Chief Information Security Officer Middle East 2009 - MIS Training

More documents

Recommendations

Info

Chief Information Security Officer Middle East 2009 Executive Summit & Roundtable 9–11 November 2009, Intercontinental Hotel, Muscat, Sultanate of Oman Day Two: Tuesday 10 November 2009 Information Security Risk Management: The Threat Within & the External Threat Horizon & Counter-Measures 06:45 COFFEE 06:55 CHAIRMAN’S RE-OPENING KEYNOTE 07:00 DIGITAL EVIDENCE – A JUDICIAL & LEGAL PERSPECTIVE Judge Dr. Ehab Maher Elsonbaty, BA, MA, LLM, PhD, Senior Judge in Egypt & Secondment to the State of Qatar, Legal Expert, Amiri Diwan, State of Qatar (QATAR) Judge Dr. Ehab Maher Elsonbaty is a senior judge & a member of the civil, criminal &commercial panel of the Damanhor Court. He lectures on cyber law topics & technology in litigation to the Arab Academy for Science and Technology and Private International Law. He is a consultant to the Council of Europe, UNODC & ITU. 07:40 EVACUATION PLANNING – EMERGENCY RESPONSE & BUSINESS REINSTATEMENT • Corporate Emergency Contingency Plans • Local Intelligence • Post evacuation action • Evacuation Planning • Recovery & reinstatement • Pre evacuation tasks Major Robert Noble MBE, Managing Director/Partner, International Security Consultancy Group Gulf WLL (QATAR) Mr. Noble has nearly 30 years experience in international security of precious metals & minerals, protection of diplomats, diplomatic missions & corporates, technical & physical security & training of police & security personnel. Mr. Noble is a veteran of some 15 military coups & insurgency actions & was involved in safe evacuations of diplomatic & corporate staff in various African countries, most notably in Mogadishu, Somalia, in 1991 when, under constant hostile fire, he ensured the safe movement of diplomats & their families, from Oman, Qatar, UAE, Kuwait, Sudan, Kenya, Nigeria, Turkey, Germany, Great Britain, Russia & USA, from their exposed city locations, to the relative safety of the US Embassy compound, prior to evacuation to Muscat, Oman by US Naval forces. In 1995, he also managed the evacuation of some 3000 multi national personnel & families from the northern industrial & mining areas of Sierra Leone, whilst under attack by rebel insurgents, to safety in the port of Freetown. This evacuation was accomplished under his personal supervision, at night & by sea, with no loss of life. Mr. Noble was awarded the MBE for services to British overseas security interests & is a holder of the US Secretary of State's Superior Honor Award for Heroism. In addition, he has over 30 awards & commendations from amongst others, the US Diplomatic Security Service, German Diplomatic Protection Police and several other entities. He wrote the Global Emergency Response Plan for a major US IT Corporation & served 10 years in British military in armored, airborne & MOD posts. 08:20 THE EASY WAY TO AVOID BECOMING THE NEXT DATA LEAKAGE HEADLINE Data security is a legal, operational & reputational risk issue for any organisation in any part of the world. Hear top tips for avoiding becoming the next headline. • Data loss/breach legislation - how does it apply to me, what does it mean to me? • Evaluating data loss management & encryption technology • How to enable the safe use of removable storage such as USB memory sticks • Integration - data controls • What data loss prevention (DLP) can bring to the enterprise • Top tips & best practice Mr. Richard Cross, CISO, Toyota Motor Europe (BELGIUM) 09:00 THE BUSINESS CASE FOR INFORMATION SECURITY & ITS BOUNDARIES WITH MATURE IT PROCESSES Dr. Eduardo Gelbstein, Adjunct Professor, Webster University, Geneva, Former Advisor to the UN Board of Auditors and Former Director, UN International Computing Centre (SWITZERLAND) Ed has worked in IT for over 40 years in the private & public sectors of several countries, & in executive positions since the mid 1980s. In 2002 he “retired” from the UN, where he was Director of the International Computing Centre with 24*7 operations in Geneva, New York, & Brindisi for clients including UN Peace Keeping, the World Food Programme & the UN High