The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The Summit is organised by DIGIT, with support from ScotlandIS, Police Scotland, SBRC, The Cyber Academy and ISACA. The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
In May 2018, the European Union’s General Data Protection Regulation (GDPR) will take effect. Companies that do not comply might be fined 20M or 4% of the annual global turnover whichever is greater. Despite the evident threat, GDPR is also a huge opportunity to rethink how your business works and to turn that threat into an opportunity. GRAKN.AI – a knowledge base – provides all you need to turn the centralized record of users that GDPR is asking companies to create and use it to provide value to your users. Adding them to the knowledge base as well as your content or product opens many new perspectives.
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. GDPR is a hugely important piece of legislation designed to replace antiquated data protection rules with a new framework which accounts for recent technological advancements.
Fundamentally, GDPR is about protecting people: in this digital age, our world is awash with data and individuals are generating a continuous flow of personal information. This data can hold huge socio-economic value, from individual preference and personalisation, to understanding national health trends and global business insights. But while the digital age has brought forth huge possibilities and benefits, it also carries inherent dangers.
Some of the most powerful companies in the world have established a business model predicated on the basis of data capture. Increasingly, services like email, search and social media have become available free of charge, but this often involves a trade-off where user access comes at the cost of relinquishing control of data. As the value of this information has become clear, there has been growing recognition that a new framework is needed to police this delicate balance and restore ownership and control.
GDPR will significantly raise the bar of obligation and accountability, ensuring that all organisations which handle personal data adhere to strict regulations around privacy, security and consent. This conference will contextualise the changing regulatory landscape, explain the significance of incoming rules, and define the key areas that organisations need to be aware of.
Core conference topics include:
Key legal issues and obligations
Privacy Impact Assessments
Data security and breach notification
Privacy by design
DPO requirements
Practical strategy implementation
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
In May 2018, the European Union’s General Data Protection Regulation (GDPR) will take effect. Companies that do not comply might be fined 20M or 4% of the annual global turnover whichever is greater. Despite the evident threat, GDPR is also a huge opportunity to rethink how your business works and to turn that threat into an opportunity. GRAKN.AI – a knowledge base – provides all you need to turn the centralized record of users that GDPR is asking companies to create and use it to provide value to your users. Adding them to the knowledge base as well as your content or product opens many new perspectives.
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. GDPR is a hugely important piece of legislation designed to replace antiquated data protection rules with a new framework which accounts for recent technological advancements.
Fundamentally, GDPR is about protecting people: in this digital age, our world is awash with data and individuals are generating a continuous flow of personal information. This data can hold huge socio-economic value, from individual preference and personalisation, to understanding national health trends and global business insights. But while the digital age has brought forth huge possibilities and benefits, it also carries inherent dangers.
Some of the most powerful companies in the world have established a business model predicated on the basis of data capture. Increasingly, services like email, search and social media have become available free of charge, but this often involves a trade-off where user access comes at the cost of relinquishing control of data. As the value of this information has become clear, there has been growing recognition that a new framework is needed to police this delicate balance and restore ownership and control.
GDPR will significantly raise the bar of obligation and accountability, ensuring that all organisations which handle personal data adhere to strict regulations around privacy, security and consent. This conference will contextualise the changing regulatory landscape, explain the significance of incoming rules, and define the key areas that organisations need to be aware of.
Core conference topics include:
Key legal issues and obligations
Privacy Impact Assessments
Data security and breach notification
Privacy by design
DPO requirements
Practical strategy implementation
D2 d turning information into a competive asset - 23 jan 2014Henk van Roekel
Understanding the evolution of Business Intelligence and Analytics and the challenges and opportunities that come with it. Exploring CGI's Data2Diamonds™ approach ensuring financial sound, technical viable and socially desirable Big Data initiatives.
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
To do effective data governance, analysts should preview the amount of data their organization is collecting and consider if it is all necessary information to run the business or just “nice to have” data. Today companies are collecting a variety of Personally identifiable information (PII), combining it with location information, and using it to both personalize their own services and to sell to advertisers for behavioral marketing. Data brokers are tracking cell phone applications and insurance companies are installing devices to monitor driving habits. At the same time, however, hackers are embedding malicious software in company computers, opening a virtual door for criminals to rifle through an organization’s valuable personal and financial information.
This presentation explores:
•What company data should be tagged as “sensitive” data?
•Who within the company has access to personal data?
•Is the company breaking any privacy laws by storing PII data?
•Is the data secure from both internal and external hackers?
•What happens if there is an external data breech?
General Data Protection Regulation (GDPR) Complianceaccenture
Whether you are at the beginning of your journey, or are already mid-way through, this document presents the key GDPR themes, priority areas, and business opportunities, which we feel are important considerations for any GDPR programme.
Presented by Reto Cavegn at the 4th meeting: We would like to present IBM's view on BigData, what the market is requiring, and what products and strategies are evolved out of this requirements. Futher, we will present some reference projects to show, on what use cases customers are working today and what challanges our customers try to solve with BigData. Let me round up with some challenges and lessons we have learned.
Over 40% of UK businesses experienced a cyber security breach or attack in the last 12 months, according to a new report from the Department for Digital, Culture, Media and Sport. The Cyber Security Breaches Survey 2018’s finding was that three quarters of businesses have now made cyber security a high priority for their senior management.
However, only 27% actually have formal cyber security policies in place and just 30% have board members or trustees with responsibility for cyber security. Breaches were more often identified among the organisations that hold personal data, where staff use personal devices for work or that use cloud computing. More worryingly, one in five businesses admitted to never updating their senior managers on cyber security issues.
All businesses are targets for hackers, no matter what their size or sector. Attacks are becoming more sophisticated and don’t even always come from humans but instead from hacker-created bots which are programmed to continually evolve new algorithms in order to identify potential areas of attack.
Technology and the ways in which businesses communicate and transact will continue to expand in 2019. Predicated trends are extensive though worth mentioning include the increased take up of single password log-ins, allowing employees to access all their authorised systems, increased reliance on cloud storage especially for customer data, the arrival of 5G supporting new technology and flexible working, ever more sophisticated AI including chat bots and workflow applications, 24/7 customer multi-platform expectations and many more.
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Mohanbir Sawhney, Robert R. McCormick Tribune Foundation Clinical Professor of Technology Kellogg School of Management, Northwestern University presents at the 2012 Big Analytics Roadshow.
Companies are drinking from a fire hydrant of data that is too big, moving too fast and is too diverse to be analyzed by conventional database systems. Big Data is like a giant gold mine with large quantities of ore that is difficult to extract. To get value out of Big Data, enterprises need a new mindset and a new set of tools. They also need to know how to extract actionable insights from Big Data that can lead to competitive advantage. The Big Story of Big Data is not what Big Data is, but what it means for business value and competitive advantage.... read more: http://www.biganalytics2012.com/sessions.html#mohan_sawhney
Presented to students and faculty at Michigan State University as a guest lecturer on private blockchains being used in government and industry for Management 491.
