Infosecurity Europe 2008 - it’s all about trust

Customers, taxpayers and citizens expect governments, companies and organisations to keep their information safe, when that trust breaks down it can have a serious impact

Customers, taxpayers and citizens expect governments, companies and organisations to keep their information safe, when that trust breaks down it can have a serious impact.

We have yet to see how the laws relating to data security will be amended in light of the lost disc debacle at HM Revenue and Customs, however it is expected that there will be significant strengthening to the Data Protection Act and Companies Act, resulting in a legal requirement for public disclosure of information losses and also criminal prosecutions for company directors, senior civil servants and politicians responsible.

In this new environment, where criminal prosecution for data breaches is imminent, now is the time to ensure that your organisation has implemented best practice, services and technology to secure sensitive data.

Infosecurity Europe is the event where those responsible for securing their organisations' information can find all the latest technology, services and advice, with more than 300 of the top security companies from across the globe taking part.

The cutting-edge education programme at Infosecurity Europe is the highlight of the industry's international calendar, reflecting the issues that visitors want to hear about. Over three days delegates will have the chance to learn from 123 experts in the free education programme including Adam Laurie, Alan Paller, Bruce Schneier, Fred Piper, and Howard Schmidt. Two key pieces of industry research will also be released at the show this year with the launch of the 2008 Information Security Breaches Survey on behalf of the UK Government and the (ISC)² Global Information Security Workforce Study 2008.

New this year are the Interactive Theatre sessions, where visitors can pit their wits against the people driving information security. Electronic voting facilities will bring you into the discussion and experience the pressures of security breaches as it hits an organisation. Scenarios vary from courtroom examinations of culpability and process in a cyberattack, to quizzes, malware tracking and data security examinations, 'ask the expert' clinics and the legendary Lions' Den.

Fortify Software will present its new documentary, "The New Face of Cybercrime". Filmed by Oscar-nominated filmmaker Frederic Golding, it highlights the impact cybercrime has on consumers and businesses, and is tipped to win awards at independent film festivals this year. A screening of the film will be followed by a panel debate led by Howard Schmidt, Fortify director and former cyber security advisor to the White House. The Cyber Attack Special, sponsored by Symantec, will simulate a situation which could ultimately destroy a company.

Microsoft UK's chief security advisor Ed Gibson will chair a team of experts who will review the latest threats and mitigation strategies. The audience in this session will interact electronically with the panel to share their experiences anonymously of where their real threats are coming from and provide a unique forum to benchmark security strategy.

Visitors will also be able to Ask the Experts in a session dedicated to PCI compliance and enterprise application security and securing the application aware network, sponsored by Akamai Technologies. Google is also giving an interactive keynote address, "Maximising speed, minimising complexity and dealing with chaos" which will discuss and determine the drivers behind business need and change. The session on "Who wants to be a SQLionaire?" is chaired by Raj Samani, vice-president of communications at ISSA UK.

The 2008 keynote programme addresses the security issues and pressures that organisations face in an increasingly mobile and global working environment. It features leading experts from across Europe and the world giving expert analysis, end-user experience, strategic advice and predictions to ensure that organisations have the information to protect their operations and information.

The Infosecurity Europe programme also sees the launch of the Hall of Fame - celebrating the people that the industry has voted as being the leading contributors to the advancement of information Security. The winners of the Hall of Fame 2008 are all speaking in the keynote programme:

Adam Laurie, director, The Bunker on "RFIDIOTS - practical RFID hacking without soldering irons". Laurie cautions, "From the moment we leave our houses to the moment we arrive at our desks, we are interacting with a surprising number of RFID tags.The one hidden in the head of my car key tells the engine management system my car isn't being stolen. Soon I will be able to enter and leave the country by placing my passport in an RFID reader and having my identity checked automatically against the biometrics stored therein. This is all very nice, and makes my life simple and efficient, but is it safe? Is it secure? What could possibly go wrong...?"

Fred Piper, director of information security group, Royal Holloway, on "Let's look back". Piper says, "The electronic handling of information is one of the defining technologies of our age. Enormous volumes of information are routinely stored and transmitted worldwide - indeed, most aspects of our daily lives would come to a halt should the information infrastructure fail."

Alan Paller, director of research, SANS Institute on "The three levers you can use to transform information security". Says Paller, "In my session, I'll focus on the pioneers who discovered new and remarkable ways to make security more convenient, more effective, and less expensive.

Bruce Schneier, founder and CTO, BT Counterpane on "Reconceptualising security". "Security is both a feeling and a reality. Several different fields - behavioral economics, the psychology of decision making, evolutionary biology -- shed light on how we perceive security, risk, and cost. It's only when the feeling and reality of security converge that we have real security," says Schneier

Howard Schmidt, (ISC)2 security strategist and former White House cyber security advisor on "The state of risk, information security, cyber crime and international policy". A recent poll by Infosecurity Europe has found that 75% of organisations think that their applications have security holes in them that can be exploited by criminals. According to Schmidt, "this figure, while dramatic, is unfortunately not that surprising."

