AGENDA AT A GLANCE

DAY ONE DAY TWO DAY THREE Delivering Pragmatic & Value-Adding Security Information Security Risk: A Comprehensive & Balanced Risk Management Approach CISO Roundtable Applying Your Information Security Experience to Deliver Beneficial Results

CHAIRED BY
DAY ONE: Marcus Alldrick, CISO, Lloyds DAY TWO: Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort DAY THREE: Charles V. Pask, Managing Director, ITSEC Associates Ltd

SPEAKER PANEL
Alastair MacWillson, Managing Director of Global Security Practice, Accenture Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG Berthold Kerl, Managing Director, Head of IT Security Governance, Deutsche Bank AG Bill Pepper, Recently Director of Security Risk Management, Computer Sciences Corporation Charles V. Pask, Managing Director, ITSEC Associates Ltd Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach Daniel Barriuso, Head of IT Risk EMEA, Credit Suisse Dave Pope, Head of Information Security - Information Assurance Group, DVLA David Tyrrell, Country Sales Manager, UK, Everett Dr. Alastair MacWillson, Managing Director of Global Security Practice, Accenture Dr. Eduardo Gelbstein, Adjunct Professor, Webster University (Geneva), Former Advisor to the UN Board of Auditors and Former Director, UN International Computing Centre Dr. Eduardo Solana, Senior Lecturer, University of Geneva Eddie Schwartz, Vice President, Chief Security Officer, NetWitness Edward P. Gibson, FBCS*, Chief Cyber Security Advisor, Microsoft Ltd, UK Floris Van Den Dool, Security EMEA Lead, Accenture Dr. Frank Marsh, Associate, BurrillGreen Ltd Janet Day, IT Director, Berwin Leighton Paisner LLP Jay Libove, Recently Global Data Protection Manager, Transcom Worldwide Joel Bernard, Sales Development Manager, Seagate Technology John Colley, Managing Director EMEA, (ISC)2 EMEA Jorge Pinto, Chief Security Officer, InfoSec.ONline.pt, Portugal Julia Harris, Head of Information Security, BBC Marcus Alldrick, CISO, Lloyds Mark Chaplin, Senior Research Consultant, Information Security Forum Mark Concar, AEB Data Security Director, Standard Chartered Bank Mark Logsdon, Information Risk Management, Barclays Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort Neil Jarvis, Head of IT Security, IT Risk and Business Continuity, DHL Exel Supply Chain Paul Hopkins, Head of Network Vulnerability Intelligence e-Security Group, University of Warwick Paul Wood, Group Chief Security Officer, Aviva Paula J. Chlebowski, Head of Group Information Security, HSBC Holdings plc Pedro Pombo Rodrigues, Manager Technology Consulting Security Practice, Accenture Phil Genge, Head of Information Security, Nationwide Building Society Philippe Huard, Sales Development Manager, Seagate Technology Quentyn Taylor, Director of European Information Security, Canon Europe Ray Stanton, Global Head of Business Continuity, Security & Governance Practice, BT Richard Hollis, CEO, Orthus Ltd. Robert Coles, Global CISO, Merrill Lynch Sarb Sembhi, President, ISACA London Chapter Tony Crilly, Managing Director, Saladin Technical Services plc Valerie Jenkins, Head of Information Security, Zurich Financial Services Walid Kamal, VP, Technology Security Risk Management, DU Telecom, United Arab Emirates

SPONSORS
Gold Sponsor Silver Sponsor Lead CISO Roundtable Sponsor Cocktail Sponsor Lunch Sponsor Gigabyte Exhibition

PRE-EVENT: TUESDAY 9TH JUNE 2009

19:00 21:00 WELCOME DRINKS RECEPTION IN THE GARDENS OF MARRIOTT HOTEL KINDLY SPONSORED BY:

