Register Now

25 April 07:30 - 18:307A Odenplan

Speakers

Ulf Berglund
Event Chairman - President, CSA Sweden Chapter

Chairman Opening Remarks

Ulf Berglund is the president of the Swedish chapter of CSA, Cloud Security Alliance, a worldwide organization. He is also co-author of the book Guide to the Cloud. Ulf has a long experience from leading positions in the field of information security. He has a background as an officer, his last active years he was principal officer, IT security and information security expert at the Military Intelligence and Security Service (MUST). He has held positions as CTO, senior consultant and senior consultant for companies such Pointsec, Ernst & Young and Technology Nexus. Ulf's consultant and the experience derived from companies like Scania, Swedish Match, the Stockholm Stock Exchange (OMX), the Swedish Central Bank, Apoteket AB (pharmacy), H&M and Länsförsäkringar Bank AB. He is the founder and owner of U&I Security Group AB.

Brian O' Toole
CISO, ERICSSON

AI and Cybersecurity Challenges and Experiences

  • Service provider security challenges
  • Telecom Signaling Threats Journey towards intelligent Security Management 
  • A secure foundation to handle the evolution of threats and security 
  • concerns Detection Use Cases for Advanced Signaling Security Analytics 

Brian O' Toole

Brian has been at Ericsson since 2005, working across several different areas including software development, product management and information security. Has been the CISO since 2015, and he is primarily focussed on integration of Information Security Risk Management across Ericsson, which is one of those things that is easy to say, but difficult to do in an organisation of over 100,000 people.

Robert Kitunzi
Editorial Director, IT Security Insights Conference

Jan Branzell
CEO

Ann-Marie Alverås Lovén
Senior Consultant, Secana AB

Ann-Marie works as a Senior Consultant at Secana AB and has an extensive background within cyber- and information security; C2 management, GDPR, IT-infrastructure and security infrastructure. She has operated at both tactical and strategic levels within the areas and is an accustomed leader, both in the role as manager and project leader.

Robert Willborg
SME Cyber Security and Privacy, Junglemap AB

Security Culture and Human Firewalls

Paul Edon
Senior Director, Technical Services, Tripwire International Inc

Paul Edon is a senior level Information Technology professional with over 30 years of experience in management, consulting and service provision. Paul has been at Tripwire for 11 years and is the Senior Director for Technical Services. He has extensive experience working in both the public and private sectors, has successfully grown and managed large international service teams and has been instrumental in the design and delivery of global enterprise security solutions.

Ignacio Berrozpe Peralta
Senior Sales Engineer, EMEA Thales eSecurity

How will you secure your data in the cloud?

More and more sensitive data is moved to the cloud. In Thales eSecurity round table session moderated by Ignacio Berrozpe, the discussion will be on how to keep control over and responsibility for your data in (multi-)cloud environments:

  • How to achieve data security in hybrid and (multi-)cloud environments
  • How to control and manage data security in every environment through using solutions such as BYOK (Bring Your Own Key) and BYOE (Bring Your Own Encryption)
  • How to achieve compliance with regulations such as GDPR
  • How to efficiently protect and manage encryption keys used to secure sensitive data

Ignacio Berrozpe Peralta

Ignacio is an Electronics and Telecom Engineer with more than 20 years’ experience in the field of networking and security. He has held positions of diverse responsibility in companies such as Nortel, Nokia, Checkpoint and RSA, always in the fields of Sales Engineering and Project Management. Since joining Thales in 2016 he works as technical advisor for encryption products.

Andrew Beckett
Managing Director, Kroll Inc

Kroll responded to over 1000 cyberattacks last year and  is already on track to respond to a greater number of events this year. In this presentation Andrew will discuss the growing sophistication and volume of threats as well as provide mitigation strategies based on frontline insights

Key takeaways:

  • What key trends has Kroll witnessed from 2018 and what can we expect in 2019? 

Andrew Beckett

Andrew Beckett is a managing director and EMEA leader for Kroll's Cyber Risk Practice. Andrew began his career at GCHQ where he held a variety of roles including head of the branch responsible for providing cyber security advice to government departments and penetration testing.  He also served in the Organization for the Prohibition of Chemical Weapons (OPCW). This is an International Civil Service organization operating under the auspices of the UN where Andrew was the first head of the Office of Confidentiality and Security and charged with setting up this team. Andrew went on to run his own commercial consultancies before joining Airbus Defense and Space in the UK as the head of Cyber Defense, a role he filled for five years before joining Kroll. Andrew is a visiting professor of Cyber Security at the University of South Wales.

