[Owasp-cambridge] “Help! Get Me Out of the Cyber Jungle - GDPR & NIS Awareness Day” Wednesday 25th January 2017

Adrian Winckles adrian.winckles at owasp.org
Thu Jan 19 10:32:41 UTC 2017

Further to my annoucement this morning, here are the further details for
next weeks event in Cambridge.

“Help! Get Me Out of the Cyber Jungle - GDPR & NIS Awareness Day” Wednesday
25th January 2017

Wednesday 25th January 2017 9:30– 17:00, Lord Ashcroft Building (LAB002),
Anglia Ruskin University, Cambridge.

The UK Cyber Security Forum Cambridge Cluster, Cambridgeshire Police, OWASP
Cambridge Chapter, Anglia Ruskin University Department of Computing &
Technology & Policing Institute in the Eastern Region are looking to put on
a series of interactive 1 Day Workshops on raising awareness for local
businesses & organisations on the issues of cyber security and cyber crime,
what regulations and legislation do organisations need to be aware to
protect themselves and what is considered best practice in these
challenging times

The initial event is on Wednesday 25th January and aimed at raising
awareness and the importance of the General Data Protection Regulation
(GDPR) & the European Directive on security of network and information
systems (NIS Directive).

Even with ongoing uncertainty around our place in or out of Europe
following the BREXIT decision and with the recent launch of the UK
Government Cyber Security Strategy, understanding the importance of GDPR is
especially critical and will be a major component for UK businesses,
academia, public bodies and other not for profit sectors. The strategy
document makes it clear of the importance of the GDPR....

“The Government will invest to maximise the potential of a truly innovative
UK cyber sector. We will do this by supporting start-ups and investing in
innovation. We will also seek to identify and bring on talent earlier in
the education system and develop clearer routes into a profession that
needs better definition. The Government will also make use of all available
levers, including the forthcoming General Data Protection Regulation
(GDPR), to drive up standards of cyber security across the economy,
including, if required, through regulation.”


The Cambridge Cyber Security Cluster is an affiliate UK Cyber Security
Forum, a government and industry led partnership which will look at how the
region can develop the skills and infrastructure to combat cyber security

Cambridgeshire Constabulary is the territorial police force responsible for
law enforcement within the county, with 1300 officers, 800 police staff,
280 Specials and 100 police volunteers to cover an area of more than 1309
square miles and a resident population of around 0.82 million, delivering a
service with integrity, respect, openness, dedication and trust as well as
making Cambridgeshire a safer place to live in, work and visit.

OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit
worldwide charitable organization focused on improving the security of
application software. Their mission is to make application security
visible, so that people and organizations can make informed decisions about
true application security risks.

The Department of Computing & Technology at Anglia Ruskin University is
enhancing its curricula and capabilities in information security following
its successful BSc(Hons) Information Security and Forensic Computing
pathway. Establishing a joint professional networking group with OWASP
concentrating on aspects of computing and application security is a key
part of this enhancement.

Policing Institute for the Eastern Region (PIER) is Anglia Ruskin’s newest
research institute. with a university wide remit to work with police
practitioners to support policing improvement in the Eastern Region (and
beyond) through the co-production and delivery of research, continuing
professional development and knowledge exchange activities

Speaker Biographies

Nick Alston CBE. Chair for the Policing Institute for the Eastern Region

Nick is the newly appointed Chair for the Policing Institute for the
Eastern Region (PIER) at Anglia Ruskin University. After a 32 year career
in Defence and National Security, during which time he launched the
National Infrastructure Security Coordination Centre, which became the
Centre for the Protection of the National Infrastructure (CPNI) he moved to
Goldman Sachs where he became the global co-head of security for the firm.
In 2012 he was elected as the first Police and Crime

Commissioner for Essex, joining Anglia Ruskin university after he stood
down from that role in May 2016. Nick is a non-executive director of the
National Crime Agency.

Tony Drewitt, Head of Consultancy – IT Governance

Tony leads IT Governance’s consultancy team. He works with clients to help
them implement and comply with international standards such as ISO 27001
and ISO 22301 as well as other compliance frameworks such as the NHS
Information Governance Toolkit and the UK Gambling Commission’s technical
security standard.

