ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Fraud & Breach Prevention Summit: Toronto

September 12-13, 2017

Register Now

Keynote Speaker

Art Coviello, Former Chair, RSA

WELCOME / Letter from the Content Director

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity, ISMG

Our 2017 series of Fraud & Breach Prevention summits continues with our sixth North American event taking place in September in Toronto. This event will focus on technology-driven problems and solutions of interest to a wide range of industries. From ransomware attacks to IoT risks, GDPR compliance to insider threat mitigation, 2017 promises to have more than enough for all of us to talk about and learn from each other. We have designed our sessions to address the needs of CISOs, fraud and risk teams, security and IT professionals, and many others by providing hands-on tools and real-world solutions that attendees can take back to their offices and put to use.

Details

Delta Hotels Toronto
75 Lower Simcoe Street
Toronto, Ontario M5J 3A6

September 12-13, 2017

$995 CAD

Register Now

Registering For a Group?
Call + 1 (609)-356-1499

  • Event Gallery

Gord Jamieson

Head - Canada Risk Services & North America Acquirer Risk Services, Visa

Kevin Flynn

Director of Products, Skybox

Steve Durbin

Managing Director, Information Security Forum (ISF)

Art Coviello

former CEO, RSA Security; Venture Partner, Rally Ventures

Imran Ahmad

Partner - Blake, Cassels & Graydon LLP

Randy Sabett

Vice Chair, Privacy & Data Protection Practice Group, Cooley LLP

Michael Theis

Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

Alex Mosher

Vice President of Security Strategy, CA Technologies

SPEAKERS / Featured Speakers For Our Toronto Summit

Art Coviello

former CEO, RSA Security; Venture Partner, Rally Ventures

Tom Field

Senior Vice President, Editorial, ISMG

Gord Jamieson

Senior Director of Canada Risk Services, Visa

Alex Mosher

Vice President of Security Strategy, CA Technologies

Kevin Flynn

Global Director of Products, Skybox Security

Michael Theis

Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

Ruth Promislow

Partner, Commercial Litigation, Fraud and Cybersecurity Practice, Bennett Jones LLP, Toronto

Randy Sabett

Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP

Richard Bortnick

Cyber Liability and Insurance Attorney, Traub Lieberman Straus & Shrewsberry, LLP

Paul Bowen

Principal Security Technologist, Arbor Networks

Peter Beardmore

Director of Digital Risk Management Solutions, RSA

Imran Ahmad

Partner - Blake, Cassels & Graydon LLP

Craig Gibson

Principal Threat Defense Architect, Forward-Looking Threat Research, Trend Micro

Luis Cerritos

National Coordinator, Integrated Market Enforcement Teams, Royal Canadian Mounted Police

John Cloonan

Head of Products, Lastline

Kenrick Bagnall

Detective Constable - Computer Cyber Crime (C3) Intelligence Services, Toronto Police Service

Greg Markell

President and CEO, Ridge Canada Cyber Solutions Inc.

Ruby Rai

Cyber Underwriting Specialist, Financial Lines, AIG

Warren Cooney

Assistant Vice President of Claims, AXIS Insurance

Sunil Chand

Canada Security Leader, CGI

Robert Mills

Regional Director - US & Canada, Information Security Forum (ISF)

Meet Our Speakers

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

Schedule / Session Date & Times



  • Tuesday, September 12th

  • Wednesday, September 13th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast & Exhibit Browsing

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
10:00 am
9:00 am - 10:00 am

Industry and Practitioners in Crisis

Speaker:
Art Coviello, former CEO, RSA Security; Venture Partner, Rally Ventures

The biggest companies often take matters into their own hands when it comes to breach prevention, eschewing long-term relationships with vendors and charting their own courses with a dizzying array of technologies. Meanwhile, smaller companies fall further behind, struggling to find talent and budget, while security industry vendors produce evermore granular products that leave everyone unsatisfied and exhausted. Does this sound like the prospects are good for reducing breaches and fraud? The short answer: No.

