Building holistic security and privacy

2nd e-Crime and Cybersecurity Congress Scotland
Edinburgh, 6 November, 2019


Protection versus privacy: getting data right
As GDPR fines start to bite, does privacy trump protection? And is the CISO in the loop?


Is security more or less important than early fraud detection? More or less important than making the consumer recovery process from fraud and data breaches easier? More or less important than keeping data safe from misuse by authorised parties?

Cybersecurity professionals, and the senior managers who decide security budgets, have wrestled with these questions over the past 20 years.

If the current state of cybersecurity is evidence, the answer is that security concerns have indeed been largely subservient to processes that ensure public, consumer-oriented losses are rectified. If the public does not lose money, everyone seems to accept current levels of data loss and cyber-insecurity.

The latest, largest GDPR fines change this calculus.

The regulators at least have determined that the authorised misuse of data is worthy of a fine in the tens of millions of euros, and that the inadvertent loss of data can cost those who lost it seven figure sums.

These fines, finally, give the business world what it needed: a way to calculate the materiality of data protection and data privacy, and to suggest the levels of budgeting appropriate to the newly measurable risk.

But where should any new money be spent? GDPR is notionally focused on data privacy, and security professionals have long distinguished between data protection (securing data against unauthorised access) and data privacy (managing authorised access - who has it and who defines it).

This has led to the assertion that data protection is essentially a technical issue, data privacy a legal one.

The GDPR fines render this distinction philosophical rather than practical: data privacy is compromised both by technical failures in data protection and by failures in data management ethics or processes. Regulators are therefore penalising both. 

The common denominators are data management in the broadest sense, and the consumer. So who is responsible for what?

 

GDPR's super-fines change the cybersecurity calculus. This year's e-Crime and Cybersecurity Congress Scotland will convene to discuss the latest problems and solutions.

  • Getting the basics right

    The fines make it official: the core technical issues cybersecurity professionals have known about for years must now be fixed.

    • What are the critical problems and what should be prioritised?
    • Most data breaches are the result of known vulnerabilities - how can you take the pain out of patching?
    • How do you implement good security hygiene?
  • Securing digital transformation

    So far the perceived benefits of insecure applications seem to outweigh the risks. But with digital transformation, the effects of insecurity become more profound and potentially dangerous.

    • DevOps + infosec - how can they work together?
    • How can you ensure the security and resilience of applications and data in the Cloud?
    • Who is accountable for the Cloud?
    • What are the security implications of digital transformation, AI and the Internet of Things?
  • A different approach to the issue of us

    A system designed to pick up unusual employee activity patterns identifies a potential insider threat. Further investigation reveals a threat of a different kind - the employee is considering suicide.

    • Is the best way to solve core cyber problems to pay more attention to the things we do when we are simply getting on with the job?
    • What are the synergies between cybersecurity, user analytics, employee wellbeing and customer experience?
    • For most people, data protection/privacy will not be front of mind 24/7. Slipups will happen. How do you mitigate the risk this poses?
  • Breaking down the barriers

    Cross-function communication is key to robust security, but even in areas where the connection is obvious, it's remarkable how siloed cybersecurity can be from the rest of the business.

    • How can you make sure security is built into all business processes?
    • The value of fraud flagging in detecting data loss and data privacy issues, and the value of data protection for fraud prevention
    • What does a joined-up operation (such as between fraud and security teams) look like?
  • Managing the privileged few

    • Data privacy and security both rely on proper management of user privileges and privileged accounts
    • How do the different requirements of privacy, security and the business interact?
    • Managing privacy is more complex than putting tech in place against hackers: what are the solutions and strategies that can help?
  • Slow train coming: the wait for intelligent cybersecurity

    • Automation is linear and rules-based, and automated cybersecurity solutions work that way: using signatures and/or historical data to identify issues
    • Current machine learning solutions are not much more advanced than this methodology, and statistical analysis still generates too many alerts for most human teams
    • Are we any closer to the availability of truly 'intelligent' solutions capable of living up to their promise?