Jabu Mtsweni
Research Group Leader, CSIR

Are SOCs still relevant or do they need an upgrade?

Security Operations Centres (SOCs) play a major role in detecting cyber incidents and protecting large and complex organisations. However, with the evolution of the cyber threats and risks, are SOCs still relevant or do they need a different approach in their implementation? In this round table discussion, we will discuss how SOCs have evolved over the years, and how can they be "upgraded" in order to keep with the times and forever changing multi-dimensional cyber threats and risks. 

Key takeaways:

  • The good, the bad, and the ugly of SOCs
  • Planning ad designing for an integrative SOC in large and complex environments
  • The future of SOCs in the physical-digital convergence era

Jabu Mtsweni

Dr Jabu Mtsweni is a Research Group Leader for Cyber Defence at the CSIR, Research Fellow at University of South Africa and Advisory Board Member at Tshwane University of Technology and ITWeb Security Summit. He is also the Information Warfare Capability Board member at the Department of Defence (South Africa). His research interests and technical expertise are in cybersecurity, cybercrime, socially relevant computing, and internet of things. He has over 16 years academic and industry experience and has published over 60 peer-reviewed conference and journal papers both in local and international forums. Dr Mtsweni is regularly invited and contributes at local and international forums. Dr Mtsweni has received a number of research and excellent awards for his research work, leadership, human capital development and community engagement.

Daniele Catteddu
CTO, Cloud Security Alliance

The Leading Cloud Trust & Accountability Program (STAR)

Security Transparency Assurance Risk (STAR) - The Program. Daniele will discuss the need for guidance, tools and data in this increasingly complex and resource demanding compliance landscape

Key takeaways:

  • Learn how to manage and optimize your security  privacy compliance posture and trusted brand perception

Daniele Catteddu

Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector.

Currently, he is the Chief Technology Officer, at Cloud Security Alliance, where he is responsible to drive the adoption of the organization technology strategy. He identifies technology trends, global policies and evolving social behavior and their impact on information security and on CSA’s activities. Mr Catteddu is the co-founder of the CSA STAR Program.

Daniele is member of the Italian Standard National Delegation at ISO, and contributes to ISO/IEC JTC 1/SC 27 (IT Security techniques), ISO/IEC JTC 1/SC 38 (Cloud Computing and Distributed Platforms), ISO/IEC JTC 1/SC 41 (Internet of Things and related technologies).

He is member of the Policy and Scientific Committee of the European Privacy Association, collaborates as lectures with the Maastricht University European Centre on Privacy and Cybersecurity and is member of the Advisory Board of the University of Kent Interdisciplinary Research Centre in Cyber Security (KirCCS).

Anders Jared
CISO, Systembolaget AB

Digitization - Strategy and security implications of digital transformation - Panelist

  • Anders has during his 20 years in the area of security a broad technological and information security knowledge. Anders has his background in law enforcement, primarily analyzing security breaches in criminal investigations. He has then evolved to a security director which, in all, renders him a unique understanding of both threats and prevention possibilities in our digitalized world. Anders has worked in large organizations, mostly government, in different sectors with the challenge of delivering adequate security on all levels in order to contribute both to efficiency and to business advantage.

Johan Schauman
Head Digital Co-development, Swedish Tax Agency

Digitization - Strategy and security implications of digital transformation - Panelist

  • Johan has been working at the Swedish tax agency for almost twenty years in many different roles. More recently as a change leader for the agency´s digital transformation and currently as head of co-development, creating prerequisites and enabling external parties to develop solutions with the agency´s data, code or professional experience and expertise. He is utterly convinced that the only way to create a sustainable digital community is through collaboration between the private and the public sector.

