Secure South West 7: 5th October 2016

The seventh Secure South West (SSW7) event was hosted by Plymouth University on the 5th October 2016, and offers six presentations delivered by experts drawn from industry and academia, and, a panel session. The event was sponsored by Securious Limited.


Reducing the Underlying Risk – Trustworthy Software
Ian Bryant (Chief Operating & Technical Officer, Trustworthy Software Foundation)

Download slides

A recurrent theme of exploits and attacks on ICT systems is a root cause resulting from software weaknesses, with certain risks (e.g. Buffer Overflows) recurring on a depressingly frequent basis. This talk covers the Trustworthy Software approach, which is intended to be a proactive management system to mitigate many frequently occurring risks.

Biography

Ian Bryant is a Professional Engineer working for HM Government, currently assigned to multiple roles including being a Cyber Security Policy Advisor for MOD, being a University of Warwick Fellow, and running the UK's Trustworthy Software Foundation (TSFdn). He also contributes to various Standards Development Organisations (SDO), including Chairing a BSI Expert Panel.

Ian Bryant


Data protection: security in a changing landscape
Victoria Cetinkaya (Senior Policy Officer, Information Commissioner’s Office)

Download slides

Data protection remains high on the agenda, as the ICO continues to take action against organisations who fail to fulfil their obligations under the law. Recent and future changes to data protection law, in the form of the EU General Data Protection Regulation and the EU-US Privacy Shield, have also kept data protection on everyone’s to-do list. This session will provide a timely reminder of data controller obligations under the current law, together with a look at the changes (and uncertainties) afoot for the future data protection framework in the UK.

Biography

Victoria has worked at the ICO for seven years and is a Senior Policy Officer in the Strategic Liaison department's Public Services team. Her main responsibilities involve engaging with key stakeholders to promote and uphold information rights in the health, education and local government sectors, advising on both data protection and freedom of information.

Prior to the ICO Victoria worked in both the private and public sectors, mainly in financial services training and compliance, and education.

Victoria holds and currently tutors ICO staff in the BCS Certificate in Data Protection.

Victoria Cetinkaya


An Architectural Approach to Enterprise Security
Craig Douglas (Enterprise Architect) and Paul Ferrier (Enterprise Security Architect, Plymouth University)

Download slides

Craig and Paul introduce the Enterprise Architecture approach to consolidate, evolve and orchestrate Information Security developments at Plymouth University. This presentation addresses the complexity, scale and depth of information security challenges within an environment; it defines a methodical approach that can be transferred to other organisations to remediate the problems identified.

Biography

Paul Ferrier is the Enterprise Security Architect at Plymouth University, responsible for information security policy development, management of security incidents and investigations; providing advice and guidance to University projects, researchers and staff across the organisation.

Paul is currently qualified as a Payment Card Industry approved Internal Security Assessor for the University.

Paul completed both an HND and degree at Plymouth University graduating in 2002 and has been working with the University since 2003, predominantly focussed on the development of enterprise wide Identity and Access Management between 2005 and 2012 before moving into the Strategy and Architecture Team.

Craig is the Enterprise Architect at Plymouth University, building the practice, governance, processes and strategic roadmaps from the ground up since 2013. The EA practice provides the organisation with in-depth knowledge surrounding business, information and technology architectures with security cross-cutting all of these domains.

Craig has been working with the University since 1990 and graduated with honours from the University in 1999. Prior to his current role, Craig developed and managed the Active Directory Group Policy configuration for the PC fleet and managed the Open Directory integration for the Mac fleet. Craig joined the Strategy and Architecture team in 2012.

Craig Douglas
Paul Ferrier


Stand and deliver! Your money or your files!
David Emm (Principal Security Researcher, Kaspersky)

Download slides

In a threat landscape dominated by malware that is designed to be as unobtrusive as possible, ransomware stands out as a blunt instrument in the hands of cybercriminals. Yet it's one that is proving very successful - affecting not just individual consumers, but organisations of all kinds. The number of ransomware programs has increased dramatically in recent years and attacks are becoming more sophisticated. This presentation will explain what ransomware is, how it works, what techniques cybercriminals use to maximise their chances of success and increase their revenues, and what organisations need to do to secure their data.

Biography

David Emm is Principal Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. He has been with Kaspersky Lab since 2004 and is a member of the company's Global Research and Analysis Team. He has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon's Software, and Systems Engineer and Product Manager at McAfee. In his current role, David regularly delivers presentations on malware and other IT security threats at exhibitions and events, highlighting what organisations and consumers can do to stay safe online. He also provides comment to broadcast and print media on the ever-changing cyber-security and threat landscape. David has a strong interest in malware, ID theft and the human aspects of security. David is a knowledgeable advisor on all aspects of online security.

David Emm


Cyber security in the public sector
John Finch (Information Governance Manager, Plymouth City Council)

Download slides

The anatomy of a cyber-attack which caused a breach of public sector data. From an initial impact assessment which escalated dramatically once the full scope was known, to the remediation that was applied, and the future implications. This details a type of data breach which has been happening for years, but is now becoming more widely publicised. What you can do about it, how to spot it and what can be done nationally.

