developed and hosted by: platinum sponsor · insurance, managing reputation ¥ vulnerability risk...

The Middle East’s Connection of C-Level Minds on Cyber Risk – The Investor Issue of Today

Join C-Suite from:

A truly international speaker panel!

• Air Liquide

• Bank Muscat

• Banque Saudi Fransi

• BP plc.

• British Telecom

• Department of Municipal Affairs, Western Region Municipality

• du

• Dubai Islamic Bank

• GISBA Group

• Hellenic Telecommunications Organization

• Lloyd’s

• Louisiana-Pacific Corporation

• Ministry of Social Development Bahrain

• National Bank of Abu Dhabi

• Petroleum Development Oman

• Riyad Bank

• Saudi Telecom Company

• The Saudi Investment Bank

SAVE£600

Book Before 31st December 2015

Developed and Hosted by:

www.cisomiddleeast.misti.com • +44 (0)20 3819 0802 • [email protected]

29 February - 3 March 2016 The Habtoor Grand - Dubai, The UAE

Protecting the Digital Enterprise Today: What will Security Look like in 3-5 Years? How can we Change the Game to Protect Customers,

Brands and Intellectual Property in the Middle East?

8

“This event sets the Security Agenda for the rest of the year!” Director IT and Security, GISBA Group, Saudi Arabia

Keynotes, case studies, discussions:• Cyber Crime & Threat Intelligence – Cloud, Mobile, Data Analytics & Forensics

Capabilities

• Incident Response - Serious Attacks & CERT Responses, Cyber Insurance, Managing Reputation

• Vulnerability Risk Management - Penetration Testing, Human Engineering, Securing Websites

• Securing Smart Cities - CNI & Commercial Infrastructures; Bringing Virtual & Real Worlds Together

• Security Trends & Emerging Technologies – IAM, Encryption, Artificial Intelligence, Internet of Things

7 years of successful CISO Summits in the Middle East

3 TECHNICAL BRIEFINGS DESIGNED FOR CISOS:

1. How Eavesdropping Resistant is Your Organisation?

2. Vetting: Are You Getting Value for Money?

3. Optimising Your Security Testing Programme

SPECIAL KEYNOTEAchieving Digital Trust: A New Business Model for Security Jeffrey Ritter, Digital Information Expert & Lecturer, University of Oxford

NEW 29 February 2016

Cyber Risk Symposium

Platinum Sponsor:

20% Discount for

BECSAmembersUse Code:

BECSA2016

Strategic Partners:

Cairo Chapter

Media Partners:


7 years of successful CISO Summits in the Middle East

1,045+ = Number of CIOs and CISOs attending CISO Middle East Summits since 2008

n CISO

n Deputy / Manager

n Other Infosec (networks, architecture, application)

n Other Risk Compliance

Dear Colleague,

The vision of the leadership in the United Arab Emirates is to deliver government-designed security in partnership with other institutions to pre-empt hostile actors by diagnosing and treating any disruptive attack on communications and critical infrastructure. Such advanced security design will change cyber security thinking around the world towards pre-emptive design and action.

As regional governments and companies continue investing heavily to protect, detect, and react to global cyber threats, MIS Training Institute plays a vital role in reducing cyber-crime by providing a platform for regional, national, and international cooperation and addressing urgent cyber security challenges at the 8th Chief Information Security Officer Middle East Summit & Roundtable 2016. The event will be returning to Dubai, The UAE, 29 February to 3 March 2016, following its previous successes there and its subsequent tour across the GCC.

Attended by the business community, Ministries of Defence, Police, Royal Navy, Central Banks and CERTS across the GCC region, MISTI’s CISO Middle East Summits are a well-established global platform for CIOs, CISOs, Directors of Information Security, Cyber Security and Technology Risk to meet and build trusted contacts and discuss specific priorities.

The CISO Middle East Summit & Roundtable brings together global companies and governments in the Middle East and GCC region with peers internationally to share insights on recent projects, deployments, transformations and achievements.

Sara HookDirector of Conferences, EMEA & APACMIS Training Institute

Keynotes, Case Studies, Discussions on:• Cyber Crime & Threat Intelligence – Cloud, Mobile; Data Analytics &

Forensics Capabilities

• Incident Response - Serious Attacks & CERT Responses, Cyber Insurance, Managing Reputation

• Vulnerability Risk Management - Penetration Testing; Human Engineering, Securing Websites

• Securing Smart Cities - CNI & Commercial Infrastructures, Bringing Virtual & Real Worlds Together

• Security Trends & Emerging Technologies – IAM, Encryption, Artificial Intelligence, Internet of Things

29 February - 3 March 2016 The Habtoor Grand - Dubai, The UAE

8

#CISOMiddleEast@mistieurope

Follow us on Twitter

“Very useful on risk decision taking & creating value & trust between information security & the business” Director, Information Technology Authority (ITA) of Oman

