3rd-4th May 2017 | Øksnehallen, Copenhagen

Keynote theaterWednesday 3rd May

KEYNOTEKEYNOTE

9.30-

10.15

Playing with hackers - Honey(pot) I’m home! ENGLISHKeld Norman, Technocratic Curious Internet addicted Security Specialist, DUBEXHow to Catch a hacker (or become an even 1337’er one). Info of how a honeypot works, how to get all the hackers tools, how “automated hacking” works, what is Shodan streams or masscan and realtime IP flow of server to autopwn all the IOT’s. And some.. J*) Honeypot: A server that looks vulnerable to hackers that captures their files, commands, etc. *) 1337: Leet speak – means elite (in leet’speak).

Smart Hacking: Attacking and Defending Smart Meter Systems ENGLISHEmil Gurevitch, Security Expert, Networked Energy Services (NES) In 2014, a large Danish utility, SEAS-NVE, asked me to attack their smart meter system. All I was allowed to access was a smart meter and its network connection leading back to SEAS-NVE. I accepted the challenge. After completing the chal-lenge, I was hired to defend it. In this keynote, I present an attacker’s view on smart meter systems with real-world examples from the front-line. Both from the attacking side as well as the defending side. We end with a brief reflection on what’s in store for the future of smart grid security and what academia, industry, and politicians should be focusing on.

Åbning af danske grund- og borgerdata: Mulighederne er store – men hvad med privacy? DANISHJens Krieger Røyen, kontorchef, Digitaliseringsstyrelsen & Christian Damsgaard Jensen, lektor, DTU ComputeMed Digitaliseringsstyrelsens Grunddataprogram og åbning af borgerdata er mange offentlige databaser på vej til at blive let tilgængelige og frit anvendelige af alle – myndigheder, virksomheder og borgere. Data lægges bl.a. på den fælles dis-tributionsplatform, Datafordeleren, hvorfra de nemt og hurtigt kan hentes. Men hvordan holdes der styr på de følsomme personoplysninger - og er der styr på privacy? Præsentation v. Digitaliseringsstyrelsen og debat med DTU Compute.

IoT is not the future ENGLISHRik Ferguson, Special Advisor, Europol EC3 and International Cyber Security Prevention Alliance (ICSPA)With the combination of IoT devices, machines containing firmare and software based on outdated code, and employees connecting devices and data to the network, how a company manages its security is becoming a bigger part of doing busi-ness. As a result, a company’s security needs to stand out from the competition in order to differentiate it from the rest. This session will review the complexities of securing the IoT, as well as protection from threats that emanate from compro-mised IoT networks.

Eight Privacy Design Strategies, to make Privacy by Design concrete ENGLISHJaap-Henk Hoepman, Scientific Director, Radboud University NijmegenPrivacy laws are complex and vague. They offer little concrete guidelines for engineers. This is a problem when you want to design a privacy friendly system. Where and how do you start? Privacy design strategies answer this question. They trans-late vague legal norms into concrete design goals. These can be used to start the conversation on how to design your sys-tem in a privacy friendly way from the very start.

Udfordringer og faldgruber i persondataforordningen DANSIHBirgitte Kofod Olsen, Partner, PhD, Carve ConsultingVi låner kun kundens data. Han eller hun har selv ret til at udøve kontrol med sine persondata, uanset hvor de bliver op-bevaret og behandlet. Det er en af de største overraskelser og faldgruber for mange, at EU’s nye persondataforordning giv-er kontrollen over egne data til den enkelte person. Og det skaber en række udfordringer i en virksomheds daglige processer og arbejdsrutiner at databehandlingen skal baseres på principper om formålsbestemthed og dataminimering. Persondata er derfor i dag ikke kun et internt aktiv, men repræsenterer både en økonomisk værdi og en risiko.

Bitcoin and Beyond: The Hitchhiker’s Guide To Blockchain Applications ENGLISHBernardo David, Research Fellow and Assistant Professor, Tokyo Institute of TechnologyBitcoin has taken the world by storm and spurred the development of many unforeseen applications based on its main underlying technology, the Blockchain. In this talk, I start by giving an overview of the history of digital currencies and ex-plaining Bitcoin’s inner workings, while discussing why it became tremendously successful. Next, I present some of the many Blockchain based applications that make this technology so attractive, such as smart contracts, distributed identity management and anonymous financial transactions. Finally, I discuss the future of blockchains and current efforts towards improving this technology.

10.30-

11.15

11.30-

12.15

12.30-

13.15

13.30-

14.15

14.30-

15.15

15.30-

16.15

3rd-4th May 2017 | Øksnehallen, Copenhagen

Axcess theater Wednesday 3rd May

9.45-

10.15

10.30-

11.00

11.15-

11.45

12.00-

12.30

12.45-

13.15

13.30-

14.00

14.15-

14.45

15.00-

15.30

15.45-

16.15

Preparing for EU GDPR from a CISO perspective DANISHErik Sørup Andersen, Principal Consultant, F-Secure EU GDPR requires transparency down to the technical control level relevant for the data flow in question. In effect this means that security controls must be accounted on each it-service in scope. The presentation will give examples of how to obtain the right level of transparency, and how CISOs and IT security teams can use the improved transparency to strengthen cooperation with DPO, business and IT departments.

Game over? Part 2 (Nextgen) ENGLISHJesper Mikkelsen, Cyber Defense Specialist, Trend MicroMachine learning, AI, Signature less AV… have we, the blue team, finally found the silver bullet?Is it still Game over? Attende this session, and find out

Moving Beyond Legacy Endpoint Security Technology with Artificial Intelligence ENGLISHRobin Sundin, Sales Engineer, CylanceSupporting enterprises in complex and diverse environments requires technologically sophisticated security solutions to combat zero-day threats. Endpoint security providers sell legacy technology in layered formats, focusing on the reactive, as the only solution. Artificial intelligence can secure a system against unknown threats in addition to threats that may hide their malicious behavior while under scrutiny.

