DSS ITSEC 2016: CYBER, CONNECTED THINGS AND INSECURITY

THE LARGEST CYBER SECURITY EVENT IN BALTICS

Full Agenda

This years Agenda

08:55 - 09:10

Speaker

Opening of the event

Janis Garisons

09:10 - 09:50

Speaker

IBM Watson and the Cognitive Computing era

Do you know Watson and what it brings to modern businesses? Peter Hedges, Senior Advisor, Cognitive Business will talk about how IBM Watson’s capabilities can help clients overcome market challenges and pursue opportunities the new cognitive era presents. Get inspired by catching customer use cases and an outlook to the future.

Peter Hedges

09:50 - 10:30

Speaker

EU cybersecurity reality check overview

Steve Purser

10:30 - 11:10

Speaker

Future of the digital market and internetFuture of the digital market and internet

Lars Hilse

11:30 - 12:00

Speaker

Everything is quantum!

Overview of the future of cryptography & quantum technologies.

Jaya Baloo

12:00 - 12:30

Speaker

IT Security Challenges in CEE Region

With the compliance deadline for EU GDPR set for May 25, 2018, organizations can no longer delay in preparing to complying with the new law’s stringent data privacy requirements. Amongst its many requirements, the EU GDPR requires organizations to appoint a Data Protection Officer. But there is very little guidance provided on the qualifications and skills that will make this role a success in organizations. In this session, Richard Stiennon, a renowned cyber security expert and Chief Strategy Officer for Blancco Technology Group, will help organizations find the right fit for this role, show them how to set responsibilities and performance metrics and more.

Richard Stiennon

12:30 - 13:00

Speaker

Keynote Presentation on Cryptography in Enterprise

Cybersecurity defenses are losing badly to the attackers. Crypto is one of the few areas in cybersecurity where the defense has an advantage and yet governments are putting pressure on cybersecurity vendors to weaken their crypto. The recent confrontation between Apple and the FBI illustrates the need to design product that can stand up to this. Phil will talk about product design in a pervasive surveillance environment.

Phil Zimmermann

13:00 - 13:30

Speaker

Panel Discussion

Combination of great experts

13:00 - 14:00

Lunch, expo area, business networking


14:00 - 14:30

Speaker

Your Thing is Pwned - security challenges for IoT

The Internet of Things is creating a virtually infinite attack surface. When you buy a device you don't know what information it is sharing, and it is hard to trust Internet companies not to be hacked. The result is that privacy is almost impossible in the world of IoT. I'll look at the challenges and some of the solutions.

Paul Fremantle

14:30 - 15:00

Speaker

The Future of Security - Leveraging cognitive security for better human decision-making

Security teams face an onslaught of serious challenges as security threats and fraudulent activities continue to grow in sophistication and volume. With the emergence of the cognitive era, IBM Security is revolutionising the way security analysts work using Watson for Cyber Security to gain powerful insights, leverage threat research, and drive better outcomes through a trusted advisor enabling better human decision-making. Cognitive security will help to bridge the current skills gap, accelerate responses and reduce the cost and complexity of dealing with cybercrime.

Martin Borrett

15:00 - 15:30

Speaker

Shutting down ransomware business model across the kill chain

• Understand the business model behind ransomware and why it is so profitable • Are you a target? • See step by step how ransomware works – and opportunities for disruption • Learn what type of a defense is best-suited to protect against ransomware attacks

Story Tweedie-Yates

15:30 - 15:50

Coffee break


15:50 - 16:20

Speaker

Passwords are dead - Behavior is the new authentication

Most of today’s data breaches that make headlines are caused by malicious insiders. This could be a disgruntled employee with an axe to grind, or those in it for financial gain. Insider misuse, such as hijacked accounts, cannot be spotted by existing control based security tools, and as such a different approach is required. We have reached a phase when IT security professionals not only need to defend the corporate network from outside attacks, but also from their own users – without placing constrain on the business. Challenge accepted! This talk will inform the audience how to find the right balance between IT security and business flexibility from a technological point of view.

Laszlo Jobbagy

16:20 - 16:50

Speaker

Strategic trends in Cybersecurity - and security

Cybersecurity is primarily a strategic issue in today´s societies and businesses. Or should we just say and think security since cybersecuirty must be understood as integral part of security. It is very important - in order to succeed - to understand what is security in 2016 and what the future of strategic security looks like - and what kind of solutions are needed?

