29 february - 3 march 2016 the habtoor grand - dubai, the uae -...

The Middle East’s Connection of C-Level Minds on Cyber Risk – The Investor Issue of Today

Join discussions with:• Air Liquide

• Bank Muscat

• Banque Saudi Fransi

• BP plc.

• British Telecom

• Department of Municipal Affairs, Western Region Municipality, UAE

• Du

• Dubai Islamic Bank

• Federal Bureau of Investigation

• GISBA Group

• Hellenic Telecommunications Organization

• Lloyd’s

• Louisiana-Pacific Corporation

• National Bank of Abu Dhabi

• Ministry of Social Development Bahrain

• Petroleum Development Oman

• Petro Rabigh (Saudi Arabia)

• Riyad Bank

• Saudi Telecom Company

• The Saudi Investment Bank

• University of Kent

SAVE£600

Book Before 31st December 2015

www.cisomiddleeast.misti.com • +44 (0)20 3819 0802 • [email protected]

29 February - 3 March 2016 The Habtoor Grand - Dubai, The UAE

Protecting the Digital Enterprise Today: What will Security Look like in 3-5 Years? How can we Change the Game to Protect Customers,

Brands and Intellectual Property in the Middle East?

8

“This event sets the Security Agenda for the rest of the year!” Director IT and Security, GISBA Group, Saudi Arabia

Keynotes, case studies, discussions:• Cyber Crime & Threat Intelligence – Cloud, Mobile, Data Analytics & Forensics

Capabilities

• Incident Response – Serious Attacks & CERT Responses, Cyber Insurance, Managing Reputation

• Vulnerability Risk Management – Penetration Testing, Human Engineering, Securing Websites

• Securing Smart Cities – CNI & Commercial Infrastructures, Bringing Virtual & Real Worlds Together

• Security Trends & Emerging Technologies – IAM, Encryption, Artificial Intelligence, Internet of Things

7 years of successful CISO Summits in the Middle East

3 TECHNICAL BRIEFINGS DESIGNED FOR CISOS:

1. How Eavesdropping Resistant is Your Organisation?

2. Vetting: Are You Getting Value for Money?

3. Optimising Your Security Testing Programme

SPECIAL KEYNOTE

Achieving Digital Trust: A New Business Model for Security Jeffrey Ritter, Digital Information Expert & Lecturer, University of Oxford

NEW 29 February 2016

Cyber Risk Symposium

Cairo Chapter

Media Partners:Strategic Partners:

Developed and Hosted by:

Platinum Sponsor:

Lunch Sponsor:


7 years of successful CISO Summits in the Middle East

1,045+ = Number of CIOs and CISOs attending CISO Middle East Summits since 2008

n CISO

n Deputy / Manager

n Other Infosec (networks, architecture, application)

n Other Risk Compliance

Dear Colleague,

The vision of the leadership in the United Arab Emirates is to deliver government-designed security in partnership with other institutions to pre-empt hostile actors by diagnosing and treating any disruptive attack on communications and critical infrastructure. Such advanced security design will change cyber security thinking around the world towards pre-emptive design and action.

As regional governments and companies continue investing heavily to protect, detect, and react to global cyber threats, MIS Training Institute plays a vital role in reducing cyber-crime by providing a platform for regional, national, and international cooperation and addressing urgent cyber security challenges at the 8th Chief Information Security Officer Middle East Summit & Roundtable 2016. The event will be returning to Dubai, The UAE, 29 February to 3 March 2016, following its previous successes there and its subsequent tour across the GCC.

Attended by the business community, Ministries of Defence, Police, Royal Navy, Central Banks and CERTS across the GCC region, MISTI’s CISO Middle East Summits are a well-established global platform for CIOs, CISOs, Directors of Information Security, Cyber Security and Technology Risk to meet and build trusted contacts and discuss specific priorities.

The CISO Middle East Summit & Roundtable brings together global companies and governments in the Middle East and GCC region with peers internationally to share insights on recent projects, deployments, transformations and achievements.

Sara HookDirector of Conferences, EMEA & APACMIS Training Institute

Keynotes, Case Studies, Discussions on:• Cyber Crime & Threat Intelligence – Cloud, Mobile; Data Analytics &

Forensics Capabilities

• Incident Response - Serious Attacks & CERT Responses, Cyber Insurance, Managing Reputation

• Vulnerability Risk Management - Penetration Testing; Human Engineering, Securing Websites

• Securing Smart Cities - CNI & Commercial Infrastructures, Bringing Virtual & Real Worlds Together

• Security Trends & Emerging Technologies – IAM, Encryption, Artificial Intelligence, Internet of Things

29 February - 3 March 2016 The Habtoor Grand - Dubai, The UAE

8

Programme for 2016

Monday 29 February CXO Middle East - Cyber Risk Symposium - Connecting CISOs, CTOs, CIOs, CFOs, CROs, CCOs, COOs, CEOs and Board/Committee Members

3 Technical Briefings for CISOs - 1) Testing 2) Vetting 3) Eavesdropping

Tuesday 1 March CISO Middle East Summit - Keynotes,

case studies and discussion from CERTs, Banks, Government, Global Businesses

Wednesday 2 March CISO Think Tank Middle East - Protecting the Digital Enterprise Today: What will security look like in 3 years; how will it get there, what is the intelligence and collaboration strategy and design?

