The IT Security Roundtable Meeting Tuesday 20th June 2017, 8:00 -16:30

followed by Networking Drinks

The Radisson Blu Zürich Airport Hotel, Switzerland

The IT Security Roundtable Meeting Tuesday 20th June 2017 I 08:30 – 17:00 I The Radisson Blu, Zurich Airport

2017 Facilitators Include:

CIO Marcos Contreras

Group Information Security Officer Alain Beuchat

CIO Markus Bierl

CIO Jürgen Bartling

Director, Master Data Management

Roland Schmid

Director Global IT Infrastructure & Security

Leonardo Casubolo

IT Director

Mervi Lampinen

Head Of IT Security at Global IT Service Center

Mike Cartwright

IT Director Renato Gubser

CTO EMEA Networks

Rastad Askari

Director, Enterprise Architecture Reinsurance

Pierluigi Fasano

Director Compliance Security Control Steering Marcel Zumbühl

VP Group Information Technology Anna Klebus

Chief Security & Privacy Officer Thomas Born

VP, Global Head of New Business Models & Digital Operations

Olivier Convard

Director - IT Business Partnering & Innovation

Galina Gray

Director Security & Organisation Eldo Mabiala

1. Personalised Agenda Each attendee receives a personalised agenda combining industry-lead, topical roundtable discussions, networking and business meetings. You only attend sessions and meetings that fit your challenges and interests.

4. Roundtable Discussions Small exclusive groups of IT and IT Security Professionals who face shared challenges and strategic priorities are brought together in 60-minute sessions that enable participants to share ideas and lessons learned. Facilitated by experienced IT professionals, these sessions provide a valuable dialogue with peers on current challenges and topical issues.

3. One-to-One Meetings The most effective and time efficient way to assess potential partners at a strategic level. Compare and update your knowledge of the industry in 30-minute informative and relaxed business meetings with solution providers of your choice

“Interesting to meet colleagues from other countries and

organisations and to share that we are all facing similar issues”

- AIG Europe Limited

“Met with interesting vendors, good use of my time. Collected useful

insights from other Directors. Overall, an excellent day”

- Unilever

Why attend:

“A very well run Strategy Meeting. Enjoyed the

programme put together for me. The roundtable meetings were

excellent” - Bank of New York Mellon

5. Future Investment Projects Collaboration with peers on 3 future investment projects that will support you with better project implementation. We will schedule meetings for you with your peers in a roundtable and one to one basis. Where possible, we will recommend some solution provider options based on our selection and rating system.

“The close format of this event allows to meet really interesting people, and share

thoughts. It allowed me to take a step back and think of the bigger picture and

explore new ways”

- Carrefour

2. Peer-to-peer networking Strategic networking opportunities form a key benefit of participating in the meeting. Our proven format for building and strengthening alliances is underscored by a host of networking programmes.

The IT Security Roundtable Meeting – 20th June

3.

4.

1. The GDPR Initiative (in German DSGVO): What the update on the EU Privacy Framework will mean for your organisation • GDPR is imposing strict protection of person-related data • GDPR is imposing high fines for violations • GDPR is to be implemented on a national level • Most cloud providers are US companies • Safe-harbor agreement between EU and US is no longer valid, creating a vacuum • How do you (as part of this panel), plan to deal with it? 2. Security and regulatory compliance • Making compliance security compliant • Using the advantages of reg tech while observing • Data protection • Regulations and customer trust 3. Overcoming the big security hurdle in cloud adoption - an end to end approach • Addressing the specific security challenges associated with cloud adoption in comparison with on premise security

management • Building a framework for assessing cloud service providers and their ability to deliver on your security requirements • Addressing the data governance question and the legal implications of moving data to a different jurisdiction • Taking steps to increase your control over applications and or infrastructure stored in the cloud 4. Building a Leading Cyber Security Culture • Identifying and engaging all stakeholders of the business when it comes to Cyber Security • Integrating security into the wider business to enable ease of implementation • Understand the barriers to developing an enterprise-wide cyber security culture and how they can be overcome • The security challenges posed by virtualization pushing IT systems off premises and into the cloud • The extent to which digital business strategy extends the boundaries of identity and access for employees • Changing user behaviour and making security relevant to employees

The IT Security Roundtables – 20th June

5.

