DSS ITSEC 2017: CYBERCRIME AND EU GDPR LABYRINTH

THE LARGEST CYBER SECURITY EVENT IN BALTICS

Full Agenda

This years Agenda

09:10 - 09:40

Speaker

"Hacking democracies, the latest issue of the 21st century"

A presentation following the overall interest in how a democracy might be hacked, how vulnerable we are and what potential issues are evolving without being on the forefront of the press, elections campaigns and other media outlets. This also follows the recent information out of BH/DefCon Las Vegas, hacking voting machines is not the only problem which has to be considered. In the meantime, there are a lot of attack vectors and vulnerabilities which can be exploited when talking about the potential attack on a democratic government. This is also not really new, in the past smaller events have shown what might be coming, but the bigger picture was not understood, or maybe not yet visible. Hacking a key industry was the start, then came the potential for holding an entity hostage, which right now is expanding as we bring more and more things online. Hackback and other issues can also be mentioned here, as they raise interesting questions for the governing bodies, whatever they might be.

Holger Spohn

09:40 - 10:10

Speaker

"Cyber Security & Data Protection, Past/ Present/ Future"

Johan Rambi

10:10 - 10:40

Speaker

"Cybercommunication as a Jihadi Strategic Tool – The Role of SOCMINT"

The notions of geopolitics are changing. The classical conceptions of frontier or territoriality became dematerialized, giving place to a fluidity and the emptying of the exercise of sovereignty. To the physical and contained space, a new space, virtual and in expansion, was added – the cyberspace. Grounded on that assumptions, information warfare became and axis for subversive actions. DAESH took communication and the spread of information as essential to its strategy. Cyberplatforms appear as a tool for both external and internal communication. DAESH has in its structure a sophisticated content production unit, critical to internal and external communication. In parallel to the concept of jihad, which involves the use of violence, is the dawah, which literally means proselytizing. This is equivalent to the information spectrum used to propagate the message and convince Muslims to reject Western values and “apostate” regimes. It is a range from the traditional predications by imams in mosques to multimedia formats distributed on-line. Cybercommunication, through social media, more than a component, also becomes a basis for new jihadi self-assembled emerging structures. There is no separation between words and actions. The spread of information is integrated into the operational dimension, in a mutual dependence game, crucial for propaganda, operations planning, and the recruitment of new members.

Felipe Pathé Duarte

10:40 - 11:10

Speaker

"Privacy and Security Are Two Sides of the Same Coin: An Individual’s Perspective"

Technology has advanced so rapidly in the last 20 years—from the internet to “big” data to the more recent Internet of Things. This evolution is forcing us to address some very difficult questions about protecting and securing personal information – including yours, mine, and ours. This discussion can no longer be relegated to the privacy freaks and security geeks in the back room. We must all engage. In this session, we’ll take a look at some of these privacy and security questions from the perspective of an individual – such as a consumer, citizen, or employee. We will walk through the six-stage data lifecycle (create, store, use, share, archive, and destroy) to help put this discussion into context. And finally, we’ll discuss what we can do as individuals to protect not only ourselves but also those with which we live, love, and serve. Note: There is a second session called “Privacy and Security Are Two Sides of the Same Coin: An Organization’s Perspective.” You are welcome to attend one or both sessions.

Tamara Dull

11:30 - 12:00

Speaker

"2017 COST OF CYBER CRIME STUDY – INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE"

Over the last two years, the accelerating cost of cyber crime means that it is now 23 percent more than last year and is costing organizations, on average, US$11.7 million. Whether managing incidents themselves or spending to recover from the disruption to the business and customers, organizations are investing on an unprecedented scale - but current spending priorities show that much of this is misdirected toward security capabilities that fail to deliver the greatest efficiency and effectiveness. New research published by Accenture and the Ponemon Institute helps better understand the effectiveness of investment decisions.

