europe’s premier event for information security …• neil jarvis, head of it security, it risk...

6TH ANNUAL

CISOEXECUTIVE SUMMIT & ROUNDTABLE 2009

Supporting Associations RecruitmentPartners

Cocktail Sponsor

EUROPE’S PREMIER EVENT FOR INFORMATION SECURITY DIRECTORS

DELIVERING PRAGMATIC & VALUE-ADDING SECURITY: REALISTIC SECURITY FOR BUSINESS REALITIES

MARRIOTT HOTEL, LISBON 10 – 12 JUNE 2009

Gigabyte Sponsor Media Partners

JOIN PEERS & BE INSPIRED! TOP REASONS TO JUSTIFY YOURATTENDANCE AT THIS YEARS’ SUMMIT

• Discover how other organisations are ensuring that their securitystrategy remains uncompromised & integral to the business: managingthreats day to day & preparing for the future

• Seek assurance from peers that you aren't missing any tricks on how tomanage the insider threat through periods of extensive change &development

• ROI benchmarking for information security project delivery: linking withinternal & external customers & building teams that return money tobusiness lines

• Innovative new case studies, keynotes, panel debates & roundtablesthat will probe the CISO role & changing business realities

• NEW closed session at the CISO Roundtable where you can safely sharesolutions on existing security incidents with fellow thought leaders

• Build trust based relationships with your security peers! Expand yourglobal security network with professionals who face the same set ofchallenges as you at Europe's premier event for CISOs

CHIEF INFORMATION SECURITY OFFICERS & EXPERTS WILL SHAREEXPERIENCES & SUCCESS STORIES ON HOW THEY ARE DELIVERINGMISSION-CRITICAL SECURITY FOR TODAY'S ECONOMY

• Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG• Dr. Alastair MacWillson, Managing Director of Global Security Practice, Accenture • Bill Pepper, Director of Security Risk Management, Computer Sciences Corporation• Charles V. Pask, Managing Director, ITSEC Associates Ltd• Daniel Barriuso, Head of IT Risk EMEA, Credit Suisse• Dave Pope, Head of Information Security - Information Assurance Group, DVLA• Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach • Dr. Eduardo Gelbstein, Adjunct Professor, Webster University (Geneva), Former Advisor to

the UN Board of Auditors and Former Director, UN International Computing Centre• Dr. Eduardo Solana, Senior Lecturer, University of Geneva• Dr. Frank Marsh, Associate, BurrillGreen Ltd• Edward P. Gibson, FBCS*, Chief Cyber Security Advisor, Microsoft Ltd (UK)• Janet Day, IT Director, Berwin Leighton Paisner LLP• Jay Libove, Global Data Protection Manager, Transcom Worldwide• John Colley, Managing Director EMEA, (ISC)2 EMEA• Jorge Pinto, Chief Security Officer, InfoSec.ONline.pt, Portugal • Julia Harris, Head of Information Security, BBC • Marcus Alldrick, CISO, Lloyd’s• Mark Chaplin, Senior Research Consultant, Information Security Forum• Mark Concar, AEB Data Security Director, Standard Chartered Bank• Mark Logsdon, Information Risk Management, Barclays• Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort• Neil Jarvis, Head of IT Security, IT Risk and Business Continuity, DHL Exel Supply Chain• Paul Hopkins, Head of Network Vulnerability Intelligence e-Security Group,

University of Warwick• Paula J. Chlebowski, Head of Group Information Security, HSBC Holdings plc• Paul Wood, Group Chief Security Officer, Aviva• Phil Genge, Head of Information Security, Nationwide Building Society• Quentyn Taylor, Director of European Information Security, Canon Europe• Ray Stanton, Global Head of Business Continuity, Security & Governance Practice, BT• Robert Coles, Global CISO, Merrill Lynch• Tony Crilly, Managing Director, Saladin Technical Services plc• Valerie Jenkins, Head of Information Security, Zurich Financial Services• Walid Kamal, VP, Technology Security Risk Management, DU Telecom, United Arab Emirates

AGENDA AT A GLANCEDAY ONE Delivering Pragmatic & Value-Adding Security DAY TWO Information Security Risk:

A Comprehensive & Balanced Risk Management Approach DAY THREE CISO Roundtable – Applying Your Information Security Experience to Deliver

Beneficial Results. Includes NEW Closed Session

CISO Summit 2008 Budapest“Definitely worth the moneywithin the first half day"

IT Security Officer, European Court of Auditors

REGISTER NOW AT WWW.MISTIEUROPE.COM/CISO TEL: +44 (0) 20 7779 8944

FREE GIFTSecure Your Place By 30th April 2009 & Receive a FREE 4GB Fast Secure Biometric Fingerprint USB 2.0 Flash Memory Drive

Silver Sponsor

UK & EMEA London & Belgium

IT Risk Space

Gold Sponsor CISO Roundtable Lead Sponsor

GOLD SPONSORAccentureAccenture’s security practice helps clients secure their data, protect identities & build trusted relationships with their customers, constituents & partners, resulting in improved performance & increased business value. Accenture’s approach to security helps client reduce costs,increase profitability & reduce complexity, leveraging world class technology that addresses today’s needs and helps clients effectively prepare for the future. A global management consulting, technology services & outsourcing company, Accenture combines unparalleledexperience, comprehensive capabilities across all industries & business functions, & extensive research on the world’s most successful companies to help clients become high-performance businesses & governments. With more than 186,000 people serving clients in over 120countries, the company generated net revenues of US$23.39 billion for the fiscal year ended Aug. 31, 2008.

SILVER SPONSORSeagateThe worldwide leader in the design, manufacture & marketing of hard drives, providing products for a wide range of enterprise, desktop, mobile computing & consumer electronics applications. The Seagate business model leverages technology leadership & world-classmanufacturing to deliver industry-leading innovations—like the Seagate Secure™ family of self-encrypting hard drives that automatically and transparently protect confidential information on all hardware platforms— & to be the low cost producer in all markets in which itparticipates. The company is committed to providing award-winning products, customer support and reliability to meet the world's growing demand for information storage. Seagate can be found around the globe & at www.seagate.com

CISO ROUNDTABLE LEAD SPONSORNetWitnessNetWitness Corporation provides patented, next generation network and host-based security solutions that help public and private organizations discover, prioritize and remediate complex IT risks. Users of NetWitness NextGen and InSight solutions concurrently solve a widevariety of information security problems including: advanced persistent threat management; sensitive data discovery and data leakage protection; malware activity detection; insider threat management; policy and controls verification and e-discovery. Originally developed for theUS Intelligence Community, NetWitness has evolved to provide enterprises around the world with breakthrough methods of network content analysis and host-based risk discovery and prioritization. NetWitness customers include Defense, National Law Enforcement andIntelligence Agencies, Top US and European Banks, Critical Infrastructure, and Global 1000 organizations. NetWitness has offices in the U.S. and the U.K. and partners throughout Europe, the Middle East, South America and Asia. For more information and to try our software visit:

www.netwitness.com.

