IDGA

Become a Government IQ Member and receive our weekly newsletter!

Quick Links

Download the Agenda

Sponsorship Opportunity

Post-Conference Workshop - Friday, 29th April 2016

Expand All Sessions [+] Collapse All Sessions [-]

9:00 AM Effectively strengthening Your Security Posture: Risk Management for Critical Infrastructure

Naeem Musa , Chief Information Security Officer, Commodity Futures Trading Commission, US

Be it to cause financial or reputational
damage, to steal confidential information,
or to advance a political cause,
preventable accidents are increasingly
targeted and insidious. Attackers might be
hostile nation-states, political hacktivists,
or organized criminal enterprises. Thus,
it is increasingly paramount for public
and private sectors to take a different
approach to their cyber security posture
and strategy. Risk mitigation and response
is no longer optional:

• Understanding how the new threat
landscape relates to an organisation’s
unique circumstances
• Prepare, assess, and maintain your
cyber security systems, and respond to
the threats you face
• Determine the capabilities and activity
of a threat actor, and the extent of
infiltration and containing the breach
• Developing a strategic roadmap to
improve overall cyber security maturity
• Identifying areas to strengthen
your risk posture through auditing,
assurance-testing against industry
standards
• Vulnerability assessment: regularly
reviewing operational processes
and technical environment to ensure
resilience
Naeem Musa
Chief Information Security Officer
Commodity Futures Trading Commission, US

12:00 PM Integrating Cyber- Security into Your Existing Infrastructure: A Stepby- Step Approach

Naeem Musa , Chief Information Security Officer, Commodity Futures Trading Commission, US

How do you begin to revamp your
systems when your legacy control devices
or common communication protocols
are designed with little or no security,
where there is a lack of encryption
and authentication, and improper or
nonexistent patching of software and
firmware? Find out how to minimize
downtime while maximizing security in
existing systems and infrastructures:

• Integrating security best practices
into project life cycle, development
methodologies and hardware
infrastructure

• Building security into the software
development lifecycle – be it system
components, client applications, web
applications

• Ensure all stake holders have a clear
understanding of cyber security,
providing feedback on progress
made in implementation with regard
to security
 
• Educating developers on how to
analyze the enterprise attack surface or
application, as well as the associated
potential threats
Naeem Musa
Chief Information Security Officer
Commodity Futures Trading Commission, US
Despite its appeal from the economic, operational and even energy consumption perspectives, cloud technology still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. These concerns arise from the difficulty to verify security properties of the different types of applications and services available through cloud technology.   The uncertainty of the owners and users about the security of their services, and of the applications based on them needs to be managed. Discuss: 
How to exercise better control over data storage in public, private, or hybrid cloud strategy
How to identify the specific types of critical and non-critical data that can be stored securely on the cloud – as well as what to look out for in cloud service providers
enforcement for cloud applications, platforms and operations
Analyzing monitoring systems for cloud infrastructure/platform applications
How to ensure data protection and secured information sharing in the cloud

Syed Asghar
Head of Governance, Information Security
Vodafone