Speaker:
J A Chowdary, Adviser-Information Technology, Govt. of Tamil Nadu, and Chairman, Blockchain Standards Committee

Creating effective strategies for securing digital India's assets is challenging. For example, the growth of the cashless economy and increase in digital transactions have made consumers' data more vulnerable to cyberattacks, creating a more urgent need to protect digital assets.

This session discusses:

• The challenges in meeting the growing demand for cybersecurity professionals;
• How to build a protective wall of security;
• How to adapt new technologies in securing digital India.

Speaker:
Terence Gomes , Enterprise Security Executive - India, Enterprise Cybersecurity Group, Microsoft India

Cloud adoption has created challenges for enterprises, including third-party risks, breaches caused by cloud misconfigurations, excessive permissions to access data, lack of effective methods and many more. Traditional enterprise cloud architectures have paved the way for hybrid enterprise architectures, which have led to new security challenges for organizations that have mission-critical applications running on the cloud. Securing the endpoints deploying third-party access controls and carrying out data governance and management become Herculean tasks.

This session discusses:

• How to check for misconfiguration of cloud apps;
• Deploying the right tools to check anomalous behavior on cloud apps;
• Protecting sensitive data at the source with strong access controls for cloud apps.

Speaker:
R.K. Shyamasundar, JC Bose National Fellow and Distinguished V. Professor, IIT Bombay

To meet India's ambitious goal of growing the cybersecurity market as much as $35 billion and creating 1 million new jobs by 2025, academia need to play a critical role. Various stream of dimensions and disruptive technologies such as IoT, 5G, blockchain and issues around privacy has a huge impact on information security of critical infrastructure. Any successful cybersecurity ecosystem requires the close cooperation of government, industry and academia - just like in the public health arena. This session highlights the intricacies of identifying the challenges and bridging the gaps in education, training and skill.

Speaker:
Sridhar Govardhan, Senior Director and Head of Information Security, Flipkart

Digital transformation to the cloud has resulted in increased dependency on third-party vendors to manage security tasks. This means managing the security risks involved is becoming a bigger challenge. Many organizations still have a long way to go in strengthening governance when it comes to vendor management as they move to cloud.

Enterprises are attempting to devise various policies, procedures and frameworks that are effective in dealing with third-party cloud service providers and come up with appropriate contractual agreements.

This session describes:

• How to evaluate a vendor's risk to your business in your cloud journey;
• The types of adversarial campaigns and tools that are used to infiltrate third parties;
• How to implement policies and procedures that mitigate third-party risks;;
• Creating an effective vendor risk program.

Speaker:
S.V. Sunder Krishnan, Chief Risk Officer, Reliance Nippon Life Insurance

About 50 banks in India have cyber insurance policies to cover breach response costs, risk mitigation services, notification, forensic services, public relations, crisis management and any customer loss which can be quantified, as well as third-party risk exposure and other specialty services, such as hiring an auditor.

The insurance research firm Allianz says that cyber risk is a growing concern for Indian businesses as a result of major data breaches and privacy scandals, IT outages and the introduction of tighter data protection rules in the European Union and elsewhere. As a result, more Indian enterprises with global exposure, including those in the financial services, IT, pharmaceutical and other sectors, are considering cyber insurance as key risk management and cost-control tool.

This session explains:

• How to develop comprehensive risk coverage policies tailor-made for the risk assessment of a sector and the business;
• How India's pending data protection bill could fuel demand for cyber insurance;
• How to create an effective risk management framework to assess risk and insurance coverage.

Speaker:
Claire Hatcher, Global Head of Fraud Prevention, Kaspersky

According to the 2019 Cyberthreat Defense Report, nearly eight out of 10 organizations were victims of at least one successful cyberattack in 2018. While corporate strategies around digital transformation are driving measurable business outcomes, they are - at the same time - creating new security risks through the adoption of new technologies, increased complexity, and expansion of the attack surface with increased fraud.

The biggest question is how can security leaders avoid being obstacles and actually become catalysts for change and deliver business value and mitigate risks arising out of this digital transformation.

This session discusses:

• Protecting data generated in the digital transformation journey
• Balancing fraud prevention, whilst driving business value and ensuring a good consumer experience
• Assessing how new security architectures and technologies can address the complexities and mitigate risks in reducing fraud.