Commission for Refugees – an environment where responding to crises are common events. He then became an IT advisor & auditor, for the UN Board of Auditors and the Cour des Comptes (National Audit Office of France). Ed is author of several books & publications, he is adjunct professor of Business Systems Management at Webster University in Geneva, an advisor to the Master of Advanced Studies programme of Zürich Technical University & a senior fellow of the Diplo Foundation, dedicated to the training of young diplomats from all over the world. KEYNOTE PANEL CASE STUDY KEY CASE STUDY CASE STUDY KEY CASE STUDY PANEL DEBATE KEY CASE STUDY SPECIAL KEYNOTE CASE STUDY 09:40 MORNING COFFEE BREAK 10:00 CREATING VALUE & TRUST BETWEEN INFORMATION SECURITY & THE BUSINESS THROUGH EXTENSIVE CHANGE & DURING DIFFICULT TIMES As executive boards globally are threatening to reduce security & IT budgets, how can you resist the pressure to cut corners & ensure that your security strategy remains focused, integral to the business & that security is not compromised? How can security add real business value? Evidence suggests that information leakage & industrial sabotage activity increases in such an economic climate so this is no time to be cutting back on your intelligence, security controls & governance operations. • Measuring cost efficiency of information security while avoiding reliance on • Finding new ways to do things key performance indicators • Potential pitfalls • Can the trust brought by online security really drive bottom line results? • Winning the trust of the business • Adopting cost cutting strategies versus maintaining business security & sustainability • Understand the urgent imperative for your business • Top tips to create value between information security & the business • Plan in advance to remain flexible & adaptable Chaired by: Mr. Ray Stanton, Global Head of Business Continuity, Security & Governance Practice, BT Panellists: Mr. Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND) Dr. Iman Baba, Head of Information Security & Business Continuity, BankMed (LEBANON) Dr. Eduardo Gelbstein, Senior Security Advisor, United Nations Board of External Auditors (SWITZERLAND) Mr. Tariq Elsadik, Chief Excellence/Information Officer, Al Fahim Group (Abu Dhabi, UAE) 10:35 THE FAST SPEED OF CHANGE: BUSINESS OPPORTUNITIES & RISKS GOING ALONG WITH THE USE OF SOCIAL MEDIA Why should you care about Social Media • How to address the topic • What are the risks • One solution approach which has worked Mr. Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND) 11:10 PATCH MANAGEMENT: INCREASINGLY A FACET OF EFFECTIVE RISK MANAGEMENT Patch management is nothing new; by now we should have moved away from the 'install & forget' days of old to a position of comprehensive patch management across the enterprise. Nevertheless, we still see the exploitation of vulnerabilities hitting the headlines with many organisations not only vulnerable to attack but successfully attacked & exploited. In this presentation we examine the increasingly critical role of Patch Management in the overall risk management framework & in doing so we look at: • The underlying trends driving the need for Patch Management to be proactive & preventative, not reactive & curative • What effective Patch Management looks like & what key considerations need to be taken into account • Why Patch Management in isolation is ineffective & how it fits into the bigger scheme of things • How people & process play as important a role as technology in making effective Patch Management a reality Mr. Marcus Alldrick, Chief Information Security Officer, Lloyd’s (UK) 11:50 LUNCH 13:15 PLEASE SELECT YOUR PREFERRED STREAMED SESSIONS: The Threat Within 13:15 – 14:00 CONDUCTING AN EFFECTIVE INFORMATION SECURITY & RISK ASSESSMENT Mr. Lalit Gandhi, Divisional Manager Audit and Information Security, Oman Trading Establishment (SULTANATE OF OMAN) Lalit is a qualified chartered accountant. Currently Divisional Manger Audit at Oman Trading Establishment (OTE), one of the largest private sector organizations in Oman. Lalit is also responsible for Information Security at OTE as