Intars Garbovskis

12:00 - 12:30

Speaker

"Security Testing: lies, truths and little secrets they never told you, from +20 years of field experiences"

Raoul Chiesa

12:30 - 13:00

Speaker

Will CIOs be the new kings? Changes that GDPR may bring around in the EU cyber security job market, especially on C-level

Anett Madi-Nator

13:00 - 13:45

Speaker

First Part Topics Q&A

The participants will discuss all previously covered topics and presentations including comments from the moderator and questions and comments from the audience.

Panel discussion

14:00 - 14:30

Speaker

"Blockchain & GDPR"

Mari Kert-Saint Aubyn

14:30 - 15:00

Speaker

"Securing privileged access to ensure GDPR compliance"

All the largest cybresecurity breaches in the past 5 years had one thing in common. The attackers used hijacked privileged credentials to break in. GDPR mandates that personal data must be all time secured and only accessible to authorized users. But what happens if those user credentials are stolen? How can you tell hackers apart from your own users? To learn how to cope with such threats join us at....

István Molnár

15:00 - 15:30

Speaker

"Time to think differently about security"

Today’s security investment is spent to traditional technical solutions, that are insufficient for modern security needs. Encrypted traffic is making traditional security software and solutions blind. How can you recover visibility into encrypted traffic? How to protect your user identities and applications in a smart way to do security? These and many other questions will be answered during this session.

Timo Lohenoja

15:50 - 16:20

Speaker

"Let IBM Security drive your innovation while addressing your cybersecurity challenges"

IBM Security helps protect the world’s data against cyberattacks in a challenging, continuously changing environment. The IBM Security team of over 8000 professionals is helping over 17,000 customers in 133 countries effectively secure their IT enterprises. Learn how IBM Security continues to accelerate its momentum into the future of security with cognitive, cloud and collaboration solutions. These solutions help organizations build a cognitive SOC, take control of digital risk, and transform their security programs.

Robert L Kennedy

16:20 - 17:00

Speaker

"The Digitalization of Crime"

We are living in a world where cyber attacks have become the norm. New kinds of attackers appear, with new targets, new motivations and new methods. To understand and to fight the attacks, we need to understand who the attackers are. Security expert Mikko Hypponen will look at the latest big hacking cases and reveal what really went on.

Mikko Hypponen

17:00 - 18:00

Speaker

General Summary Panel Discusion - Cyber Security, Cyber Crime, Threats, Data Protection & EU GDPR

This panel will consist the most remarkable speakers from all day long conference topics covered.

Panel discussion

11:30 - 12:00

Speaker

"Hacking SCADA HMI Applications"

SCADA systems of Ukrainian regional electric power companies and left approximately 225,000 customers without power. Threat actors spend their effort on discovering vulnerabilities on HMI (Human-machine Interface) applications as it is main part for managing and controling of the SCADA system. The talk is about SCADA HMI vulnerabilities and exploiting. We will detail out some vulnerabilities discovered in HMI applications created by well-known SCADA vendors including Schneider Electric , CoDeSys, Progea and more. We will also answer some specific questions about SCADA vulnerabilities with technical details. These questions are; – Why are SCADA applications swiss cheese for hackers? – What is the status and impact of the threat? – How do researchers or hackers discover these vulnerabilities? - What to do for prevention?

Celil Unuver

12.00 - 13.00

Speaker

"Software Security"

What is important measurements to make software projects really cyber-secure?

Brecht Wyseur

14:00 - 14:30

Speaker

"Threat Exposure Management - keep up with new threats and a variety of vulnerabilities?"

Security incidents take place with use of vulnerabilities found in IT systems. Every day dozens of new vulnerabilities are discovered - in operating systems, applications, databases, software and mobile devices. The main difficulty of vulnerability management is the fact that organizations are not able to fix all vulnerabilities on time. Simple vulnerability scanning is not applicable. Realistic strategy requires risk-based approach and use of specialized tools that automate complex, time consuming work. The lecture will explain the strategy of Threat Exposure Management and practical use of Rapid7 tools.

Mariusz Stawowski

14:00 - 15:00

Speaker

Proactive Security: the Open Source Security Testing Methodoogy Manual (OSSTMM) from ISECOM

.

