How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec, a sponsor company at the upcoming marcus evans Australian CIO Summit 2013, on how organisations can ensure information security becomes a business enabler.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
This Special Report from the Security for Business Innovation Council identifies four technology trends -- cloud computing, social media, big data, and mobile devices -- as game-changers for 2013 and offers concrete guidance on how security teams can meet these requirements.
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...IT Network marcus evans
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Director, DotSec, a sponsor company at the upcoming marcus evans Australian CIO Summit 2013, on how organisations can ensure information security becomes a business enabler.
Smart Buildings, Deep Learning AI, Drones, Robotics, and IoT....What is next?
Martin Sheridan, CTO of Sheridan Solutions Consulting and his co-author, our COO Scott Taylor explore the challenges and opportunities that emerging technologies are driving across security industry.
This Special Report from the Security for Business Innovation Council identifies four technology trends -- cloud computing, social media, big data, and mobile devices -- as game-changers for 2013 and offers concrete guidance on how security teams can meet these requirements.
7 Things Every Ceo Should Know About Information SecurityCindy Kim
This ebook outlines the changing threat landscape and what CEOs need to understand about the evolving nature of threats in order to take protective measures and stay on top. In this ebook, Pat Clawson, CEO of Lumension, provides straight talk about a topic that can very well impact your bottom line and the ability of your business to deliver its product to customers.
nCircle held a Webinar on 6/7 with Mike McKay Senior Sales Engineer at nCircle - The theme was to give smaller organizations the power to have a big organization security program.
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Skybox Security
Speaker: Gidi Cohen, CEO and Founder – Skybox Security, Inc.
Whether you are planning a transition to next-gen firewalls or have already done so, maximizing your next-gen firewall investment is imperative. Yet, most enterprises experience common management challenges that can slow down deployments, complicate existing firewall operations processes, and delay use of the most advanced next-gen firewall features.
In this session, Gidi Cohen, CEO and founder of Skybox Security, shares customer case studies and research to illustrate these transition challenges and outline a phased approach to evaluate, adjust, and implement updated processes and tools so you can effectively manage your next-gen firewall deployment.
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
Despite changing threats and the near certainty of compromise, most
IT security programs are much the same as they were a decade ago. How
have attacker motivations and tactics changed, and why? What does
this mean for IT security departments, and how must they adapt?
This webinar will detail the security challenges organizations face
today, the implications of changes in attacker tactics and
motivations, and what firms can do to better align their security
program with today's reality.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Colby Clark, Director of Incident Management, Fishnet Security
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
Supervised Active Intelligence: an innovative approach to Automated Incident Response based on Machine Learning, leveraging orchestration, automated playbooks and integration with existing Security Ecosystem
B2B marketing has a reputation for complexity. Because B2B transactions occur between two businesses, with diverse groups of people on each side, B2B marketing requires some savviness to get decision-making parties on the same page.
7 Things Every Ceo Should Know About Information SecurityCindy Kim
This ebook outlines the changing threat landscape and what CEOs need to understand about the evolving nature of threats in order to take protective measures and stay on top. In this ebook, Pat Clawson, CEO of Lumension, provides straight talk about a topic that can very well impact your bottom line and the ability of your business to deliver its product to customers.
nCircle held a Webinar on 6/7 with Mike McKay Senior Sales Engineer at nCircle - The theme was to give smaller organizations the power to have a big organization security program.
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Skybox Security
Speaker: Gidi Cohen, CEO and Founder – Skybox Security, Inc.
Whether you are planning a transition to next-gen firewalls or have already done so, maximizing your next-gen firewall investment is imperative. Yet, most enterprises experience common management challenges that can slow down deployments, complicate existing firewall operations processes, and delay use of the most advanced next-gen firewall features.
In this session, Gidi Cohen, CEO and founder of Skybox Security, shares customer case studies and research to illustrate these transition challenges and outline a phased approach to evaluate, adjust, and implement updated processes and tools so you can effectively manage your next-gen firewall deployment.
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
Despite changing threats and the near certainty of compromise, most
IT security programs are much the same as they were a decade ago. How
have attacker motivations and tactics changed, and why? What does
this mean for IT security departments, and how must they adapt?