Jarno Limnéll

16:50 - 17:50

Speaker

Panel Discussion

Combination of great experts

17:50 - 18:10

DSS - Closing remarks, feedback forms & lottery


11:30 - 12:00

Speaker

Helpful hackers

‘Hospital leaks patient records’, ‘Public transport smartcard has more holes than a sieve’, ‘Mobile banking app unsafe’ – it seems that everything can be hacked these days. Fortunately, the person who discovers a flaw is not necessarily a cybercriminal but is often someone who wants to help improve cyber security. He or she immediately contacts the system owner so that the problem can be solved. A well-coordinated approach allows everyone to learn from the exercise we call ‘responsible disclosure’. The Netherlands is a world leader in responsible disclosure. The Dutch like to resolve conflicts through a process of general consultation: the famous ‘polder model’. This seems a particularly appropriate approach in the realm of IT and cyber security, since there is no central authority with overall responsibility but many diverse players, each responsible for their own tiny part of a vast and complex system. For the last four years, researcher Chris van ’t Hof has been collecting stories from the hackers, system owners, IT specialists, managers, journalists, politicians and lawyers who have been key players in a number of prominent disclosures. His book “Helpful Hackers.” (2016) offers a glimpse into the mysterious world of cyber security, revealing how hackers can help us all.

Chris van 't Hof

12:00 - 12:30

Speaker

Hacking The Mind: Preventing Cyber Attacks needs more than a control framework; it needs an attitude

• Are we doing the wrights things? Did we do enough? • GDI.Foundation: ethical hacking, who we are & what we found and what we do • Demonstration of our dashboard (tooling) • Resume • Thesis (< 5) + real time voting (optional)

Vincent Toms

12:30 - 13:00

Speaker

Cybersecurity strategies and policies of EU and USA - an attempt at comparison

Cybersecurity strategies and policies are key high-level documents that define and determine approach to cybersecurity and related legislation. How do cybersecurity strategies and policies of EU and USA differ? Can we learn anything from our partners in the USA or shall we go our own path in EU?

Grzegorz Pohorecki

13:00 - 14:00

Lunch, expo area, business networking


14:00 - 14:30

Speaker

Responsible disclosure process - Latvian approach

Baiba Kaškina

14:30 - 15:00

Speaker

Everything you always wanted to know about Responsible Disclosure Policy but were afraid to ask.

Swedbank is the first bank in Northern & Eastern Europe to implement Responsible Disclosure Policy framework for disclosing discovered vulnerabilities. Instead of lecture style presentation about what RDP is and the benefits of having one, you’ll be offered an opportunity to find out about the experience and practical side of implementing and running RDP through Q&A style presentation.

Edgars Znots

15:00 - 15:30

Speaker

Are Laws Keeping up with Exponential Technology Development

How we as society are prepared to respond to technology challenges focusing on the latest EU legal framework developments. Are the laws keeping up with technology development and are we still in 1st grade when we talk about technologies and regulations.

Albena Spasova

15:30 - 15:50

Coffee break


15:50 - 16:20

Speaker

Securing cyber space in Latvia through the public-private partnership

Elīna Vīksne

16:20 - 16:50

Speaker

Panel Discussion

Combination of great experts

11:30 - 12:00

Speaker

IoT Security 2016 - Market Analysis Perspective

The IDC provides an update to IoT security products market outlook. The presentation highlights key considerations for technology suppliers in this burgeoning, and complex, market as well as some of the drivers and inhibitors to growth. This 2016 update includes: • Industry and market overview • Buyer perspective • Future view of the market • Advice for the technology provider

Wiktor Markiewicz

12:00 - 12:30

Speaker

Understand and Protect Data in the Era of Cloud Computing

Do you know where our data is? Who is accessing it? How sensitive it is? Can you measure your risk? Come and hear how Microsoft approach information protection and learn how you can leverage this to have a better and more efficient data protection program.

Asa Kedar

12:30 - 13:00

Speaker

NSX: Security at the speed of business

Businesses today are routinely faced with the need to adapt to a changing landscape and keep pace with business and security requirements. Each of these changes requires IT and Security organizations to support them. The challenge they face is in their ability to deliver and keep pace without starting from scratch and removing their existing infrastructure to start over?