Securing your web services ENGLISHJames Easton, Channel Enablement SE EMEA, A10 Networks / Infinigate The presentation is based on various active prevention / mitigations of potential attacks to your web infrastructure. In recent analysis report it is estimated that one in three web infrastructure hits is by malicious traffic. So, how can we minimize these at-tacks from completing their intend action? Defend your web site and backend systems by employing ‘Allways-on’ counter meas-ures such as SQL prevention techniques, cookie tampering, ACL’s, header masking, flood prevention, session exhaustion, Geo data, and many more. However, should an attack be successful, what should you do? Do you need to mitigate everything!

Taler IT afdelingen og ledelsen samme sprog? DANISHKenneth Schwartz Thorkelin, Concept Manager, AxcessCVR og CVE er ikke det samme. Ofte taler it-afdelingen og ledelsen ikke taler samme sprog, som giver sig udslag ved manglende forståelse i ledelsen om hvilke områder, der skal prioriteres og dermed afsættes ressourcer til. Hvordan oversætter vi det væld af tekniske termer og den barriere, så der er en fælles forståelse for de stigende udfordringer, der er på sikkerhedsområdet. Axcess vil i denne session komme med eksempler på misforståelser i hverdagen, og hvordan disse eventuelt kan løses med den rette ledelsesrapportering.

Security and efficiency with Meraki Software Defined WAN ENGLISHMihail Papazoglou, Netteam & Cisco Meraki Nordics, Netteam & Cisco Meraki NordicsIn this session you will learn what Software Defined WAN is and how to improve WAN efficiency and security in a simple way with Cisco Meraki’s SD-WAN solution. The session includes customer stories, user cases and a quick design walkthrough with best practices recommendations. You will also see how the solution is managed in practice through a live demo of a running pro-duction environment. During the demo, you will experience the efficiency of managing a global network that uses both core SD-WAN functionality, as well as advanced security features like IPS, AMP and Content filtering.

Secure Privilege on the Endpoint ENGLISHDries Robberechts, Director of New Business, EMEA CyberarkMost information security professionals know that securing privilege at the endpoint is a fundamental part of any endpoint protec-tion strategy. Government information security organisations and industry analysts agree. However, 62% of organisations haven’t acted because it is perceived as too difficult a trade-off between security and usability - and it results in increased support costs. Attend this session to hear how CyberArk can help you adopt this best practice.

Recovering from ransomware in minutes with Zerto ENGLISHEgon Van Dongen, Solutions Engineer Benelux & Nordics, ZertoRansomware is now one of the biggest threats to organisations. Every ten days a local government/township, federal government or company reports an attempt to ‘hijack’ their data. Nobody wants to be in a position of being locked out of all of your data and facing the prospect of having to pay a ransom or accept the impact of data loss and downtime by restoring from backups. Join us to learn: - How to protect your organisation from ransomware - How to prevent ransomware infections in the first place - How Zerto can be used to re-wind and recover from a ransomware attack, as if the infection never happened.

How Hypervisor Can Find Attacks that Agents Can’t See ENGLISHAndrei Ionescu, Solutions Architect, BitdefenderWith targeted attacks increasingly operating at the deeper levels, endpoint agents are both ineffective and vulnerable. No wonder it takes enterprises an average of 5 months to detect a data breach. Hypervisor-based introspection could challenge the traditional approach to targeted attacks, by working directly with raw memory – providing an unprecedented level of insight into APTs. Learn how the hypervisor offers a unique perspective into the targeted attacks that your endpoint security solution fails to detect – and why it should inspire a new category of security solutions.

3rd-4th May 2017 | Øksnehallen, Copenhagen

Check Point theaterWednesday 3rd May

9.45-

10.15

10.30-

11.00

11.15-

11.45

12.00-

12.30

12.45-

13.15

13.30-

14.00

14.15-

14.45

15.00-

15.30

15.45-

16.15

Gør din private og offentlige clouds sikre med vSec DANISHKim Thostrup, SE Team Lead, Check Point Software Technologies, LtdEt moderne datacenter i dag, kombinerer håndbarheden fra et lokalt datacenter med fleksibiliteten fra public cloud. Dog er det ofte tilfældet, at IT-sikkerhden ikke følger tilstrækkeligt med i denne form for løsning. Med et software-defineret data center (SDDC) og cloudløsninger, er der et behov for, at beskytte trafikken mellem de visuelle maskiner og den trafik, der foregår mellem de private servere og den offentlige cloud. Deltag og se selv, hvordan det er muligt at få det fulde sikkerhedsoverblik i den hybride cloud.

GDPR i praksis DANISHKlaus Kongsted, Chief Relations Officer, Dubex og Jan Johannsen, SE Manager, Check Point Software Technologies, LtdGDPR - er blevet lidt et hype at beskæftige sig med - og det behandles typisk fra forskellige vinkler som eksempelvis kravene om en dataansvarlig, sanktionering og bødestørrelser samt rapporteringspligten. Men hvordan implementeres i praksis et modsvar på kravene fra forordningen? Hvordan etableres politikker, logning, lækagedetektering, datakryptering og compliance-rapportering? Disse spørgsmål vil blive belyst ud fra en praktisk indgangsvinkel - og muligheder for konsolidering i moderne IT-sikkerhedsløs-ninger.

Sikkerhed i balance – angreb og forsvar i en digital virkelighed DANISHJacob Herbst, CTO, DubexAt ramme det rigtige sikkerhedsniveau i den digitale virkelighed er svært. Det kræver konstant prioritering og fokus, og det kræver ikke mindst den rigtige tilgang og processer. Indlægget kigger på de aktuelle udfordringer og giver dig inspiration med hjem om, hvordan du rammer det rigtige sikkerhedsniveau og hvilke discipliner, der skal være på plads indenfor bl.a. risikostyring, fundamental sikkerhed, awareness, overvågning og incident response.

Øget IT-sikkerhed med en MDR-løsning DANISHThomas Wong, Principal Security Consultant, Ezenta197 dage - så længe går der i gennemsnit, inden en virksomhed opdager, at de har en hacker inde på netværket! Kom og hør, hvordan Managed Detection & Response løsninger kan reducere sandsynligheden for angreb og hjælpe med at opdage et succes-fuldt angreb på få minutter.

