Seminar 29 th - 30 th November 2012, Berlin With Experts from: Europol, Security Unit Ministry of General Affairs, Department for Quality, Analysis and Management, NL Council of Europe, Chief Information Security Officer Estonian Information System s Authority, Department of Supervision Competition Commission, IT Security Department, UK London Borough of Richmond upon Thames, Information and Communications Technology Department, UK Brochure 1
SEMINAR Protect your public institution against increasing data leakages Public Institutions at all administrative levels are responsible for a huge quantity of sensitive data. With more and more governmental services becoming electronic this amount increases rapidly. Therefore it is crucial to secure your public institution against external attacks that aim to maliciously access this data. But how can you avoid that data is leaking from the inside? Staff members have leaked important data, both deliberately and unintentionally. Therefore internal processes and regulations of handling data need to be stringent and clarified. First of all, you need to be aware of how data leakage does occur. Where are potential risks? There are several technical solutions to keep data safe, but human factor and the cooperation between IT departments as well as information governance are vital to prevent leaks. How can potential risks be addressed effectively? And what happens if data has already leaked? You need to make sure that an emergency response plan is ready at hand to avoid the worst case scenario. Who is this seminar for? Directors, Heads of Departments and Units, Information Security Officers, Information Security Advisers, IT Coordinators, IT Security Officers/Managers, IT Officers, Administrators, Data Protection Responsibles From departments such as IT/ICT Department Information and Communication Services ICT Strategy Department Information Systems Department IT Infrastructure Division Data Security Services Information and Electronic Services Division In public authorities handling large amounts of sensitive data including: All national and regional public authorities such as Ministries, Chancelleries, Prime Minister s Offices and Parliaments European agencies and European associations Central Government IT Agencies Public Data Centres All national and regional government agencies and public bodies All public authorities on local level such as local governments, municipalities and cities Universities and public research centres 2 This seminar might be also interesting for experts from private IT Security Companies.
What will you learn at this seminar? What are the factors for data leakage? How can you prevent data leakage? Which are the risks you have to expect and how to precisely analyse them? How to assess data security in practice Get an insight on hot topics such as the use of Mobile Devices Learn what do to in case of emergency How to draft an Emergency Response Plan Your benefits Improve the effective protection of your institution against data leakage Avoid negative reputation that will affect your institution when data is lost Learn how to keep sensitive data safe Ensure the continuing operability of your institution Receive first-hand experiences from IT Security experts including Europol, Council of Europe and further European experts Exchange and discuss with experts and colleagues who deal with the same issues from different European countries and extend your network 3
PROGRAMME DAY 1 8.30-9.00 Registration and Handout of Seminar Documents 9.00-9.05 Opening Remarks from the European Academy for Taxes, Economics & Law 9.05-9.30 Welcome Note from the Chair and Round of Introductions Christos Sgaras, Information Assurance Specialist, Security Unit, Europol 9.30-10.15 Causes and Channels of Data Leakage How does data leakage usually occur? Who is behind data leakage incidents? What are the challenges in defending against data leakage? What can you do better to prevent data leakage? Christos Sgaras, Information Assurance Specialist, Security Unit, Europol 10.15-10.30 10.30-11.00 Coffee Break and Networking Opportunity 12.00-12.45 Risk Analysis in Practice Identification of Risks Information Security: confidentiality, integrity and availability (C, I & A) Risk Analysis how important are the C, I & A of my information? - Confidentiality: what happens if my information is compromised? - Integrity: what happens if my information is wrong? - Availability: what happens if my data is lost? What are the probabilities of information being compromised, lost or wrong? Knowing your enemies (internal and external) Calculating risks and taking measures Sjoerd Feenstra, Deputy Chief Information Officer and Head of Unit, Quality, Analysis and Management, Ministry of General Affairs, the Netherlands 12.45-13.00 13.00-14.15 Lunch Break and Networking Opportunity 11.00-11.45 Data Leakage Prevention Methods in Your Institution DLP: Data in motion, Data in use, Data at rest Context of the organisation: Business needs, IT needs, security needs, levels of information Problems and constraints General approach of the organisation: user awareness and technical measures Organisational methods: IT procedures, general security policies, user guidelines Legal methods Technical methods Outlook: What global solution we ve chosen and why Alexandre Diemer, Chief Information Security Officer, Council of Europe 11.45-12.00 4