Thursday 3 March CISO Middle East Roundtable

Benchmarking Highlight on CISOs’ priorities

#CISOMiddleEast@mistieurope

Follow us on Twitter


International Speaker Panel• Adam Drabik, Former CISO - Smart Metering, Telefonica; Former CISO, Reckitt Benckiser; Former ISM – Europe, Shell (UK)

• Ahmed Hussain, Director, Reload Consulting (Bahrain) Ali Abdulllah Al-Shayea, CISO, The Saudi Investment Bank (Saudi Arabia)

• Andersen Cheng, CEO, Post-Quantum (Former European Head of Credit Risk Management, JP Morgan)

• Andy Cobbett, Director, Institute of Information Security Professionals (UK)

• Aziza Al Rashdi, Director Cyber Security Professional Services, Oman National CERT / Information Technology Authority (Sultanate of Oman)

• Dan Wittig, IT Security and Governance Manager, Louisiana-Pacific Corporation (U.S.)

• Dorairaj Balasubramanian, Information Security Director, Petroleum Development Oman (Oman)

• Dr. Sally Leivesley, Director, New Risk (UK)

• Eng. Abdul Manan Qureshi, Vice President/Head of Business Continuity, Business Continuity Section, Business Technology Governance, Riyad Bank (Saudi Arabia)

• Irene Corpuz, Planning and IT Security Section Head, Technology and Planning Department, Department of Municipal Affairs, Western Region Municipality (UAE)

• Fritzgerald Kennely, Assistant Legal Attache, Federal Bureau of Investigation, U.S. Consulate

• Feridun Aktaş, Director of Security Governance & Services, Turk Cell (Turkey)

• Habeebu Rehman, Sr. Supervisor - Information Security, Petro Rabigh (Saudi Arabia)

• Javed Abbasi, Director IT and Security, GISBA Group (Saudi Arabia)

• Jenny Reid, Director, iFacts (South Africa)

• Jeffrey Ritter, Digital Information Expert & Lecturer, University of Oxford (U.S.)

• Lady Olga Maitland, Chairman, Algeria-British Business Council (UK)

• Lalit Gandhi, General Manager Audit, Hellenic Telecommunications Organization (India)

• Mahmoud Yassin, Team Lead Security Engineer, National Bank of Abu Dhabi (UAE)

• Marcus Alldrick, CISO, Lloyd’s of London (UK)

• Paul Lemesle, Information Risk Manager, Air Liquide (UAE)

• Richard Cross, Director, Senscia (Belgium)

• Richard Hollis, Director, Risk Factory (UK)

• Dr. Theo Dimitrakos, Chief Researcher - Security Futures Practice Research & Technology, BT and University of Kent (Recognised as an Academic Centre of Excellence in Cyber Security Research by EPSRC and GCHQ)

• Dr. Rocky Termanini, CEO, MERIT CyberSecurity™ Consulting

• Roshdi Osman, Deputy CISO, Head of Information Security Governance, Risk Management and Security Compliance, Banque Saudi Fransi (Saudi Arabia)

• Steve Whitehead, Managing Member, EDS - Business Division of CBIA (South Africa)

• Tamer El Bahey, Senior Director - Security Monitoring & Operations, Du (UAE)

• Tareque Choudhury, Head of BT Security, Middle East and Africa, BT (UAE)

• Tim Grieveson, Chief Cyber Strategist Enterprise Security Products, Hewlett-Packard Company (UK)

• Thomas Totton, GM-Internal Audit, Bank Muscat (Oman)


www.cisomiddleeast.misti.com • +44 (0)20 3819 0802 • [email protected] • +44 (0)20 3819 0802 • [email protected]

Technical Briefing 1: How Eavesdropping Resistant is Your Organisation?Fortune Magazine reported on 25 July 2014 that Sharon Leach a mechanical engineer with a doctorate and a loyal employee of the Ford Motor Company was fired after eight listening devices were found in boardrooms and meeting rooms at Ford HQ. Subsequent investigations led the FBI to Leach. The FBI is investigating a case of possible economic espionage. Would you know if covert surveillance devices are installed in your company boardrooms and sensitive areas? If an organisation could be that vulnerable to covert surveillance in their own offices then just think how the risk increases when companies conduct sensitive business away from the safety of the office. The workshop will investigate the need for regular technical surveillance countermeasures (TSCM) surveys in offices, boardrooms and other areas where sensitive discussions are held to ensure that business executives have privacy to conduct their business securely. The latest technical surveillance attack methods will be discussed with the appropriate cyber TSCM countermeasures.