Biography

John Finch is the Information governance manager for Plymouth City Council, responsible for Data protection, security policy development and management, managing the Information Asset Register managing security incidents, providing security advice for the Council and partners, providing security awareness education for senior management.

Previously John spent 7 years in a technical security role, as IT Security manager for Plymouth City Council, managing the compliance of the Council network and technical breaches.

John has been chair of several regional security forums, including the SW WARP and Devon Information Security partnership, and has been a conference speaker at National Information Security conference in 2008 and 2010. He was involved with the delivery of the IA guidelines for the Public Services Network delivered by the cabinet office.

John is a current CISSP, and undertook an IT masters degree at Plymouth University in 2001, with a thesis in Approaches to establishing IT security culture.

John Finch


Offensive Ops: The attacker's view of your network
Ian Trump (Security Lead, LOGICnow)

Download slides

Thinking offensively will harden a business' cyber defenses. Join Ian Trump, Global Security Lead for SolarWindsMSP as he describes the common attacks which leave a business infrastructure in tatters. The reality of cyber defense is it's the simple - and in some cases free - things which can be done to catch and stop attackers. Complete with real life examples and statistics, thinking like an attacker will ensure your security is comprised of proactive, detective and reactive solutions to cyber threats.

Biography

Ian Trump, CD, CEH, CPM, BA is an ITIL certified IT consultant with 20 years of experience in IT security and information technology. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013. Ian previously managed IT projects at the Canadian Museum of Human Rights and is currently Global Security Lead at SolarWinds MSP working across the business to define, create and execute security solutions and promote a safe, secure Internet for Small & Medium Businesses world-wide.

Ian Trump


PANEL: Can't get the staff: Considering the need for Cyber Security Skills

Moderator

Steven FurnellSteven Furnell (Professor of Information Systems Security, Plymouth University)

Prof. Steven Furnell is the head of the Centre for Security, Communications & Network Research at Plymouth University in the United Kingdom, an Adjunct Professor with Edith Cowan University in Western Australia, and an Honorary Professor with Nelson Mandela Metropolitan University in South Africa. His interests include security management and culture, computer crime, user authentication, and security usability. Prof. Furnell is active within three working groups of the International Federation for Information Processing (IFIP) - namely Information Security Management, Information Security Education, and Human Aspects of Information Security & Assurance. He is the author of over 250 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005). He is also the editor-in-chief of Information Management & Computer Security, and the co-chair of the Human Aspects of Information Security & Assurance (HAISA) symposium. Further details can be found at the CSCAN website, with a variety of security podcasts also available. Steve can also be followed on Twitter (@smfurnell).

Panelists

Peter FischerPeter Fischer (Institute of Information Security Professionals)

Pete has over 30 years' experience in Information Security. He is a Fellow of the Institute and chairs its Training Accreditation Committee

In recent years he has led the review of the IISP Skills Framework which resulted in the publication of Issue 2.0. He is working on the development of a Cyber Security Body of Knowledge and chairs the Stakeholder Group which is supporting CESG in this work.

Pete's previous roles include: Lecturer in IA at the National School of Government; Head of the Information Assurance and Certification Schemes at CESG; Head of the UK Common Criteria Certification Body; and Head of Information Security and Accreditation at GCHQ.

Maria PapadakiMaria Papadaki (Lecturer in Network Security, Plymouth University)

Dr Maria Papadaki is a lecturer in Network Security, at Plymouth University, UK. Prior to joining academia, she was working as a Security Analyst for Symantec EMEA Managed Security Services (MSS), UK. Her postgraduate academic studies include a PhD in Intrusion Classification and Automated Response (2004), and an MSc in Integrated Services and Intelligent Networks Engineering (2000), University of Plymouth, UK. Her research interests include intrusion prevention detection and response, network security monitoring, incident prioritisation, security usability, and security education. Dr Papadaki is a GIAC Certified Intrusion Analyst (GCIA), GIAC Penetration Tester (GPEN) and is a member of the GIAC Advisory Board, as well as the British Computer Society. Further details can be found at www.cscan.org/mpapadaki.

Peter WoodwardPeter Woodward (Chief Information Officer, Securious Limited)

Pete Woodward is the founder and Chief Information Officer at Securious Limited. He is a security expert and has a wealth of knowledge around cyber security, system architecture and networks.

Pete comes from a military background, and has worked on security projects in the public and private sectors for organisations including Devon and Cornwall Police, Met Office, Capita, BP, HP and some of the UKs largest retailers.

Pete’s experience is backed up with leading security and network accreditations, such as CISSP, CEH, RSA Security, and IPv6, along with TOGAF v9 certification.

He is also a PCI-DSS Qualified security assessor, and works on many compliance projects.

Pete cemented his passion for cyber security and founded the South West Cyber Security Cluster with the vision to establish a ‘Centre for Cyber Excellence’ in the South West.