Raoul Chiesa

15:00 - 15:30

Speaker

"Social Engineering & Hacking in Action"

Real demos of how easy is to hack a person/organization through social media.

Toms Pēcis

15.30 - 16.00

Speaker

"Social Engineering & Hacking in Action Part II"

Toms and Peter will together make some good hacking demos.

Peter Gubarevich

11:30 - 12:00

Speaker

"Trust in 5G Networks"

5G networks will bring increased diversity in applications, and new business models, requiring the collaboration of multiple parties to deliver services. As a result, no single stakeholder will be able to secure a 5G network against all threats, so each stakeholder must trust others to ensure end-to-end security. Since trust is a response to risk, our trust model is defined in terms of threats to 5G networks. These are analysed to find dependencies between stakeholders affected by each threat, and stakeholders who are in a position to address the threat.

Dr Toby Wilkinson

12:00 - 12:30

Speaker

"Satellite Cyber Security in a Unified Networking World"

Martin Edward Jarrold

12:30 - 13:00

Speaker

"Satellite for 5G"

The future communications system referred to as 5G represents far more than just the next generation of terrestrial mobile services. It will drive a convergence of fixed and mobile services, introduce a new set of technologies and standards, create a network of networks and facilitate communications between everyone and everything, whilst focusing on key vertical markets. In this context, satellite systems have useful attributes for 5G networks in terms of security, resilience, coverage, mobility and delivery of broadband communications.

Antonio Franchi

14:00 - 14:30

Speaker

"GCA’s mission to combat systemic cyber risks"

Andy Bates will be speaking about GCA’s mission to combat systemic cyber risks. During Andy’s presentation, you will hear of several solutions which GCA has developed that can be implemented at no charge to significantly improve your cyber defence. Andy will touch on experience from GCA partners from around the world.

Andy Bates

14:30 - 15:00

Speaker

"CYBERSECURITY AWARENESS"

Cybersecurity is a major challenge in today´s world as government agencies, corporations and individuals have increasingly become victims of cyber-attacks. Increase the awarness on the threats to help solve the challenges that Europe (and others) are facing in the cyberspace and to balance different views, needs and initiatives in Europe. The cybersecurity environment is evolving a day after day. Reinforce the digital trust of all stakeholders, from key decision makers to citizens, whether they are private or public entities through the generation of content and suitable communication channels relevant to the identified public target and the provision of specific services aimed at satisfying the needs of the recipients.

Mauro Alberto Brignoli

15:00 - 15:30

Speaker

"How to Enable Security Awareness and Education within the Workforce"

Your employees are your organisation’s front line. Melanie Oldham, Managing Director of Bob's Business, will guide you through the most common barriers to security awareness and go through her top tips for overcoming these issues and creating a secure human firewall.

Melanie Oldham

11:30 - 12:00

Speaker

"GDPR requirements: what exactly can be supervised?"

GDPR provides number of new requirements for controllers and more rights for data subjects. Generally speaking new regulation for both sides is more procedural than substantive. Even if we take a look on GDPR article on possible sanctions for controllers or processors, it is clear that violations of procedures could make a lot of cases. However, metodology of procedures in GDPR are not strictly defined. What exactly can and will be supervised in this situation? This is very important aspect in life of every organization after May 25, 2018.

Mg.iur.Māris Ruķers

12:00 - 12:30

Speaker

"Privacy and Security Are Two Sides of the Same Coin: An Organization’s Perspective"

Technology has advanced so rapidly in the last 20 years—from the internet to “big” data to the more recent Internet of Things. This evolution is forcing both the private and public sectors to address some very difficult questions about protecting and securing customer and citizen information, at home and abroad. In this session, we’ll take a look at some of these privacy and security questions from the perspective of an organization, including companies, non-profits, and government agencies. We will walk through the six-stage data lifecycle (create, store, use, share, archive, and destroy) to help put this discussion into context from an organizational perspective. And finally, we’ll discuss some ideas on what needs to happen as we move forward into this digital age. Note: This session continues the discussion from an earlier session called “Privacy and Security Are Two Sides of the Same Coin: An Individual’s Perspective.” You are welcome to attend one or both sessions.