He has helped one of the first companies in the UK to achieve full
certification under BS25999-2 (now ISO22301) and is currently delivering a
number of ISO27001 ISMS projects for companies in the UK and overseas. He
is also a leading business continuity author of ITGP titles A Manager’s Guide
to ISO22301; ISO 22301: A Pocket Guide, and Everything You want to Know
about Business Continuity.

Tony is a full member of BCI and is a certified Lead Implementer and Lead
Auditor for ISO 27001 and ISO 22301. He also holds CRISC, CISMP and ITIL
Foundation certificates.

Paul Rowley FBCS, Head of Information Services, Havebury Housing

An experienced IT professional with wide management and technical expertise
over 20 years with a particular penchant for Information Governance and
Data Protection. This has been gained in banking, trading floor, commercial
property and social housing sectors in a mix of regulatory environments. A
Fellow of the BCS, Paul is an advocate of professionalism and standards in
the technology industry.

Mark Pearce, Principal Consultant, 7Safe/PA Consulting

When Head of Information Security and Risk at two organisations, Mark had
responsibility for data privacy and established the corporate data privacy
framework. He has dealt with authorities and regulators across the globe on
data protection and compliance. He has twice led the privacy proposition
for consulting practices and has been an active member of the International
Association of Privacy Professionals for over 5 years which included
tracking the development of EU GDPR. Mark is a Certified Information
Privacy Manager (CIPM) and has recently completed an assignment as the
interim CISO at the FCA.

Martin Cassey - Director & Chief Information Security Officer – Nascenta
Ltd, Cambridge

Martin has over thirty years' experience of Engineering, General Management
and Consultancy across a range of private and public sector organisations
including Aerospace, Automotive, Consumer Products and the Security sector.
He has worked with and for local and central government departments
including the Foreign and Commonwealth Office. During his time with the FCO
he had responsibility for the development and production of a range of
secure government communication systems. Before leaving government service,
Martin was the Senior Manager responsible for Information Assurance and the
Departmental Security Officer for an Executive Agency.

Martin now focuses on applying his understanding of human behaviours
together with technical measures to provide organisations with cost
effective Information Assurance strategies and solutions. He holds a first
class degree in Electrical and Electronic Engineering from Birmingham
University, is a Chartered Engineer and a Member of the Institution of
Engineering and Technology.

Presentation Abstracts

“Cyber enabled crime: the challenge for national and local police” Nick
Alston CBE, PIER Chair

British policing continues, rather slowly, to evolve its response to cyber
enabled crime. Enthusiastic specialist units of different sizes and
capabilities are dispersed across different policing organisations,
inclusion the National Crime Agency, the Metropolitan Police and some other
larger forces, and in regional units supporting local police. With policing
facing many challenges of changing crime, a proper focus on personal crimes
against the vulnerable and continuing budget pressures, cyber-crime is
rarely a priority. There is also a significant skills and capacity gap.
Cyber-crime will attract more focus as fraud, much of which is cyber
enabled receives more attention this year with the publication of fraud
crime data. The impact of the GDPR on the police is uncertain: the
Information Commissioner is the competent UK authority and UK criminal law
may need reform if the UK seeks to come fully into line with the intentions
of the EU.

“Navigating Brexit and GDPR” – Paul Rowley FBCS, Havebury Housing

We need a fundamental re-think about personal data. For too long, data
protection has been seen as just a nuisance, a layer of bureaucracy.
Actually, if you understand its value and the benefits of looking after
personal data properly, it can help you improve your customer service, it
can empower you to use personal data in innovative ways and it can give
confidence to your customers

to share it. The new EU data protection regulations, GDPR, will be here and
a re-think about personal data will help you to embrace it, not fear it.

"I bet we all have finance departments who look after money. Why? Because
it has a value. If we give personal data a value, you find that your
employees think more about it. When we store personal data about
individuals, we become custodians and if you know that that piece of
personal data has a value, they will care more for it."