Led by: Steve Whitehead, Managing Member, EDS (Business Division of CBIA) South Africa

Steve founded CBIA in 1994. He has played a major role in the development and promotion of the use of competitive intelligence (CI) and counterintelligence as a risk management tool. He is one of the most experienced consultants in this unique field in the World. He is an accomplished keynote speaker and has presented papers at a number of local and international conferences held in South Africa, USA, England, Brussels, Germany, France, Australia, Angola and Mozambique. Steve is a former senior Government intelligence specialist and held the rank of Manager (Director) in the South African National Intelligence Agency (NIA) when he resigned in March 1994.

Technical Briefing 2: Are You Getting Value For Money Out of Your Employee Screening Programme?One of the areas that is seldom considered on engagement is the value of the data to which the new employee will be exposed. HSBC had a large number of records of private banking clients in Switzerland returned. These records had been stolen by a previous employee in 2007. We also know of a situation where a political party had thousands of membership application forms stolen from their offices. What is the value of this information in the wrong hands? Very often ex-employees are extremely disgruntled but continue to have links within an organisation and can easily manipulate a situation to obtain valuable data that can be damaging not only to the previous company but could be harmful to the new employer.

• Do you really know where that employee came from?

• Do you really know what that employee did at his previous company?

• Do you know why the employee is wanting to work in your organisation?

• Make sure that your employee screening policy covers all risks in your organisation.

Led by: Jenny Reid, Director, iFacts (South Africa)

Jenny is a sought-after speaker and conference facilitator, both in South Africa and abroad, where her experience, insights and sharp analysis of the sector is valued by organisers and audiences alike. Her fearless attitude and tireless energy have made her stand out in the industry; and she has become an inspiration to other women in the security industry. She started the evolvement of the security sector from the inside, leading with courage. Her integrity and talent was recognised when she became the first woman president of the Security Association of South Africa (SASA) in 40 years. Early on in her career, Jenny developed a passion for employee screening. When she bought the iFacts brand in 2009, she saw an opportunity to help her clients remove risks and develop progressive solutions to employee screening.

Technical Briefing 3 Ethical Hacking and Security TestingMetrics of security testing. “Ethical hackers” gone wild – what can we do to better police the penetration testing marketplace to weed out companies that exhibit unethical behaviors and tarnish the reputation of a vital industry? The Bank of England’s CBEST scheme. Teaching risk based assessment to pen testers: How to prevent stupid non-findings. Penetration testing was an art form, many years ago, with testers taking the time to evaluate and discuss findings, and most pen test reports reflecting an agreement on the business risk and the best and most effective remediation measures. Today, it feels like an industry, with standard tools, polished contracts, and sleek reports that list pages over pages of more or less confirmed vulnerabilities, non-findings with no business value, or half-truths in cryptography.

Led by: Richard Hollis, Director, Risk Factory (UK)

Richard Hollis is the Chief Executive Officer for Risk Factory Ltd, a unique information security risk management consulting firm specialising in providing cost-effective, independent information risk management & testing services. Richard possesses over 30 years of “hands on” skills and experience in designing, impl ementing, managing security testing programs.

Middle East Cyber Risk Symposium Connecting CISOs, CTOs, CIOs with CFOs, CROs, CCOs, COOs, CEOs, Board & Committee Members Led by:• Richard Cross, Director, Senscia (Belgium) • Lady Olga Maitland, Chairman, Algeria-British Business Council (UK) • Tamer El Bahey, Senior Director - Security Monitoring & Operations, du (UAE) • Thomas Totton, GM-Internal Audit, Bank Muscat (Oman)• Adam Drabik, Former CISO - Smart Metering, Telefonica; Former CISO, Reckitt Benckiser; Former ISM – Europe, Shell (UK)

Cyber risk is higher on the Board agenda than ever before and companies now accept that a security breach is inevitable. Given the real threat to customer data, privacy and intellectual property, information security is a reputational risk that is becoming increasingly of interest to a wider audience. In the context of responsible investment, the Environmental, Social and Governance (ESG) community is now engaged, as investors and companies are required to take a wider view of the full risk spectrum and opportunities. Audit and Risk Committees are asking for increased assurance about how cyber risk is managed. Additionally, new regulations in some jurisdictions (such as the ‘Senior Managers’ Regime’ in the UK) make CEOs, Non-Executive Directors and other senior persons within a company personally liable for security breaches. It is clear that dealing with cyber threats must become a key element of every company’s enterprise risk management, given reputations at stake.

This unique thought leadership Symposium is ideal for C-level executives and board members to discuss current challenges in a cross-functional environment to better understand the current and emerging cyber security risks - knowing your business and what to protect and knowing security and how to protect.

From the CISO perspective: it presents a rare chance to question other C-level and board members about how best to present the message to be heard and about how cyber risk fits into the big picture of business risk and governance.

Equally, Boards of Directors and other C-level executives need to be able to manage cyber threat issues in a consistent, practical and ethical way and this is a unique chance to hear directly from cyber security experts. A rare opportunity for CISOs to connect with CIOs, CFOs, CTOs, CEOs and Non-Executive Directors from across the Middle East, on the various expectations. Join the discussion!

• How can we engage in a longer-term security strategy against cyber-crime that the C-Suite will appreciate?

• How can the CISO develop an action plan to gain traction with the CIO, CTO, CFO, CEO, Audit Committee, Board

• What’s the right level of communication to business stakeholders? What are the keys to winning budget?