Speaker:
Ganesh Prasad, Pre-Sales Manager, India , RSA

The modern digital economy is built on a foundation of trust, which is becoming increasingly more fragile and vulnerable to risks that we are just starting to understand. Digital technologies are a force for progress. Yet, they are also a source of distrust in the very technology that is intended to drive that progress. The paradox is that as organizations go digital, their biggest asset becomes data, which also serves as the biggest potential liability when it comes to building or breaking trust.

This session discusses:

• How to enable trust in the digital world
• Understanding digital risk priorities
• Building business resiliency

Speaker:
Steven Hunter, Senior Director, System Engineering, APJ, Forescout Technologies

The Zero Trust model of information security has become a fixture in both the strategies of enterprise security teams and the roadmaps of security solution developers and for good reason. Perimeter-focused security architectures that default to high trust levels on the internal network continue to fail disastrously and expensively. Zero Trust protects sensitive data by limiting access to only those who require it and strictly enforcing access through intelligent access control and network segmentation.

Attend this session to:

• Explore options for where to start with a Zero Trust Model in your enterprise and finding quick wins
• Understand the challenge of knowing whether your Zero Trust controls are actually effective
• Explore an innovative approach to obtaining this assurance

Speaker:
Ankur Patial, Sr. Technical Consultant (Cyber Security), CrowdStrike India

Security operations centers must scale up to better detect cyberthreats early. New research on "breakout time" reveals strategies on how you can use the 1-10-60 Rule to benchmark your organization in responding to adversary's activities before it results in a full-blown breach.

What is breakout time? It's the time it takes for an intruder to begin moving laterally outside of the initial beachhead to other systems in the network. The average breakout time analyzed over the previous year came in at one hour and 58 minutes.

Speakers:
Amit Sharma, Advisor (Cyber) and Director at the Office of Secretary, Department of Defence
Brijesh Singh, Additional Director General of Police, Govt. Of Maharashtra

Nation-state attacks often have close links to the military intelligence or state control apparatus with a high degree of technical expertise. India is fighting off an array of disruptive attacks that include advanced malware, sophisticated distributed denial-of-service attacks and nation-state actors targeting DNS protocols as part of ongoing espionage campaigns.

India could be vulnerable to cyber espionage because its critical infrastructure is becoming increasingly dependent on automated data processing and vast computer networks, making it vulnerable to such information warfare techniques.

Are organizations in India well-equipped to mitigate the risk of nation-state actors that have a 'license to hack"?

In this session, Amit Sharma, adviser (cyber) and director at the office of secretary, Department of Defense, Ministry of Defence, discusses.

• New techniques used by the nation-state actors to steal critical data information;
• New cyber defense techniques/strategies India has to adopt in tackling the nation-state threats;
• Law enforcement challenges in tackling such attacks.

Speakers:
Sameer Ratolikar, CISO, HDFC Bank
Suparna Goswami, Associate Editor, ISMG

How can banks leverage artificial intelligence and machine learning to drive innovation while ensuring that the project is secure and would not make the data vulnerable? How important is it to take a structured approach in implementing "security by design" for conducting proper risk assessments of the organizations and people involved in the innovation process?

In this session, a bank CISO discusses essential steps security practitioners need to take in the business integration process before rolling out any innovation in a fireside chat.

Speakers:
Arvind Kumar, Head of Sales - India & APAC, Aujas
Ashutosh Jain, CISO, Axis Bank
Bharat Panchal, CRO, India, ME & Africa, FIS Global
Gaurav Batra, Asia Pacific Information Security Manager, Mondelez International

India's regulatory bodies are insisting that transactional data be stored domestically to help prevent breaches and to have better data protection mechanisms in place. The move could help fast-track cybercriminal investigations. But will data localization lead to improved data security or will it result in major hurdles?

This panel discusses:

• Whether the emphasis on data localization could hamper security efforts;
• The cost implications of storing data domestically;
• The best security controls to put in place;
• Whether creation of next-generation SOCs will help in building a strong monitoring framework.

Speakers:
Agnelo D'Souza, CISO, Kotak Mahindra Bank
Anish Ravindranathan, Cybersecurity Lead-Detection and Response, General Mills
Nitin Bhatnagar, Associate Director-India, PCI Security Standards Council
Vicky Shah, Advocate, Data Privacy Professional

Organizations that are relatively well-resourced and committed to cybersecurity stand to benefit from cybersecurity audits.

Cybersecurity audits provide an additional layer of assurance that an organization is safeguarding the data that has become increasingly essential in driving and transforming virtually every business process. But are these audits truly effective?

