Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

International Cyber Security 2012

1.614 visualizaciones

Publicado el

Publicado en: Tecnología, Empresariales
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

International Cyber Security 2012

  1. 1. Protecting national security assets from the evolving cyber threat 29 - 30 May, 2012 Hotel le Plaza, Brussels, Belgium Post-Conference Workshops, 31st May 2012 PRESENTS Focusing on security for networks critical to national security, Cyber Security will feature briefs from the finance, pharmaceutical, oil & gas and energy sectors Media outlets covering the Cyber Series included: TEL: +44 (0)20 7368 9737 FAX: +44 (0)20 7368 9301 EMAIL: Gain a holistic view of the evolving cyber threat facing national security assets with briefings from government, military and elements of critical national infrastructure, including BP, Citibank, E.On Energie and GlaxoSmithKline Biologicals Investigate the security challenges associated with the widespread proliferation of mobile computing devices, and the implications for both network and data security in your systems Understand the best methodologies for identifying weak points within your network security and how to rebut attacks that manage to get through in briefings from the US Army, US Air Force and Canadian Forces Apply lessons from recent large scale cyber security exercises – Germanys LUKEX 11 and ENISA’s US-EU Cyber Response tabletop – and learn how to construct similar exercises to test your own security measures Learn about current international efforts to better coordinate information sharing and the response to cyber attacks in briefings from The European Commission, GCHQ and PWC Workshop B, 12:00-14:30 Governance, Risk Management and Compliance For Cloud Computing Led By: Marlin Pohlman, Global Research Strategist, CLOUD SECURITY ALLIANCE Workshop A, 09.00-11.30 Chinese Cyber Warfare – Understanding And Defending Against The Advanced Persistent Threat Led By: Lt Col (Rtd) Bill Hagestad, RED DRAGON RISING Featured International Speakers Include: Martin Howard, Director Cyber Policy, GCHQ Ken Heap, Head of Global Intelligence, BRITISH PETROLEUM James Gill, Cyber Intelligence Director, CITIBANK Daniel Labeau, Director of Information Technology, GLAXOSMITHKLINE BIOLOGICALS Stephen Gerhager, Head of Cyber Security, E.ON ENERGIE Lt Col Alex Tupper, Commanding Officer, Canadian Force Network Operations Centre, CANADIAN ARMED FORCES Michael Boyer, Director, RCERT Europe, US ARMY Michael McCarthy, Director, Brigade Modernisation Command, US ARMY Jerry Webb, Technical Director, Cyber Analysis Squadron, US AIR FORCE Norbert Reez, Federal Office for Civil Protection and Disaster Assistance, German Federal Ministry of the Interior Steven Purser, Head of Technical and Competence Department, ENISA Confirmed Representative, Office of Internet, Information and Network Security, EU COMMISSION Tim Hind, Ex-Head of Intelligence at Barclays Bank, currently consultant with PWC Thomas Parkhouse, Ex-member of the UK MoD Cyber Plans and Policy Team, ATLANTIC COUNCIL Geoff Harris, Director, Information Systems Security Association
  2. 2. Tel: +44 (0) 207 368 9737 Email: Conference Day One - 29 May 2012 08.30 – 09.00 COFFEE & REGISTRATION 09.00 – 09.10 Chairman’s Opening Remarks 09.10 – 09.50 The Role of UK Government Communication Headquarters in Protecting National Information Networks and Countering Espionage • GCHQ’s role in countering the cyber threat in the UK and the changing emphasis after the strategic defence and security review • Notable trends identified over the past 12 months and counter measures • Collaborative efforts to mitigate the risk from malicious activity Martin Howard, Director Cyber Policy, GCHQ 09.50 – 10.30 European Strategy For Cyber Security • The European Commission is planning to propose,in the 3rd quarter of 2012,a European Strategy for Internet Security • Such a strategy will be comprehensive and integrated with the overall