April 2, 2015

44CON Cyber Security - second round of speakers announced

44CON Cyber Security
Speaker Update

 

Quentyn Taylor: Not following the herd – how to make your voice matter in the corporate world.

In this session, Quentyn Taylor, Director of Information Security for Canon in Europe, Middle East and Africa will look at how to make your voice heard and relevant in a modern fast paced business. He will look at building a security message and making it count, challenging commonly held perceptions in risk and always being aware of the echo chamber. The session will cover:

1. How getting in front of the board may not be the path to success some believe it to be

2. How many infosec peoples attitudes to risk are out of kilter with their business

3. How blindly following the infosec herd can be damaging

4. How taking a more business orientated approach is the path to success

5. Risk perception v’s reality

Phil Huggins & Ernest Li: Pitfalls of Public Cyber Data

There are increasingly many data-driven cyber reports published and these are being relied upon to support strategic cyber decision-making in organisations. In order to conduct a meta-analysis of reported cyber data to support the development of a strategic cyber threat assessment at Stroz Friedberg we reviewed the quality of available data and reports. Here we will highlight some of the pitfalls inherent in these sources that should be considered when using them and make some recommendations for the publication of data-driven cyber reports.

 

Dai Davis: Legal Drivers in Cyber Security: Many or None?

Technology Lawyer, Dai Davis explores what are the real drivers for Cyber Security? Certainly not the Data Protection legislation, which while theoretically being enforceable with a fine of up to £500,000, is rarely enforced. Most breaches of that legislation go unnoticed, let alone invoke a sanction. Most businesses will retort that they are concerned about their reputation, but does the truth match the perception? Dai explores the dangers of lack of security and what businesses can and do suffer as a result of lack of security.

Criminal sanctions in the form of the Computer Misuse Act, 1990 are examined as is the civil fining regime of the Data Protection legislation. There is also the possibility under this latter data protection legislation for an aggrieved individual to claim damages, but as Dai shows , this also is a theoretical rather than a practical remedy. Dai examines the purely economic risk of “loss of reputation” as well as the special case of businesses falling under the remit of the Financial Conduct Authority.

Dai will also examine the implications of lack of security in the Internet of things and whether there are legislative or other drivers to make the Internet of Things secure.