Information Security Manager, & is Project Manager for the ISO27001 implementation project at OTE. 14:00 – 14:40 NEW INTERACTIVE SESSION - HOW CAN SENSITIVE INFORMATION STAY FAITHFUL TO ITS ORGANISATION? This will be an interactive session with the audience split into three groups: 1. The disaffected employee; 2. The over-worked employee; 3. The CISO. The challenge: We all have security policies & measures in place that aim to protect the business from data leakage from our systems & our people. Backing up data & holding documents in central repositories provide a sense of well-being & comfort. We have the technology – we can achieve. However, the fact remains that to protect corporate data & intellectual property is a real challenge when we consider the people aspect. Where are all your data stored? Do you know? Greed, Envy, ambition, desperation & poverty are key characters in this play that convert even the most corporately versioned employee. Add ignorance; lack of training, education & awareness; time pressure & general lack of ability into the pot & the mix becomes worse. This exercise is about protecting your most valuable corporate asset. Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach Prior to her current position, Cheryl was a Senior Lecturer at the University of Portsmouth. Following 3 decades in the IT industry working for the Ministry of Defence, The Office of Population, Censuses & Surveys & as a European consultant for a blue chip organisation, she entered academia. Cheryl is an active CISSP & has recently been appointed as an ambassador for Childnet delivering training sessions in schools. Her academic interests lie in the analysis & design of information systems; developing secure information systems; business continuity & disaster recovery, & digital forensics. She designed, developed & led lectures on the BSc (Hons) Digital Forensics degree for the University of Portsmouth. In her current position she is responsible for delivering & maintaining strategy & policy for all issues relating to IT Security & Information Assurance within Openreach which is part of the BT Group. 14:40 AFTERNOON TEA BREAK The External Threat Horizon & Counter-Measures 13:15 – 14:00 OUTSOURCING CHALLENGES & ETHICAL ISSUES • The seven lifecycle stages of • What are the future challenges? outsourcing contracts • Third parties & subcontracts • Maintaining security & privacy throughout • Agree the security & business processes for the the contact lifecycle transformation of IT & security solutions over • Are there new/additional security risks? the life of the contract • What needs to be considered during due • Management & change of cryptographic keys diligence of offshore suppliers? • Ensure vendor continuity plans meet specified • Assurance & conformance audits business needs including; backups, recovery, • Change management standby & people • Specification of subject access request • Incident management (SAR) process with the vendor Mr. Hugh Penri-Willams, Information Security Forum 14:00 – 14:40 IDENTITY & ACCESS CONTROL The management of administrative passwords such as ‘root,’ in Unix , ‘administrator,’ in Windows & ‘sa,’ in Database & 'enable’ in Routers is a problem that has existed since distributed systems made their way into business environments. Traditionally, this issue has been dealt with through procedure based controls, which is not always effective. Saudi Hollandi Bank had implemented a Password Auto Repository & sessions recording solution that was designed to solve the problem of shared administrative passwords & record their activities. Hear about the how these core features operate to enhance control of users to: • Protects infrastructure from rogue users, compromised devices, & applications • Assist with regulatory compliance through granular access control • Capture keystroke logging to provide a complete recording of internal support activities • Deliver clear, centralized reporting through the collection & aggregation of access & management logs • Offer session recording for event reconstruction purposes Mr. Ali Alotaibi, IT Security Manager, Saudi Hollandi Bank & Vice-Chairman for Information Security, Saudi Banking Committee (KINGDOM OF SAUDI ARABIA) Mr. Ali Alotaibi brings with him 17 years of experience in IT, mostly in banks in the field of Communication & IT security. He is also currently a vice chairman of Saudi Banking Committee for Information Security. 