Event Recording

Enrico Frumento: IT-OT Convergence of Security

Show description
Speaker
Enrico Frumento
Cybersecurity Senior Domain Specialist
Cefriel
Enrico Frumento
Dr. Enrico Frumento is a Cybersecurity Senior Domain Specialist in the cybersecurity team at Cefriel a European and privately funded research and innovation project on ICT Security. He is the author of subject-related publications and books and member of the European CyberSecurity Organisation....
View profile
Playlist
Cybersecurity Leadership Summit 2020
Event Recording
Flavio Aggio: COVID-19 Cybersecurity Attacks
Nov 11, 2020

Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and It is not only about training and awareness. It is about the way users must behave online and IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.

Event Recording
Stefan Romberg: Regulatory Compliance Challenges in 2020
Nov 11, 2020

How do you prepare for the increasing regulatory challenges in a time of ongoing cloud migrations with global service providers? The invalidation of the EU-US privacy shield and the enforcement of the NDAA Section 889 will require a thorough review of existing controls and a swift management of stakeholder interests. This key note will provide practical experiences and guidance to ensure you meet your compliance goals.

Event Recording
Panel - Zero Trust Paradigm for the Future of Security
Nov 12, 2020
Event Recording
Jean-Christophe Gaillard: The Cyber Security Skills Gap: Real Problem or Self-inflicted Pain?
Nov 12, 2020

You don’t have to go far these days to find security professionals complaining about skills shortages, and countless media outlets relaying their views. But there are at least two sides to this argument and the situation requires a more balanced approach. The security industry needs to rebuild its narrative to attract more raw talent at all levels.

Event Recording
Jochen Fischer: A Small Leak Can Sink A Great Ship - Cybersecurity Warfare & SAP
Nov 13, 2020

Security is Culture – and culture starts with people (not technology!) The complex topic of SAP-security is a massive challenge for the almost 500.000 companies worldwide using SAP. The challenges are the same for everyone, and it is the combined corporate responsibility of the C-Level and all employees to protect the enterprise from threats. These core applications can be secured by focusing on the 3 main attack vectors: People, Processes, and Technology. Within this keynote, Jochen Fischer shares what needs to be done to define clear ownership and responsibilities for SAP-security. Enabling people to understand the risk in SAP is fundamental to design a sustainable strategy that is based on the individual risk profile of each individual company. It is time to stop the monkey business when it comes to mission-critical topics like security. As independent expert, Jochen Fischer provides state-of-the-art methodologies to deliver the right people the suitable skills required to protect SAP without burning money on tools that have no or limited effect on corporate cyber resilience.

Event Recording
Paolo Comi, Nadia Fabrizio: Quantum Secured Blockchain
Nov 13, 2020

This talk aims to share the experience achieved during Q-Secure Net, a 2020's project co-financed by the European Institute of Technology (EIT) and Italtel, Cefriel, Politecnico di Milano, CNR, UPM and Telefonica. Q-Secure Net will provide a cost-effective and flexible network solution for unconditionally secure communication services based on Quantum Key Distribution (QKD) thought for fiber-optic networks.

The talk will also present an application of Blockchain Atomic Swaps for the exchange of securities and cryptocurrencies, developed in the project and based on QKD. Atomic Swaps have great potentials for financial scenarios regarding securities, crypto exchanges and cryptocurrencies but have specific security threats.

The QKD market is expected to grow over $980 million by 2024. In the long term, the QKD will be strategic for the design of new architectures in many sectors like telco, defence and transports and 5G sectors. QKD's infrastructural security and its ability to mitigate cyber-risks, also allow a whole new class of approaches and applications for Decentralised Finance.

 

 

Key Takeaways:

-          QKD Features

-          Capabilities for Fintech applications

-          Atomic Swap and Crypto Exchanges

-          How QKD can mitigate risk in applications like smart contracts for Decentralised Finance Scenarios (for example in the Atomic SWAP use case)

Event Recording
Anett Mádi-Nátor: C-Level Cybersecurity Awareness – Does the C-Suite Fall Behind in Understanding the Importance of Cybersecurity Services?
Nov 13, 2020

In the crisis created by Covid-19 it is even more obvious how C-level are reacting and in cases not reacting properly to new cybersecurity situations resulting from rapid and enforced digitalisation. Can or should they be given more time to adapt? Can they build up the proper cybersecurity decision making skillset? Is it worth the effort? The speaker explains how that is possible, what new digital roles should be created within an organisation and how to meet challenges posed by the transforming digital ecosystem.

Event Recording
Rolf von Roessing: Business Continuity – Learnings in the Light of the Corona Crisis
Nov 12, 2020
Event Recording
Steffen Minkmar: Cyber Resilience - Regulatory Developments in the Financial Services Industry (and Beyond)
Nov 12, 2020

Cyber resilience, a term often heard but never fully understood, has made headlines for many years. Nonetheless, we are still confronted with ransomware attacks that lead to the standstill of organizations, as evidenced in the 2017 Maersk attack or the declared state of emergency by the mayor of the city of New Orleans in December 2019 after the city was hit by a cyberattack.

Many organizations perceive cyber resilience as yet another regulatory topic to be addressed by the IT department or the IT security teams, ignoring the regulatory requirements deriving from stakeholders such as the European Central Bank, or the need to interlink cyber preparedness with business continuity efforts and the much-needed support not only by the business departments but also the C-suite.
All this stems from an incomplete understanding of cyber resilience and what added value it can offer to an organization. The presentation aims to close this knowledge gap by highlighting key regulatory requirements, and how these can be addressed in coordination with key decision-makers. It will also provide insights into future regulatory developments with a specific view on the EU legislation. The presentation will also talk about testing approaches for cyber resilience, such as the TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union) framework.

Key takeaways:

1) After completing this session, the participant will be able to refer to relevant CR regulations and put them into context and everyday use and to understand expectations from the FS regulators.
2) After completing this session, the participant will have knowledge about how CR is applied in other FS organizations, and what tools and methods exist to assess CR readiness.
3) After completing this session, the participant will be able to discuss key CR topics with senior management to promote the importance of CR, and to make a business case for it.
4) After completing this session, the participant will be able to refer to available resources on the internet to deepen his/her knowledge of CR.

Event Recording
Stefan Würtemberger: The Road to Zero Trust After a Cyber-Incident
Nov 12, 2020
Event Recording
Darran Rolls: The Confessions of an X-CISO: Identity Centric Security @ Enterprise Scale
Nov 12, 2020
Event Recording
Sergej Epp, Ashley Ward: Need for Speed: How DevOps is Changing Cybersecurity
Nov 12, 2020

Is your cybersecurity as fast as your business? Finding the right strategy to secure the growing speed and diversity of DevOps driven application development and dynamic infrastructures is hard. To master this journey, organisations have not only to adapt new security controls but in most cases to redefine their cybersecurity strategy and traditional approaches such as Defence-in-Depth and Zero Trust Architectures from scratch.
In this session, you will learn the FIRST PRINCIPLES how to align the pace of your cybersecurity to your business speed from both perspectives: a cybersecurity expert and a former developer.