Keynotes: Theater 4
Keynotes: Theater 4 Tuesday 3rd May 3rd-4th May 2016 | Øksnehallen, Copenhagen KEYNOTES 10.00 Bruce Wynn, Independent Cyber Consultant, Security Consultant for City of London Police Cyber Risks - PDFs, Passwords and Passion Fruit – Problems, Precautions, Protection AND Prevention 10.45 In a unique style (involving extensive audience participation), and with a selection of live and vivid demonstrations of the risks that attacks from ‘the bad guys’ pose to our personal way of life, Bruce will show you what simple precautions we can all take to mitigate the dangers, and how those precautions can defeat a large number of the risks we all face! He does nothing sophisticated or difficult, but his aim in the session is to: • Open Your Eyes • Focus Your Mind • Stimulate Your Imagination • Scare you Half to Death • (Resuscitate You!) Jacqueline Johnson, Head of IT Security, Nordea 11.00 Ny persondatalov: Udfordringer, begrænsninger og muligheder 11.45 The General Data Protection Regulation blev vedtaget af EU-Kommissionen i december 2015 og vil påvirke alle virksomheder, der opererer i EU. Der er en udbredt mangel på viden i forhold til, hvilke begrænsninger det i praksis indebærer, når man benytter persondata til profilering af kunder. Overtrædelse af loven kan medføre bøder på op til 4 procent af en virksomheds årlige omsætning. Jacqeline Johnsons indlæg belyser lovens hovedpunkter, sætter fokus på nøgleudfordringerne og giver nogle praktiske tip om, hvor man begynder rejsen til compliance fra en teknisk, administrativ og procesmæssig tilgang. Hun vil også illustrere ’Safe harbour’-princippet, som er en konsekvens af lovgivningen. Theo Dimitrakos, Chief Security Research Professional, British Telecom 12.00 Securing the Cloud of Clouds: Trust and security challenges and solutions in multi-cloud open service ecosys12.45 tems The biggest challenge hindering cloud adoption today is consistently enforcing and managing security policies across many multi-tenant clouds from different providers. In this talk we review security, assurance and governance aspects underpinning a response to this challenge and present organisational and technological innovations that enable a multi-provider trusted Cloud ecosystem. We will also present one exemplar composite solution: a novel service and security management solution that empowers Cloud consumers to streamline the assembly of high assurance cloud services and to protect their systems, applications and data in the Cloud, whilst improving the control and visibility of their Cloud security operations. Rik Ferguson, Special Advisor to Europol EC3 and Project Leader with the ICSPA 13.00 People in glass networks shouldn’t throw stones 13.45 Emerging threats, sure…But what about the ones staring you in the face? Before you start spending precious budgets and exploring disruptive technologies to combat advanced attackers and new threats, you still have a lot of work to do. The basics are still not being addressed effectively enough. Out of date infrastructure, flawed or non-existent patch regimes and the machine that no one is allowed to touch are just some of the real-world issues that must be addressed as an unavoidable first step on your journey to effective security. 14.00 14.45 15.00 15.45 Jesus Luna, Director of Research, Cloud Security Alliance (Europe) Trusting The Cloud Under A Sky of Uncertainty Despite the apparent advantages of the cloud, many customers still perceive a lack of transparency and trust with respect to its usage. But, which are the enablers of a trusted cloud strategy? Do we need cloud certification schemes and SLAs to gain trust and ensure cloud security? During this talk we will overview the main pillars that are being advocated by the cloud security community in order to deploy end-to-end trustworthy cloud ecosystems for cloud computing namely transparency, accountability and security assurance mechanisms. Furthermore, we will briefly discuss future challenges associated with the automation of the cloud security life cycle. Henning Mortensen, Chefkonsulent, DI Digital Persondataforordningen – sådan overholder du reglerne I præsentationen gennemgås de nye regler for behandling af personoplysninger overordnet. Herefter gennemgås redskaber, som DI har udviklet, og som kan bidrage til, at virksomhederne kan komme i compliance med reglerne. Program: Theater 1 Tuesday 3rd May 3rd-4th May 2016 | Øksnehallen, Copenhagen 9.45 10.15 Jesper Mikkelsen, Cyber Defense Specialist, Trend Micro 10.30 GAME OVER!! 11.00 205 days from breach to detection?!!?? Why is that? And can we do something about it? The answer is… yes, come and see how Trend Micro can help identify unknown attacks, malicious behaviour and abnormal activity. Remidiate and prevent further spread of an infection. From breach detection to breach prevention. 