Cyber attacks have been hitting the headlines for years; but in spite of the risks, the reputational damage and the rising cost of fines, there is still an endless stream of businesses being exposed for security failings.
The scale of the problem is vast: Accenture’s recent 2016 Global Security Report highlighted “an astounding level of breaches” with the organisations surveyed facing more than 80 targeted attacks every year, of which a third were successful. Much has been made of the evolving threat landscape and increasing sophistication of attacks. But whilst there is evidence to support the growing complexity of the challenge, all too often the analysis of these high-profile attacks determines basic, foundational security principles were ignored.
Some commentators argue that the persistence of failings is a direct reflection of organisational priorities, and that while businesses may talk a good game, security is not yet given the attention that it requires at board level. This leaves CISOs and IT leaders fighting a losing battle to secure adequate attention and investment for an area of the business which does not generate revenue.
This conference will look at raising security standards across the business, exploring some of the most persistent problems from IT infrastructure to staff engagement. Amidst a backdrop of perpetual media hysteria, turbulent markets and looming regulatory change, it can prove difficult to establish a coherent picture of the threat, never mind what action to take. The conference will help contextualise the challenging landscape and discuss how to deliver meaningful improvements and end to end organisational resilience.
D2 d turning information into a competive asset - 23 jan 2014Henk van Roekel
Understanding the evolution of Business Intelligence and Analytics and the challenges and opportunities that come with it. Exploring CGI's Data2Diamonds™ approach ensuring financial sound, technical viable and socially desirable Big Data initiatives.
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
To do effective data governance, analysts should preview the amount of data their organization is collecting and consider if it is all necessary information to run the business or just “nice to have” data. Today companies are collecting a variety of Personally identifiable information (PII), combining it with location information, and using it to both personalize their own services and to sell to advertisers for behavioral marketing. Data brokers are tracking cell phone applications and insurance companies are installing devices to monitor driving habits. At the same time, however, hackers are embedding malicious software in company computers, opening a virtual door for criminals to rifle through an organization’s valuable personal and financial information.
This presentation explores:
•What company data should be tagged as “sensitive” data?
•Who within the company has access to personal data?
•Is the company breaking any privacy laws by storing PII data?
•Is the data secure from both internal and external hackers?
•What happens if there is an external data breech?
General Data Protection Regulation (GDPR) Complianceaccenture
Whether you are at the beginning of your journey, or are already mid-way through, this document presents the key GDPR themes, priority areas, and business opportunities, which we feel are important considerations for any GDPR programme.
Presented by Reto Cavegn at the 4th meeting: We would like to present IBM's view on BigData, what the market is requiring, and what products and strategies are evolved out of this requirements. Futher, we will present some reference projects to show, on what use cases customers are working today and what challanges our customers try to solve with BigData. Let me round up with some challenges and lessons we have learned.
Over 40% of UK businesses experienced a cyber security breach or attack in the last 12 months, according to a new report from the Department for Digital, Culture, Media and Sport. The Cyber Security Breaches Survey 2018’s finding was that three quarters of businesses have now made cyber security a high priority for their senior management.
However, only 27% actually have formal cyber security policies in place and just 30% have board members or trustees with responsibility for cyber security. Breaches were more often identified among the organisations that hold personal data, where staff use personal devices for work or that use cloud computing. More worryingly, one in five businesses admitted to never updating their senior managers on cyber security issues.
All businesses are targets for hackers, no matter what their size or sector. Attacks are becoming more sophisticated and don’t even always come from humans but instead from hacker-created bots which are programmed to continually evolve new algorithms in order to identify potential areas of attack.
Technology and the ways in which businesses communicate and transact will continue to expand in 2019. Predicated trends are extensive though worth mentioning include the increased take up of single password log-ins, allowing employees to access all their authorised systems, increased reliance on cloud storage especially for customer data, the arrival of 5G supporting new technology and flexible working, ever more sophisticated AI including chat bots and workflow applications, 24/7 customer multi-platform expectations and many more.
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Mohanbir Sawhney, Robert R. McCormick Tribune Foundation Clinical Professor of Technology Kellogg School of Management, Northwestern University presents at the 2012 Big Analytics Roadshow.
Companies are drinking from a fire hydrant of data that is too big, moving too fast and is too diverse to be analyzed by conventional database systems. Big Data is like a giant gold mine with large quantities of ore that is difficult to extract. To get value out of Big Data, enterprises need a new mindset and a new set of tools. They also need to know how to extract actionable insights from Big Data that can lead to competitive advantage. The Big Story of Big Data is not what Big Data is, but what it means for business value and competitive advantage.... read more: http://www.biganalytics2012.com/sessions.html#mohan_sawhney
Presented to students and faculty at Michigan State University as a guest lecturer on private blockchains being used in government and industry for Management 491.
Cyber attacks have been hitting the headlines for years; but in spite of the risks, the reputational damage and the rising cost of fines, there is still an endless stream of businesses being exposed for security failings.
The scale of the problem is vast: Accenture’s recent 2016 Global Security Report highlighted “an astounding level of breaches” with the organisations surveyed facing more than 80 targeted attacks every year, of which a third were successful. Much has been made of the evolving threat landscape and increasing sophistication of attacks. But whilst there is evidence to support the growing complexity of the challenge, all too often the analysis of these high-profile attacks determines basic, foundational security principles were ignored.
Some commentators argue that the persistence of failings is a direct reflection of organisational priorities, and that while businesses may talk a good game, security is not yet given the attention that it requires at board level. This leaves CISOs and IT leaders fighting a losing battle to secure adequate attention and investment for an area of the business which does not generate revenue.
This conference will look at raising security standards across the business, exploring some of the most persistent problems from IT infrastructure to staff engagement. Amidst a backdrop of perpetual media hysteria, turbulent markets and looming regulatory change, it can prove difficult to establish a coherent picture of the threat, never mind what action to take. The conference will help contextualise the challenging landscape and discuss how to deliver meaningful improvements and end to end organisational resilience.
Superfast Business Partner Preview Event - Peninsula Enterprise launched the Superfast Business service in Devon and Somerset May 2013. This presentation is for partners who attended either of the preview events in April. The presentation was given by Cosmic’s Business and Operations Director, Kate Doodson and gives an insight into the future of IT and use of digital technology inside businesses.
Hacking Portugal and making it a global player in Software development
As technology and software becomes more and more important to Portuguese society it is time to take it seriously and really become a player in that world.
Application Security can act as an enabler, due to its focus on how code/apps actually work, and its enormous drive on secure-coding, testing, dev-ops and quality.
This presentation will provide a number of paths for making
Portugal a place where programming, TDD, Open Source, learning how to code, hacking and DevOps are first class citizens.