How to achieve the best protection for your data ENGLISHLeif Sundsbø, Managing Director, Hiddn Solution / InfinigateMobil workers on the move is more common and that can increase productivity and employee satisfaction. At the same time this expose the company information and increase the potential data loss. Different surveys show that 40 % of data loss is related to lost or stolen devices. In this presentation Hiddn Solutions will present different solutions on how you can be confident that infor-mation remains secure even if a device is lost or stolen. This will also be a solution for how to comply with GDPR.

Protecting mobile users - MTP ENGLISHJoakim Wiling / Head of Mobile Security Nordic, BeNeLux and Baltics, Check Point Software Technologies, LtdAttacks directed towards mobile devices have already hit some major enterprises. It’s further estimated that the next big waves of attacks, will massively be targeted mobile device, Apps and data residing at these devices. Most attack vectors can be detected and prevented, before it creates damages to users personal or business devices. When combining Mobile Threat Prevention (MTP) with mobile device management (MDM) tools and proper user awareness, the security around the mobile devices can be main-tained at a very high level.

Skalerbare sikkerhedsløsninger: Appliances, VSX/VSLS med NGTP DANISHMichael Dreves Beier, Major Account Manager, Denmark, Check Point Software TechnologiesDen moderne IT-verden er under konstant udvikling, hvor kravene til ny teknologi hele tiden stiger. Når indeholder samtidig skal undersøges for potentielle trusler, kan det være ekstra udfordrende at opretholde den ønskede ydelse og båndbredde. Med VSX (virtual system extension) og VSLS (virtual system load sharing) er det muligt at få en skalerbar løsning, der kombinerer IT-sikker-hed for både internet sikkerhedsgatewayen og segmentering på de interne netværk og datacentre.

Ransomware – den hurtigst voksende trussel i dag DANISHChristian Søgaard Nielsen, Security Engineer, Check Point Software Technologies, Ltd Ransomware er den mest irriterende og dyreste variant af malware i øjeblikket, og har gennem mange år været til stor gene for flere virksomheder. Check Point har en stor indsigt i de forskellige typer af malware og er eksperter i beskyttelse mod ransomware ved løbende at indsamle ny statistik om igangværende angreb, som forebygges ved at sendes information om angrebsmønstrene til vores globale kunder. De seneste malware-statistikker bliver løbende diskuteret, sammen med initiativer til at nedbringe ran-somware i virksomhedens LAN, private og public cloud og på arbejdspladsen. Dette er desuden også et område, som Check Point samarbejder med Europol omkring, hvilket også vil blive gennemgået i præsentationen.

Trusler fra ukendt malware – SandBlast DANISHNiels Zimmer Poulsen, Security Engineer, Check Point Software Technologies, LtdDe fleste af de vellykkede cyberangreb, som finder sted i dag, udnytter nye og ukendt malware, der ikke bliver opdaget af de tra-ditionelle sikkerhedsforanstaltninger. Tilmeld dig og få et overblik over de forskellige kategorier af malware, der udnytter nul-dags sårbarheder, og hvordan det er muligt at bekæmpe disse trusler.

3rd-4th May 2017 | Øksnehallen, Copenhagen

Conscia theater Wednesday 3rd May

9.45-

10.15

10.30-

11.00

11.15-

11.45

12.00-

12.30

12.45-

13.15

13.30-

14.00

14.15-

14.45

15.00-

15.30

15.45-

16.15

Have you implemented your DNS security layer to protect mobile and on-prem users against DNS based malware and data exfiltration? ENGLISHErik Peeters, Senior Pre-Sales Systems Engineer - BeLux, Denmark, Norway, Infoblox / Exclusive NetworksWorkforce mobility can boost productivity and employee satisfaction. But it can also create security risks. In a recent survey re-garding remote and mobile users, 75 percent of the respondents worried about data loss when users connected from outside the network. This is a serious concern, and to alleviate it, Infoblox offers ActiveTrust® Cloud, a SaaS security solution that proactively protects users from cyberattacks wherever they are—on your premises, roaming, or working in remote or branch locations.

Secure the breach, be GDPR ready! Real business cases presentation by Gemalto ENGLISHJörgen Jansson, Senior Sales Engineer, GemaltoDuring the session we will describe deployments we have done in the region to secure information using strong authentication and encryption. Deployments includes GDPR, PCI DSS and regular information protection deployments. Both in local data centers and using cloud services.

Opdag og lær hackerne at kende, før de angriber! DANISHMorten von Seelen, Senior Consultant, DeloitteKan Red Team-erfaringer hamle op med Watson fra IBM? Kom og hør, hvordan vi går i hackernes fodspor, når vi udfører Red Team Operations ude i virksomhederne og hvordan vi ved hjælp af kunstig intelligens (AI) og sofistikeret analytisk software kan opdage og lære hackerne at kende, før de angriber.

Hacker on the Payroll ENGLISHCary Hendricks, Global Operations Director - ID Cyber Solutions (Scotland), DeloitteBusinesses need to enable themselves to provide better safety in the workplace. Safety in the workplace now extends to Cyber Security as well to protect everyone (employees, customers) as well as the data in the organisation. Training and awareness is now available to bring valuable skills into the business.

Cloud-baseret sikkerhed – trusler og løsninger DANISHTorben Nissen Ernst, Security Sales Lead, ConsciaCloud Trusler: Cloud-tjenester som fx Office365, DropBox og ServiceNow, udfordrer virksomheders sikkerhedspolitik, da man skal håndhæve samme sikkerhedsprincipper og governance for ”in-house” som for cloud-baserede løsninger. Med en eksplosiv vækst i brugen af cloud-løsninger, må virksomheder og organisationer forvente en stigende eksponering mod sikkerhedstrusler i skyen.Cloud Løsninger: Conscia viser dig, hvilke førende cloud-baserede teknologier, der kan imødekomme de nye udfordringer.