Chris Potter from PricewaterhouseCoopers and a panel of experts will unveil the findings of the Department for Business, Enterprise and Regulatory Reform's 2008 Information Security Breaches Survey in a keynote address.

The last year has seen the world's largest ever data losses, huge customer and personal information leaks, and a whole swathe of new types of malicious and accidental breaches. Information commissioner Richard Thomas will chair the session on "Who got caught out last year, and why". The panel will be joined by Lord Erroll and Andrew Beard, Partner, PricewaterhouseCoopers who will help predict the vulnerabilities and breaches for the future.

SANS Institute director Mason Brown and director of research Alan Paller will co-chair the keynote on Application security and secure coding with application security pioneers Rhonda MacLean, global chief information security officer at Barclays PLC and Wolfgang Koeppl, leader secure coding initiative, Siemens CERT.

Giles Hogben, network security policy expert at the European Network and Information Security Agency will lead the keynote on Locking down social networking vulnerabilities. Other panellists include Max Kelly, senior director of security, Facebook, Brett Lemoine, director of operations infrastructure, Linkedin, David Lacey, from the BCS security forum strategic panel and Martyn Croft, head of corporate systems for the Salvation Army.

John Colley, managing director of EMEA, (ISC)² will reveal the findings of the 2008 (ISC)² Global Information Security Workforce Study, based on polls from more than 7,000 information security professionals worldwide, to look at professional skills and profile, profession growth, accountability, salary trends, budgets, top technologies and activities.

Organisations often face the question "Which is more Important - compliance, security or operability?" There are two simple answers to this question - all of them, or none of them. The real answer is that sophisticated organisations look first at their risk profile and then seek to identify and mitigate vulnerabilities, leverage their appetite for risk, and ensure a harmonised compromise between operational agility, regulatory pressures and information security. This keynote panel led by Jon Collins, service director of Freeform Dynamics, will explore how the leading organisations in the world consolidate this equation. Other panellists include Adrian Seccombe, CISO and senior enterprise architect, Lilly UK Geoff Harris, president, ISSA-UK and Abdellah Cherkaoui, CISO, Sodexho.

The panel on "Is security keeping pace with mobilisation and convergence", will look at how the nature of business has changed, with an increasing shift towards a global business, with workforces on the move requiring Martini access to services and ever more powerful and aggregated business tools enabling communication. The panellists include Paul Simmonds, global information security director, ICI; Dr Nigel Brown, head of resilient communications, The Cabinet Office; Jesper Frederiksen, Head of EMEA Enterprise, Google; and Stuart Cummings, chief information security officer, SABMiller. This session will explore the considerations, paradoxes, opportunities and challenges that this change is producing, and look at ways in which your business can mitigate and exploit this brave new world.

Says Simmonds: "My initial input to this debate is that security is playing catch-up with a mobile and convergence agenda that is being driven by consumerisation and a feature-driven marketing budget. Security (and to some extent standards) end up being a poor relation in this race, which makes personal adoption a risky proposition (though Joe Public is unlikely to be aware of the issues) and corporate adoption unlikely."

The keynote on "2020 vision: security in the future" will examine where security is today, emerging trends, and the threats and reciprocal mitigation technologies that can be expected in the not-too-distant future. Speakers include Chris Potter, partner, PricewaterhouseCoopers, Shane Balfe, Royal Holloway's Howard Schmidt; and Nigel Stanley, analyst for Bloor Research.

In Universally Challenged, based on the popular TV show, two teams answer questions on information security topics. With teams made up from well-known industry experts from the 'consultants' and 'association representatives' it could confirm or refute what you have always suspected - who knows more about security? The panellists are: chair: Gerry O'Neill John Walker, ISSA UK John Colley, managing director EMEA, (ISC)² Paul Williams, chair, ISACA strategic advisory group Peter Wood, chief of operations, First Base Technologies Stuart Okin, UK head of security, Accenture, and Raj Samani, information security consultant, CapGemini.

Paul Williams, chair of the ISACA strategic advisory group and IT governance adviser to Protiviti, believes that this year's Infosecurity is particularly relevant and timely. Given the high profile security failures that have been highlighted in recent months, he hopes that this year's show will attract not just security professionals, but also business leaders who now understand better where the buck stops for security failures.

In his view "regardless of the sophistication of the technical security infrastructure, security can never be effective without proper business level understanding of the risks and appropriate governance of the solutions. This requires commitment and ownership at the highest levels in the company. The buck stops with the CEO and the board of directors."

Once again the keynote programme concludes with the Hackers Panel moderated by Jay Bavisi, co-founder and president of EC-Council which will entail a lively discussion from a broad range of 'experts' in hacking practice and mitigation for legal reasons the panellists can not be revealed.

Infosecurity Europe takes place at the Grand Hall, Olympia, London, UK from 22 to 24 April. For free entry and further information about Infosecurity Europe 2008, visit the website at Pre-register before 18 April to avoid the onsite booking fee of £20.

• Computer Weekly Infosecurity 2008 show guide and preview •



Read more on Hackers and cybercrime prevention