Reputation in Oil, Gas and Mining 2014: Communicating on corporate ethicsCommunicate Magazine
Michelle Witton, compliance officer, ENRC
The relationship between communications and compliance is crucial to communicating key messages to both internal and external stakeholders regarding the company’s code of conduct and corporate values. Michelle Witton, compliance lawyer at the Eurasian Natural Resources Corporation explores the importance of the relationship between communications and compliance. In this session she shares her first-hand experience working on Anglo American’s anti-corruption programme.
Cyber Security and the Impact on your BusinessLucy Denver
With cyber scams costing UK businesses an estimated £4.14bn* in lost data, reputational damage and online theft every year, Cyber Security is rapidly climbing the priority list of directors across the UK. This presentation will help you to:
- spot the most common cyber attacks, defend your business and protect your critical data if the worst does happen;
- understand the impact of GDPR on your business and how to protect yourself against expensive data losses.
This session is sponsored by Fortinet.
Chair: Frances Burton, security services group manager, Jisc.
Cybersecurity has long been an area of activity for those responsible for providing, protecting and supporting digital services in research and education, but recent events have focused public and media attention on the scale of the threat.
Our security thread at this year’s conference is picking up on some of these themes and we have sessions covering a number of cybersecurity areas. There will be presentations on organisation experiences of email phishing and the results of our RPZ trial. Accreditation of services is being requested more often by project funders and will have a case study presentation on experience of obtaining ISO27001.
Running order of talks:
11:30-11:55 - RPZ trial
Speaker: Peter Dorey, Spamhaus
11:55-12:20 - Addressing the skills shortage in cybersecurity
Speaker: Debbie Tunstall, Cyber Security Challenge.
12:20-12:45 - Institutional issues with Bitcoin
Speaker: Jethro Perkins, London School of Economics and Political Science (LSE).
The Summit will consider the role of leadership within the technology domain. Amidst a backdrop of uncertainty and disruption, the conference will discuss how you can help your organisation navigate change, overcome problems and accelerate innovation.
The programme will feature insights from an impressive array of technologists, founders, researchers and transformation specialists; contextualising the biggest challenges facing the industry and sharing practical advice, guidance and best-practice on how you can maximise your impact within your team.
Now in its seventh year, the Summit has established itself as the largest annual leadership event for Scotland’s Technology community, and an invaluable forum for knowledge exchange, discussion and high-level networking.
Core themes:
Trends: Digitalisation, agility, disruption and hybrid teams
Evolution: The changing nature of technology as a discipline
Leadership: Strategy, empowerment, communication, motivation and empathy
Culture: Creating a culture of inclusion, innovation and exploration
Impact: Technology as a driver of growth, innovation and improvement
The North of Scotland is in the midst of a full-scale transformation. Building on a well-established reputation as a global energy hub, the North is fast becoming a key destination for emerging innovation across an increasing range of sectors.
The DIGIT North Summit is designed to bring IT and Digital leaders together and drive practical innovation through shared learning. The event will facilitate cross pollination between key industries, from traditional sectors like Oil & Gas and Agriculture to high-growth fields like: Life Sciences, Biotech, Gaming, Fintech and Space.
The programme will contextualise the key emerging technologies and industry disruptors, and consider the vital role that IT and Digital leaders will play in ensuring organisations can thrive amid a backdrop of market change and economic volatility.
Organisations are changing, the rapid pace of the digital world has necessitated a fundamental shift in mindset. Digital has disintermediated markets; disrupted organisational structures, created new risks and new revenue streams and fundamentally altered the way businesses engage with their customer.
The most influential companies of our age share a common ability to understand two things effectively: people and technology. In these turbulent times, success is increasingly defined by the ability to respond to the fast-changing landscape, and exceed the expectations of the people we serve.
DT 2021 will contextualise the key technology trends and industry disruption amidst a backdrop of significant socio-economic upheaval. The event will also consider the role of IT and Digital leaders in driving positive transformation, exploring how we can help support operations, drive innovation, overcome challenges, and deliver tangible business benefits.
Core themes:
• Landscape: Uncertainty, Recovery, Sustainability, Remote Teams
• Process: Strategy, Structure, Optimisation, Agile, DevOps
• Design: Customer Centricity, UX, Functionality, Simplification
• Technology: Remote Tools, Data Analytics, AI, ML, RPA, Cloud
• People: Culture, Collaboration, Leadership, Diversity, Empowerment
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May 2018 it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 18 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
SCOTLAND’S MUST-ATTEND IT & DIGITAL EVENT
The expo is the largest annual enterprise technology event run in Scotland, and a must-attend for senior technologists, digital innovators and IT leaders.
SCOTLAND’S LARGEST VENDOR SHOWCASE
DIGITExpo hosts Scotland’s largest exhibition of technology and solution providers, spanning: Cyber Security, Networking, Infrastructure, Cloud, Data & Analytics, Managed IT Services, Telecoms, Connectivity and much more.
TOP SPEAKERS AND INDUSTRY INSIGHT
Keynote and seminar theatres will host leading thinkers and innovators from some of the best known companies in the world. 2018 speakers include: Google, Twitter, Mclaren, RSB, Hill & Knowlton, CYBG, IBM, EasyJet and AmTrust.
SCOTLAND’S MUST-ATTEND IT & DIGITAL EVENT
The expo is the largest annual enterprise technology event run in Scotland, and a must-attend for senior technologists, digital innovators and IT leaders.
SCOTLAND’S LARGEST VENDOR SHOWCASE
DIGITExpo hosts Scotland’s largest exhibition of technology and solution providers, spanning: Cyber Security, Networking, Infrastructure, Cloud, Data & Analytics, Managed IT Services, Telecoms, Connectivity and much more.
TOP SPEAKERS AND INDUSTRY INSIGHT
Keynote and seminar theatres will host leading thinkers and innovators from some of the best known companies in the world. 2018 speakers included: Google, Twitter, Mclaren, RSB, Hill & Knowlton, CYBG, IBM, EasyJet and AmTrust.
Emerging technology is having a profound impact on the Financial Services sector; from mobile payments, APIs and Open Platforms to Machine Learning, Robo Investment and AI Chatbots.
The Summit will explore technological innovation across the financial services sector, from developments in established institutions to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
The modern enterprise is becoming an increasingly automated environment: technological advancements in AI, Machine Learning and RPA are allowing organisations to strip out layers of inefficiency, optimise process and enhance productivity. Right across the enterprise, operations are changing in line with new automation tools, from low-level administrative tasks to self-regulating Industrial IoT systems and customer service chatbots.