Tamara Dull

12:30 - 13:00

Speaker

“IT Companies Entwined in Inter-State Relations: Legal Risk Assessment”

Public international law is predominantly concerned with relations between states. That said, in certain circumstances, the activities of private IT companies have international law implications. In particular, private companies may become the lawful target of a foreign state’s countermeasures in the event that the foreign state’s rights under international law have been violated. In times of armed conflict, IT companies can sometimes qualify as military objectives that can lawfully be targeted. This presentation will examine some of the key international law issues pertaining to private IT companies and propose measures for private sector legal risk management.

Liis Vihul

13:00 - 13:30

Speaker

"When personal data flows outside Europe, what can you do to comply with the GDPR?"

One of the basic personal data protection aspects is related to the transfer of personal data to the states that are not members of the European Union or European Economic Area. This issue is also addressed by the General Data Protection Regulation. Although it seems that transborder transfer of personal data concerns only a limited amount of persons involved in data processing, it actually affects many parties who has any relation to digital world. Thus, the presentation question is: how is it possible to control transborder flow of personal data in a way compliant with GDPR?

Anna Vladimirova-Kryukova

14:00 - 14:30

Speaker

"Compensation for Breach of the General Data Protection Regulation"

Article 82(1) of the General Data Protection Regulation (GDPR) provides that any “person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered”. This presentation will, in particular: - compare and contrast Article 82(1) GDPR with compensation provisions in other EU Regulations and Directives and with the caselaw of the CJEU on those provisions, - compare and contrast the text of Article 82(1) GDPR in the 24 official languages of the EU (especially the Baltic and Nordic languages), and - compare and contrast the incorporations of Article 82(1) GDPR in the 28 Member States of the EU (especially the Baltic and Nordic countries).

Dr Eoin O’Dell

14:30 - 15:00

Speaker

"7 Months to Go – Are you on track with your GDPR program?"

The clock is ticking away and stakeholders are more and more anxiously looking at their calendars. Where should you be by now, what should your GDPR program already look like, how can you check its effectiveness already at an early stage and – most importantly – what can you do if you just are not there yet?

Dr. Jyn Schultze-Melling

15:00 - 15:30

Speaker

"Data Security and Breach Notification"

Data security plays a great role in the General Data Protection Regulation (GDPR). The GDPR imposes stricter obligations on data processors and controllers with regard to data security while simultaneously offering more guidance on appropriate security standards. The GDPR also adopts for the first time specific breach notification guidelines

Liene Cakare

15:50 - 16:20

Speaker

"Processing of employee data"

GDPR will bring more specific data protection rules in the workplace and strengthen existing ones. In the age of sharing economy, wide use of social media and increasing technical capabilities it is debatable - when a person is considered an employee, to what extent it is acceptable to monitor employee personal data and how to find balance between interests of employer and rights of employees.

Jūlija Terjuhana

16:20 - 16:50

Speaker

"EU GDPR Legal"

EU GDPR Legal discussion based on topics discuses during whole day in this parallel session and various questions asked by onsite and online participants.

Panel discussion

11:30 - 12:00

Speaker

"HOW TO"...DISCOVER IF YOUR MOBILE PHONE HAS GOT A SPYWARE"

Eng. Selene Giupponi

12:00 - 12:30

Speaker

"Risk Management strategy and tools applicable for Mobile World"

Mobile operating systems, such as Android and iOS inherit old security issues, but also create new and complex security risk. In the traditional PC environment, risk management is focused on restricting employees’ access to corporate resources. In the new world where mobile devices play significant role, the most common approach assumes enabling business first and ensuring security second. The lecture will discuss the threats related to mobile world, review different risk management standards (ISO-27005, ISO-29134) and explain how dedicated MobileIron tools can secure a world of mixed-use devices and manage the risks in business-aware manner.