“Very useful on risk decision taking & creating value & trust between information security & the business” Director, Information Technology Authority (ITA) of Oman

“Great conference & I wish MIS all success for future such events that I also hope to attend” CISO, Jumeirah Group, UAE

“Comprehensive and eye opening event for opportunities to promote security as a business empowerment!” Head of Information Security, Abu Dhabi Securities Exchange, UAE

“

”


Keynotes include:• Ali Abdullah Al-Shayea, CISO, The Saudi Investment Bank (Saudi Arabia)

• Andersen Cheng, CEO, Post-Quantum (Former European Head of Credit Risk Management, JP Morgan)

• Andy Cobbett, CISO, BP plc. & Director, Institute of Information Security Professionals (UK)

• Dan Wittig, IT Security and Governance Manager, Louisiana-Pacific Corporation (U.S.)

• Dorairaj Balasubramanian, Information Security Director, Petroleum Development Oman (Oman)

• Dr. Sally Leivesley, Director, New Risk (UK)

• Eng. Abdul Manan Qureshi, Vice President/Head of Business Continuity, Business Continuity Section, Business Technology Governance, Riyad Bank (Saudi Arabia)

• Irene Corpuz, Planning and IT Security Section Head, Technology and Planning Department, Department of Municipal Affairs, Western Region Municipality (UAE)

• Feridun Aktaş, Director of Security Governance & Services, Turk Cell (Turkey)

• Graham Wright CBE, CISO & Global Head of Digital Risk, National Grid (UK) (invited)

• Javed Abbasi, Director IT and Security, GISBA Group (Saudi Arabia)

• Jeffrey Ritter, Digital Information Expert & Lecturer, University of Oxford (UK & U.S)

• Jenny Reid, Director, iFacts (South Africa)

• Lady Olga Maitland, Chairman, Algeria-British Business Council (UK)

• Colonel Khalid Nasser Alrazooqi, General Director of Smart Services Department, Dubai Police GHQ (invited)

• Lalit Gandhi, General Manager Audit, Hellenic Telecommunications Organization (India)

• Mahmoud Yassin, Team Lead Security Engineer, National Bank of Abu Dhabi (UAE)

• Marcus Alldrick, CISO, Lloyd’s of London (UK)

• Paul Lemesle, Information Risk Manager, Air Liquide (UAE)

• Richard Cross, Director, Senscia (Belgium)

• Richard Hollis, Director, Risk Factory (UK)

• Roshdi Osman, Deputy CISO, Head of Information Security Governance, Risk Management and Security Compliance, Banque Saudi Fransi (Saudi Arabia)

• Steve Whitehead, Managing Member, EDS - Business Division of CBIA (South Africa)

• Tamer El Bahey, Senior Director - Security Monitoring & Operations, du (UAE)

• Tareque Choudhury, Head of BT Security, Middle East and Africa, BT (UAE)

• Tim Grieveson, Chief Cyber Strategist Enterprise Security Products, Hewlett-Packard Company (UK)

• Thomas Totton, GM-Internal Audit, Bank Muscat (Oman)

Programme for 2016Monday 29 February CXO Middle East - Cyber Risk Symposium - Connecting CISOs, CTOs,

CIOs, CFOs, CROs, CCOs, COOs, CEOs and Board/Committee Members

3 Technical Briefings for CISOs - 1) Testing 2) Vetting 3) Eavesdropping Tuesday 1 March CISO Middle East Summit - Keynotes, case studies and discussion from

CERTs, Banks, Government, Global Businesses

Wednesday 2 March CISO Think Tank Middle East - Protecting the Digital Enterprise Today: What will security look like in 3 years; how will it get there, what is the intelligence and collaboration strategy and design?

Thursday 3 March CISO Middle East Roundtable

Benchmarking Highlight on CISOs’ priorities



Technical Briefing 1: How Eavesdropping Resistant is Your Organisation?Fortune Magazine reported on 25 July 2014 that Sharon Leach a mechanical engineer with a doctorate and a loyal employee of the Ford Motor Company was fired after eight listening devices were found in boardrooms and meeting rooms at Ford HQ. Subsequent investigations led the FBI to Leach. The FBI is investigating a case of possible economic espionage. Would you know if covert surveillance devices are installed in your company boardrooms and sensitive areas? If an organisation could be that vulnerable to covert surveillance in their own offices then just think how the risk increases when companies conduct sensitive business away from the safety of the office. The workshop will investigate the need for regular technical surveillance countermeasures (TSCM) surveys in offices, boardrooms and other areas where sensitive discussions are held to ensure that business executives have privacy to conduct their business securely. The latest technical surveillance attack methods will be discussed with the appropriate cyber TSCM countermeasures.