15:00 WHAT ARE THE CEO’S EXPECTATIONS OF THE INFORMATION SECURITY FUNCTION? Mr. Osman Sultan, CEO, Du, (UAE) - INVITED 15:30 LEGAL ASPECTS OF INFORMATION SECURITY Mr. Mustafa Ali Mahmood Al Hemeid, Head of Legal Division, National Bank of Oman (OMAN) 16:00 PRIVACY, SECURITY & IDENTITY MANAGEMENT: CAN THEY CO-EXIST? WHAT IS THE PAY OFF? • Can they co-exist? What is the pay off? • Identity management & signature technologies • What are you doing to safeguard intellectual assets? • Security vs. privacy: which is more important? • Vulnerabilities of emerging identity technologies • Managing federated identities – what is the reality? • The problems of security in an organisation without perimeters Chaired by: Mr. Marcus Alldrick, Chief Information Security Officer, Lloyd’s (UK) Panellists: Major Robert Noble MBE, Managing Director/Partner - International Security Consultancy Group Gulf WLL (UAE), Mr. Ali Alotaibi, IT Security Manager, Saudi Hollandi Bank & Vice- Chairman for Information Security, Saudi Banking Committee (KINGDOM OF SAUDI ARABIA), Mr. Yousuf Alihamed Al Harty, Managing Director, InfoShield LLC (OMAN) Mr. Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND) 16:30 CLOSE OF DAY TWO CASE STUDY CASE STUDY 16:45 TOUR OF MUSCAT FOLLOWED BY RECEPTION AT BAIT AL ZUBAIR MUSEUM All networking activities are provisional to date.
Chief Information Security Officer Middle East 2009 Executive Summit & Roundtable 9–11 November 2009, Intercontinental Hotel, Muscat, Sultanate of Oman Day Three: Wednesday 11 November 2009 CISO Roundtable Middle East 2009 - Delivering Measurable Results During Tougher Times The CISO Roundtable - Middle East is the benchmarking highlight of the event. The agenda is set in advance by the participants who all have the opportunity to input directly into the 2009 agenda prior to the event! A further vote of agenda priorities is voted upon at the event itself. This facilitated roundtable briefing is for heads & senior managers of information security to drive & influence security strategy & policy, while benchmarking approaches to the key security challenges of the day. The challenge for the CISO role today is how to stay relevant & effective in an ever changing environment. How do you recognise when you need to change approach? Are there transferable skills & approaches you can use to address new challenges? Has the profile of the staff changed? Distinguished security experts & seasoned practitioners will co-ordinate interactive roundtable discussions & streamed group work. These open exchanges will ensure that you take away important new ideas to implement in your organisation. This is the ideal opportunity to compare strategy & tactics with global security industry leaders & network with professionals who face the same set of challenges as you. Furthermore, it is you the participant who sets the agenda! *The Chatham House Rule applies. No press permitted. CHAIRED BY: Charles V. Pask, Managing Director, ITSEC Associates Ltd FACILITATORS: Eddie Schwartz, Chief Security Officer, NetWitness (U.S.), Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND) John Colley, Managing Director EMEA, (ISC) 2 , Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach (UK) Marcus Alldrick, Chief Information Security Officer, Lloyd’s (UK), Richard Cross, CISO, Toyota Motor Europe (BELGIUM) Mr. Badar Al-Saleh, Director, Omani Cert. (OMAN), Mr. Abdullah Al-Barwani, Chief of Security, The Information Technology Authority (ITA) (OMAN) PROVISIONAL AGENDA- you will be asked for your input on the topics in advance to set the agenda based around your current challenges! 