policy objective to put in place a robust line of defence against cyber attacks and disruptions • The strategy will also develop the International aspects,as engagement and cooperation with International partners are essential to responding to today’s cyber security challenges Confirmed Representative, Office of Internet, Information and Network Security, EU COMMISSION 10.30 – 11.00 COFFEE & NETWORKING 11.00 – 11.40 Assessing the Security Implications of Introducing COTS Mobile Devices IntoThe Military • CONOPs behind utilising off the shelf smart phones and tablets for military operations and training • Dangers of using commercially available“known”code vs.proprietary software used on other military systems • Should these items be integrated with existing military networks,or used as standalone products to mitigate risk? Michael McCarthy,Director,Brigade Modernisation Command,USARMY 11.40 – 12.20 USArmy Methodology andTactics For Network PenetrationTesting – PluggingThe Gaps • How does intelligence feed into cyber security? Understanding the trinity between intelligence,operator and network security • Working with“Ethical Hackers”to train in incident handling and undertake penetration testing • Results from recent exercises,identified vulnerabilities,and methods for plugging the gap • Plans for future exercises going forward and conclusions Michael Boyer,Director,RCERT Europe,USARMY 12.20 – 13.20 Networking Lunch 13.20 – 14.00 AssessingAnd PredictingTrendsTo Proactively CounterThe CyberThreat • Looking at trends behind cyber attacks:Where attacks are currently targeting,what they are looking for,and how they are doing so • Is it possible to move from a reactive approach to a more proactive approach? Predicting on the basis of trends and tweaking sensors • Identifying exactly what is to be defended and isolating“weak links”within the network • Mitigating the risk from social networking:Targeted cyber attacks and reduced operational security Jerry Webb,Technical Director, Cyber Analysis Squadron, US AIR FORCE 14.00 – 14.40 The Canadian ForcesApproachTo Developing Effective Methodologies For Rebutting CyberAttacks • Identifying the types of threat encountered by Canadian Force Network Operations Centre and what trends can be drawn from these • How have these trends informed and modified the standardised processes/methodology for dealing with breaches of security • Assessing what approach the Canadian Forces are taking to integrating tactical mobile devices (smart phones,tablets,laptops etc.) into the wider military network Lieutenant ColonelAlexTupper,Commanding Officer,Canadian Force Network Operations Centre,CANADIANARMED FORCES 14.40 – 15.10 Coffeeand Networking 15.10 – 15.50 UnderstandingThe Role Of Statecraft InThe Cyber Domain • Cyber Statecraft:can a single approach cover cyber-crime,counter-espionage and deter use of cyberspace in warfare? • Diplomatic & alliance approaches:Practicalities of diplomatic and other responses to cyber attacks • Reassessing critical national infrastructure:What is of strategic importance to a nation in an information age Thomas Parkhouse, Ex-member of the UK MoD Cyber Plans and Policy Team,ATLANTIC COUNCIL 15.50 – 16.30 The Importance Of Collaborative Efforts Between PublicAnd Private Sector • Assessing the nature of the cyber threat:Is there a difference in the threats being faced by public and private organisations? • Identifying commonality in attack methods and promoting inter-agency,inter-company and international communication/feedback mechanisms • Limiting the threat posed to secure networks:Educating the end user and the dangers of social networking in targeted attacks Tim Hind,Ex-Head of Intelligence at Barclays Bank,currently consultant with PWC 16:30 CHAIR’S CLOSEAND END OF DAY ONE Tel: +44 (0) 207 368 9737 Email:
  3. 3. Tel: +44 (0) 207 368 9737 Email: Conference Day Two - 30 May 2012 08.30 – 09.00 COFFEE & REGISTRATION 09.00 – 09.10 Chairman’s Recap 09.10 – 09.50 ManagingThreatsAgainst Financial Networks: CanWe StayAhead Of EvolvingAttack Methods? • Challenges of protecting financial assets in a truly global,interconnected network • The need to share information between not only banks,but all facets of CNI to ensure the highest level of security • What patterns have been identified in attack methodologies that are influencing our security needs going forward? James Gill,CyberThreat Director,CITIBANK 09.50 – 10.30 Ensuring Information Security InA Regulated Industry: GlaxosmithKline Perspective • Understanding the difference of working within a regulated industry;Compliance format and information security requirements • Looking at“People”and“Process”rather than“Tools”– monitoring risk and taking ownership of training,monitoring and security culture • Monitoring internet-facing devices at the operational level and monitoring external threats • How are we looking to adapt for the future:bringing“uncontrolled”mobile devices into the network and managing the shift to cloud computing Daniel Labeau,Director of InformationTechnology,GLAXOSMITHKLINE BIOLOGICALS 10.30 – 11.00 COFFEE & NETWORKING 11.00 – 11.40 The Growing CyberThreatTo Energy ProvidersAndThe Implications of Smart GridTechnology • Understanding the vulnerabilities that smart grid technology brings to energy provision • Who might wish to attack the smart grid and what might they try and achieve through such actions (financial gain,physical manipulation of supply etc.)? • Where are hackers likely to target with such attacks and what can be done to prevent this from happening? • Avenues of research and potential IT solutions to improve smart grid security Stephan Gerhager,Cyber Security Manager,E.ON ENERGIE 11.40 - 12.20 UnderstandingThe Nature OfThe CyberThreat – IntelligenceAssessment FromAn OilAnd Gas Perspective • Strategic assessment of the major threats facing British Petroleum (and the wider oil/gas community at large) and what trends have been identified over the past 12 months • What are the perpetrators of these attacks looking to achieve and how this is influencing BP’s cyber security requirements? • Planned developments over the next year and how BP is looking to better integrate mobile devices into its networks Ken Heap,Global Head of Intelligence,British Petroleum 12.20 – 13.20 Networking Lunch 13.20 – 14.00 Preparing For CyberAttack: Results Of Germany’s Recent LUKEX 11 Cyber Exercise • The concept behind LUKEX 11 and an explanation of the scenario:Areas that came under“attack”,players in the exercise and desired outcomes • Planning complexities:Plausible Scenario,gaining sufficient buy in from the private sector,and co-ordinating a 3,000 person exercise spread over 100 different institutes • Examining how the exercise unfolded and what lessons were learnt from the scenario Norbert Reez,Lead Planner LUKEX 11,Federal Office for Civil Protection and DisasterAssistance,German Federal Ministry of the Interior 14.00 – 14.40 Cooperation In Securing Critical National Infrastructure • ENISA’s involvement in the pan-European and EU-US Cyber security exercises – lessons learned and way forward • Important developments in Security and Data Breach Notification regulation (Article 13a of theTelecommunications Framework Directive andArticle 4 of the ePrivacy Directive). • Developments in the area of Privacy and trust. Dr.Steve Purser,Head ofTechnical and Competence Department,ENISA 14.40 – 15.10 Coffeeand Networking 15.10 – 15.50 AssessingThe Issue ofTrust in Cyber Security • Who do we trust the most - Government,cloud providers or penetration testers? • Questioning some of the issues of trust that governments,corporations & security professions have to rely upon • Examination of a real-life case study to expose some of the myths,beliefs and foundations of truth that we thought we could rely on • Questioning where cyber security is heading and what we can do to help shape its future direction Geoff Harris,Director,Information Systems Security Association 15.50 - 16.30 