Led by: Steve Whitehead, Managing Member, EDS (Business Division of CBIA) South Africa

Steve founded CBIA in 1994. He has played a major role in the development and promotion of the use of competitive intelligence (CI) and counterintelligence as a risk management tool. He is one of the most experienced consultants in this unique field in the World. He is an accomplished keynote speaker and has presented papers at a number of local and international conferences held in South Africa, USA, England, Brussels, Germany, France, Australia, Angola and Mozambique. Steve is a former senior Government intelligence specialist and held the rank of Manager (Director) in the South African National Intelligence Agency (NIA) when he resigned in March 1994.

Technical Briefing 2: Are You Getting Value For Money Out of Your Employee Screening Programme?One of the areas that is seldom considered on engagement is the value of the data to which the new employee will be exposed. HSBC had a large number of records of private banking clients in Switzerland returned. These records had been stolen by a previous employee in 2007. We also know of a situation where a political party had thousands of membership application forms stolen from their offices. What is the value of this information in the wrong hands? Very often ex-employees are extremely disgruntled but continue to have links within an organisation and can easily manipulate a situation to obtain valuable data that can be damaging not only to the previous company but could be harmful to the new employer. • Do you really know where that employee came

from? • Do you really know what that employee did at his

previous company?• Do you know why the employee is wanting to

work in your organisation?• Make sure that your employee screening policy

covers all risks in your organisation.

Led by: Jenny Reid, Director, iFacts (South Africa)Jenny is a sought-after speaker and conference facilitator, both in South Africa and abroad, where her experience, insights and sharp analysis of the sector is valued by organisers and audiences alike. Her fearless attitude and tireless energy have made her stand out in the industry; and she has become an inspiration to other women in the security industry. She started the evolvement of the security sector from the inside, leading with courage. Her integrity and talent was recognised when she became the first woman president of the Security Association of South Africa (SASA) in 40 years. Early on in her career, Jenny developed a passion for employee screening. When she bought the iFacts brand in 2009, she saw an opportunity to help her clients remove risks and develop progressive solutions to employee screening.

Technical Briefing 3 Ethical Hacking and Security TestingMetrics of security testing. “Ethical hackers” gone wild – what can we do to better police the penetration testing marketplace to weed out companies that exhibit unethical behaviors and tarnish the reputation of a vital industry? The Bank of England’s CBEST scheme. Teaching risk based assessment to pen testers: How to prevent stupid non-findings. Penetration testing was an art form, many years ago, with testers taking the time to evaluate and discuss findings, and most pen test reports reflecting an agreement on the business risk and the best and most effective remediation measures. Today, it feels like an industry, with standard tools, polished contracts, and sleek reports that list pages over pages of more or less confirmed vulnerabilities, non-findings with no business value, or half-truths in cryptography.

Led by: Richard Hollis, CEO, Orthus (UK)Richard Hollis is the Chief Executive Officer for Risk Factory Ltd, a unique information security risk management consulting firm specialising in providing cost-effective, independent information risk management & testing services. Richard possesses over 30 years of “hands on” skills and experience in designing, impl ementing, managing security testing programs.

Middle East Cyber Risk Symposium Connecting CISOs, CTOs, CIOs with CFOs, CROs, CCOs, COOs, CEOs, Board & Committee Members Led by:• Lady Olga Maitland, Chairman, Algeria-British Business Council (UK) • Tamer El Bahey, Senior Director - Security Monitoring & Operations, du (UAE) • Thomas Totton, GM-Internal Audit, Bank Muscat (Oman)

Cyber risk is higher on the Board agenda than ever before and companies now accept that a security breach is inevitable. Given the real threat to customer data, privacy and intellectual property, information security is a reputational risk that is becoming increasingly of interest to a wider audience. In the context of responsible investment, the Environmental, Social and Governance (ESG) community is now engaged, as investors and companies are required to take a wider view of the full risk spectrum and opportunities. Audit and Risk Committees are asking for increased assurance about how cyber risk is managed. Additionally, new regulations in some jurisdictions (such as the ‘Senior Managers’ Regime’ in the UK) make CEOs, Non-Executive Directors and other senior persons within a company personally liable for security breaches. It is clear that dealing with cyber threats must become a key element of every company’s enterprise risk management, given reputations at stake.

This unique thought leadership Symposium is ideal for C-level executives and board members to discuss current challenges in a cross-functional environment to better understand the current and emerging cyber security risks - knowing your business and what to protect and knowing security and how to protect.

From the CISO perspective: it presents a rare chance to question other C-level and board members about how best to present the message to be heard and about how cyber risk fits into the big picture of business risk and governance.

Equally, Boards of Directors and other C-level executives need to be able to manage cyber threat issues in a consistent, practical and ethical way and this is a unique chance to hear directly from cyber security experts. A rare opportunity for CISOs to connect with CIOs, CFOs, CTOs, CEOs and Non-Executive Directors from across the Middle East, on the various expectations. Join the discussion!

