Registration

Chair’s Opening Remarks

Keynote

General Data Protection Regulation — What This Will Mean for a BREXITing Britain

• Understanding the Key Issues when Constructing an Incident Response Plan
• Consequences of non-compliance
• Homogenising the process and fine levels across Europe
• The process will be much more rigorous and there will be much less discretion
• Being prepared is key to avoid these high fines
• The National Information Security Directive the General Data Protection Regulation and the timing of Brexit
• How will it apply to UK organisations that deal with or employ the personal data of EU citizens?

ICO Expectations & Role

• Cyber security is a board level issue not an IT one
• Is the ICO becoming a powerful regulator that can issue large fines?
• Less discretion given to companies who fall victim to an attack if simple security measures are not in place
• Scope to levy higher fines if the organisation has not already provided guidance to all customers on how to verify communications
• The obligation to notify the ICO of a ‘Personal Data Breach’ no later than 72 hours after having become aware of it
• Resources must be invested in crafting and maintaining incident management plans
• The 12 steps to compliance success recommended by the ICO
• Q&A

Refreshment Break

Refreshment Break

National Cyber Security Centre — The Best Defence is a Good Offence

• What role will the NCSC play in government?
• Explaining ‘active cyber defence’
• Pro-active approach to cybersecurity
• Sharing information security intelligence between government and industry
• Q&A

Cops and Robbers: Involving Law Enforcement

• Involve experienced outside counsel to advise of disclosure and involvement of law enforcement
• To whom should the incident be reported
• When and how the incident should be reported?
• What and how evidence should be collected
• Better understand and repair any damage caused by an attack

Good Governance — The Fiduciary Duty Owed By Directors and Officers to the Shareholders

• Developing a company-wide policy of internal controls to ensure that the financial and personal information entrusted to the company is protected
• The duty to monitor and oversee these systems
• Ensuring that there is an efficient system in place to inform victims of the breach in a timely manner
• Establish effective reporting structures to oversee data security risk management
• Ensure compliance with all relevant laws to avoid wasting company assets
• Keep up-to-date about the company’s operations
• Make reasonable enquiries to ensure that steps are taken to correct any unsound practices and maintain the quality of business performance
• The Target and the Wyndham Worldwide case and the consequences of breach of duty

Lunch

The Role of Cyber Insurance

• Is your business sufficiently insured to cover a data breach?
• What is Social Engineering and how do you combat it?
• Cyber Policy vs. Crime Policy
• Understanding your cyber policy wording
• Claims don’t get paid… or do they?

Incident Response Plan — Time is Not Your Friend

• The importance of developing a written plan
• Identifying cyberattack scenarios and how to respond to them
• The importance of early detection
• Be prepared to respond at the first sign of intrusion
• When should you notifying key stakeholders?

Putting Together an Incident Response Team — A Layered and Comprehensive Approach

• Who should be included in your internal incident response team?
• The investigative team
• The management team
• Stakeholders

Refreshment Break

Developing Crisis Management Solutions

• Establishing a Crisis management team
• What is their function?
• Public relations
• Breach notification
• Fraud mitigation
• Monitoring the situation and the progress of the breach

Forensic Investigation and Gathering Evidence

• Does the company have procedures in place to secure and preserve computer-related evidence when the cyberattack occurs?
• Preparing a training plan to contain the damage and collecting essential data required for analysis
• Determining the scope of the breach
• Hiring the essential external forensics experts to supplement or support the internal company
• Limiting damage before evidence is lost or compromised
• Using your forensics team to proactively and continuously monitoring for possible risks in the network

Chair’s Summation

Drinks Reception

Morning Refreshments

Chair’s Opening Remarks

Keynote — Overview

Reputational Risk

• Who is responsible for handling press releases and other public announcements about the attack?
• How to control the narrative?
• What and when should information be made public?
• Addressing customer or user concerns
• Take measures to restore confidence and loyalty

Stress Testing Incident Response Plans — Being Prepared for the Worst

• Identifying weakness and vulnerabilities in your incident response plan
• How quickly and effectively does the team react
• Have you identified and engaged with the right people and functions both internally and externally?
• How do your employees react and are they sufficiently trained?
• What is the impact of a system blackout on the business?
• Is there a business continuity plan in place to maintain levels of productivity in the event of a breach?

Dealing with Breaches in the Supply Chain

• Is the supply chain or third party involvement the favoured route of cyberattack?
• Are smaller less protected suppliers are used as a backdoor into the systems of well protected organisations?
• Using proxy isolation to prevent access
• Performing regular audits on supplier’s activities
• Continuous monitoring of privileged user accounts
• Was Target a target?

Lunch

Civil & Criminal Remedies and Effectiveness

• Reporting obligations in different jurisdictions
• Designating a law enforcement liaison within the incident response team as the primary point of contact with law enforcement
• Understanding the jurisdictional issues arising from the location of the company, its assets and the attacker
• How to navigate the international landscape should the situation require the assistance of law enforcement in multiple jurisdictions?

International Elements to a Cybercrime — Hypothetical Case Study

• C5 Communications is a Toronto based business that own and operates several conference production companies around the world, including the UK
• When a delegate books a conference place on the website they agree that their relationship with C5 is with that of the company based in the UK and is governed by UK Law. According to the terms of use the Courts of England and Wales also have the jurisdiction to hear cases brought against the company
• What data protection laws are C5 subject to?
• What action can be taken against an organisation that is based in one country but operates globally?

Strategies for Prevention

Refreshment Break

Civil Action Against the Breached — Minimise Your Exposure to Civil Claims

• Run a data breach simulation
• Careful communication
• Be aware of the law and be strategic as to when you notify the customer
• What can be learned from Home Depot?
• Carry out due diligence on the vendors they hired
• The pros and cons of offering access to Credit Monitoring Services

Chair’s Summation