11.15 11.45 Henrik Akerstrand, Account Executive Nordics, Infinigate 12.00 Understanding User Behavior Analytics: How Outsiders Become Insiders 12.30 Today’s attackers employ a variety of deception tactics allowing them to impersonate legitimate users and bypass existing IT security defenses. Web applications are often compromised in order to host malware or be turned into a phishing site. Users who visit these sites then become infected or have their credentials stolen, giving attackers access to your network. Once inside, attackers become insiders. They use stealthy techniques to stay undetected for months. In this session we will examine: • Common tactics used by attackers to target users and assets • How attackers impersonate legitimate users • Best practices for preventing, detecting and containing these threats 12.45 13.15 13.30 14.00 Henrik Limkilde, Concept Manager, Security, Axcess Hackere på ledelsesgangen Hvordan binder man identifikation, rettigheder, malware-beskyttelse og funktionalitet sammen i et datacenter uden at gå på kompromis med fleksibilitet og sikkerhed? It-sikkerhed er kommet på agendaen på ledelsesgangen, men fokuserer desværre kun på nord- og sydgående trafik over firewallen og glemmer derved den øst- og vestvendte trafik, som også findes i et moderne datacenter. Virtuelle maskiner kommunikerer i ubeskyttede og sammenhængende net, hvor hackere benytter bagdøren eller lukkes ind af medarbejderne. Axcess/Atea viser, hvordan SDN, malware-beskyttelse, ISE og funktionsadskillelse håndteres i et moderne datacenter, og hvordan malware kommer ind bag firewallen og bliver fanget, isoleret og sat i karantæne. Jakob Juel Olsson, Salgsdirektør, Netteam Netteam Security Customer Case Bogdan Botezatu, Senior E-Threat Analyst KEYNOTE 14.15 Cybercrime as a Service Drives Next-Gen Antimalware Products 14.45 First account of do-it-yourself malware creation tools dates back in the early 90s with Mister Spock’s Virus Generator Tool. But modern malware generation toolkits have turned from prank tools into money making machines that are responsible for the creation of more than 14 million pieces of malware a month. 15.00 15.30 15.45 16.15 Florian Vojtech, Sales Engineer Security Consultant - Barracuda Networks, SEC Datacom Goodbye Cyber Threats - Advanced threat protection and user awareness for physical, virtual and public cloud networks Barracuda’s NextGen Firewalls are purpose-built to optimize network traffic flows in hybrid environments – adding intelligence that improves your network while securing it. Unlike traditional port-based firewalls, our firewalls are application-aware, enabling you to regulate application usage and prioritize network traffic. We offer two series of firewalls (X and F series), each delivering advanced next-generation firewall performance and protection, yet for distinctly different environments. The X-Series is designed for small to mid-market organizations requiring rapid implementation, while the F-Series is ideal for large managed service providers and highly distributed enterprises. Program: Theater 2 Tuesday 3rd May 3rd-4th May 2016 | Øksnehallen, Copenhagen 9.30 10.00 10.15 10.45 11.00 11.30 11.45 12.15 12.30 13.00 13.15 13.45 Martin Lee, Technical Lead, Security Research, Talos Outreach EMEA, Cisco Dissecting Angler with Applied Analytics and Threat Intelligence We have great pleasure of welcoming Talos, Cisco’s security research and threat intelligence team on stage. Talos is the group within Cisco that investigates the threats and vulnerabilities that affect the Internet. One example is the Angler exploit kit which is a major tool for criminals to distribute malware, such as ransomware, to profit from cyber crime. In this presentation you will learn how the Talos team are able to analyse the data and intelligence available to block and disrupt the operation of this criminal enterprise. This session will offer you an insight to how Cisco prevents and combats threats by using intelligence and data sources available in order to secure Internet users. Kim Elgaard, Solution Specialist, Arrow ECS Hackers 5 phases to create a breach, and how to protect against it A walkthrough of the 5 phases of a breach. What are the mechanisms a hacker uses to gain access to a