2012 Conference programme

This session will bring to the forefront some of the work undertaken by the Police Central e-crime Unit and what this is being done to meet the challenges of detecting e-crime. A designated policy approach and new initiatives are used to investigate cyber-crime and to dig deep beneath fraudulent activity, and particular emphasis is on how the team work with industry and in collaboration with other groups to monitor e-traffic and to combat threats to internet security.

Ever since the internet revolution enterprises have been adding more and point solutions to mitigate each new threat type as it emerged, this has worked well to date, giving organisation defence in depth but the paradigm shifts relating to cloud, mobile computing and consumerism requires new thinking.

Having safety and security at the heart of it's operation, British Airways has been consolidating its 5 year IT security plans and created a vision to ensure it is in the best possible position to handle the challenges ahead.

• So you think it is never going to happen to your organisation!
• Finding out what major threats are likely to emerge – is information security that important to your business for it to continue to function?
• Ensuring that there is a policy and programme management plan in place
• Developing and implementing a business continuity response – case example of how Transport for London are prepared
• Exercising, maintaining and reviewing – a continuous process

In this session, you will hear about avoiding data leakage and the tools needed to set systems in place. It will study best practice organisational set-up and some case study material. There will an opportunity to look at data leakage prevention tactics and some effective procedures and recommendations.

Mobile devices and the cloud allow for greater flexibility in the workforce but present different challenges in ensuring compliance. The Data Protection Act requires data controllers to take appropriate measures to protect personal data but how can they achieve this whilst still maintaining a mobile and flexible workforce? Can the controls applied within the corporate network be extended across the internet to mobile devices and cloud services?

This practical session will chart an organisation’s journey through the numerous ICT security challenges facing them as they support the new methods of working necessitated by the organisation’s strategic business direction, technological advances & the demands of both staff & customers, including:

• Managing unsecured and personally owned devices.
• Moving from a traditional infrastructure to virtualisation & on to the cloud, whilst still maintaining the required level of security.
• Developing cost effective and secure home working and disaster recovery solutions.
• Enabling the safe use of social media including Facebook and Twitter.

• Remote working is the way forward but how is this possible in areas of the world where there is little or no infrastructure?
• Coping with the lack of operational solutions and trying to make suitable adaptions
• Supporting networks to evaluate, adapt and implement strategies to ensure that security procedures across the organisation and across the world are watertight when there is a lack of infrastructure in place using – using Oxfam as a case example of an organisation which is worldwide but has the same major challenges of espionage and hacking

• Tackling new technology and also new user generation
• The rise of the internet generation, including Facebook and Twitter: how security issues are being tackled in this challenging area
• Mobile devices including iPads and smartphones: security being one of the major challenges of the new mobile world and ways around IT department controls
• Highlighting the risks which are sometimes not that obvious: what are others in the industry doing to mitigate very real threats?

Knowing the questions you need to ask to minimize your risk

• Understanding the current solutions that can be delivered
• Who needs to be involved internally to ensure you make the most of your chosen solution
• Training your users to make them aware of the unique risks
• Making the print solutions work for you, making it part of your threat defence toolkit not a risk

• Strategic Alignment - linking delivery to strategic intent
• Integrating security& resilience
• Control Performance Management - KRI's, KPI's
  
• Quantitative Risk Analysis using Monte Carlo simulations
  
• Use of Aggregated Dashboards to communicate to senior stakeholders