COCKTAIL SPONSORBTA global networked IT services organisation with a long-established, respected reputation for providing solutions that address all aspects of security & business continuity across all markets. It has a comprehensive suite of security services for customers, based on a provenconsultancy approach, deep technical knowledge & extensive experience. BT's team includes world-leading security consultants with an unparalleled resource of knowledge & skill. It has an in-depth understanding of both national & international standards, & is accredited by anumber of government organisations. BT has implemented security measures across its own global organisation where the scale & complexity of the operation is matched by few other companies.

GIGABYTE SPONSORAveskaOffering a new approach to access governance that orchestrates people, process, policy, & technology with business-friendly solutions that foster acceptance by business managers, collaboration among all stakeholders, & accountability in all appropriate areas of theorganization. Our solutions:• Establish and maintain the visibility of user access entitlements wherever they reside within the enterprise’s information resources. Managers can easily see all access entitlements for which they are accountable. • Provide the context and processes that enable business managers to participate in governing user access. Managers can readily understand the processes and why they exist, and they can execute them quickly and easily to keep up with the rapid pace of change. • Enforce policies to ensure that access is appropriate, compliance objectives are met and business risks are avoided. Policy enforcement is automated and easy to monitor. • Work in conjunction with existing security enforcement technologies such as user provisioning. Seamless integration simplifies implementation and continuing operation of all Aveksa products.

SUPPORTING PARTNERSInformation Security ForumISF is recognised as the world’s leading Information Security organisation & independent industry authority. Through its members, the ISF brings together & harnesses the knowledge & experience of over 300 major international business & government agencies to meet theincreasing demand for practical, business-driven solutions to information security & risk management problems. Current ISF projects focus on a wide range of issues including security & legislation, identity management, patch management, information risk, & VOIP. This In-depthresearch eliminates the need for ISF members to develop their own in-house solutions & delivers rapid return on investment. The Information Security Forum is an independent, not-for-profit organisation, established in 1989. It is owned & governed by its members & managed bya professional team. For more information about the ISF visit www.securityforum.org

ASIS InternationalASIS International (ASIS) is the largest organisation for security professionals, with more than 35,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness & productivity of security professionals by developing educational programs &materials that address broad security interests, such as the ASIS Annual Seminar & Exhibits and the Annual ASIS International 7th European Security Conference, 13-16 April 2008 in Barcelona, as well as specific security topics. ASIS also advocates the role & value of thesecurity management profession to business, the media, governmental entities, standardisation bodies and the public. By providing members & the security community with access to a full range of programs & services, & by publishing the industry's number one magazine -Security Management - ASIS leads the way for advanced & improved security performance. www.asisonline.org

(ISC)2The International Information Systems Security Certification Consortium, Inc. [(ISC)2®] is the internationally recognised Gold Standard for certifying information security professionals. Founded in 1989, (ISC)2 has certified over 54,000 information security professionals in 135countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong & Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP“) & related concentrations, Certification & Accreditation Professional (CAPCM), &Systems Security Certified Practitioner (SSCP“) credentials to those meeting necessary competency requirements. The CISSP, CISSP-ISSEP“, CISSPISSAP“ & SSCP are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IECStandard 17024, a global benchmark for assessing & certifying personnel. (ISC)2 also offers a continuing professional education program, a portfolio of education products & services based upon (ISC)2’s CBK®, a taxonomy of information security topics, & is responsible forthe annual (ISC)2 Global Information Security Workforce Study. More information is available at www.isc2.org. © 2007, (ISC)2 Inc. (ISC)2, CISSP, ISSAP, ISSMP, ISSEP, SSCP & CBK are registered marks & CAP is a certification mark of (ISC)2, Inc. (ISC)2® (“ISC squared”) isthe non-profit global leader in educating & certifying information security professionals throughout their careers.

ISSA - UK & EMEAThe Information Systems Security Association (ISSA)® is a not-for-profit international organisation of information security professionals & practitioners. It provides education forums, publications & peer interaction opportunities that enhance the knowledge, skill & professionalgrowth of its members.

ISACA – Belgium & London ChaptersISACA’s membership is more than 65,000 strong worldwide & is characterised by its diversity. Members cover a variety of professional IT-related positions, to name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer & internalauditor. ISACA has more than 170 chapters established in over 70 countries worldwide, & those chapters provide members education, resource sharing, advocacy, professional networking & a host of other benefits on a local level. Its Certified Information Systems Auditor (CISA)certification is recognised globally & has been earned by more than 50,000 professionals since inception. The Certified Information Security Manager (CISM) certification uniquely targets the information security management audience & has been earned by more than 6,500professionals. For more information e-mail the membership department at [email protected] or visit to www.isaca.org

Jericho ForumMembers of the Jericho Forum recognize that over the next few years, as technology & business continue to align closer to an open, Internet-driven networked world, the current security mechanisms that protect business information will not scale to meet the increasing volumesof transactions & data of the future. A new approach is needed, to move from the traditional network perimeter down to the individual networked computers & devices – & ultimately to the level of the data being sent over the networks. This process has been described as ’re-perimeterization' followed by ultimate 'de-perimeterization'

RECRUITMENT PARTNERSBarclay SimpsonBarclay Simpson is the leading company in corporate governance recruitment in the UK, having specialised in corporate governance since 1989. During this time, Barclay Simpson have developed close relationships with all of the recruiting companies in the corporategovernance marketplace & built up a comprehensive candidate database. Because of the size of the market, this means that they know most of the people working within it. Barclay Simpson specialise in jobs within Compliance, Internal Audit, IT Audit, Information Security & RiskManagement.

Information Security SolutionsInformation Security Solutions are a specialist recruitment company, dealing with Information Security, IT Risk, IT Audit and Business Continuity/Disaster Recovery. Many of the world's most experienced security practitioners are exclusively registered with us and we have anextensive database of Candidates within the Information Security industry. Information Security Solutions offer very competitive rates. Please contact us today to discuss how we can help you with your requirements and to receive our Terms and Conditions.