Anders Krus

13:00 - 14:00

Lunch, expo area, business networking


14:00 - 14:30

Speaker

The State of Cybersecurity and Digital Trust 2016

Digital technology is transforming business and creating huge opportunities…but it’s also spawning a range of cyber threats that can erode the trust that is essential to today’s digital economy. Which threats are businesses most concerned about and what are they doing to counter them? In a recent survey by HfS and Accenture, we’ve taken a reality check to find out. We surveyed cybersecurity professionals across a range of geographies and vertical industry sectors. The results highlight the current state of cybersecurity and the steps enterprises should take to foster digital trust throughout the extended enterprise. Security professionals in every industry agree threats are evolving. They’re striving to close gaps in their digital defenses. But a lack of skilled talent limits the benefits that should be flowing from their investments in security technologies.

Intars Garbovskis

14:30 - 15:00

Speaker

Insurance as a vital part of cyber risk management.

As the world becomes ever more connected and technologically advanced, businesses are finding it easier to trade worldwide. However, we pay the price by being exposed to a greater variety and frequency of cyber risks. This means that any business with a presence online, a reliance on a network or system, or with a database of sensitive information needs to proactively manage their cyber risk. The exponential growth of both personal and commercial users is further increasing the number of avenues through which cyber-attacks can be launched, which is why cyber risk is now treated as a high priority on boardroom agendas. In this presentation, we will go over the evolution of cyber risks, the steps taken to manage them, and how insurance is playing an increasingly important part of companies’ overall risk management programme; protecting them from the inevitable.

David Dickson

15:00 - 15:30

Speaker

Cyber Security in a Satellite World

The satellite industry is committed to providing secure, trustworthy connectivity to customers around the world. The Global VSAT Forum has spearheaded an industry-wide collaboration with VSAT equipment vendors and service providers to identify best practices to address today's cyber security threats, and lay a foundation for meeting the threats of tomorrow. The GVF has commissioned a Cyber Security Task Force that comprises security experts and representatives from across the satellite industry. The Task Force is working with stakeholders throughout the communications eco-system to promote enhanced cyber-security. An update will be provided on the Task Force's progress and next steps to help reinforce against cyber attacks.

Martin Edward Jarrold

15:30 - 15:50

coffee break


15:50 - 16:20

Speaker

Catching IMSI Catchers

Hunting the hunter, can you tell if your phone’s being captured by a rogue cell phone tower/ IMSI catcher/ Stingray? Learn strategies to detect rogue cell phone towers and hear stories from adventures war walking Las Vegas during Defcon. Learn about IMSI catchers their capabilities, LTE to GSM downgrade attacks, and ways to protect yourself from these devices. Discover open source projects and other ways you can get involved to help make cellular technologies safer for users.

Geoffrey Vaughan

16:20 - 16:50

Speaker

Building a Security culture

- Why do you need a Security Culture - How to get the buy-in - Design the Security culture strategy - Q & A

Tarun Samtani

11:30 - 12:00

Speaker

DLP: Data Loss Prevention

A) What is DLP and why should you have it? B) Building a strategy for DLP C) Key takeaways

Tarun Samtani

12:00 - 12:30

Speaker

Human Factor in Data Protection: Minimize your Risks

The presentation tells about the cybersecurity, legal and organisational aspects of data processing, where people are involved. People are known as a weak link in the perimeter security, but is there any means to improve the situation within the whole data processing chain? If there are, how could they be introduced?

Anna Vladimirova-Kryukova

12:30 - 13:00

Speaker

Data leak prevention technologies – a critical piece of the GDPR compliance puzzle

As the countdown for the full enforcement of General Data Protection Regulation has begun, organizations of any size and industry across the European Union strive to figure out, which IT security solutions they should use to comply with the new standard. This presentation is aimed at explaining why the use of data leak prevention technologies in corporate IT systems is necessary for achieving GDPR compliance.

Alexei Lesnykh

13:00 - 14:00

Lunch, expo area, business networking


14:00 - 14:30

Speaker

Preventing Insider Leaks. How to be successful – Experience from the field

The risk of insider threats compared to outsider threats is an ongoing debate, though more companies are taking notice of the risks that insiders can pose to the company's data security today than in the past. Historically, the data breaches that make the news are typically carried out by outsiders. While these breaches can cost hundreds of thousands of dollars (often millions more), outsider threats are generally the threats that have been addressed with traditional security measures. It's the threats that originate from inside that are much more difficult to prevent and detect using one-size-fits-all security measures. This presentation looks at some of the ways in which companies have been successful in combating insider, as well as outsider, threats.

