Share
Browse
  • Day 1 Session 3 Workshop 1
  • Day 1 Session 3 Workshop 2
  • Day 1 Session 3 Workshop 3
  • Day 1 Session 3 Workshop 4
#

Day 1 Session 3 Workshop 1

Information Security and Cyber Risk Challenges
Rik Ferguson, Vice President Security Research, Trend Micro

Please note this was an extended workshop with a restricted audience. An audio recording of this workshop is available to eligible public sector cyber security professionals upon request. Please email events@softbox.co.uk

Workshop attendees enjoyed a candid, interactive, discussion about their own information security and cyber risk challenges. This was a great opportunity for those working in Local Government, healthcare and blue light services to discuss experiences, pool knowledge and together formulate solutions to shared challenges. 

Recommended reads:

Other resources

  • Read Trend Micro's article 'CEO Fraud Email Scams Target Healthcare Institutions' in CyberTalk
  • NSS Labs' Breach Detection Systems Test Report.Trend Micro Deep Discovery™ Inspector has been recognized for the third consecutive year as a recommended breach detection system by NSS Labs. Deep Discovery achieved a 99.8 percent detection rate in the latest Breach Detection System test. Yet again Trend Micro has demonstrated a consistent ability to detect network and endpoint-based targeted attacks, advanced threats and ransomware.
  • Blog post reprint from Trend Micro's SIMPLY Security blog (February 2017). Trend Micro positioned highest and furthest among leaders for ability to execute and completeness of vision in the 2017 Gartner Magic Quadrant for Endpoint Protection Platforms. 
  • IDC Technology Spotlight report - Securing the Server Compute Evolution: Hybrid Cloud has Transformed the Datacentre (January 2017). This report, sponsored by Trend Micro, highlights how hybrid cloud architectures, underpinned by the growth of cloud computing and virtualisation, has transformed the way organisations should view server security. The market leader in server security every year since IDC started tracking the market has been Trend Micro.

 

Back to Day 1

As Seen in CyberTalk link to article

Day 1 Session 3 Workshop 2

Ransomware and the Law
Ellie Hurst, Marcomm and Media Manager, Advent IM Ltd

Paying a physical ransom in the UK is illegal and recently the UK Government hardened this legislation by including insurers to further consolidate the UK’s position on ransom payments most likely to fund organised crime (OCG) or terror groups. With such clear legislation on paying physical ransom, the guidance on cyber ransom has, up to now, been rather less clear cut. Despite the very real probability that the ransoms are going to the same organised or possibly terrorist group funds. Is this because we cannot cope with the levels of ransomware we are now facing? Is it because we continue to have a disconnect with how we treat cybercrime and physical crime? Ransomware for physical systems is now appearing on our security radars and indeed has been showcased at RSA by researchers. If the basis of our legislation is that the ransoms go to fund further organised criminal activity then should this kind of payment also be illegal? If we in effect funding further development of tools such as physical system ransom, will they eventually offer threat to human life such as fire and life building systems?

This was an open and frank discussion of the reality of OCGs (and potentially terrorist groups) use of ransom and extortionware, the impacts and possible outcomes we need to be prepared for, along with a genuine learning about how we view this kind of cybercrime and thoughts about how we can evolve attitudes.

  • Read the blog post by Adevnt IM Director Julia McCarron "Julia's #Rules to Ransomware Safety"
  • Download Ellie's slide deck
  • Request the audio recording of the discussion - please email events@softbox.co.uk
  • Read the brilliant Stand and Deliver article about ransomware by Mike Gillespie, Managing Director & Co-Founder of Advent IM, in CyberTalk

As Seen In CyberTalk! Link to article

Back to Day 1

Day 1 Session 3 Workshop 3

Fully Mobilised Working, the Needs of the Future
Simon Barton, Senior Consultant, Trusted Management Ltd

Organisations frequently feel that there is an inherent conflict between oppression Security as it is currently practiced and the freedom a business desires. This conflict is often driven by a lack of preparedness by the Security Professionals in looking at and addressing the possible needs of the business.

This workshop aimed to explore the emerging functional needs of organisations by exploring various scenarios. It was not intended to create solutions, but to explore the requirements that are going to face Security Professionals in the coming years as organisations fundamentally change how they operate, how they interact with their clients, suppliers and employees - assuming that such distinctions remain valid.

The workshop was an interactive session taking ideas of how a future organisation would wish to operate if they were unconstrained by Security restrictions. Armed with this knowledge, delegates began to explore how they would start to work with such organisations to minimise the risks they may be exposing themselves to.

In keeping with the collaborative spirit of CSP, attendees had an opportunity to contribute to future thinking around the environment they will be operating in, to discuss and share ideas of the challenges that will be faced and started to understand the demands that their clients will be bringing to them.

Back to Day 1

Day 1 Session 3 Workshop 4

Professionalisation
Prof. Roy Isbell FIET FBCS CITP, Principal Fellow, Cyber Security Centre, WMG, University of Warwick

In Section 7 “Develop” of the National Cyber Security Strategy is a small paragraph that appears innocuous, but could have significant import on the cyber security profession. The paragraph reads:

“developing the cyber security profession, including through achieving Royal Chartered status by 2020, reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy;“

The prediction is that there will be 20 billion devices connected to the Internet however, there is likely to be another 30 billion that are not. Most of these will be in the engineering or engineered space, especially as automation gathers momentum. Do we therefore believe that one single organisation is best placed to serve the cyber security profession of the future?

A Royal Charter is a Petition to The Sovereign in Council. Charters are rarely granted these days, and an organisation applying will be expected to meet a number of criteria, namely:
a. the institution concerned should comprise members of a unique profession, and should have as members most of the eligible field for membership, without significant overlap with other bodies.
b. corporate members of the institution should be qualified to at least first degree level in a relevant discipline;
c. the institution should be financially sound and able to demonstrate a track record of achievement over a number of years;
d. incorporation by Charter is a form of Government regulation as future amendments to the Charter and by-laws of the body require Privy Council (i.e. Government) approval. There therefore needs to be a convincing case that it would be in the public interest to regulate the body in this way;
e. the institution is normally expected to be of substantial size (5,000 members or more).

Digital processing is at the core of Cyber–Physical Engineered Systems, should not established engineering organisations add cyber security to their existing professional registration to give the credibility that achieving Chartered Status provides? This workshop discussed just that.

Back to Day 1

Find Out More

Get a Quote

Call Me Back

Enquiry Form