Mariusz Stawowski

12:30 - 13:00

Speaker

„Teamwire - Solving the WhatsApp Problem of Enterprises.“

Most enterprises currently have a Whatsapp problem as part of the shadow IT. While Whatsapp simplifies the communication and increases the productivity, it causes data protection, security and compliance issues. Especially with the upcoming General Data Protection Regulation the business risks are high. Teamwire solves the Whatsapp problem of businesses, increases productivity and improves team communication in the messaging era. Leading German enterprises like the Sparkassen Group, Barmer, NDR as well as ministries and the police use Teamwire as a Whatsapp alternative.

Tobias Stepan

14:00 - 14:30

Speaker

"Samsung KNOX platform's evolution"

Samsung Knox products are designed to deliver military-grade security in an easy-to-use package. However Knox isn’t just a security solution. Knox is an ecosystem of mobile products. From the hardware security platform through android apps enhancements to whole device tailored for particular purpose. Knox makes your device secure, but also unique in order to fulfill all your business needs.

Sylwia Baran

14:30 - 15:00

Speaker

"Firmware over the air: Case study of Adups FOTA"

Jānis Džeriņš

15:00 - 15:30

Speaker

"Software in the new Blackberry – welcome to new mobilized world."

Data breaches and cybersecurity threats are some of the biggest roadblocks to realizing the potential of the Enterprise of Things. BlackBerry Secure is a comprehensive, mobile-native approach to security that addresses the entire enterprise, from endpoint to endpoint.

Vadim Kuznetsov

15:50 - 16:20

Speaker

"Preventing security threats in eID documents environment"

Cybersecurity and eIDs: why these topics go hand-in-hand. Statistics of using malware and viruses on the global scale. Who attackers are, their goals and objectives. Who potential victims are, their sweet treats for attackers. How attackers can challenge the sustainability of a country/company: citizens’ sensitive personal data, document production and usage, technological infrastructure, eGovernment functionality, international travel/migration safety and accounting, data exchange between countries. Risks for companies and service providers: external, internal. eID environment — is like a country, eID document — is like a house. Measures and ways to analyse and anticipate the risks, and protect your property. Why it’s essential to raise awareness across all industries. Crucial things to think about in advance.

Alexander Popov

11:30 - 12:00

Speaker

"A LOOK AT THE GDPR AND THE PAST, PRESENT, AND FUTURE OF CYBERCRIME, -TERRORISM, AND -WARFARE"

Lars Hilse

12:00 - 12:30

Speaker

“Great lies You hear about easy achieving GDPR compliance through some Wunderwaffen...”

The closer it comes to the point when GDPR compliance regulation takes effect, the more we hear from our customers about magical solutions which are compliant with GDPR and will solve the regulations compliance challenges in one deadly strike. It’s obvious that everyone wants a part of customers GDPR compliance budgets pie and ride the “fear-train” of our customer executives. This of course puts CSO’s and CIO’s if very confusing and uncomfortable situation, as they don’t understand which solutions fits where and how much I will be covered, if I buy this so called “GDPR compliance solution”. In my daily routine, I’m meeting our customer executives and hear their stories and confusion about being offered multiple Wunderwaffen GDPR compliance solutions. So I’ve summarized the top 5 greatest lie stories I’ve heard, for you to be aware of and know what to do, when you’ll hear the next magical “One and the best GDPR compliance solutions which covers all requirements”.

Artjoms Krūmiņš

12:30 - 13:00

Speaker

"Data Breach real life case studies, ways to tackle them etc."

If you think compliance is expensive, try non-compliance” or what could possibly go wrong. Insight into few of the preventable data loss/hacking cases in recent history, challenges these brought to company business and careers of employees and simple sometimes old fashioned ways to secure most obvious risks.

Andris Jansons

13:00 - 13:30

Speaker

"Why Classification Matters"

Data Classification has moved from a “nice to have”, to a “must have”, as customers realise that without proper data classification, they limit control of unstructured data in their organisations. Luke Shutler will discuss why Classification is becoming more and more crucial as the data regulations change, and how this technology impacts data discovery and Data-Loss Protection.

