Speaker:
Art Coviello, former CEO, RSA Security; Venture Partner, Rally Ventures

The biggest companies often take matters into their own hands when it comes to breach prevention, eschewing long-term relationships with vendors and charting their own courses with a dizzying array of technologies. Meanwhile, smaller companies fall further behind, struggling to find talent and budget, while security industry vendors produce evermore granular products that leave everyone unsatisfied and exhausted. Does this sound like the prospects are good for reducing breaches and fraud? The short answer: No.

During this session, former RSA Chairman Art Coviello reviews possible paths forward for practitioners as well as what they should be looking for from vendors, service providers and their own management.

Speaker:
Alex Mosher, Vice President of Security Strategy, CA Technologies

Many organizations are undergoing a transformation to support digital platforms and stay competitive. But to maintain security, they have to ensure that access to these platforms is limited. New vulnerabilities to cybercrime are being introduced through hybrid environments that often include remote access to systems and servers, automation of processes and concentration of administrative power. Limiting administrative power through privileged access management is increasingly critical, but so is authentication, as more legitimate users' credentials are being compromised and access to systems is being fooled by the coders. How can these risks be mitigated while still keeping a competitive edge? This session provides answers.

Speaker:
Kevin Flynn, Global Director of Products, Skybox Security

As organizations migrate workloads to cloud computing, they benefit from flexibility and agility, but security operations grow increasingly difficult, especially when it comes to ensuring adherence to critical regulations, such as PCI-DSS, NERC or the EU's GDPR. Gaining the needed visibility into cloud environments and extending existing security workflows to ensure that adherence, while also managing shared responsibility, creates new challenges for security professionals. Add to this the complexity of hybrid and multicloud environments, and the loss of control within those environments, and it's no wonder security leaders are scratching their heads over how to ensure consistency in applied policy and how to assess and audit those policies. This session looks at approaches to addressing the challenge of managing security policy in the cloud, including best practices for extending an organization's visibility and understanding of its regulatory compliance posture.

Speakers:
Art Coviello, former CEO, RSA Security; Venture Partner, Rally Ventures
Joan Goodchild, Director of Multimedia Content, ISMG
Peter Beardmore, Director of Digital Risk Management Solutions, RSA
Richard Parry, Principal, Parry Advisory; former Risk Management Executive, JPMorgan Chase

Will the Equifax breach be a game changer, or just another big-name security mishap that slowly fades away out of collective memory? Does this massive breach have the potential to be the incident that leads to sweeping regulatory changes, when it comes to credit bureaus and data collectors like Equifax? If so, what are the lessons learned, not only for consumers, but for C-suite security executives and boards? During this panel, experts weigh in on the long-term implications of the breach and what they believe we will see in the coming months from regulators and businesses as the developments and ramifications of this breach continue to unfold.

Speaker:
Paul Bowen, Principal Security Technologist, Arbor Networks

In this session, a security technologist discusses and reviews the anatomy of a breach, including the effects a breach has in real and soft money. He also reviews attacker motivations and how threat intelligence can correlate activities to help highlight indicators of compromise and analyze and mitigate the damages of breaches, offering a summary of how to protect your organization and keep it out of the headlines.

Speaker:
John Cloonan, Head of Products, Lastline

Ransomware presents some unique challenges to organizations, regardless of their size, industry or geography. It has very distinct behavior relative to other kinds of malware. For example, it actually tells you that an attack has taken place. From a defender's point of view, being alerted to an attack is far better than having it stay undetected in your systems. During this presentation, John Cloonan, head of products at Lastline, reviews:

• Common elements of today's malware strains;
• Effective strategies for combatting ransomware;
• What malware defenders can learn from ransomware.

Speaker:
Peter Beardmore, Director of Digital Risk Management Solutions, RSA

Organizations of all sizes today face serious and consequential risk management challenges. Technology is often presented as the ultimate solution. But in many cases, organizations are experiencing not just a technical challenge, but a "language" challenge, especially when it comes to risk management communication between various levels of the organization. Ultimately, the goal is to provide trusted, transparent and aggregated risk data to drive more informed, confident and effective business decisions. This session offers a discussion of these challenges and potential solutions.

Speakers:
Imran Ahmad, Partner - Toronto Office, Miller Thomson LLP
Randy Sabett, Vice Chair, Privacy & Data Protection Practice Group, Cooley LLP
Sunil Chand, Director of Cybersecurity, Grant Thornton, Toronto
Tom Field, Senior Vice President, Editorial, ISMG

The European Union's General Data Protection Regulation has been the buzz of 2017, and security leaders globally understand the regulation's basics, including the 72-hour breach reporting mandate, the May 2018 enforcement date and the noncompliance penalty of up to 4 percent of annual global revenue or 20 million euros (whichever is greater). But what about GDPR's obligations for data anonymization, transborder data transfers, appointment of data protection officers and, most significantly, the "right to be forgotten," which requires organizations to grant any European's requests for personal data to be deleted from the organizations' information systems?

This "right to be forgotten" raises several potential show-stopping questions. Do you even know what data you collect, why you collect it and how it is secured and stored? How will you respond when a European citizen requests that you delete all of that citizen's personal data your organization has collected, even in backup files? During this panel discussion, experts explore what steps need to be taken by your organization now to ensure proper data security and adequate preparation for the GDPR enforcement date.

Speaker:
Imran Ahmad, Partner - Toronto Office, Miller Thomson LLP

How have major Canadian data breaches helped to shape incident response plans and data security at the organizational level? In this session, Imran Ahmad, an attorney who leads the cybersecurity practice at Miller Thomson and wrote the book, "Cybersecurity in Canada: A Guide to Best Practices, Planning and Management," reviews the legal implications recent breaches have had on Canadian businesses and discusses what best practices Canadian courts expect organizations to adopt.

Speakers:
Kenrick Bagnall, Detective Constable - Computer Cyber Crime (C3) Intelligence Services, Toronto Police Service
Luis Cerritos, National Coordinator, Integrated Market Enforcement Teams, Royal Canadian Mounted Police
Michael Theis, Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center
Ruth Promislow, Partner, Commercial Litigation, Fraud and Cybersecurity Practice, Bennett Jones LLP, Toronto

Too many organizations continue to address breach response from a reactive mode - having a crude disaster-recovery plan in place in case something "does" happen, rather than accepting that something "will" happen and proactively preparing for it. In this session, a panel of legal, technical and law enforcement experts will discuss what well-prepared organizations are doing right, when it comes to proactive interaction with law enforcement, information sharing and breach investigation and response.