13th Annual e-Crime & Cybersecurity Congress France

From security to compliance? The role of the CISO as cyber-regulation grows

30th May 2024 • Paris, France • The Westin Paris - Vendôme

 

The EU leads the world in smart cybersecurity regulation. But what does it mean for security professionals?

Building real protections in cyberspace

 

Much of the hype around cybersecurity today focuses on AI and the implications for both attackers and defenders. And, yes, AI lowers the barriers to entry for attackers and saves them money and time in crafting attacks and then ‘processing’ the defenders’ responses. 
Mostly though that is a volume problem: there will be more attacks, just as happened with the digital industrialisation of fraud. And yes – AI can create new attack types, such as deepfakes, which are more than just a volume problem.

But the biggest change in cybersecurity is actually the regulatory response that is emerging. In the US this has come via the SEC, which sees cybersecurity as a material issue for stakeholders and so seeks to drive standards via investor protection.

The EU has taken a more comprehensive and sensible approach which is essentially to acknowledge that cyberspace is a real entity in which citizens, businesses and the state operate, just as they do in the physical world, and so it needs the same protections as 
that physical world.

This means we need lawmakers, regulators and law enforcement to create the kind of frameworks we take for granted in the physical world.

DORA, NIS2, the Cybersecurity Act, the Cyber Resilience Act and, coming later, the EU AI Act, are world-leading attempts to put cybersecurity onto a modern footing commensurate with the threat it poses to economies, infrastructure and political stability.

This is a huge change for cybersecurity professionals

It means, for sure, that senior management will be forced to budget for compliance with these new regulations. But will that actually improve security? Will it suck resources into tick-box compliance functions? Will it focus more on resilience (what happens after a breach) than on security, because the assumption is that breach is inevitable? And since regulations are necessarily out of date as soon as they are published, will they skew security towards ensuring previous threat types are protected against rather than looking forward at preventing the unexpected?

All of this will require new approaches and new skillsets from CISOs. They need to understand regulations and how to mould their security efforts to them. They need to develop or work with compliance monitoring. 

They need to be able to work with the business to explain the costs and benefits of regulatory compliance. And they need to be able to adhere to fixed external standards, where before perhaps they felt able to operate autonomously.

The e-Crime & Security Congress France will look at the growing ecosystem of global regulation to see where CISOs should prioritize, where the biggest challenges lie and how to comply in an affordable and secure manner.

And of course we will also tackle the subjects you have asked us to: ransomware, human-centric security and security culture, AI, third-party security and the all the rest.

 

The e-Crime & Cybersecurity Congress France will look at regulation, AI and the problem of affordability as threats and risks multiply. 
Join our real-life case studies and in-depth technical sessions from the security and privacy.

  • Can zero trust be done?

    • Zero Trust/ZTNA/SASE - they promise solutions to the key problems CISOs face today.
    • But how realistic are they? Do they take into account existing legacy technology, and the ways in which real companies actually do business day-to-day?
    • Can you explain how a real-world implementation works?
  • Keeping cybersecurity affordable: time for change?

    • Are single point solutions and on-prem security really failing the business? 
    • What about the alternatives? What kinds of company need what kinds of third-party help? And where does that leave the in-house security team? 
    • Do you have solutions that can help relieve the pressures on under-resourced CISOs?
  • Mapping resources and controls to material business risks

    • How can CISOs understand which threats represent real business risks?
    • It’s easy to say ‘talk to the business’ – but how does that conversation work?
    • If it does then CISOs can create a framework for prioritizing security, resilience, incident response and BCP spend. 
    • So, what does this look like in practice?
  • Developing public-private partnerships

    • Blurred lines between cyber-spies, cyber-criminals and cyber-armies have transformed the (in)security landscape, with nation-state exploits widely available. 
    • How can the various elements of government work better with private sector solution providers and end-users to build security that can cope with not-quite-nation-state?
       
  • Are AI / ML solutions the answer?

    • If the practical realities of business nix conventional zero trust ideas, then what else?
    • Some say that AI and behavioural analysis are better suited to a world where perfect data
      and visibility are unavailable. But are they right?
    • And don’t these solutions only pick up problems after they have occurred?
  • From Cloud security to Cloud incident response

    • Recent Cloud outtages have disrupted low-level infrastructure
    • They have also disabled cybersecurity solutions and sometimes shut down corporate access to critical network assets
    • As well as managing Cloud security, CISOs need good Cloud incident response. How are they going about it?

