8 November 07:30 - 19:00Hotel Birger Jarl

ABOUT THE EVENT

Welcome to the second edition of the IT Security Insights Conference. As was the case with the previous event, we are going to focus mainly on promoting the best customer case-studies and innovative trends within the IT Security industry. Therefore, we are pleased to inform you that the second edition is going to be more insightful with more customer case studies and more speakers. 

Our mission is to grow the event to be an exceptional user-based networking platform for IT Security professionals on the Swedish market. The main objective of the event is to enable IT Security practitioners to reflect on the challenges, achievements and obstacles overcome during the year while at the same time looking ahead on what the future holds for the IT Security Industry in 2019.

The focus of the fall event will be: IoT Security, Cloud Security, Security Operations Center (SOC), Information Security Awareness and Training, Cyber Insurance, Artificial Intelligence, Post-GDPR Insights, Cyber Security and Big Data Analytics capabilities.

Who Should Attend

We target IT professionals working with or facing IT Security challenges and are interested to learn how to safeguard their organisations from today’s advanced threats. It is a must-attend for persons in the following positions or similar ones: CISOs, CSOs, CIOs ,CTOs, CEOs, IT Directors, Heads of IT Strategy, IT Infrastructure Directors, Cyber Security Specialists, IT Security Architects, DPOs, Data Security Directors, IT Security Managers, Risk and Security Managers, Compliance Directors, Heads of Networks, IT Security Analysts, Head of IT Operations, IT Architects, IT Security Architects, IT Technicians, Service Delivery Managers, IT-solution Managers (ISM), System Administrators, IAM Directors and IT System Managers.

Why Attend

  • Listen to practical examples of IoT and challenges with IoT Security
  • Get insights on security operations center (SOC)
  • To explore the opportunities and challenges presented by cloud services
  • Learn the importance of having the right cyber insurance policy in this era
  • To share experiences with peers on recent GDPR implementations
  • To engage in Information Security awareness and training sessions
  • To network with existing vendors and potential business partners
  • Check out the latest IT Security products in the Expo Area








Speakers

Annette Norman
Head of Information Security - Justice Department, Swedish Govt.

The national strategy for society's information and cybersecurity

 Den Nationella strategin för samhällets informations- och cybersäkert uttrycker regeringens övergripande prioriteringar och utgör en plattform för Sveriges fortsatta utvecklingsarbete inom området. Strategin ska uppdateras 2018 med anledning av kraven på en nationell strategi i NIS-direktivet.

Annette Norman

Hon är jurist och har lång erfarenhet av arbete med informationssäkerhet bl.a. genom tillsyn och rådgivning enligt säkerhetsskyddslagen, utredningssekreterare i utredningen om genomförandet av NIS-direktivet och utredningen om vissa säkerhetsskyddsfrågor.
 

Read more

Christian Källqvist
CIO, Schneider Electric AB

GDPR after the Implementation date Still a lot of work to do...

Hired a management consultant firm to help them with the implementation

Intensified the work with which processes to keep soft and which to add application/database support

The number of hours and the resources needed was ramped up significantly for the implementation of the application/database support. Nobody knew how to implement this, least of all Datainspektionen(DI)

Best knowledge within Management consulting firms

How to guide DI to better understanding/getting answers?

How to avoid doing same work/mistakes at every company?

Christian Källqvist

Han har jobbat med IT-säkerhetsfrågor som en del i hans nuvarande och historiska roller, tidigare på SE-banken och nu på Schneider Electric. De nya möjligheterna med ständigt uppkopplade produkter driver nya penetrationsmöjligheter och därmed säkerhetsutmaningar. Schneider Electric fokuserar t.ex. stort på EcoStruxure. Det är Schneider Electrics IoT-aktiverade, öppna, kompatibla arkitektur och plattform med plug-and-play-funktion för hem, fastigheter, datacenter, infrastruktur och industrier. Säkerheten i dessa lösningar är mycket v

Read more

Jan-Olof Andersson
CISO, ICA Sverige AB

Information Security Incident Response Strategies

Good ability to handle information security incidents is a must for managing the threat to ICA's business.

In this presentation, Jan-Olof presents how incident management is linked to
the company's security process and what components are included to enable the company to be able to handle a security incident.  He will also give tips on how they handle personal data incidents at the company

• Do you have the required skills?

• How much resources requires this ability?