Anthony McCarrick
Digital Strategist, Municipality of Södertälje

Digitization - Strategy and security implications of digital transformation - Panelist


Anthony McCarrick

Tony McCarrick has a background as a teacher and school leader. Since 2011 he has worked on strategic issues in a digital world. Tony takes a holistic approach to digitization. Working with development in a changing world is not something new, but digitization makes completely new demands on us and the rate of change is something we need to relate to. A critical approach is a fundamental foundation in all development work.​

Ralph Benton
Head of Information and IT Security, Karolinska Hospital

How can ISO27001 support your GDPR and compliance with other regulatory requirements - Panelist

Ralph Benton CISA,CRISC & CISM - has more than 15 years’ documented experience in information security-, IT security- and IT risk management both on a national and an international level. He is currently the Head of Information- and IT security at the Karolinska University Hospital which is one of Europe's largest university hospitals with 15 800 employees, 1 600 beds and a turnover of 18 billion SEK. Ralph is also responsible for the change management of implementing GDPR throughout the hospital. Prior to his current assignment at Karolinska University Hospital he held a position as “acting CISO and Group Information Security and IT Risk Manager” at Sandvik AB.  

Anna Forsebäck
DPO, Schibsted Media Group

GDPR & The Cloud

Are you worrying about the right things?  When talking about GDPR in the cloud-context, important aspects still tend to be forgotten. In this round table session, Anna together with the participants will discuss how we can approach the cloud in a more mature way - because this is not only a matter of security:

  • Hygiene factors - what are the the low hanging fruit that we should catch in the contract that will have big practical consequences on-wards?
  • Applying a privacy by design thinking to the cloud - how can that help us ensure that fundamental privacy principles are met?
  • Gerilla-use of apps and services across the company - whose problem and how to contain it?

Anna Forsebäck

Anna is a Stockholm-based lawyer specialized in tech and privacy who has recently taken on the challenge to set up a centralized, scalable DPO-office for all companies in the Media Division of Schibsted Media - a task that comprises some fifty companies in ten European countries. Annas experience includes both external counsel roles and, in-house legal counsel and DPO roles.

Anna Maria Björklund
Group DPO, Swedbank AB

Compliance & Governance

Anna Maria Björklund (CIPP/E, CIPM) is the Group Data Protection Officer for Swedbank. Previously working as a corporate lawyer in the financial and energy sectors, she has focused solely on the privacy aspects in banking since 2016 when she returned to Swedbank to take up positions as a privacy lawyer within information security and legal teams with Group-wide functional responsibility. The implementation phase of the GDPR brought with it both opportunities to work hands-on with practical implementation tasks as well as advising management on GDPR compliance and taking active part in structuring the bank’s privacy model. She has recently been part of starting up the Swedish Bankers’ DPO Network and is also a member of the Swedish Bankers’ Data Protection Interpretation Group.

Helena Örtholm
Group DPO, Tele2 AB

How can ISO27001 support your GDPR and compliance with other regulatory requirements - Panelist

Helena started out as a lawyer working for the Swedish House Owners Association assisting the organization and its members with property rights and civil law issues. After some years she shifted focus to personal data rights/privacy issues and contract law, information security and IT audits when started working at EY and then later on at Transcendent Group, and she has been working with these topics as a consultant for approximately 15 years before starting to work as Chief Security Officer at the former TDC in 2013. With the Tele2 acquisition of TDC Helena became CISO and DPO for Tele2 Sweden and with the re-organization of Tele2 due to the current merger with ComHem she now holds the role as Group Privacy Officer, Data Protection Officer for Tele2 Sweden and ComHem as well as expanding her role in driving the risk work within the organization in her new role as Head of Operational Risk Management.

Erik Blomberg
CISO, Handelsbanken

Prevention of cyber threats within the banking and finance sector - Panelist

Erik Blomberg is a Senior Vice President and head of Information- & IT-security (CISO) in Handelsbanken. He is a cybersecurity thought leader with an emphasis on enterprise risk management, business alignment and cybersecurity governance. Erik has close to 30 years in the IT-industry. First, six years as a consultant in Cap Gemini, before moving to Handelsbanken IT where he has had different management positions, latest as head of IT for Handelsbanken UK.

Dimitrios Stergiou
CISO, Trustly

Agile Application Security

A look at application security approaches that don't work in today's landscape, and a proposed approach that has yielded the best results so far. The session presents the basic approach for those who starters, and introduces the concept of DevSecOps for those who have already incorporated application security practices in their development lifecycle.

  • What application security approaches have been tried and failed?
  • What are the basics you need to cover when designing your application security approach?
  • How does a holistic application security approach look like?
  • What about DevSecOps, is it something we should be looking into?