Who attends

Job Titles

Directeur de mission
RSSI
Ingénieur SSI
PCI Manager
Chargé de mission
RSSI
I.T. Security Architect
Legal Counsel
Ingénieur de Production
Directeur Général
CISO/RSSI
Chargé de mission SSI
Chargé de Mission
InformationSecurity Expert
Directeur informatique
RSSI
CISO
Responsable Sécurité
Responsable Support
RSSI
CISO
RSSI
RSSI
IT Security Architect
CISO - RSSI
Global Securite de Production
Cybersecurity Director
RSSI
IT Manager
Responsable écurité
Information Security Manager
RSSI
Expert Sécurité SI
RSSI
I.T. Security Officer
RSSI
Risk Manager
RSSI
Group Deputy CSO
RSSI
Cellule Anti Abus
Data Privacy & Security
Product manager
Information Security Officer
RSSI Groupe
Vice-Président
CISO
Manager, IT Advisory
RSSI
Industry Relations
RSSI / CISO
I.T. & Security Internal Auditor
Responsable de la gouvernance SSI
Responsable cellule e-fraude
CISO
Operations Manager
Risk Manager
Réseau SSI
RSSI
Group Information Security Officer
Chef de projet sécurité
Responsable du SOC
RSSI
Head Cyber and Tech
IT Security
RSSI
Head of software engineering
Group Information Security Officer
Head of Content Security
Investigateur
RSSI
Senior IT Security Consultant
Chef de Projets SOC
CISO
IT Manager
RSSI, Directeur IT
RSSI
RSSI
RSSI
Ingénieur
Head of Anti-Fraud
Head of Professional I & M
Expert Sécurité
Group IT Security Officer
Access Solution Service Manager
RSSI
Directeur Infogérance
Expert SSI
RSSI
RSSI
IT Project Manager
Responsable ADV & Logistique
Chef de projet Sécurité
Responsable Global Cyber Securite
SI Security Expert
Directeur de l'Innovation
RSSI-CIL
E-Payment Project Manager
RSSI
Directeur Sécurité
Directeur Sécurité du SI
Information Security & Risk
Expert Technique
Cellule e-Fraude
Business Security Officer
IT Auditor
Global CISO
RSSI-O
IT Security Officer
Group CISO
RSSI
Direction des Systèmes d'Information
IT Security Consultant
Chief Security Officer
RSSI
Architecte SI
Inspecteur, auditeur en SI
RSSI
RSSI/CISO & PMO
Directeur Risques et Securité
RSSI
M2M Partnership Manager
Project Manager
IT Security Consultant
Information Security Manager
CSO - Responsable Securité
RSSI
RSSI
CISO - RSSI
CISO
Cybercrime Director
Network & Security Engineer
Senior legal counsel
I.T. Senior Risk Advisor
Directeur
CISO
Directeur des Opérations
RSSI
Ingénieur sécurité réseau
Directeur programme SSI
RSSI
Chief Information Security Officer
Sécurité des Systèmes d'Information
IT Security Expert
Information Security Risk Manager
Security Manager
Police officer
Head of IT Infrastructure
Directeur cyber-défense
Lutte contre la Fraude
Group Security Officer
Product Manager
Sécurité Opérationnelle Internet
Trustee
RSSI
Network & Security Engineer
CSIRT
Equipe RSSI
RSSI
RSSI