“NIS, GDPR and Cyber Security: The convergence of cyber and compliance risk”
- Tony Drewitt, Head of Consultancy, IT Governance

Tony’s presentation will examine


   Today’s cyber threat environment

   Key requirements for General Data Protection Regulation (GDPR)
   compliance, data

   breaches and notifications

   The technical and organisational measures that organisations need to
   adopt to comply with

   The Network and Infrastructure Directive

   Cyber resilience, the role of international standards and the Cyber
   Essentials scheme

   'GDPR readiness for start-ups, technology businesses and professional
   practices' - Martin Cassey – Nascenta Ltd, Cambridge

   The GDPR significantly extends the scope of existing data protection
   legislation in the UK and the EU. Examples of this include strict controls
   on the use of technology for profiling, mandating rapid disclosure of
   breaches and increasing penalties for non-compliance.

   Whether you consider the GDPR to be an example of unnecessary
   bureaucracy or welcome it as a further reduction of barriers to trade
   across the world’s largest single market, it is has been clearly and
   repeatedly stated by Ministers since the June referendum that the GDPR is
   going to be applied in the UK.

   The impact that the GDPR will have on your business will depend on what
   you do and how you prepare for its implementation.

   We will briefly review the key points of the directive, highlighting
   differences with the UK’s existing Data Protection Act. We will then
   consider the steps that start-ups, technology businesses and professional
   practices should be taking now to ensure compliance when the regulation
   takes effect on 25th May 2018.

“GDPR – How is industry addressing the legislation” - Mark Pearce, 7Safe/PA

The presentation will set the scene for EU GDPR, followed by drawing out
the major elements of the regulation. It will detail the impact on
organisations and some of the approaches we are seeing that organisations
are taking to address the legislation. It will go a layer lower in
exploring the areas of potential negotiation pre and post adoption and then
look at the information requirements with additional data and processes
that will be required. It will then cover the data discovery challenge and
some of the associated tooling, before finishing with some ideas on how to
get more corporate support and leverage assistance and make it more
productive than just a compliance checkbox exercise.

Provisional Agenda

09:15 – 09:45 Registration & Refreshments (LAB026)

09:45 – 10:00 Welcome from UK Cyber Security Forum Cambridge Cluster Leader
- Adrian Winckles, Course Leader in Information Security & Forensic
Computing, Anglia Ruskin University & Rebecca Tinsley, Cyber Security
Advisor, Cambridgeshire Constabulary

10:00 – 10:30 “Cyber enabled crime: the challenge for national and local
police.”, Nick Alston CBE, PIER Chair

10:30 – 11:15 “GDPR – How is industry addressing the legislation” - Mark
Pearce, 7Safe/PA Consulting

11:15 – 11:45 “GDPR readiness for small businesses and professional
practices” – Martin Cassey - Director & Chief Information Security Officer –

11:45 – 12:30 “Navigating Brexit and GDPR” – Paul Rowley FBCS, Havebury
Housing Association

12:30 – 12:45 “Why Worry about Protecting Data” – “Coffee Shop Hotspot

12:45 – 13:30 Lunch & Networking (LAB006)

13:30 – 14:15 “Legal Implications of GDPR” – Laurence Kaleman, Legal
Associate, Olswang

14:15 – 15:00 “NIS, GDPR and Cyber Security: The convergence of cyber and
compliance risk” - Tony Drewitt, Head of Consultancy, IT Governance

15:00 – 15:30 Refreshments (LAB006)

15:30 – 16:00 “Impact of GDPR on Identity Assurance for government and
business services” - Peter Wenham TBC

16:00 – 16:45 Breakout Rooms (LAB005, LAB111, LAB112 & LAB113) – Sector
Based Lessons Learnt Roundtables

16:45 - 17: 00 Session Wrap Up & Close


To register for this free event, please register online at


The event will be held in the Lord Ashcroft Building, Room LAB002 (Breakout
Room LAB006 for networking & refreshments).

Please enter through the Helmore Building and ask at reception.

Anglia Ruskin University Cambridge Campus East Road


Please note that there is no parking on campus. Get further information on
travelling to the university.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170119/3d46ec10/attachment-0001.html>

More information about the Owasp-cambridge mailing list