SSR® Personnel Service LtdSSR® is the largest recruitment consultancy dedicated to the security, fire, health & safety sectors in Europe, operating in 20 countries. With a global presence in North America & partners in Asia & Eastern Europe, we are accredited with ISO 9001:2000. For details of ouropportunities & open vacancies visit our web site www.ssr-personnel.com

MEDIA SUPPORTERS

UK & EMEA

London & Belgium

CISO EXECUTIVE SUMMIT & ROUNDTABLE 2009DELIVERING PRAGMATIC & VALUE-ADDING SECURITY: REALISTIC SECURITY FOR BUSINESS REALITIES“Definitely worth the money within the first half day" IT Security Officer, European Court of Auditors

MARRIOTT HOTEL, LISBON10 – 12 JUNE 2009

Dear Colleague,

Defined by the Information Security Directors who attend this event, the 6th CISO Executive Summit &Roundtable 2009 will convene 10th – 12th June 2009 in the cultural city of Lisbon. The timely theme for2009 is “delivering pragmatic & value-adding security: realistic information security for business realities”.How can you ensure that your security strategy remains focused, uncompromised & integral to thebusiness? What do you see as your leading security challenges & priorities for the year ahead? What arevalid roles for today’s CISO? How do you manage information security to strategic advantage?

The 2009 international speaker panel, made up of information security directors from Europe’s leadingorganisations such Novartis Pharma AG; BT, Credit Suisse; DVLA; Openreach; Microsoft; Lloyd's;Deutsche Bank; Information Security Forum; Standard Chartered Bank; Dresdner Kleinwort; DHL; Aviva;Canon Europe, is firmly placed to answer your most pressing questions. Case studies, panel debates &high profile keynotes will probe the CISO role & changing business realities - offering a rare & candidinsight into how leading CISOs are approaching information security in today's economic climate.

No nonsense focus & dedicated discussion time on: • Demonstrating value of information security to the business• Balancing budget constraints to match economic realities • Creative user awareness & dealing with human greed & error!• Keeping up with security trends & new cyber risks• Meeting regulatory compliance & strengthening information governance• Attracting & retaining specialist security employees• Protecting data & intellectual property • Mission-critical security controls to avoid high profile incidents

Gain ultimate value & benefit by staying on the CISO Roundtable Friday 12th June 2009! Lively debateis guaranteed at the unrivalled benchmarking forum– held under Chatham House Rule. A new closedsession will allow people who have signed an agreement in advance to share solutions on sensitivesecurity incidents & challenges as you expand your global security network with professionals whoface the same set of challenges as you.

Agenda at a Glance… DAY ONE: Delivering Pragmatic & Value-Adding Security DAY TWO: Information Security Risk: A Comprehensive & Balanced Risk Management Approach DAY THREE: CISO Roundtable 2009 – Apply your information security experience to deliver beneficial

results. Includes NEW closed session where those who have agreed to a confidentialityagreement can attend & discuss real life security issues!

Thank You

Sincere thanks to the world-leading security experts, solution providers, associations, & delegateswithin the information security community who have played a major role in contributing to theprogramme. A special thank you goes out to all the speakers for their time & contribution, & alsoto the supporting organisations. MIS Training wishes you an enjoyable & productive time at thesummit, and looks forward to meeting you in Lisbon this June.

IT Risk Space

CASE

STUD

Y

KEYN

OTE

CASE

STUD

YPA

NEL

CASE

STUD

YCA

SEST

UDY

KEY

CASE

STUD

Y

DAY ONE: WEDNESDAY 10TH JUNE 2009 DELIVERING PRAGMATIC & VALUE-ADDING SECURITY

08:00 REGISTRATION & COFFEE

08:30 CHAIRMAN’S OPENINGMarcus Alldrick, CISO, Lloyd'sIn his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood & adequately mitigated in acost effective manner throughout the organisation, both in the UK and in its overseas locations, & that assurance to thiseffect is provided to Executive, Senior and Line Management. Marcus has worked in IT for over 30 years, specialising ininformation risk & security for the latter 17 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG,working in IT Advisory & specialising in information security strategy definition & implementation. Before that Marcus wasHead of Information Security for Abbey National plc, a leading UK bank, a position he held for six years following sevenyears as Information Risk and Security Manager for Barclaycard, part of Barclays plc & Europe’s largest credit card issuer.

08:40 THE FUTURE OF INFORMATION SECURITY Michael Colao, Global CISO & Director Information Management,Dresdner KleinwortMichael has been with Dresdner Kleinwort Wasserstein since 1999. He is the Director of Information Management.This rolemeans that Michael is both the Global Head of Information Security for the Bank as well as the Global Head of DataProtection and Privacy. He has a strong side-interest in computer forensics & in the management of digital evidence. Hegraduated from the Massachusetts Institute of Technology in 1987 where he studied Mathematics & Computer Science. Hehas since lived in three continents & has lectured globally on security technology issues. Since 1996 has been working inFinancial Technology in London.

09:40 KEYNOTEDr. Alastair MacWillson, Managing Director of GlobalSecurity Practice, Accenture

10:10 FROM A TIME OF CRISIS COMES A TIME OF CHANGE • The crisis explained • Where are we now?• The time for change... • What's next for Nationwide?• Our principles for success • Top ten learning points• What's been achieved and how?Phil Genge, Head of Information Security, Nationwide Building SocietyPhil has over 15 years experience within the UK financial services industry. 10 of these 15 years have been spent as aqualified management consultant specialising in cultural change, business process reengineering & strategy design. In April2007 he assumed the role of Head of Information Security at Nationwide Building Society (a business with assets of c.£170bn with 13m customers and 20000 employees) with a specific brief to address the 133 issues raised as a result of afine received from the FSA in respect of a data breach. 2 years on he remains in post leading a team of 52 professionalsproviding expert risk oversight, consultancy & security operations to the Group.

10:40 MORNING COFFEE BREAK & EXHIBITION

11:10 MANAGING INFORMATION SECURITY FOR STRATEGIC ADVANTAGE Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AGAndreas, CISO, CISA, CISSP, leads IT Security & Security Emergency Response globally across the corporation. In this rolehe & his team are responsible for the planning & supervision of Novartis’ worldwide computer & network information securitysystems, defining the company’s IT security policies, baselines & standards & enhancing the security of Novartis IT services& global infrastructure. Andreas has more than 12 years’ experience managing all aspects of information technologymanagement, with deep expertise in rapidly changing, highly demanding large-scale environments. Prior to joining NovartisPharmaceuticals, Andreas worked for Ciba Geigy & IBM on various IT projects covering different aspects of informationtechnology.