The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defense ENGLISHJohn Dyer, Cyber Security Account Manager, DarktraceFrom insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A funda-mentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis. In this session, learn: • How new machine learning and mathematics are automating ad-vanced cyber defense • Why 100% network visibility allows you to detect threats as they happen, or before they happen • How smart prioritization and visualization of threats allows for better resource allocation and lower risk • Real-world examples of un-known threats detected by ‘immune system’ technology

It’s Usually a Friday When we get the Call… ENGLISHChristian Prickaerts, Director, Managed Security Services, Fox-IT / FortConsultFox-IT is involved in hundreds of incident response cases each year. Christian will speak from his experience in dealing with cyber incidents and talk about the typical challenges that incident response teams face, the tools and techniques that his team uses, and about the important lessons learned along the way. Most importantly, his talk will shed light on how you can prepare for an incident in advance in the best possible way, and recover quickly and efficiently in the aftermath of a breach.

Turning End User Security into a Game You can Win ENGLISHColin McTrusty, Sales Director - EMEA, Wombat SecurityWe know that bad behaviors lead to successful phishing attacks. We’re giving criminals everything they need to be successful. It’s because companies haven’t done enough to address these behaviors that phishing continues to grow. Colin will talk through the Wombat State of the Phish 2017 report findings and relate the finding s to how they impact your busi-ness and how the Using of game mechanics and game thinking in non-game contexts can engage your users to take training and ultimately change user behavior.

Did Anyone Lock the Front Door? ENGLISHChris Payne, Independent IT security consultant, InfinigateRansomware, GDPR and phishing attempts, it has been a busy 12-months and it is likely to only get worse. So what to buy next? In this presentation Chris Payne will take a look at why two-factor authentication may not be the most exciting technology, but is reported to be the best possible security investment for organisations in 80% of publicized breach scenarios. Taking a deep-dive into SecurEnvoy’s bullet-proof smartphone app and some of the simple to administer console tools, you may be left wondering if your current solution has really locked the front door.

3rd-4th May 2017 | Øksnehallen, Copenhagen

Siscon theaterWednesday 3rd May

9.30-

10.00

10.15-

10.45

11.00-

11.30

11.45-

12.15

12.30-

13.00

13.15-

13.45

14.00-

14.30

14.45-

15.15

15.30-

16.00

Hacking without Hacking ENGLISHMartin Jartelius, CSO, Outpost24With the presentation Hacking without Hacking, Martin Jartelius explains how simple it is to access information or systems online, without using a single command. His professional yet approachable demeanour enables him to easily communicate complex technical issues to all levels of the business, enabling senior management to understand the business impact of proper vulnerability scanning, while being able to communicate on a technical level with those requiring a more in-depth understanding.

Lad ikke medarbejderne blive jeres største sikkerhedstrussel i 2017 DANISHCensornetRansomware- og phishing angreb rettet mod virksomhedens medarbejdere fortsætter med at være effektive våben for hackerne. På samme tid gemmer medarbejderne i stigende grad data i skyen, og deler den via fildelingstjenester som Dropbox. Dette lægger pres på IT afdelingen som hurtigt mister både kontrol og sikkerhed over virksomhedens data. Gode råd er ikke nok. Vær med når vi ser nærmere på: •Trusselsbilledet anno 2017 • Multi-faktor sikkerhed •Skygge IT

Eyes Wide Shut: Have you been working in the Dark? ENGLISHBrandon Romisher, Cloud Security Product Specialist, CiscoDon’t get caught looking in the rear view mirror wondering why you’re your traditional layered perimeter- in- depth security strate-gy is no longer enough. In this session we will discuss how you can “Unleash the power of your Network as a Sensor and Enforcer” by using Netflow to give you the visibility you need to illuminate the dark corners of your network and identity and access man-agement to give you control over your users and their access to critical data. You can’t protect what you can’t see! So learn how to take control and implement the next generation of network security to address the Insider Threat.

Er du klar til at tage Danmarks største udfordring op? DANISHJesper Palm Lundorf, Safety & Security Associate, ArrowCybercrime er den største trussel mod danske virksomheder og antallet af virksomheder, der bliver ramt af ransomware og cyberangreb er stærkt stigende. Alligevel er det kun ca. 30% af alle danske virksomheder, som har en plan for håndtering af cyberkriminalitet. Få en øjenåbner, når sikkerhedschefen og tidligere PET-agent Jesper Lundorf udfordrer vores syn på sikkerheden i den digitale verden kontra den fysiske verden. Og gå hjem med Arrow’s 5 sikre råd til vejen mod en tryggere hverdag. Bl.a. hvordan du minimerer truslen og hvordan du kan forhindre, at din virksomhed bliver offer for cyberkriminalitet.

CLOUD SECURITY THAT SCALES ENGLISHRonald den Braven, EMEA Cyber- and SAAS Security Specialist, Palo AltoWhether you are new to the cloud or an experienced user, more and more organizations are pushing their public cloud projects for-ward. With this, challenges are being raised in regards to their security architectures. We at Palo Alto Networks have been assisting our customers in their journey to the cloud and the security steps needed during this journey. You want to know how? Join our session!

One year with GDPR - one year to come DANISHJesper B. Hansen, Senior information security advisor, SisconGenbrug eksisterende viden bedst muligt fra både jura, compliance, it-sikkerhed og forretningen! Igennem det seneste år har der være mange gisninger/antagelser om, hvordan implementeringen af EU-Persondataforordning - GDPR - skal håndteres. Hvem har egentlig ansvaret for projektet GDPR og efterfølgende vedligeholdelse? Er det juraafdelingen? Compliance-teamet? Med udgang-spunkt i en case, giver Jesper inspiration til, hvordan du bedst indsamler og strukturerer eksisterende dokumentation og viden fra flere interne interessenter og transformerer disse oplysninger til et godt fundament for efterlevelse af GDPR og vedligehold.