This webinar will detail the security challenges organizations face
today, the implications of changes in attacker tactics and
motivations, and what firms can do to better align their security
program with today's reality.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Colby Clark, Director of Incident Management, Fishnet Security
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
Supervised Active Intelligence: an innovative approach to Automated Incident Response based on Machine Learning, leveraging orchestration, automated playbooks and integration with existing Security Ecosystem
B2B marketing has a reputation for complexity. Because B2B transactions occur between two businesses, with diverse groups of people on each side, B2B marketing requires some savviness to get decision-making parties on the same page.
DH Week Workshop: Pinterest as ExhibitionNoreen Whysel
Pinterest offers a unique way to display and interrelate digital assets with a wider world of interconnected materials and activity. Learn how UK-based research group, Architecture_MPS promotes its journal articles, conferences and online resources by exposing it’s relationships with other research, exhibitions, and imagery. As part of our engagement with scholarly communication AMPS provides current listings supported by additional materials relevant to both academics and discipline information professionals. Since 2014, we have used Pinterest for curating collections of images and articles on topics related to our published journal articles. The boards function as a resource guide or reference to current books, films, exhibits, conferences, lectures and competitions related to the AMPS remit.
Location: METRO, 57 East 11th Street, 4th Floor Training Room
Mobile device management (MDM) provides the endpoint-focused processes and solutions for accelerating user productivity and device reliability. However, selecting an MDM platform that directly addresses an organization’s unique requirements and challenges can often be confusing given the diverse range of features and cost elements offered by competing solution providers.
These slides from Steve Brasen, managing research director at leading IT analyst firm Enterprise Management Associates (EMA), reveal key results from the recently published EMA Radar™ on Mobile Device Management. In this side-by-side comparison of the 12 leading MDM platforms, solutions are empirically compared and graded against a broad range of measurements to objectively determine overall product strengths and cost efficiencies.
Law firms are required to hold money in trust. This money is not their own, so they have a fiduciary responsibility to protect and account for it.
A lawyer’s responsibility to hold client funds separate from their own seems simple in principle, but with strict rules surrounding trust accounts, many lawyers run into challenges with maintaining them correctly. From documenting deposits and disbursements to handling varied payment methods by clients, trust accounting remains a compliance minefield for law firms.
Is your law firm at risk of committing trust account errors?
Learn how to avoid trust account mistakes while improving your firm’s billing process during Clio’s one-hour webinar. In this presentation you’ll learn:
The rules for managing trust accounts
Differences between general bookkeeping & legal accounting
How to reconcile trust accounts
How Clio’s newest trust accounting features can help
The first brochure for SMi Group's 3rd annual Oil & Gas Cyber Security conference & exhibition is here. Don't miss the Early Bird deadline and contact Alia Malick if you want to get involved.
As you move your IT Infrastructure into the cloud, how secure can you expect your applications to be? Join Alert Logic and Internap on this webcast for an enlightening discussion on the state of cloud security and how it impacts security management decisions, especially in the context of deploying infrastructure to hosted and cloud environments.
Industrial Control Security USA Sacramento California Oct 6/7James Nesbitt
Industrial Control Cyber Security conference Sacramento California October 6th and 7th, Key Note speakers include DOE, NERC, NIST, SMUD, PG&E, SCE, NCi Security, Codenomicon (Heartbleed presentation).
Pre Conference workshop October 5th
“Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats”
Workshop Leader: Ayman AL-Issa, Digital Oil Fields Cyber Security Advisor
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
Not so long ago, the only way to access a new application was to install it from a floppy disk.
Prehistory, huh? Now we have the Internet. Anytime. Anywhere. Everywhere: in the office,
at home, in cafés, on the street, even on the beach. We live in a world where we are connected
all the time. This influences our lifestyle, our interests and attitude, it changes the way we work.
This means a whole new era for the software industry. And this era should be called “Cloud”.