11:40 LOCK UP THE DATA - NOT THE CEO. SAFEGUARDING DATA WITH SEAGATESELF-ENCRYPTING HARD DRIVES Joel Bernard, Sales Development Manager, Seagate Technology

12:05 IS INFORMATION SECURITY RELEVANT TO YOUR BUSINESS STRATEGY? Communicating with top management in business language is essential. A CISOneeds to understand where information security can contribute to specificelements of your business strategy & must then convince senior managers thatwhat you are doing is a benefit to the business. This tone-setting session willgive examples of generic business strategy elements & the contributioninformation security can make to ensuring business success. Dr. Frank Marsh, Associate, BurrillGreen LtdFrank is an exceptional & internationally renowned information security specialist covering all aspects of information securityincluding physical, digital, oral & intangible forms, & the prevention, detection and investigation of information leakage. Hehas a PhD from Liverpool University where he worked under Professor (now Sir) David King. He did post-doctoral researchbefore working in the University Computer Laboratory. For 25 years, until 2008, he worked for BAT Industries/British AmericanTobacco in a broad range of business roles, & from 1995 as Global Information Security Manager. Working with BAT‘sbusiness operations globally, he also became the deputy CSO. In 2001, he was elected, by the UK membership, to the globalCouncil of the Information Security Forum (ISF) and was elected by that council of his peers to the ISF Executive a year later.

12:45 LUNCH

13:45 CREATING VALUE & TRUST BETWEEN INFORMATION SECURITY & THEBUSINESS DURING DIFFICULT TIMES: TRANSFORMING INFORMATIONSECURITY TO MISSION-CRITICAL SECURITY As executive boards are threatening to reduce security resource & IT budgets arecut, how can you ensure that your security strategy remains integral to the business& that security is not compromised? Evidence suggests that information leakage &industrial sabotage activity increases in such an economic climate so this is no timeto be cutting back on intelligence, security controls & governance operations!• Measuring true security benefits while avoiding reliance on key

performance indicators• Can the trust brought by online security really drive bottom line results?• Adopting cost cutting strategies versus maintaining business security &

sustainability• Top tips to create value between information security & the business• Understanding the urgent imperative for your business• Steering a top security team through the global downsizing trend• Finding new ways to do thingsChaired by: Ray Stanton, Global Head of Business Continuity, Security &Governance Practice, BTPanellists: Daniel Barriuso, Head of IT Risk EMEA, Credit Suisse; Dave Pope, Headof Information Security - Information Assurance Group, DVLA; Mark Concar, AEBData Security Director, Standard Chartered Bank; Walid Kamal, VP,Technology Security Risk Management, DU Telecom, United Arab Emirates;Valerie Jenkins, Head of Information Security, Zurich Financial Services;Julia Harris, Head of Information Security, BBC

14:20 LINING UP ASSURANCE & IDENTIFYING YOUR TOP INFORMATION RISKS:INTERNAL AUDIT & INFORMATION SECURITY Dave will run an interactive session of value to those who have audited risk

frameworks, as well as those who have responsibility for them. The session willcover how to identify your top information risks & will include acase study on DVLA, how the risk framework was introduced, the role of theCISO & Internal Audit in this process & how to “keep it real”.Dave Pope, Head of Information Security - Information Assurance Group, DVLA, UKDave is also a Member of the Institute of Internal Auditors, a Registered Risk Practitioner & Member of the Institute of RiskManagement. Currently the Head of Information Security at DVLA, he is also the Network Accreditor. He has theresponsibility for the security of one of the UK’s biggest on line organisations, & has responsibility for ensuring compliancewith the recent Cabinet Office data handling guidelines. Previously Dave was the Corporate Risk Manager at DVLA & wonthe award given by ALARM as UK Risk Manager of the year. Dave started his working life as an Internal Auditor & hasworked in several public organisations including HM Treasury & Ordnance Survey, mainly in the IT field. He has managed ITinfrastructures as well as audited them so has experience of seeing both sides of information handling. He lectures withinthe UK and internationally on Risk Management, and is an Associate Lecturer for the National School of Government. Davealso runs a small sheep farm in West Wales!

14:50 SECURING INFORMATION THROUGH TIMES OF EXTENSIVE CHANGE Mark Concar, AEB Data Security Director, Standard Chartered Bank

15:20 HOW TO USE YOUR INFORMATION SECURITY SKILLS TO ADD TO THEBOTTOM LINEQuentyn Taylor, Director of European Information Security, Canon Europe

15:50 AFTERNOON TEA BREAK

16:20 COP TO CONSULTANT - DELIVERING GLOBAL CONSISTENCY ININFORMATION SECURITY Paula J. Chlebowski, Head of Group Information Security, HSBC Holdings plc

16:50 SECURITY & PRIVACY ASSURANCE IN OUTSOURCING & OFFSHORING ANEW CHALLENGE • The seven lifecycle stages of outsourcing contracts• Maintaining security & privacy throughout the contact lifecycle• Are there new/additional security risks? • What needs to be considered

during due diligence of offshore suppliers?• Assurance & conformance audits • Change management • Incident management• Specification of subject access request (SAR) process with the vendor• Ensure vendor continuity plans meet specified business needs including;

backups, recovery, standby & people• Management & change of cryptographic keys• Agree the security & business processes for the transformation of IT &

security solutions over the life of the contract • Third parties & subcontracts • What are the future challenges?Bill Pepper, Director of Security Risk Management, Computer Sciences CorporationBill has a lifetime of experience as a professional corporate & information security & privacy manager. Following adistinguished career in information security with thee Royal Air Force he has obtained a significant reputation as an expert inthese areas, & particularly in privacy & security risk management. In addition to all aspects of security, including information,personnel & physical, Bill is also responsible for Data Protection within CSC’s EMEA Northern Region supported by aspecialist Data Protection team. Latterly he has developed significant experience in the areas of outsourcing & off-shoringfrom the perspectives of both outsourcing services & also running other organisations outsourced services.

17:20 HUMAN ERROR: THE TOP SECURITY CONCERN IN A MULTI-NATIONALORGANISATION? • Creating an effective (& fun!) training & awareness programme • To recommendations for writing an awareness policy that works• Enforcing consequences • Make it easy to do the right thingPaul Wood, Group Chief Security Officer, Aviva Group

Paul has over 30 years experience in the security arena, dealing with crime, fraud, information security, counter-terrorist &executive protection. He worked in a number of security roles within government from 1974 until he retired in 1995 fromthe Directorate of Security Policy, at the Ministry of Defence. He joined the Civil Aviation Authority / National Air TrafficServices as the Head of Corporate Security. From Jul 99 – Apr 06 he was the Chief Security Officer for UBS InvestmentBank, with responsibilities for all aspects of physical & information security. In April 06 he assumed the appointment ofGroup Chief Security Officer for Aviva Group; he has responsibility for all aspects of security across the Group. Paul is aregular speaker on security matters. He was awarded the MBE in the 1995 New Years’ Honours List.

