Three key themes run through each day of the security conference, so you can tailor the event to your needs. By the end of day three you will have a broader understanding of the steps you need to take to help keep your organisation safe.
Decision making and governance management: how to construct the security business case
Myth: Cyber is complex, I won't understand it.
Reality: You don't need to be a technical expert to make an informed cyber security decision.
We all make security decisions every day – for example, even though we may not necessarily know how the security alarm works, we still put it on each day. Boards regularly make financial or risk decisions without needing to know the details of every account or invoice. The Board should rely on its cyber security experts to provide insight such as case studies to make informed decisions about cyber security.
This stream will explore how you can successfully put forward the business cases for investment. Hands on sessions will share practical steps that need to be in place to move forward and will walk you through how to remove internal barriers.
“Ensuring that our cyber posture was not a barrier to winning research investment and how compliance with key standards such as cyber essentials unlocks grant funding"
Mick Jenkins, Burnel University
The human element of defence
Myth: Cyber-attacks are sophisticated, I can't do anything to stop them.
Reality: Taking a methodical approach to cyber security and enacting relatively small changes can greatly reduce the risk to your organisation. The vast majority of attacks are still based upon well-known techniques (such as phishing emails) which can be defended against. Then some threats can be very sophisticated, using advanced methods to break into extremely well defended networks, but we normally only see that level of commitment and expertise in attacks by nation states.
In this stream we focus on securing your security posture and how the human element is key.
Threat detection and how to mitigate risk
Myth: Cyber-attacks are targeted, I'm not at risk.
Reality: Many cyber-attacks are opportunistic, and any organisation could be impacted by these untargeted attacks.
The majority of cyber-attacks are untargeted and opportunistic in nature, with the attacker hoping to take advantage of a weakness or vulnerability in a system, without any regard for who that system belongs to. These can be just as damaging as targeted attacks; the impact of WannaCry and ransomware on global organisations - from shipping to the NHS being a good example.
If you’re connected to the internet then you are exposed to this risk. This trend of untargeted attacks is unlikely to change because every organisation, including yours, will have value to an attacker, even if that is simply the money you might pay in a ransomware attack.
This stream will examine the latest threats, draw on personal experiences and hear how institutions have recovered and mitigated risk (including home learning challenges).
We'll hear from:
- David Corke, director of policy, Association of Colleges
- Lindy Cameron, CEO, National Cyber Security Centre
- Daniel Wake, policy manager, Universities UK
To scan or not to scan
Speaker: Claire Carpenter, IT security specialist, Canterbury Christ Church University
Claire will talk about Canterbury Christ Church University's journey into vulnerability management – their considerations and concerns, through to planning the delivery and success from surprising angles.
Creating a safe space to share incident insights and threat intelligence
Speaker: Richard Bartlett, enterprise security architect, University of Plymouth
Every university which suffers a serious cyber security incident has learned hard lessons. As a result they are more secure, resilient and prepared for the next incident. When this information is shared it provides valuable operational and tactical insight, and makes everyone’s jobs easier, so why is it so rare that information is shared at all? Sharing threat intelligence is like vaccination, the more people who take part, the better the protection for the community as a whole.
This talk discusses the barriers to sharing, the benefits, the costs and risks, and the platforms and communities which could be part of a solution.
Predicting the future, protecting the now: the evolving threat landscape 2022
Speaker: Garry Scobie, deputy CISO, University of Edinburgh
This presentation discusses the threat landscape for 2022, providing an overview of attack trends and what we may expect to see over the next year. The importance of being aware threats can originate from a wide range of external and internal sources is highlighted, noting that threats are not always initiated by an anonymous hacker.
What can the National Cyber Security Centre do for you?
Speaker: Hannah H, education engagement lead, National Cyber Security Centre (NCSC)
The NCSC exists to make the UK the safest place to live and work online, and that certainly includes all those working and studying in further and higher education. In this session we’ll update you on a range of our (free) products and services, bring you up to date on what we’re working on next, and will happily take feedback and answer questions on how we can better help your institution become more cyber resilient.
Cyber incident rebuild: where to start
- Andy Ross, head of ICT, Dundee and Angus College
- Brian Sinclair, ICT team leader - infrastructure, Dundee and Angus College
Dundee and Angus College was hit with a significant ransomware attack in early 2020 that crippled 90% of all digital services. All required services were recovered and rebuilt in the following two weeks. They'll talk through their technical response to the attack, how they identified what needed done in what order and how they ensured that the services built back were much more resilient than what was in place previously.
Interactive training workshops will take place at the end of each day, designed to give you a taster of various subject areas and provide you with a practical learning experience.
Discounted training courses
Delegates will receive a 10% discount code for:
- Penetration testing - learn to think like a hacker, 2 and 3 November 2021
- Cyber essentials – prepare for certification, 12 November 2021
- Hands-on incident response, 16 and 17 November 2021
- Cyber Essentials Plus - preparing for verification, 18 November 2021
- Developing effective security campaigns – 23 November 2021
- Information security policies – 24 November and 1 December 2021
Book your place
Booking is now open - tickets are free for Jisc members and customers.