Tuesday 01 November 2016 to Wednesday 02 November 2016
etc.venues St Paul's
Join the discussion
This event is now full for delegates.
This two-day security conference is an opportunity for network and security professionals in UK higher and further education to network with peers, share best practice and address common challenges, whilst also learning more about emerging trends and how we can support members through our range of security products and services.
Programme subject to change.
Tuesday 1 November
Registration and exhibition
Welcome and introduction
Opening keynote: cyber criminals and cyber crime - who, what and how
Speaker: Charlie McMurdie, senior cyber crime adviser, PwC (PricewaterhouseCoopers).
Charlie will cover the latest trends in cyber crime together with real world operational examples of hacks, attacks and the dark markets that facilitate crime.
Information security at University of East London: the benefits of a framework approach
Speaker: Craig Clark, information security and compliance manager, University of East London.
Following the increases of information security breaches within the public sector, University of East London has sought to establish an information security framework to consolidate its information security and associated governance, risk and compliance activities to ensure consistent implementation of best practice.
This session will outline the benefits and pitfalls of such an approach.
Refreshment break and exhibition
Working with students to meet their information and security needs
Speaker: Dr Nick Moore, director IT services, University of Gloucestershire.
Balancing information security so that it protects your students and also your IT systems can be quite a challenge.
This session outlines the approach the University of Gloucestershire has taken by working hand-in-hand with their computing and technology students to achieve a safer environment for them to work in and the role of ISO 27001 in this.
General Data Protection Regulation: more reasons for information security
Europe’s General Data Protection Regulation comes into force in May 2018. The text explicitly supports several information security good practices.
This session will highlight these and why the regulation creates even more reasons for doing the right thing.
Chief regulatory adviser, Jisc technologies, Jisc
Lunch and exhibition
The role of the chief information security officer: experiences from University of Edinburgh
Speaker: Alistair Fenemore, chief information security officer, University of Edinburgh.
Following the recent appointment of a chief information security officer (CISO) for the University of Edinburgh, this session will describe the background to the university deciding to recruit for this role, the process involved and detail the main responsibilities of CISO. It will also highlight some of the early priorities and challenges, before explaining the keys to successfully integrating a CISO role into university management.
Refreshment break and exhibition
Data and information governance: getting this right to support an information security programme
Speaker: Ruth Robertson, deputy director of the governance team (strategic planning and governance) and data and information programme manager, Cardiff University.
Without clarity of authority, information security risks will continue to be unmanaged or managed inconsistently. This session will outline Cardiff University’s journey from an information security framework to a data and information management programme. It will explain the governance structures introduced and highlight some of the challenges along the way.
Closing keynote: national cyber security strategy and protecting the UK
Speaker: Dr Ian Levy, technical director, National Cyber Security Centre.
Day one summary and close
Wednesday 2 November
Welcome and introduction
How we plan to fix 479 vulnerabilities in 150 servers in just six weeks
Speaker: Sean Ashford, networks and systems manager, University of Winchester.
In this session, Sean tells the story of how he and his team at the University of Winchester are implementing a vulnerability scanning system, changing the security outlook and driving risk down.
Certifying and securing a trusted environment for health informatics research data
Speaker: Dr Jonathan Monk, director of IT, University of Dundee.
This presentation will cover the University of Dundee’s experiences in providing a rich ‘safe haven’ environment for researchers to access health informatics data, some of the challenges in expanding the service to support imaging data and the certification of the organisation to the ISO27001:2013 standard.
No such thing as a free phish lunch
Speaker: Simone Barbaresi, deputy director - infrastructure, University of Bangor.
User awareness and education combined with the University of Bangor’s move to Office365 for both staff and students, gave the university a false sense of security.
Confidence in our users and technology created a perfect environment to allow a targeted phishing attack against our students. The email offered free money.
This presentation details how University of Bangor IT services reacted to the attack.
How to stay online during a network attack
Speaker: Simon Palmer, head of IT development, Coleg Sir Gar.
Protecting the customer
Speaker: Amy Lemberger, team lead, BT CERT (computer emergency response team).
BT customer portals are used by our customers daily to manage their accounts. Their credentials are one of the lines of defence between the bad guys and customers details. So, how do we protect them from being breached?
Closing keynote: mitigation starts now. Cyber incidents – mitigation and response
Speaker: Daniel Lawrence, detective inspector and National Police Chiefs Council (NPCC) national cyber PROTECT coordinator, in partnership with the National Cyber Security Centre.
Security culture must be ingrained from the very top of your organisation to front facing colleagues. As part of your organisational risk strategy you’ll have a plan to deal with cyber attacks to protect your most valuable assets. Should it happen, you’ll be prepared.
What is important is to learn from and share your experiences. But how do you keep ahead of the changing security landscape?
This keynote presentation stresses the importance of working with law enforcement organisations to share intelligence, review incident handling and build your security capability.
Summary and close
Who should attend
This two-day conference is intended for our members working in universities and further education colleges.
The first day of the conference will be of particular interest to chief information security officers, IT directors and information security managers.
The second day of the conference will be of interest to network and security managers and technical staff, including incident response teams.