17:50 THE COMMON SENSE & NONSENSE OF JUSTIFYING SECURITYINVESTMENTS Infosecurity accounts for 10% or less of IT budgets - & increasingly managementdemands robust business cases to justify expenditures. Experienced practitionersknow that this is the equivalent of writing technology fiction - the costs arereasonably well known but the benefits are often pure fantasy as security metricsare not a mature topic &management is not interested in technical metrics - theywant to know the cost of information leaks, corrupt data & downtime & some ofthese events are outside the control of the IT function. • Metrics that make sense to non-IT & non-security people• The need to identify accountability for delivering benefits• The true cost of insecurity• The language that helps get a business case approved • How the audit function can help support the business case• How to identify a nonsensical business caseDr. Eduardo Gelbstein, Adjunct Professor, Webster University (Geneva),Former Advisor to the UN Board of Auditors and Former Director, UNInternational Computing CentreEd has been an IT practitioner since the 1960s, during which time he worked as project manager, systems architect &executive in several organisations & different countries until 2002, when he was invited to become an auditor, an activity thathe continues to develop as an advisor to the United Nations Board of Auditors & the French National Audit Office. Ed alsoteaches an MBA course on business systems management in Geneva, Switzerland & is a Senior Fellow of the UnitedNations Institute for Training & Research. He has authored several books & articles.

18:20 CHAIRMAN’S CLOSE OF DAY ONE

18:30 - 20:00 CISO Port & Wine Tasting Reception, Lisbon: Kindly Sponsored by:

20:00 - 22:00 CISO FADO DINNER, LISBON (PROVISIONAL)

CA

SE

STU

DY



CASE

STUD

Y

CASE

STUD

YCA

SEST

UDY

KEYN

OTE

PANE

LKE

YIN

SIGH

TS

PANE

L

DAY TWO: THURSDAY 11TH JUNE 2009 INFORMATION SECURITY RISK: A COMPREHENSIVE & BALANCED RISK MANAGEMENT APPROACH



Networking Diary at CISO Summit 2009! Meeting your information security peers to exchange ideas & build trust-basednetworks is an integral part of the CISO Summit. As such, MIS & Sponsors haveset aside dedicated time for networking, which will allow you to enjoy your time inLisbon. Activities listed below are provisional. Further details will be announcedsoon! 9TH JUNE 2009 - Welcome Drinks in the Garden of the Marriott Lisbon Hotel Meet& make strong first impressions as participants arrive the evening before the summitstarts! 10TH JUNE 2009CISO Port & Wine Tasting Reception, Lisbon: Kindly Sponsored by Taste a selection of ports & wines with security peers at an historical Pombal cellar inthe heart of Lisbon historical city centre, with a presentation on the Portuguesevineyard, different regions, different types of Port wines & the Portuguesegrape varieties. Followed by CISO Fado Dinner, Lisbon Join the group for dinner at one ofthe most reputable & authentic Fado Houses, where several singers willperform during the course of the evening. 11TH JUNE 2009 Sintra Evening Tour & Dinner Overlooking the Beach: KindlySponsored by Sample the rich history & culture that the region has to offer with peers in rusticSintra, just outside Lisbon. Explore the charming picturesque town of Sintra,stopping off for drinks at one of the quaint bars for a reception. A short driveaway, a delicious fish dinner will then be served in a restaurant overlooking thesea.

CASE

STUD

YCA

SE S

TUDY

ACAD

EMIC

INSI

GHT

08:15 WELCOME BREAKFAST KINDLY SPONSORED BY:

08:40 CHAIRMAN’S RE-OPENING Charles V. Pask, Managing Director, ITSEC Associates Ltd

08:45 PATCH MANAGEMENT: INCREASINGLY A FACET OF EFFECTIVE RISK MANAGEMENT Patch management is nothing new; by now we should have moved away fromthe 'install & forget' days of old to a position of comprehensive patchmanagement across the enterprise. Nevertheless, we still see the exploitation ofvulnerabilities hitting the headlines with many organisations not only vulnerableto attack but successfully attacked & exploited. In this presentation we examinethe increasingly critical role of Patch Management in the overall riskmanagement framework & in doing so we look at:• The underlying trends driving the need for Patch Management to be proactive

& preventative, not reactive & curative• What effective Patch Management looks like & what key considerations need

to be taken into account• Why Patch Management in isolation is ineffective & how it fits into the bigger

scheme of things• How people & process play as important a role as technology in making

effective Patch Management a realityMarcus Alldrick, CISO, Lloyd's

09:20 MANAGING THIRD PARTY DATA SECURITY • Importance of managing data security across third parties & supply chain • Understand ownership & main responsibilities • Key contractual requirements • Future and trends in managing data security throughout the supply chain Daniel Barriuso, Head of IT Risk EMEA,Credit SuisseDaniel Barriuso is the Head of IT Risk for EMEA and Global Asset Management at Credit Suisse. Heis responsible for managing IT Risk and Information Security across more than 18 countries inEurope, Middle East and Africa, as well as globally for the Asset Management Division. Prior tojoining Credit Suisse, Daniel was the Director of the Europe Information Security and TechnologyRisk Assessment departments at ABN AMRO Bank N.V. in London, where he developed andpioneered successful risk assessment methodologies. Daniel also dedicates his time as a professorin the Security Post-Graduate Master course at the "Universidad Politecnica de Madrid", where heteaches and researches in the areas of IT governance and management of security investment. He iscurrently a member of the Investment Banking Information Security Group (IB SIG) and is a frequentspeaker and contributor in IT risk forums and events.

09:50 WHAT EVERY CISO SHOULD KNOW ABOUT INDUSTRIAL ESPIONAGE:MANAGING THE BROADER THREATS TO INFORMATION SECURITYTony Crilly, Managing Director, Saladin Technical Services plcFollowing on from a distinguished career in the British Army (which included five years in NorthernIreland on surveillance tasks involving the use of specialist technology on counter terroristoperations), Tony joined the commercial sector in 1988 & management consultancy in 1991. He hasheld a number of senior positions within the industry & has worked in countless countries world-wide on complex investigations & assignments including protective security during the criticalnegotiations for the multi-billion Al Yamamah II deal & for the world premier of the EurofighterTyphoon Aircraft. More recently, in addition to managing Saladin Technical Services, he has beeninvolved in the development of standards within the Security Industry & on International approachesto Nuclear and Radiological Security (non-proliferation), working in association with NATO, the NNSA(USA) & MinAtom (Russian Federation).