During this session, former RSA Chairman Art Coviello reviews possible paths forward for practitioners as well as what they should be looking for from vendors, service providers and their own management.

10:05 am -
10:35 am
10:05 am - 10:35 am Fraud Track

PAM and Secure Code: Gaining an Inside and Outside View of Applications

Speaker:
Alex Mosher, Vice President of Security Strategy, CA Technologies

Many organizations are undergoing a transformation to support digital platforms and stay competitive. But to maintain security, they have to ensure that access to these platforms is limited. New vulnerabilities to cybercrime are being introduced through hybrid environments that often include remote access to systems and servers, automation of processes and concentration of administrative power. Limiting administrative power through privileged access management is increasingly critical, but so is authentication, as more legitimate users' credentials are being compromised and access to systems is being fooled by the coders. How can these risks be mitigated while still keeping a competitive edge? This session provides answers.

10:05 am - 10:35 am Data Breach Track

Taming the Beast: Regulatory Compliance in the Cloud

Speaker:
Kevin Flynn, Global Director of Products, Skybox Security

As organizations migrate workloads to cloud computing, they benefit from flexibility and agility, but security operations grow increasingly difficult, especially when it comes to ensuring adherence to critical regulations, such as PCI-DSS, NERC or the EU's GDPR. Gaining the needed visibility into cloud environments and extending existing security workflows to ensure that adherence, while also managing shared responsibility, creates new challenges for security professionals. Add to this the complexity of hybrid and multicloud environments, and the loss of control within those environments, and it's no wonder security leaders are scratching their heads over how to ensure consistency in applied policy and how to assess and audit those policies. This session looks at approaches to addressing the challenge of managing security policy in the cloud, including best practices for extending an organization's visibility and understanding of its regulatory compliance posture.

10:35 am -
10:55 am
10:35 am - 10:55 am

Exhibiting & Networking Break

10:55 am -
11:30 am
10:55 am - 11:30 am

Equifax Breach: Long-term Implications. What Does It Mean for Us?

Speakers:
Art Coviello, former CEO, RSA Security; Venture Partner, Rally Ventures
Joan Goodchild, Director of Multimedia Content, ISMG
Peter Beardmore, Director of Digital Risk Management Solutions, RSA
Richard Parry, Principal, Parry Advisory; former Risk Management Executive, JPMorgan Chase

Will the Equifax breach be a game changer, or just another big-name security mishap that slowly fades away out of collective memory? Does this massive breach have the potential to be the incident that leads to sweeping regulatory changes, when it comes to credit bureaus and data collectors like Equifax? If so, what are the lessons learned, not only for consumers, but for C-suite security executives and boards? During this panel, experts weigh in on the long-term implications of the breach and what they believe we will see in the coming months from regulators and businesses as the developments and ramifications of this breach continue to unfold.

11:30 am -
12:15 pm
11:30 am - 12:15 pm

Speed Networking With Your Peers

One of the most valuable ways to learn often is through interaction with your peers. Our “Speed Networking” session will provide an opportunity to meet practitioners who have similar challenges in the arena of fraud and breach prevention and discuss solutions to those potential obstacles. Mingle, share and learn in this unique, rapid fire and interactive environment.

12:15 pm -
1:10 pm
12:15 pm - 1:10 pm

Lunch

1:10 pm -
1:40 pm
1:10 pm - 1:40 pm

Breaches: How to Use Threat Intelligence to Generate IOCs; Other Tips to Find, Analyze and Mitigate Risk

Speaker:
Paul Bowen, Principal Security Technologist, Arbor Networks

In this session, a security technologist discusses and reviews the anatomy of a breach, including the effects a breach has in real and soft money. He also reviews attacker motivations and how threat intelligence can correlate activities to help highlight indicators of compromise and analyze and mitigate the damages of breaches, offering a summary of how to protect your organization and keep it out of the headlines.