5. IOT Security Dilemmas • The fast growing divergence between market needs and what the security community and technology can deliver Thomas Born, Chief Security & Privacy Officer, Vodafone 6. Data protection for companies traded on the exchange market • Publishing of information with relevance for the exchange rate • Regulation of SIX (Swiss Exchange): Pull and Push Systems • Publishing on the website of the emittent • Impact of the regulation for IT-Departments: Availability, Deployment process, confidentiality, Data protection, archiving • Is Outsourcing for corporate websites of traded companies an option? 7. People risk management and its implications on information security • Types of risk what are people risks • Implications of people risk management to the information security • Moving from a intuitive appreciation to a measured and factual diagnostic • Building a cartography of risks and the controls to put in place 8. Building a detailed data and information security strategy around third party suppliers • How can security vendors and third parties guarantee data security? • To what extent are your third party suppliers meeting National Government and EU Commission data protection rules? • Determining appropriate levels of access to data that you should give third party suppliers 9. Engaging the Board and Senior Management: Enabling Informed Decision-Making on Risk • Best practice techniques in communicating the business value of information security, to enable better decision making • Delivering information security performance and demonstrating ROI • Gain practical advice on building the case for investment in security • The evolving CMO vs CIO relationship and the need to prioritize innovation and digital strategies • How best to sell IT security and risk management to other departments in order to achieve their buy ins • How security investments bring value beyond the prevention of cyber attacks

The IT Security Roundtables – 20th June

6.

10. IT Security Innovation: Change, Processes and Mind-frames IT Security Innovation: Change, Processes and Mind-frames • Culture change from the top down – treating security as part of the risk management business • Treating and managing security as business enabler; not as productivity barrier – getting away from the traditional dogma of

eliminating risk at all costs • Avoiding the justification of security with Fear, uncertainty and doubt (FUD); building a positive message based on education

and understanding across the organisation • Addressing the employee’s home security environment as well as through the work environment, supported by a no blame

culture to encourage reporting 11. Human Risk –Instilling a security mind-set throughout your organization and network • The human, often described as the weakest link in information security • What are the key aspects about security that board members need to know? • What metrics will help you to effectively report on the state of the security in your organization? • How can you effectively communicate with non-technical executives and how can you train them on the correct use of your

security systems? 12. How to help your business in becoming cyber resilient – IT’s role • Assessing current and emerging cyber threats • What to watch out for - third-party vendors, poorly designed mobile apps, vulnerable encryption tools and more • How to apply data analytics to information security problems • Adapting your company’s resilience to the new reality – impact of new legislation, as well as reports such as "Threat Horizon

2016" • How can enterprises mitigate nation-state espionage • Responding to more sophisticated expectations of end users - security perspective • Integrating mobile security considerations into overall security programme • Responding to rapidly emerging mobile app tampering risks and creating new risk mitigation strategies for mobile apps

where device-centric solutions are not an option

The IT Security Roundtables – 20th June

7.

13. Instilling a security mind-set throughout your organization and network • The human, often described as the weakest link in information security • What are the key aspects about security that board members need to know? • What metrics will help you to effectively report on the state of the security in your organization? • How can you effectively communicate with non-technical executives and how can you train them on the correct use of your security