Who attends

Job titles

Chief Information Security Officer
Head Technology, Infrastructure Security and Continuity Risk
Information Security Officer
Detective Constable
VP Security
Threat Assessment Manager
Head of IT Infrastructure
Head Of Security Operations
Information Security Manager
IT Operations Lead
Information Security Governance Manager
VP Cyber Threat Intelligence EMEA
Head of Information Security
Group Information Security Manager
Head of Public Sector Cyber Resilience
Senior Information Security Architect
Information Security Analyst
Senior IT Security
PCI DSS Support Lead
Executive Director Head of Fusion
Advanced Engineer
IT Security Manager/Deputy Head License & Politics
Cyber Threat Intelligence Analyst
Cyber Security Cluster Coordinator
Head of Information Security
Information Security Engineer
Head of I.T. & Information Security
Information Security Analyst
Security Architect
Information Security Manager
IS Incident Response and Vulnerability Manager
Head of Technology and Cybersecurity Risk
Solutions Delivery Manager - Information Security
Digital Wallet Fraud Manager
Head of Cyber Analytics Technology
Digital Security Manager
Information Security Officer
Information Security Manager
Detective Chief Inspector, Specialist Crime Division
IT Manager
Senior IT Security Engineer
Head of Information Governance & Security
Cyber Security Manager
Regional Information Security Risk Manager
IT Security Manager
Information Security Risk Manager - Technology Risk Oversight
Finance & Operations
Director, Information Security (Operations)
Information Security and Risk Manager
Head Of IT
Data Protection Consultant
Data Protection Solicitor
PCI DSS Specialist
Cybersecurity Manager
Information Security & Resilience Manager
Change & IT Director
CISO
Head of Audit - Technology
COO and Managing CISO
SOC Manager
IS Risk Manager
IT Security Analyst
Risk Engineer
Security and Authentication - Digital Journey Manager
Chief Security Officer
Information Security Manager
Global Head of Regulatory Compliance Monitoring & Testing, Governance & Standards
Operations Support Executive
Head of Cyber Security and Resilience
Team Leader, Operational Support - Fraud
Head of Cyber Security & Innovation
SAM Consultant
Global Senior Risk Officer - Infrastructure
Security Administrator
Information Security Consultant
DFIR Analyst
Cyber Security Operations Center Manager
Information Security Leader
Project Manager
Head of Identity and Access Management
Cyber Security Integrator
Senior Information Security Consultant
Technical Specialist
Technology & Information Risk
Senior Information Security Analyst
Security Analyst
Digital Forensic Analyst

Companies

Aberdeen Standard Investments
HSBC
Arnold Clark Automobiles Ltd.
Black Rock
NHS Greater Glasgow and Clyde
Lloyds Banking Group
Aegon Group
Royal Bank of Scotland
Standard Life Aberdeen
ScotlandIS
Brewin Dolphin
Chubb
Brodies LLP
The Scottish Government
Thorntons Law LLP
Morgan Stanley
Royal London Group
Charles River Laboratories
Alliance Trust
Tesco
The University of Edinburgh
FNZ (UK) Ltd.
CYBG PLC
Nucleus Financial
Forest Enterprise Scotland
Citigroup
Tesco Bank
NHS 24
Police Scotland
Free Agent
Aggreko
Sainsbury's Bank
FanDuel
Modern Times Group
Crown Office & Procurator Fiscal Service
Scottish Business Resilience Centre
Davidson Chalmers
TSB Bank
Chrysaor
Phoenix Group
CMS
Prudential
Virgin Money
Ward Hadaway
North East Scotland College
UK Ministry of Defence
Vodafone
Scottish Power
Edinburgh Airport
William Grant & Sons Distillers Ltd
First State Investments
The Scottish Salmon Company
Clydesdale Bank
William Grant & Sons
BTO Solicitors LLP
UCSS
National Records of Scotland
Aberforth Partners
People's Postcode Lottery

Industries

Banking
Automobiles/Parts
Healthcare Services
Banking
Software
Insurance
Banking
Central Government
Banking
Banking
Banking
Banking
Central Government
Pharmaceuticals
Banking
Retail
Banking
Banking
Banking
Banking
Consultancy
Legal
Banking
Regional Government
Banking
Banking
Healthcare Services
Banking
Banking
National Law Enforcement
Software
Retail
Banking
Banking
Insurance
Casinos/Gaming
Banking
Banking
Retail
Media
Banking
Retail
Regional Law Enforcement
Legal
Banking
Banking
Banking
Banking
Banking
Retail
Legal
Banking
Insurance
Banking
Banking
Central Government
Insurance
Central Government
Banking
Insurance
Food/Beverage/Tobacco
Banking
Banking
Banking
Banking
Food/Beverage/Tobacco
Banking
Banking
Banking
Food/Beverage/Tobacco
Banking
Retail
Banking
Central Government
Aerospace/Defence
Retail
Insurance
Education
Banking
Banking
Banking
National Law Enforcement
Banking
Banking
Banking
Legal
Banking
Healthcare Services
Regional Government
Casinos/Gaming


Venue

Edinburgh Grosvenor Hotel

GROSV

Location:
Edinburgh Grosvenor Hotel
Grosvenor Street, Haymarket, Edinburgh, EH12 5EF, United Kingdom

Directions:
Please click here