OT Security Architecture & Resilience: Designing for Security Successaccenture
Resiliency is the new imperative for OT environments. This track provides valuable insights for building a security architecture to meet the business challenge. The discussions are intended to spark conversation and this guide highlights key takeaways on what works, what doesn’t and what’s next. https://accntu.re/36gMaWm
Where worlds collide: Agile, Project Management, Risk and Cloud?Livingstone Advisory
The new CIO is expected to be truly agile, deliver transformational value using new technology based services and have a deep understanding of, and engagement with the business – all whilst managing and mitigating risks. In addition to this, the CIO is also expected to be a ‘business partner’ in the real sense of the word. On top of these factors, Cloud is often seen in the eyes of business as a metaphor for timely change, and a convenient ‘get out of jail’ card in their push to lower IT cost, and collapse IT project lead times.
In this context, ensuring the effective orchestration if the various ‘best practice’ methodologies and frameworks in the areas of agile application development, project management and risk management, all whilst managing the whole ‘Cloud’ discussion is not a trivial task.
In this presentation, Rob Livingstone explores the key systemic and technical risks associated with the concurrent adoption and management of agile application development methodologies, project management, hybrid cloud and mobile devices within the enterprise in today’s volatile environment.
Industrial Control Security USA Sacramento California Oct 6/7James Nesbitt
Industrial Control Cybersecurity USA October 6th and 7th
Sacramento California USA
Identify, protect, detect, respond and recover.
All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Energy and Water Sector.
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
European smart grid cyber and scada securityYulia Rotar
European Smart Grid Cyber and SCADA Security Conference by the SMi Group, London, UK, 10-11 March 2014.
Get in touch with us via mmalik@smi-online.co.uk
Cyber Security Professionals Viewed via Supply Chainaletarw
This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.
Similar to Oil and gas cyber security nov 2012 (20)
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Oil and gas cyber security nov 2012
1. R BY SMi present their 2nd annual…
REGISTE BER
PTEM
28TH SE
EIVE A
AND REC UNT
£100 DIS
CO
Oil and Gas
Cyber Security
Wednesday 14th and Thursday 15th November 2012
Copthorne Tara Hotel, London, UK
Many major oil and gas companies are suffering increased amounts of cyber-attacks motivated by commercial and criminal
intent. These new attacks are posing a great risk to machinery, which can cost lives, stop production and cause environmental
damage - a significant threat to oil and gas production companies worldwide. The risk of a cyber attack is growing and a
challenge companies will continue to face, leaving them vulnerable if inadequately protected.
KEY SPEAKERS INCLUDE:
• Hassan Karim, Communications Engineer, Saudi Aramco • David Spinks, Chairman CSIRS, CSIRS
• Oskar Wols, Technical Architect, Enterprise Solutions • Serdar Cabuk, Managing Consultant, Deloitte
Architecture, Shell Information Technology International • Samuel Linares, Director, Intermark
• Philip Jones, Information Systems Security Officer, GDF • Adrian Davis, Principal Research Analyst, Information Security
SUEZ EP UK Ltd Forum
• Simon O'Gorman, Head of Cyber Sales, Finmeccanica • David Livingstone, Director, Napier Meridian
• Olav Mo, Oil & Gas Cyber Security Manager, ABB Limited • Justin Lowe, Energy Cyber Security Specialist, PA Consulting
• Iain Brownlie, Senior Consultant, CISSP, ABB Limited Group
• Alan Bentley, SVP Worlds Sales, Lumension Security • David Alexander, Principal Consultant, Regency IT Consulting
• Oded Blatman, CEO, CIP Security • Lieutenant Colonel Tom Fairfax, Managing Director, Security
• Tim Holman, CEO 2-sec, President, ISSA-UK Risk Management Ltd.