10:20 MORNING COFFEE BREAK & EXHIBITION

10:50 WHAT ARE THE KEY EMERGING SECURITY & E-CRIME RISKS? DETECTING MASSIVE CONTROL FAILURES – IS THIS A ROLE FORTODAY’S SECURITY CHIEFS?Heads of Information Security & experts list their top ‘hot buttons’ & focus for2009 & beyond, sharing the latest threats they face, as well as their plannedsecurity strategy going forward & key lessons for other industry sectors.• What are the top 3 technology risks & trends on your priority list?• How has the global financial crisis & the uncovering of recent high profile

frauds impacted your approach to security?• How to manage social networking vulnerabilities • The threat of social engineering to hijack sensitive information • How far to police or trust staff, & how to maintain thought leadership across

highly networked groups of staff• How will emerging risks (malware & attack vectors, viruses) affect your organisation?• What are your plans to test your security strategy & take a proactive stance?• Recommendations going forward• Protecting your organisation from the greed of top execs: a valid role for today’s CISO?Chaired by: Paul Wood, Group Chief Security Officer, AvivaPanellists: Philippe Huard, Seagate Technology; Jorge Pinto, Chief SecurityOfficer, InfoSec.ONline.pt, Portugal; Edward P. Gibson, FBCS*, Chief Cyber Security Advisor, Microsoft Ltd (UK);Sarb Sembhi, President, ISACA London Chapter; Robert Coles, Global CISO,Merrill Lynch Neil Jarvis, Head of IT Security, IT Risk and BusinessContinuity, DHL Exel Supply Chain

11:35 AWARENESS RAISING: MAKING ‘THE RISK, OUR INFORMATION, YOURRESPONSIBILITY’ & OTHER AWARENESS MATERIAL As you know, raising the awareness of colleagues about information risks isbecoming increasingly important. However, the impact of many of the olderways of doing this has declined, perhaps given that they have become rathertied & dated. One of Mark’s responsibilities has been to address this, which hasinvolved the making of a film, road shows, poster campaigns etc. The Barclaysapproach has been different & innovative, & these initiatives have attracted anumber of awards. This is a multimedia presentation that will grab your attention& will stimulate further debate amongst the audience• Our approach • The impact it’s had • The lessons learned • Next stepsMark Logsdon, Information Risk Management, Barclays

12:35 WHY SECURE CODING IS NOT ENOUGHJohn Colley, Managing Director EMEA, (ISC)2 EMEA

13:10 LUNCH

14:15 INTERACTIVE SESSION – PLEASE SELECT YOUR PREFERRED BREAK-OUT….BREAK-OUT A: HOW HACKERS GET & CRACK PASSWORDS?Jason HartBREAK-OUT B: THE CONVERGING WORLDS OF PHYSICAL & DIGITALSECURITY – INTERACTIVE SESSION!An interactive session - participants will examine some of the processes whereconvergence can cause conflict. You will work in small groups & considerprocesses such as investigations & physical/digital access control. How areoperational boundaries defined? How are responsibilities managed? Who controlsthe budget & resources? What are the key steps for a CISO to take?Dr. Frank Marsh, Associate, BurrillGreen Ltd

14:55 PRIVACY ENHANCING TECHNOLOGIES (PET's) Although privacy enhancing technologies have been researched for the past 20years, it's only recently that they have found a new & enthusiastic audience,spurred on by data breaches in the public & private sector. The UK's InformationCommissioners Office has embedded their use into their privacy by designinitiative & the European Commission publicly backs the development &application of these technologies within industry & through its researchprogramme. PET's: What are they anyway? Why should I care? What options areavailable to me now? How are they likely to develop in the short to medium term?What tools are available to me enable them to be embedded into my organisation?Paul Hopkins, Head of Network Vulnerability Intelligence e-Security Group,University of Warwick

15:30 AFTERNOON TEA BREAK & SPONSORS’ PRIZE DRAW

15:50 SECURITY VS. PRIVACYThe panel will discuss how to deal with areas of potential conflict betweenprivacy & security.• What do we mean by privacy? Information about us? Information belonging

to us? Space we regard as ours like a phone or bag? Our physical privacy -searches?

• What is the privacy role of the CISO?• Should there be a "privacy officer" separately from the Security team?• How does a CISO balance the need for privacy during investigations?• Do you prevent, allow and monitor or allow & not monitor? Who sets the rules?Chaired by: Dr. Frank Marsh, Associate, BurrillGreen LtdPanellists: Michael Colao, Global CISO & Director Information Management,Dresdner Kleinwort; Marcus Alldrick, CISO, Lloyd's; Paul Hopkins, Head ofNetwork Vulnerability Intelligence e-Security Group, University of Warwick;Mark Chapman, Senior Research Consultant, Information Security Forum;Janet Day, IT Director, Berwin Leighton Paisner LLP

16:30 CONSUMER APPLICATIONS: CREATING SECURITY PROBLEMS? Consumer applications such as Skype & Gmail have caught the imagination ofthe corporate world. With easy access & zero cost many organisations areassessing these applications for use internally. Users are also demandingaccess to some of these applications on the basis of productivity, ease of use &personal experience. Whilst there are business versions of these applications theuptake may be via the consumer products. This presentation explores the risksthat organisations may be exposed to by adopting these applications or allowingusers to access these applications with insufficient guidelines.Neil Jarvis, Head of IT Security, IT Risk and Business Continuity, DHL ExelSupply ChainWith over 14 years experience in both commercial & government information systems security & a proven track record in thespecification, design & implementation of complex IT & security infrastructure solutions to meet business requirements. Neil’sexperience includes network infrastructure, server infrastructure, operating systems security, application security, informationsecurity, penetration testing, disaster recovery, business continuity, business requirements gathering, analysis, interpretation &delivery of pragmatic cost effective solutions.

17:10 PROTECTING INFORMATION IN THE END USER ENVIRONMENTMark Chaplin, Senior Research Consultant, Information Security Forum

17:50 SINTRA DINNER - KINDLY SPONSORED BY:

CASE

STU

DY

CASE

STUD

Y

DAY THREE: FRIDAY 12TH JUNE 2009 CISO ROUNDTABLE: APPLY YOUR SECURITY EXPERIENCE TO DELIVER BENEFICIAL RESULTS

AGENDA TIMINGS:

9:00 START

10:30 COFFEE BREAK

12:30 LUNCH

15:00 TEA BREAK

16:00 CLOSE

ABOUT THE CISO ROUNDTABLE:The CISO Roundtable 2009 provides the ultimate forum for heads of informationsecurity to discuss key security challenges & benchmark strategy with peers todevelop team expertise & professional skills, as well as to advance standards &approaches for the information security community at large. All participants will havethe opportunity to input into the agenda beforehand. The focus is on roundtablediscussions & group work, with sessions facilitated by established information securitypractitioners & industry experts. This is the ideal opportunity to meet global securityindustry leaders & network with professionals who face a similar set of challenges asyou. At the end of the day, there will be an opportunity for those who have agreed to aconfidentiality agreement in advance to attend a ‘closed door’ 30 minute sessionwhere participants can discuss real life information security incidents & discusspossible solutions.