• How can we engage in a longer-term security strategy against cyber-crime that the C-Suite will appreciate? • How can the CISO develop an action plan to gain traction with the CIO, CTO, CFO, CEO, Audit Committee, Board • What’s the right level of communication to business stakeholders? What are the keys to winning budget? • What can boards do to improve business performance around cyber risk? What do we need to know?• How do we best understand information security in the big picture of business risk?• How can we increase security governance? What should the investor response be? • How are companies mitigating cyber risk? How do we build security into organisational culture

13:00-14:00 Welcome Lunch 14:00-14:10 Chairman’s Opening 14:10-14:30 Keynote Insights by CEO 14:30-15:00 Case Studies Panel 15:00-16:00 Roundtable Discussions 16:00-16:20 Summary & Close 16:20-17:30 Networking Reception

Morning:

Afternoon:

08:30-09:00 Breakfast & Coffee 09:00-10:00 Technical Briefings 1 10:00-10:20 Break 10:20-11:20 Technical Briefings 2 11:20-11:40 Break11:40-12:40 Technical Briefings 3 12:40-13:40 Lunch

Monday 29 February 2016 3 Technical Briefings for CISOs



09:00 Coffee & Registration

09:20 Chairman’s Opening Marcus Alldrick, CISO, Lloyd’s of London (UK)

09:30 Addressing Cyber Security and Network Challenges to Create a Safe City Keynote

Colonel Khalid Nasser Alrazooqi, General Director of Smart Services Department, Dubai Police GHQ (invited)

10:00 Cyber Crime & Threat Intelligence Keynote Dr. Madan Mohan Oberoi, Director, Cyber Innovation &

Outreach, INTERPOL (invited)

10:30 What CISO’s can Learn from ‘The Moscow Rules’: Understanding your Risk Context in Order to Achieve the Most Effective Defence Keynote Moscow Rules were an informal set of rules when knowingly operating in an environment where they were being actively countered and opposed, but not via direct confrontation, but rather through indirect and stealthy methods. This form of opposition is the closest model to operating an Information Security protection programme, subject to attacks both from external and internal sources. So how does a CISO make reasonable steps to get a good outcome from their programme, when they are surrounded by uncertain actions perpetrated by unidentified actors? How do they create the right expectations of security when there is a high likelihood that members of their own organisation will undermine their efforts? Moscow Rules updated for 21st century cybersecurity.

Richard Cross, Director, Senscia (Belgium)

11:00 Coffee Break

11:30 Securing Smart Cities, Critical National & Commercial Infrastructures - Bringing Virtual & Real Worlds Together Case study

Eng. Abdul Manan Qureshi, Vice President/Head of Business Continuity, Business Continuity Section, Business Technology Governance, Riyad Bank (Saudi Arabia)

11:50 Pen Testing and Vulnerability Risk Management Hands on Experience Keynote

• Reducing risk: detect – prioritize – remediate • Tools • Vulnerability management: What are your options Irene Corpuz, Planning and IT Security Section Head,

Technology and Planning Department, Department of Municipal Affairs, Western Region Municipality (UAE)

12:10 Achieving Digital Trust: A New Business Model for Security - Special Keynote Followed by book signing

Jeffrey Ritter, Digital Information Expert & Lecturer, University of Oxford

Jeffrey Ritter is globally recognized for his expertise in navigating the converging complexity of information governance, security, digital evidence and trust in cloud-based services. He is an external lecturer at both the University of Oxford and Johns Hopkins University, where he creates and teaches graduate courses in those fields.

13:00 Lunch

14:00 What approaches are you using to best understand adversaries’ and build security capabilities? Panel

• What are the most effective ways to test defences today? How can we balance security concerns with the protection of civil liberties?

• Hacking superpowers – protection from hostile state actors

• Restoring trust (Post-Snowden)

• Sharing threat intelligence – how can this be improved?

• What global strategic approach is required to overcome evolving threats?

• What are the threats and risk of cyber espionage?

