PDF Download March 21, 2017 Agenda (PDF)

CISO Summit France
March 21, 2017

↓ Agenda Key

View detailsKeynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

View detailsExecutive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

View detailsThought Leadership

Solution provider-led session giving high-level overview of opportunities

View detailsThink Tank

End user-led session in boardroom style, focusing on best practices

View detailsRoundtable

Interactive session led by a moderator, focused on industry issue

View detailsExecutive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

View detailsFocus Group

Discussion of business drivers within a particular industry area

View detailsAnalyst Q&A Session

Moderator-led coverage of the latest industry research

View detailsVendor Showcase

Several brief, pointed overviews of the newest solutions and services

View detailsCase Study

Overview of recent project successes and failures

View detailsOpen Forum Luncheon

Informal discussions on pre-determined topics

View detailsNetworking Session

Unique activities at once relaxing, enjoyable and productive

Tuesday, March 21, 2017 - CISO Summit France

7:00 am
-
7:55 am

Registration and Networking Breakfast

8:00 am
-
8:10 am

Welcome Address and Opening Remarks

8:10 am
-
8:50 am

Keynote Presentation

Why Large Organisations Are Now Adopting a Cloud Security Approach

Market drivers such as Mobility, Changing Network Traffic Patterns, Cost Reduction, and Increased Security Requirements set against a backdrop of escalating threats are all inputting to a mass move to Cloud based Web Security. Recent high profile security breaches, coupled with the damage to company brand, reputation and high financial penalties, means that cyber-security is now on the boardroom agenda. This is no longer just an IT issue, it is a corporate risk issue, impacting the role of the CISO, who is now expected to provide meaningful and actionable security intelligence to board members.


Takeaways:

  • Discuss the emerging trends in cyber-security that CISO’s need to be aware of 
  • Explore how the mega trends have implications for security
  • Learn the latest methods cyber-criminals use to infiltrate organizations 
  • Hear use cases and best practices in adopting a “direct-to-cloud” approach

8:55 am
-
9:35 am

Keynote Presentation

Large Scale Digital Transformation Done Right!

Recently Philips went through a large-scale digital transformation to become more agile, to bring technology innovations such as IoT and change their business model to focus on solutions and services.

Anosh Thakkar, the CTO of Philips will share the journey and learnings. He will also share how you can deliver on small innovations using “Mode-2” mindset while delivering on a large transformation in parallel.

9:45 am
-
10:15 am

Executive Exchange

Think Tank

Building a Dynamic Security Dashboard

Today, threats have become far more sophisticated, a constant concern for any organisation. They can damage the reputation, bottom line and the future of your business should you face a breach. Given this dangerous landscape, it is no wonder that one of the most common requirements for a CISO is to develop a security dashboards - a powerful communication vehicle for all information security professionals.

An effective security dashboard needs to do more than provide personnel, it needs to provide CISOs, with the tools to report on all incidents and evaluate security risks as well as monitor the panoply of security solutions the company employs. For CISOs there does not seem to be a Provider out there that offers a fully comprehensive solution, the ones offered are customizable, but this variety begs the question: What features does a CISO want to make a security dashboard most effective?

Think Tank

Education Education Education

In many cases hackers are far more sophisticated than most people give them credit for. However, Cyber-criminals usually have some help, and it usually comes in the form of the negligence of an average employee. Hackers depend on company employees, from executives down to junior staff members, to create openings, allowing them to gain access to organizations’ most sensitive networks.

One of the most crucial aspects of the CISO function within a business is to ensure users are educated regarding the business security policies and the implications of any , however for some industries employ turnover is great year on year, as such how can you ensure users are fully educated around Internal security policies?

Takeaways:

  • Strategy & Policy for educating users on Information Security Standards 
  • The whole business must be responsible for the protection of its data, as a CISO the role should be to guide the business in the right direction 
  • Uniting your organisation with a uniform structure users kept up-to-date on regulatory changes and requirements

10:20 am
-
10:50 am

Executive Exchange

Thought Leadership

It Takes Years to Build a Brand and Only Seconds to Destroy It

There's a well-known saying, attributed to FBI Director James Comey, that there are two types of businesses: "Those who've been hacked... and those who don't know they've been hacked" an opinion borne out by study after study that shows as many as 90% of businesses already have been hacked. It’s time to face the facts—traditional security just isn’t enough. Most enterprises have a purpose-built perimeter, network, and endpoint security in place, but they don’t solve the “application security” challenge and don't protect all of the business-critical data and applications. It's time to start thinking about protecting what really matters - you data and you applications - because by keeping them safe, you’re also doing the same for your reputation.