Dimitrios Stergiou

Dimitrios is currently employed as the Chief Information Security Officer for Trustly. He is an experienced senior Information Security and Risk professional with over 20 years’ experience in Risk Management, IT audits and Information security. Before joining Trustly, Dimitrios held positions at Modern Times Group, NetEnt, Entraction, Innova S.A and Intracom S.A. Dimitrios holds a M.Sc. in Information Security and is a Certified Lead Implementer for ISO 27001:2013, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC) professional and Certified Information Systems Security Professional (CISSP). He is also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional / Europe (CIPP/E).

Elin van Beesel
Senior Manager, GDPR, FCG AB

Incident Process - Round Table Moderator

How shall we actually define when a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons?

What does this mean in practice?

Do we have any examples from a data breach that resulted in such high risks and when the breach was also communicated to the data subject?

Elin van Beesel

Elin is a lawyer with nearly 20 years of experience in business law. Her speciality is GDPR and data privacy where she currently manages a wide range of GDPR compliance projects at group level. Elin is also appointed as Data Protection Officer for several FCG clients. Besides the client assignments Elin is also often engaged in educations and seminars within the data privacy sector.

Pasi Söderberg
CISO, FOREX Bank

Prevention of cyber threats within the banking and finance sector - Panelist


Pasi Söderberg

Pasi has been in leading roles within the IT- & Information security area the last 15+ years in several banks and within the armed forces. He is dedicated to build strong teams and use risk management to identifying and mitigating Cybersecurity threats to enable business success, currently at FOREX Bank as a CSO.

Johan Balck
Head of Information Security, Skanska Sweden AB

How can ISO27001 support your GDPR and compliance with other regulatory requirements - Panelist

Johan has over 16 years’ experience in the IT Security industry. He joined Skanska in 1996. Prior to his current role as CISO for Skanska Sverige AB, he has occupied different roles such as Information Security Manager, Business Architect, Senior Project Manager, IT Security Manager to mention but a few. In his spare time he is a well-known speaker at major sporting events in Sweden, for example: Stockholm Marathon, Halikko-Viesti, New Year's race, Runrundan, Lidingöloppet and championships in orienteering.

Martin Schaefer
Head of IT at Group Functions, PostNord

Digitization - Strategy and security implications of digital transformation - Panelist

Martin is a business and technology leader with broad technological and information security background. During his career, Martin has worked at different international and global companies in different industry sectors such as energy and utility with the challenge to enable interconnection of information from critical infrastructure with consumer services across multiple actors, manufacturing paving its path into industry 4.0 and e-commerce and logistics, providing digital services in a heavily disrupted sector.

Georgios Kryparos
Head of Security, Tink

Prevention of cyber threats within the banking and finance sector - Panelist

Georgios is currently heading the security department at Tink. Prior to that he was the lead security engineer at Klarna working with everything from security architecture to devsecops and from an information security to an application security perspective. He has more than 14 years of experience in the field and he believes that security work should not be driven by compliance requirements.

John Wallhoff
President, ISACA, Sweden Chapter

Career paths into and within Cyber security

Organisations struggle with skills shortage where it is necessary to identify create career paths for both new and existing employees. There are a few  globally accepted professional security certifications like CISM and CISSP  by ISACA and CISSP by (ISC)² combined with issue or product specific certificates. You can also find some guidance in frameworks like COBIT, but to create a career path you should take a more holistic approach using skills frameworks like Europeane-Competence, SFIA and DASA.

Takeaways:

  • This presentation will provide guidance of where to go for a skill based approach to define career paths into and within cybersecurity

John Wallhoff

John Wallhoff (CISA, CISM, CISSP), President of ISACA Sweden Chapter & independent advisor. He is an experienced expert in the field of IT-Governance, IT Service Management and Information Security. Over the past 25 years he has been working with a wide range of organisations in different industries/sectors.

