Timings – half day
13:30-14:00 Arrivals, tea and coffee
14:00-14:15 Introductions and objectives setting – co-chairs
14:15-14:30 Keynote / Case study Delivered by a CISO (+ CIO, CTO, CFO or GC multi-faceted cyber risk engagement)
14:30-15:20 Roundtables 1-4 working each on a chosen 1st perspective
15:20-15:35 Short coffee break and participants rotate to chosen new table. Facilitators remain fixed to their allocated
perspective.
15:25-16:25 Roundtables 1-4 working each on a chosen 2nd perspective
16:25-16:50 Conclusions – each table shares back key findings to the whole group
16:50-17:00 Close of Roundtable
17:00-17:30 Behind the Scenes Tour- The Shakespeare Globe
17:30-19:30 Networking reception
Topics
A multi-faceted ‘360’ look at how the CISO and cybersecurity directors engage with other key functions that are directly involved in key cloud decisions, for investment, governance, innovation and resilience.
Roundtable 1 JUSTIFICATION: Cloud investment (CFO/ Business engagement perspective)
• Proven ways to win investment budget for your security strategy for the cloud
• What are the financial risks and opportunities involved in cloud adoption
• What is the strategic mission of cloud migration
• Security costings
Roundtable 2 WHAT ARE THE RISK CONSIDERATIONS: Health risk check (GRC perspective)
• Risks of unsanctioned cloud applications to your security stance
• Legal, privacy and GDPR
• Challenges with the cloud
• Supply chain due diligence
• Security audit considerations
• Security costings
Roundtable 3 ACHIEVING THE CIO/CTO VISION WITH SECURITY BY DESIGN: Cloud innovation and transformation (CTO/CIO perspective)
• What key business technology risk decisions do we make
• How are we wrapping security around infrastructure
• Security costings
Roundtable 4 RESPONDERS PERSPECTIVE: Cloud incident response (CERT/ CNI perspective)
• What is the scope, source, magnitude and management response?
• What data and information should be collected
• Who is on the crisis team
• At what stage should customers be informed?
• What is the difference between responding to an insider attack as opposed to an attack via your cloud provider?
• What should be agreed in advance in the cloud provider contract – based on real experience examples / pitfalls?
• Security costings