Ian Wallace

14:30 - 15:00

Speaker

Where is my data?

Every day we leave a trace of our personal information or sensitive data all around. Servers, laptops, tablets, phones - the devices we use on a daily basis seem obvious and we consider their security seriously. But with today’s innovations and the already happening Internet of Things we have to consider where else our data is stored. We have to look at every single aspect of our life and how it impacts the kind of information being stored. Are we using smart watches, smart cars, smart TVs, smart cards, WiFi and even home appliances? Virtually every piece of hardware today can gather information sufficient to analyze our habits and predict future actions. Who else knows all about us? Is that data secure?

Tomasz Turek

15:00 - 15:30

Speaker

Readiness for EU GDPR : securing the last frontier with Kingston secure USBs

Readiness for EU GDPR : securing the last frontier with Kingston secure USBs Description : May 2018 will change how personal data should be treated by business, what implications and challenges new regulations will bring. What solutions should be considered to tackle them and how Kingston Technology can help.

Jerzy Mrugala

15:30 - 15:50

Coffee break


15:50 - 16:20

Speaker

How to secure your data with Continuous Data Protection from DataCore Software?

Do you know how to protect your file shares, databases etc. with the functions of the storage? Join our presentation and you will understand how Continuous Data Protection from DataCore can be your "life jacket" with more and more upcoming malware like Locky and others.

Ilpo Wilkman

16:20 - 16:50

Speaker

GDPR done in Latvian style

General Data Protection Regulation shall enter into force after 576 days. How to prepare?

Arnis Puksts

11:30 - 12:00

Speaker

Hacker vs Tool

Use of Which When Where Learn to implement security controls throughout all areas of your software development life cycle, and examine the types of security tools and services that are best used at each phase of development. This vendor agnostic talk will discuss the strengths and weaknesses of each type of offering whether you are developing one application or managing thousands.

Geoffrey Vaughan

12:00 - 12:30

Speaker

How dumb can a smart device be?

A look at Internet of Things devices and how basic vulnerabilities in them can lead to compromise of your data and even theft of your car. The presentation will include live demos of some of the vulnerabilities we have discovered in our journey to hack IoT devices and what manufacturers of these devices can do to fix them.

Tony Gee

12:30 - 13:00

Speaker

When your firewall turns against you

This talk will demonstrate how attackers can compromise a company’s network via their firewall system. It’s a common misbelieve that security tools are always secure. The aim of this talk is to show the audience the difference between a secure and a security product. First we discuss how we can remotely detect and identify the firewall system within the target internal network. After that we start a brute-force attack from the internet via the victim’s browser against the internal firewall. We will show how an attacker can bypass different used CSRF protections to trigger actions on the firewall system. Finally, we are going to exploit a memory corruption bug (type confusion bug which leads to a use after free vulnerability) in the PHP binary on the firewall to spawn a reverse root shell.

René Freingruber

13:00 - 13:30

Speaker

Live Hacking: Raising Awareness

Unlike other dangers in the daily business and private life, cases of misuse in the IT sector often do not become known to the victims. Confidential data that might be stolen by a hacking attack remain on the hard drive of the PC or laptop and thus data theft goes undetected. Due to the lack of reported damages as well as the individually different perception of dangers in general, the importance of IT security is still totally underestimated. Therefore, a live hacking event is an adequate demonstration of how easy it is sometimes to gain access to third-party data without any authorization. Possible topics demonstrated by the speaker could include, amongst many others, price manipulation attacks on online shops, Google hacking, or attacks on public wireless networks.

Finn Steglich

13:30 - 14:00

Lunch, expo area, business networking


14:00 - 14:30

Speaker

How to make your webapp pentest done fast and start your next 0day research

Real-world scenario. Live demo. When penetration testing is performed on networks and operating systems, the majority of the work is involved in finding and then exploiting known vulnerabilities. As web applications are almost exclusively bespoke, penetration testing in the web application arena is more akin to pure research. In web app tests, what you can do depends on the type of the target application and the amount of time you have available. Meanwhile "Enterprise” apps will usually depend on many standard services, frameworks and libraries. So let's cover the basics fast and easy to dive deeper in manual research and source code review.