Richard Oehme
Chairman of Cyber Group, SOFF

Cyber Attacks beyond financial interests – The Political Battlefield - Panelist

Richard Oehme is currently chairman of SOFF’s Cyber Group and he is also Director Cyber security and Critical infrastructure Protection at PwC's Sweden business area Cyber security, risk and resilience. He has over 30 years of experience in Security policy, Crisis preparedness, Civil Defence, Cyber security, Intelligence operations and in the protection of Critical infrastructure as well as years of experience regarding national policy making. Richard has held high senior positions such as: Special Advisor for Intelligence co-ordination in the Ministry of Defence, Deputy Director and Head of IT -and Protective Security in the Swedish Government, Senior Advisor and Head of  Analysis Section & Crisis Management in the Prime Minister's Office to mention but a few. Over the years this has given him a unique insight in national and international security policy and how to build sustainable security solutions in a changing world.

    Åke Holmgren
    Head of Cybersecurity Division, MSB

    Cyber Attacks beyond financial interests – The Political Battlefield - Panelist

    Dr. Åke Holmgren is head of the Cybersecurity and Critical Infrastructure Protection Department at the Swedish Civil Contingencies Agency (MSB). Dr. Holmgren has more than 20 years of experience in cyber security and critical infrastructure protection from various government functions in Sweden. He has been a member of the Norwegian Commission on the digital vulnerability of society. Dr. Holmgren has been Visiting Scholar at the Institute for Civil Infrastructure Systems, Wagner Graduate School of Public Service, New York University. He holds a Ph.D. degree in Risk and Safety Analysis and a M.Sc. degree in engineering, both from the Royal Institute of Technology (KTH) in Stockholm, and a B.Sc. degree in business administration and economics from Stockholm University. At Paranoia 2019 Dr. Holmgren will give the talk "Countering Hybrid Threats - Civil Cyber Defence".

    Registration Starts

    Chairman's Opening Remarks - CSA, Swedish Chapter

    Career paths into and within Cyber Security

    Organisations struggle with skills shortage where it is necessary to identify create career paths for both new and existing employees. There are a few  globally accepted professional security certifications like CISM and CISSP  by ISACA and CISSP by ISC2 combined with issue or product specific certificates. You can also find some guidance in frameworks like COBIT, but to create a career path you should take a more holistic approach using skills frameworks like Europeane-Competence, SFIA and DASA.

    Key Takeaways:

    • This presentation will provide guidance of where to go for a skill based approach to define career paths into and within cybersecurity

    AI and Cybersecurity Challenges and Experiences

    • Service provider security challenges
    • Telecom Signaling Threats Journey towards intelligent Security Management 
    • A secure foundation to handle the evolution of threats and security 
    • concerns 
    • Detection Use Cases for Advanced Signaling Security Analytics 






    `

    Agile Application Security

    A look at application security approaches that don't work in today's  landscape, and a proposed approach that has yielded the best results so far. The session presents the basic approach for those who starters, and introduces the concept of DevSecOps for those who have already incorporated application security practices in their development  lifecycle.

    • What application security approaches have been tried and failed?
    • What are the basics you need to cover when designing your application security approach?
    • How does a holistic application security approach look like?
    • What about DevSecOps, is it something we should be looking into?

      Panelist: Åke Holmgren - MSB

      Panelist: Richard Oehme - SOFF

      Panel: Cyber attacks beyond financial interests -The Political Battlefield

      COFFEE BREAK

      1000+ Cyber Investigations Later: Trends To Beware

      Kroll responded to over 1000 cyberattacks last year and  is already on track to respond to a greater number of events this year. In this presentation Andrew will discuss the growing sophistication and volume of threats as well as provide mitigation strategies based on frontline insights

      Key takeaways:

      • What key trends has Kroll witnessed from 2018 and what can we expect in 2019? 

      Security Culture and Human Firewalls

      The presentation will focus on how, as part of the digitization around us, we conduct a secure digitization process. Is safety culture an important aspect and how do I create it in my business? How should I measure my own work related to security in a digital world? The presentation will also emphasize why one must look at security as a process and not as an event.

      Key takeaways:

      • How do you create a mature security culture as a natural part of your systematic work with information security

      Panelist: Helena Örtholm - Tele2 Sverige AB

      Panelist: Johan Balck - Skanska AB

      Panelist: Ralph Benton - Karolinska Hospital

      Panelist: Ann-Marie Alverås Lovén - Secana AB

      PANEL: How can ISO27001 Support your GDPR & Compliance with other regulatory requirements

      Major Breach Response Mistakes and How To Avoid Them

      Every day we read in the papers of another household brand losing the data of millions of customers. Every year, a new “biggest ever” cyber breach is reported and whilst some companies become headline stars for all the wrong reasons following a breach, others quietly investigate, report and move on with little fuss, no headlines and little damage to their brand and reputation. During this round table, Kroll will discuss the major mistakes we most often see in companies’ Incident Response Plans before looking at what companies can do to get it right.

