Enterprise Security

Chairpersons welcome and opening remarks.

• Implementing new procedures due to the challenges brought about by remote working, the increase of device usage, and more online activity through additional technologies. 
• Describing challenges around the increase of cyber-attacks on a global scale. 
• Introducing a culture of cyber security in organisations, with more businesses now introducing relevant policies. 

• Why should third-party risk management be central to your cyber security strategy? 
• Identifying a higher risk vendor by using the relevant frameworks. 
• Streamlining metrics effectively to remain secure. 

• Understanding various cloud computing services and how they are used.  
• Discussing best practices within cloud security, in order to be proactive rather than reactive. 
• Choosing the right cloud provider which protects against misconfigurations, cyber-attacks, authentication, and access management. 

• Improving your cyber readiness in advance of cyber insurance renewals. 
• Recent challenges around cyber insurance policies, and predictions for future audits. 
• How to be forward-thinking in the eyes of a cyber insurance underwriter. 

• Explaining the importance of a zero-trust approach, and how it strengthens a company. 
• Outlining the steps involved when implementing a zero-trust architecture. 
• Adopting culture and leadership skills to sustain a mature cyber security practice. 

• The balancing act of business disruption or data exposure. 
• Staying abreast of new strategies, technologies and regulations to protect the organisation. 
• Understanding how all areas of the company work, seeing the bigger picture. 

• Strengthening data security practices and deploying the relevant software, to provide as much automation as possible. 
• Educating the workforce so they can detect when a data loss prevention occurs and know how to respond appropriately. 
• How to categorise and prioritise data, to understand when it is at risk. 

• Defining the various types of accidental and intentional insider threats. 
• Reviewing protocols and controls for detection and monitoring. 
• Reporting insider attacks in the smartest way to protect your organisation. 

• Recent data privacy laws in various geographical locations. 
• Difficulties when adhering to multiple compliance schemes at once. 
• Challenges for regulators as they try to keep up with rapidly surging cyber security threats. 
• Finding the right cyber security program for assisting with compliance issues. 

• Creating information security policies which are transparent and commonly understood across the organisation. 
• Making employees feel rewarded, empowered, and supported, so they react positively to company guidelines. 
• Introducing a top-down plus a bottom-up approach. 

• Assessing the weaknesses which an attacker would spot and therefore target. 
• Working out what damage can be done with the information gained. 
• Using this information to safeguard an organisation against future incidents. 

• Asking the question of “what are we actually consenting to?” when it comes to cookies. 
• The disastrous consequences of cookie hijacking and cookie poisoning. 
• Which types of cookies should be configured or blocked to enable the strongest privacy protection. 

• Recent developments in MFA, biometrics, ZZO, SSO, and other alternatives to entering passwords; how these are evolving. 
• The pros and cons of eliminating passwords altogether. 
• Technological improvements to assist with authentication processes. 

• Complying with financial crime, cyber security, and data protection regulatory requirements. 
• Implementing the most effective controls to mitigate digital payment security risks. 
• Measuring risk appetite vs risk tolerance. 

• Data breaches, ransomware and malware, vulnerability of legacy systems, insecure medical devices and equipment, insider threats, DDoS attacks, lack of documented cyber and governance policies, cloud-based threats, phishing attacks, lack of cyber awareness. 
• Controlling systems and data proactively, so they are protected against cyber threats. 
• Emphasizing the importance of information security across the workplace, not allowing data access to all employees. 

• Revealing current statistics of the overall cyber security staff shortage. 
• Considering recruitment issues, such as aiming too high when it comes to certifications, but also hiring individuals with a limited skillset. 
• Speaking about employee retention challenges, with the ever-changing cyber landscape. 

View day 2 content here:

• Accelerating Digital Transformation