Serhii Pronin

14:30 - 15:00

Speaker

How to find and test our weakest points by using Rapid7 solutions

Remember that chain is only as strong as its weakest link. For company security it is crucial to be familiar with newest vulnerabilities and to deal with them as fast as possible. During my presentation I will show you how you can cover full vulnerability managmenet circle and find all the weakest points in you enviroment (including users).

Piotr Czopik

15:00 - 15:30

Speaker

Qradar SIEM - how to detect and mitigate attacks. Part 1

Presentation is focused on examples how IBM QRadar SIEM and other IBM security solutions can defend our organization agains different type of attacks

Andrzej Wojtkowiak

15:30 - 15:50

Coffee break


15:50 - 16:20

Speaker

Qradar SIEM - how to detect and mitigate attacks. Part 2

Presentation is focused on examples how IBM QRadar SIEM and other IBM security solutions can defend our organization agains different type of attacks

Andrzej Wojtkowiak

16:20 - 16:50

Speaker

Ethical Hacker in Real Action

Peter Gubarevich

11:30 - 12:00

Speaker

Perspectives on research and development in cyber security in Europe

The rapidly increasing number of digital personal devices and the increasing connectivity, as well as emerging technologies and application areas such as the Internet of Things increases our dependence on ICT. On the other hand, new cyber threats and vulnerabilities appear, with increased impact on critical infrastructures and societal functions. This landscape bears significant risks not only to the economy and the society, but also to the national digital sovereignty and autonomy. Additionally, at the EU level there is a need to support the vision of the Digital Signal Market and to develop the European cybersecurity market and industry. In response to these needs, the European industry have submitted their view that describes objectives to be pursued, as well as cybersecurity priority technical areas for action. The European research community have also come up with a strategic research agenda describing cybersecurity research priority areas. The European Commission and the European Cyber Security Organization recently launched the cyber Public Private Partnership (cPPP) initiative to support all types of initiatives or projects that aim to develop, promote, or encourage European cybersecurity. In this talk, the above agendas will be discussed with an eye towards identifying prospective cybersecurity research and innovation areas.

Sokratis K. Katsikas

12:00 - 12:30

Speaker

Cyber Crime as a Business Venture – Value Streams and Business Behind a Crime

Approximately every third fraud in Europe is committed as computer-related fraud. Some authors even claim that cyber criminals were the first ones ever to make money on the Internet. The presentation looks at cyber crime as a business venture analyzing the optimal value chains that make the crime profitable for those that commit it as well as what are the mainstream business models and critical processes for cyber crime and the related risks management and what we can do with that knowledge.

Thea Sogenbits

12:30 - 13:00

Speaker

Introducing a Secure, New Way Of Working with Awingu

Providing access to enterprise applications and data on any device regardless of the age or technology that created it has always been a challenge. Add to this the need to securely support both in-house and external contractors in a BYOD environment and the challenge increases. Awingu has risen to this challenge by creating a workspace aggregator solution that offers one consistent browser-based workspace optimized to suit any device.

Ralph Van Lysebeth

13:00 - 14:00

Lunch, expo area, business networking


14:00 - 14:30

Speaker

Proof vs. Trust... and Who Pays for the Wood to Build the Trojan Horses

The security of the IoT is built on trust. We have to trust that public cryptography research is ahead of secret research. We have to trust NIST, which defines the cryptography standards used in the western world today. We have to trust large companies and their proprietary software and hardware standards. Most of these companies operate under the jurisdiction of a country with secret courts that can enforce the implementation of backdoors in the companies' products. Any breach of trust creates dangerous physical security risks, because safety-critical systems are affected by the same forces that influence the IoT. How can we replace trust with proof?

Wulf Harder

14:30 - 15:00

Speaker

Cryptography and you

Strong cryptography is no longer just for mathematicians or military communications. Every person in the world now uses strong cryptography in their day to day lives, whether they know it or not. In this talk I’ll unpack some of the most common uses of modern cryptography, and explain why cryptography is an essential tool for modern businesses and modern life. Despite its newfound popularity, there are still tradeoffs to consider when using cryptographic technologies. I'll explore how various organizations are thinking about the balance between the security and privacy benefits of strong encryption and other business needs.