Jan-Olof Andersson

Jan-Olof Andersson, has 30 years’ experience in the security field and has earned great credibility in the industry. His knowledge stretches from physical protection to information security, focusing on what is best for the organization. Colleagues in the field place great confidence in him, and on several occasions he has been appointed as one of the most prominent persons in the field of information security. He has experience in a variety of businesses in roles as consultant, head of security, head of information security and he has mastered all the disciplines that exist in the security field

Read more

Ulf Berglund
President, CSA Sweden Chapter

Cloud Security (or not!) och Business Continuity Planning (BCP)

Hur och när vet jag att just min data blir återskapad efter en krasch hos molnleverantören. Vad står det i avtalet?

Lite praktiska tips hur man skall resonera och tänkar

Vad är viktigt att ta reda på om moln leverantören när det BCP

Situationer som kan uppstå och som  man måste ha en plan för om de inträffar

Koppling till egen plan, att tänka på och hantera

Ulf Berglund

Ulf Berglund is the president of the Swedish chapter of CSA, Cloud Security Alliance, a worldwide organization. He is also co-author of the book Guide to the Cloud. Ulf has a long experience from leading positions in the field of information security. He has a background as an officer, his last active years he was principal officer, IT security and information security expert at the Military Intelligence and Security Service (MUST). He has held positions as CTO, senior consultant and senior consultant for companies such Pointsec, Ernst & Young and Technology Nexus. Ulf's consultant and the experience derived from companies like Scania, Swedish Match, the Stockholm Stock Exchange (OMX), the Swedish Central Bank, Apoteket AB (pharmacy), H&M and Länsförsäkringar Bank AB. He is the founder and owner of U&I Security Group AB.


Read more

Ina Nordqvist
Senior IT-Security Consultant, Board Member CSA Sweden Chapter

Cloud Security (or not!) och Business Continuity Planning (BCP)

Hur och när vet jag att just min data blir återskapad efter en krasch hos molnleverantören. Vad står det i avtalet?

Lite praktiska tips hur man skall resonera och tänkar

Vad är viktigt att ta reda på om moln leverantören när det BCP

Situationer som kan uppstå och som  man måste ha en plan för om de inträffar

Koppling till egen plan, att tänka på och hantera

Read more

Dimitrios Stergiou
CISO, Trustly

The psychology of social engineering

Social engineering is nothing new, but it has become the “king of attacks”, being (relatively) easy to deploy and requiring minimal commitment from the attackers’ side. Key takeaways:

The 6 influence principles (by Dr. Cialdini) and how these principles are utilized to improve the success rate of social engineering attacks

The driving forces of what makes us “click on the link” and how we should defend against them

What one can do  to prevent these types of social engineering attacks

Dimitrios Stergiou

Dimitrios is currently employed as the Chief Information Security Officer for Trustly. He is an experienced senior Information Security and Risk professional with over 20 years’ experience in Risk Management, IT audits and Information security. Before joining Trustly, Dimitrios held positions at Modern Times Group, NetEnt, Entraction, Innova S.A and Intracom S.A. Dimitrios holds a M.Sc. in Information Security and is a Certified Lead Implementer for ISO 27001:2013, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC) professional and Certified Information Systems Security Professional (CISSP). He is also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional / Europe (CIPP/E).

Read more

Aleksandra Kharlan
Data Privacy Specialist, EnterCard Group AB

Data protection measures required by GDPR- Entercard Case-Study

In 2016 EnterCard Group put a lot of efforts to develop own understanding of data protection measures required by GDPR; what is already in place and what should be added.  In 2017 and beginning of 2018 we worked on archiving our GDPR goals. 2018- is a year when we analyze outcome of our work and maintain our achievements. So is there anything to do after GDPR implementation? Is there room for improvement and do we need it?  

This presentation is dedicated to following questions: 

We are compliant! What’s next?  

Technical solutions vs policies and corporate culture. What would work best for your company?  

Data breach without breach. Is absence of data minimization and privacy by design can be an actual personal data breach?  


Aleksandra Kharlan

Aleksandra has been working with compliance and privacy issues since 2012 within law and compliance department for global FCG company, before that she worked with commercial and IP law questions. 

In 2017 Aleksandra joined Information Security department at Entercard Group AB to work with privacy related issues triggered by implementation of new regulation in EU that significantly affected companies working in financial sector.  EnterCard Group AB is a financing company that offers credit cards and consumer loans to the Scandinavian market. Aleksandra responsible for privacy related questions at department level.  Monitors data protection compliance within the organization and works on identifying actions necessary for remediation. Designs and develops privacy related processes, frameworks, standards and guidelines. She was a part of GDPR project team from Information Security department side. 