• What can boards do to improve business performance around cyber risk? What do we need to know?

• How do we best understand information security in the big picture of business risk?

• How can we increase security governance? What should the investor response be?

• How are companies mitigating cyber risk? How do we build security into organisational culture

13:00-14:00 Welcome Lunch 14:00-14:10 Chairman’s Opening 14:10-14:30 Keynote Insights by CEO 14:30-15:00 Case Studies Panel 15:00-16:00 Roundtable Discussions 16:00-16:20 Summary & Close 16:20-17:30 Networking Reception

Morning:

Afternoon:

08:30-09:00 Breakfast & Coffee 09:00-10:00 Technical Briefings 1 10:00-10:20 Break 10:20-11:20 Technical Briefings 2 11:20-11:40 Break11:40-12:40 Technical Briefings 3 12:40-13:40 Lunch

Monday 29 February 2016 3 Technical Briefings for CISOs



Day One08:30 Coffee & Registration

09:00 Chairman’s Opening Marcus Alldrick, CISO, Lloyd’s of London (UK)

09:20 What CISOs can learn from ‘The Moscow Rules’: Understanding your Risk Context in Order to Achieve the Most Effective Defence Keynote Moscow Rules were an informal set of rules when knowingly operating in an environment where they were being actively countered and opposed, but not via direct confrontation, but rather through indirect and stealthy methods. This form of opposition is the closest model to operating an Information Security protection programme, subject to attacks both from external and internal sources. So how does a CISO make reasonable steps to get a good outcome from their programme, when they are surrounded by uncertain actions perpetrated by unidentified actors? How do they create the right expectations of security when there is a high likelihood that members of their own organisation will undermine their efforts? Moscow Rules updated for 21st century cybersecurity.

Richard Cross, Director, Senscia (Belgium)

09:50 Cyber Crime & Threat Intelligence Keynote Tim Grieveson, Chief Cyber Strategist Enterprise

Security Products, Hewlett-Packard Company

10:10 Achieving Digital Trust: A New Business Model for Security Special Keynote Followed by Book Signing Jeffrey Ritter, Digital Information Expert & Lecturer, University of Oxford

10:50 Coffee Break

11:20 The Cognitive Early Warning Predictive System™: Using the Smart Vaccine™ (CEWPS/SV)” - Replication of the Human Immune System for the Digital World that will Revolutionize Cyber Security Case Study of How the Digital Immunity Predicts Incoming Attacks

This keynote will show how with the help of (CEWPS) a city like Dubai becomes a totally secure. As a smart city, all the critical systems that manage the infrastructures will be immunized (Like Humans) with Vaccination-as-a-Service (VaaS) against massive attacks. CEWPS/SV is the composite of Artificial intelligence, grid computing, and autonomic computing, cloud computing and Big Data computing.

• Early Warning predictive system to protect the power grid in smart cities (case study) with the Smart Vaccine

• Artificial Intelligence in cyber security, Big data fusion and cyber security

• What will security look in 3-5 years?

• How we built the security layer around the smart city to defend SCADA systems of the power grid

• How AI has penetrated the domain of cyber security, and how we built the autonomicity of the Smart Vaccine

• Promising emerging technology (Intelligent Digital Immunity), supplemented with case studies for different types of attacks - one of the highlights of the summit!

Dr. Rocky Termanini, CEO, MERIT CyberSecurity™ Consulting

11:40 Securing Smart Cities, Critical National & Commercial Infrastructures - Bringing Virtual & Real Worlds Together Case study

Eng. Abdul Manan Qureshi, Vice President/Head of Business Continuity, Business Continuity Section, Business Technology Governance, Riyad Bank (Saudi Arabia)

12:00 Pen Testing and Vulnerability Risk Management Hands on Experience Keynote

• Reducing risk: detect – prioritize – remediate • Tools • Vulnerability management: What are your options Irene Corpuz, Planning and IT Security Section Head,

Technology and Planning Department, Department of Municipal Affairs, Western Region Municipality (UAE)

12:20 Lunch

13:20 Emerging Trends to Best Understand Adversaries and Build Resilient Security Capabilities? Futuristic Panel

Panellists: Shadi Khoja, Strategy Director, SmartCity, Dubai Holdings – invited; Jeffrey Ritter, Digital Information Expert & Lecturer, University of Oxford (UK & U.S); Fritzgerald Kennely, Assistant Legal Attache, Federal Bureau of Investigation, U.S. Consulate; Dr. Rocky Termanini, CEO, MERIT CyberSecurity™ Consulting; Tareque Choudhury, Head of BT Security, Middle East and Africa, BT (UAE)

13:50 Counter Terrorism and Cyber Keynote Fritzgerald Kennely, Assistant Legal Attache, Federal

Bureau of Investigation, U.S. Consulate

14:20 Spoofing the Digital Built Environment Exercise Cyber Attack

This is an exercise for CISOs, CEOs and CSOs responsible for critical national infrastructure who are concerned about emerging threats over the next three to five years. Exercise participants will role play a scenario of responding to an cyber and physical attack which involves physical access to a critical infrastructure building by terrorists who have gained access by spoofing the building control systems to deceptively appear to be secure. Participants in the exercise will develop policies, technical solutions and personnel strategies to respond to this attack and capture the terrorists. Discussion points:

1. Can wireless be secured?

2. Can unsecured systems in nearby buildings be a threat to the built environment?

3. When can spoofing be recognised? Are there policies, technological or human systems solutions?

4. How can banks, smart energy systems, refineries, buildings, transport, ports, aviation and telecommunications be protected?

