Wednesday 25th January 2017 9:30– 17:00, Lord Ashcroft Building (LAB002), Anglia Ruskin University, Cambridge.

The UK Cyber Security Forum Cambridge Cluster, Cambridgeshire Police, OWASP Cambridge Chapter, Anglia Ruskin University Department of Computing & Technology & Policing Institute in the Eastern Region are looking to put on a series of interactive 1 Day Workshops on raising awareness for local businesses & organisations on the issues of cyber security and cyber crime, what regulations and legislation do organisations need to be aware to protect themselves and what is considered best practice in these challenging times

The initial event is on Wednesday 25th January and aimed at raising awareness and the importance of the General Data Protection Regulation (GDPR) & the European Directive on security of network and information systems (NIS Directive).

Even with ongoing uncertainty around our place in or out of Europe following the BREXIT decision and with the recent launch of the UK Government Cyber Security Strategy, understanding the importance of GDPR is especially critical and will be a major component for UK businesses, academia, public bodies and other not for profit sectors. The strategy document makes it clear of the importance of the GDPR….

“The Government will invest to maximise the potential of a truly innovative UK cyber sector. We will do this by supporting start-ups and investing in innovation. We will also seek to identify and bring on talent earlier in the education system and develop clearer routes into a profession that needs better definition. The Government will also make use of all available levers, including the forthcoming General Data Protection Regulation (GDPR), to drive up standards of cyber security across the economy, including, if required, through regulation.”

Background

The Cambridge Cyber Security Cluster is an affiliate UK Cyber Security Forum, a government and industry led partnership which will look at how the region can develop the skills and infrastructure to combat cyber security threats.

Cambridgeshire Constabulary is the territorial police force responsible for law enforcement within the county, with 1300 officers, 800 police staff, 280 Specials and 100 police volunteers to cover
an area of more than 1309 square miles and a resident population of around 0.82 million, delivering a service with integrity, respect, openness, dedication and trust as well as making Cambridgeshire a safer place to live in, work and visit.

OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software. Their mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.

The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement.

Policing Institute for the Eastern Region (PIER) is Anglia Ruskin’s newest research institute. with a university wide remit to work with police practitioners to support policing improvement in the Eastern Region (and beyond) through the co-production and delivery of research, continuing professional development and knowledge exchange activities

Speaker Biographies

Tony Drewitt, Head of Consultancy – IT Governance

Tony leads IT Governance’s consultancy team. He works with clients to help them implement and comply with international standards such as ISO 27001 and ISO 22301 as well as other compliance frameworks such as the NHS Information Governance Toolkit and the UK Gambling Commission’s technical security standard.

He has helped one of the first companies in the UK to achieve full certification under BS25999-2 (now ISO22301) and is currently delivering a number of ISO27001 ISMS projects for companies in the UK and overseas. He is also a leading business continuity author of ITGP titles A Manager’s Guide to ISO22301; ISO 22301: A Pocket Guide, and Everything You want to Know about Business Continuity.

Tony is a full member of BCI and is a certified Lead Implementer and Lead Auditor for ISO 27001 and ISO 22301. He also holds CRISC, CISMP and ITIL Foundation certificates.

Paul Rowley FBCS, Head of Information Services, Havebury Housing Partnership

An experienced IT professional with wide management and technical expertise over 20 years with a particular penchant for Information Governance and Data Protection. This has been gained in banking, trading floor, commercial property and social housing sectors in a mix of regulatory environments. A Fellow of the BCS, Paul is an advocate of professionalism and standards in the technology industry.

Mark Pearce, Principal Consultant, 7Safe/PA Consulting

When Head of Information Security and Risk at two organisations, Mark had responsibility for data privacy and established the corporate data privacy framework. He has dealt with authorities and regulators across the globe on data protection and compliance. He has twice led the privacy proposition for consulting practices and has been an active member of the International Association of Privacy Professionals for over 5 years which included tracking the development of EU GDPR. Mark is a Certified Information Privacy Manager (CIPM) and has recently completed an assignment as the interim CISO at the FCA.

Martin Cassey - Director & Chief Information Security Officer – Nascenta Ltd, Cambridge

Martin has over thirty years' experience of Engineering, General Management and Consultancy across a range of private and public sector organisations including Aerospace, Automotive, Consumer Products and the Security sector. He has worked with and for local and central government departments including the Foreign and Commonwealth Office. During his time with the FCO he had responsibility for the development and production of a range of secure government communication systems. Before leaving government service, Martin was the Senior Manager responsible for Information Assurance and the Departmental Security Officer for an Executive Agency.