CISO SUMMIT DAY ONE: WEDNESDAY 10TH JUNE 2009 Delivering Pragmatic & Value-Adding Security
08:00 08:30 REGISTRATION & COFFEE CHAIRMANS OPENING Marcus Alldrick, CISO, Lloyd's THE FUTURE OF INFORMATION SECURITY Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort BALANCING ENTERPRISE RISK IN THE NEW NORMAL - KEYNOTE Dr. Alastair MacWillson, Managing Director of Global Security Practice, Accenture FROM A TIME OF CRISIS COMES A TIME OF CHANGE - CASE STUDY Phil Genge, Head of Information Security, Nationwide Building Society MORNING COFFEE BREAK & EXHIBITION MANAGING INFORMATION SECURITY FOR STRATEGIC ADVANTAGE CASE STUDY Andreas Wuchner-Bruehl, Global Head of IT Security, Novartis Pharma AG LOCK UP THE DATA - NOT THE CEO. SAFEGUARDING DATA WITH SEAGATE SELF-ENCRYPTING HARD DRIVES Joel Bernard, Sales Development Manager, Seagate Technology IS INFORMATION SECURITY RELEVANT TO YOUR BUSINESS STRATEGY? Dr. Frank Marsh, Associate, BurrillGreen Ltd WHAT DOES WORLDCLASS LOOK LIKE? David Tyrrell, Country Sales Manager, Everett UK LUNCH MARRIOTT RESTAURANT KINDLY SPONSORED BY: CREATING VALUE & TRUST BETWEEN INFORMATION SECURITY & THE BUSINESS DURING DIFFICULT TIMES: TRANSFORMING INFORMATION SECURITY TO MISSION-CRITICAL SECURITY - PANEL Measuring true security benefits while avoiding reliance on key performance indicators Can the trust brought by online security really drive bottom line results? Adopting cost cutting strategies versus maintaining business security & sustainability Top tips to create value between information security & the business Understanding the urgent imperative for your business Steering a top security team through the global downsizing trend Finding new ways to do things Chaired by: Ray Stanton, Global Head of Business Continuity, Security & Governance Practice, BT Panellists: Edward P. Gibson, FBCS*, Chief Cyber Security Advisor, Microsoft Ltd; Daniel Barriuso, Head of IT Risk EMEA, Credit Suisse; Dave Pope, Head of Information Security - Information Assurance Group, DVLA; Julia Harris, Head of Information Security, BBC; Walid Kamal, VP, Technology Security Risk Management, DU Telecom, United Arab Emirates; Valerie Jenkins, Head of Information Security, Zurich Financial Services LINING UP ASSURANCE & IDENTIFYING YOUR TOP INFORMATION RISKS: INTERNAL AUDIT & INFORMATION SECURITY CASE STUDY Dave Pope, Head of Information Security - Information Assurance Group, DVLA, UK SECURING INFORMATION THROUGH TIMES OF EXTENSIVE CHANGE CASE STUDY Mark Concar, AEB Data Security Director, Standard Chartered Bank HOW TO USE YOUR INFORMATION SECURITY SKILLS TO ADD TO THE BOTTOM LINE CASE STUDY Quentyn Taylor, Director of European Information Security, Canon Europe AFTERNOON TEA BREAK & EXHIBITION

08:40

09:40

10:10

10:40 11:10

11:40

12:05

12:45

13:00 14:00

14:35

15:05

15:35

16:05

16:30

MANAGING THE INSIDER THREAT & DETECTING MASSIVE CONTROL FAILURES IS THIS A ROLE FOR TODAYS SECURITY CHIEFS? PANEL Managing insider access risk How far to police or trust staff, & how to maintain thought leadership across highly networked groups of staff Protecting your organisation from the greed of top execs: a valid role for todays CISO? Chaired by: Charles V. Pask, Managing Director, ITSEC Associates Ltd Panellists: Berthold Kerl, Managing Director, Head of IT Security Governance, Deutsche Bank AG; Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort; Richard Hollis, CEO, Orthus Ltd.; Robert Coles, Global CISO, Merrill Lynch; Sarb Sembhi, President, ISACA London Chapter COP TO CONSULTANT - DELIVERING GLOBAL CONSISTENCY IN INFORMATION SECURITY CASE STUDY Paula J. Chlebowski, Head of Group Information Security, HSBC Holdings plc HUMAN ERROR: THE TOP SECURITY CONCERN IN A MULTI-NATIONAL ORGANISATION? CASE STUDY Paul Wood, Group Chief Security Officer, Aviva Group THE COMMON SENSE & NONSENSE OF JUSTIFYING SECURITY INVESTMENTS CASE STUDY Dr. Eduardo Gelbstein, Adjunct Professor, Webster University, Geneva, Former Advisor to the UN Board of Auditors and Former Director, UN International Computing Centre CHAIRMANS CLOSE OF DAY ONE COACH LEAVES FROM OUTSIDE MARRIOTT HOTEL LOBBY CISO PORT & WINE TASTING RECEPTION, LISBON: KINDLY SPONSORED BY:

17:00

17:35

18:05

18:35 18:50 19:00 - 21:00

CISO SUMMIT DAY TWO: THURSDAY 11TH JUNE 2009 Information Security Risk: A Comprehensive & Balanced Risk Management Approach
08:00 08:30 COFFEE CHAIRMANS RE-OPENING Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort PATCH MANAGEMENT: INCREASINGLY A FACET OF EFFECTIVE RISK MANAGEMENT CASE STUDY Marcus Alldrick, CISO, Lloyd's MANAGING THIRD PARTY DATA SECURITY CASE STUDY Daniel Barriuso, Head of IT Risk EMEA, Credit Suisse WHAT EVERY CISO SHOULD KNOW ABOUT INDUSTRIAL ESPIONAGE: MANAGING THE BROADER THREATS TO INFORMATION SECURITY Tony Crilly, Managing Director, Saladin Technical Services plc. MORNING COFFEE BREAK & EXHIBITION UNDERSTANDING THE GLOBAL THREAT ENVIRONMENT: WHAT ARE THE KEY EMERGING INFORMATION SECURITY & E-CRIME RISKS TODAY? - PANEL What are the top 3 technology risks & trends on your priority list? How has the global financial crisis & the uncovering of recent high profile frauds impacted your approach to security? How to manage social networking vulnerabilities The threat of social engineering to hijack sensitive information How will emerging risks (malware & attack vectors, viruses) affect your organisation? What are your plans to test your security strategy & take a proactive stance? Recommendations going forward Chaired by: Paul Wood, Group Chief Security Officer, Aviva Panellists: Edward P. Gibson, FBCS*, Chief Cyber Security Advisor, Microsoft Ltd; Eddie Schwartz, Vice President, Chief Security Officer, NetWitness Corporation; Philippe Huard, Territory Sales, Southern Europe, Seagate Technology; Neil Jarvis, Head of IT Security, IT Risk and Business Continuity, DHL Exel Supply Chain; Jorge Pinto, Chief Security Officer, InfoSec.ONline.pt, Portugal; Dr. Eduardo Solana, Senior Lecturer, University of Geneva AWARENESS RAISING: MAKING THE RISK, OUR INFORMATION, YOUR RESPONSIBILITY & OTHER AWARENESS MATERIAL CASE STUDY Mark Logsdon, Information Risk Management, Barclays WHY SECURE CODING IS NOT ENOUGH John Colley, Managing Director EMEA, (ISC)2 EMEA LUNCH INTERACTIVE SESSIONS PLEASE SELECT YOUR PREFERRED BREAK-OUT TOPIC BREAK-OUT B: THE CONVERGING WORLDS OF PHYSICAL & DIGITAL SECURITY INTERACTIVE SESSION! Dr. Frank Marsh, Associate, BurrillGreen Ltd

08:35

09:10

09:40

10:10 10:40

11:25

12:25

13:00 14:00

BREAK-OUT A: SECURITY & PRIVACY ASSURANCE IN OUTSOURCING & OFFSHORING A NEW CHALLENGE Bill Pepper, Recently Director of Security Risk Management, Computer Sciences Corporation 14:30

PRIVACY ENHANCING TECHNOLOGIES (PET's) ACADEMIC INSIGHTS Paul Hopkins, Head of Network Vulnerability Intelligence e-Security Group, University of Warwick THE PORTUGUESE NATIONAL ID CARD PROGRAMME CASE STUDY Pedro Pombo Rodrigues, Manager Technology Consulting Security Practice, Accenture SUPERPHREAK": WHATEVER HAPPENED TO MODEM SECURITY? Richard Hollis, CEO, Orthus Ltd. AFTERNOON TEA BREAK & SPONSORS PRIZE DRAW PASSPORT TO PRIZES!

15:00

15:30

15:55

16:25

SECURITY VS. PRIVACY - PANEL What do we mean by privacy? Information about us? Information belonging to us? Space we regard as ours like a phone or bag? Our physical privacy - searches? What is the privacy role of the CISO? Should there be a "privacy officer" separately from the Security team? How does a CISO balance the need for privacy during investigations? Do you prevent, allow and monitor or allow & not monitor? Who sets the rules? Chaired by: Dr. Frank Marsh, Associate, BurrillGreen Ltd Panellists: Jay Libove, Recently Global Data Protection Manager, Transcom Worldwide; Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort; Marcus Alldrick, CISO, Lloyd's; Paul Hopkins, Head of Network Vulnerability Intelligence e-Security Group, University of Warwick; Mark Chaplin, Senior Research Consultant, Information Security Forum; Janet Day, IT Director, Berwin Leighton Paisner LLP CONSUMER APPLICATIONS: CREATING SECURITY PROBLEMS? - CASE STUDY Neil Jarvis, Head of IT Security, IT Risk and Business Continuity, DHL Exel Supply Chain PROTECTING INFORMATION IN THE END USER ENVIRONMENT Mark Chaplin, Senior Research Consultant, Information Security Forum CLOSE OF DAY TWO COACH LEAVES FROM OUTSIDE MARRIOTT HOTEL LOBBY FOR SINTRA TOUR & DINNER AT RESTAURANTE PISCINAS AZENHAS DO MAR - KINDLY SPONSORED BY:

16:55

17:25

18:00 18:30

CISO ROUNDTABLE: FRIDAY 12TH JUNE 2009 Applying Your Security Experience to Deliver Beneficial Results
08:30 09:00 09:00 09:10 REGISTRATION & COFFEE

CISO Roundtable Sponsored by:

WELCOME, GROUP INTRODUCTIONS & SETTING OF AGENDA PRIORITIES Chaired by: Charles V. Pask SESSION 1: RISK DECISION TAKING: ARE DECISIONS MORE INSTINCT THAN INFORMED JUDGEMENT? Lead Facilitator: Marcus Alldrick Supported by: Floris Van Den Dool Notes by: Charles V. Pask SESSION 2: IT RISK METRICS: WHATS WRONG WITH THEM & WHAT NEEDS TO BE FIXED TO MAKE THEM WORK Lead Facilitator: Eddie Schwartz Supported by: Mark Chaplin Notes by: Marcus Alldrick MORNING COFFEE BREAK SESSION 3: TO BE CONFIRMED Lead Facilitator: Michael Colao Supported by: Eddie Schwartz Notes by: Floris Van Den Dool LUNCH SESSION 4: BREAKOUT SESSIONS The group will break into two teams for specific discussions. Each team will have the support of 4 facilitators, including a 10-minute presentation by the facilitator, 30-minutes of group discussion, and 5-minutes to present the key learning points from each session back to the full group after the break. SESSION 4B: MORE REGULATION & LEGISLATION ON THE WAY - DO WE NEED IT & SHOULD IT BECOME MORE PRESCRIPTIVE? Lead Facilitator: Marcus Alldrick Supported by: Paul Wood & Floris Van Den Dool Notes by: Dr. Cheryl Hennell

09:10 10:00

10:00 11:00

11:00 11:20 11:20 12:20

12:20 13:20 13:20 14:05

SESSION 4A: EMERGING THREATS ARE THERE ANY NEW ISSUES OR ARE THEY JUST OLD ISSUES REHYPED? Lead Facilitator: Charles V. Pask Supported by: Mark Chaplin & Eddie Schwartz Notes by: Michael Colao 14:05 14:20 14:20 14:35 14:35 15:35

FEEDBACK FROM THE BREAKOUT SESSIONS TO THE FULL GROUP AFTERNOON TEA BREAK SESSION 5: NEW INTERACTIVE SESSION - HOW CAN SENSITIVE INFORMATION STAY FAITHFUL TO ITS ORGANISATION? Lead Facilitator: Dr. Cheryl Hennell Supported by: Marcus Alldrick Notes by: Paul Wood SESSION 6: SERVICE PROVIDERS WHAT TO EXPECT FROM THEM REAL ENGAGEMENT STORIES PANEL & OPEN QUESTIONS FROM AUDIENCE Lead Facilitator: Floris Van Den Dool Supported by: Michael Colao Notes by: Eddie Schwartz SESSION 7: OPTIONAL - 30 MINUTE CLOSE SESSION FOR REAL-LIFE SECURITY INCIDENTS
This is an opportunity for those who have agreed to a confidentiality agreement in advance to attend a closed door 30 minute session where participants can discuss real life information security incidents & discuss possible solutions.

15:35 15:50

15:50 16:20

Lead Facilitator: Paul Wood Supported by: All Facilitators 16:20 CLOSE OF DAY

ABOUT THE CISO ROUNDTABLE 2009 FACULTY:

CHAIRMAN:
Charles V. Pask, Managing Director, ITSEC Associates Ltd
Charles is responsible for delivering global IT security & IT audit services, including public training courses, in-house training courses, conferences & symposiums. Previously, he was a Director with MIS Training,& Director of Information Security Institute (ISI) European & Middle East e-Security Services. Mr. Pask has over 20 years experience in IT, IT audit,& IT security, & was the Information Security Manager for Alliance & Leicester plc prior to joining MIS. More recently Charles was the Global Head of Strategy, Development & Globalisation for the BT Business Continuity, Security & Governance Practice.