SESSIONS FOR DISCUSSION INCLUDE:

1. THE 10 MISTAKES CISOS MAKE WITH THEIR CAREERS: WHATWOULD ESTABLISHED CISOS ADVISE YOU TO THINK ABOUT TOMAKE YOUR NEXT STEP?

2. STEERING A TOP SECURITY TEAM THROUGH THE GLOBALDOWNSIZING TREND & HOW TO RECRUIT & KEEP A TOP TEAM

3. INCREASING SECURITY CREDIBILITY TO THE BOARD

4. ESTABLISHING AN IMAGINATIVE SECURITY AWARENESSCAMPAIGN WITH A LIMITED BUDGET

5. NEW INTERACTIVE SESSION - HOW CAN SENSITIVEINFORMATION STAY FAITHFUL TO ITS ORGANISATION?

This will be an interactive session with the audience split into three groups: Thedisaffected employee 2. The exiting employee 3. The CISO. The challenge: We allhave security policies & measures in place that aim to protect the business fromdata leakage from our systems & our people. Backing up data & holdingdocuments in central repositories provide a sense of well-being & comfort. We havethe technology - we can achieve. However, the fact remains that to protectcorporate data & intellectual property is a real challenge when we consider thepeople aspect. Where are all your data stored? Do you know? Greed, Envy,ambition, desperation & poverty are key characters in this play that convert even themost corporately versioned employee. Add ignorance; lack of training, education &awareness; time pressure & general lack of ability into the pot & the mix becomesworse. This exercise is about protecting your most valuable corporate asset.

CHAIRED BY:Charles V. Pask, Managing Director, ITSEC Associates LtdCharles is responsible for delivering global IT security & IT audit services, including public trainingcourses, in-house training courses, conferences & symposiums. Previously, he was a Director with MISTraining,& Director of Information Security Institute (ISI) European & Middle East e-Security Services. Mr.Pask has over 20 years’ experience in IT, IT audit,& IT security, & was the Information Security Managerfor Alliance & Leicester plc prior to joining MIS. More recently Charles was the Global Head of Strategy,Development & Globalisation for he BT Business Continuity, Security & Governance Practice.

FACILITATORS:Floris Van Den Dool, Security EMEA Lead, AccentureFloris provides services to several of Accenture’s main clients across all industries. Floris has been activein IT consulting & security for 20 years & lectures at Erasmus University in Rotterdam on the topics likeComputer Architectures, IT auditing & Security. Currently he is helping a number of organisations withthe security aspects of outsourcing as well as outsourced security services.

Marcus Alldrick, CISO, Lloyd'sIn his role at Lloyd’s Marcus is responsible for ensuring that risks to information are understood &adequately mitigated in a cost effective manner throughout the organisation, both in the UK and in itsoverseas locations, & that assurance to this effect is provided to Executive, Senior and LineManagement. Marcus has worked in IT for over 30 years, specialising in information risk & security forthe latter 17 years. Prior to joining Lloyd’s, Marcus was a Principal Advisor for KPMG, working in ITAdvisory & specialising in information security strategy definition & implementation. Before that Marcuswas Head of Information Security for Abbey National plc, a leading UK bank, a position he held for sixyears following seven years as Information Risk and Security Manager for Barclaycard, part of Barclaysplc & Europe’s largest credit card issuer.

Mark Chaplin, Senior Research Consultant, Information Security ForumMark is an information risk management professional with over 18 years of experience in IT and

information security. He has worked in diverse roles from consultancy to information security governanceand strategy for blue-chip organisations. Prior to joining the ISF Mark was responsible for informationsecurity at a multinational FTSE 250 company. He believes in a risk-based, business-oriented approachto managing information risk, while complying with the requirements of internal standards, contracts,regulation and legislation. Mark runs global research projects for the ISF on all aspects of informationsecurity, including governance, standards, risk management and compliance. Mark is also responsiblefor the ISF’s Standard of Good Practice for Information Security.

Michael Colao, Global CISO & Director Information Management,Dresdner KleinwortMichael has been with Dresdner Kleinwort since 1999. He is the Director of Information Management. This role meansthat Michael is both the Global Head of Information Security for the Bank as well as the Global Head of Data Protectionand Privacy. He has a strong side-interest in computer forensics & in the management of digital evidence. Hegraduated from the Massachusetts Institute of Technology in 1987 where he studied Mathematics & ComputerScience. He has since lived in three continents & has lectured globally on security technology issues. Since 1996 hasbeen working in Financial Technology in London.

Paul Wood, Group Chief Security Officer, AvivaPaul has over 30 years experience in the security arena, dealing with crime, fraud, information security, counter-terrorist& executive protection. He worked in a number of security roles within government from 1974 until he retired in 1995from the Directorate of Security Policy, at the Ministry of Defence. He joined the Civil Aviation Authority / National AirTraffic Services as the Head of Corporate Security. From Jul 99 – Apr 06 he was the Chief Security Officer for UBSInvestment Bank, with responsibilities for all aspects of physical & information security. In April 06 he assumed theappointment of Group Chief Security Officer for Aviva Group; he has responsibility for all aspects of security across theGroup. Paul is a regular speaker on security matters. He is a member of the ISSA Advisory Board; a founder member& now Director on the Board of IISP & a member of many other professional security forums. He was awarded theMBE in the 1995 New Years’ Honours List.

Dr. Cheryl Hennell, Head of IT Security and Information Assurance,OpenreachPrior to her current position, Cheryl was a Senior Lecturer at the University of Portsmouth. Following 3 decades in theIT industry working for the Ministry of Defence, The Office of Population, Censuses & Surveys & as a Europeanconsultant for a blue chip organisation, she entered academia. Cheryl is an active CISSP & has recently beenappointed as an ambassador for Childnet delivering training sessions in schools. Her academic interests lie in theanalysis & design of information systems; developing secure information systems; business continuity & disasterrecovery, & digital forensics. She designed, developed & led lectures on the BSc (Hons) Digital Forensics degree forthe University of Portsmouth.

EXPAND YOUR REACH (& BUDGET!) - MEET EUROPE’S FINESTINFORMATION SECURITY DIRECTORS ALL IN ONE PLACE!