Martin now focuses on applying his understanding of human behaviours together with technical measures to provide organisations with cost effective Information Assurance strategies and solutions. He holds a first class degree in Electrical and Electronic Engineering from Birmingham University, is a Chartered Engineer and a Member of the Institution of Engineering and Technology.


Presentation Abstracts

“Navigating Brexit and GDPR” – Paul Rowley FBCS, Havebury Housing Association

We need a fundamental re-think about personal data. For too long, data protection has been seen as just a nuisance, a layer of bureaucracy. Actually, if you understand its value and the benefits of looking after personal data properly, it can help you improve your customer service, it can empower you to use personal data in innovative ways and it can give confidence to your customers to share it. The new EU data protection regulations, GDPR, will be here and a re-think about personal data will help you to embrace it, not fear it.

"I bet we all have finance departments who look after money. Why? Because it has a value. If we give personal data a value, you find that your employees think more about it. When we store personal data about individuals, we become custodians and if you know that that piece of personal data has a value, they will care more for it."

“NIS, GDPR and Cyber Security: The convergence of cyber and compliance risk” - Tony Drewitt, Head of Consultancy, IT Governance

Tony’s presentation will examine

• Today’s cyber threat environment

• Key requirements for General Data Protection Regulation (GDPR) compliance, data breaches and notifications

• The technical and organisational measures that organisations need to adopt to comply with The Network and Infrastructure Directive

• Cyber resilience, the role of international standards and the Cyber Essentials scheme

“GDPR – How is industry addressing the legislation” - Mark Pearce, 7Safe/PA Consulting

The presentation will set the scene for EU GDPR, followed by drawing out the major elements of the regulation. It will detail the impact on organisations and some of the approaches we are seeing that organisations are taking to address the legislation. It will go a layer lower in exploring the areas of potential negotiation pre and post adoption and then look at the information requirements with additional data and processes that will be required. It will then cover the data discovery challenge and some of the associated tooling, before finishing with some ideas on how to get more corporate support and leverage assistance and make it more productive than just a compliance checkbox exercise

Provisional Agenda

09:15 – 09:45 Registration & Refreshments (LAB026)
09:45 – 10:00 Welcome from UK Cyber Security Forum Cambridge Cluster Leader Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University & Rebecca Tinsley, Cyber Security Advisor, Cambridgeshire Constabulary
10:00 – 10:30 “National & Local Policing & GDPR”, Nick Alston, PIER Chair
10:30 – 11:15 “GDPR – How is industry addressing the legislation” - Mark Pearce, 7Safe/PA Consulting
11:15 – 11:45 “GDPR readiness for small businesses and professional practices” – Martin Cassey - Director & Chief Information Security Officer – Nascenta
11:45 – 12:30 “Navigating Brexit and GDPR” – Paul Rowley FBCS, Havebury Housing Association
12:30 – 12:45 “Why Worry about Protecting Data” – “Coffee Shop Hotspot Demo”
12:45 – 13:30 Lunch & Networking (LAB006)
13:30 – 14:15 “Legal Implications of GDPR” – Laurence Kaleman, Legal Associate, Olswang
14:15 – 15:00 “NIS, GDPR and Cyber Security: The convergence of cyber and compliance risk” - Tony Drewitt, Head of Consultancy, IT Governance
15:00 – 15:30 Refreshments (LAB006)
15:30 – 16:00 “Impact of GDPR on Identity Assurance for government and business services” - Peter Wenham TBC
16:00 – 16:45 Breakout Rooms (LAB005, LAB111, LAB112 & LAB113) – Sector Based Lessons Learnt Roundtables
16:45 - 17: 00 Session Wrap Up & Close

Registration

To register for this free event, please register through eventbrite
The event will be held in the Lord Ashcroft Building, Room LAB002 (Breakout Room LAB006 for networking & refreshments).
Please enter through the Helmore Building and ask at reception.

Anglia Ruskin University

Cambridge Campus


East Road


Cambridge

CB1 1PT

Please note that there is no parking on campus.
Get further information on travelling to the university.
http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/cambridge_campus/find_cambridge.html