Guaranteed protection from ransomware ENGLISHEric Van Sommeren, Regional Sales Director Northern Europe, SentinelOne / Exclusive NetworksMany endpoint security vendors claim a ‘next generation’ solution to cyber attacks like ransomware. How many however dare to put their money where their mouth is? SentinelOne offers an all-inclusive solution to prevent you from being impacted by even the most advanced cyber attacks - including ransomware. We welcome you to an introduction with SentinelOne, recently named by Gartner “most visionary endpoint security vendor”.

Shadow IT – how to manage the hidden security and compliance risk ENGLISHPeter Koch, Partner, CredocomCloud services has created the biggest shadow IT we have seen and with it huge compliance and security issues. How do companies gain control and establish a strong control point in an ever growing hybrid world. CASB is the solution and Gartner Group has placed this security category/technology as the No 1 technologies that companies should look into. This presentation will drill down into the issues and solution of managing the growing number of cloud services, manage compliance and security. Getting shadow IT under control.

UBA + Deception + EDR: Uncover Answers, Not Just Alerts ENGLISHRhys Vincent, Lead Security Solutions Engineer, EMEA / EzentaWho has time to build out an Incident Detection & Response program when you’re wading in alerts, tedious investigations, and solutions only monitoring part of your network? Stop the madness. Join us to learn best practices from Rapid7’s red and blue teams and see how customers are combining detection technologies to find intruders earlier in the attack chain.

3rd-4th May 2017 | Øksnehallen, Copenhagen

Keynote theaterThursday 4th May

KEYNOTEKEYNOTE

9.30-

10.15

Blockchain and Backup - a perfect mix for a perfect data protection ENGLISHNikolay Grebennikov, Vice President Engineering, AcronisGet an insight of what Blockchain is and what it isn’t. Helping to understand the potential the technology has not just in the financial industry and as an online currency. The presentation will explain the latest and severest threads like Ransomware and why it is becoming more and more a problem for Cloud and backup data and how Blockchain technologies can help to enhance your data protection level.

DR’s awareness-kampagne med fokus på phishing-test DANISHErik Ahrenkiel Frederiksen, Chief of staff, DRDR har valgt at sætte fokus på informationssikkerhed og medarbejdernes rolle og i den forbindelse sat gang i en awareness-kampagne med det formål at øge ansattes bevidsthed om sikkerhed. Kampagnen bygger på to elementer, en sikkerhedsportal med generel information om sikkerhed til medarbejdere og en række events, som skal fange medarbejderens opmærksomhed. Erik vil fortælle om sine erfaringer med at gennemføre kampagnen og især om resultatet af phishingmailen, som blev sendt til samtlige medarbejdere i DR.

Hvordan dokumenterer en virksomhed compliance med GDPR? DANISHHenning Mortensen, CISO/CPO, A.O. JohansenHenning vil gennemgå en praktisk proces for at komme i compliance med persondataforordningen og herunder skitsere, hvad der som minimum skal dokumenteres. I tilknytning til processen vil der blive præsenteret et par praktiske redskaber/vejledninger, der kan fungere som en tjekliste. De fleste af redskaberne er gratis og udviklet af Henning selv. I tilknytning til processen vil det også blive skitseret, hvordan virksomhederne samtidig kan forbedre deres informationssikkerhed, således at forordningsprojektet kan skabe noget reel værdi til virksomheden. Desuden vil arbejdsdelingen mellem de forskellige aktører i virksomheden blive berørt.

Lyngby-Taarbæk kommune: Cyber kriminalitet bør ikke være et tabu DANISHMikkel Arp, IT-chef, Lyngby-Tårbæk KommuneCyber kriminalitet er blevet et stigende problem, som ingen taler om. Derfor valgte Lyngby-Taarbæk kommune at bryde tabuet og gå offentligt ud, for at fortælle ærligt om at de i 2016 var blevet ramt at forskellige cybercrimes. Kom og få et indblik i, hvilke løsninger, processer og organiseringer Lyngby-Taarbæk kommune har etableret for at sikre borgernes data, de borgerrettede IT services og en stabil drift for de mange medarbejdere der anvender IT i deres hverdag.

Security at scale: How Dropbox builds for tomorrow’s threats ENGLISHMark Crosbie, Trust and Security Manager EMEA, DropboxHalf a billion registered accounts, half a million servers, 500 petabytes of data—and still growing at a fast pace. As one of the world’s largest online services, Dropbox’s success depends on its ability to stay at the forefront of innovations in cybersecurity. Hear about tomorrow’s threats and find out how Dropbox’s security teams work behind the scenes to protect Dropbox’s infrastructure, products and users while still enabling the company to move fast.

From Prison Doors to Nuclear Reactors: When Cyber Threats Turned Physical ENGLISHLucas Lundgren, Senior Security Consultant, FortConsultInternet of Things surrounds us every day, whether we know it or not. Some IoT devices turn on the lights, others water your plants. Some protect us by measuring radiation levels at power plants and turning on the fans to get the toxic air out – others are used to control prison doors, car brakes or earthquake alarm systems. So what if there was a way for someone to control these things, without your knowledge? Could I change the radiation levels at a power plant? Slam the brakes on your car while you’re on the motorway? Open prison doors?

10.30-

11.15

11.30-

12.15

12.30-

13.15

13.30-

14.15

14.30-

15.15

3rd-4th May 2017 | Øksnehallen, Copenhagen

Axcess theater Thursday 4th May

9.45-

10.15

10.30-

11.00

11.15-

11.45

12.00-

12.30

12.45-

13.15

13.30-

14.00

14.15-

14.45

15.00-

15.30

Cyber Defence in 2017: working in a world where breaches happen ENGLISHTim Anderson, Associate Director, NCC Group / FortConsultWith the complexity and fluidity of the current threat landscape, companies need to move beyond traditional protective monitoring and security device management. To stand a chance against a multitude of threats, a combination of intelligence and technical innovations are needed to be in place. Tim Anderson will discuss the evolution of the SOC and the need to move from a traditional MSSP to the more comprehensive Managed Detection and Response (MDR) approach. Using real-world examples drawn from NCC Group’s experience of protecting some of the world’s largest blue chip companies, Tim will highlight the benefits that MDR brings in fighting today’s adversaries.