This panel discusses:

• How internal audits be improved;
• Audit technique shortcomings;
• The important aspects that auditors tend to ignore.
• The responsibilities of the security department in the cybersecurity auditing process.

Speaker:
Justice B.N. Srikrishna, Former Judge, Supreme Court of India, and Chairman of the Data Protection Committee

The long-awaited Personal Data Protection Bill is ready to be tabled in Parliament during this winter session. Organizations across geographies are still struggling to understand the nuances of the European Union's General Data Protection Bill and the California Consumer Protection Act.

Indian enterprises are equally reeling under the ambiguity of the proposed India's Data Protection Bill, recommended by the committee headed by former Supreme Court Judge, Justice B.N. Srikrishna.

In this session, Justice B.N. Srikrishna, chairman of the committee discusses:

• The role of security in the new world of privacy;
• The need for setting up Data Protection Authority of India-a realistic scenario;
• Data breach notification - challenges and implications;
• Data localization norms and cross-border transfer of personal data ambiguities facing enterprises.

Speaker:
Ved Prakash, Senior Business Development Manager, Thales Group

Complying with regulations and standards, including GDPR, PCI DSS, the RBI Gopala Krishna Committee report and the UIDAI's Aadhaar biometric, has increased the need for stringent data protection measures. India's upcoming data privacy bill will further mandate all organizations to safeguard sensitive data.

Many organizations are failing to effectively implement the last line of defense and data security controls, processes and policies because they're still focusing on securing the perimeter. What's needed is a new data-centric approach to protect and control sensitive information and ensure data confidentiality, integrity and availability.

This session will discuss:

• How do build effective data protection strategies;
• Tackling insider threats;
• Deploying the last line of defense and controls to protect beyond the perimeter.

Speaker:
Sunil Kumar Gupta, Co-founder and CEO, QNu Labs

As quantum computers come into the forefront, they pose immense risks. So the time to change our data security paradigms is now. In this session, learn why Quantum Key Distribution is the technological solution - a "black swan" - to ensure data remains agile, quantum-safe and unconditionally secure.

Speaker:
Loknath Behera, State Police Chief and Director General of Police, Kerala State

Digitization across sectors has led to data proliferation, and organizations are struggling to handle the sheer volume of data. The abundance of valuable information has captured the attention of subversive elements, while cybercriminals have breached networks and compromised billions of records, not only causing revenue losses but impacting brand reputation.

Organizations in all industries have seen their core processes and assumptions challenged by dramatic changes in regulatory environments, competitive landscapes, technological upheaval, customer behavior, macroeconomic conditions and evolving security threats.

The new model of information security is open and fuzzy because the systems that we want to protect also must be open to the outside world. So we need a new security model and new cyber defenses that can help enterprises get "future ready" to fight the "unknown, unknown" threats.

This exclusive session describes:

• Lessons from the past in dealing with the enterprise security chaos;
• How security architecture and new cyberdefenses can be made simple and transparent and what needs to be protected;
• A collaborative approach to building skills and techniques to achieve "future-proof" enterprise security.

Speakers:
Bhishma Maheshwari, Executive Vice President & Cyber Leader, Marsh India Insurance Brokers Pvt. Ltd
Devender Kumar, CISO, TMF Group
Patrick Pitchappa, CISO, BNP Paribas
Uday Deshpande, Group CISO, L&T Group of Companies

Many high-profile breaches have grabbed headlines this year, including those at Wipro, Toyota and Capital One. What lessons can CISOs learn from this year's big breaches as they develop risk mitigation strategies for 2020?

This session addresses:

• Top priorities for CISOs next year;
• Important lessons to be learned from this year's security incidents;
• What new technologies could play key roles in mitigating security risks.

Speakers:
Brijesh Datta, EVP & CISO, Reliance Jio
Sandip Chakraborty, Chief Technology Officer, Edelweiss General Insurance Co
Sridhar Sidhu, SVP and Head of InfoSec Services Group, Wells Fargo

This session features a dialogue among a CISO, a CIO and a CTO on the challenges they face in executing large projects where security becomes a business enabler. How can the security team navigate and negotiate to gain buy-in from senior executives in all departments? This panel will address the cross-functional challenges and offer strategies for success.

This session addresses:

• Top priorities for CISOs next year;
• Important lessons to be learned from this year's security incidents;
• What new technologies could play key roles in mitigating security risks.