SecurityAndTransparency InThe Cloud: Entrusting DataToAn External Provider • Analysis of the main security,governance and compliance implications of cloud computing and possible solutions to improve  transparency, accountability and trust. • Ensuring established risk management practices,accountability mechanism,geographic and providers redundancy,effective incident man agement mechanisms,well defined SLAs,etc. • The impact of the use of  cloud services on legal and regulatory compliance:entrusting security responsibilities to the cloud provider Daniele Catteddu,Managing Director,EMEA,Cloud Security Alliance 16.30 Chairs Closeand End of conference Tel: +44 (0) 207 368 9737 Email:
  4. 4. Tel: +44 (0) 207 368 9737 Email: Post-conference Workshops - 31 May 2012 Workshop A: 09.00-11.30 Chinese Cyber Warfare – Understanding And Defending Against The Advanced Persistent Threat Led By: Lt Col (Rtd) Bill Hagestad, RED DRAGON RISING With a myriad of examples over the past few years, cyber warfare has become firmly established as the 5th domain of war- fare.The development and proliferation of malware, viruses and Advanced Persistent Threat (APT) poses a significant threat for high-value networks such as those belonging to government, military and CNI organisations.To protect these targets it is vital to understand both the nature of the threat and the intention of the attack in order to develop a lasting, robust defence against cyber attack. This workshop will assess the cyber threat currently being deployed by China in order to better defend against the ad- vanced persistent threat. Emphasising defensive measures to be taken against the attack, the workshop will provide a run down of the People’s Republic of China’s cyber wafare capability, addressing the following points: 1)    Introduction to the People’s Republic of Cyber Warfare - Defining the Advanced Persistent Threat (APT) 2)    Interests & Intent of the People’s Liberation Army Informatization Campaign 3)    Defending against the APT of Chinese Informatization Campaigns - creating a defence-in-depth 4)    Achieving an enduring defensive capability against the Chinese Cyber APT Workshop B: 12:00-14:30 Governance, Risk Management and Compliance For Cloud Computing Led By: Marlin Pohlman, Global Research Strategist, CLOUD SECURITY ALLIANCE Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary supporting data.Whether implementing private, public or hybrid clouds, the shift to compute as a service presents new challenges across the spectrum of GRC requirements.The Cloud Security Alliance GRC Stack provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements. The workshop will provide key insight into standards and techniques developed by the Cloud Security Alliance, including: • Cloud Audit – providing a common interface and namespace to allow cloud computing providers to automate Audit, Assertion Assessment and Assurance of (A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow authorized consumers of their services to do likewise. Delegates will gain an understanding of the technical foundation to improve transparency and trust in private and public clouds. • Cloud Controls Matrix - designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.As a framework, the CSA CCM provides delegates from across industries with the needed structure, detail and clarity relating to information security tailored to the cloud industry. • Consensus Assessments Initiative Questionnaire - available in spreadsheet format, and provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of “yes or no” control assertion questions which can then be tailored to suit each unique cloud customer’s evidentiary requirements. • Cloud Trust Protocol - the mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.The primary purpose of the CTP and the elements of transparency is to generate evidence-based confidence that everything that is claimed to be happening in the cloud is indeed happening as described and nothing else.
