Agenda

Full list of speakers

Click here to view the latest speaker line up for IA08

The current pace of change for IA is relentless and the IA08 agenda must reflect this evolving landscape. Below you'll find the very latest version of the agenda for this year's pivotal event.

Workshop One Tuesday 17 June, 11:45-13:10

IT HEALTHCHECKS: YOUR ROUTE TO EFFECTIVE SECURITY RISK MANAGEMENT 

In this practical, informative session, IT security experts NCC Group will demonstrate how you can implement an IT Healthcheck process which forms part of a continuous risk
management lifecycle to safeguard your organisation’s IT security rather than a ‘tick in the box’. They will demonstrate how this all-round security approach addresses categories of risk not covered elsewhere and how it can provide concrete evidence that your security investment is both effective and compliant. 

The session will examine where an IT Healthcheck can go beyond simply supporting corporate audit requirements and assessment of compliance, and can add real value ranging from checking the performance of external service providers/vendors through to supporting incident response when a breach occurs. The session will also highlight the limitations of security assessment and testing processes, and the dangers of complacency. The NCC Group team will draw on real-life examples of thousands of security testing and consultancy projects carried out on behalf of hundreds of high-profile clients to illustrate the subject. 

  • The session will provide practical guidance to delegates on:
  • Risk assessment – accurately identifying your IA needs
  • Defining the scope – networks, workstations, applications
  • Effective procurement – defining and communicating your requirements
  • Distribution of results – identifying your reporting requirements
  • Avoiding complacency – acting on recommendations and thinking ahead

Speaker: Paul Vlissidis, Technical Director, NCC Group

Paul Vlissidis

With over 20 years experience in IT, Paul is a recognised expert on all aspects of IT and Internet security. He heads technical research and new product development for the Ethical Security Testing division of NCC Group – the leading independent provider of IT security consultancy and testing services. He previously held senior IT security roles within the nuclear industry

Workshop Two Tuesday 17 June, 14:20-15:45

FINDING YOUR IDEAL INFORMATION ASURANCE SOLUTION 

If you were starting from a greenfield and had unlimited resources, what would your ideal Information Assurance solution look like? What would be its characteristics and cost?  Could it be realised in practice?

The workshop will start by considering ideas for a hypothetical ‘perfect’ solution and then work backwards to discuss the ‘real world’ constraints that prevent its implementation. Not everyone will have the same vision for idealised Information Assurance but the merits of the following will be explored:

  • Data-centric access control
  • Biometric and two factor authentication
  • Digital signatures for integrity checking
  • Content sensitive gateways
  • Trusted Computing Platforms

On the side of realism, we will assess the impact of:

  • ‘Brownfield’ IT environments
  • Legacy business processes
  • The cost of change

In summary, we shall try to arrive at an answer to the question: just what is stopping you getting to your ideal Information Assurance goal?

Speaker: Ian Robertson, Managing Consultant – Security Architect, IBM

Ian Robertson

Ian is a managing consultant in the IBM Security and Privacy Practice specialising in security strategy and high level security architecture for the financial services and public sectors. He has worked on major systems integration projects at IBM and has led security assessment and architecture teams. Ian has specialist knowledge of security policy and compliance (including COSO and CoBIT), identity management, strong authentication (including biometrics) role based access control and Public Key Infrastructure (PKI)