FACILITATORS: Marcus Alldrick, CISO, Lloyd's

In his role at Lloyds Marcus is responsible for ensuring that risks to information are understood & adequately mitigated in a cost effective manner throughout the organisation, both in the UK and in its overseas locations, & that assurance to this effect is provided to Executive, Senior and Line Management. Marcus has worked in IT for over 30 years, specialising in information risk & security for the latter 17 years. Prior to joining Lloyds, Marcus was a Principal Advisor for KPMG, working in IT Advisory & specialising in information security strategy definition & implementation. Before that Marcus was Head of Information Security for Abbey National plc, a leading UK bank, a position he held for six years following seven years as Information Risk and Security Manager for Barclaycard, part of Barclays plc & Europes largest credit card issuer.

Eddie Schwartz, Vice President, Chief Security Officer, NetWitness Corporation

Eddie is Chief Security Officer of NetWitness and has 25 years experience in the information security and privacy fields. Previously, he was Chief Technology Officer of ManTech Information Systems and Technology Corporation, EVP and General Manager for Global Integrity/Predictive Systems, SVP of Operations at Guardent, CISO for Nationwide Insurance; a Senior Computer Scientist at CSC where he was Technical Director of the DSS Information Security Laboratory, and a Foreign Service Officer with the U.S. Department of State. Mr. Schwartz has advised a number of security companies, and served on the Executive Committee for the Banking Information Technology Secretariat (BITS). Mr. Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management.

Floris Van Den Dool, Security EMEA Lead, Accenture

Floris provides services to several of Accentures main clients across all industries. Floris has been active in IT consulting & security for 20 years & lectures at Erasmus University in Rotterdam on the topics like Computer Architectures, IT auditing & Security. Currently he is helping a number of organisations with the security aspects of outsourcing as well as outsourced security services.

Mark Chaplin, Senior Research Consultant, Information Security Forum

Mark is an information risk management professional with over 18 years of experience in IT and information security. He has worked in diverse roles from consultancy to information security governance and strategy for blue-chip organisations. Prior to joining the ISF Mark was responsible for information security at a multinational FTSE 250 company. He believes in a risk-based, business-oriented approach to managing information risk, while complying with the requirements of internal standards, contracts, regulation and legislation. Mark runs global research projects for the ISF on all aspects of information security, including governance, standards, risk management and compliance. Mark is also responsible for the ISFs Standard of Good Practice for Information Security.

Michael Colao, Global CISO & Director Information Management, Dresdner Kleinwort
Michael has been with Dresdner Kleinwort since 1999. He is the Director of Information Management. This role means that Michael is both the Global Head of Information Security for the Bank as well as the Global Head of Data Protection and Privacy. He has a strong side-interest in computer forensics & in the management of digital evidence. He graduated from the Massachusetts Institute of Technology in 1987 where he studied Mathematics & Computer Science. He has since lived in three continents & has lectured globally on security technology issues. Since 1996 has been working in Financial Technology in London.

Paul Wood, Group Chief Security Officer, Aviva

Paul has over 30 years experience in the security arena, dealing with crime, fraud, information security, counter-terrorist & executive protection. He worked in a number of security roles within government from 1974 until he retired in 1995 from the Directorate of Security Policy, at the Ministry of Defence. He joined the Civil Aviation Authority / National Air Traffic Services as the Head of Corporate Security. From Jul 99 Apr 06 he was the Chief Security Officer for UBS Investment Bank, with responsibilities for all aspects of physical & information security. In April 06 he assumed the appointment of Group Chief Security Officer for Aviva Group; he has responsibility for all aspects of security across the Group. Paul is a regular speaker on security matters. He is a member of the ISSA Advisory Board; a founder member & now Director on the Board of IISP & a member of many other professional security forums. He was awarded the MBE in the 1995 New Years Honours List.

Dr. Cheryl Hennell, Head of IT Security and Information Assurance, Openreach

Prior to her current position, Cheryl was a Senior Lecturer at the University of Portsmouth. Following 3 decades in the IT industry working for the Ministry of Defence, The Office of Population, Censuses & Surveys & as a European consultant for a blue chip organisation, she entered academia. Cheryl is an active CISSP & has recently been appointed as an ambassador for Childnet delivering training sessions in schools. Her academic interests lie in the analysis & design of information systems; developing secure information systems; business continuity & disaster recovery, & digital forensics. She designed, developed & led lectures on the BSc (Hons) Digital Forensics degree for the University of Portsmouth.