      Key takeaways:

      • What is the no. 1 mistake companies make in preparing for a cyber incident?
      • Optimizing the role of PR in breach response
      • What can companies do to get it right?

      How will you secure your data in the cloud?

      More and more sensitive data is moved to the cloud. In this round table session moderated by Ignacio Berrozpe, the discussion will be on how to keep control over and responsibility for your data in (multi-)cloud environments:

      • How to achieve data security in hybrid and (multi-)cloud environments
      • How to control and manage data security in every environment through using solutions such as BYOK (Bring Your Own Key) and BYOE (Bring Your Own Encryption)
      • How to achieve compliance with regulations such as GDPR
      • How to efficiently protect and manage encryption keys used to secure sensitive data

      Incident Process

      • How shall we actually define when personal data breach is likely to result in a high risk to the rights and freedoms of natural persons?
      • What does this mean in practice?
      • Do we have examples from a data breach that resulted in such high risks and when the breach was communicated to the data subject?

      Compliance & Governance

      The GDPR did unfortunately not come with an easy-to-use manual on how your organisation should implement and govern GDRP issues, but left it to you to figure out with only the help of some requirements about appointing DPO’s and the need to do impact analyses which does not take you far. It is also clear that a privacy model suitable for one organisation could prove unnecessary burdensome for another. In this round-table discussion we dive into the challenges and solutions around internal privacy governance models and touch on the subject of effective privacy maturity tracking.

      • Which department shall take the GDPR lead?
      • How do we make decision-making and documentation around privacy easy and effective?
      • How do we track privacy maturity and compliance in our organisation?

      GDPR & CLOUD

      Are you worrying about the right things?  When talking about GDPR in the cloud-context, important aspects still tend to be forgotten. In this round table session, Anna together with the participants will discuss how we can approach the cloud in a more mature way - because this is not only a matter of security:

      • Hygiene factors - what are the the low hanging fruit that we should catch in the contract that will have big practical consequences on-wards?
      • Applying a privacy by design thinking to the cloud - how can that help us ensure that fundamental privacy principles are met?
      • Gerilla-use of apps and services across the company - whose problem and how to contain it?

        AI and Cybersecurity Challenges and Experiences

        ROUND TABLE DISCUSSIONS - PART1

        LUNCH BREAK

        The Leading Cloud Trust & Accountability Program (STAR)

        Panelist: Pasi Söderberg - FOREX Bank

        Panelist: Georgios Kryparos - Tink

        Panelist: Erik Blomberg - Handelsbanken

        Panelist: Paul Edon - Tripwire International Inc

        PANEL: Prevention of cyber threats within the banking and financial sector

        COFFEE BREAK

        Are SOCs still relevant or do they need an upgrade?

        Security Operations Centres (SOCs) play a major role in detecting cyber incidents and protecting large and complex organisations. However, with the evolution of the cyber threats and risks, are SOCs still relevant or do they need a different approach in their implementation? In this round table discussion, we will discuss how SOCs have evolved over the years, and how can they be "upgraded" in order to keep with the times and forever changing multi-dimensional cyber threats and risks. 

        Key takeaways:

        • The good, the bad, and the ugly of SOCs
        • Planning ad designing for an integrative SOC in large and complex environments
        • The future of SOCs in the physical-digital convergence era

        ISO 27000 series controls and GDPR

        Many GDPR projects has been focusing on interpreting GDPR, but few has been looking at the wider picture on how to actually protect personal data and encourage privacy by design. GDPR implementation has in many cases been done in a “silo” without taking the long-term view and integrating with information security. This will in the long run prove inefficient and drive cost. What controls in ISO/IEC 27001 Annex A can be used for GDPR purposes is one question? And how can the systematic approach of an ISMS according to ISO 27000 series support addressing privacy concerns long term is of course another? In this round-table discussion we dive into the challenges and solutions around information security and applying controls for privacy and the relationship to information security in order to capture opportunities by not applying “silos”.


