Start of first round of discussions for around 50 minutes. There will be 11 roundtables and you can attend at two different tables/topics.
Roundtable 1: Martina Arioli, Attorney-at-law at TIMES Attorney
Regulatory Challenges and Legal Pitfalls: how can the Legal Function best support your needs?
Compliance with regulatory requirements and legal provisions is increasingly complex. Cybersecurity requires an interdisciplinary approach, and the legal function is there to support you in navigating data protection laws, industry-specific compliance standards, and breach notification requirements. The participants will get a chance to ask questions they never dared to ask their legal counterpart and discuss their expectations in the effort to continuous compliance and best practices in contract negotiations.
Roundtable 2: Camille Aubry, Cyber Threat Intelligence Specialist at Raiffeisen
Co-moderater: Maya Horowitz, VP Research & Threat Intelligence at Check Point
Building an effective Threat Intelligence Program
Setting up a threat intelligence program can bring incredible value to our organization and help improve security. Yet, it remains a challenge to implement it in a way that adds real value. How can we make our TI program effective? How to avoid it being a "nice-to-have" add-on?
Roundtable 3: Florence Garaud, Head of IT Security Architecture & Risk Management at Lonza
Shielding the Cloud : Safeguarding our digital landscape with Vulnerability Management
In an ever-evolving threat landscape, effective vulnerability management is paramount to secure cloud environments, from conducting vulnerability scans to implementing robust security monitoring processes which involve identifying and mitigating weaknesses that could be exploited by attackers.
In this session, we'll discuss the latest best practices for implementing effective vulnerability management strategies within a cloud environment.
Roundtable 4: Cathérine Gloor, Global Third Party Cyber Risk Lead at UBS AG
Co-moderator: Ilona Simpson, CIO EMEA at Netskope
How to efficiently conduct third party CIS risk assessments
CIS Third Party Risk Assessments are cumbersome for all parties involved. The third parties, who might not have the appropriate expertise and resources to respond to Third Party questionnaires, the business does not know how to facilitate such an assessment and is not cognizant of the risks involved and lastly, the risk assessors waiting for responses and evidence from the third parties.
How can these risk assessments be structured in a way that they are efficient? How can we ensure that cloud based services are properly assessed? Should this be outsourced? What are other options of managing Third Party Risk Assessments?
Roundtable 5: Dana Guran, Head of Strategic Program IAM at Novartis
Increasing identity governance automation for hybrid cloud environments
The hybrid nature of the modern IT landscape, encompassing SaaS, PaaS, IaaS, and a mix of public and private clouds, introduces significant challenges for consistent, granular and fit-for-purpose identity and access management. This is augmented by the increasing complexity of user types (humans - internals, externals, customers, machine/technical) and their very specific needs.
We invite you to join us at this round table discussion to exchange ideas and brainstorm together on managing security risk in this context, defining controls and appropriate technical solutions for automated centralized provisioning and, more importantly, timely deprovisioning of access. Do you think you have already solved this problem? Come share with the community and maybe you will discover some new aspects you did not yet consider.
Roundtable 6: Olga Horat, Expert ICT Security Assurance at AXA
Governance and Assessments of Affiliates and Start-ups
As an insurance company, we must comply with all regulatory requirements, as must our subsidiaries (affiliates). Governance and risk assessment help them with regulation, risk assessment, and risk management to meet specific requirements, including cyber threat prevention and mitigation. Quality assurance must be performed equally for all affiliates - for the very advanced affiliates and also for those start-ups with very few resources. How do we/you manage this balancing act?
I like to address following questions:
- Do you have different tools in place for subsidiaries (affiliates) and start-ups? What has been your experience with governance and assessment?
- What guidance do you use?
- What is your experience with ISO 27001/27002, NIST, CIS Benchmark in the context of start-ups?
- Do you have experience with DIN SPEC 27076 «IT security consulting for small and micro enterprises»?
Roundtable 7: Kristine Kraisa, Chief of Staff at TradeXBank AG
Data Ascend: Mastering Customer Identifying Data Handling in the Cloud
As the Swiss companies, and most importantly Swiss banking sector moves increasingly towards cloud-based solutions, the effective management and protection of customer identifying data in the cloud have become critical. This roundtable discussion will focus on the unique challenges, opportunities, and best practices associated with cloud data management in the Swiss landscape.
We will delve into the complexities of the data protection nuances, particularly in relation to the Federal Act on Data Protection (FADP), EU's General Data Protection Regulation (GDPR), and the Swiss Financial Market Supervisory Authority (FINMA) guidelines. Participants will dissect the current strategies employed by Swiss banks and other companies, the potential pitfalls and cyber risks associated with cloud migration, and the role of encryption, tokenization, and other advanced security measures.
By exploring the nuances of data handling in the cloud for the Swiss banking sector, this roundtable promises to provide invaluable insights and practical solutions for managing customer identifying data securely and effectively, thereby promoting trust and confidence in the digital banking ecosystem.
Roundtable 8: Caroline Prenn, Senior Director at EPAM Systems
How Organizations Can Leverage AI, mitigate risk and ensure benefits
Today AI brings tremendous benefits for automation which bring cost savings, efficiency gains etc. However without proper control and risk management, it can generate significant threats and bring more pain then benefits. What to consider to leverage full benefits?
Roundtable 9: Zuzana Rebrova, Lead of Third Party Cyber Risk Management at Swiss Re
Ingredients of streamlined and smooth running TPRM
The roundtable discussion will focus on the components required to create efficient third-party risk management service. Discussion will touch on the importance of cross-team collaboration, operating without silos, tooling, 20/80 approach and holistic view through multiple risk domains and how all these ingredients might be used to enhance the efficiency of the third-party risk managements process. Participants can expect productive, insightful conversation, best practices sharing and inspirations from peers.
Roundtable 10: Nathalie Weiler, Professor at OST - Ostschweizer Fachhochschule & Head of IT Security Architecture at Helsana (starting 1.9.2023)
Beyond Security Awareness
Security Awareness Training address the human factor in cyber risk. Unfortunately, effectiveness is limited and stagnates even in the best companies at 80-85% in phishing simulations.
So, lets discuss how we can get rid of the effectiveness myth of security awareness. What can we do? How can we combine train more - train different? What value brings gamification in security awareness training? How can we borrow on a general security training within the enterprise to foster security first thinking? Are Capture-the-Flag (CTF) of value for enterprise or just a nerd experience? What does academic research in this specific field bring to the table? What learnings can we draw from specialist trainings?
Let's talk about spanning the bridge between the different security training forms and formats available for a better result!
Roundtable 11: Maria Zidkova, Information Security Officer at City Zurich
How to achieve Continuous Security Compliance and benefit from Cloud Security Community
Cloud Security Organizations like Cloud Security Alliance provide us with tools and documentations to work with.
Are you aware of the benefits CSA CCM, CAIQ and CIS Benchmarks can offer you? Let's share experiences. Which tools did you experience and would recommend?