Nicholas Sullivan

15:00 - 15:30

Speaker

Fixing transport security

It’s been a tough couple years for crypto protocols. Almost every month a new vulnerability in TLS is announced that causes panic and distress to the security and IT communities. In this talk I’ll explain the latest set of cryptographic vulnerabilities in an accessible manner. By the end of the talk you’ll hopefully know the difference between FREAK, LogJam, DROWN, Sweet32, POODLE and SLOTH. We’ll be breaking good crypto and bad with side-channels, signing oracles and downgrades. I’ll also explain how the latest changes to TLS are supposed to fix things and how the entire house of cards may topple once quantum computers arrive.

Nicholas Sullivan

15:30 - 15:50

Coffee break


15:50 - 16:20

Speaker

CloudABI: easily develop sandboxed apps for UNIX

One of the fundamental problems with UNIX-like operating systems is that they don't seem to make it easy and intuitive to develop applications that are strongly hardened against exploits. With CloudABI, we're trying to make this process a lot easier. CloudABI is an implementation of capability-based security, which allows you to create applications that are only capable of accessing those things for which they are designed. As you'll see, software also becomes easier to test and deploy as a result of using this model.

Ed Schouten

16:20 - 16:50

Speaker

Security risks and common mistakes in mobile application development.

As mobile applications are becoming more popular many organizations are serving their business oriented services on mobile devices to ease daily operations for their employees and clients. This raises risks that need to be considered and addressed from the beginning of the application's life-cycle. In this talk we will address risks and common mistakes which are frequently noticed while the given application is analysed. Not only the application itself but the supporting backend infrastructure (often API) needs to be addressed with even higher priority. The presentation will conclude with best practices and suggestions in mobile application development and configuration of common backend infrastructure.

Kristaps Felzenbergs

11:30 - 12:00

Speaker

Wargaming Cyber Attacks

This presentation will explore and analyse particular aspects regarding the application of traditional board-based wargaming to cyber attacks. The presentation will outline some general benefits and drawbacks of wargaming, elucidate specific difficulties of wargaming the cyber domain, evaluate previous attempts in this field, and finally expound some original games created by the author.

Andreas Haggman

12:00 - 12:30

Speaker

DDoS – Fairy Tales and Reality

Will try to analyse what really media topics about DDoS means. What is frightening there and what is really dangerous

Michael Soukonnik

12:30 - 13:00

Speaker

Synchronized Security

Synchronized security is better security. We will see how Sophos Synchronized security works and how you can manage different security solutions from one platform. We will also be looking into our new product like Intercept X with Cryptoguard and root cause analytics, an our new central managed Wifi.

Per Söderqvist

13:00 - 14:00

Lunch, expo area, business networking


14:00 - 14:30

Speaker

Applications are the new security perimeter

Application centric security solution with SSL visibility and identity federation are playing key role while building modern and future proof application and datacenter architectures. Today’s security is more about applications and how to secure them rather than building security purely to the networks. SSL / TLS visibility on is one key factor to provide full visibility and provide better all over security. User identities are to be protected while traditional infrastructures are transforming towards cloud services and application centric security models.

Timo Lohenoja

14:30 - 15:00

Speaker

Modern Malware Investigation Technics

Presentations is based on Check Point security report 2016 and some real life customer case investigations: https://www.checkpoint.com/resources/security-report/

Giedrius Markevicius

15:00 - 15:30

Speaker

Intelligent Protection through Attack Surface Visibility

Understanding and controlling your attack surface—the sum of all attack vectors against your organisation — is a fundamental, game-changing security capability. But it’s hard to manage something you can’t see. Skybox gives you true visibility of your attack surface, turning hybrid network, security and endpoint information into a comprehensive picture of your attack surface. With Skybox, see contributing factors that you can address to reduce your attack surface, contain cyberattack risks and achieve ongoing situational awareness.

Edvinas Pranculis

15:30 - 15:50

Coffee break


15:50 - 16:20

Speaker

Ransomware - The Rising Threat. How to protect against it?

With cybercriminals making millions – if not billions – of dollars from ransom demands, ransomware is unanimously identified as one of the biggest threats businesses face today. Bitdefender has been closely following the evolution of ransomware, predicting its next steps and introducing technologies to handle ransomware specifically.