This conference will contextualise the role of intelligent automation within the enterprise, looking at how the increasing sophistication of AI, RPA and IoT technologies are transforming operations. The conference is geared towards senior IT and digital leaders, providing an insightful peer-led environment and a crucial forum for knowledge exchange, engagement and high-level networking
As technology has evolved IT has transitioned from a background support function to a core driver of value creation and competitive edge. This shift has placed senior technologists at the heart of the organisation where they are increasingly critical to decision making, strategy and leadership.
The DIGIT Leader Summit will explore the evolution of the IT & Digital profession, considering the key technology and business trends and the profound impact they are having on the role. The programme will also examine the crucial components of leadership, looking at culture; team building, upskilling and communication.
The Summit is geared for senior IT & Digital leaders, and designed to provide an opportune forum for practitioners to share their experiences, learn from their peers and discuss best-practice approaches to leadership.
Core topics
Trends: Key technology trends and business trends
IT Evolution: How the IT and Digital role is changing and evolving
Leadership: Empowering, engaging, motivating and inspiring teams
Culture: Creating a culture of inclusion, innovation and exploration
Impact: Technology as a driver of innovation, improvement and problem solving
IT Management: Investment, ITAM, cost control, vendor management
The Conference
The Energy sector is changing: the challenging economic landscape has forced businesses to scrutinise their operations in pursuit of greater productivity and asset efficiency. Meanwhile, the market is growing increasingly diverse as renewables mature and new entrants emerge.
Against this backdrop, digital is becoming increasingly pervasive as companies turn to technology to modernise processes and deliver competitive advantage; from remote monitoring and automation, to data analytics, Machine Learning, asset visualisation and HPC.
Now in its 6th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brings together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme will explore the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
Core Themes
Landscape: maximising economic recovery and cross industry collaboration
IT & Digital as a driver of efficiency, business improvement and problem solving
Analytics, data-driven decision making and business intelligence
Asset visibility: performance, conditioning, remote monitoring
Digitising processes and innovating on top of legacy systems
Emerging technologies, AI, IoT, Robotics, Drones, Blockchain
Infrastructure: SCADA, Cloud, hybrid architecture, managed services
Cyber Security, information governance, GDPR
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
Business is changing: digital technology has permeated every facet of the enterprise, completely transforming the way we work. Digital has disintermediated markets, disrupted organisational structures, created new risks and new revenue streams, while fundamentally altering the way businesses engage with their customer.
There is no coincidence that the most influential companies of our age share a common ability to harness technology effectively. In these exciting and turbulent times, success is increasingly defined by the ability to respond to the fast changing digital landscape, it has become a key distinguisher between growth and obscurity.
DT 2019 contextualised key digital trends and explored the underlying process of organisational change. The conference was geared towards senior technologists and digital leaders, providing an insightful peer-led environment and a crucial forum for knowledge exchange, discussion and high-level networking.
This is the largest annual Digital Transformation conference held in Scotland - with over 300 attendees in 2018. The event is supported by ScotlandIS and is free for qualifying delegates to attend.
The conference will contextualise the changing regulatory landscape, considering the business impact of the GDPR and DPA (2018) and how it is changing policy and process in practice.
When GDPR came into force in May it significantly raised the bar of obligation and accountability, ensuring that all organisations who handle personal data adhere to strict regulations around privacy, security and consent. 6 months on from implementation, the conference will consider how data protection procedure has moved on, with insight from frontline practitioners reflecting on how practices within their organisation have changed.
The event will also provide an update from the regulator; exploring regulatory action policy, decision making for fines and penalties, and clarifying some of the most prominent areas of misconception and non-compliance.
Core conference topics include:
• Key legal issues and obligations
• Data security and encryption
• Privacy Impact Assessments
• Databases, data mapping and classification
• Privacy by design
• Practical strategy implementation
Technology is completely changing the face of financial services, driving disruption, displacement and disintermediation within the sector. This has lowered the barriers to entry, opened the door to new market entrants and created fertile ground for innovation and growth.
These market disruptions have also forged new alliances between start-ups and incumbents, blurring the lines of distinction between finance and technology and creating a wave of cross-sector collaboration.
Fintech 2018 will explore technological innovation across the financial services sector, from developments in established tier-1 firms to the disruptive innovators within the start-up community that are reshaping the FS market.
Core conference topics will include:
• Landscape: Trends, Culture, Trust, Transparency, Geo-political Climate
• Regulation: GDPR, MiFID II, PSD2, Open Banking, APIs
• Customer Strategy: Engagement, UX, Data Insight, Marketing & ML
• Emerging Tech: Blockchain, Analytics, AI, Payments, Automation
• National Strategy: Skills, Funding, Collaboration, Cyber Security
• Infrastructure: IT, Digital, Cloud, Mobile, XaaS
This conference will contextualise the evolution of IT, examining the changing role of technology within the business and the inherent implications for IT personnel. The event is geared for senior IT, business and finance leaders, providing a unique forum for knowledge exchange, discussion and high-level networking.
Core topics
• IT Evolution: the changing role of IT within the business
• Leadership: strategy, culture and collaboration
• XaaS: the shift from asset to service-based consumption
• ITAM: IT Asset Management and procurement
• Managed Services: vendor management and Service Level Agreements
• Governance: information security, GDPR and data protection
• DevOps: Agile process, faster delivery, greater collaboration
Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.
Big Data & Analytics continues to redefine business. Data has transitioned from an underused asset to the lifeblood of the organisation, and a critical component of business intelligence, insight and strategy.
Big Data Scotland is the largest annual data analytics conference held in Scotland: it is supported by ScotlandIS and The Data Lab and free for delegates to attend. The conference is geared towards senior technologists and business leaders and aims to provide a unique forum for knowledge exchange, discussion and cross-pollination.
The programme will explore the evolution of data analytics; looking at key tools and techniques and how these can be applied to deliver practical insight and value. Presentations will span a wide array of topics from Data Wrangling and Visualisation to AI, Chatbots and Industry 4.0.
Key Topics
• Tools and techniques
• Corporate data culture, business processes, digital transformation
• Business intelligence, trends, decision making
• AI, Real-time Analytics, IoT, Industry 4.0, Robotics
• Security, regulation, privacy, consent, anonymization
• Data visualisation, interpretation and communication
• CRM and Personalisation
Service Managers strive to continually deliver better services but the day to day job can mean that they don't have the opportunity to keep up with the latest developments in technology and best practice thinking. Customer journey management, Smart advisors and chatbots, Team collaboration, Robotic Process Automation, Artificial intelligence, Multichannel digital experiences, Pervasive Technologies, Resource Scheduling, Swarming, BRM, DevOps, VeriSM, ITOM, SIAM ... What will give them an advantage?