A learning & high level networking forum rather than a ‘trade show’, the CISOSummit is designed for people to share ideas & build trust based relationships – aunique event designed for the world’s elite information security directors & normallyelusive & difficult to reach executives! Use this platform to influence clients & ensureyour leading market position. CISO networking sponsorships have includedreceptions on a boat on the River Danube, a catamaran cruise in Barcelona, anexclusive beach front venue in Nice, through to dinner in the ancient wine cellars ofBudapest & Grand Prix receptions. Other options range from exhibiting toparticipating on a panel discussion, presenting a keynote or sponsoring a facilitatorfor the ultimate benchmarking event - the interactive CISO Roundtable! Given thatMIS’ background is in security & audit training, delegates typically comprise 95%‘practitioners’ (e.g. CISOs, Heads of IT Security rather than consultants or vendors).

All sponsorship packages include a number of free client places, exhibition &speaking options. For more information, please contact Sara Hook, ConferenceDirector on: +44 (0)20 7779 7200, or email [email protected]

ABOUT THE VENUE

Lisbon, the town of the seven hills & the Tagus river, capital of Portugal since 1147.With its gentle climate, abundant attractions & rich cultural diversity, it is a city withmuch to offer. One of the main saints' days will take place during your stay in Lisbon.There is a big parade on the night of the 12th June for St Antonio which makes itsway along the Avenida da Liberdade. The old quarters of Alfama & Mouraria areparticularly busy & celebrations continue until dawn. The Lisbon Marriott Hotel isonly a 15 minute drive from Lisbon airport, & is situated in the business district.

CISO EXECUTIVE ROUNDTABLE 2009DELIVERING PRAGMATIC & VALUE-ADDING SECURITY: REALISTIC SECURITY FOR BUSINESS REALITIES“Definitely worth the money within the first half day" IT Security Officer, European Court of Auditors


REGISTRATION INFORMATION (fees must be paid in advance of the event)

Fee Free Gift (book by 30th April 2009)

CISO Executive Summit & Roundtable 2009 (3-Days) £1,850

CISO Executive Summit Only 2009 (2-Days) £1,495

Included in the FeeEntry to 3-Day Event, CISO Dinner, CPEs, Certificates, Official SummitWorkbook, Web-link to All Updated Presentation Materials.

MIS Training Institute Terms & Conditions: MIS Training operates a 20 workingday cancellation policy. Any cancellations received after 20 days or any delegatethat does not attend will be subject to full payment. You may transfer to anotherconference for a transfer fee of 25% of the initial booking fee plus the differencebetween the value of the conference you are transferred to. Please note that thereplacement course/conference must take place within 9 months of the initialapplication. Alternatively you may send another colleague to the initial bookedcourse/conference without incurring any additional fees.

PLEASE SEND ME INFORMATION ON

3rd Annual Fraud & Corruption Summit 2009, 18 - 20 March 2009, The Dominican Hotel, Brussels - Belgium

Effective Audit & Investigation for Improved Tax Compliance - Africa 2009, 11 - 14 May 2009, Abuja - Nigeria

4th Annual Audit, Risk & Governance Africa Conference 2009, 21 - 24 July 2009, The Speke & Commonwealth Munyonyo Resort‚ Uganda

3rd Annual Chief Security Officer (CSO) Summit 2009, 16 - 18 September 2009, Barcelona‚ Spain

Conferencia Latinoamericana: Gobernanza, Riesgo y Auditoria 2009, 13 -16 Octubre 2009 - Mexico

Audit, Risk & Governance Middle East 2009, 2 - 4 November 2009, Dubai - UAE

2nd Annual CISO Executive Summit - Middle East 2009, 9 - 11 November 2009, Shangri-La’s Barr Al Jissah Resort, Muscat -Sultanate of Oman

2nd Annual Security Africa Summit 2009, 17 -20 November 2009, Labadi Beach Hotel, Accra - Ghana

2nd Annual Digital Evidence Conference, 7th - 9th December 2009, Doha - Qatar

Founded in 1978, MIS Training Institute is the international leader in providing training &conferences to information security, audit, fraud & IT audit professionals. With offices inthe USA, UK, & Asia, MIS is a division of Euromoney Institutional Investor Plc (FTSE250)and is part of the Daily Mail & General Trust (DMGT). www.mistieurope.com

5 EASY WAYS TO REGISTER

Tel: +44 (0)20 7779 8944 Email: [email protected]

Fax: +44 (0)20 7779 8293 Web: www.mistieurope.com/CISO

Mail: Guy Cooper, MIS Training, Nestor House, Playhouse Yard, LondonEC4V 5EX UK

CUSTOMER INFORMATION

(please print or attach business card)

Title First name

Surname

Position

Organisation

E-Mail Address (Required)

Address

Country Postcode

Telephone Fax

The information you provide will be safeguarded by the Euromoney Institutional Investor Plc. group whosesubsidiaries may use it to keep you informed of relevant products and services. We occasionally allowreputable companies outside the Euromoney Institutional Investor Plc. group to contact you with details ofproducts that may be of interest to you. As an international group we may transfer your data on a global

basis for the purposes indicated above. If you object to contact by telephone , fax , or email please tick the relevant box. If you do not want us to share your information with other reputable companies

please tick this box

PAYMENT METHOD

(all fees must be paid in advance of the event)

Pay Online at www.mistieurope.com

Cheque enclosed Please invoice my company PO#(payable to MIS Training)

Credit cards can be taken over the phone only. Please call +44 (0)20 7779 8944

Please include billing address if different from address given above

Please note that in completing this booking you undertake to adhere to thecancellation policy and payment terms.

Signature Date

Approving Manager Position

SUMMIT VENUE & ACCOMMODATIONThe CISO Executive Summit & Roundtable will take place at:Marriott Lisbon, Avenida Dos Combatentes 45, Lisbon, PT 1600-042, PortugalTel: +351 217 235 562, Fax: +351 217 264 418www.marriott.com/lispt

Discounted bedroom rate for CISO Summit 2009 - 140 euros B&B (inc. tax).

The Marriott Lisbon Hotel is one of thebest hotels in Lisbon, providing thewarmest introductions to thisspectacular area. Guest rooms achievean extraordinary balance of luxury &function, with the comfort of the newMarriott bedding, high-speed Internetconnection & balconies with dazzlingviews of the city. Or upgrade to one ofour Concierge levels, with its enhancedamenities & services. Visit the well-equipped fitness room for aninvigorating workout. For a relaxingrepast, Citrus Bar & Restaurant offersfine Portuguese & Mediterranean cuisinepaired with a selection of local wines.24-hour room service is available.



TO REGISTER CALL +44 (0) 20 7779 8944 FAX +44 (0) 20 7779 8293EMAIL [email protected] OR VISIT WWW.MISTIEUROPE.COM/CISO

FREE GIFTSecure Your Place By 30th April 2009 & Receive a FREE 4GB Fast Secure Biometric Fingerprint USB 2.0 Flash Memory Drive

When registering please quote ref: GE1

europe’s premier event for information security …• neil jarvis, head of it security, it risk...

Documents