Cyber Security 2018: Building Resilience Now and For the Future Mar 1 2, 2018 Ottawa

Transcription

1 Agenda and Speakers Cyber Security 2018: Building Resilience Now and For the Future Mar 1 2, 2018 Ottawa Thursday, March 01, :30 am Registration and Continental Breakfast 8:00 am Opening Remarks from the Chair 8:30 am Plenary Session 1 From DevOps to DevSecOps: It s About Building an Effective Program Level Strategy Many times, discussion on software security focuses at the project level. This leads to further discussion on activities like pen testing, code scanning, and user stories. This is like assuming we simply need to inject "security requirements into DevOps". But that is not enough. When discussing DevSecOps, we actually need to align DevOps, Compliance, Audit, and Business teams. Static DevSecOps models are too rigid and brittle in this regard. What we need to drive DevSecOps is program level thinking. This means discussing future state competencies, governance, and risk management. In this session, you will learn about how to transition from DevOps to DevSecOps using a more programmatic approach. Altaz Valani Research Director Security Compass

2 9:15 am Plenary Session 2 Security Begins with Effective Leadership: How to Build and Facilitate Effective Cyber Security within Boards When developing a cyber security strategy for your organization two issues need to be top of mind. First, who owns and leads security, and second, whose input and expertise do you need to create effective security and sustainable resilience in the long term. Many organizations focus on "what" to secure and forget about the "how". In this session, you will hear about the complexity of securing the most sensitive and critical part of any organization: the board. What happens when you need to secure the boardroom? Is it even possible for the IT guy to secure the C-level? How can you make the chairman comply with any security procedure? Nadim Baklouti Chief Technology Officer DiliTrust 10:00 am Networking Break 10:30 am Plenary Session 3 Sharing Cyber Threat Information Session details to be advised. Shawn Edwards Vice-President, Head of Cyber Defense Visa 11:15 am Plenary Session 4 Resilience Through Insurance: Understanding the Uses and Limits of Cyber Insurance As breaches of cyber security and their associated costs increase, more organizations are looking to cyber insurance to ensure that they have the financial resources to recover. As the financial costs alone for a breach can be huge, insurance has an obvious appeal. Yet the industry has not grown at the same rate as the exposure to risk. In this session, you will hear about the advantages cyber insurance offers as well as the questions you should be asking when considering using insurance to create greater resiliency for your organization.

3 David McGown Senior Vice-President, Strategic Initiatives Insurance Bureau of Canada 12:00 pm Networking Luncheon 1:00 pm Plenary Session 5 The Ever Evolving Threat Landscape The only constant in cybersecurity is change. Advanced cyberattacks threaten our organizations continue to evolve in sophistication and speed. So how do we keep up? In this talk, Shawn will give an overview of the landscape and provide battle-proven solutions which systematically raise the bar to make your organization both responsive and resilient. Additionally, we will take a forward look to discuss some predictions for 2018 and beyond. Robert Gordon Executive Director Canadian Cyber Threat Exchange (CCTX) 1:45 pm Plenary Session 6 Developing an Effective Communication Strategy for After a Breach In the event of a breach the reputational costs and damage to the brand can be far greater than the direct financial cost. And the damage can be huge and long lasting. How an organization appears and communicates after an incident has a huge impact. Badly handled communications can lead to lasting irreparable and even terminal damage. In this session, Andrea Mandel Campbell will discuss what you can do now to prepare for a breach and the specific challenges of cyber incidents the similarity with other crisis communications. She will share what she has learned as a seasoned communicator from organizations that have acted in a timely and effective manner and those who dropped the ball. Andrea Mandel-Campbell Senior Vice-President Teneo Strategy 2:30 pm Refreshment Break 2:45 pm Plenary Session 7 Surviving a Cybersecurity Breach