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
5. OFFICIAL: NONE
OFFICIAL: NONE
Agenda
1. Police Scotland's role
2. A more resilient Scotland
3. Challenges & Threats
4. Cybercrime Capability Programme
5. Incident Planning & Response
6. Collaboration
6. OFFICIAL: NONE
OFFICIAL: NONE
Cybercrime – it’s our job
Police & Fire Reform (Scotland) Act 2012
• To prevent & detect crime
• To maintain order
• To protect life & property
• To take such lawful measures, and make such reports to the appropriate
prosecutor, as may be needed to bring offenders with all due speed to
justice
• Where required to serve and execute a warrant, citation or deliverance
issued, or process duly endorsed, by a Lord Commissioner of Justiciary,
sheriff, justice of the peace or stipendiary magistrate in relation to
criminal proceedings
and
• To attend court to give evidence
9. OFFICIAL: NONE
OFFICIAL: NONE
So what are the challenges/threats?
• Global, international, industrial & automated
• Jurisdictional reach
• Increased criminal opportunities
• Anyone can be (or hire) a cyber criminal!
• Lack of clear & concise statistical data
• Underreporting
• Technological advances provide opportunities but does
increase the threat of cybercrime - The ‘Internet of Things’
• Social media as an attack vector
• Data Analytics
• Disaster Recovery & Business Continuity
13. OFFICIAL: NONE
OFFICIAL: NONE
OFFICIAL: NONE
OFFICIAL: NONE
• Feezan Hameed
• £60 - £113 million Frauds
• Vishing / Social engineering of Banking
customers.
• Data acquired including account
details/passwords.
• Money transferred online – mule
account networks.
• UK wide investigation
• Numerous UK Law Enforcement
agencies.
• Arrested in Paris on false passport
• Convicted and sentenced to 11 years
imprisonment
21. OFFICIAL: NONE
OFFICIAL: NONE
Digital
Transformation:
• A key challenge for Police Scotland
• Pace of change will increase and
accelerate
– Empowering our staff to be agile and
innovative.
– Ensuring our staff are informed and
appropriately trained.
• How to win public and political
confidence – values endure
– Ethics, Proportionality, Transparency
Our ability to respond to technology determines
capabilities which determines effectiveness and
improves delivery and service!!
22. OFFICIAL: NONE
OFFICIAL: NONE
CyberCrime Capability Programme Vision
Our People are equipped with the knowledge
and capability and our infrastructure
designed to deliver an excellent service to all
our communities in support of digital,
technological and cyber advances.
23. OFFICIAL: NONE
OFFICIAL: NONE
What we will do ……
Digital
Knowledge
and Skills
Digital
Investigative,
Intelligence and
Analytical
Capacity and
Capability
Digital Safety
Prevention and
Resilience
Digital Forensic
Services
Enhanced Management
Information and Threat
Assessment to augment
effective decision making within
PSOS by providing an improved
intelligence and analytical
capability, current demand
analysis and opportunities to
exploit the criminal digital
footprint
Improved
safety/prevention/resilience
service to all Scottish
communities to support
victims and potential victims
of CyberCrime. PSOS will be a
Public Sector Cyber Catalyst in
proactively communicating the
Scottish Government Cyber
Resilience message
Digital and technological
investigative capability will
be enhanced by delivering a
workforce with the skills &
knowledge to ensure that
we are appropriately
equipped to provide
investigative services when
tackling any crime with a
digital, technological or
CyberCrime facet
Improved quality of digital
forensic services as a result
of investing in the capability
and capacity required to
keep pace with digital,
technological and
CyberCrime advances
24. OFFICIAL: NONE
OFFICIAL: NONE
The story so far….
• Forensic Telephony Extractions - Kiosks
• Data Exploitation - Nuix
• Integration - Digital Forensic Hubs
• Increase in specialist Cyber resources
• Established Cybercrime Safety,
Prevention & Resilience Unit
• Technical Surveillance for the
21st Century – TS21C
25. SBRC CYBER EXPERT
GROUP
TRUSTED
PARTNERS
SCOTTISH CRIME
CAMPUS CYBER HUB
NATIONAL
CYBER AWARDS
ETHICAL HACKING
COMMS SERVICES
ACCREDITING
PRACTITIONERS
8 MEMBERSHIP
GROUPS
ABERTAY UNIVERSITY
CYBER QUARTER
PUBLIC
AWARENESS
INIIATIVES
SCOTLAND’S
CYBER ECO SYSTEM
UK GOVERNMENT
CYBER STRATEGY
SCOTTISH GOVERNMENT CYBER
RESILIENCE STRATEGY
POLICE SCOTLAND STRATEGIC PLANS
SCOTTISH CYBER HUB
EDUCATION
PROSPERITYANDSAFETY
ENFORCEMENT
PREVENTION
UK GOV
(ENGLAND
& WALES)
& OTHER LEA
INDUSTR
Y
&
OTHER
SECTORS
SCOTTISH
GOV
COSLA
SOLAS
SG CYBER
LEADERS BOARD
SCOTTISH GOVERNMENT
CYBER RESILIENCE TEAM
SCOTTISH GOVT
RESILIENCE ROOM
SGoRR
SCOTTISH
ENTERPRISE
HIGHLANDS
AND ISLANDS
SKILLS DEVELOPMENT
SCOTLAND
HMICS
SKILLS
COMMITTEE
COMMS
COMMITTEE
RESEARCH &
INNOVATION
COMMITTEE
PUBLIC SECTOR
COMMITTEE
BUSINESS
COMMITTEE
(HMIC)
HER MAJESTY’S INSPECTORATE
OF CONSTABULARY
ACTION FRAUD CISP
NATIONAL CYBERCRIME UNIT
CITY OF
LONDON POLICE
NATIONAL BUSINESS
CRIME CENTRE
NATIONAL CYBER
SECURITY CENTRE (NCSC)
NATIONAL POLICE
CHIEF’S COUNCIL NPCC
FBI
UK ROCU’s
INVESTIGATIONS & PROTECT
POLICE
SCOTLAND
PS TRAINING,
LEARNING
& DEVELOPMENT
NATIONAL INTELLIGENCE
BUREAU
COVERT INTERNET
INVESTIGATIONS
MAJOR CRIME
DIGITAL MEDIA
INVESTIGATION
INTELLIGENCE SUPPORT,
DEVELOPMENT & ANALYTICS
PUBLIC PROTECTION
C3 ACR
LOCAL CRIME &
LOCAL POLICING
SAFER COMMUNITIES
PROTECT OFFICERS &
WEB CONSTABLES
OCCTU – TSU, SOU
CTSA, CT & PREVENT
POLICE SCOTLAND
NATIONAL CYBER
CRIME UNIT & FORENSICS
2026, DEPP, CAM &
TRANSFORMATION
PROJECTS
SCOTTISH SECURITY
INSTITUTE
ACADEMIA
NAPIER UNIVERSITY
SCOTTISH CENTRE
FOR POLICING RESEARCH
APPRENTICESHIPS
GRADUATE SKILLS
AND RECRUITMENT
GLASGOW
CALEDONIAN
UNIVERSITY COURSE
DEVELOPMENT
DEPT OF FORENSIC SCIENCE
DUNDEE UNIVERSITY
UNIVERSITY OF EDINBURGH
ABERTAY UNIVERSITY
SCOTTISH INFORMATICS AND
COMPUTER SCIENCE ALLIANCE
FINTECH &
FINANCIAL SERVICES
FSB
SIDI
TRADE ASSOCIATIONS
CYBER SECURITY
INDUSTRY
DEFENCE
OIL & GAS
SCOTLAND IS
3RD SECTOR
CYBER
INCIDENT
RESPONSE
EDUCATION
SCOTLAND
People /
Organisations
Functions/
Initiatives Committees Vision/Strategy
TRAINING
121 PUBLIC SECTOR
BODIES
SERVICE INDUSTRY
CivTech
SG INITIATIVE
HALO PROJECT
26. OFFICIAL: NONE
OFFICIAL: NONE
Thank you for listening
Any Questions?