systems? 14. Examining the impact of the new general data protection regulation (GDPR)– challenges and opportunities • What are the consequences of the move from a Directive to a Regulation? Is the European harmonisation a blessing or a curse? • How to create awareness of GDPR at board level? • How to turn GDPR into an opportunity for your business? • Establishing appropriate data retention policies – starting with a clear data classification scheme • Forthcoming challenges with social media – addressing the challenges with help of reputation management tools 15. The Threat Landscape and Data Leak Prevention: Adapting Compliance and Awareness to the Threat Landscape • After hackers and trojans, what is the next constantly evolving generation of threats? • Does the geo-location of contractors qualify them as threats? • How can cyber-security internal standards be implemented on the global scale? • How can the standard and safety a foreign organisations be assessed? • Are cyber-threats becoming a geo-political issue? 16. Minimising cyber risk - boosting your cyber risk management competence • Exploring the current challenges of cyber threats in today's business world – new security threats that require next generation security • Understanding what information you need to protect: identify the corporate “crown jewels” • Addressing the cyber security skills shortage

The IT Security Roundtables – 20th June

8.

17. Developing a robust security policy to enable business growth • The impact of social, mobile and cloud trends on information security • Consumerisation of IT and its impact on security • Building a tailored blueprint to protect your data and ensuring that employees understand it • Ensuring real time visibility and controling over all endpoints—from servers to smartphones • How to successfully manage big data privacy and ethics concerns 18. Boosting your cyber risk management competence to safeguard your data and assets from growing cybercrime • Examining the evolving complexity and sophistication of cyber attacks and what they could potentially mean for your

organization • Assessing the increasingly important role of security intelligence in combating cyber threats • Bridging the cyber skills gap in your organization • Optimising your risk assessment strategy to decrease cyber attacks across all current and future operations 19. How to use threat intelligence to optimize security response • Aligning the your company defences to the threat posed to your business • Discover how to design effective defensive approaches for newly defined threats • Assess different sources of threat intelligence and discover how to build a threat intelligence capability • How threat intelligence is used to support security operations • What are the most useful and appropriate sources of intelligence and how can they be leveraged to resolve security breaches • What is the business case for investing in cyber intelligence? 20.How is the role of the Security Leader evolving? • Examining the security pressures and challenges that security leaders are/will be facing • Review the different paths to security leadership and ongoing development of key skills • Understand the emerging responsibilities that are/will be part of the security leaders role • Assess the effectiveness of the security leader and their position in the organisation

The IT Security Roundtables – 20th June

9.

Please find below a list of some of the organisations that have participated recently

Any queries please contact eva.martins@strategyinsights.eu / 0044 (0) 203 735 6970

ABB Calida AG Hilti SBB

Acino Group CCS Adaxys AG Honeywell Selecta

Actelion Celgene Kellogg Company Shire (Baxalta)

Adecco Group Chopard LafargeHolcim Swatch Group

AGCO Cicor Group Landis+Gyr Swiss Post

ALDI SUISSE Cotecna Inspection LGT Swiss Re

Alpiq AG Credit Suisse Lonza Swisscom

Alstom Group CSL Behring LORD Corporation Swissport

AXA Deutsche Bank Manor AG Swissquote

Axpo Services AG DHL Michael Kors TAG Heuer

B. Braun Medical Dufry Mondelez International Takeda Pharmaceuticals

Bacardi Eaton Corporation Monsanto TALLY WEiJL

Baloise Group EF Education First Nestlé Tamedia

Baxter International Inc. Emmi Schweiz AG Nobel Biocare Tecan

BCGE ERIKS Novartis Touring Club Suisse

Belimed AG Ermenegildo Zegna OC Oerlikon Balzers Trafigura

Berner Group Ferring Pharmaceuticals Oettinger Davidoff AG Trina Solar

BIOTRONIK Flughafen Zürich AG PPG Industries UBS

BKW AG gategroup Procter & Gamble UEFA

Bobst Group GE Capital Puma Energy Valora Group

Brink’s GE Power Ralph Lauren V-ZUG AG

British American Tobacco Geneva Airport RBS Services Wella AG

Brugg Cables Glencore Roche Winterthur

Burckhardt Compression Goldbach Group Roche Diagnostics WWF International

Cablecom Haemonetics ROLEX SA. Zimmerbiomet

The IT Security Roundtable Meeting – 20th June