Game over? Part 2 (Nextgen) ENGLISHJesper Mikkelsen, Cyber Defense Specialist, Trend MicroMachine learning, AI, Signature less AV… have we, the blue team, finally found the silver bullet?Is it still Game over? Attende this session, and find out

Sikkerhed i balance – angreb og forsvar i en digital virkelighed DANISHJacob Herbst, CTO, DubexAt ramme det rigtige sikkerhedsniveau i den digitale virkelighed er svært. Det kræver konstant prioritering og fokus, og det kræver ikke mindst den rigtige tilgang og processer. Indlægget kigger på de aktuelle udfordringer og giver dig inspiration med hjem om, hvordan du rammer det rigtige sikkerhedsniveau og hvilke discipliner, der skal være på plads indenfor bl.a. risikostyring, fundamental sikkerhed, awareness, overvågning og incident response.

Trusler fra ukendt malware – SandBlast DANISHNiels Zimmer Poulsen, Security Engineer, Check Point Software Technologies, LtdDe fleste af de vellykkede cyberangreb, som finder sted i dag, udnytter nye og ukendt malware, der ikke bliver opdaget af de tra-ditionelle sikkerhedsforanstaltninger. Tilmeld dig og få et overblik over de forskellige kategorier af malware, der udnytter nul-dags sårbarheder, og hvordan det er muligt at bekæmpe disse trusler.

Taler IT afdelingen og ledelsen samme sprog? DANISHKenneth Schwartz Thorkelin, Concept Manager, AxcessCVR og CVE er ikke det samme. Ofte taler it-afdelingen og ledelsen ikke taler samme sprog, som giver sig udslag ved manglende forståelse i ledelsen om hvilke områder, der skal prioriteres og dermed afsættes ressourcer til. Hvordan oversætter vi det væld af tekniske termer og den barriere, så der er en fælles forståelse for de stigende udfordringer, der er på sikkerhedsområdet. Axcess vil i denne session komme med eksempler på misforståelser i hverdagen, og hvordan disse eventuelt kan løses med den rette ledelsesrapportering.

Security and efficiency with Meraki Software Defined WAN ENGLISHMihail Papazoglou, Consulting Systems Engineer, Netteam & Cisco Meraki NordicsIn this session you will learn what is Software Defined WAN and how to improve WAN efficiency and security in a simple way with Cisco Meraki’s SD-WAN solution. The session includes customer stories, use cases and a quick design walkthrough with best practices recommendations. You will also see how the solution is managed in practice through a live demo of a running production environment. During the demo, you will experience the efficiency of managing a global network that uses both core SD-WAN functionality, as well as advanced security features like IPS, AMP and Content filtering.

How to deliver a solid Cyber Security solution, and at the same time save money? Is it possible? ENGLISHGøran Tømte, Channel Systems Engineer, Palo AltoSecurity platform vs best of breed point solutions. What impact will it have on your security, OPEX, TCO, and when will you have ROI? A keyword in modern security is automation

Hvor går du hen, hvis du vil kombinere digital-, secure- og IT business? DANISHBenjamin Christensen, Enterprise Portfolio Manager, DellEMC / SEC DatacomDigital-, secure- og IT business er områder, som er relevante for den virkelighed, virksomheder operer i. Netop derfor hedder vi i dag Dell EMC. Vi ser det som vores opgave at få samlet alle tre dele og tilbyde vores kunder end-to-end løsninger, der tag-er afsæt i hele din forretning. Til denne session kan du høre, hvordan Dell EMC tænker digital- secure- og IT business, samt hvordan det tænkes ind i de løsninger, som vi tilbyder.

3rd-4th May 2017 | Øksnehallen, Copenhagen

Check Point theaterThursday 4th May

9.30-

10.00

10.15-

10.45

11.00-

11.30

11.45-

12.15

12.30-

13.00

13.15-

13.45

14.00-

14.30

14.45-

15.15

Erfaringer med persondataforordningen - godt i gang og sikkert i mål DANISHLars Henriksen, Partner/VP Sales and Marketing, GlobalSequrEU Persondataforordningen har været et hyppigt diskuteret emne det sidste år. Rigtig mange virksomheder er i gang med at til-rette processer og systemer. Der er dog mange virksomheder, der ikke helt ved, hvordan de skal komme i mål med at lev op til kravene i forordningen. GlobalSequr A/S har gennem implementerings projekter opbygget en masse erfaring omkring forordnin-gen og hvordan virksomheder bedst muligt griber processen an. Ved dette seminar vil vi dele ud af vores erfaringer, samt give no-gle gode råd til hvordan du kommer mål med at leve op til forordningens krav.

Hvorfor virker IT-sikkerheden ikke? DANISHNiels Mogensen, Security Evangelist, ConsciaArbejdet med IT-sikkerhed er en stor udfordring for alt for mange virksomheder. Tilgangen til sikkerhed er hos mange virksomheder blevet et spørgsmål om produkter. Man glemmer simpelthen at definere hvad problemet er, og laver sikkerhed for sikkerhedens skyld – i stedet for sikkerhed for forretningens skyld. Conscias Niels Mogensen tager os ud på en ikke teknisk tur igennem sikkerhedslandskabet anno 2017, og kommer blandt andet ind på kontroversielle emner som processer, arbejdsgange og dilemmaet mellem implementering af sikkerhed og den samlede drift af sikkerhed, infrastruktur og applikationer.

Cisco Cloud Security ENGLISHBrandon Romisher, Security Sales lead, Cisco UmbrellaIn this session you will learn about the Cisco Umbrella SIG (Security Internet Gateway) + CloudLock, and how it fits in to the Cisco architecture.