• Dr Boldizsar Bencsath, Assistant Professor CrySyS Lab, • Sadie Creese, Professor of Cybersecurity, University of Oxford
Budapest University of Technology and Economics • Danny Berko, Director of Product Marketing, Waterfall Security
PLUS AN INTERACTIVE PRE-CONFERENCE WORKSHOP
Tuesday 13th November 2012, Copthorne Tara Hotel, London
Approaches to network monitoring and situational
awareness in critical infrastructure
Tuesday 13th November 2012, Copthorne Tara Hotel, London 13.30pm – 18.00pm
Workshop leader: Dr Damiano Bolzoni PhD, Chief Operations Officer, SecurityMatters
Sponsored by
CYBER SOLUTIONS
www.smi-online.co.uk/2012cyber-security.asp
Register online or alternatively fax your registration to +44 (0) 870 9090 712 or call +44 (0) 870 9090 711
2. Oil and Gas Cyber Security
DAY ONE | WEDNESDAY 14TH NOVEMBER 2012 www.smi-online.co.uk/2012cyber-security.asp
8.30 Registration & Coffee • Linking Critical Infrastructures Protection and Industrial Control
Systems Security: Understanding the risk. Analysis of the link between
9.00 Chairman's Opening Remarks the industrial and corporate environments and its impact in key
David Alexander, Head of Vulnerability Research, Regency IT Consulting organizations for the survival of a country
• Current situation of the ICS Security. Study and analysis of the
OPENING ADDRESS convergence between industrial and corporate systems (or traditional
9.10 Information Protection in Oil & Gas — Myths and reality IT), the impact, threat evolution, etc. Analysis of the security in
• Understanding the threat horizon for Oil & Gas industrial systems.
• What is at risk? Prevention and mitigation for the future • Organizational and Management Aspects: IT Manager vs. CSO/CISO
• Effective response to information leakage incidents vs. Plant Manager vs. Manufacturing Manager. Human aspects of
• Common IP pitfalls and applying the key lessons learnt industrial environments security and critical infrastructures protection.
Serdar Cabuk, Managing Consultant, Deloitte
• Key facts (earthquakes) in our environment: Stuxnet, Duqu, Project
9.40 Information flows have a context Basecamp, CIP regulation, Smart Grid, Cyber Security Reports,
• Introduction Horizon 2020, ISA 99, Flame…
• Key elements to have business in control • Today’s ICS Security Landscape in depth analysis: Tsunami is arriving…
• Problem statement Samuel Linares, Cyber Security Services Director, Intermark
• Constant factors
• What do we need 2.40 Panel Discussion — Evaluating the counter measures
• Data flows – rules/criteria • The use of effective PR
• Examples and what next? • An active response
Oskar Wols, Solution Architect, Shell • The legal framework
Tim Holman, UK President, ISSA (Information Systems Security Association)
10.10 Stronger than Firewalls: A Novel Approach for Mitigating Cyber David Alexander, Head of Vulnerability Research, Regency IT Consulting
Threats and Risks Targeted at Oil & Gas Facilities Samuel Linares, Cyber Security Services Director, Intermark
• IT Security Best Practices - Myth vs. Reality
• Emerging Industrial Security Best Practices – modern approach 3.10 Assurance - Much More Than Ticking The Boxes
in meeting SCADA cyber threats • Chatham House study on CNI unearthed some really good standards and
• Regulatory Industrial Security measures review – NERC-CIP practices, and some pretty awful ones too. What made the difference?
CAN-24, The Unidirectional Gateway requirements • Does instinct for risk management in cyber count for much more than
• Industrial cyber security reference architecture for SCADA applications adherence to a complex rule book?
• Common Unidirectional Gateway deployment scenarios in
industrial/utility facilities • How would such a rule book keep pace with the cyber environment?
Danny Berko, Product Marketing Manager, Waterfall Security Solutions • Are the right people running the show?
David Livingston, Director, Chatham House
10.50 Morning Coffee
3.40 Afternoon Tea
11.20 Session details to be announced
Oded Blatman, CEO, CIP Security Company Ltd 4.10 Flame. Setting Stuxnet on fire!
• Is the criminal world getting the better of us?
12.00 Overcoming Challenges in Network Security Control Deployments • Are we powerless to stop malevolent hackers?
for SCADA Environments • Is our greed for new technology pulling the wool over our eyes?
• Risk Analysis • Now APTs are a reality for all businesses, what can we do to mitigate
• Traffic Analysis their effects?
• Requirements Refinement Tim Holman, UK President, ISSA (Information Systems Security Association)
• Security Optimization
Hassan Karim, Communications Security Engineer, Saudi Aramco 4.40 Situational Awareness - Understanding the Threat Architecture
• What is “threat” and who might be involved?