Luke Shutler

14:00 - 14:30

Speaker

"The Journey to GDPR Compliance"

Data is at the core of the way modern businesses operate and in today’s digital economy, this data is increasingly valuable as an asset in its own right. If you consider the most valuable companies of the last decade what are they valued for? The information they create from that data - and a large proportion of that comes from the individuals using those services; their personal data. General Data Protection Regulation comes into effect May 2018. Applies to any citizen of the European Union (500 Million). Will come into force on the 25th May 2018. Should be seen as a positive – getting ready for GDPR (and other privacy laws) is the Information Governance project all organisations need to go through. Unleash hidden value, expose potential risks, remove bottlenecks across IT systems and siloed departments. Veritas know how!

Vlastimil Chramosta

14:30 - 15:00

Speaker

"PREPARING TO HUNT FOR THE ‘DATA PROTECTION BY DESIGN’ BEAST: THE DLP WEAPON MUST BE IN YOUR ARSENAL"

By enacting "Data Protection by Design" as a legal norm the GDPR has made the discipline of privacy engineering mandatory for practicing by CIOs, CISOs, security architects and system designers to ensure corporate IT systems compliance with the new regulation. At the same time, infosecurity vendors are deeply concerned whether their products retain value for emerging privacy-centric IT solutions. By reviewing fundamental concepts and components of a generic privacy engineering process conforming to the criteria recently approved in sublegislative GDPR guidelines and clarifying certain specifics of its application in real-life IT systems, this presentation explains why Data Leak Prevention is a necessary Privacy Enhancing Technology that has to be used in any GDPR-compliant system designed to protect personal data.

Alexei Lesnykh

15:00 - 15:30

Speaker

"Guess how much I love you"

We live in a connected world with an increasing need to share sensitive data inside and outside of the organization, digitizing, transforming and automating business processes. Simultaneously the perimeter is shifting and it gets harder and harder to protect the digital assets of your organization without compromising on security and governance. The Accellion kiteworks platform is increasing business productivity *and* not just giving you the good feeling that your digital assets are secure, even if you share them with the outside world, but prove it to your risk & compliance auditor, too.

Harry Zorn

15:50 - 16:20

Speaker

"The importance of a data protection platform for GDPR compliance …unified data protection controls to smooth the path to compliance, by Digital Guardian "

GDPR brings far reaching new requirements for companies processing EU citizen data. Many organizations are struggling to understand where they stand and which combination of people, process and technology they will need to become compliant. This presentation will outline the role Data Loss Prevention (DLP) technology can play in a GDPR program, including an explanation of key functions of DLP such as data discovery, data classification and data egress controls. We will outline how these functions can be used for initial planning and assessment of the GDPR compliance gap, as well as for a fuller program which supports the Data Protection Officer, breach notification processes and general protection of sensitive personal data against insider threats and advanced attackers.

Matt Logan

11:30 - 12:00

Speaker

"When your own security products betray you"

There are many security products on the market some of which are excellent and some of which are awful; telling the two apart can be very hard. This is especially true when selecting a security technology to include into a larger system. Our research group specialises in the analysis of such security products and the claims they make. In this talk I'll give a number of examples of our work, in which we have found that incorporating a weak security component into a larger product as lead to entire systems being insecure. Examples will include weak cryptography used in rail control systems, pacemakers and cars; bad security APIs used in leading banking apps and backdoors inserted by third party developers.

Tom Chothia

12:00 - 12:30

Speaker

“APT attacks. Taxonomy, malicious techniques.”

APT-atacks become more and more sofisticated every month, but all of them could be analysed throught universal model named ThreatSCALE - Sequence of Cyber Attack Lifecycle Events. This model was developed based of computer forensic investigation several latest cyber attacks on Ukraine including power-grids, goverment institutions, business etc. Hacker techniques, utilites and approaches will be demostrated and explained in logical and continuous way.

