8 November 07:30 - 19:00Hotel Birger Jarl

The venue is located in the heart of the city of Stockholm. It's a 3-minute journey by subway from Stockholm's metro station to Rådmansgatan metro station. Then it's a 3-minute walk from a Rådmansgatan metro station to the venue. This contemporary hotel in a mid-century building is 2.1 km from the Royal Palace of Stockholm and 2.9 km from Vasa Museet, a maritime museum

INTERESTED TO SPEAK? 3 SPEAKING SLOTS LEFT TO FINALISE THE AGENDA!

Contact the event's Editorial Director, Robert Kitunzi at robert.kitunzi@matchcorp.com
Or email us at partnership@itsecurityinsights.com and one of our Sales Representative will contact you.



Speakers

Annette Norman
Senior Advisor National Cyber Security Strategy- Government of Sweden

The national strategy for society's information and cybersecurity

 The National Strategy for Society Information and Cyber ​​Security expresses the government's overall priorities and provides a platform for Sweden's continued development work in the area. The strategy will be updated in 2018 due to the requirements of a national strategy in the NIS Directive.

Annette Norman

Hon är jurist och har lång erfarenhet av arbete med informationssäkerhet bl.a. genom tillsyn och rådgivning enligt säkerhetsskyddslagen, utredningssekreterare i utredningen om genomförandet av NIS-direktivet och utredningen om vissa säkerhetsskyddsfrågor.
 

Read more

Ulf Berglund
President, CSA Sweden Chapter

Cloud Security (or not!) and Business Continuity Planning (BCP)

Key takeaways:

  • What is important to find out before the incident occurs, about your cloud supplier when it comes to BCP
  • Different situations that may occur and which you must have a plan for if they happen
  • Connect your own BCP-plan to the Cloud suppliers, what should you think about and manage

Ulf Berglund

Ulf Berglund is the president of the Swedish chapter of CSA, Cloud Security Alliance, a worldwide organization. He is also co-author of the book Guide to the Cloud. Ulf has a long experience from leading positions in the field of information security. He has a background as an officer, his last active years he was principal officer, IT security and information security expert at the Military Intelligence and Security Service (MUST). He has held positions as CTO, senior consultant and senior consultant for companies such Pointsec, Ernst & Young and Technology Nexus. Ulf's consultant and the experience derived from companies like Scania, Swedish Match, the Stockholm Stock Exchange (OMX), the Swedish Central Bank, Apoteket AB (pharmacy), H&M and Länsförsäkringar Bank AB. He is the founder and owner of U&I Security Group AB.


Read more

Stuart Beattie
Product Marketing Director, Omada A/S

Identity management and access governance at the heart of your cybersecurity

The presentation covers how identity management and access governance helps manage security risk – protect sensitive information, ensure compliance, avoid accidental or illegitimate access, and data theft. Learn how efficient identity management maintains business agility – by providing timely and appropriate access for your employees.

Stuart Beattie

Stuart is a Senior Business Leader with international management experience with a broad range of technology companies. He has a track record of working for companies ranging from small businesses to Fortune 500 organisations to find and win new customers through the definition and execution of strategic go-to-market plans. Besides he has successfully worked with senior leadership teams to build data-oriented business models to help them define operational requirements.

Read more

Mats Juhlén
Business Development Manager, Security Atea Sverige AB

How can ISO27001 support your GDPR and compliance with other regulatory requirements?

Mats has a network & network security background with also 10 plus years experience working with Security. At present he is focusing on Information Security and GDPR, helping customers implement a structured and risk-based way of working with regulatory requirements and also support companies in the role of a data protection officer.

Read more

Robert Willborg
SME Cyber Security and Privacy, Junglemap AB

Information Security in a modern digital eco-system, and what you need to relate to.

The session explores information security in modern digital ecosystems, with focus on new needs; behaviour, culture and relevant technology. Learn how to step up an IT Security and Information Strategy that captures a more holistic relationship with today's and future needs.