12.30 Human Factors in Oil & Gas Cyber Security • What Roles might different people be taking?
• Major human factor considerations in securing Oil & Gas assets • What does this mean for us?
• Situational awareness - Understanding and assessing vulnerability • What should we be looking for?
• Security incident handling and decision making Tom Fairfax, Director & Head of Advisory Services, SRM - Solutions
• Recover from a disaster; safely, securely and efficiently
Olav Mo, Oil & Gas Cyber Security Manager, ABB Limited
Iain Brownlie, Senior Consultant, CISSP, ABB Limited 5.10 Systematic Risk Management and Insider Threats
• SCADA and Cyber-Physical Systems
1.10 Networking Lunch • Systematic risk management in an industrial setting
• Identifying and mitigating insider threats
2.10 Tsunami! Will you keep watching the wave? Christian Probst, Language-based Technology, Technical
• Description of the current socio-economic situation and the impact of University of Denmark
the Critical Infrastructures Protection and Industrial Control Systems
Security (or its absence) in our life (personal and professional), in our 5.40 Chairman's Closing Remarks and Close of Day One
organizations and in our countries. David Alexander, Head of Vulnerability Research, Regency IT Consulting
Register online at www.smi-online.co.uk/2012cyber-security.asp • Altern
Sponsored by
ABB www.abb.com/oilandgas
ABB is a global leader in automation, electrical, safety, telecommunications and instrumentation in the Oil and Gas industry. Full life cycle
and consulting services help protect and optimise assets. ABB offer vulnerability assessments, incident handling, remote access platforms
and security client server management, such as security event monitoring.
CIP Security Company www.cipsec.com
Finmeccanica Cyber Solutions www.finmeccanica.co.uk/cyber
CYBER SOLUTIONS Finmeccanica Cyber Solutions in the UK represents the best in cyber security and information assurance. It secures high level information systems at the
heart of the UK’s security, and enables secure collaboration with allies. Finmeccanica is working with the emergency services to improve interoperability,
deliver real value and front line effectiveness in the fight against terrorism, and resilient contingency planning.
Lumension www.lumension.com
Lumension A global leader in operational endpoint security, develops, integrates and markets security software solutions that help
businesses protect their vital information and manage critical risk across network and endpoint assets.
Lumension: IT Secured. Success Optimized.™ For more information, go to www.lumension.com.
Waterfall Security www.waterfall-security.com
Waterfall Security is the leading provider of Unidirectional Security Gateways™ for industrial control networks and critical infrastructures.
Waterfall’s Unidirectional Gateways reduce the cost and complexity of compliance with regulations, as well as with cyber-security best
practices. Waterfall’s products are deployed worldwide in utilities and critical national infrastructures. Frost & Sullivan awarded Waterfall
the 2012 Network Security Award for Industrial Control Systems Entrepreneurial Company of the Year. Waterfall’s offerings include support
for leading industrial applications, including the OSIsoft PI™ Historian, the GE Proficy™ iHistorian, Siemens SIMATIC™/Spectrum™
solutions, as well as OPC, Modbus, DNP3, ICCP and other industrial protocols.
3. Oil and Gas Cyber Security www.smi-online.co.uk/2012cyber-security.asp
8.30 Registration & Coffee 1.30 The challenges of Security Architectures for Industrial Control
DAY TWO | THURSDAY 15TH NOVEMBER 2012
Systems
9.00 Chairman's Opening Remarks • This presentation looks at the high-level technical issues in
David Alexander, Head of Vulnerability Research, Regency IT Consulting designing and implementing Security Architectures in Industrial
Control Systems integrated into a corporate network.
9.10 Security; a new paradigm? David Alexander, Head of Vulnerability Research, Regency IT Consulting
• Foundations for discussions
• How traditional security silos can respond to the emerging threat 2.00 Defending against APTs
landscape • Why the APT presents a significant challenge
Phil Jones, Information Security & Business Continuity, GDF SUEZ • Current defence options
E&P UK Ltd • Limitations and challenges
• Cutting edge thinking – future solutions
9.40 Are the Cyber risks seen in the past few years hype or reality? Sadie Creese, Professor of Cybersecurity, University of Oxford
• The false myth: SCADA network are not open to public networks.
