fraud & IT audit professionals. With offices in the USA, UK,
& Asia, MIS is a division of Euromoney Institutional Investor Plc (FTSE250) and is part of the Daily Mail &
General Trust (DMGT). www.mistieurope.com
rooms. There are various restaurants & bars within the hotel premises including: Trader Vic’s: (Hawaiian, Tahitian &
Polynesian in a south pacific setting); Señor Pico (bringing alive the colours, moods & excitement of rustic Mexico with
latino music); Musandam Café & Terrace Restaurant: breakfast, lunch & dinner buffets offer a vast selection of hot & cold
dishes; Tomato (open-air restaurant serves Italian & Mediterranean delicacies); Al Ghazal Pub (typical British pub); Majlis Al
Shams (open-plan seating area epitomises traditional Arabic hospitality with its Arabian tent & ethnic décor); The Majlis
(range of tea, coffee, snacks, pastries, light meals & beverages). The fitness club features a lap-pool, resort-style single
depth pool & children’s pool, six flood-lit tennis courts, two air-conditioned squash courts, a 900 sqm health club, featuring
a hi-tech, fully air-conditioned fitness centre, jacuzzi, sauna, steam-bath & plunge pool. Outdoor facilities include a football
pitch, volleyball court & access to the beach. The hotel’s beautifully landscaped spacious gardens lead directly onto miles
of sandy beach, bordered by clear, sapphire-blue ocean. The hotel can arrange for jet-skiing, windsurfing, fishing, sailing,
water-skiing & scuba-diving. The main shopping area is only 10 minutes away from the hotel. Muttrah Souq is the oldest
market place in the capital & offers a fascinating insight into authentic Omani culture. Gold, silver, antiques, spices, dates &
frankincense can all be found in abundance in this colourful corner of Muscat. Oman is the home of frankincense so a visit
to Muttrah Souq would not be complete without picking up a few pieces of this ancient luxury!
To Register Call +44 (0) 20 779 8944 Fax +44 (0) 20 7779 8293
Email mis@mistieurope.com or visit www.mistieurope.com/CISOME