Takeaways:

  • The aim is that the listener should have a basic understanding of behaviours and cultures as risks and threats in digital ecosystems
  • Another aim is that the listener should have a basic understanding of why a more holistic view is required in digital ecosystems
  • The final goal is to have the listener have a very basic knowledge of where to start in the new strategy regarding security work in their systems


Robert Willborg

Robert is a lecturer with a broad and extensive background from the armed forces, security work and behaviour-based security. Since 2010, Robert Willborg has been working strategically and in an advisory role in information security focusing on secure digital ecosystems. Robert has also published several articles on security related issues and is a certified DPO. Robert holds a place in IDG´s expert network.

Read more

Christian Källqvist
CIO, Schneider Electric AB

GDPR after the Implementation date Still a lot of work to do...

Hired a management consultant firm to help them with the implementation. Intensified the work with which processes to keep soft and which to add application/database support. The number of hours and the resources needed was ramped up significantly for the implementation of the application/database support. Nobody knew how to implement this, least of all Datainspektionen(DI)

Takeaways:

  • Best knowledge within Management consulting firms
  • How to guide DI to better understanding/getting answers?
  • How to avoid doing same work/mistakes at every company?

Christian Källqvist

Han har jobbat med IT-säkerhetsfrågor som en del i hans nuvarande och historiska roller, tidigare på SE-banken och nu på Schneider Electric. De nya möjligheterna med ständigt uppkopplade produkter driver nya penetrationsmöjligheter och därmed säkerhetsutmaningar. Schneider Electric fokuserar t.ex. stort på EcoStruxure. Det är Schneider Electrics IoT-aktiverade, öppna, kompatibla arkitektur och plattform med plug-and-play-funktion för hem, fastigheter, datacenter, infrastruktur och industrier. Säkerheten i dessa lösningar är mycket viktig.

Read more

Anna Forsebäck
DPO, Schibsted Media Group

“The DPO-role under the GDPR - Who, Why and How?”

Takeaways on some key aspects of the DPO-role:

  • Who could or should take on this role in your organisation? (The battle between competences)
  • Why should you appoint a DPO? (Or should you?!)
  • How to perform the regulated tasks of the DPO in a manner that adds value to the organisation. (Can the DPO combine its independent role and it's montoriting duties with a proactive, supporting approach?)

Anna Forsebäck

Anna is a Stockholm-based lawyer specialized in tech and privacy who has recently taken on the challenge to set up a centralized, scalable DPO-office for all companies in the Media Division of Schibsted Media - a task that comprises some fifty companies in ten European countries. Annas experience includes both external counsel roles and, in-house legal counsel and DPO roles.

Read more

Aleksandra Kharlan
Data Privacy Specialist, EnterCard Group AB

Data protection measures required by GDPR- Entercard Case-Study

In 2016 EnterCard Group put a lot of efforts to develop own understanding of data protection measures required by GDPR; what is already in place and what should be added.  In 2017 and beginning of 2018 we worked on archiving our GDPR goals. 2018- is a year when we analyze outcome of our work and maintain our achievements. So is there anything to do after GDPR implementation? Is there room for improvement and do we need it?  

Takeaways: 

  • We are compliant! What’s next?  
  • Technical solutions vs policies and corporate culture. What would work best for your company?  
  • Data breach without breach. Is absence of data minimization and privacy by design can be an actual personal data breach?  

Aleksandra Kharlan

Aleksandra has been working with compliance and privacy issues since 2012 within law and compliance department for global FCG company, before that she worked with commercial and IP law questions. 

In 2017 Aleksandra joined Information Security department at Entercard Group AB to work with privacy related issues triggered by implementation of new regulation in EU that significantly affected companies working in financial sector.  EnterCard Group AB is a financing company that offers credit cards and consumer loans to the Scandinavian market. Aleksandra responsible for privacy related questions at department level.  Monitors data protection compliance within the organization and works on identifying actions necessary for remediation. Designs and develops privacy related processes, frameworks, standards and guidelines. She was a part of GDPR project team from Information Security department side. 