5. Can City cyber administrators help to secure the built environment against spoofing attacks?

6. When terrorists or nation states exploit cyber space can companies and governments cooperate with intelligence and technical solutions?

Dr. Sally Leivesley, Director, Newrisk Limited (UK)

15:10 Coffee Break

15:40 How to Develop Human Capability Keynote

• Growing the security profession

• How to promote people and the right skills on a national level – from schools to the work place

• National level security Andy Cobbett, Director, Institute of Information Security

Professionals

16:00 Towards a Secure and Trusted Multi-Cloud Services Ecosystem: Major Challenges and Emerging Solutions Case Study Case Study

The biggest challenge hindering cloud adoption today is consistently enforcing and managing security policies across many multi-tenant clouds from different providers. In this talk we review security, assurance and IT governance aspects underpinning a response to this challenge and present organisational and technological innovations that enable a multi-provider trusted Cloud ecosystem. Dr. Theo Dimitrakos, Chief Researcher - Security Futures Practice Research & Technology, BT and Professor, School of Computing, University of Kent (Recognised as an Academic Centre of Excellence in Cyber Security Research by EPSRC and GCHQ)

Contributors: Theo Dimitrakos, Simon Pascoe, Gery Ducatel, Fadi El-Moussa

Tuesday 1 March 2016 CISO Middle East Summit – Day One



Tuesday 1 March 2016 CISO Middle East Summit – Day One & Two

Day One continued16:20 Cloud Security and Security Automation:

How this Affects the Risk Profile and Ability to Respond Quickly to External and Internal Risk Financial Sector Case Study Mahmoud Yassin, Team Lead Security Engineer, National Bank of Abu Dhabi (UAE)

16:40 The Fusion of Big Data and Cyber Case Study Tareque Choudhury, Head of BT Security, Middle East and Africa, BT (UAE)

17.00 Automation, Maturity and Government Initiatives: Bringing Virtual and Real Worlds Together CIO Discussion

Government initiatives for security and COOP are still solidifying. This panel will consider;

• Holistic risk mitigation strategies

• Alignment to standards

• Automation and localization

• GRC convergence/ dashboard and reporting

• Broader government level initiatives

Chaired by: Eng. Abdul Manan Qureshi, Vice President/Head of Business Continuity, Business Continuity Section, Business Technology Governance, Riyad Bank (Saudi Arabia); Roshdi Osman, Deputy CISO, Head of Information Security Governance, Risk Management and Security Compliance, Banque Saudi Fransi (Saudi Arabia)

17:30 Close of Day One

18:00 Group Reception and Dinner

Day Two08:50 Chairman’s Re-Opening Marcus Alldrick, CISO, Lloyd’s of London (UK)

09:00 A 360o Dashboard: Rosetta Stone for Information Security Gibberish Case Study

• The need for building security dashboards

• What KPIs should show on a security dashboard

• How can make security information readable at the CXO level

Tamer El Bahey, Senior Director - Security Monitoring & Operations, Du (UAE)

09:20 Counter intelligence: Enhancing Business Continuity and Supporting Security Keynote

The aim is to provide Chief Information Security Officers, decision makers and those responsible for the safeguarding and protection of information in their organisations with the insight to understand counter-intelligence and how it differs from other streams of information management practices. What others know about an organisation can make or break that organisation’s ability to compete in the future! Appropriate protection forms an integral part of an organisation’s business strategy. The presentation will provide a realistic view of the importance of practising counter-intelligence in today’s highly competitive environment.

Steve Whitehead, Managing Member, EDS (Business Division of CBIA) South Africa

09:40 Do You Have A Plan B? Getting Security Incident Response Right Case Study Adam Drabik, Former CISO - Smart Metering, Telefonica; Former CISO, Reckitt Benckiser; Former ISM – Europe, Shell (UK)

10:00 Effective Crisis Management Programme for Cyber Security

• Evaluation of cyber security preparedness based upon the business environment

• Profiling of Cyber Security threat with the current environment

• Devising an effective Cyber Security Crisis Management Process & Procedure

Habeebu Rehman, Sr. Supervisor - Information Security, Petro Rabigh (Saudi Arabia)

10:20 Morning Coffee Break


Wednesday 2 March 2016 CISO Middle East Summit – Day Two Wednesday 2 March 2016 CISO Middle East Summit – Day Two

THINK TANKS

Platinum Sponsor:

Timings:11:00-11:10 Introductions 11:10-12:10 Roundtable Discussions 12:10-12:30 Summary of Findings & Close 12:30-13:40 Lunch

Day Two Continued

CISO Think Tank – Middle East

A CISO Best Practice Guide to Protecting the Digital Enterprise Today

The CISO Think Tank Middle East provides the opportunity for CISOs and senior information security professionals to examine in-depth and with combined peer brain power, tried and tested ways to deal with different phases of a particular area of challenge. This includes sharing successes with peers as well as failings. Facilitators will make detailed notes for contribution to the tangible takeaway. A findings report will be distributed to all attendees following the event with the combined thoughts and conclusions from CISOs from international companies.

