Information security has become a top priority for
government and business, from the largest corporate to the smallest
enterprise.
Valuable data has become concentrated as never before, making it
a target for criminals and hackers. The theft of sensitive data can
cause a loss of confidence in governments, a decrease in the value
of companies, a failure to comply with legislation, or financial
losses from fraud.
There has been a shift in security threats to business, with
organised crime moving into the arena, using the tools developed by
hackers, virus writers and spammers. The result has been a spate of
highly publicised attacks, using techniques that are becoming more
sophisticated, combining hacking, phishing, spyware, denial of
service, botnets, worms and viruses. As the stakes become higher,
the criminals will become more determined.
Information security is the defence against this growing threat,
and it now affects every aspect of how we do business. Secure
operations mean higher productivity and a real business advantage
over competitors.
Infosecurity Europe is dedicated to information security. With
more than 300 exhibitors, the event is a comprehensive showcase for
a diverse range of new and innovative products and services from
information security suppliers. The event enables security
professionals and business managers to establish a commercial
justification for information security, refine their security
policies, and select the most appropriate systems to support their
security strategy.
More than 11,000 visitors are expected to attend this year’s
event, with many travelling from overseas to participate in the
free education programme that addresses both strategic and
technical issues, drawing on the skills and experience of senior
end-users, technical experts and case studies.
This year, more than 130 companies will use the event to
showcase their products and systems, allowing visitors to arm
themselves with the knowledge to defend their company against
threats, and equip themselves with the latest technology and
services.
There are 123 speakers in the education programme, with keynotes
and seminars presented by experienced and respected professionals
from the information security arena.
The 2006 keynote sessions at Infosecurity Europe bring together
the industry’s leading independent experts, government officials
and end-users from major corporations, and take an in-depth look at
some of the hottest ideas in information security today.
Infosecurity Europe is free to attend, and visitors can be
confident of the quality of content and educational value.
According to research by Infosecurity Europe, the top 10 issues
of concern to chief security officers and CIOs are:
Compliance, governance, audit and security
Protecting reputation, brand and intellectual property
Internal threats
Professionalism and certification of security personnel
Identity management and preventing identity theft
Threats from new technology such as voice over IP, instant
messaging and USB devices
Mobile, wireless and remote working
How much should be spent on security
Deperimitisation
What is essential to secure new ways of doing business?
The education programme at Infosecurity Europe reflects these
concerns, and the opening address is by Lord Erroll on Identity: a
Burning Political, Legal and Social Question. Focusing on
cybercrime, Tony Neate, national e-crime liaison, Serious Organised
Crime Agency chairs a panel on E-Crime: Who Got Caught Out?
Security specialists Leo Cronin, senior director information
security, LexisNexis, Martyn Croft, head of corporate systems at
the Salvation Army, Peter Pederson from Blue Square, and Stephen
Bonner from Barclays Capital, will use case study responses to
recent breaches to advise on how best to preserve reputation and
brand equity.
Cronin said, “In order to address today’s online threats,
companies must take into account the security posture of their
customers and partners. Thieves and adversaries will continue to
attack the weakest link in the chain, which could very well be the
source of your revenue or a trusted component in your supply chain.
Multi-factor authentication, better monitoring and posture
assessments will be key controls in mitigating risk for the
foreseeable future.”
This is supported by Croft, who said, “In today’s fast-paced,
global workplace, the need for effective information security has
not diminished, but rather has increased to the point where it is
difficult to see how any organisation can work effectively without
it.”
PricewaterhouseCoopers, together with the Department of Trade &
Industry, will unveil the findings of the 2006 DTI Information
Security Breaches Survey.
Chris Potter, partner at PricewaterhouseCoopers, which conducted
the survey, said, “The last survey [released in 2004] showed that
increased internet use by business, coupled with under-investment
in security, had resulted in a big increase in the number of
companies with security breaches and in the number of breaches each
affected company suffered. At Infosecurity Europe, we will reveal
whether these trends have continued and hopefully shed some light
on the good practices leading companies are adopting.”
A keynote panel, chaired by independent consultant John
Harrison, will address which certification proves you can do the
job, and identify which qualification employers value the most.
According to panellist Allan Boardman, president of the London
chapter of the Information Systems Audit and Control Association,
certification does not guarantee you a job, but it helps to get you
the interview. “Although a certificate is no substitute for
experience, they are important differentiators, particularly as the
information security profession matures.
“By hiring or retaining the services of a certified information
security manager, the organisation shows that it has invested in a
professional who is committed to demonstrating information security
management knowledge and skills, and undertakes to maintain these
through ongoing professional development,” he said.
The keynote on Mitigating the Enemy Within will examine case
studies where internal breaches have occurred and will examine ways
to prevent internal breaches.
Speaker Steven Furnell, reader in information systems security
at the University of Plymouth, said that although many security
products implicitly highlight the risk of internet-based attacks
and other external threats, there is significant potential for an
organisation to face problems from within. Malicious insiders are
in a better position to know what is of value and how to get it,
and organisations will require a combination of technological and
personnel-oriented countermeasures.