Takeaways: 

  • The threat landscape is ever evolving and we need to be vigilant to prepare for those changes 
  • As we move from protecting networks, through protecting data and on to protecting brand we need to find new allies in the fight and the CMO can be that friend in need 
  • Focusing on the business impact of attacks and breaches can help peers and the board become proactive in the security discussion

10:55 am
-
11:25 am

Executive Exchange

Roundtable

The Boardroom Disconnect

There is an inability within the boardroom to understand and realize actual challenges that the business faces, and how IT can support it. With the constant need to drive down costs, and do more with less, the IT Security department has to compete with other business functions. The CISO faces an additional challenge, many of the protective measures are costly however it is often extremely difficult to demonstrate a substantial ROI unless a breach occurs – How can the CISO effectively communicate the information security needs to the business in order to be given the right tools to do the job?

Takeaways:

  • Communication is key, being able to effectively communicate with the business is critical 
  • Achieving a demonstrable ROI for information security investment is a challenge, however demonstrating the implications of breach delivers a clearer message to the board

Roundtable

Cyber Security – Who’s Responsibility?

“No country, industry, community, or individual is immune to” – Cyber Risks –The Department of Homeland Security.

The greatest shift in cybersecurity relates to the focus and the responsibility – moving from strictly an “IT issue” to an issue for the entire business. The financial impact of a breach can have disastrous effects on an organization and its reputation. It is being recognized as a key investment needed to protect not only information and assets, but reputation and shareholder value.

However, have cybersecurity programs transitioned from a “nice to have” to a full-blown differentiator for an organization?

Takeaways:

  • Spreading the responsibility for cyber defences across the organization relates to education of the users 
  • For many enterprises reputation is key to staying ahead of the competition, consumer loyalty has gone out of the window in recent years. Delivering outstanding secure service is paramount 
  • With the treat landscape changing so rapidly the whole business needs to be conscious of the implications of a breach

11:30 am
-
12:00 pm

Executive Exchange

Roundtable

The Rise of the CIRO-Chief Information Risk Officer

The rise in digital technologies has dramatically increased the risk to an enterprise business. With business needs at the forefront of the C-suites’ agenda, the natural evolution of the risk/security function has taken a business driven approach to IT security, policies and procedures.

The rise of the CIRO supports the increased regulatory landscape, with policy creation as a risk management solution, and therefore supporting the company’s business processes.

Is adding a CIRO to the C-suite a necessary transition of the current CISO role?

Roundtable

The Digital Age: Information Governance

The rise of digital business and IoT requires a shift in attitude towards Information Governance. No longer can organizations treat the various policy types of information governance as solid, discrete issue or activities. This session aims to discuss the following key points:

  • How can you organize and structure information governance policies to survive and thrive in digital business? 
  • How does information governance fail to support current and future digital business needs?
  • What are the range of policies organizations need to consider for their digital transformation? 
  • How to build and sustain a modern, timeless, business process to operationalize information governance?

12:05 pm
-
12:35 pm

Executive Exchange

Think Tank

Investing in People vs Technology: How CIO’s Can Efficiently and Cost Effectively Raise Phishing Awareness of Their Employees?

Situation: Phishing attacks have become one of the major threats to the IT systems of enterprises as well as one of the success factors of Advanced Persistent Threats (APT) According to Gartner, 3.6 million clients in the U.S. alone had lost capital due to phishing attacks. The losses had been reached up to approximately U.S. 3.2 billion. Every year enterprises invest billions of dollars in enhancing their Cyber Security. According to a recent survey 90% of the CIO’s indicated that they invest between 90% and 95% in technology and 5%-10% in training People. In order to cope with the growing phishing threats most organizations have the following countermeasures in place to raise phishing awareness of their employees:

  • Comprehensive Information Security Policy 
  • Security trainings
  • Computer trainings 

Complication: Those countermeasures to raise phishing awareness are not effective as they:

  • Do not address individual differences (e.g. personality traits and cognitive factors) 
  • Have no mechanism to measure their effectiveness 
  • Have no mechanism to identify the level of phishing awareness of employees 

Question: Do individual differences like personality traits and cognitive factors play a role in phishing susceptibility (intention to resist phishing attacks)?