4 Executing an effective response to a cyber-attack is often one of the most important factors in determining the impact of the breach on the organization and others who may be affected. A well-handled response will mitigate potentially staggering reputational, operational and legal risks and liability. A poorly-handled response can not only aggravate the consequences of the breach and increase risk and exposure, but also give rise to separate heads of exposure for an organization. This session will provide key insights and lessons learned for how to handle cybersecurity breaches. Alex Cameron Partner, Chair of Privacy and Information Protection Group Fasken Martineau 3:30 pm Plenary Session 8 Cyber Coaching for Resiliency: Applying The Lessons of Prior Breaches Justin Fong is a Partner at Deloitte, leading the Western Canadian Cybersecurity Practice. Over the last 16 years he has had the opportunity to evolve with this critical risk we all face. This session will provide a high level update on the current cybersecurity landscape to help us better understand what we are up against. What key risks and potential mitigations should be in place for any organization and focus on lessons learned from his past incident response experiences. Justin will examine what has changed in the field, who are the attackers, what motivates them and lessons learned from numerous breaches. Justin Fong Partner, Wester Canadian Cybersecurity Practice Deloitte 4:15 pm Closing Remarks from the Chair 4:30 pm Day 1 Adjourns

5 Friday, March 02, :00 am Continental Breakfast 8:30 am Opening Remarks from the Chair 8:45 am Plenary Session 9 Securing the Government of Canada in the Age of Digital Transformation An overview of the Government of Canada's cyber security landscape (including current challenges and priorities) as it moves forward with its digital transformation agenda. Imraan Bashir Senior Director, Cyber Security Treasury Board of Canada Secretariat 9:30 am Plenary Session 10 The Quantum of Malice: Why and How You Need to Prepare Now for a Quantum Future While quantum computing might sound like science fiction, recent advances and increasing research mean that many experts now believe we could be only a decade away from true quantum computing that is both scalable and fault tolerant. This will have implications for your cybersecurity efforts as when it arrives it will offer the capacity to overcome current cryptography exposing your organization to potentially disastrous breaches. To prepare yourself, organizations can take steps to integrate quantum-safe solutions into their existing cyber security planning and life-cycle management, where they can be evaluated for functionality, performance, ease of use and other factors. Where necessary, existing infrastructure can be enhanced or replaced. And all this can happen before these changes become critical to the security of the organization. Dr. Mosca is one of the world's leading scientists in quantum computing, quantum cryptography, and conventional cryptography in an era with quantum technologies. He cofounded Canada's Institute for Quantum Computing, was a founding Faculty Member of Perimeter Institute for Theoretical Physics, and co-authored the respected textbook An Introduction to Quantum Computing. He argues persuasively that the time to start planning for the era of quantum computing is now. In this session, he will explain why and outline the steps you should begin so that you are as ready as possible when the technology becomes available. Michele Mosca Co-Founder and Professor, The Institute for Quantum Computing University of Waterloo

6 10:15 am Refreshment Break 10:30 am Plenary Session 11 Resiliency's Not About Technology, It's Your Culture Creating Resiliency Through Employees Building effective resiliency is about much more than technology and passwords. Critical to this process is educating employees and creating a risk aware culture. Above all else it is a change management exercise. In this session, you will learn how one organization has gone about raising awareness of cyber security and embedding this in the culture. As this includes what employees need to do before and after a breach this session will connect these two elements of cyber resiliency. Tracey Malcolm Leader, Global Future of Work Practice Willis Towers Watson 11:15 am Plenary Session 12 Panel Discussion What Will the Future Hold? From AI and machine learning, to quantum computing, to the increased vulnerabilities of the Internet of Things, few doubt that the already complex world of cyber security is about to get even more challenging. This concluding panel will look at what is on the horizon and beyond. This panel will discuss how you should think about the future and prioritize your resources for inevitable risks and the potential damage they may cause. Jeff Stark Chief Information Security Officer Ontario Pension Board Peter Morin Director, Cyber Security KPMG LLP Altaz Valani Research Director Security Compass

7 12:15 pm Closing Remarks from the Chair 12:30 pm Conference Adjourns Post-conference webinar sponsored by: Webinar details coming soon.