• Securing energy suppliers and the national grid

• Securing first responders data centres from hackers Panellists: Shadi Khoja, Strategy Director, SmartCity,

Dubai Holdings – invited; Irene Corpuz, Planning and IT Security Section Head, Technology and Planning

Department, Department of Municipal Affairs, Western Region Municipality (UAE); Jeffrey Ritter, Digital Information Expert & Lecturer, University of Oxford (UK & U.S)

14:30 How to Develop Human Capability Keynote

• Growing the security profession

• How to promote people and the right skills on a national level – from schools to the work place

• National level security Andy Cobbett, CISO, BP plc. & Director, Institute of

Information Security Professionals

15:00 The Global Threat Landscape of Cybersecurity Financial Sector Case Studies

• Cyber policy and risk - key threat areas defined

• Cybersecurity without borders

• Mitigating global risk: moving from fear to resiliency through sound policy

• Defense-in-depth approach

• Financial sector impact of cyber threats targeting the GCC energy and health sectors Mahmoud Yassin, Team Lead Security Engineer, National Bank of Abu Dhabi (UAE); Roshdi Osman, Deputy CISO, Head of Information Security Governance, Risk Management and Security Compliance, Banque Saudi Fransi (Saudi Arabia)

15:30 Coffee Break

16:00 Counterintelligence – Enhancing “Business” Continuity and Supporting Security Keynote

The aim is to provide CISO’s, decision makers and those responsible for the safeguarding and protection of information in their organisations with the insight to understand counterintelligence and how it differs from other streams of information management practices. What others know about an organisation can make or break that organisation’s ability to compete in the future! Appropriate protection forms an integral part of an organisation’s business strategy. The presentation will provide a realistic view of the importance of practising counterintelligence in today’s highly competitive environment. Steve Whitehead, Managing Member, EDS (Business Division of CBIA) South Africa

16.30 Automation, Maturity and Government Initiatives: Bringing Virtual and Real Worlds Together CIO Discussion

Government initiatives for security and COOP are still solidifying. This panel will consider;

• Holistic risk mitigation strategies • Alignment to standards • Automation and localization • GRC convergence/ dashboard and reporting • Broader government level initiatives Chaired by: Eng. Abdul Manan Qureshi, Vice President/Head

of Business Continuity, Business Continuity Section, Business Technology Governance, Riyad Bank (Saudi Arabia)

Joined by: Dorairaj Balasubramanian, Information Security Director, Petroleum Development Oman (PDO) & Further Government Experts

17:00 Countering Insider Threats - Simple. As long as no one can have the “Golden Key” Keynote

Andersen Cheng, CEO, Post-Quantum (Former European Head of Credit Risk Management, JP Morgan)

Mr Cheng has been involved in cyber security and counter terrorism ventures for a number of years. His current venture specialises in post-quantum computing secure encryption, authentication and non-repudiation solutions. The company has been engaged in projects with Barclays, the UK government, NATO and other financial institutions. Prior to that, Andersen was the COO of the Carlyle Group’s European venture fund and a founding member of LabMorgan, the e-finance unit of JP Morgan. Before that, he was the European Head of Credit Risk Management at JP Morgan. Andersen obtained his BSc Civil Engineering and MSc Management Science degrees from Imperial College, London; and qualified as a Chartered Accountant with Deloitte specialising in computer security and audit.

17:20 Close of Day One

18:30 Dinner

Tuesday 1 March 2016 CISO Middle East Summit – Day One


www.cisomiddleeast.misti.com • +44 (0)20 3819 0802 • [email protected] • +44 (0)20 3819 0802 • [email protected]

08:50 Chairman’s Re-Opening Marcus Alldrick, CISO, Lloyd’s of London (UK)

09:00 Future Cyber-Crimes: A Hack of Death • How cyber-crime evolved over time; targets and impact.

• The future of cyber-crime with emerging technologies such as Internet of things and drones.

• Why are we vulnerable to future cyber-crimes?

• How can we get ready to the worst?

Tamer El Bahey, Senior Director - Security Monitoring & Operations, du

09:20 The Fusion of Big Data and Cyber Case Study Tareque Choudhury, Head of BT Security, Middle East

and Africa, BT (UAE)

09:40 Trials and Tribulations of a Corporate CISO Case Study Louisiana Pacific is a $2.5 billion company with manufacturing

plants in the USA, Canada, and South America and with customers throughout the world including the Middle East. Dan has over 20 years of IT security experience including the last 6

years at the CISO or programme level – including SAP security.

Dan Wittig, CISO, Louisiana-Pacific Corporation (U.S.)

10:00 Incident Response - Serious Attacks: How CERT Teams have Responded to Advanced Persistent Threats Panel of Case Examples

• What vulnerabilities could be affecting your organisation?

• How data is stolen from enterprises using malware, social engineering, spyware, phishing?

• What single security technology or approach could make a difference/ be a game-changer?