Read more

Johanna Mannung
Enterprise Security Architect, Swedish Police Authority

Preparing for the threats of tomorrow

Round Table Moderator

Johanna Mannung

Johanna Mannung is a security architect at the Swedish police authority, working with all aspects of it- and information security. During her 20 years in the IT sector she has held a number of  varying positions, from researcher into privacy in p2p networks to a developer for IAM solutions. Today she gets to use all her experience in securing one of the most important organizations in Sweden.

Read more

Ina Nordqvist
Senior IT-Security Consultant, Board Member CSA Sweden Chapter

Cloud Security (or not!) and Business Continuity Planning (BCP)

  • Key Takeaways:
    What is important to find out before the incident occurs, about your cloud supplier when it comes to BCP
  • Different situations that may occur and which you must have a plan for if they happen
  • Connect your own BCP-plan to the Cloud suppliers, what should you think about and manage


Ina Nordqvist

Ina is since 1998 a senior information security consultant focusing on Information Security Management system (ISMS) 27001, Risk Management, Education, Incident Management, Information Classification and Continuity management. Ina has worked with ISMS, polices and documentation for information security, routines and organization of information security the  customers. In 2010 Ina founded U&I Security Group AB and continued the work with ISMS, risk analysis,  security documentations and GDPR. Before U&I Security Group AB Ina worked at Technology Nexus and Ernst & Young as an IT-auditor. Outside work Ina is volunteer as a Crisis Supporter within Red Cross Sweden.

Read more

Jan Olsson
Chairman - Swedish Police Authority

Jan Olsson has 25 years’ experience in the Swedish Police Force, 10 of which he has dedicated to fighting fraud. Presently, he works as the National Fraud Coordinator and National Fraud Expert at the National Fraud Center (NBC). He is a frequent speaker giving approximately 70 lectures annually both nationally and internationally. He is also a receiver of the prestigious “Great Credit Prize” in 2015 for his dedication to preventing fraud.

Read more

Elin van Beesel
Senior Manager, GDPR Specialist

GDPR and Incident Process

Round Table Moderator

Elin van Beesel

Elin is a lawyer with nearly 20 years of experience in business law. Her speciality is GDPR and data privacy where she currently manages a wide range of GDPR compliance projects at group level. Elin is also appointed as Data Protection Officer for several FCG clients. Besides the client assignments Elin is also often engaged in educations and seminars within the data privacy sector.

Read more

Brian O´Toole
CISO, ERICSSON

“5G & Cybersecurity: Opportunities and Challenges”

Discussion on how the evolution to 5G is going to have an impact on Enterprise security when it comes dealing with ubiquitous connectivity, the increase of data globally and the way that IT professionals will have to think about deployment of large scale networks, as in the case with IOT.

Brian O´Toole

Brian has been at Ericsson since 2005, working across several different areas including software development, product management and information security. Has been the CISO since 2015, and he is primarily focussed on integration of Information Security Risk Management across Ericsson, which is one of those things that is easy to say, but difficult to do in an organisation of over 100,000 people.

Read more

Jan-Olof Andersson
CISO, ICA Sverige AB

Information Security Incident Response Strategies

Good ability to handle information security incidents is a must for managing the threat to ICA's business. The presentation looks at how incident management is linked to
the company's security process and what components are included to enable the company to be able to handle a security incidents

Takeaways:

  • How to handle personal data incidents in a company
  • Do you have the required skills?
  • How much resources requires this ability?

    Jan-Olof Andersson

    Jan-Olof Andersson, has 30 years’ experience in the security field and has earned great credibility in the industry. His knowledge stretches from physical protection to information security, focusing on what is best for the organization. Colleagues in the field place great confidence in him, and on several occasions he has been appointed as one of the most prominent persons in the field of information security. He has experience in a variety of businesses in roles as consultant, head of security, head of information security and he has mastered all the disciplines that exist in the security field

    Read more

    Dimitrios Stergiou
    CISO, Trustly

    The psychology of social engineering

    Social engineering is nothing new, but it has become the “king of attacks”, being (relatively) easy to deploy and requiring minimal commitment from the attackers’ side. 