Nicola.Burnett@scotland.pnn.police.uk
DigitalTechReview@scotland.pnn.police.uk
33. THE CURRENT LANDSCAPE
• Attacks are on an exponential rise
• Attackers are getting more and more sophisticated
• Nation States / APT
• Zero days galore
• It is a matter of WHEN not IF
35. BUT IS IT REALLY?
• 99.9% of attacks are not super sophisticated nation state zero day
mega attacks
• Most attacks are generic, not targeted
• Most attacks are avoidable, and easily defensible
• You don’t need to purchase next, next, next generation magic
beans!
36. SO WHAT IS THE TRUTH?
• Most organisations are really bad at the basics
• Most foundations are weak, leading to easy compromise
• Attackers, believe it or not, like the easy route. It is the path of
least resistance, the most cost effective, and hey it works!
• Because, most organisations are rubbish at the basics
37. WHAT DO I MEAN?
• Policies, written in the ivory tower, with no business or customer empathy,
that frankly nobody reads, let alone adheres to
• What does my network look like? Which one?
• Firewalls with so many rules there almost no point having them
• Completely flat architectures, putting data at risk
• Admins with internet access
• Unknown number assets and people vs reality
• Once a year Security Awareness CBT nonsense
• Maybe some monitoring, maybe some of the right things, maybe some actual
logs. Doubt it though
• It’s an open door to an attacker! Of any kind!
38. SO WHAT’S THE ANSWER?
• Back to basics, the stuff you’ve been saying you’ve been doing for
years. Probably badly.
• Its time to do things differently.
• Recognising that controls are only effective when business focused
and within business operation.
• Give yourself breathing space, start with external firewalls.
• Come down from the ivory tower and into the customer base.
• Encryption isn’t the only answer! And sometimes not a good one!
IT IS HARD THOUGH. IF IT WAS EASY WE’D ALL BE BETTER AT IT!
39. MOST OF ALL
• Don’t believe the hype of the industry!
• It is predicated on FEAR, because FEAR sells. FEAR = MONEY
• Basic security foundations
• It’s not all zero day and super sophisticated nonsense!
• It is basics! Basics done badly leaves gaping holes. I don’t need to be
super sophisticated to go through an open door.
• Stop chasing buzzwords, like AI, BigData, IoT, whatever!
40. NOW?
• Check the rules on your external firewalls.
• 80 / 443 / 25 / 53 / DONE!
• Find if your admins have internet access!
• Use things like GDPR to help you. TOMS anyone?
• Security is a business wide responsibility, starting with the board.
• Use your inevitable ‘Digital Transformation’.
• Most of all, be honest with yourselves!
44. LISA FORTE
UK Counter Terrorism Intelligence Services
South West Police Cyber Crime Unit
Red Goat Cyber Security, Partner
Social Engineering Training
Cyber Attack Response Simulation
Social Engineering Pen Test
Enhanced Vulnerability Assessments
Penetration Testing
45. S O C I A L E N G I N E E R I N G
V E C TO R S
Phishing
Vishing
Impersonation
Smishing
49. L e s s o n s t o L e a r n
Have a plan and test it
Review online information
Share Intelligence
Stop social media access on
work devices
Test your staff & security
Invest in good training
50. C O N TA C T U S
R e d - G o a t . c o m @ R e d G o a t C y b e r
i n f o @ r e d -
g o a t . c o m
l i n k e d i n . c o m / i n / l i s a - f o r t e /
77. Success in the digital era is
dependent on an organisation’s
ability to simultaneously create
and protect competitive advantage.
78.
79. Your cybersecurity strategy
needs to be:
- holistic across this new ecosystem
- integrated with business strategy
- culturally-relevant
- agile
80.
81.
82. 1. Companies are leaving value on the
table as well as putting operations at
risk by treating cybersecurity as an
add on, as opposed to central tenant
and integrating at every level.
2. Competitive advantage comes from the
unique layering of your business
strategy with Cyber Security,
underpinned by IT Best practice, a
primed culture, and operational
efficiency.
83. The breadth and depth of the
challenge calls for leaders in
Cyber, in IT overall, who can
operate as master change agents.
They will need to drive the creation
of a cohesive set of new business-
relevant capabilities. Cyber is the
nervous system running through all
of it.
84.
85. 1. Correct Assessment of the
Threat Environment
Knowing and surveying your unique
place in the continually evolving
allows you to adapt, change, and
react at speed.
86.
87. 2. Full Visibility of the
Digital Ecosystem
True digital situation awareness
is becoming more achievable with:
• Internal Cybersecurity
approaches using the newer ‘next
generation’ technologies
• E2e visibility across your value
chain
88.
89. 3. Converge IT/Business/Cyber
Strategy
The convergence of the Business,
Digital, and Cyber Strategy requires
all business functions working
together in new ways. A continual
and agile approach to strategy and
business planning, that is
integrated and holistic.
90.
91. 4. Engagement and Partnering
Capability
Cybersecurity can no longer be the
concern of IT; it needs to be
everyone’s business. Connecting
with, working in, and developing
trusted relationships across your
organisational ecosystem is
critical.
92.
93. 5. Team Culture Primed for
Change
Culture eats strategy for
breakfast… even your cybersecurity
strategy.
Harness culture for change, for
security, and for growth.
94.
95. Additional
Questions
– How well do you include cybersecurity planning in your overall
organizational strategic planning process?
– How well do you ensure alignment between your cybersecurity planning
and your organization’s overall strategic planning?
– How does your strategy development process stimulate and incorporate
innovation in cybersecurity policies and operations?
– How well and often do you collect and analyze relevant data and develop
information on cybersecurity for your strategic planning process?
– How do you decide which key cybersecurity processes will be accomplished
by your workforce and which by external suppliers and partners?
– What are your organization’s key cybersecurity-related strategic objectives
and timetable for achieving them?