Oleksii Baranovskyi

12:30 - 13:00

Speaker

"SMONT - an Ontology for crime solving through Social Media"

There are numerous social networks such as Facebook, LinkedIn, Google Plus and Twitter whose data sources are becoming larger every day holding an abundance of valuable information. Among these data, digital crime evidence can be collected from on-line social networks (OSNs) for crime detection and further analysis. This presentation describes the SMONT ontology which has been developed to give support to the process of crime investigation and prevention. The SMONT ontology covers specific data about the crime, digital evidence obtained from OSNs, information archived from police entities, and also details related to people or events which may bring the authorities closer to crime case solving. It is possible to benefit from the ontology in different ways like: intelligence gathering; reasoning over the data; smarter searches and comparisons; open data publication purposes; and for the overall management of the crime solving and prevention process.

Ogerta Elezaj

14:00 - 14:30

Speaker

"Smart Grid Security in Products, Policy, and People"

The digitization of large scale critical infrastructures, especially the electric grid, is a vastly complex project, which is difficult enough to achieve even without considering security issues. In addition to technical challenges, the massive change in the way of operating also puts the organizational structures and procedures to their limits. In this talk, we sum up the experiences of working closely with operators of smart grid systems, and discuss pitfalls and possible solutions organizations encounter when engaging with security and privacy in the smart grid, as well as pointing to concrete solution proposals. There pitfalls include among others the challenges of security hygiene in procurement, the IT/OT conflicts, usability, risk assessments and privacy by design.

Klaus Kursawe

14.30 - 15:00

Speaker

One solution to meet GDPR, eIDAS and PSD2.

What opportunities new EU regulations GDPR , PSD2 and eIDAS bring to companies. And why we are on the forefront of disruption in digital ID.

Janis Graubins

15:00 - 15:30

Speaker

"Malware and the effects on NATO"

A presentation on how malware has affected NATO (Allied Command Operations, our area of responsibility) in the recent past, and what effects it could have in a worst case scenario. This is especially interesting as Cyberspace is now an operational domain for NATO, while many nations still work on the consequences of this decision. It will also include the information on sharing of data with partners, as this is key for fighting malware, or in general, cyber issues. On the underlying issue, malware is malware, if it turns into a malicious tool to harm an operation or if it turns into commercial malware does not really matter for us, we need to understand the basic information and prepare ourselves, the partners and nations as best as we can. Partnerships include of course nations, industry, academia and NGO’s, for example the EU, Europol, and many others, also depending on the tasking and our goals for static or deployed use. And in addition to malware, a big issue we have is the insider threat, which can be augmented by the malware problem, as seen in industry when employees either take data or leave time bombs behind.

Holger Spohn

15:50 - 16:20

Speaker

Data protection - who needs it? Evolution of attitudes towards data protection of millennials and after. Will millennials ever truly understand classic privacy? Is privacy of individual users becoming outdated?

Csaba Virág

11:30 - 12:00

Speaker

"FortiSIEM - bringing context to security, availability and performance data collected across the IT environment."

FortiSIEM is an integrated monitoring application that automatically discovers servers, devices and applications in the environment; baselines activities and traffic patterns; uses prebuilt rules to provide proactive alerts on security, performance, and availability events in real time with options to customize based on unique needs.

Ahto Tomingas

12:00 - 12:30

Speaker

“Can stopping mobile cyberattacks be this easy?”

Mobile attacks continue to make headlines in 2017. It takes only one breached mobile device in an enterprise for cybercriminals to steal personal and business data, and access corporate networks. But just how vulnerable are mobile devices to attacks in enterprise environments? It’s safe to say that mobile cyberattacks beset every business. Check Point’s SandBlast Mobile protects your devices from advanced mobile threats, ensuring you can deploy and defend devices with confidence.

Giedrius Markevicius

12.30 - 13.00

Speaker

"Turbocharge Security Operations with ATAR"

Todays attacks are automated but investigations and response is mostly manual. We are introducing ATAR, one of industry's first security orchestration, investigation and response platform. ATAR supports automated response, collaborative investigations, SOC KPIs and Dashboards.