    Key takeaways:

    • The 6 influence principles (by Dr. Cialdini) and how these principles are utilized to improve the success rate of social engineering attacks
    • The driving forces of what makes us “click on the link” and how we should defend against them
    • What one can do  to prevent these types of social engineering attacks


    Dimitrios Stergiou

    Dimitrios is currently employed as the Chief Information Security Officer for Trustly. He is an experienced senior Information Security and Risk professional with over 20 years’ experience in Risk Management, IT audits and Information security. Before joining Trustly, Dimitrios held positions at Modern Times Group, NetEnt, Entraction, Innova S.A and Intracom S.A. Dimitrios holds a M.Sc. in Information Security and is a Certified Lead Implementer for ISO 27001:2013, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC) professional and Certified Information Systems Security Professional (CISSP). He is also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional / Europe (CIPP/E).

    Read more

    Schedule

    Registration Starts

    50min

    Chairman Opening Remarks - Jan Olsson, Swedish Police Authority


    10min

    National strategy for society's information and cyber security

    • How does the strategy respond to the new challenges in an increasingly digitized society?
    • What measures have been taken and what will happen in 2019
    25min

    Information Security Incident Response Strategies - CISO, ICA Sverige AB

    Good ability to handle information security incidents is a must for managing the threat to ICA's business. 

    • How incident management is linked to the company's security process and what components are included to enable the company to be able to handle a security incident
    • How they handle personal data incidents at the company
    • Do you have the required skills?
    • How much resources are required for this task?
    20min

    Cloud Security (or not!) och Business Continuity Planning (BCP) - President, CSA Sweden Chapter

    15min

    Cloud Security (or not!) och Business Continuity Planning (BCP) - Senior IT Security Consultant, CSA Sweden Chapter

    Key takeaways:

    • What is important to find out before the incident occurs, about your cloud supplier when it comes to BCP
    • Different situations that may occur and which you must have a plan for if they happen
    • Connect your own BCP-plan to the Cloud suppliers, what should you think about and manage
    10min

    Data protection measures required by GDPR- Entercard Case-Study

    • In 2016 EnterCard Group put a lot of efforts to develop own understanding of data protection measures required by GDPR; what is already in place and what should be added.  In 2017 and beginning of 2018 we worked on archiving our GDPR goals. 2018- is a year when we analyse outcome of our work and maintain our achievements. So is there anything to do after GDPR implementation? Is there room for improvement and do we need it?  

      This presentation is dedicated to following questions:  
    • We are compliant! What’s next? 
    • Technical solutions vs policies and corporate culture. What would work best for your company? 
    • Data breach without breach. Is absence of data minimization and privacy by design an actual personal data breach?  

    20min

    Coffee Break and Visit to the Expo Area


    25min

    The psychology of social engineering

    Social engineering is nothing new, but it has become the “king of attacks”, being (relatively) easy to deploy and requiring minimal commitment from the attackers’ side. Key takeaways:

    • The 6 influence principles (by Dr.Cialdini) and how these principles are utilized to improve the success rate of social engineering attacks
    • The driving forces of what makes us “click on the link” and how we should defend against them
    • What one can do to prevent these types of social engineering attacks
    30min

    Practical implementations - How to use AI to improve the SOC (Vacant)

    25min

    Identity management and access governance at the heart of your cybersecurity, Omada A/S

    Key takeaways:

    How identity management and access governance helps manage security risk – protect sensitive information, ensure compliance, avoid accidental or illegitimate access, and data theft. Learn how efficient identity management maintains business agility – by providing timely and appropriate access for your employees.

    25min

    “The DPO-role under the GDPR - Who, Why and How?”