        Key Takeaways:
        • Can the requirements in ISO 27001 “ISMS” cover GDPR concerns – if so in what way?
        • What are the similarities and differences between information security controls based on ISO/IEC 27001 Annex A and preserving privacy according to GDPR?
        • What controls and activities that is lacking in ISO/IEC 27001 and what other ISO 27000 standards can support this?
        • What can be done short term and in the long term, will an ISO certification be way for gaining trust also for privacy?

        Career paths into and within the Cyber Security

        Key takeaways:

        • How do you get new talents to be involved in cybersecurity and provide them with necessary skills and mindset?
        • How to motivate existing staff  to stay and continue to evolve in the cybersecurity profession

         

        What about Cloud Act, is it a real “threat”?

        Do we need to worry when moving into cloud services? Update yourself on Cloud Act facts. In this round table session, Ulf together with the participants will discuss how we can approach Cloud Act since it raises questions and worries.

        Key takeaways:

        • Let´s have a common dialogue upon the fact that Cloud Act is out there
        • Are there any differences depending on branch (bank, retail) or services (Paas, SaaS etc)?
        • Agree upon some statement that we could use back “home”

        Agile Application Security

        Application Security (and SDLCs) take many forms, and there is no one-size fits all. Some of us might have come up with the best approach, while the rest of us might have horror stories to trade. 

        Key takeaways:

        • Have we implemented any SDLC? If so, do we think it's working or not?
        • Have we used any well-known maturity models (like BSIMM and OpenSAMM), or we preferred to roll our own?
        • How do we measure our SDLCs?

        ROUND TABLE DISCUSSIONS - PART 2

        Panelist: Anthony McCarrick - Municipality of Södertälje


        Panelist: Johan Schauman - Swedish Tax Agency

        Panelist: Anders Jared - Systembolaget AB

        Panelist: Martin Schaefer - PostNord

        PANEL: Digitization - Strategy and security implications of digital transformation

        Chairman Closing Remarks - CSA, Swedish Chapter

        Event Editorial Director's Closing Remarks

        Conference Closing Remarks

        Cocktail Reception - Live Prize Draw By Tripwire

        It’s our pleasure to welcome you at the 3rd Edition of the IT Security Insights conference that is for the first time being organised in collaboration with the Cloud Security Alliance, Sweden Chapter. We believe the partnership is a win-win for both the IT Security Insights Conference and CSA since we both share a mutual objective of creating awareness of challenges and trends for almost the same target audience. The ultimate goal for co-hosting the event with CSA is to help boost and promote the use of best practices for providing security assurance within Cloud Computing on the  Swedish market.

        The conference is going to be more insightful with more speakers and bigger than before with a combination of presentations, panel debates and round table discussions to boost increased interactions between vendors and users of IT/Cloud Security Services.

        Register Now

        7A Odenplan is an accessible and modern venue occupying a floor plan of 2000 sqm with a large courtyard. It offers flexible rooms, good food and a roof terrace that overlooks Odengatan with a fantastic panoramic view of the city of Stockholm.

        7A Odenplan has a perfect city location with subway, commuter train and most city buses a few steps from the entrance. those who intend to drive a car, there is a parking garage in the house below with direct access up to the meeting room. Warm welcome!

        Address: Norrtullsgatan 6, 113 29 Stockholm Visit venue at: http://www.7a.se/konferenseven...

        By Subway from T- Centralen: • Take the green line with train no.s: 17, 18 & 19 on the subway from Stockholm Central towards any of the following destinations: Odenplan, Alvik, Åkeshov, Råcksta, Vällingby and Hässelby Strand.

        • Get off at Odenplan - approx travel time 4 minutes.

        • From the Subway station it takes 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time. There is a subway going every 5 minutes.

        By Train from Central Station • Take the commuter train from Stockholm Central towards any of the following destinations: Märsta, Kungsängen, Uppsala and Arlanda Airport.

        • Get off at Odenplan station - approx travel time 4 minutes

        • From the underground it will take at least 3 minutes’ walk to get out of the station. Then approx. 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time.

        • The commuter trains go 4-6 times per hour.

        By car Address: Norrtullsgatan 6, 113 29 Stockholm, Sweden

        By taxi We recommend the following companies: Taxi Stockholm +46 88-15 00 00 Taxi Kurir + 46 88-30 00 00 Taxi 020 + 46 20-20 20 20

        Register Now