• What needs to be dealt with at C level 2.30 The challenges and opportunities of the converging worlds of
• Why is security often mistaken for safety Information and Operations technologies
• The "air gap" myth • Why information and operation technologies are converging
• Vulnerability Assessments vs 0 days • What are the challenges of this convergence
• Penetration testing vs CIRT • What are the benefits of convergence
• Real security vs Policy and Awareness and why they must match • The future role of the IT department in operations technology in energy
• The ability to monitor and track behavioural statistics on the companies
network Justin Lowe, Managing Consultant, PA Consulting Group
Simon O'Gorman, Head of Cyber Services Sales, Finmeccanica
3.00 Case Study: Enhancing network monitoring and situational awareness
10.20 Morning Coffee in critical infrastructure
• Current approaches to network monitoring and situational awareness
10.50 Welcome to the Age of Weaponized Malware • Strengths and shortcomings of current approaches
• Numerous countries have now empowered their government • Non-signature based approaches for improved monitoring and
agencies to carry out state-sponsored malware attacks. situational awareness
• How exactly did we get to this point and what are the factors and • Discussion of 2 use cases
threats that you need to be aware of? Damiano Bolzoni, COO, Security Matters
• What are key risk vectors most commonly exploited by recent state
sponsored attacks like Stuxnet and Flame? 3.30 Afternoon Tea
• What are most important pragmatic steps that every organization
can take to reduce their risk without negatively impacting their 4.00 Best practices in supply chain information risk management
productivity? • Identifying and following information in a supply chain
Alan Bentley, SVP World Sales, Lumension Security Ltd. • Using maturity models to drive control selection, assessment and
audit approaches
11.30 Cyber Security Threats to critical National Infrastructure including • Integrating information risk into supply chain management processes
SCADA and PLCs • Aligning information risk to industry standards
• Insider threats Adrian Davis, Principal Research, Information Security Forum
• Advanced Persistent Threats
• Cyber Crime 4.30 Lessons learnt after recent targeted attacks — how to protect against
David Spinks, Chairman, CSIRS future attacks like Flame?
• Insight into the investigations regarding Duqu and Flame
12.00 Panel Discussion — Risk Management Strategies • Targeted attacks on digital signature trust, cryptographic attacks,
• Evaluating the vulnerability of the industry to cyber attacks handling of incidents, collaboration with partners and information
• What strategies are the most effective? sharing.
• The roadmap – Policies and standards • Insight on why and how managing the kind of threat consumes more
David Alexander, Head of Vulnerability Research, Regency IT Consulting resources than the technical work
David Spinks, Chairman, CSIRS • Countermeasure – company-tailored solutions into the network of the
Boldizsar Bencsath, Assistant Professor, Laboratory of customer
Cryptography and Systems Security Boldizsar Bencsath, Assistant Professor, Laboratory of Cryptography
Danny Berko, Product Marketing Manager, Waterfall Security and Systems Security
Solutions
5.00 Chairman's Closing Remarks and Close of Day Two
12.30 Networking Lunch David Alexander, Head of Vulnerability Research, Regency IT Consulting
natively fax your registration to +44 (0)870 9090 712 or call +44 (0)870 9090 711
Supported by
Want to know how
you can get involved?
Interested in promoting your
energy services to this market?
Contact Vinh Trinh,
SMi Marketing on
+44 (0)20 7827 6140, or
email: vtrinh@smi-online.co.uk
4. HALF DAY PRE CONFERENCE WORKSHOP
Approaches to network monitoring and situational
awareness in critical infrastructure
Tuesday 13th November 2012, Copthorne Tara Hotel, London
13.30pm – 18.00pm
Workshop leader: Dr Damiano Bolzoni PhD , Chief Operations Officer, SecurityMatters
Overview of workshop About the workshop leader:
This workshop will present solutions Programme Dr Damiano Bolzoni (1981) received his PhD in 2009
currently available for monitoring from the University of Twente, where he performed
critical networks and situational 8.30 Registration and Coffee research on anomaly-based intrusion detection.