• What will security look like in 3 years

• How will it get there

• What is the intelligence and collaboration strategy and design

• Bringing virtual and real worlds together

Co-Chaired by:

Marcus Alldrick, CISO, Lloyd’s of London In his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood and adequately mitigated in a cost effective manner throughout the corporation, both in the UK and in its overseas locations. His role extends to providing assurance to this effect to Executive, Senior and Line Management. Marcus also has corporate responsibility for Data Protection and Privacy and provides thought leadership on emerging information related risks pertinent to the Lloyd’s market. Marcus has worked in IT for over 35 years, specialising in information risk, protection, security and continuity for the latter 22 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, working in IT Advisory and specialising in information security strategy definition and implementation. Before that Marcus was Head of Information Security for Abbey National plc, a leading UK bank, a position he held for six years following seven years as Information Risk and Security Manager for Barclaycard, a leading card issuer and merchant acquirer and part of Barclays plc.

Tim Grieveson, Chief Cyber Strategist Enterprise Security Products, Hewlett-Packard CompanyTim Grieveson is the Chief Cyber Strategist for EMEA within the Enterprise Security Products division at HP. In this role, Mr. Grieveson is responsible for driving strategic initiatives for the ESP Security Strategy group and providing thought leadership and insight regarding the ever changing global threat landscape. Prior to joining HP, Mr. Grieveson held both the CIO and CISO roles at G4S Risk Management, which is part of the G4S group and one of the world’s largest private employers with a staff of 625,000 in over 125 countries. During his time at G4S, Tim was responsible for the direction and strategy of Global ICT and Information Security at the firm. Prior to G4S, Tim held various IT and Security executive leadership roles at Constellium, Bluesource Information Ltd, BT Global Services and Morrison Utility Services. Tim is a member of the Advisory Board for the UK Information System Security Association (ISSA), was honored as CIO of the Year by the EC-Council in 2013 and was named in the 2014 Huffington Post’s Top 100 Social CIO’s on Twitter. Tim is a frequent speaker and blogger with a keen interest in helping global enterprises protect themselves from cyber criminals while championing the notion that security should be positioned as an enabler of the business rather than another IT cost centre. Tim brings 20 years of IT leadership experience, holds multiple security certifications including CISM and C|CISO and is quite active in the global information security community.

Tamer El Bahey, Senior Director - Security Monitoring & Operations, duWith over 15 years of experience in the information security field, Mr. El Bahey was part of the initiation, establishment, and operation of multiple information security functions within different organizations across the Middle East. Tamer holds a B.Sc. in Aerospace Engineering and one of the early CISSPs in Egypt. He is a frequent speaker in different regional and international events where he shares his practical experience. Tamer is currently leading the security monitoring and operations within du, where they combat cyber threats every day.

13:40 The Insider Threat to Cyber Security Jenny Reid, Director, iFacts (South Africa)

14:00 Security of the Internet of Things

• Why enterprises need to step up their IoT security efforts

• How the growth rate of the Internet of Things (IoT) is outpacing IoT security efforts

• Avoiding a serious breach of privacy

Richard Hollis, Director, Risk Factory (UK)

14:20 Trials and Tribulations of a Corporate CISO Case Study

Louisiana Pacific is a $2.5 billion company with manufacturing plants in the USA, Canada, and South America and with customers throughout the world including the Middle East. Dan has over 20 years of IT security experience including the last 6

years at the CISO or programme level – including SAP security.

Dan Wittig, CISO, Louisiana-Pacific Corporation (U.S.)

14:40 Please Select your Preferred Case Study Q&A Session:

Case Study 1: Information Security Awareness Programme for an Enterprise

Dorairaj Balasubramanian, Information Security, Petroleum Development Oman (PDO)

Case Study 2: Social Media Security Lalit Gandhi, General Manager Audit, Hellenic Telecommunications Organization (India)

15:10 Afternoon Tea Break & Sponsors’ Prize Draw

15:50 Incident Response & Serious Attacks: How Have CERT Teams Responded to Advanced Persistent Threats Panel of Case Examples

• What vulnerabilities could be affecting your organisation?

• How data is stolen from enterprises using malware, social engineering, spyware, phishing?

• What single security technology or approach could make a difference/ be a game-changer?