system, and how can Arrow ECS help you to protect yourself against them. Andrew Kemshall, Co-Founter & CTO, SecurEnvoy Embracing the Future of Authentication This presentation starts with a discussion on leveraging existing data stores for easy deployment and then gives an overview of the different options for utilizing a mobile phone as your token. It will also discuss new security techniques such as utilizing split seed records. Finally this presentation will show new ground breaking ways of authenticating users via push, NFC and Touch ID. Peter Johansson, Regional Manager Nordics, SEC Datacom How WatchGuard strives for Simplicity, Top UTM performance and Threat visibility and why it matters to you Learn how WatchGuard delivers a complete portfolio of Unified Threat Management (UTM) and Next-Generation Firewall (NGFW) appliances and services delivering the highest performance network security at every price point, while easy to manage with Visually-stunning data mining tools for identifying, isolating, and stopping network threats before they become a problem. David Half, Chief Strategy Officer, SMS Passcode 14.00 Cloud Services – Productivity Booster or Security Risk? 14.30 Most likely a bit of both! At no point in time have User Authentication and Cloud Application Control been more important than it is today. The use of “unauthorized” applications to process corporate data is exploding and more often than not organizations are blind to the implications of shadow IT in their infrastructure. CensorNet and SMS PASSCODE join forces to fulfill an ambitious security vision, offering a holistic approach to Cloud Security. Join this session to see: • How easy it is to control your cloud applications • How multi-factor authentication plays an important role in cloud adoption • How to cast light on your shadow IT 14.45 15.15 15.30 16.00 Program: Theater 3 Tuesday 3rd May 9.45 10.15 3rd-4th May 2016 | Øksnehallen, Copenhagen Lars Neupart, Direktør KEYNOTE EUs persondatabeskyttelse - hvor svært kan det være? Indrømmmet, det er en kompleks ny persondataforordning, som vi lige har fået teksten til. Den skal erstatte den nuværende danske persondatalov. Denne præsentation undersøger hvordan de mange nye krav til virksomheders behandling og beskyttelse af persondata kan gribes pragmatisk an, og om de processer, der snart skal fungere i virksomhederne, med fordel kan planlægges sammen med de allerede ret udbredte ISO 27001-processer som mange offentlige og private virksomheder allerede har indført som et led I deres arbejde med informationssikkerhed. 10.30 11.00 11.15 11.45 12.00 12.30 12.45 13.15 13.30 14.00 Jesper B. Hansen, Senior Informationssikkerhedskonsulent, Siscon 14.15 EU-forordningen – ”blot” en ny del af informationssikkerhed 14.45 Ingen grund til panik – endnu! EU-forordningen er blot endnu et ”krav” til det eksisterende informationssikkerhedsarbejde i din virksomhed (og lidt til). Kravene bør implementeres som en overbygning på det informationssikkerhedsfundament, der forventelig allerede findes i din virksomhed. Siscons oplæg giver viden om hvordan op-/udbygningen af dit eksisterende informationssikkerhedsarbejde, gør det enklere at efterleve og opfylde EU-forordningens krav, på en struktureret og overskuelig måde. Med dig efter indlægget får du, en pragmatisk tilgang til de opgaver EU-forordningen lægger op til. Du guides igennem en ”todo-liste”, således at du har viden om, hvilke opgaver du fremadrettet skal have på din agenda. 15.00 15.30 15.45 16.15 Keynotes: Theater 4 Wednesday 4th May 3rd-4th May 2016 | Øksnehallen, Copenhagen KEYNOTES 10.00 Thomas Grane, CIO / IT Direktør, Matas Hvordan beskytter man Danmarks største kundeklub mod hacking? 10.45 Hør hvilke tanker der ligger bag sikkerheden omkring Clubmatas og om hvordan White hat Hackere kan hjælpe dig på vej, når man skal beskytte 1.6 mio. danske kvinders data. Thomas Grane fortæller bl.a. også om vigtigheden af at designe den rigtige infrastruktur og om at holde fast i sine politikker og design principper, uden at det hele bliver et spørgsmål om kun at investere dyrt i store sikkerhedsløsninger. 