– How do your organization’s key cybersecurity-related strategic objectives
align with your organization’s overall strategic objectives?
– How well do your strategic objectives achieve appropriate balance among
varying and potentially competing cybersecurity needs, customer and
stakeholder requirements, and business objectives?
98. Agenda
> About me
> About easyJet
> Challenges for information security
> So how did we do it?
> Success factors
> Closing
99. About me
> Background in Internal Audit and Risk Management
> Specialising in Information Security since 2013
> Currently at easyJet in the Information Security Governance, Risk and Compliance team
@magsdj
100. About easyJet
Vision:
to be Europe’s leading short-haul airline,
making travel easy and affordable for both
leisure and business travellers.
104. Information Security for all functions
> Training and awareness requirements:
▪ Training tailored to job function
▪ Delivery method relevant to job function
▪ Timing – all at the same time? In phases?
▪ Employee stakeholder requirements (workers councils, unions)
> Understanding the business
▪ What does each function need from InfoSec?
▪ Unique requirements? Communication, sharing data with partners
▪ Where are the risks?
> Challenges
▪ Diverse workforce
▪ Diverse working patterns & schedules
▪ Diverse employee contracts
▪ Third party partners – Ground operations, Call centres
▪ Regulatory obligations
105. So how did we do it?
> Representative in each team / function who acts as an InfoSec Champion
> Our Champion to the business
▪ encouraging training
▪ contact person for queries
▪ Help with our communication strategy
> Business team’s Champion to InfoSec
▪ Come with questions
▪ Identify new requirements where InfoSec can help
▪ Reporting problems / incidents
106. Success factors (1)
> Identify key stakeholders, and get their buy in first
> AMB was asked to nominate champions
> Clear charter / roles and responsibilities for champions – what’s in it for you?
> Monthly meetings, structured format
> Use of technology to include geographically diverse Champions
> Resource website for Champions to use including FAQ’s, example goals for performance management; hints &
tips; contact details
107. Success factors (2)
> Measuring success:
▪ Successful projects e.g. annual awareness drive; November InfoSafe month; GDPR; Personal drive clean up
▪ KPIs for InfoSec team
▪ 2 way communication with champions – we continually ask how to improve the programme and implement their ideas
▪ InfoSec attending business team meetings and stand-ups
> Plans for the future:
▪ More champions!
▪ Additional training and opportunities for Champions
▪ Champions to help deliver new technology projects
108. Summary
> In a complex environment, a traditional approach if doomed to fail
> Engage the right stakeholders from the start
> Don’t just transfer work; make it worth it for the Champions
> This is our approach – but will it work for you?
113. The views and opinions expressed in this presentation and on the following slides are solely
those of the presenter and do not contain nuts. Do try this at home. Do not operate heavy
machinery within 200m of this talk. Please direct all complaints and legal queries to:
Donald Trump, The White House, 1600 Pennsylvania Avenue NW, Washington DC 20500, United States
of America The views and opinions expressed in this presentation and on the following slides are
solely those of the presenter and do not contain nuts. Do try this at home. Do not operate heavy
machinery within 200m of this talk. Please direct all complaints and legal queries to:
Donald Trump, The White House, 1600 Pennsylvania Avenue NW, Washington DC 20500, United States
of America The views and opinions expressed in this presentation and on the following slides are
solely those of the presenter and do not contain nuts. Do try this at home. Do not operate heavy
machinery within 200m of this talk. Please direct all complaints and legal queries to:
Donald Trump, The White House, 1600 Pennsylvania Avenue NW, Washington DC 20500, United States
of America The views and opinions expressed in this presentation and on the following slides are
solely those of the presenter and do not contain nuts. Do try this at home. Do not operate heavy
machinery within 200m of this talk. Please direct all complaints and legal queries to:
Donald Trump, The White House, 1600 Pennsylvania Avenue NW, Washington DC 20500, United States
of America The views and opinions expressed in this presentation and on the following slides are
solely those of the presenter and do not contain nuts. Do try this at home. Do not operate heavy
machinery within 200m of this talk. Please direct all complaints and legal queries to:
Donald Trump, The White House, 1600 Pennsylvania Avenue NW, Washington DC 20500, United States
of America
142. ACTION ITEMS
1.Add 1 business leadership source to your news feed
2.Take a manager out for coffee
3.Drop “should” from your vocabulary
4.Start a Risk Metrics menu
143. JORDAN M. SCHROEDER, CISSP, CISM
•Managing CISO, UCSS
•Security.StackExchange.com
Moderator
•Author of Advanced
Persistent Training
174. EXPLOITING TRUST-HUMAN
• PeopleshareWAY too much
• Sometimes it’s too easy,
people circumvent the rules
• What hasn’tbeendone?
• Tenders,job adverts etc
• Trust but verify
178. BLACKHAT
REPORT-2017
• 81%of hackers could identify andexfiltrate data in lessthan 12
hours
• 75%of the time organisationsonly focus on critical andhigh
vulnerabilities after apen test
• 64%of hackers frustrated that organisationsdon’t fix the things
they knew were broken
• 84%of hackers usedsocialengineeringaspart of their attack
strategy
179.
180. THE EASY
• Google researchshowed
48%pluggedin
• Firstone took 6 minutes
• 68%wanted to return the
USBto the rightful owner
• Someof them just wanted a
new USBstick
182. Who are Sapphire
GDPR
Insider Threat
Risk Management
Forensic Readiness
ISO27001 Fundamentals
ISO27001 Internal Auditors
Cyber Security for Executives
Cyber Security Fundamentals
Business Continuity Planning Exercises
Business Continuity Planning Fundamentals
Certified Information Security Managers (CISM)
Certified in Risk & Information Systems Controls (CRISC)
184. Proactive planning for a digital investigation of admissible
evidence; related monitoring processes, collection processes
and capabilities; storage requirements and costs.
Digital Forensic Readiness Planning
The goal of computer forensics Investigation and Examination is to
examine digital media in a forensically sound manner with the aim of
identifying, preserving, recovering, analysing and presenting facts and
opinions about the digital information
Digital Forensic Investigation and Examination
Digital Forensic Readiness Planning
185. Evan Dooley Nick Leeson John Rusnack
History
Following some of the major financial scandals of the late 1990s and
early 2000s, new strands of legislation and regulation impose on
businesses the requirement to produce and preserve a wide variety of
business records.
Digital Forensic Readiness Planning
Security Breaches
189. Investigation of major incident
Defence against lawsuits
Evidence to resolve a commercial dispute
Deterrent to insider threat attacks
Digital Forensic Readiness Planning
Example of Benefits:
Prove violation of a Corporate Policy
Demonstrate regulatory requirements have been met
Reduce the time and costs of an investigation
Demonstrates corporate governance of information assets
190. 1. To gather admissible evidence legally
2. To gather evidence targeting the potential crimes and disputes that may adversely impact on the
organisation.