• How to avoid human engineering virus penetrations –

methods for this

Panellists: Tamer El Bahey, Senior Director - Security Monitoring & Operations, Du (UAE)

Tareque Choudhury, Head of BT Security, Middle East and Africa, BT (UAE)

Ahmed Hussain, Director, Reload Consulting (Bahrain)

16:20 Thought Leadership Roundtable Discussions on Key Emerging Trends

Roundtable 1: Developing PCI Standards for Risk Management Not Compliance

• Why your focus should be on security not compliance or certification

• What resources are available to help with payment card data security

Roundtable 2: Cyber Security Insurance Trends Case Study

A recent report from PricewaterhouseCoopers suggests the $2.5 billion cyber insurance industry will triple to $7.5 billion by 2020. Without necessary innovation in the insurance space, it has been suggested that tech competitors may step in to take over the market.

Roundtable 3: Police Use of Cyber Forensics and Development of Cyber Capabilities Keynote

• Computer Fraud/Intrusion (recognizing necessary culture to avoid compromises)

• Computer Forensics and the importance of Preserving Evidence

• Prosecution landscape

• Securing commercial and government websites against DOS

attacks

17:00 Close of Day & Networking Function


Thursday 3 March 2016 CISO Middle East Summit – Day Three


Day Three

Protecting Critical National and Commercial Infrastructures

The Chief Information Security Officer Middle East Roundtable is held in a ‘closed door’ environment to encourage openness in the group discussions, which are conducted via a combination of facilitated group discussions. The 2016 Roundtable will run in an advanced technical manner with a senior person from the region doing a lead on industry requirements and CISO’s solutions at a senior level – to cover technical advances in the GCC region and solutions to threats and insider risk management etc.

The Roundtable will be run at the level of top corporate – it is seen by the attendees as a serious regional meeting so we encourage you not to miss this part of the event. Attendees will be invited to input feedback in advance and input their own key challenges. An anonymised output report will be distributed to attendees following the event.

Co-Facilitators:

Andy Cobbett, Director, Institute of Information Security Professionals (UK)

Dan Wittig, IT Security and Governance Manager, Louisiana-Pacific Corporation (U.S.)

Dorairaj Balasubramanian, Information Security Director, Petroleum Development Oman (Oman)

Feridun Aktaş, Director of Security Governance & Services, Turk Cell (Turkey)

Javed Abbasi, Director IT and Security, GISBA Group (Saudi Arabia)

Mahmoud Yassin, Team Lead Security Engineer, National Bank of Abu Dhabi (UAE)

Marcus Alldrick, CISO, Lloyd’s of London (UK)

Paul Lemesle, Information Risk Manager, Air Liquide (UAE)

Richard Cross, Director, Senscia (Belgium)

Countering Insider Threats - Simple. As Long as no one can have the “Golden Key” Keynote

Andersen Cheng, CEO, Post-Quantum (Former European Head of Credit Risk Management, JP Morgan)Mr Cheng has been involved in cyber security and counter terrorism ventures for a number of years. His current venture specialises in post-quantum computing secure encryption, authentication and non-repudiation solutions. The company has been engaged in projects with Barclays, the UK government, NATO and other financial institutions. Prior to that, Andersen was the COO of the Carlyle Group’s European venture fund and a founding member of LabMorgan, the e-finance unit of JP Morgan. Before that, he was the European Head of Credit Risk Management at JP Morgan. Andersen obtained his BSc Civil Engineering and MSc Management Science degrees from Imperial College, London; and qualified as a Chartered Accountant with Deloitte specialising in computer security and audit.

Timings:09:00-09:10 Introductions 09:10-10:00 Roundtable Discussions 110:00-11:00 Roundtable Discussions 211:00-11:30 Coffee Break 11:30-12:10 Roundtable Discussions 312:10-13:00 Roundtable Discussions 413:00-14:00 Lunch & Close

An Output Report will be provided with notes from the discussions - a useful tool for action back in the office to ensure that the Roundtable is not an ‘end in itself’.

The Summit and Roundtable are hosted under The Chatham House Rule“When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed”. The world-famous Chatham House Rule may be invoked at meetings to encourage openness & the sharing of information. It is now used throughout the world as an aid to free discussion

“ I personally have managed to attend them all and am very satisfied!” Head, Risk & Information Security, Arab Financial Services, Bahrain

“ Excellent for sharing and challenging information and experience with security specialists from different market sectors and countries” Head of IT Security Division, Banque du Liban, Lebanon

“

“ Very useful on risk decision taking & creating value & trust between information security & the business” Director, Information Technology Authority (ITA) of Oman

“ Great conference & I wish MIS all success for future such events that I also hope to attend” CISO, Jumeirah Group, UAE

“ Comprehensive and eye opening event for opportunities to promote security as a business empowerment!” Head of Information Security, Abu Dhabi Securities Exchange, UAE

”

Attendee Testimonials


Thursday 3 March 2016 CISO Middle East Summit – Day Three

Platinum Sponsor:

29 February - 3 March 2016 The Habtoor Grand - Dubai, The UAE 4 WAYS TO REGISTER

Tel: +44 (0)20 3819 0802

Email: [email protected]

Post: 7th Floor Dukes House 32-38 Dukes Place, London, EC3A 7LP

Online: www.cisomiddleeast.misti.com

VENUE & ACCOMMODATION

The Habtoor Grand - Dubai, The UAE The Habtoor Grand Beach Resort & Spa5 Star - Jumeirah Beach DubaiSituated on Dubai’s world-famous Jumeirah Beach and adjacent to the magnificent Dubai Marina, the Habtoor Grand Beach Resort & Spa, Autograph Collection Dubai occupies one of Dubai’s most enchanting beachside locations

grandjumeirah.habtoorhotels.com

Room RatesSingle Occupancy: AED 900++

Double Occupancy: AED 975++

Room rate is subject to 10% service charge, 10% municipality fees and “Tourism Dirham” Fees of AED 20, per room, per night.