“Insider activities can pose varying degrees of threat, and it
is worth differentiating between opportunistic or misguided users
who may misuse system resources, and genuine ‘enemies within’ who
become the source of deliberate attacks and abuse,” Furnell
said.
Richard Starnes, president of the Information Systems Security
Association UK, will debate the case for and against security
architectures based on the deperimeterised model. Other speakers at
the debate are Nick Bleech, IT security director at Rolls-Royce,
Dan Blum, senior vice-president and research director at Burton
Group, Mark Waghorne, principal adviser, KPMG, and Paul Simmonds,
global information security director at ICI.
Starnes said, “This panel is a debate from leading experts
examining the case for and against the deperimeterised model. You
will hear formal arguments proposing and opposing the motion. Is
this model suited to the disparate workforce employed by many
companies today? Listen to the arguments, ask the panellists
questions, and round it off by voting for your winning team.”
Simmonds, a founding member of user group the Jericho Forum,
said businesses had already been deperimiterised, but may not have
realised it. “The deperimiterisation debate is at the heart of the
discussion about what we want the internet to become, and whether
we will have an internet tomorrow that we can trust.”
Blum explained how the market was moving forward.
“Deperimeterisation is a fact of life, but it increases risks.
Protections substituted for hard firewall separation generally have
lower surety. If the perimeter is dead, long live zoning! With
outer perimeters more porous, enterprises must create internal
perimeters, and support personal firewalls as well.”
Keith Iremonger, critical national infrastructure protection
consultant at the National Infrastructure Security Co-ordination
Centre will lead a debate on whether the business advantages of
VoIP outweigh the security concerns.
Speaker at the debate, Andrew Yeomans, vice-president global IT
security director at investment bank Dresdner Kleinwort
Wasserstein, said “DrKW sees potential advantages for VoIP, but
secure deployment is still problematic as the underlying protocols
are not inherently secure. So we must not only look at telephony
vulnerabilities, but also flaws in the protocols, platforms,
services and application code. The Jericho Forum is releasing a
position paper on VoIP at Infosecurity Europe.”
Fellow speaker John Meakin, group head of information security
at Standard Chartered Bank, said “VoIP represents a challenge and
an opportunity. The opportunity is clear – huge cost savings and a
flexible voice communications that parallel the internet data
revolution. However, not enough clear and honest coverage has been
given to the security issues surrounding VoIP. Hopefully this
debate will contribute to filling that gap.”
The panel on Security Compliance from Conglomerate to SME,
chaired by Jeremy Beale, head of e-business security at the
Confederation of British Industry, will show how to implement
compliance as an asset for an organisation.
Panellist Simon Briskman, partner at City law firm Field Fisher
Waterhouse, said, “Compliance has become a universal issue,
mandating standards in data integrity and system security. Yet the
burden of compliance has driven companies away from the US markets
and hampered SMEs. When does common sense become red tape? How far
should regulation dictate security standards?”
You can also find out the five essential actions you should
implement to secure the future of your business.
Commenting on the issue of patch management, Andy Kellet, senior
research analyst at analyst firm Butler Group, said, “The key
issues of efficiency and service delivery continue to plague the
patch management sector, with suppliers racing to deliver patches.
Whether we see these issues being replicated remains to be seen,
but serious problems would be caused if organisations started to
use the ‘grey’ industry out there for unofficial patches.”
“There is no such thing as an unhackable network,” said Robert
Schifreen, author of Defeating The Hacker and the chairman of the
hacking discussion panel. “But by understanding what makes hackers
tick, you can increase the security of your systems by
second-guessing them”.
Panellists at this discussion include penetration tester Ivan
Ristic and Bob Ayers, associate fellow of the Chatham House
Information Security Programme. As well as airing their views and
offering advice on how to keep your network safe and secure, the
panel will be taking questions from the audience.
Seven product specialists will put their products on the line in
front in the “Lion’s Den”, and only one company will be left
standing after a grilling from five senior buyers and authorities
in the industry.
In addition to the keynote programme, there are also more than
60 free seminar sessions split into business and technical streams
which explore the key issues facing organisations and the
technologies available to address them.
Topics in the technical seminar stream include: Honeynets - How
They Have Evolved,Anatomy of a Database Attack, What Hackers Know
That You Don’t, Preventing the Top Five Insider Attacks, and
Managing the Exposure Gap.
The business strategy seminar stream will focus on the
challenges and issues facing management, CEOs and other board-level
directors. Topics include: Prevention is Better Than Cure, Turning
Your IT Department into a Profit Centre, and Consumer ID Protection
– Who Foots the Bill?
Read article: A mark of accreditation
Read article: The inside track on hackers
Read article: Don't lose your best asset
Read article: Trying too much, too young
Read article: Changing users' behaviour
Read article: Fightback against phishing
Read article: Cautionary security tales