Customers, taxpayers and citizens expect governments,
companies and organisations to keep their information safe, when
that trust breaks down it can have a serious impact.
We have yet to see how the laws relating to data security will
be amended in light of the
lost disc debacle at
HM Revenue and
Customs, however it is expected that there will be significant
strengthening to the
Data Protection Act and
Companies Act, resulting in a legal requirement for public
disclosure of information losses and also criminal prosecutions for
company directors, senior civil servants and politicians
responsible.
In this new environment, where criminal prosecution for data
breaches is imminent, now is the time to ensure that your
organisation has implemented best practice, services and technology
to secure sensitive data.
Infosecurity Europe is
the event where those responsible for securing their organisations'
information can find all the latest technology, services and
advice, with more than 300 of the top security companies from
across the globe taking part.
The cutting-edge education programme at Infosecurity Europe is
the highlight of the industry's international calendar, reflecting
the issues that visitors want to hear about. Over three days
delegates will have the chance to learn from 123 experts in the
free education programme including
Adam Laurie, Alan Paller,
Bruce Schneier, Fred Piper,
and Howard
Schmidt. Two key pieces of industry research will also be
released at the show this year with the launch of the
2008 Information Security Breaches Survey on behalf
of the UK Government and the(ISC)² Global
Information Security Workforce Study 2008.
New this year are the Interactive Theatre sessions, where
visitors can pit their wits against the people driving information
security. Electronic voting facilities will bring you into the
discussion and experience the pressures of security breaches as it
hits an organisation. Scenarios vary from courtroom examinations of
culpability and process in a cyberattack, to quizzes, malware
tracking and data security examinations, 'ask the expert' clinics
and the legendary Lions' Den.
Fortify Software will
present its new documentary,
"The New Face of
Cybercrime". Filmed by Oscar-nominated filmmaker Frederic
Golding, it highlights the impact cybercrime has on consumers and
businesses, and is tipped to win awards at independent film
festivals this year. A screening of the film will be followed by a
panel debate led by Howard Schmidt, Fortify director and former
cyber security advisor to the White House. The Cyber Attack
Special, sponsored by
Symantec, will
simulate a situation which could ultimately destroy a company.
Microsoft UK's chief security advisor Ed Gibson will chair a
team of experts who will review the latest threats and mitigation
strategies. The audience in this session will interact
electronically with the panel to share their experiences
anonymously of where their real threats are coming from and provide
a unique forum to benchmark security strategy.
Visitors will also be able to Ask the Experts in a session
dedicated to PCI compliance and enterprise application security and
securing the application aware network, sponsored by
Akamai Technologies.
Google is also giving an interactive
keynote address, "Maximising speed, minimising complexity and
dealing with chaos" which will discuss and determine the drivers
behind business need and change. The session on "Who wants to be a
SQLionaire?" is chaired by Raj Samani, vice-president of
communications at ISSA
UK.
The 2008 keynote programme addresses the security issues and
pressures that organisations face in an increasingly mobile and
global working environment. It features leading experts from across
Europe and the world giving expert analysis, end-user experience,
strategic advice and predictions to ensure that organisations have
the information to protect their operations and information.
The Infosecurity Europe programme also sees the launch of the
Hall of Fame - celebrating the people that the industry has voted
as being the leading contributors to the advancement of information
Security. The winners of the Hall of Fame 2008 are all speaking in
the keynote programme:
Adam Laurie, director, The Bunker on "RFIDIOTS - practical RFID
hacking without soldering irons". Laurie cautions, "From the moment
we leave our houses to the moment we arrive at our desks, we are
interacting with a surprising number of RFID tags.The one hidden in
the head of my car key tells the engine management system my car
isn't being stolen. Soon I will be able to enter and leave the
country by placing my passport in an RFID reader and having my
identity checked automatically against the biometrics stored
therein. This is all very nice, and makes my life simple and
efficient, but is it safe? Is it secure? What could possibly go
wrong...?"
Fred
Piper, director of information security group, Royal Holloway,
on "Let's look back". Piper says, "The electronic handling of
information is one of the defining technologies of our age.
Enormous volumes of information are routinely stored and
transmitted worldwide - indeed, most aspects of our daily lives
would come to a halt should the information infrastructure
fail."
Alan Paller, director of research, SANS Institute on "The three
levers you can use to transform information security". Says Paller,
"In my session, I'll focus on the pioneers who discovered new and
remarkable ways to make security more convenient, more effective,
and less expensive.
Bruce
Schneier, founder and CTO, BT Counterpane on "Reconceptualising
security". "Security is both a feeling and a reality. Several
different fields - behavioral economics, the psychology of decision
making, evolutionary biology -- shed light on how we perceive
security, risk, and cost. It's only when the feeling and reality of
security converge that we have real security," says Schneier
Howard
Schmidt, (ISC)2 security strategist and former White House
cyber security advisor on "The state of risk, information security,
cyber crime and international policy". A recent poll by
Infosecurity Europe has found that 75% of organisations think that
their applications have security holes in them that can be
exploited by criminals. According to Schmidt, "this figure, while
dramatic, is unfortunately not that surprising."