Er du klar til at tage Danmarks største udfordring op? DANISHJesper Palm Lundorf, Safety & Security Associate, United Nations Denmark / ArrowCybercrime er den største trussel mod danske virksomheder og antallet af virksomheder, der bliver ramt af ransomware og cy-berangreb er stærkt stigende. Alligevel er det kun ca. 30% af alle danske virksomheder, som har en plan for håndtering af cyber-kriminalitet. Få en øjenåbner, når sikkerhedschefen og tidligere PET-agent Jesper Lundorf udfordrer vores syn på sikkerheden i den digitale verden kontra den fysiske verden. Og gå hjem med Arrow’s 5 sikre råd til vejen mod en tryggere hverdag. Bl.a. hvordan du minimerer truslen og hvordan du kan forhindre, at din virksomhed bliver offer for cyberkriminalitet.

Mobility provides great advantages, but with freedom comes new challenges ENGLISHJoakim Wiling, Head of Mobile Security Nordic, BeNeLux and Baltics, Check Point Software TechnologiesAttacks directed towards mobile devices have already hit some major enterprises. It’s further estimated that the next big waves of attacks, will massively be targeted mobile device, Apps and data residing at these devices. Most attack vectors can be detected and prevented, before it creates damages to users personal or business devices. When combining Mobile Threat Prevention (MTP) with mobile device management (MDM) tools and proper user awareness, the security around the mobile devices can be main-tained at a very high level.

Isolation - Releasing the Shackles on your Employees ENGLISHJason Steer, Menlo Security / SEC DatacomCome and learn about how isolation can be used to empower your employees to click on emails, email links and visit websites safely and eliminate the risks from ransomware & phishing. Attend to discover how spearphishing attacks & web threats can be 100% neutralised and the web can be opened up safely, without fear of infection.

Web Security Threat Landscape: A Field Report ENGLISHEmmanuel Macé, Product Line Director, Security Business Unit, AkamaiGet insights into large scale, real-world attack campaigns that target the top web sites on the Internet. This report is based on the latest analysis of 20TB of attack data and 3 trillion log lines every day – looking for patterns and new attack campaigns.

GDPR og koblingen til den daglige IT-sikkerhed DANISHKlaus Kongsted, Chief Relations Officer, Dubex og Jan Johannsen, SE Manager, Check Point Software Technologies, LtdI dette oplæg kan du høre om kravene til accountability og hvordan det er koblet til it-sikkerheden. Du får desuden en gennemgang af de mulige tekniske løsninger på de væsentligste problemstillinger, og en ”det skal I gøre nu” – plan for virksom-heden.

3rd-4th May 2017 | Øksnehallen, Copenhagen

Conscia theaterThursday 4th May

9.45-

10.15

10.30-

11.00

11.15-

11.45

12.00-

12.30

12.45-

13.15

13.30-

14.00

14.15-

14.45

15.00-

15.30

Efterlev GDPR & ISO lovgivning og få effektive og aktuelle kontroller DANISHLars Bærentzen, Direktør, SisconEU-forordningen, national lovgivning, ISO-standarder, øget topledelses- og mediemæssigt fokus har gjort IT-sikkerhed og compli-ance til en større opgave i enhver virksomhed. Virksomheden skal i dag være på forkant med både data og informationssikkerhed samt grundigt dokumentere din løbende aktive indsats. Opgaven er kompleks og kræver et enormt overblik - uanset virksomhedens størrelse og uanset om du håndterer persondata, forretningskritiske data eller skal tage højde for hvidvaskning af penge ved finan-sielle transaktioner. Med et casebaseret oplæg giver Siscon dig tricks til, hvordan du effektivt opbygger et samlet kontrolmiljø, som matcher den aktuelle lovgivning og som samtidig sikrer dig den altid aktuelle status topledelsen og IT-revisionen har brug for.

The challenges of implementing network encryption and security ENGLISHMichael Appelby, Security Specialist - Executive Sales, ZybersafeAll institutions in our society, from financial to governmental, run on information. This information needs to be networked and shared among geographically dispersed locations. Institutions therefore have significant risks in the areas of data security, compli-ance and liability, and must be vigilant in protecting IT infrastructure from increasing security threats. Encryption is the lynchpin for data protection, but is often overlooked because of the added complexity it brings. How should we address the issue of implement-ing end-to-end encryption in our infrastructure, and where are the pitfalls?

How efficient is your Datacenter security? ENGLISHBogdan Carlescu, Senior Product Marketing Manager, BitdefenderProtecting Datacenter Infrastructure is much more expensive than the amount paid for acquiring security solutions. There are many human, technical and financial resources involved in deploying and maintaining the effectiveness of a datacenter security solution. Learn together with Bogdan Carlescu how to calculate the real price of protecting your datacenter.

Cloud Security - Moving your IT-infrastructure to the cloud with Microsoft Azure and Office 365 ENGLISHGemma Allen, Cloud Security Solutions Architect, Barracuda Network / SEC Datacom As one of the major cloud providers Microsoft Azure has a big adoption rate in a lot of businesses around the world. Customers are moving parts of their infrastructure from their own datacenter(s) to the Azure Cloud. Obviously developers want to extend and re-use their knowledge of secure networks in the cloud. They are talking about network firewalls, network segmentation, vlan’s. How-ever in the Azure cloud this is slightly different and some of the trusted mechanisms are unavailable. In this talk we go in-depth on the various Azure networking options and how establish secure connectivity between Azure and various on-premise locations.