11.00 11.45 Per Thorsheim, Security Advisor, God Praksis AS 12.00 Lessons learned from the hacking of Ashley Madison 12.45 Ashley Madison, the dating site promoting adultery in their slogan “Life is short. Have an affair.” got hacked in July 2015. Mil- lions of customers’ most intimate details were released in August 2015 by the hackers, after the service owners refused to close down business. As the biggest public breach of sensitive personal information ever, there are many lessons to be learned in terms of data protection, hacktivism, crisis management, media handling, and pitfalls that must be avoided. Marit Hansen, Privacy Commissioner, Data Protection Authority Schleswig-Holstein 13.00 Privacy and Data Protection for Big Data - why Confidentiality, Integrity, and Availability are not sufficient 13.45 Big Data is promising solutions for business, administration, and society. But how can it be reconciled with the requirements of privacy and data protection? The established protection goals from information security – confidentiality, integrity, and availability – do not provide appropriate guidance for developers, operators, and users. Remedy may be achieved by shifting the perspective and employing additional privacy protection goals: unlinkability, transparency, and intervenability. This method can serve as foundation for Data Protection Assessments that are demanded by the upcoming European General Data Protection Regulation to minimize risks for people’s privacy and to ensure compliance for companies. 14.00 14.45 Jan Camenisch, Principle Research Staff Member, IBM Research Authentication without Identification: How to Protect On-Line Identity Today, authentication on electronic media is typically done by identification followed by authorization. We users are forced to constantly identify ourselves, leaving a trail of personal information. Methods for user authentication are typically weak. Both put our security and privacy at risk. In this talk we present authentication mechanisms that let service provider authorize users by requesting only the necessary amount of the user. We show how easy it is to use these advanced privacy-protecting authentication mechanisms and how they make it easier for service providers to protect user data. Finally, we will discuss a number of use cases. Program: Theater 1 Wednesday 4th May 9.45 10.15 3rd-4th May 2016 | Øksnehallen, Copenhagen Keld Norman, IT Security Specialist KEYNOTE Fra gymnasieelev til cyberkriminel hacker på kun 30 minutter Se, hvor nemt det er at blive cyberkriminel – En gennemgang af hvordan de cyberkriminelle arbejder, hvor de kommunikerer, og hvilke værktøjer de benytter. Jesper Mikkelsen, Cyber Defense Specialist, Trend Micro 10.30 GAME OVER!! 11.00 205 days from breach to detection?!!?? Why is that? And can we do something about it? The answer is… yes, come and see how Trend Micro can help identify unknown attacks, malicious behaviour and abnormal activity. Remidiate and prevent further spread of an infection. From breach detection to breach prevention. 11.15 11.45 Henrik Akerstrand, Account Executive Nordics, Rapid7 12.00 Understanding User Behavior Analytics: How Outsiders Become Insiders 12.30 Today’s attackers employ a variety of deception tactics allowing them to impersonate legitimate users and bypass existing IT security defenses. Web applications are often compromised in order to host malware or be turned into a phishing site. Users who visit these sites then become infected or have their credentials stolen, giving attackers access to your network. Once inside, attackers become insiders. They use stealthy techniques to stay undetected for months. In this session we will examine: • Common tactics used by attackers to target users and assets • How attackers impersonate legitimate users • Best practices for preventing, detecting and containing these threats 12.45 13.15 Henrik Limkilde, Concept Manager, Security, Axcess Hackere på ledelsesgangen Hvordan binder man identifikation, rettigheder, malware-beskyttelse og funktionalitet sammen i et datacenter uden at gå på kompromis med fleksibilitet og sikkerhed? It-sikkerhed er kommet på agendaen på ledelsesgangen, men fokuserer desværre kun på nord- og sydgående trafik over firewallen og glemmer derved den øst- og vestvendte trafik, som også findes i et moderne datacenter. Virtuelle maskiner kommunikerer i ubeskyttede og sammenhængende net, hvor hackere benytter bagdøren eller lukkes ind af medarbejderne. Axcess/Atea viser, hvordan SDN, malware-beskyttelse, ISE og funktionsadskillelse håndteres i et moderne datacenter, og hvordan malware kommer ind bag firewallen og bliver fanget, isoleret og sat i karantæne. Jakob Juel Olsson, Salgsdirektør, Netteam 13.30 Netteam Security Customer Case 14.00 14.15 14.45 15.00 15.30 15.45 16.15 Ola Björling, Sr. Channel Manager, MobileIron Securing the modern enterprise I will give you a brief overview of the trends that we are seeing in the market, especially related to the