1:45 pm -
2:15 pm
1:45 pm - 2:15 pm Fraud Track

Ransomware: How to Strategically Fight It, Without Breaking the Bank

Speaker:
John Cloonan, Head of Products, Lastline

Ransomware presents some unique challenges to organizations, regardless of their size, industry or geography. It has very distinct behavior relative to other kinds of malware. For example, it actually tells you that an attack has taken place. From a defender's point of view, being alerted to an attack is far better than having it stay undetected in your systems. During this presentation, John Cloonan, head of products at Lastline, reviews:

  • Common elements of today's malware strains;
  • Effective strategies for combatting ransomware;
  • What malware defenders can learn from ransomware.
1:45 pm - 2:15 pm Data Breach Track

Business-Driven Security: Bridging the Gap between Security and 'The Business'

Speaker:
Peter Beardmore, Director of Digital Risk Management Solutions, RSA

Organizations of all sizes today face serious and consequential risk management challenges. Technology is often presented as the ultimate solution. But in many cases, organizations are experiencing not just a technical challenge, but a "language" challenge, especially when it comes to risk management communication between various levels of the organization. Ultimately, the goal is to provide trusted, transparent and aggregated risk data to drive more informed, confident and effective business decisions. This session offers a discussion of these challenges and potential solutions.

2:15 pm -
2:35 pm
2:15 pm - 2:35 pm

Exhibiting & Networking Break

2:40 pm -
3:20 pm
2:40 pm - 3:20 pm

GDPR Compliance: Are You Ready for 72-Hour Notification and the 'Right to be Forgotten'?

Speakers:
Imran Ahmad, Partner - Blake, Cassels & Graydon LLP
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP
Sunil Chand, Canada Security Leader, CGI
Tom Field, Senior Vice President, Editorial, ISMG

The European Union's General Data Protection Regulation has been the buzz of 2017, and security leaders globally understand the regulation's basics, including the 72-hour breach reporting mandate, the May 2018 enforcement date and the noncompliance penalty of up to 4 percent of annual global revenue or 20 million euros (whichever is greater). But what about GDPR's obligations for data anonymization, transborder data transfers, appointment of data protection officers and, most significantly, the "right to be forgotten," which requires organizations to grant any European's requests for personal data to be deleted from the organizations' information systems?

This "right to be forgotten" raises several potential show-stopping questions. Do you even know what data you collect, why you collect it and how it is secured and stored? How will you respond when a European citizen requests that you delete all of that citizen's personal data your organization has collected, even in backup files? During this panel discussion, experts explore what steps need to be taken by your organization now to ensure proper data security and adequate preparation for the GDPR enforcement date.

3:25 pm -
4:00 pm
3:25 pm - 4:00 pm

Major Data Breach Cases in Canada: Lessons Learned from the Legal Perspective

Speaker:
Imran Ahmad, Partner - Blake, Cassels & Graydon LLP

How have major Canadian data breaches helped to shape incident response plans and data security at the organizational level? In this session, Imran Ahmad, an attorney who leads the cybersecurity practice at Miller Thomson and wrote the book, "Cybersecurity in Canada: A Guide to Best Practices, Planning and Management," reviews the legal implications recent breaches have had on Canadian businesses and discusses what best practices Canadian courts expect organizations to adopt.

4:05 pm -
4:45 pm
4:05 pm - 4:45 pm

We've Been Breached: Now What? Working with Law Enforcement, Regulators and Other Third Parties

Speakers:
Kenrick Bagnall, Detective Constable - Computer Cyber Crime (C3) Intelligence Services, Toronto Police Service
Luis Cerritos, National Coordinator, Integrated Market Enforcement Teams, Royal Canadian Mounted Police
Michael Theis, Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center
Ruth Promislow, Partner, Commercial Litigation, Fraud and Cybersecurity Practice, Bennett Jones LLP, Toronto

Too many organizations continue to address breach response from a reactive mode - having a crude disaster-recovery plan in place in case something "does" happen, rather than accepting that something "will" happen and proactively preparing for it. In this session, a panel of legal, technical and law enforcement experts will discuss what well-prepared organizations are doing right, when it comes to proactive interaction with law enforcement, information sharing and breach investigation and response.

