Speakers:
Filipe Lousa, Global Data Protection Officer, Getronics
Pedro (Rui) Cunha, CISO, Timestamp SGS
Sergio Gramaca, Chief Inspector, Fraud Risk Inspection and Monitoring, Novo Banco
Tom Field, Senior Vice President, Editorial, ISMG

Opening panel sets the tone for the Summit with an overview of key cybersecurity and fraud challenges facing Portuguese organizations in the year ahead, with a preview of sessions to be featured throughout the day.

Speaker:
Pedro (Rui) Cunha, CISO, Timestamp SGS

The Security Ecosystem, the solutions environment and all the new technological trends present themselves to a security manager, a CISO or even to a CEO/CIO as a vast landscape of choices, where the path to be taken and the steps to be performed are challenging. Among the questions to be discussed in this session from the security leader's perspective:

• "What path should i take? IAM? Certification? GDPR? PCI?"
• "Which solution should i deploy first?"
• "Am i covering it all?"

Speaker:
Filipe Lousa, Global Data Protection Officer, Getronics

Recently, it was announced that British Airways is to be fined more than £183m by the UK Information Commissioner's Office (ICO) after hackers stole the personal data of half a million of the airline's customers. According to ICO, such data breach, which began in June 2018, occurred because British Airways had "poor security arrangements" in place to protect customer information being accessed.

As a controller we are not in control over the cloud service provider's (IT) environment and we must rely upon (IT) controls that the provider has in place. Such arrangements must be governed by a contract or other legal act under Union or Member State law, namely by a data processing agreement (DPA) which shall include the appropriate security measures to be implemented by the processor.

In this session, we will look into: particularities and challenges of a DPA when negotiating the appropriate organizational and security measures to be implemented, including their scope, assessment and enforcement during the term of such arrangement as a way of managing the risk of liability towards the individuals and before the data protection authorities.

Speaker:
Claire Hatcher, Global Head of Fraud Prevention

In this presentation, hear about the recent history and the future of technology and consumer patterns and drivers. This session explores the continued proliferation of social media, IoT and artificial intelligence and the implications of this technology. The huge rise in cybercrime and fraud highlights the challenges businesses face across all industries.

This session takes a look at what those challenges are, how we can react to them and what we can do better. It covers:

• Changes in our digital lives and how this drives the consumer;
• The value of data in today's world and the implications of this;
• The current state of e-fraud.

Speaker:
Antonio Moreno, Global Business Director, Security and Biometrics, Nuance

Join this session to hear from Antonio Moreno, Global Business Director, Security and Biometrics at Nuance as he discusses:

• How fraud is moving beyond telephony in the contact center to web, mobile and other digital channels
• Enterprises' readiness to prevent fraud across channels
• The importance of cross-channel authentication to fraud prevention
• Strategies organizations are using to identify fraudsters and combat fraud, including the growing adoption of biometrics to lessen the financial and reputational costs of fraud while improving CX for legitimate customers

Speaker:
Sergio Gramaca, Chief Inspector, Fraud Risk Inspection and Monitoring, Novo Banco

The insider threat can come from a malicious insider who intends to commit fraud, steal intellectual property or damage your brand. Or it can come from an accidental insider who makes a costly mistake or is taken advantage of by a malicious outsider. Both pose threats to your organization. Attend this session for expert insight on:

• Insider threats defined
• Characteristics of potential threats
• How to detect and deter threats

Speaker:
Gustavo Neves, Senior Information Security analyst and Data Privacy Consultant, Dognaedis, a PROSEGUR company

Incident Response has always been a complex activity, requiring a multi-disciplinary approach to ensure proper handling. Although the issues of privacy and personal data protection are not new to incident handlers, the recent European legislation - General Data Protection Regulation (GDPR) - poses additional challenges, as well as provides orientation on how those challenges can be overcome. There are several questions that should be answered by incident handlers, when analyzing a security incident that will either increase or decrease the impact of possible data protection issues. The GDPR itself recognizes the importance of dealing with these issues from the stand point of risk assessment, and deciding based on a preponderance of factors. Among the topics to be discussed:

• Cybersecurity data may contain personal data. Handling this sort of data, even in an incident handling context, carries risks;
• The risks should be balanced with the legitimate interests of organizations, in accordance with GDPR (and related legislation);
• Typical use cases and scenarios.

Speaker:
Luís Valente, CISO, Universidade do Porto

We now live in a world of multiple identities, multiple protocols, multiple technical solutions and billions of internet users. In this session, we discuss the challenges and opportunities that European Ecosystems can bring to the user, organizations and third parties. Among the topics:

• Linking identity provider, service providers and attribute providers;
• How to establish relations between eIDAS eID, ePassport and other identities
• Focus on user-centric approaches.

Speakers:
Miguel Jacinto, Chief Information Security Officer & Data Protection Officer no EuroBic - Banco BIC Português, SA
Pedro Machado, Country Senior Director | Data Protection Officer, Grupo Ageas Portugal

With over-regulation (mostly European), the banking and insurance industry has been challenged in the course of its economic activities, exposed to changes in business and compliance with cybersecurity and privacy guidelines. This presentation describes some of the biggest challenges that banks and insurers (and other financial sector entities) are facing regarding risk management.

Speaker:
Pedro Vieira, IT & innovation Director, Águas do Porto, EM

In this session, we take a detailed look at the unique cybersecurity issues posed to a nation's critical infrastructure. Don't miss this compelling presentation by the IT and innovation leader of a Portuguese public utility.