08:30 – 09:00 REGISTRATION & COFFEE 09:00 – 09:10 WELCOME, GROUP INTRODUCTIONS & SETTING OF AGENDA PRIORITIES Chaired by: Charles V. Pask 09:10 – 10:10 SESSION 1: RISK DECISION TAKING: ARE DECISIONS MORE INSTINCT THAN INFORMED JUDGEMENT? Lead Facilitator: Marcus Alldrick 10:10 – 11:00 SESSION 2: IT RISK METRICS: WHAT’S WRONG WITH THEM & WHAT NEEDS TO BE FIXED TO MAKE THEM WORK Lead Facilitator: Eddie Schwartz 11:00 – 11:20 MORNING COFFEE BREAK 11:20 – 12:00 SESSION 3: TOPIC BE CONFIRMED BASED ON PARTICIPANTS FEEDBACK Lead Facilitator: Richard Cross 12:00 – 13:00 LUNCH 13:00 – 13:45 SESSION 4: BREAKOUT SESSIONS The group will break into two teams for specific discussions. Each team will have the support of 4 facilitators, including a 10-minute presentation by the facilitator, 30-minutes of group discussion, and 5-minutes to present the key learning points from each session back to the full group after the break. SESSION 4A: TOPIC BE CONFIRMED BASED ON PARTICIPANTS FEEDBACK Lead Facilitator: John Colley 13:45 – 14:00 FEEDBACK FROM THE BREAKOUT SESSIONS TO THE FULL GROUP 14:00 – 14:50 SESSION 5: TOPIC BE CONFIRMED BASED ON PARTICIPANTS FEEDBACK 14:50 – 15:15 AFTERNOON TEA BREAK 15:15 – 15:45 SESSION 6: OPTIONAL - 30 MINUTE CLOSE SESSION FOR REAL-LIFE SECURITY INCIDENTS Lead Facilitator: Charles V. Pask Supported by: All Facilitators 16:00 CHAIRMAN’S SUMMARY, GOODBYES & CLOSE OF DAY Lead CISO Roundtable Sponsor Don’t miss the new information survey for heads of information security conducted by security vendor NetWitness, Lead Sponsor of the CISO Roundtable Middle East 2009 & MIS Training Institute! Survey live soon on www.mistieurope.com/CISOMEsurvey SESSION 4B: TOPIC BE CONFIRMED BASED ON PARTICIPANTS FEEDBACK Lead Facilitator: Andreas Wuchner-Bruehl ABOUT THE CISO ROUNDTABLE MIDDLE EAST 2009 FACULTY CHAIRMAN: Mr. Charles V. Pask, Managing Director, ITSEC Associates Ltd Charles is responsible for delivering global IT security & IT audit services, including public training courses, in-house training courses, conferences & symposiums. Previously, he was a Director with MIS Training,& Director of Information Security Institute (ISI) European & Middle East e-Security Services. Mr. Pask has over 20 years’ experience in IT, IT audit,& IT security, & was the Information Security Manager for Alliance & Leicester plc prior to joining MIS. More recently Charles was the Global Head of Strategy, Development & Globalisation for the BT Business Continuity, Security & Governance Practice. FACILITATORS: Mr. Eddie Schwartz, Vice President, Chief Security Officer, NetWitness Corporation Eddie is Chief Security Officer of NetWitness and has 25 years experience in the information security and privacy fields. Previously, he was Chief Technology Officer of ManTech Information Systems and Technology Corporation, EVP and General Manager for Global Integrity/Predictive Systems, SVP of Operations at Guardent, CISO for Nationwide Insurance; a Senior Computer Scientist at CSC where he was Technical Director of the DSS Information Security Laboratory, and a Foreign Service Officer with the U.S. Department of State. Mr. Schwartz has advised a number of security companies, and served on the Executive Committee for the Banking Information Technology Secretariat (BITS). Mr. Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management. Mr. Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG (SWITZERLAND) Andreas, CISO, CISA, CISSP, leads IT Security & Security Emergency Response globally across the corporation. In this role he & his team are responsible for the planning & supervision of Novartis’ worldwide computer & network information security systems, defining the company’s IT security policies, baselines & standards & enhancing the security of Novartis IT services & global infrastructure. Andreas has more than 12 years’ experience managing all aspects of information technology management, with deep expertise in rapidly changing, highly demanding large-scale environments. Prior to joining Novartis Pharmaceuticals, Andreas worked for Ciba Geigy & IBM on various IT projects covering different aspects of information technology. Mr. John Colley, Managing Director EMEA, (ISC) 2 Mr. Colley, CISSP, is the Managing Director for EMEA & Co- Chair of the European Advisory Board for (ISC)2 , a non-profit professional consortium which has certified over 60,000 members worldwide. He