• How to avoid human engineering virus penetrations – methods for this

Panellists: Tamer El Bahey, Senior Director - Security Monitoring & Operations, Du (UAE), Tareque Choudhury, Head of BT Security, Middle East and Africa, BT (UAE), Ahmed Hussain, Director, Reload (Bahrain)

10:30 Morning Coffee Break

11:00 Select your preferred Case Study:

Information Security Awareness Programme for an Enterprise Case Study

Dorairaj Balasubramanian, Information Security, Petroleum Development Oman (PDO)

Social Media Security Case Study Lalit Gandhi, General Manager Audit, Hellenic

Telecommunications Organization (India)

11:30 The Insider Threat to Cyber Security Jenny Reid, Director, iFacts (South Africa)

11:50 Spoofing the Digital Built Environment: Exercise Cyber Attack

This is an exercise for CISOs, CEOs and CSOs responsible for critical national infrastructure who are concerned about emerging threats over the next three to five years. Exercise participants will role play a scenario of responding to an cyber and physical attack which involves physical access to a critical infrastructure building by terrorists who have gained access by spoofing the building control systems to deceptively appear to be secure. Participants in the exercise will develop policies, technical solutions and personnel strategies to respond to this attack and capture the terrorists. Discussion points:

1. Can wireless be secured?

2. Can unsecured systems in nearby buildings be a threat to the built environment?

3. When can spoofing be recognised? Are there policies, technological or human systems solutions?

4. How can banks, smart energy systems, refineries, buildings, transport, ports, aviation and telecommunications be protected?

5. Can City cyber administrators help to secure the built

environment against spoofing attacks? 6. When terrorists or nation states exploit cyber space can

companies and governments cooperate with intelligence and technical solutions?

Dr. Sally Leivesley, Director, Newrisk Limited (UK)

12:50 Lunch

13:50 Security of the Internet of Things • Why enterprises need to step up their IoT security efforts

• How the growth rate of the Internet of Things (IoT) is outpacing IoT security efforts

• Avoiding a serious breach of privacy

Richard Hollis, Director, Risk Factory (UK)

14:00-15:00

Emerging Trends and Technologies Case Studies

Developing PCI Standards for Risk Management Not Compliance

• Why your focus should be on security not compliance or certification

• What resources are available to help with payment card data security

Cyber Security Insurance Trends Case Study A recent report from PricewaterhouseCoopers suggests the $2.5

billion cyber insurance industry will triple to $7.5 billion by 2020. Without necessary innovation in the insurance space, it has been suggested that tech competitors may step in to take over the market.

Police Use of Cyber Forensics and Development of Cyber Capabilities Keynote

• Computer Fraud/Intrusion (recognizing necessary culture to avoid compromises)

• Computer Forensics and the importance of Preserving Evidence

• Prosecution landscape

• Securing commercial and government websites against DOS attacks

Artificial Intelligence in Cyber Security Keynote

• Can machines help win the war on cybercrime?

• Is Artificial Intelligence a beacon of hope in the fight against cybercrime?

• How much cybersecurity authority could we hand over to artificial intelligence systems? How much trust could humans have in machines?

15:00 Afternoon Tea Break

15:30 – 16:45

Wednesday 2 March 2016 CISO Middle East Summit – Day Two

“I personally have managed to attend them all and am very satisfied!” Head, Risk & Information Security, Arab Financial Services, Bahrain

“Excellent for sharing and challenging information and experience with security specialists from different market sectors and countries” Head of IT Security Division, Banque du Liban, Lebanon

“

”

”

www.cisomiddleeast.misti.com • +44 (0)20 3819 0802 • [email protected] • +44 (0)20 3819 0802 • [email protected]

Day Two Continued

CISO Think Tank – Middle East

A CISO Best Practice Guide to Protecting the Digital Enterprise Today

The CISO Think Tank Middle East provides the opportunity for CISOs and senior information security professionals to examine in-depth and with combined peer brain power, tried and tested ways to deal with different phases of a particular area of challenge. This includes sharing successes with peers as well as failings. Facilitators will make detailed notes for contribution to the tangible takeaway. A findings report will be distributed to all attendees following the event with the combined thoughts and conclusions from CISOs from international companies.

• What will security look like in 3 years• How will it get there• What is the intelligence and collaboration strategy and design• Bringing virtual and real worlds together

Co-Chaired by:

Marcus Alldrick, CISO, Lloyd’s of London In his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood and adequately mitigated in a cost effective manner throughout the corporation, both in the UK and in its overseas locations. His role extends to providing assurance to this effect to Executive, Senior and Line Management. Marcus also has corporate responsibility for Data Protection and Privacy and provides thought leadership on emerging information related risks pertinent to the Lloyd’s market. Marcus has worked in IT for over 35 years, specialising in information risk, protection, security and continuity for the latter 22 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, working in IT Advisory and specialising in information security strategy definition and implementation. Before that Marcus was Head of Information Security for Abbey National plc, a leading UK bank, a position he held for six years following seven years as Information Risk and Security Manager for Barclaycard, a leading card issuer and merchant acquirer and part of Barclays plc.