Lad ikke medarbejderne blive jeres største sikkerhedstrussel i 2017 DANISHCensornetRansomware- og phishing angreb rettet mod virksomhedens medarbejdere fortsætter med at være effektive våben for hackerne. På samme tid gemmer medarbejderne i stigende grad data i skyen, og deler den via fildelingstjenester som Dropbox. Dette lægger pres på IT afdelingen som hurtigt mister både kontrol og sikkerhed over virksomhedens data. Gode råd er ikke nok. Vær med når vi ser nærmere på: •Trusselsbilledet anno 2017 – hvilken rolle spiller medarbejderne? • Multi-faktor sikkerhed – lad ikke medarbejdernes dårlige passwords blive jeres Achilles hæl •Skygge IT – sådan kaster du lys over skygge IT i virksomheden, og øger sikkerheden uden at det går ud over medarbejdernes produktivitet

Cloud-baseret sikkerhed – trusler og løsninger DANISHTorben Nissen Ernst, Security Sales Lead, ConsciaCloud Trusler: Cloud-tjenester som fx Office365, DropBox og ServiceNow, udfordrer virksomheders sikkerhedspolitik, da man skal håndhæve samme sikkerhedsprincipper og governance for ”in-house” som for cloud-baserede løsninger. Med en eksplosiv vækst i brugen af cloud-løsninger, må virksomheder og organisationer forvente en stigende eksponering mod sikkerhedstrusler i skyen. Cloud Løsninger: Conscia viser dig, hvilke førende cloud-baserede teknologier, der kan imødekomme de nye udfordringer. Disse teknologier tilbyder blandt andet: • Indsigt i medarbejderes brug af cloud-applikationer som Office 365 • Deling af sikkerhedsin-formation på tværs af applikationer for bedst mulig beskyttelse • Styrkelse af organisationens evne til at reagere både før, under og efter et angreb. Se en demo af en af markedets førende cloud-sikkerhedsløsninger: Cisco AMP for Endpoints, og besøg en af Cons-cias stande på InfoSec for en sikkerhedssnak.

Shadow IT – how to manage the hidden security and compliance risk ENGLISHPeter Koch, Partner, CredocomCloud services has created the biggest shadow IT we have seen and with it huge compliance and security issues. How do com-panies gain control and establish a strong control point in an ever growing hybrid world. CASB is the solution and Gartner Group has placed this security category/technology as the No 1 technologies that companies should look into. This presentation will drill down into the issues and solution of managing the growing number of cloud services, manage compliance and security. Getting shadow IT under control.

Recovering from ransomware in minutes with Zerto ENGLISHEgon Van Dongen, Solutions Engineer Benelux & Nordics, ZertoRansomware is now one of the biggest threats to organisations. Every ten days a local government/township, federal government or company reports an attempt to ‘hijack’ their data. Nobody wants to be in a position of being locked out of all of your data and facing the prospect of having to pay a ransom or accept the impact of data loss and downtime by restoring from backups. Join us to learn: - How to protect your organisation from ransomware - How to prevent ransomware infections in the first place - How Ze-rto can be used to re-wind and recover from a ransomware attack, as if the infection never happened.

3rd-4th May 2017 | Øksnehallen, Copenhagen

Siscon theaterThursday 4th May

9.30-

11.00

11.15-

11.45

12.00-

12.30

12.45-

13.15

13.30-

14.00

14.15-

14.45

Hacker-challenge ENGLISHPowered by DeloitteHacking is all about breaking the security of an application or infrastructure and is often surrounded with great mystery. In this session we will follow a group of hackers work from beginning to end and show you live how hackers really work. The session is accompanied by Deloitte Hacking experts who will explain the hackers’ choises and actions.

Moving Beyond Legacy Endpoint Security Technology with Artificial Intelligence ENGLISHRobin Sundin, Sales Engineer, CylanceSupporting enterprises in complex and diverse environments requires technologically sophisticated security solutions to combat zero-day threats. Endpoint security providers sell legacy technology in layered formats, focusing on the reactive, as the only solution. Artificial intelligence can secure a system against unknown threats in addition to threats that may hide their malicious behavior while under scrutiny.

Preparing for EU GDPR from a CISO perspective DANISHErik Sørup Andersen, Principal Consultant, F-SecureEU GDPR requires transparency down to the technical control level relevant for the data flow in question. In effect this means that security controls must be accounted on each it-service in scope. The presentation will give examples of how to obtain the right level of transparency, and how CISOs and IT security teams can use the improved transparency to strengthen cooperation with DPO, business and IT departments.

Hacker on the Payroll ENGLISHCary Hendricks, Global Operations Director - ID Cyber Solutions (Scotland), DeloitteBusinesses need to enable themselves to provide better safety in the workplace. Safety in the workplace now extends to Cyber Security as well to protect everyone (employees, customers) as well as the data in the organisation. Training and awareness is now available to bring valuable skills into the business.

Is an attacker hidden in your network? ENGLISHTomáš Šárocký, Area Manager, FlowmonToday’s security tools are focused on prevention and protection against threats and attacks. There are several tools on the market providing this solution. However, modern approach should be very different. Detection and reaction on security breaches should be the main focus of secured networks. And the best way to detect an event is to monitor what is happening in the network. Do you really know what, who, where and how is doing?

Secure Privilege on the Endpoint ENGLISHDries Robberechts, Director of New Business, EMEA, CyberarkMost information security professionals know that securing privilege at the endpoint is a fundamental part of any endpoint pro-tection strategy. Government information security organisations and industry analysts agree. However, 62% of organisations ha-ven’t acted because it is perceived as too difficult a trade-off between security and usability - and it results in increased support costs. Attend this session to hear how CyberArk can help you adopt this best practice.

Opgraderingen du ikke kommer udenom: Fra persondatalov til GDPR plus ”persondataloven, version 2.0” DANISHLena Andersen, Kontorchef, DATATILSYNET - The Danish Data Protection AgencyHer får du en fagligt funderet præsentation af, hvordan den nye generelle databeskyttelsesforordning ”GDPR” udvikler data-beskyttelseslovgivningen i Danmark. Du får et overblik over elementer, der går igen, en række nye elementer, samt en række ele-menter, der stadig mangler at blive afklaret i den danske proces. Med GDPR bliver kravet om tilstrækkelig sikkerhed omkring per-sonoplysninger et grundprincip, og der kommer krav om dokumenterede foranstaltninger. Det grundlæggende princip udspalter sig i en række detaljerede regler, som vedrører databeskyttelse gennem design og gennem standardindstillinger, krav ved brug af databehandlere, krav om passende sikkerhedsforanstaltninger med afsæt i en risikovurdering, krav om notifikation af sikkerheds-brud samt i visse situationer konsekvensanalyser vedrørende databeskyttelse, også kaldet ”DPIA”.

15.00-

15.45

KEYNOTE