awareness. We will analyse what are Since 2008 he has been involved in securing
the major strengths and weaknesses 14.00 Chairman’s Opening Remarks computer networks of critical infrastructure. Before
of each approach, when it can be used joining the University of Twente, he has been working
and what is the output users can 14.30 Current Solutions for Networking for the Italian branch of KPMG, within the Information
expect. We will wrap up the session • Signature-based Risk Management division. Since 2009 he holds the
with demonstrations of the • Rule-based position of Chief Operations Officer within
approaches presented using real-life • Behaviour-based SecurityMatters BV.
examples. • Visualization
About SecurityMatters:
15.30 Advantages and disadvantages of each approach SecurityMatters develops and markets state-of-the-
Who should attend? • Where when and what to use art network monitoring and intrusion detection
Executive-level, Director-level leaders • Which threats can be detected systems. With 10+ cumulative years of academic
and their staffs who are charged with • Technical skills required to operate research in IT security, and 5+ cumulative years of
monitoring networks and field experience in security auditing within a
safeguarding shareholder value in the 16.30 Coffee Break worldwide renowned consultancy firm in the past,
security world. SecurityMatters delivers an unmatched technology
17.00 Demo’s and hands on exercise to detect the latest and most advanced cyber threats.
SecurityMatters is committed to bring continuous
Why attend? 18.00 Q&A and chairman’s closing remarks innovations to the market to cope with the emerging
Catch up with current solutions for threats.
network monitoring and situational
awareness of critical networks.
ENERGY FORWARD PLANNER
OCTOBER FEBRUARY MARCH
Gas to Liquids E&P Information & Data Unconventional Gas
4th & 5th October 2012 Management 13th & 14th March 2013
Marriott Hotel Regents Park 6 & 7 February 2013 Copthorne Tara Hotel
London, UK Copthorne Tara Hotel London, UK
London, UK
NOVEMBER Oil & Gas Satellite
Oil and Gas Cyber Security FLNG Communications
13th & 14th February 2013 20th & 21st March 2013
14th & 15th November 2012
Copthorne Tara Hotel Copthorne Tara Hotel
Copthorne Tara Hotel
London, UK London, UK
London, UK
SPONSORSHIP AND EXHIBITION OPPORTUNITIES
SMi offer sponsorship, exhibition, advertising and branding packages, uniquely tailored to complement your company’s marketing
strategy. Should you wish to join the increasing number of companies benefiting from promoting their businesses at our
conferences please call: Jules Omura on +44 (0) 20 7827 6018 or email: jomura@smi-online.co.uk
5. OIL AND GAS CYBER SECURITY
Conference: Wednesday 14th and Thursday 15th November 2012, Copthorne Tara Hotel, London, UK Workshop: Tuesday 13th November 2012, London, UK
4 WAYS TO REGISTER
www.smi-online.co.uk/2012cyber-security.asp
FAX your booking form to +44 (0) 870 9090 712 POST your booking form to: Events Team, SMi Group Ltd, 2nd Floor South,
PHONE on +44 (0) 870 9090 711 Harling House, 47-51 Great Suffolk Street, London, SE1 0BS, UK
EARLY BIRD □ Book by 20th July 2012 to receive a £300 off the conference price
DISCOUNT □ Book by 28th September 2012 to receive a £100 off the conference price
CONFERENCE PRICES
I would like to attend: (Please tick as appropriate) Fee Total
□ Conference & Workshop £2098.00 + VAT £2517.60
□ Conference only £1499.00 + VAT £1798.80
□ Workshop only £599.00 + VAT £718.80
Unique Reference Number
PROMOTIONAL LITERATURE DISTRIBUTION
Our Reference LVE-023
□ Distribution of your company’s promotional
literature to all conference attendees £999.00 + VAT £1198.80
DELEGATE DETAILS
Please complete fully and clearly in capital letters. Please photocopy for additional delegates. GROUP DISCOUNTS AVAILABLE
Title: Forename:
Surname: The conference fee includes refreshments, lunch, conference papers and access
to the Document Portal containing all of the presentations.