Tim Grieveson, Chief Cyber Strategist Enterprise Security Products, Hewlett-Packard CompanyTim Grieveson is the Chief Cyber Strategist for EMEA within the Enterprise Security Products division at HP. In this role, Mr. Grieveson is responsible for driving strategic initiatives for the ESP Security Strategy group and providing thought leadership and insight regarding the ever changing global threat landscape. Prior to joining HP, Mr. Grieveson held both the CIO and CISO roles at G4S Risk Management, which is part of the G4S group and one of the world’s largest private employers with a staff of 625,000 in over 125 countries. During his time at G4S, Tim was responsible for the direction and strategy of Global ICT and Information Security at the firm. Prior to G4S, Tim held various IT and Security executive leadership roles at Constellium, Bluesource Information Ltd, BT Global Services and Morrison Utility Services. Tim is a member of the Advisory Board for the UK Information System Security Association (ISSA), was honored as CIO of the Year by the EC-Council in 2013 and was named in the 2014 Huffington Post’s Top 100 Social CIO’s on Twitter. Tim is a frequent speaker and blogger with a keen interest in helping global enterprises protect themselves from cyber criminals while championing the notion that security should be positioned as an enabler of the business rather than another IT cost centre. Tim brings 20 years of IT leadership experience, holds multiple security certifications including CISM and C|CISO and is quite active in the global information security community.

Tamer El Bahey, Senior Director - Security Monitoring & Operations, duWith over 15 years of experience in the information security field, Mr. El Bahey was part of the initiation, establishment, and operation of multiple information security functions within different organizations across the Middle East. Tamer holds a B.Sc. in Aerospace Engineering and one of the early CISSPs in Egypt. He is a frequent speaker in different regional and international events where he shares his practical experience. Tamer is currently leading the security monitoring and operations within du, where they combat cyber threats every day.

Day Three

Protecting Critical National and Commercial Infrastructures

The Chief Information Security Officer Middle East Roundtable is held in a ‘closed door’ environment to encourage openness in the group discussions, which are conducted via a combination of facilitated group discussions. The 2016 Roundtable will run in an advanced technical manner with a senior person from the region doing a lead on industry requirements and CISO’s solutions at a senior level – to cover technical advances in the GCC region and solutions to threats and insider risk management etc.

The Roundtable will be run at the level of top corporate – it is seen by the attendees as a serious regional meeting so we encourage you not to miss this part of the event. Attendees will be invited to input feedback in advance and input their own key challenges. An anonymised output report will be distributed to attendees following the event.

Co-Facilitators:

Andy Cobbett, CISO, BP plc. & Director, Institute of Information Security Professionals (UK)

Dan Wittig, IT Security and Governance Manager, Louisiana-Pacific Corporation (U.S.)

Dorairaj Balasubramanian, Information Security Director, Petroleum Development Oman (Oman)

Feridun Aktaş, Director of Security Governance & Services, Turk Cell (Turkey)

Javed Abbasi, Director IT and Security, GISBA Group (Saudi Arabia)

Mahmoud Yassin, Team Lead Security Engineer, National Bank of Abu Dhabi (UAE)

Marcus Alldrick, CISO, Lloyd’s of London (UK)

Paul Lemesle, Information Risk Manager, Air Liquide (UAE)

Richard Cross, Director, Senscia (Belgium)

An Output Report will be provided with notes from the discussions - a useful tool for action back in the office to ensure that the Roundtable is not an ‘end in itself’.

The Summit and Roundtable are hosted under The Chatham House Rule“When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed”. The world-famous Chatham House Rule may be invoked at meetings to encourage openness & the sharing of information. It is now used throughout the world as an aid to free discussion.

Thursday 3 March 2016 CISO Middle East Summit – Day Three

THINK TANKS

Platinum Sponsor:

Timings:15:30-15:40 Introductions 15:40-16:20 Roundtable Discussions 16:20-16:45 Summary of Findings & Close 18:00-20:30 Networking Reception

Timings:09:00-09:10 Introductions 09:10-10:00 Roundtable Discussions 110:00-11:00 Roundtable Discussions 211:00-11:30 Coffee Break 11:30-12:10 Roundtable Discussions 312:10-13:00 Roundtable Discussions 413:00-14:00 Lunch & Close

Platinum Sponsor:

29 February - 3 March 2016 The Habtoor Grand - Dubai, The UAE 4 WAYS TO REGISTER

Tel: +44 (0)20 3819 0802

Email: [email protected]

Post: 7th Floor Dukes House 32-38 Dukes Place, London, EC3A 7LP

Online: www.cisomiddleeast.misti.com

VENUE & ACCOMMODATION

The Habtoor Grand - Dubai, The UAE The Habtoor Grand Beach Resort & Spa5 Star - Jumeirah Beach DubaiSituated on Dubai’s world-famous Jumeirah Beach and adjacent to the magnificent Dubai Marina, the Habtoor Grand Beach Resort & Spa, Autograph Collection Dubai occupies one of Dubai’s most enchanting beachside locations

grandjumeirah.habtoorhotels.com

Room RatesSingle Occupancy: AED 900++

Double Occupancy: AED 975++

Room rate is subject to 10% service charge, 10% municipality fees and “Tourism Dirham” Fees of AED 20, per room, per night.