    Takeaways on some key aspects of the DPO-role:

    • Who could or should take on this role in your organisation? (The battle between competences)
    • Why should you appoint a DPO? (Or should you?!) How to perform the regulated tasks of the DPO in a manner that adds value to the organisation.
    • (Can the DPO combine its independent role and its montoriting duties with a proactive, supporting approach?)
    20min

    Networking Lunch and a visit to the Expo Area


    60min

    IT Security Insights Round Table Discussions

    • GDPR and Incident Process - GDPR Specialist -  FCG AB
    •  “Preparing for the threats of tomorrow” - Enterprise Security Architect - Swedish Police Authority
    • How can ISO27001 support your GDPR and compliance with other regulatory requirements?, Business Development Manager, Security - Atea Sverige AB
    • Digital Transformation
    • Security Operations Center (SOC)
    • Cloud Security


        90min

        IT Security Insights Round Table Discussions

        IT Security Insights Round Table Discussions

        Afternoon Networking Coffee Break

        20min

        “5G & Cybersecurity: Opportunities and Challenges”

        How the evolution to 5G is going to have an impact on Enterprise security when it comes dealing with ubiquitous connectivity, the increase of data globally and the way that IT professionals will have to think about deployment of large scale networks, as in the case with IOT.

        25min

        Information Security in a modern digital eco-system, and what you need to relate to -Junglemap AB

        The session explores information security in modern digital eco-systems, with focus on new needs; behaviour, culture and relevant technology. Learn how to step up an IT Security and Information Strategy that captures a more holistic relationship with today's and future needs.

        Takeaways:

        • The aim is that the listener should have a basic understanding of behaviours and cultures as risks and threats in digital ecosystems
        • Another aim is that the listener should have a basic understanding of why a more holistic view is required in digital ecosystems
        • The final goal is to have the listener have a very basic knowledge of where to start in the new strategy regarding security work in their systems
        25min

        GDPR after the Implementation date Still a lot of work to do...

        Initiatives, challenges and projects conducted before and after the 25th of May. Shared experiences after the 25th of May:

        • Hired a management consultant firm to help them with the implementation, Intensified the work with which processes to keep soft and which to add application/database support. The number of hours and the resources needed was ramped up significantly for the implementation of the application/database support
        • Nobody knew how to implement this, least of all Datainspektionen
        • Best knowledge within Management consulting firms
        • How to guide DI to better understanding/getting answers?
        • How to avoid doing same work/mistakes at every company
        20min

        Partner Customer Case Study (Vacant)

        20min

        Partner Keynote (Vacant)

        25min

        Chairman Closing Remarks

        10min

        Networking Cocktail

        60min

        ABOUT THE EVENT

        Welcome to the second edition of the IT Security Insights Conference. As was the case with the previous event, we are going to focus mainly on promoting the best customer case-studies and innovative trends within the IT Security industry. Therefore, we are pleased to inform you that the second edition is going to be more insightful with more customer case studies and more speakers. 

        Our mission is to grow the event to be an exceptional user-based networking platform for IT Security professionals on the Swedish market. The main objective of the event is to enable IT Security practitioners to reflect on the challenges, achievements and obstacles overcome during the year while at the same time looking ahead on what the future holds for the IT Security Industry in 2019.

        The focus of the fall event will be: IoT Security, Cloud Security, Security Operations Center (SOC), Information Security Awareness and Training, Cyber Insurance, Artificial Intelligence, Post-GDPR Insights, Cyber Security and Big Data Analytics capabilities.

        Who Should Attend

        We target IT professionals working with or facing IT Security challenges and are interested to learn how to safeguard their organisations from today’s advanced threats. It is a must-attend for persons in the following positions or similar ones: CISOs, CSOs, CIOs ,CTOs, CEOs, IT Directors, Heads of IT Strategy, IT Infrastructure Directors, Cyber Security Specialists, IT Security Architects, DPOs, Data Security Directors, IT Security Managers, Risk and Security Managers, Compliance Directors, Heads of Networks, IT Security Analysts, Head of IT Operations, IT Architects, IT Security Architects, IT Technicians, Service Delivery Managers, IT-solution Managers (ISM), System Administrators, IAM Directors and IT System Managers.

        Why Attend

        • Listen to practical examples of IoT and challenges with IoT Security
        • Get insights on security operations center (SOC)
        • To explore the opportunities and challenges presented by cloud services
        • Learn the importance of having the right cyber insurance policy in this era
        • To share experiences with peers on recent GDPR implementations
        • To engage in Information Security awareness and training sessions
        • To network with existing vendors and potential business partners
        • Check out the latest IT Security products in the Expo Area