Chris Potter from
PricewaterhouseCoopers and a panel of
experts will unveil the findings of the Department for Business, Enterprise and Regulatory
Reform's 2008 Information Security Breaches Survey in a keynote
address.
The last year has seen the world's largest ever data losses,
huge customer and personal information leaks, and a whole swathe of
new types of malicious and accidental breaches.
Information commissioner Richard
Thomas will chair the session on "Who got caught out last year,
and why". The panel will be joined by Lord Erroll and Andrew Beard,
Partner, PricewaterhouseCoopers who will help predict the
vulnerabilities and breaches for the future.
SANS Institute director Mason
Brown and director of research Alan Paller will co-chair the
keynote on Application security and secure coding with application
security pioneers Rhonda MacLean, global chief information security
officer at Barclays PLC and Wolfgang Koeppl, leader secure coding
initiative, Siemens CERT.
Giles Hogben, network security policy expert at the European
Network and Information Security Agency will lead the keynote on
Locking down social networking vulnerabilities. Other panellists
include Max Kelly, senior director of security,
Facebook, Brett Lemoine, director of
operations infrastructure, Linkedin,
David Lacey, from the BCS security forum strategic panel and Martyn
Croft, head of corporate systems for
the
Salvation Army.
John Colley, managing director of EMEA, (ISC)² will reveal the
findings of the 2008 (ISC)²
Global Information
Security Workforce Study, based on polls from more than 7,000
information security professionals worldwide, to look at
professional skills and profile, profession growth, accountability,
salary trends, budgets, top technologies and activities.
Organisations often face the question "Which is more Important -
compliance, security or operability?" There are two simple answers
to this question - all of them, or none of them. The real answer is
that sophisticated organisations look first at their risk profile
and then seek to identify and mitigate vulnerabilities, leverage
their appetite for risk, and ensure a harmonised compromise between
operational agility, regulatory pressures and information security.
This keynote panel led by Jon Collins, service director of
Freeform Dynamics,
will explore how the leading organisations in the world consolidate
this equation. Other panellists include Adrian Seccombe, CISO and
senior enterprise architect,
Lilly UK Geoff Harris,
president, ISSA-UK and Abdellah Cherkaoui, CISO,
Sodexho.
The panel on "Is security keeping pace with mobilisation and
convergence", will look at how the nature of business has changed,
with an increasing shift towards a global business, with workforces
on the move requiring Martini access to services and ever more
powerful and aggregated business tools enabling communication. The
panellists include Paul Simmonds, global information security
director, ICI; Dr Nigel
Brown, head of resilient communications,
The Cabinet Office;
Jesper Frederiksen, Head of EMEA Enterprise, Google; and Stuart
Cummings, chief information security officer,
SABMiller.
This session will explore the considerations, paradoxes,
opportunities and challenges that this change is producing, and
look at ways in which your business can mitigate and exploit this
brave new world.
Says Simmonds: "My initial input to this debate is that security
is playing catch-up with a mobile and convergence agenda that is
being driven by consumerisation and a feature-driven marketing
budget. Security (and to some extent standards) end up being a poor
relation in this race, which makes personal adoption a risky
proposition (though Joe Public is unlikely to be aware of the
issues) and corporate adoption unlikely."
The keynote on "2020 vision: security in the future" will
examine where security is today, emerging trends, and the threats
and reciprocal mitigation technologies that can be expected in the
not-too-distant future. Speakers include Chris Potter, partner,
PricewaterhouseCoopers, Shane Balfe, Royal Holloway's Howard
Schmidt; and Nigel Stanley, analyst for Bloor Research.
In Universally Challenged, based on the popular TV show, two
teams answer questions on information security topics. With teams
made up from well-known industry experts from the 'consultants' and
'association representatives' it could confirm or refute what you
have always suspected - who knows more about security? The
panellists are: chair: Gerry O'Neill John Walker, ISSA UK John
Colley, managing director EMEA, (ISC)² Paul Williams, chair, ISACA
strategic advisory group Peter Wood, chief of operations,
First Base Technologies
Stuart Okin, UK head of security, Accenture, and Raj Samani, information security
consultant, CapGemini.
Paul Williams, chair of the ISACA strategic advisory group and
IT governance adviser to
Protiviti,
believes that this year's Infosecurity is particularly relevant and
timely. Given the high profile security failures that have been
highlighted in recent months, he hopes that this year's show will
attract not just security professionals, but also business leaders
who now understand better where the buck stops for security
failures.
In his view "regardless of the sophistication of the technical
security infrastructure, security can never be effective without
proper business level understanding of the risks and appropriate
governance of the solutions. This requires commitment and ownership
at the highest levels in the company. The buck stops with the CEO
and the board of directors."
Once again the keynote programme concludes with the Hackers
Panel moderated by Jay Bavisi, co-founder and president of
EC-Council which
will entail a lively discussion from a broad range of 'experts' in
hacking practice and mitigation for legal reasons the panellists
can not be revealed.
Infosecurity Europe takes place at the Grand Hall, Olympia,
London, UK from 22 to 24 April. For free entry and further
information about Infosecurity Europe 2008, visit the website at
www.infosec.co.uk. Pre-register before 18 April to avoid the onsite
booking fee of £20.
>> Computer Weekly Infosecurity 2008 show guide and
preview