mobile devices. With mobile devices, the enterprise information travels outside the corporate network and can be accessed from anywhere in the world. The modern operating systems and the new mobile user requirements have fundamentally recast the enterprise security model. MobileIron provides the security foundation for enterprises to manage their mobile operating systems and thus help them transform their businesses with mobile technologies. Program: Theater 2 Wednesday 4th May 3rd-4th May 2016 | Øksnehallen, Copenhagen 9.30 10.00 10.15 10.45 Martin Lee, Technical Lead, Security Research, Talos Outreach EMEA, Cisco 11.00 Dissecting Angler with Applied Analytics and Threat Intelligence 11.30 We have great pleasure of welcoming Talos, Cisco’s security research and threat intelligence team on stage. Talos is the group within Cisco that investigates the threats and vulnerabilities that affect the Internet. One example is the Angler exploit kit which is a major tool for criminals to distribute malware, such as ransomware, to profit from cyber crime. In this presentation you will learn how the Talos team are able to analyse the data and intelligence available to block and disrupt the operation of this criminal enterprise. This session will offer you an insight to how Cisco prevents and combats threats by using intelligence and data sources available in order to secure Internet users. 11.45 12.15 12.30 13.00 13.15 13.45 Kim Elgaard, Solution Specialist, Arrow ECS Hackers 5 phases to create a breach, and how to protect against it A walkthrough of the 5 phases of a breach. What are the mechanisms a hacker uses to gain access to a system, and how can Arrow ECS help you to protect yourself against them. Andrew Kemshall, Co-Founter & CTO, Infinigate Embracing the Future of Authentication This presentation starts with a discussion on leveraging existing data stores for easy deployment and then gives an overview of the different options for utilizing a mobile phone as your token. It will also discuss new security techniques such as utilizing split seed records. Finally this presentation will show new ground breaking ways of authenticating users via push, NFC and Touch ID. Magnus Jansson, EMEA Security Engineer, Data Security, Check Point Protect your device with the next generation of mobile security Today’s cybercriminals are particularly sneaky. They will trick you into installing a malicious app or connect to a rogue Wi-Fi network and are able to see where you have been and who you plan to meet. They work long and hard at finding new ways to steal sensitive data from the devices we use and trust the most: our smartphones and tablets. These data-rich devices are quickly replacing laptops and PCs as our primary screens at work too, making it more important than ever to defend them against new, advanced mobile threats. But how do you stay one step ahead of sophisticated cyber thieves without stumbling over security or the end-user experience? David Half, Chief Strategy Officer, SMS Passcode 14.00 Cloud Services – Productivity Booster or Security Risk? 14.30 Most likely a bit of both! At no point in time have User Authentication and Cloud Application Control been more important than it is today. The use of “unauthorized” applications to process corporate data is exploding and more often than not organizations are blind to the implications of shadow IT in their infrastructure. CensorNet and SMS PASSCODE join forces to fulfill an ambitious security vision, offering a holistic approach to Cloud Security. Join this session to see: • How easy it is to control your cloud applications • How multi-factor authentication plays an important role in cloud adoption • How to cast light on your shadow IT 14.45 15.15 15.30 16.00 Program: Theater 3 Wednesday 4th May 3rd-4th May 2016 | Øksnehallen, Copenhagen 9.45 10.15 10.30 11.00 11.15 11.45 Anders Svensson, Senior Systems Engineer, RSA 12.00 Be the Hunter – Not the hunted 12.30 Been breached or suspect a breach? Come and see how the unique combination of network, log, netflow and endpoint data you will help you detect, investigate, and rapidly respond to advanced threats before they damage your business. 12.45 13.15 Michael Sjøberg & Tomas Hellum - Managing partners, LinkGRC 13.30 Aktiv kriseledelse i praksis 14.00 I takt med stigende krav til ledelsen omkring håndtering af fx cybersikkerhedsrelateret hændelser skal kriseledelsen i Danmark styrkes. Vi vil demonstrere et praktisk forløb i en simuleret avanceret krise. 14.15 14.45 15.00 15.30 15.45 16.15
© Copyright 2024