Companies

SNCF
Camaïeu SA
CNES
Credit Mutuel
SNCF
Council of Europe
Air France-KLM
Crédit Agricole
CDC Arkhineo
SnapElite
Coface
UGAP
Préfecture de Police
BNP Paribas
FlightSafety
Neuflize OBC
Banque Privée 1818
GMX
Ministère de la Justice
BNP Paribas Wealth Management
AREVA
Prosodie
Euromaster
BNP Paribas
Viadeo
BNP Paribas
AXA
Armatis-LC
Euler Hermes
Groupe Beaumanoir
Sodexo
vivarte
Auchan
Groupama Asset Management
BNP Paribas
Éditions Gallimard
Université Paris Dauphine
Fondation de France
GDF SUEZ
Clarins Group
La Poste
GE Capital
LCL
Staples
BNP Paribas
EESTEL
Assistance Publique - Hôpitaux de Paris
Deloitte & Touche
Voyages-SNCF
La Poste
EQIOM
LCH Clearnet
Société Générale
Société Générale
Groupe Galeries Lafayette
La Française des Jeux
Vies De Paris
SNCF
Pari Mutuel Urbain
Air France-KLM
Arval
CNAMTS
Xerox
Swiss Re
STET
Veolia Eau
GMX
Mondial Assistance
Orange
GAPA Investigations Privées
AREVA
Total
CNAMTS
Groupe Pasteur Mutualité
NEVA GROUP
Assistance Publique - Hôpitaux de Paris
Université Paris Dauphine
La Banque Postale
Generali
Enterprise Holdings
Société Générale
Zurich Financial Services
Kering
ArcelorMittal
Sanofi-Aventis
Norauto
La Poste
Pari Mutuel Urbain
SnapElite
Ministère de l'Economie et des Finances
EDF Energy
SFR
Vente-privee.com
BNP Paribas
Société Générale
Monext
Promod
Parkeon
Institut National de l'audiovisuel
L'Oréal
Crédit Foncier
BNP Paribas
La Poste
Société Générale
Automatic Data Processing
Société Générale
Chanel
Boursorama
Delta Lloyd Group
Plastic Omnium
EuropCar
Aéroports de Paris
GDF SUEZ
Coface
Société Générale
Camaïeu SA
Banque de France
Mairie de Paris
Auchan
La Poste
Groupe Samse
SFR
La Poste
STET
Heineken
AXA
Banque de France
Partecis
Adisseo
Les Echos
Police Nationale
Publicis
Crédit Agricole
Chubb (ACE Group)
NEVA GROUP
Radio France
Orange
Humanis
Publicis
EDF Energy
Conseil Général de la Manche
DAHER
MMA
La Française des Jeux
Bombardier
Renault
Police Nationale
Société Générale
Faurecia
Société Générale
EDF Energy
Monext
HSBC
CLUSIF
Recylum
Kering
BNP Paribas
Boursorama
Sodexo
Monext

Industries

Transportation/Shipping
Retail
Central Government
Banking
Transportation/Shipping
Central Government
Transportation/Shipping
Banking
Security Product Vendor
Software
Insurance
Retail
National Law Enforcement
Banking
Aerospace/Defence
Banking
Banking
Software
Central Government
Banking
Construction
Banking
Retail
Banking
Media
Banking
Insurance
Telecommunications
Banking
Manufacturer
Travel/Leisure/Hospitality
Manufacturer
Retail
Banking
Banking
Media
Education
Charity
Oil/Gas
Pharmaceuticals
Transportation/Shipping
Industrial Engineering
Banking
Retail
Banking
Association
Healthcare Services
Accounting/Auditing
Travel/Leisure/Hospitality
Transportation/Shipping
Construction
Banking
Banking
Banking
Retail
Casinos/Gaming
Other Industry
Transportation/Shipping
Casinos/Gaming
Transportation/Shipping
Automobiles/Parts
Insurance
Electronic/Electrical Equipment
Insurance
Banking
Water/Sewage
Software
Insurance
Telecommunications
Consultancy
Construction
Oil/Gas
Insurance
Healthcare Services
Consultancy
Healthcare Services
Education
Banking
Insurance
Transportation/Shipping
Banking
Insurance
Retail
Industrial Engineering
Pharmaceuticals
Automobiles/Parts
Transportation/Shipping
Casinos/Gaming
Software
Central Government
Electricity
Retail
Retail
Banking
Banking
Banking
Retail
Electronic/Electrical Equipment
Media
Household/Personal Products
Banking
Banking
Transportation/Shipping
Banking
Software/Hardware
Banking
Retail
Banking
Insurance
Manufacturer
Automobiles/Parts
Transportation/Shipping
Oil/Gas
Insurance
Banking
Retail
Banking
Regional Government
Retail
Transportation/Shipping
Construction
Retail
Transportation/Shipping
Banking
Food/Beverage/Tobacco
Insurance
Banking
Banking
Food/Beverage/Tobacco
Media
Central Government
Media
Banking
Insurance
Consultancy
Media
Telecommunications
Banking
Media
Electricity
Regional Government
Aerospace/Defence
Banking
Casinos/Gaming
Manufacturer
Automobiles/Parts
Central Government
Banking
Automobiles/Parts
Banking
Electricity
Banking
Banking
Association
Other Industry
Retail
Banking
Banking
Travel/Leisure/Hospitality
Banking


Venue

The Westin Paris - Vendôme

westin_paris_terrace

Location:
3 Rue de Castiglione, 75001 Paris, France
Tel: +33 1-44771111

Directions:
Please click here