Schedule of Activities

Cyber Security Risk Management in the perspective of enterprise objectives

Leuven, Thursday October 30th, 2014

Today a lot of attention from the security industry is being put on generic security risks. But Risk Management must also be investigated, considered from the organizations' obligations to its customers and expectations from suppliers. Objective is to adapt those engagements and obligations towards expectations and to manage potential inhibiting factors or mediating challenges.

Final Agenda

During the half day seminar, we focused on some challenges organizations are facing when trying to manage cyber security. We're looking into some innovative approaches, allowing for new development and innovation to take place within traditional organizations, by integrating tightly with business objectives and seeking alignment with vision and strategy.

12.30 Welcome & Registration

13.00 Cyber Security Risk Management in a changing landscape, Ulrich Seldeslachts CEO LSEC

13.15 Measuring the effectiveness of security controls mitigating cyber-risks: an innovative and standardized whole approach - Gérard Gaudin (Chairman of Club R2GS France and Coordinator of the European network of Chapters)

Today in the Cybersecurity field, the residual cyber-risk continuous assessment through incident detection and reaction remains very difficult in many situations and a genuine area of progress. At the same time, cooperation and exchange within the profession is still far from relevant. In this context, a significant step forward has recently been made by the European network of Club R2GS chapters, a community of trust whose goal is to share around innovative ETSI standards operational best practices, most efficient use cases, statistical figures and several hundred years of experience. The presentation will explain the increasingly successful whole Cyber defense and SIEM approach developed and promoted by this community among its members, which range from international companies to sensitive administrations to official security agencies; and it will demonstrate major works and results obtained, especially a full set of security indicators that play a key role to mobilize all stakeholders involved in companies' defense. Finally, the community's complementary positioning against the CERT/CSIRT community will be emphasized.

About Gérard Gaudin: Gérard graduated from Supelec School (US equiv. MSEE) in 1979. After a career beginning in two IT multinational companies, he held at CS senior executive positions managing large departments during 10 years.
Since 2003, he has been leading as an independent consultant (G²C) IT security activities specializing in Cyber Defence. In this field, he created by the end of 2008 the French "Club R2GS" not-for-profit Cybersecurity community, whose he is the Chairman. Today, this association gathers some 50 big companies and organizations from various industry sectors, and is expanding across Europe (started in the UK and Germany mid-2012, started in Italy and Luxembourg mid-2014, Belgium by the end of 2014).
Moreover, he initiated in 2011 within ETSI a standardisation unit (called ISG ISI), whose he is the Chair and whose goal is to address all security incident detection matters (event classification model, indicators, event detection testing, event detection maturity...). These activities are carried out in close relation with ISO SC27 and in relation with ITU-T.

14.00 Introducing a enterprise-risk and intelligence driven strategy to combat emerging cyber risks in the ever changing business landscape - Corné van Rooij, District Manager RSA Benelux

An Intelligence Driven Security strategy helps organizations mitigate the risk of operating in a digital world by enabling them to detect, investigate, and respond to advanced threats; confirm and manage identities; and prevent online fraud and cybercrime. Intelligence Driven Security drives action based on mitigating the most pressing risks within the context of business risks and risk appetite, ensuring that organizations prioritize activities and resources optimally.An organization that effectively manages its digital risks can confidently channel resources into growing, expanding, and differentiating the business through value-added initiatives. Aspects as GRC and Big Data analytics will come together in the Intelligence Driven Security model.

14.35 Generic cyber security risks mean different things to different organisations, Kurt Kammerer, CEO Regify

Statistics about cyber attacks tell us a clear story about the growth of generic security risks. However, generic risks are often perceived as a distant threat and it is difficult for any organisation to determine what such generic threats really mean to them. Therefore, risk managers must translate the generic risk patterns in the context of the individual business, thereby making them measurable for the very organisation, and actionable. Only in the context of the individual business operation, implications of a security problem can be analyzed and precautions can be taken. This presentation will offer a pragmatic approach to dealing with common cyber threats in the individual business operation and will give guidance as to how businesses can get better results as they apply decision criteria that really matter to them.

About Kurt Kammerer: As a serial entrepreneur, Kurt has established several international software and communication businesses. From 2003 to 2008, he led the growth of US-based VI Agents, a pioneer in business applications delivered as a service. From 1996 to 2002, Kurt served as CEO of living systems AG, an international supplier of e-commerce software which he had co-founded in 1996. His earlier career spanned 10 years as an IT and management consultant. Kurt holds a Business and IT degree from the University of Karlsruhe, Germany. He is a member of the advisory council of the Blackforest University.
Kurt was honored as a "Technology Pioneer" by the World Economic Forum. He also received awards from the Asia-Europe Young Entrepreneurs Forum in Singapore and the Wharton Infosys Business Forum.

15.10 Break

15.30 Prepare, Investigate, Respond, Transform - Rolf von Roessing, president and CEO of Forfa AG, Switzerland

Managing cybersecurity risks often means facing incidents and attacks. Despite all precautionary and preventive efforts, the increase in cybercrime and cyberwarfare activities leads to a rise in attempted and/or successful attacks. The session will focus on the response side of management, providing insights into the PIRT (Prepare - Investigate - Respond - Transform) life cycle and its links to recognised frameworks such as COBIT.

About Rolf von Roessing: Rolf is president and CEO of Forfa AG, a Swiss consulting firm specializing in security, business resilience and IT GRC. Prior to forming his own company, Rolf was a partner at KPMG with global responsibility for major audit and advisory engagements. From 2009 to 2011, he served as International Vice President on the ISACA Board of Directors and the ITGI Board of Trustees. His recent work in cybersecurity is focused on several of the core cybersecurity publications by ISACA, including "Transforming Cybersecurity using COBIT5" (2013), "Securing Mobile Devices using COBIT5" (2012) and the new European Cybersecurity Series (2014).

 

17.00 Security Risk Management at the Speed of Business, Mr. Fabrice Igot, Security Architect, Trasys

Companies must be adaptive and creative in order to compete in the current global, mobile marketplace. This means that they need to be agile enough to build, globally deploy and change business applications at breakneck speed. Yet change means risk. And in in today's era of cyber warfare how can you align security and risk management with business agility? This session will focus on helping Information Security Officers stay competitive in today's and tomorrow's markets while ensuring security, managing risk and meeting compliance requirements. In this session Trasys security architect, Fabrice Igot, will present an automated, application-centric approach to managing security and risk at the speed of business, and will include real world case studies.

Attend this session to learn how to:

Provision security for critical business applications in a fraction of the time
Streamline security operations and change management
Reduce security management costs by automating more processes
Ensure continuous compliance with industry, regulatory and corporate standards
Deliver a tighter security policy that provides better protection against cyber-attacks
Bridge the traditional gaps between security, network and application teams

Postponed Mikael Salen, VP SALES Ciptor (Sweden)

Mikael Salen was involved with large integrations defending enterprise backoffice systems and webservices like Google and Facebook, adding value for business leaders who want to defend their digital presence on the internet.

Practical Details & Registration

Event Name: Cyber Security Risk Management
Event Date: Thursday October 30 2014, from 13.00 till 17.00
Event Location: Leuven - Thermotechnisch Instituut

This event is free of charge upon prior registration. Supported by Algosec.