Burak Dayıoğlu

14:00 - 14:30

Speaker

„How to implement SIEM in 30 minutes“

The latest regulations such as MK442 and GDPR are forcing companies and organizations not just to store the various log files, but also keep track of them, analyze events and be more proactive than ever. It becomes harder and harder to cope with these challenges using traditional SIEM solutions, as they need a lot of hardware, software and human power to run. During the talk different approach to log management will be presented and practical examples demonstrated.

Rūdolfs Augustovskis

14.30 - 15.00

Speaker

"The IBM z14: Data Protection for the Digital Enterprise"

Did you know that 80 percent of the world's corporate data is stored on IBM mainframe computers? Organizations continue to rely on IBM mainframe systems because no other commercial computing environment provides the same level of security, reliability, scalability & affordability. Come to this session to learn how the IBM z14 can help you effectively protect your critical data at a surprisingly affordable total cost of ownership.

Robert L Kennedy

15.00 - 15.30

Speaker

"How to better prevent against zero-day exploits: proactively securing IT and OT networks, endpoints and cloud services"

IT security solutions and their corporate users are facing a paradigm shift: the conventional, reactive, signature- and feed-based solutions don't do the trick anymore. Against zero-day attacks, a new generation of protective solutions need to be applied: based on security-by-design, separation. and object-centered rights management. These solutions should not try to re-invent market-leading IT products and cloud services, but be able to integrate well with them, in order to be embraced by organizations. A few practical examples will be shown during the presentation.

Peter Rost

15.50 - 16.20

Speaker

"Continuous Authentication in action"

Demo session on how to identify and prevent hijacked accounts before obtaining critical assets from any server.

István Molnár

11:30 - 12:00

Speaker

"ENGINEERED INTUITION AGAINST ADVANCED CYBER-ATTACKS, Protect the Enterprise with Next Generation Machine Learning"

Tudor Florescu

12:00 - 12:30

Speaker

"Security for your Digital Transformation"

82% of companies are at the brink of digital transformation or already on the way. This is changing the way how companies operate from people in the field to top management. I will share the fundamental changes and challenges in security strategy that we see our customers are facing and how they are overcoming them.

Magnus Hillermaa

12:30 - 13:00

Speaker

"QRadar the Global Leader in Security Analytics Platform Market"

Balazs Oszkar Csendes

14:30 - 15:00

Speaker

"The pressures of being human"

GDPR, Breach Management, Ransomware, Data Breaches, Phishing Emails, IOT, cyber security, lateral movements, is it all just too much? making more sense out of all this and taking a look at some of this from a human point of view.

Ian Whiteside

14:30 - 15:00

Speaker

„Evolving with the threat landscape“

Over the last few years we have seen that the cyber threat landscape has been rapidly changing, with the rise of IoT and the political aspects of the internet, terms such as „Cyber warfare“ has become something real. What can history teach us about future threats? And how do we arm ourselves for the future in order to be protected? Alexander, Sales Engineer at Sophos will tell you the whole story in the presentation.

Alexander Hägglund

15:00 - 15:30

Speaker

"Artificial Intelligence (AI) on the Horizon of Cyber Security"

Multiple intelligent technologies, such as Machine Learning (ML), Neural Networks, Data Mining, Natural Language Processing (NLP) and many others have given rise to solutions that we call Artificial Intelligence (AI), which is essentially a way to augment our devices, software and services to achieve overall improvements in the way we think and perform. There are many fantastic examples of how these solutions have changed technology in general, and even the field of cyber security has seen and will continue to see drastic changes, as AI capabilities become more prevalent. On one hand, we are seeing more complex malware, phishing campaigns and targeted attacks, enhanced by AI. On the other hand, everything that the adversary uses, can also be useful to the defender, especially so in the case of offensive security. Therefore we have a wide range of augmented security solutions for penetration testing, reverse engineering and analysis of malware, malware detection, network intrusion detection and prevention and many more. While exploring the current state of AI in technology and security, in this talk I will also briefly touch on what makes AI capabilities suitable for cybersecurity solutions, what problems are yet to be solved and whether or not they ‘can’ be solved, using the capabilities offered by AI technologies.

Alise Silde

National Library of Latvia, Mūkusalas iela 3, Rīga, Latvia LV-1423