Job Title:
Department/Division:
Company/Organisation: VENUE Copthorne Tara Hotel, Scarsdale Place, Kensington, London W8 5SR
Email: □ Please contact me to book my hotel
Company VAT Number: Alternatively call us on +44 (0) 870 9090 711,
Address:
email: hotels@smi-online.co.uk or fax +44 (0) 870 9090 712
Town/City:
DOCUMENTATION
Post/Zip Code: Country: I cannot attend but would like to purchase access to the following Document
Direct Tel: Direct Fax: Portal/paper copy documentation Price Total
□ Access to the conference documentation
Mobile:
on the Document Portal £499.00 + VAT £598.80
Switchboard: □ The Conference Presentations – paper copy £499.00 - £499.00
(or only £300 if ordered with the Document Portal)
Signature: Date:
I agree to be bound by SMi's Terms and Conditions of Booking.
ACCOUNTS DEPT PAYMENT
Title: Forename: Payment must be made to SMi Group Ltd, and received before the event, by one of the
Surname: following methods quoting reference E-023 and the delegate’s name. Bookings made within
7 days of the event require payment on booking, methods of payment are below. Please
Email: indicate method of payment:
Address (if different from above):
□ UK BACS Sort Code 300009, Account 00936418
□ Wire Transfer Lloyds TSB Bank plc, 39 Threadneedle Street, London, EC2R 8AU
Swift (BIC): LOYDGB21013, Account 00936418
Town/City: IBAN GB48 LOYD 3000 0900 9364 18
□ Cheque We can only accept Sterling cheques drawn on a UK bank.
Post/Zip Code: Country: □ Credit Card □ Visa □ MasterCard □ American Express
Direct Tel: Direct Fax: All credit card payments will be subject to standard credit card charges.
Card No: □□□□ □□□□ □□□□ □□□□
Terms and Conditions of Booking Valid From □□/□□ Expiry Date □□/□□
CVV Number □□□□ 3 digit security on reverse of card, 4 digits for AMEX card
Payment: If payment is not made at the time of booking, then an invoice will be issued and must be
paid immediately and prior to the start of the event. If payment has not been received then credit card
details will be requested and payment taken before entry to the event. Bookings within 7 days of
event require payment on booking. Access to the Document Portal will not be given until payment
has been received.
Cardholder’s Name:
Substitutions/Name Changes: If you are unable to attend you may nominate, in writing, another
delegate to take your place at any time prior to the start of the event. Two or more delegates may
not ‘share’ a place at an event. Please make separate bookings for each delegate. Signature: Date:
Cancellation: If you wish to cancel your attendance at an event and you are unable to send a I agree to be bound by SMi's Terms and Conditions of Booking.
substitute, then we will refund/credit 50% of the due fee less a £50 administration charge,
providing that cancellation is made in writing and received at least 28 days prior to the start of the Card Billing Address (If different from above):
event. Regretfully cancellation after this time cannot be accepted. We will however provide the
conferences documentation via the Document Portal to any delegate who has paid but is unable to
attend for any reason. Due to the interactive nature of the Briefings we are not normally able to
provide documentation in these circumstances. We cannot accept cancellations of orders placed
for Documentation or the Document Portal as these are reproduced specifically to order. If we have
to cancel the event for any reason, then we will make a full refund immediately, but disclaim any
further liability.
Alterations: It may become necessary for us to make alterations to the content, speakers, timing,
venue or date of the event compared to the advertised programme.
Data Protection: The SMi Group gathers personal data in accordance with the UK Data Protection
Act 1998 and we may use this to contact you by telephone, fax, post or email to tell you about other
VAT
products and services. Unless you tick here □ we may also share your data with third parties VAT at 20% is charged on the attendance fees for all delegates. VAT is also charged on Document
offering complementary products or services. If you have any queries or want to update any of the
data that we hold then please contact our Database Manager databasemanager@smi-online.co.uk Portal and Literature Distribution for all UK customers and for those EU customers not supplying
or visit our website www.smi-online.co.uk/updates quoting the URN as detailed above your
address on the attached letter. a registration number for their own country here: ______________________________________
If you have any further queries please call the Events Team on tel +44 (0) 870 9090 711 or you can email them at events@smi-online.co.uk