Giedrius Liutkevicius

16:20 - 16:50

Speaker

Wireless is easy. Secure Wireless is the challenge.

There are more breaches than ever around the world and with more and more access to the company network wirelessly hackers have new ways to get in undetected. Let us show you how we can secure the wireless as well as we can protect the wired network.

Peter Johansson

11:30 - 12:00

Speaker

Breach prevention by analyzing the keystroke sequences of privileged users

Traditional IT security defenses are not enough effective against APTs or insider threats. Why? Because they can be circumvented in a sophisticated APT attack, and in the case of an insider attack, they simply can’t stop a privileged user from gaining access. By using behavior analytics, we have a technology that can quickly and accurately help us identify a potential breach. Although detecting unusual keystroke patterns might seem like sci-fi, there are already sophisticated session monitoring systems on the market that monitor privileged users, primarily for compliance purposes initially. When these systems are combined with UBA technology, we can go beyond compliance to the real-time detection and prevention of data breaches.

Péter Soproni

12:00 - 12:30

Speaker

Simply Indispensable Privileged Account Management & Endpoint Security

Privileged account passwords for domain admin accounts, root accounts, superuser accounts, and more are the preferred targets for hackers these days. And, once inside an organization, compromised credentials and privilege escalation give attackers the “keys to the kingdom,” allowing them to gain access as a trusted user to your most sensitive and critical information. Unfortunately, privileged accounts and IT Admin rights are all too often unknown, unmanaged, uncontrolled, and unprotected. If they are not properly managed and secured, your organization could suffer disastrous consequences.

Burckhardt Emons

12:30 - 13:00

Speaker

Detection of advanced threats and performance issues using artificial intelligence and machine learning

Demonstration of how artificial intelligence and machine learning is used for detection of unkown malware and other advanced threats and performance issues whether at the network or application level (databases etc.). Also advanced network visibility capabilities of the GREYCORTEX Mendel solution will be shortly demonstrated.

Martin Korec

13:00 - 14:00

Lunch, expo area, business networking


14:00 - 14:30

Speaker

The Future of Authentication is Mobile

As Business moves with the speed of the light, we need to access or data anywhere and anytime. But if we can access it, who else can? This talk will cover the latest developments of cybersecurity. Particularly how to make it non-intrusive for users and cost efficient for companies.

Janis Graubins

14:30 - 15:00

Speaker

e-StepControl – solution for identification of suspicious activities of IT system users

The presentation outlines main features of “e-StepControl” solution, its architecture and general approach which enable identification of suspicious activities of IT system users. Procedures for creation of individual / group user profiles are being provided based on the audit trails of user activities. Appropriate graph-based methods for monitoring and validating user sessions against these profiles are presented. This enables prevention of information theft and unauthorized use.

Vitaly Zabiniako

15:00 - 15:30

Speaker

Black Box in your Network – your network content at a glance.

Why and how ability to read network traffic contents increases your network security awareness. Clusterpoint Network Traffic Surveillance system.

Ģirts Palejs

15:30 - 15:50

Coffee break


15:50 - 16:20

Speaker

Proactive Insider Threat Management. From theory to reality based on NABU experience.

Building an efficient insider threat management system became a vital project for the recently established National Anticorruption Bureau of Ukraine. While major vendors on the market were offering expensive event-based solutions, NABU and BAKOTECH stumbled upon Israeli company Observe IT which offered completely different approach. During the presentation BAKOTECH will share the customer’s experience and outcomes from this successful project.

Eugene Goncharenko

16:20 - 16:50

Speaker

Moving forwards with Mission Critical systems

Legacy analogue voice systems for the emergency services have been replaced by secure digital systems such as TETRA and P25 since the early 2000's. As public cellular systems improve allowing streaming applications, so the public safety users expectations for new technologies need to be addressed. This is why there is a move towards an LTE derivative specifically designed for emergency services which will offer voice and data to critical users as never before. These new systems will be expensive, and will require far higher levels of security and resilience than those 4G systems used by the public. It is now time for Governments to confer with the public safety users to put in place a combined strategic policy for a system that will support PTT Voice, data and other applications and exceed the requirements of all Government agencies, allowing full inter-operability even with agencies in neighbouring countries.