Room rate is inclusive of breakfast and internet service.

Sponsorship opportunities The Summit and Roundtable is the perfect platform to demonstrate your organisation’s vigorous stance on information security, at a time when organisations and governments are moving to address the growing issue of Cyber Risk.

1. Showcase your market knowledge and maximise brand leadership on an international platform

2. Have new contacts and customers come and find you rather than the other way around

3. Save time and money by scheduling a year’s worth of meetings in just 4 days

4. Improve your client coverage with greater presence

5. Network on a peer to peer level with C-level executives and heads of information security from across the Middle East region. Host a memorable networking dinner!

To discuss your specific requirements and the opportunities available, please contact Constance Belinga on +44 (0)20 3814 3681 or email [email protected]

8

TIER 1: EARLY BIRDBOOK BY 31 DECEMBER 2015

TIER 2: STANDARD PRICEBOOK BETWEEN 31 DECEMBER 2015 – 11 FEBRUARY 2016

TIER 3: LATE PRICEBOOK AFTER 11 FEBRUARY 2016

IndividualCost: £1,595Save £600 + Free Book*

IndividualCost: £2,195Save £400 + Free Book*

IndividualCost: £2,595

Bring a Colleague Save 10%Group of 3 Save 15%Group of 5 Save 20%



Please note: The above pricing does not apply to vendors or consultants to the information security community.

Above Pricing includes• 3 Technical Briefings Designed for CISOs (29 Feb, am)• NEW - CXO Cyber Risk Forum Middle East (29 Feb, pm)• 2-Day CISO Middle East Summit (1-3 March, all day)• CISO Middle East Think Tank: Protecting the Digital Enterprise Today (2 March, pm)• CISO Middle East Roundtable (3 March, am)• *FREE Signed Book “Achieving Digital Trust” –Jeffrey Ritter, a Keynote Speaker at

the 2016 Summit!

Plus• Invitation to confirmed networking receptions & dinners • Lunches and daily refreshments • Links to all materials and group output reports • Up to 30 CPE Points and certificates for Continued Education


*Receive your FREE signed book copy onsite! Book by 11 February 2016 to qualify.Alternatively copies will be available to purchase onsite.

Achieving Digital Trust: The New Rules for Business at the Speed of Light – by Jeffrey Ritter (Keynote Speaker at CISO Middle East 2016!)Marc Benioff, CEO of Salesforce.com, declared “The digital revolution needs a trust revolution.” Now, there is a book that delivers the weapons required to enter and win the battle to achieve digital trust.

No decision in the 21st Century will be made in business or government without relying on digital information. Can you trust the information you use to make decisions? Can your decisions be trusted by others? Trust is under attack, making

every decision more vulnerable. The same is true for customers and for each of us in our daily decisions–without trust, spending and other choices shift to other options. To achieve digital trust, Jeffrey Ritter explored trust itself and discovered something remarkable–trust is not an emotion but a calculated decision. That simply truth unlocked a new way to think differently about trust, and digital trust, and how to build something new, rather than merely patch the status quo. Described by reviewers as “essential reading for corporate executives,” “ground-breaking,” “fascinating,” and a book that “will transform the dialogue about governance in a digital world,” Achieving Digital Trust boldly declares risk management dead as a business discipline and offers, instead, an integrated strategy for building something new-digital trust.

Schedule of Networking Activities - Explore DubaiMISTI takes networking seriously and the dinners and activities are an integral part of any CISO Summit experience. All activities are subject to confirmation, to be included in the attendee fee.

29 February Welcome Reception1 March Dinner at Atlantis The Palm2 March Dhow Cruise or Other Cultural Activity

Dubai has long since forged its reputation as the Middle East’s fastest-growing, most dynamic and exciting cosmopolitan city - a melting pot of different cultural and lifestyle experiences. Its business, leisure and transport infrastructure and world-class events calendar has made it the region’s number one visitor destination. Few cities, if any, can claim the huge achievements of this major global player. Ideally positioned as a gateway between east and west, Dubai remains the Arabian Gulf’s central foreign investment hub. More than 100,000 companies have set up in the city, encouraged by liberal taxation and supportive economic policies. Home to more than 150 nationalities, Dubai boasts the most modern amenities found anywhere in the world – both in its entrepreneurial business environment, and things to do, see and experience. Experience Dubai’s unique landmarks, diverse dining options, huge choice of hotels and rich cultural heritage. Dubai is where the world meets.

Developed and Hosted by:


developed and hosted by: platinum sponsor · insurance, managing reputation ¥ vulnerability risk...

Documents