served on the (ISC)2 Board of Directors for eight years including two as chairman. John has over fifteen years experience in information security. He has formerly held posts as Head of Risk Services at Barclays, Group Head of Information Security at the Royal Bank of Scotland Group, Director of Information Security at Atomic Tangerine & as Head of Information Security at ICL. John has also worked as an independent consultant providing value added advice and guidance to blue chip organisations. Mr. Marcus Alldrick, CISO, Lloyd's In his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood & adequately mitigated in a cost effective manner throughout the organisation, both in the UK and in its overseas locations, & that assurance to this effect is provided to Executive, Senior and Line Management. Marcus has worked in IT for over 30 years, specialising in information risk & security for the latter 17 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, working in IT Advisory & specialising in information security strategy definition & implementation. Before that Marcus was Head of Information Security for Abbey National plc, a leading UK bank, a position he held for six years following seven years as Information Risk and Security Manager for Barclaycard, part of Barclays plc & Europe’s largest credit card issuer. Mr. Richard Cross, CISO, Toyota Motor Europe (BELGIUM) Richard has been the Corporate Security Officer in Toyota Motor Europe since 2002 & has led the organisation through a maturing process in implementing a full Information Security lifecycle. His journey in Toyota has been a cross-cultural one both in terms of business approach & nationalities, understanding how to apply the world famous “Toyota Production System” into security activities. The focus of his activity has moved away from pure Information Security into the broader sphere of Corporate Risk Management, with a corresponding change in reporting line, from CIO to the Corporate Planning Offices. Further back in his career he worked for a British Government intelligence agency in a technical security role, involving the design of systems to support data warehouse analysis. Networking Opportunities - Build Trust-Based Relationships In Muscat! Meeting your security peers to exchange ideas & build trust-based networks is an integral part of the CISO Executive Summit & Roundtable Middle East. As such, MIS & Sponsors have set aside dedicated time for networking, which will allow you to enjoy your time in Muscat. Please note that all activities are all provisional to date & are sponsorship-related. MONDAY 9TH NOVEMBER SUNSET DHOW CRUISE WELCOME DRINKS Join information security peers for the Sunset Dhow cruise – a leisurely cruise down the coast. The ‘dhow’ has been in use for centuries, & is an essential part of Oman’s proud maritime tradition. Enjoy the dramatic mountains cascading into the sea from a different perspective, while enjoying drinks & talking to peers. Followed by a typical Arabic dinner (BBQ) on the beach TUESDAY 10TH NOVEMBER TOUR OF MUSCAT FOLLOWED BY DRINKS RECEPTION AT BAIT AL ZUBAIR MUSEUM Drive along the waterfront Corniche visiting the Fish Market & the colourful Muttrah Souq that awaits you with sights, sounds & aroma of the orient. Stop at the Bait Al Zubair Museum for an introduction that traces Oman’s history & development, followed by a drinks reception. About the Venue The hotel is situated in the prime residential, government & diplomatic quarter, only 15 minutes from the airport. Set in 35 acres of palm gardens between the imposing Hajjar Mountains & the pale sand of the Gulf Coast, offering stunning views on each side, it is a ‘resort within the city’. With its proximity to the capital’s business & commercial district, the hotel is the ideal place to stay for business or leisure & to host meetings, company conventions, gala dinners or receptions! See back page for more details.
Page 1 and 2: ALIGNING BUSINESS AND IT STRATEGIES
Page 3: Chief Information Security Officer

Chief Information Security Officer Middle East 2009 - MIS Training

Create successful ePaper yourself

Delete template?

Save as template?