3. To allow investigations to proceed at a cost in proportion to the incident
4. To minimise interruption to the business from any investigations
5. To ensure that the evidence makes a positive impact on the outcome of any legal actions
Objectives:
Digital Forensic Readiness Planning
191. Digital Forensic Readiness Planning
Scenari
o
Driven
Identify
Sources
Collection
Requirements
Legally
Admissible
Forensic
Readines
s Policy
Documenting
Case
Legal
Review
Monitorin
g
10
STEPS
Escalation
Process
Staff
Training
192. • Threats and extortion
• Information compromise
• Accidents and negligence
• Stalking and harassment
• Commercial disputes
• Intellectual Property rights infringement
• Economic crime
• Email, internet or social media abuse
`
Step 1: Define the Business Scenarios that require Digital Evidence
• Employee disciplinary issues
• Contractual disputes
• Unauthorized access by employees
• Malware
• Hacking
• Theft of computer resources
• Failure of computer systems
• Privacy invasion and identity theft
`
Digital Forensic Readiness - Examples
Identify
Sources
Scenari
o
Driven
193. Step 1: Define the Business Scenarios that require Digital Evidence
Digital Forensic Readiness - Examples
• Threats and extortion
• Information compromise
• Accidents and negligence
• Stalking and harassment
• Commercial disputes
• Intellectual Property rights infringement
• Economic crime
• Email, internet or social media abuse
• Employee disciplinary issues
• Contractual disputes
• Unauthorized access by employees
• Malware
• Hacking
• Theft of computer resources
• Failure of computer systems
• Privacy invasion and identity theft
`
Business Scenarios Threats What do they want
Money
Information
Disruption
Fun
Competitive advantage
Revenge
Discredit the brand
`
Risk Assessment
Scenari
o
Driven
194. Digital Forensic Readiness Planning Identify
Sources
Identify available sources and different type of potential evidence
STEP 2
• Email, Instant messaging, web-based email, chat rooms. newsgroup, social media etc .
• System and management files
• Equipment such as routers, firewalls, servers and workstations.
• Monitoring software such as intrusion detection software, packet sniffers, keyboard loggers
• CCTV, door access records, phone logs
• General logs such as access logs, printer logs, web traffic, internal network logs, internet traffic,
database transactions, commercial transactions etc.
• Portable devices
• Application software
• Back-ups and archives.
195. • BYOD (PC’s, Phones, Tablets etc)
• Social Media
• CCTV
• VOIP
• Cloud
• IOT
Technology Challenges
Digital Forensic Readiness Identify
Sources
196. Step 3
Determine the evidence collection requirement
Digital Forensic Readiness
• Where is data generated?
• What format is it in?
• How long is it stored for?
• How is it currently controlled, secured and managed?
• Who has access to the data?
• How much is produced?
• Is it archived? If so where and for how long?
• How much is reviewed?
• What additional evidence sources could be enabled?
• Who is responsible for this data?
• Who is the formal owner of the data?
• How could it be made available to an investigation?
• What business processes does it relate to?
• Does it contain personal information?
Scenarios Available sources
Evidence Collection
Requirement
COST BENEFITS ANALYSIS
197. Step 4
Establish a capability for securely gathering legally admissible evidence to meet the
requirement
Digital Forensic Readiness
Legally
Admissible
Evidence being gathered Legal Advice
Business Personal
Email
Log
Files
Social
media
STOP
Possible Evidence
198. Step 4
Establish a capability for securely gathering legally admissible evidence to meet the
requirement
Digital Forensic Readiness
• Monitoring should be targeted at specific problems
• It should only be gathered for defined purposes and
nothing more
• Staff should be told what monitoring is happening
except in exceptional circumstances.
Legally
Admissible
199. Step 4
Establish a capability for securely gathering legally admissible evidence to meet the
requirement
Digital Forensic Readiness
Legislation
Telecommunications (Lawful Business
Practice) (Interception of Communications)
Regulations 2000
Legally
Admissible
200. Digital Forensic Readiness
Lawful Business Practice Regulation
Lawful Business Practice Regulations are designed to meet the legitimate
needs of businesses to manage their information systems, making use of
the capabilities of modern communications technology, but in a way that is
consistent with high standards of privacy.
Please Note: These are not exemptions from the Data Protection Act.
Legally
Admissible
201. Digital Forensic Readiness
Everyone has the right to respect for their private and family life, their
home and their correspondence.
Legally
Admissible
Article 8: Right to Respect for Private and Family Life
202. Step 5
Establish a Forensic Readiness Policy including the secure storage and handling of potential
evidence
Digital Forensic Readiness
Forensic
Readines
s Policy
Policy Structure
• Senior Management Commitment
• Standards & legislation to comply with (e.g. ISO 27037:2012 Guidelines for identification, collection,
acquisition, and preservation of digital evidence)
• Process for instigating an investigation
• Who can conduct investigations (competence levels)
• Resources required
• Examination locations
• Evidence Storage
• Equipment and software tools required
• Use of external resources
• Requirements for building evidence based cases
• Training and Development
203. Digital Forensic Readiness
Monitorin
g
Step 6
Ensure monitoring is targeted to detect and deter major incidents
Escalation
Process
Step 7
Specify circumstances when escalation to a full investigation should be launched
Staff
Training
Step 8
Train staff in incident awareness and understanding of their role the evidence
processes and the legal aspects of evidence
Documentin
g Case
Step 9
Document and evidence based case describing the incident and the impacts.
WHO, WHAT, WHY, WHEN, WHERE AND HOW
204. Step 10
Ensure legal review to facilitate action in response to the incident.
Digital Forensic Readiness Legal
Review
At key times during the collating of the digital forensics it is good practice to review the case from a legal standpoint to advise
on the strength of the case and suggest whether additional measures should be taken.
Legal Advisors should be trained and experienced in the appropriate cyber laws and evidence admissibility.
Advice may include:
• Any liabilities from the incident and how they can be managed
• Findings and prosecuting/punishing of culprits
• Legal and regulatory constraints on what can be taken
• Reputation protection and PR issues
• When/if to advise partners, customers and investors
• How to deal with employees
• Resolving commercial disputes
205. Key Points
Digital Forensic Readiness
• Forensic Readiness is an organisations ability to use digital evidence when required
• Its aim is to maximise an organisation’s ability to gather and use digital evidence whilst minimising the
costs of related investigations.
• Forensic Readiness is an integral part of Information Security
• Forensic Readiness should be part of an information security risk assessment
• It is closely related to Incident Response and Business Continuity
• Requires the secure preservation and continuity of evidenced maintained.
• Links to security monitoring to detect and deter issues that may have a major business impact
• Forensic Readiness should be part of an organisation's security training programme.
• Develop and implement a Forensic Readiness Policy