  5. 5. Tel: +44 (0) 207 368 9737 Email: +44 (0) 207 368 9737 Email: ABOUT DEFENCE IQ Tel: +44(0)207 368 9300 Email: Defence IQ is an authoritative news source for high quality and exclusive commentary and analysis on global defence and military-related topics. Sourcing interviews and insights directly from senior military and industry professionals on air defence, cyber warfare, armoured vehicles, naval defence, land defence and many more topics, Defence IQ is a unique multimedia platform to discuss and learn about the latest developments within the defence sector. So join over 45,000 defence professionals today to claim your exclusive video interviews, podcasts, articles and whitepapers that are updated on a daily basis at www.defenceiq. com - and all for free. Join the community: MEDIA PARTNERS 4 Reasons Why You Should Sponsor Cyber Security 2012 1. Raise your profile and position yourself as the global product leader to take advantage of major current and future international investment programmes 2. Three full days of networking opportunities with key international government,military and industry decision makers providing you with unparalleled face-to-face time with potential new customers. 3. Tailor made sponsorship packages enabling you to competitively position your brand and increase awareness of your product or service to your target market 4. A strictly enforced end-user to vendor ratio,creating a more intimate environment for networking and knowledge sharing For further details, or to discuss which option is best for your organisation, please call Simon Benns on +44 (0) 20 7368 9857 or Email: is dedicated to the challenges and opportunities provided by the broad spectrum of critical infrastructure protection and civilian homeland security.   Main Editorial Focus: Bio-terrorism defence; Business resilience and continuity planning; CBRN; Critical National Infrastructure; Emergency response and disaster recovery; Identity authentication ; International bio-terrorism defence; IT security; Pandemic, fire and natural disaster prevention; Transportation (air, ground, sea) and border security. Register for FREE Subscription and Complimentary Newsletter (UK only) (Outside UK)
  6. 6. 5 WAYS TO REGISTER Freephone: 0800 652 2363 or +44 (0)20 7368 9737 Fax: +44 (0)20 7368 9301 Post: your booking form to IQPC Ltd. 129 Wilton Road, London SW1V 1JZ Online: Email: Terms and Conditions Please read the information listed below as each booking is subject to IQPC Ltd standard terms and conditions. Payment Terms Upon completion and return of the registration form full payment is required no later than 5 business days from the date of invoice. Payment of invoices by means other than by credit card, or purchase order (UK Plc and UK government bodies only) will be subject to a €65 (plus VAT) per delegate processing fee. Payment must be received prior to the conference date. We reserve the right to refuse admission to the conference if payment has not been received. IQPC Cancellation, Postponement and Substitution Policy You may substitute delegates at any time by providing reasonable advance notice to IQPC. For any cancellations received in writing not less than eight (8) days prior to the conference, you will receive a 90% credit to be used at another IQPC conference which must occur within one year from the date of issuance of such credit. An administration fee of 10% of the contract fee will be retained by IQPC for all permitted cancellations. No credit will be issued for any cancellations occurring within seven (7) days (inclusive) of the conference. In the event that IQPC cancels an event for any reason, you will receive a credit for 100% of the contract fee paid. You may use this credit for another IQPC event to be mutually agreed with IQPC, which must occur within one year from the date of cancellation. In the event that IQPC postpones an event for any reason and the delegate is unable or unwilling to attend in on the rescheduled date, you will receive a credit for 100% of the contract fee paid. You may use this credit for another IQPC event to be mutually agreed with IQPC, which must occur within one year from the date of postponement. Except as specified above, no credits will be issued for cancellations. There are no refunds given under any circumstances. IQPC is not responsible for any loss or damage as a result of a substitution, alteration or cancellation/postponement of an event. IQPC shall assume no liability whatsoever in the event this conference is cancelled, rescheduled or postponed due to a fortuitous event, Act of God, unforeseen occurrence or any other event that renders performance of this conference impracticable, illegal or impossible. For purposes of this clause, a fortuitous event shall include, but not be limited to: war, fire, labour strike, extreme weather or other emergency. Please note that while speakers and topics were confirmed at the time of publishing, circumstances beyond the control of the organizers may necessitate substitutions, alterations or cancellations of the speakers and/or topics. As such, IQPC reserves the right to alter or modify the advertised speakers and/or topics if necessary without any liability to you whatsoever. Any substitutions or alterations will be updated on our web page as soon as possible. Discounts All ‘Early Bird’ Discounts require payment at time of registration and before the cut-off date in order to receive any discount. Any discounts offered by IQPC (including Team Discounts) require payment at the time of registration. Discount offers cannot be combined with any other offer. IQPC recognises the value of learning in teams. Groups of 3 or more booking at the same time from the same company receive a 10% discount. 