Answer:
 Personality traits Conscientiousness and cognitive factor Information Security Awareness do have a relationship with phishing susceptibility (intention to resist phishing attacks). The CIO’s can use this knowledge to raise phishing awareness of their employees in an efficient and cost effective manner.

Think Tank

Organizing IT for the Future

What is IT as a function? How can it help the business? What is the value it brings? With the current challenge of ever extending technologies and consumerization of IT, It is key that the IT function demonstrates what value it brings to the business and organizes  itself for it. For Barco, the business strategy and tactics are translated in 3 IT value streams: Acceleration of Revenue, Business Enablement and Collaboration; or in short the ABC of IT for the Business. Consequently, the organization has evolved from a single monolithically organized IT function towards a networked function with different ways of interacting with the Business partners based upon the required end result. This new way of organizing and focusing IT reinforces the Barco strategy , and addresses the challenges around operating in a digital world.

Takeaways: 

  • Show what the goals are of using Information 
  • Technologies Organize the IT function around and define the interactions 
  • Deliver the results

12:40 pm
-
1:40 pm

Networking Luncheon



1:45 pm
-
2:15 pm

Executive Exchange

Think Tank

Building a Dynamic Security Dashboard

Today, threats have become far more sophisticated, a constant concern for any organization. They can damage the reputation, bottom line and the future of your business should you face a breach. Given this dangerous landscape, it is no wonder that one of the most common requirements for a CISO is to develop a security dashboard – a powerful communication vehicle for all information security professionals. 

An effective security dashboard needs to do more than provide personnel, it needs to provide CISOs, with the tools to report on all incidents and evaluate security risks as well as monitor the panoply of security solutions the company employs. For CISOs there does not seem to be a Provider out there that offers a fully comprehensive solution, the ones offered are customizable, but this variety begs the question: what features does a CISO want to make a security dashboard most effective?

Think Tank

The Mobile App Nightmare

Mobile has brought with it a whole host of challenges for the CISO, however BYOD no longer seems to be the biggest challenge. A new trend has emerged in individuals who bring their own mobile apps (BYOA) and even some departments/teams who now develop their own mobile apps (DYOA). Some may argue this is the salvation of the IT organization, who are unable to keep up with mobile app demand? However for the CISO it will likely cause a morass of security and compliance disasters, broken business processes and undetected bugs. Can BYOA and DYOA be managed, or should the practices be banned before they cause chaos?

2:20 pm
-
2:50 pm

Executive Exchange

Thought Leadership

Innovating With the “Lights On” – How to Tip the Balance

CIOs are consistently challenged by their organizations to leverage emerging technologies like social, mobile, cloud and big data to drive new value. Where is the problem? Many IT leaders admit their spending is too heavily weighted toward keep-the-lights on projects (80%-90% in many cases), leaving little budget for truly transformational initiatives. Join this interactive session to learn how award-winning CIOs are successfully tipping the balance between innovation and “lights on” mix by untethering resources from costly ongoing maintenance of their legacy ERP systems including SAP and Oracle, to re-investing in high growth initiatives.

2:55 pm
-
3:25 pm

Executive Exchange

Roundtable

Software-Defined Storage “Myth or Reality”?

The term “software-defined storage” is becoming more visible in today’s marketplace.  The concept of a software-defined datacentre is getting more and more discussion.  We have heard of software-defined COMPUTE, software-defined NETWORKS and now the “buzz” is all about software-defined STORAGE. Until recently the definition was mainly defined by vendors in the storage marketplace, but industry leading research groups are beginning to write down what is an acceptable software-defined storage offering. 

The question of what is software-defined storage and is this even possible for customers and service providers in this dynamic marketplace of storage. How can a hardware solution be software-defined, isn’t it software-only?  Why is this complicated to enterprise customers or service providers who are trying to maximize service levels at the best economic value?  Can you have both proprietary and open, legacy and new together, software-only and hyperconverged with hardware? 

We here at FalconStor will discuss how we look at this opportunity in a practical way which gives customers choice, economic value and high service level achievements. 

At the end of the session you will see the difference between software-only, hyperconverged and hyperscale opportunities in the software-defined storage marketplace.

Roundtable

Effectively Protecting Your Data Within GDPR and Compliance in General

On December 15, 2015, the EU agreed to a draft of the General Data Protection Rules (GDPR) with potential fines of up to four percent of global revenues or 20 million EUR (whichever is higher), if an enterprise breaks those rules. These rules, which go into effect in 2017, apply to any companies that have or manage the data of customers in the EU regardless of whether the company itself is based outside the EU (with implications for cloud-based models).