4:45 pm -
5:00 pm
4:45 pm - 5:00 pm

Look Ahead to Day 2

5:00 pm -
6:00 pm
5:00 pm - 6:00 pm

Cocktails & Networking

View Schedule
  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:00 am -
8:45 am
8:00 am - 8:45 am

Registration, Breakfast, & Networking

8:45 am -
9:00 am
8:45 am - 9:00 am

Opening Remarks

9:00 am -
9:45 am
9:00 am - 9:45 am

The Current State and Future of Payment Security: Lessons from Visa

Speaker:
Gord Jamieson, Senior Director of Canada Risk Services, Visa

The Canadian payment card industry has experienced first-hand the impact of chip and PIN deployment, and how fraudsters have responded. During this session, Gord Jamieson, head of risk services for Visa Canada, will explain why security must be a 24/7 concern, how security is moving at the speed of innovation, and what Visa is doing to help keep fraud rates low.

9:50 am -
10:30 am
9:50 am - 10:30 am

Preparing for the Inevitable: Cyberattack Trends in 2017 and Beyond

Speaker:
Robert Mills, Regional Director - US & Canada, Information Security Forum (ISF)

As the scale and sophistication of cyberattacks increases, coupled with new legislation and the complexity of technology, businesses need to manage risk in new ways that go beyond the methods usually handled by the information security function. In this session, Robert Mills, regional director of the Information Security Forum, an independent, not-for-profit organization dedicated to investigating, clarifying and resolving key issues in information security and risk management, discusses the top global security threats for 2017 and beyond. He also shares insights on how security and business teams can work together to minimize the impact of cyberattacks on shareholder value and business reputation.

10:35 am -
11:00 am
10:35 am - 11:00 am

Exhibiting & Networking Break

11:00 am -
11:30 am
11:00 am - 11:30 am Fraud Track

Automated Auditing - Cloud Security Orchestration in a Regulated Environment

Speaker:
Craig Gibson, Principal Threat Defense Architect, Forward-Looking Threat Research, Trend Micro

Implementing clouds in heavily regulated environments is either unscalable and slow, because of legacy audit requirements and processes, or simply implemented without audit controls. While these may seem like acceptable risks, the 20 million euro minimum penalty under GDPR, and the threat of blanket ransomware encryption of an entire deployment, remain. An innovative approach is security orchestration in support of "Reg-Tech" orchestration. When combined, these automate security auditing, security compliance and other resourcing risks to cloud scalability investment.

11:00 am - 11:30 am Data Breach Track

Privileged Access for Hybrid Cloud: Secure Amazon, Azure and Google Environments

Speaker:
Tony Goulding, Director of Technical Product Management, Centrify

Organizations are increasingly moving workloads to hosted Infrastructure-as-a-Service (IaaS) environments. In many cases, they are extending their data centers across one or more IaaS providers, creating hybrid cloud environments. This session will explore best practices for extending data centers to hosted environments, and review how to secure privileged access to hosted infrastructure and virtual machines distributed across Amazon, Microsoft Azure and Google data centers.

11:35 am -
12:15 pm
11:35 am - 12:15 pm

Insider Threat Detection: Lessons from the Trenches Based on Real Insider Cases

Speaker:
Michael Theis, Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center

This session shares the empirical findings of the CERT Insider Threat Center's more than 15 years of research into both malicious and unintentional insider threats. The findings demonstrate how pervasive the insider threat is in all sectors, both private and public. The session also outlines what types of threats are most likely to occur (intellectual property theft, fraud, IT sabotage, industrial espionage, etc.) and which trusted insiders are most likely to be engaged in these attacks. It explores mitigation strategies and offers references to numerous free resources that can aid organizations in the detection, prevention and response to insider threat attacks.