5 or more receive a 15% discount. 7 receive a 20% discount. Only one discount available per person. Team Discounts* VENUE: HOTEL LE PLAZA - BOULEVARD ADOLPHE MAXLAAN, 118-126 1000 BRUXELLES E-mail : Tel : +32 2 278 01 00 Fax : +32 2 278 01 01Website: ACCOMMODATION: Accommodation: Travel and accommodation is not included in the regis- tration fee. However a number of discounted bedrooms have been reserved at Hotel Le Plaza. Please call the hotel directly on Tel: +32 2 278 01 00 and quote booking reference IQPC to receive your discounted rate, prices start from €185 including taxes and breakfast. There is limited availability so we do encourage attendees to book early to avoid disappointment. Venue & Accommodation To claim a variety of articles, podcasts and other free resources please visit Free Online Resources A digital version of the conference proceedings, including all presentations, is available to buy.  6 I cannot attend the event, please send me the CD Rom priced at £599 plus VAT Recent digital conferences available - £599 plus VAT each 6 Cyber Warfare 2012 6 Network Centric Warfare 2011 6 Information Operations 2011 6 Cyber Security 2011 Please send me conference materials indicated above. I have filled out credit card details below For further information Please call: 0207 368 9300 or email: Digital Conference On CD-ROM To speed registration, please provide the priority code located on the mailing label or in the box below. My registration code is: PDFW Please contact our database manager on +44(0) 207 368 9300 or at quoting the registration code above to inform us of any changes or to remove your details. Miltiary/Govt/Public Sector/CNI End Users** Package 4 BOOK & PAY BY March 30th 2012* BOOK & PAY BY April 27th 2012* Standard Price Conference + 2Workshops €1,157+VAT €1,297+VAT €1,397+VAT Conference + 1Workshop*** €948+VAT €1,148+VAT €1,198+VAT Conference only €599+VAT €699+VAT €799+VAT Standard Industry Package 4 BOOK & PAY BY March 30th 2012* BOOK & PAY BY April 27th 2012* Standard Price Conference + 2Workshops €2,997+VAT €3,097+VAT €3,297+VAT Conference + 1Workshop*** €2,348+VAT €2,448+VAT €2,598+VAT Conference only €1,699+VAT €1,799+VAT €1,899+VAT * To qualify for discounts, payment must be received with booking by the registration deadline. Early booking discounts are not valid in conjunction with any other offer. Belgium VAT charges at 21%. VAT registration number BE 081 7979 521 **Military & Government discounted rates apply to serving military officers, government and university personnel only. *** Please select your choice of workshop A 6 B 6 ***General/Flag officer 1* and above may attend the conference free of charge Please contact for further details. This offer cannot be combined with any other offer and is non-transferable. 29 - 30 May, 2012 Hotel le Plaza, Brussels, Belgium Post-Conference Workshops, 31st May 2012 cyber security 2012 (Please quote conference code: 18896.003 with remittance advice) IQPC Bank Details: HSBC Bank, 67 George Street, Richmond Surrey, TW9 1HG. Sort Code: 40 05 15  Account No: 59090618 Swift Code: MIDLGB22  IBAN Code: GB98 MIDL 4005 1559 0906 18 Account Name: International Quality & Productivity Centre Ltd. Please photocopy for each additional delegate Payment Method Delegate Details - Simply complete this form and Click submit Mr Mrs Miss Ms Dr Other Special dietary requirements: Vegetarian Non-dairy Other (please specify) Card Number: VISA M/C AMEX Please indicate if you have already registered by: Phone Fax Email Web Yes I would like to receive information about products and services via email Rank First Name Tel No. Family Name Job Title Email Organisation Nature of business IQPC Point of contact Address Postcode Country Telephone Fax Approving Manager Exp. Date: Sec: Name On Card: Billing Address (if different from above): Name of person completing form if different from delegate I agree to IQPC’s cancellation, substitution and payment terms Please note: if you have not received an acknowledgement before the conference, please call us to confirm your booking. Total price for your Organisation: (Add total of all individuals attending): City/County/Postcode Cheque enclosed for: £ (Made payable to IQPC Ltd.) CLICK HERE TO SUBMIT FORM NOW VIA EMAIL