Michael Capindale

11:30 - 12:00

Speaker

Cybersecurity Nexus (CSX), a new security knowledge platform and professional program from ISACA

Cyberthreats have the power to drive up costs and affect revenue for companies, making them similar to any other financial risk. What organizations need are practical tools to mitigate this risk The mind-set of the cybersecurity professional is a very important factor in preventing, detecting and mitigating security breaches. Developing this way of thinking must be part of recruiting and educating cybersecurity professionals.

Sintija Deruma

12:00 - 12:30

Speaker

The Day of the Urban Person

Presentation about the exponential evolution of technologies and how dependent we are on them. During the presentation an example about the consequenses of personal data theft will be given and will be outlined why it’s so important to keep Internet hygiene.

Albena Spasova

12:30 - 13:00

Speaker

Security Best Practices for Regular Users

What's in your personal threat model? What assets are you trying to protect? Learn how to improve your personal security and privacy online through best practices and security tips. This talk is for everyone, whether your a seasoned security professional or complete novice hopefully you will take away a few areas where you can better protect your personal information.

Geoffrey Vaughan

13:00 - 13:30

Speaker

The art of trickery: Social engineering Internet scammers

In this talk I present 3 artistic case studies that are heavily influenced by practices of Internet scammers and anti-scam activists of so called scambaiters. The discussed case studies include "Password:******", a data visualization of scammers most frequently used email passwords, 'Megacorp', a global conglomerate of fraudulent businesses and the "Behind the smart world research lab" that investigates data breaches on westafrican e-waste dumps.

Andreas Zingerle

13:30 - 14:00

Lunch, expo area, business networking


14:00 - 14:30

Speaker

Tackling today's cyber security challenges - WISER Services & Solutions

Learn about how WISER is making cyber security accessible and affordable for SMEs and organizations, making sure it becomes part of the business process with regular cyber risk profiling and vulnerability testing to stop attacks before they happen. Learn also about the full suite of WISER services going to market in 2017 and how we are guiding companies on new EU regulations and countries in improving their cyber security strategies. WISER is a European Innovation Action under Horizon 2020 that puts cyber-risk management at the very heart of good business practice, benefitting many different types of businesses, from ICT-intensive SMEs to critical infrastructure and process owners. It will provide a cyber-risk management framework enabling users to assess, monitor and mitigate risks in real-time, thus establishing a strong cyber posture.

Antonio Alvarez Romero

14:30 - 15:00

Speaker

Cybersecurity Risk Assessment - 'All Done' with WISER

Cyber risk management is imperative to organizations today. However, there is ample evidence that cyber risks remain misunderstood and unquantified, showing that most ICT-intensive organizations are ill-prepared for the challenges ahead in cyber space. Learn how WISER is addressing these challenges through its novel model-based cyber-risk management framework consisting of three modes of operation that collectively represent the WISER portfolio: CyberWISER Light is specifically designed for small and medium-sized enterprises (SMEs), providing a user-friendly cyber risk self-assessment tool available online for free. It is simple, quick and effective to use so SMEs can make cyber security a top priority without having to invest time and resources. CyberWISER Essential is for SMEs and ICT systems in general, providing a Risk Platform as a Service (RPaaS) for real-time risk assessment. CyberWISER Plus is tailored to highly complex cyber systems such as critical infrastructures, offering an on-demand service for real-time and cross-system assessment of threats and vulnerabilities.

Antonio Alvarez Romero

15:00 - 15:30

Speaker

IoT security driven by hacker & cybercrime community

IoT is hot topic which has already turned into a buzzword like we have seen it with "Clould", "APT", "SCADA" and "Threat Intelligence" in cyber security arena. Presentation will highlight some of the latest security concerns with IoT and trends indicating that hacker & cybercrime community might be the main driving force for demanding a proper security posture for IoT vendors and consumers. Lesson we should learn to avoid severe consequences...

Varis Teivans

15:30 - 15:50

Coffee break


15:50 - 16:20

Speaker

Third line of Defence

In his presentation, Karlis will give quick insight about Internal Audit profession, it’s role and importance in organization.

Karlis Majevskis

16:20 - 16:50

Speaker

Top 10 IT admin fails

Most popular IT admin fails I have saw in my profesional life, that can be fixed in notime, but gives a useful impact to system security.

Oskars Zīle

National Library of Latvia, Mūkusalas iela 3, Rīga, Latvia LV-1423