Read more

Schedule

Registration Starts

50min

Chairman Opening Remarks

Chairman Opening Remarks

10min

Nationell strategi för samhällets informations- och cybersäkerhet - Huvudman för informationssäkerhet, Justitiedepartementet

  • Hur  svarar strategin mot de nya utmaningar som finns i ett allt mer digitaliserat samhälle?
  • Vilka åtgärder har vidtagits och vad händer 2019?

20min

Information Security Incident Response Strategies - CISO, ICA Sverige AB

Good ability to handle information security incidents is a must for managing the
threat to ICA's business.

In this presentation, Jan-Olof
presents how incident management is linked to the company's security process
and what components are included to enable the company to be able to handle a
security incident.  He will also give tips on how they handle personal data
incidents at the company

• Do you have the required skills?

• How much resources are required for this task?


20min

Cloud Security (or not!) och Business Continuity Planning (BCP) - President, CSA Sweden Chapter


20min

Cloud Security (or not!) och Business Continuity Planning (BCP) - Senior IT-Security Consultant, CSA Sweden Chapter

  • Hur och när vet jag att just min data blir återskapad efter en krasch hos molnleverantören. Vad står det i avtalet?
  • Lite praktiska tips hur man skall resonera och tänker
  • Vad är viktigt att ta reda på om moln leverantören när det BCP
  • Situationer som kan uppstå och som  man måste ha en plan för om de inträffar
  • Koppling till egen plan, att tänka på och hantera

20min

Data protection measures required by GDPR- Entercard Case-Study

In 2016 EnterCard Group put a lot of efforts to develop own understanding of data protection measures required by GDPR; what is already in place and what should be added.  In 2017 and beginning of 2018 we worked on archiving our GDPR goals. 2018- is a year when we analyse outcome of our work and maintain our achievements. So is there anything to do after GDPR implementation? Is there room for improvement and do we need it?  

This presentation is dedicated to following questions:  

  • We are compliant! What’s next? 
  • Technical solutions vs policies and corporate culture. What would work best for your company? 
  • Data breach without breach. Is absence of data minimization and privacy by design an actual personal data breach?  

20min

Coffee Break and Visit to the Expo Area

25min

The psychology of social engineering

Social engineering is nothing new, but it has become the “king of attacks”, being (relatively) easy to deploy and requiring minimal commitment from the attackers’ side. Key takeaways:

  • The 6 influence principles (by Dr.Cialdini) and how these principles are utilized to improve the success rate of social engineering attacks
  • The driving forces of what makes us “click on the link” and how we should defend against them
  • What one can do to prevent these types of social engineering attacks

30min

Practical implementations - How to use AI to improve the SOC

30min

How to combat cyber threats in critical infrastructure industries

25min

Customer Case Study - TBA

20min

Networking Lunch and a visit to the Expo Area


60min

Round Table Discussions (2x45 minutes)

Round Table Topics:

  1. Digital Transformation & IoT
  2. Security Operations Center (SOC)
  3. Cyber Insurance
  4. GDPR Insights
  5. Endpoint Security
  6. Cloud Security

90min

Afternoon Networking Coffee Break

20min

IoT Security -How secure is your IoT environment?

20min

Keynote: A Business Case For Cyber Insurance

25min

Case-Study - GDPR after the Implementation date Still a lot of work to do...

Christian will talk about the initiatives, challenges and projects conducted before and after the 25th of May.  Shared experiences after the 25th of May:

  • Hired a management consultant firm to help them with the implementation
  • Intensified the work with which processes to keep soft and which to add application/database support
  • The number of hours and the resources needed was ramped up significantly for the implementation of the application/database support
  • Nobody knew how to implement this, least of all Datainspektionen
  • Best knowledge within Management consulting firms
  • How to guide DI to better understanding/getting answers?
  • How to avoid doing same work/mistakes at every company?






  

20min

Customer Case Study - TBA

20min

Keynote: What the future holds for the IT Security Industry - TBA

25min

Chairman Closing Remarks

10min

Networking Cocktail

60min

The venue is located in the heart of the city of Stockholm. It's a 3-minute journey by subway from Stockholm's metro station to Rådmansgatan metro station. Then it's a 3-minute walk from a Rådmansgatan metro station to the venue. This contemporary hotel in a mid-century building is 2.1 km from the Royal Palace of Stockholm and 2.9 km from Vasa Museet, a maritime museum

INTERESTED TO BECOME A PARTNER & TO SPEAK

Contact the event's Editorial Director, Robert Kitunzi at robert.kitunzi@matchcorp.com
Or contact us by phone at +46 70 7470 608