This roundtable, hosted by Vormetric, considers the requirements of protecting your data across a heterogeneous and multi-faceted environments within the confines of the recent GDPR legislation. The session will open the debate on what this legislation will mean to the enterprise on a day to day level and reality of the repercussions of not complying, both corporately and personally. All discussions will be under Chatham House rules.

Takeaways: 

  • An understanding of GDPR and how it will affect your day to day operations 
  • An insight into best practice and real life examples of how to comply and protect your data 
  • Peer to peer insight son how other enterprises are approaching this forthcoming legislation

3:30 pm
-
4:00 pm

Executive Exchange

Roundtable

Best Practice for SAP Risk Management & Threat Intelligence

In this presentation you will hear about: 

  • How to build a business case for SAP Risk Management & Threat Intelligence 
  • Key trends in Business Critical Application Security – recent global study 
  • Top 3 attack scenarios 
  • Benefits of Business Risk Illustration Methodology and Approach

Roundtable

The Enterprise Immune System: Using Machine Learning to Detect ‘Unknown Unknown’ Threats
  • Learn why ‘immune system’ technologies represent a fundamental innovation for cyber defence 
  • Discover how to apply machine learning and mathematics to detect advanced, internal threats 
  • Understand how to gain 100% network visibility to investigate emerging anomalies in real time 
  • Hear real-world Enterprise Immune System case studies

4:05 pm
-
4:35 pm

Executive Exchange

Think Tank

What Would be the Recipe for IT Transformation to Make it Competitive, Agile, Reliable, as Well as Secure?

The combined objectives of information system (IS) cost reduction and the will to provide added value for its business: innovation and agility which are pushing CIOs to transform their IT. In parallel, the risk of cyber-attack, which increased significantly in recent years, has led to the strengthening of regulatory requirements for all sectors, pushing organizations to increase compliance exercises and to increase the costs of its information system. 

Questions to discuss: 

  • What kind of organization? Matrix? Hierarchical? Hybrid?
  • What would be the objectives? Cost-reduction? Cost-avoidance? Reputation ? Any known cyber incident? 
  • What kind of technology which combine innovative and security? Cloud security? BYOD? 
  • What kind of reporting? To who? What Level?

Think Tank

Shadow IT – To Embrace or Eliminate?

Best practice in most enterprises, at least as far as the CIO and CISO goes, is to squash Shadow IT wherever it is encountered. Shadow IT, the argument goes, leads to a world of data and integration problems for the IT department, and significant amounts of unknown and unquantifiable risk for the information security group. A small but vocal minority however is beginning to advocate for Shadow IT as a catalyst of innovation, citing the increases in productivity and creativity by allowing enterprise staff to find their own out of the box solutions to organizational problems. CISOs can allow their organizations to have their cake (Shadow IT) and eat it too (still be secure) by following a few simple steps that allow them to build in security regardless of user activity.

Takeaways:

  • Shadow IT is not malicious activity; it is simply the Line of Business user community looking to be efficient and effective
  • A well developed security program can take Shadow IT into account and incorporate protection mechanisms that allow end user flexibility
  • Embracing Shadow IT does not mean “no holds barred” and end users need to understand the limit of the boundaries and the reason for their existence

4:40 pm
-
5:20 pm

Executive Visions Panel

Speaking the Language of the Business

For many years, the CIO has struggled with the concept of IT-Business alignment and finding ways to ensure that the IT department and the Lines of Business with which it integrates have a common understanding and ability to communicate. Now, as the CISO and the information security department grow out of the IT shadow, they increasingly find themselves in the same position. In some ways, however, their challenge is greater in that the concepts of IT security are more abstract than those of generalist IT, and their activities often run counter to the goals of the rest of the organization. CISOs must learn for the trials and tribulations of the CIO and the IT department, and find common ground with the business, to ensure they can hear what their partners are saying, while communicating their own points in understandable terms. Join us for this interactive discussion and CISOs and their CIO peers come to together to discuss lessons learned while finding guidance for the future in how to speak the language of the business.

Takeaways:

  • IT-Business communications have long been strained and only now are improving across most organizations through concerted effort
  • The CIO has had to find ways to speak the language of the business - it was not the business that learned to speak "IT"
  • The CISO must adopt and emulate the successful communications practices and strategies of the CIO or risk serious relationship issues

5:20 pm
-
5:30 pm

Thank You Address and Closing Remarks

5:30 pm
-
7:00 pm

Cocktail and Networking Reception