12:15 pm -
1:15 pm
12:15 pm - 1:15 pm

Lunch

1:15 pm -
2:00 pm
1:15 pm - 2:00 pm

Panel: What Got Us Here Won't Get Us There: The Core Elements of a Data Security Action Plan Moving Forward

Speakers:
Imran Ahmad, Partner - Blake, Cassels & Graydon LLP
Kenrick Bagnall, Detective Constable - Computer Cyber Crime (C3) Intelligence Services, Toronto Police Service
Sunil Chand, Canada Security Leader, CGI

In the wake of recent ransomware attacks, such as WannaCry, which have plagued organizations for the last year, what lessons do we have yet to learn? The widespread WannaCry attacks were not particularly sophisticated or stealth. So why did they have such an impact?

In this session, panelists discuss why the "wartime mindset" has yet to be embraced and why CISOs need to take charge and lead the way toward developing more effective security action plans.

Experienced CISOs and legal experts:

  • Provide real-world insights into how to create an effective cybersecurity action plan;
  • Spell out the core elements of breach prevention, detection and response strategies; and
  • Identify security technologies that can play an effective role in supporting a so-called "wartime" strategy.
2:00 pm -
2:40 pm
2:00 pm - 2:40 pm

Mobile Device Security and Internet of Things (IoT): Challenges for the New Age

Speaker:
Richard Rushing, CISO, Motorola Mobility

With a growing reliance on mobile technology and IoT devices, how can we best prepare and defend against the next generation of cyber attacks? It's a loaded questions, as most organizations don't have a good understanding or inventory of all the mobile devices connected to their networks, nor do they know how many and which IoT devices linked to their systems. In this session, Richard Rushing, CISO at Motorola Mobility, will walk through the ever-growing and evolving environment we now call IoT, and how it's impacting how we should manage security.

2:40 pm -
3:20 pm
2:40 pm - 3:20 pm

Cyber Insurance: A Rising Role in Managing, Mitigating and Transferring Risk

Speakers:
Greg Markell, President and CEO, Ridge Canada Cyber Solutions Inc.
Richard Bortnick, Cyber Liability and Insurance Attorney, Traub Lieberman Straus & Shrewsberry, LLP
Ruby Rai, Cyber Underwriting Specialist, Financial Lines, AIG
Warren Cooney, Assistant Vice President of Claims, AXIS Insurance

The financial risks to organizations from data breaches include share price hits, class action lawsuits, fines from regulators and reputational damage. As a result, the cyber insurance market is heating up. Larger insurers are already helping companies spot and mitigate weaknesses as part of their coverage and helping post-incident with response and remediation. But how often are CISOs involved in the cyber insurance decision-making process? Not often enough.

CISOs have historically not been too keen to see money invested in risk-transfer protections; instead, they'd rather see that money spent on security. So, how and should their perspectives about cyber insurance change? This session provides an analysis of the issues.

3:20 pm -
3:30 pm
3:20 pm - 3:30 pm

Closing Remarks

View Schedule

SPONSORS / Supporting Organizations

Arbor Networks
Attivo Networks
Biocatch
bitglass
CA Technologies
Centrify
Cyber Ark
Darktrace
DF Labs
FireEye
FIS
IBM
InAuth
Information Security Forum (ISF)
Ixia
LexisNexis
NSS Labs
RSA
Rsam
Skybox
Tata Communications
Thycotic

LOCATION / Venue & Address

Delta Hotels Toronto

75 Lower Simcoe Street
Toronto, Ontario M5J 3A6

Visit Venue Website

Location TBA

Register Now

Register Today

To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.

Register Now

Registering For a Group?
Call + 1 (609)-356-1499  or email at events@ismg.io

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data