Room rate is inclusive of breakfast and internet service.

Sponsorship opportunities The Summit and Roundtable is the perfect platform to demonstrate your organisation’s vigorous stance on information security, at a time when organisations and governments are moving to address the growing issue of Cyber Risk.

1. Showcase your market knowledge and maximise brand leadership on an international platform

2. Have new contacts and customers come and find you rather than the other way around

3. Save time and money by scheduling a year’s worth of meetings in just 4 days

4. Improve your client coverage with greater presence

5. Network on a peer to peer level with C-level executives and heads of information security from across the Middle East region. Host a memorable networking dinner!

To discuss your specific requirements and the opportunities available, please contact Constance Belinga on +44 (0)20 3814 3681 or email [email protected]

8

TIER 1: EARLY BIRDBOOK BY 31 DECEMBER 2015

TIER 2: STANDARD PRICEBOOK BETWEEN 31 DECEMBER 2015 – 11 FEBRUARY 2016

TIER 3: LATE PRICEBOOK AFTER 11 FEBRUARY 2016

IndividualCost: £1,595Save £600 + Free Book*

IndividualCost: £2,195Save £400 + Free Book*

IndividualCost: £2,595

Bring a Colleague Save 10%Group of 3 Save 15%Group of 5 Save 20%



Please note: The above pricing does not apply to vendors or consultants to the information security community.

Above Pricing includes• 3 Technical Briefings Designed for CISOs (29 Feb, am)• NEW - CXO Cyber Risk Forum Middle East (29 Feb, pm)• 2-Day CISO Middle East Summit (1-3 March, all day)• CISO Middle East Think Tank: Protecting the Digital Enterprise Today (2 March, pm)• CISO Middle East Roundtable (3 March, am)• *FREE Signed Book “Achieving Digital Trust” – Jeffrey Ritter, a Keynote Speaker at

the 2016 Summit!

Plus• Invitation to confirmed networking receptions & dinners • Lunches and daily refreshments • Links to all materials and group output reports • Up to 30 CPE Points and certificates for Continued Education


*Receive your FREE signed book copy onsite! Book by 11 February 2016 to qualify.Alternatively copies will be available to purchase onsite.

Achieving Digital Trust: The New Rules for Business at the Speed of Light – by Jeffrey Ritter (Keynote Speaker at CISO Middle East 2016!)

Marc Benioff, CEO of Salesforce.com, declared “The digital revolution needs a trust revolution.” Now, there is a book that delivers the weapons required to enter and win the battle to achieve digital trust.

No decision in the 21st Century will be made in business or government without relying on digital information. Can you trust the information you use to make decisions? Can your decisions be trusted by others? Trust is under attack, making

every decision more vulnerable. The same is true for customers and for each of us in our daily decisions–without trust, spending and other choices shift to other options. To achieve digital trust, Jeffrey Ritter explored trust itself and discovered something remarkable–trust is not an emotion but a calculated decision. That simply truth unlocked a new way to think differently about trust, and digital trust, and how to build something new, rather than merely patch the status quo. Described by reviewers as “essential reading for corporate executives,” “ground-breaking,” “fascinating,” and a book that “will transform the dialogue about governance in a digital world,” Achieving Digital Trust boldly declares risk management dead as a business discipline and offers, instead, an integrated strategy for building something new-digital trust.

Schedule of Networking Activities - Explore DubaiMISTI takes networking seriously and the dinners and activities are an integral part of any CISO Summit experience. All activities are subject to confirmation, to be included in the attendee fee.

29 February Welcome Reception

1 March Dinner at Atlantis The Palm

2 March Dhow Cruise or Other Cultural Activity

Dubai has long since forged its reputation as the Middle East’s fastest-growing, most dynamic and exciting cosmopolitan city - a melting pot of different cultural and lifestyle experiences. Its business, leisure and transport infrastructure and world-class events calendar has made it the region’s number one visitor destination. Few cities, if any, can claim the huge achievements of this major global player. Ideally positioned as a gateway between east and west, Dubai remains the Arabian Gulf’s central foreign investment hub. More than 100,000 companies have set up in the city, encouraged by liberal taxation and supportive economic policies. Home to more than 150 nationalities, Dubai boasts the most modern amenities found anywhere in the world – both in its entrepreneurial business environment, and things to do, see and experience. Experience Dubai’s unique landmarks, diverse dining options, huge choice of hotels and rich cultural heritage. Dubai is where the world meets.

Developed and Hosted by:


29 february - 3 march 2016 the habtoor grand - dubai, the uae -...

Documents