Workshop 14.15-15.30 Assessing Data Security in a Public Institution Participants work on a case study Case of a national ministry Assess the data security situation of a public institution Presentation and discussion of results Sjoerd Feenstra, Deputy Chief Information Officer and Head of Unit, Quality, Analysis and Management, Ministry of General Affairs, the Netherlands 15.30-16.00 Coffee Break and Networking Opportunity Hot Topic: Mobile Devices 16.00-16.45 Data Security in Mobile Devices Latest trends in mobile device usage New security risks and challenges introduced by mobile devices BYOD vs. corporate mobile devices Division of business and private data on mobile devices Building mobile device usage policies Christos Sgaras, Information Assurance Specialist, Security Unit, Europol 16.45-17.00 Case Study 17.00-17.45 Maintaining Information Security in e-governance in Estonia IT Departments: centralised vs. decentralised challenges and chances Main goals of information society development policies Reduction of data leakage through interoperability between public databases Practical tools and compulsory support systems for the maintenance of public databases Programs for increasing security awareness 2009 Cyber Security Strategy new goals and new organisational structures Epp Maaten, Head of Department, Department of Supervision, Estonian Information System s Authority 17.45-18.00 18.00 End of Day One 5
PROGRAMME DAY 2 9.00-9.15 Welcome Note from the Chair Zafrul Sattar, Head of IT Security, Competition Commission, United Kingdom 9.15-10.00 What to Do if Data Is Lost: Emergency and Crisis Management in Public Institutions: Developing an Emergency Response Plan Case Study Setting up an Incident Response Team Resources needed Incident reporting Investigative process Protection of evidence Forensic readiness Zafrul Sattar, Head of IT Security, Competition Commission, United Kingdom 10.00-10.15 10.15-10.45 Coffee Break and Networking Opportunity Workshop 10.45-11.45 Developing Your Emergency Response Plan Produce a security incident flow chart Group Work Presentation of Results Zafrul Sattar, Head of IT Security, Competition Commission, United Kingdom 12.00-12.45 Data Leakage Prevention Human Factors Information Technology departments: the new security service? The futility of ever-tighter controls on information consumers Changing attitudes to confidentiality Changing information consumer practice Public relations and reputation management How to change data management in your organisation Adrian Boylan, Head of Information and Communications Technology, London Borough of Richmond upon Thames, United Kingdom 12.45-13.00 13.00-14.15 Lunch Break and Networking Opportunity 14.15-15.00 Data Leakage Prevention: the Value of Information Governance How our organisations address information security management today Does information governance (formal or informal) reduce data leakage? Are codes of compliance effective in reducing data leakage? Do your information handling processes enhance or reduce data security? Practical approaches to improving data management and reducing data leakage in your organisation Adrian Boylan, Head of Information and Communications Technology, London Borough of Richmond upon Thames, United Kingdom 15.00-15.15 15.15-15.30 Handout of Certificates 11.45-12.00 15.30 End of Seminar 6
SPEAKERS CHRISTOS SGARAS Information Assurance Specialist, Security Unit, Europol Christos Sgaras is an Information Assurance Specialist working for Europol, the European law enforcement agency. He has wide experience in the area of information risk management in private and public organisations at an international level. Before joining Europol, he was working as an Information Security Consultant offering advisory services regarding implementation of ISO27001, PCI DSS, information risk assessments, information security awareness campaigns and security strategy and governance. ALEXANDRE DIEMER Chief Information Security Officer, Council of Europe Since 2009, Alexandre Diemer has been working as Chief information Security Officer for the Council of Europe. His work includes major projects such as developing IT security policy and business recovery plans or risk analysis. He is responsible for security matters of internal projects and here he controls the implementation of security requirements. During his 12 years of professional experience in IT Security he has been in charge of technical infrastructures, technical security and security awareness. EPP MAATEN Head of Department, Department of Supervision, Estonian Information System s Authority Epp Maaten is Head of Supervision Department at the Estonian Information System s Authority. Her department is responsible for launching a supervisory system for the proper implementation of security measures protecting governmental IT systems and critical information infrastructure. Before joining the Estonian Information System s Authority she was auditor in the Estonian National Audit Office carrying out audits focused on efficiency and management of governmental IT systems. From 1998-2011 Epp Maaten has managed electoral ICT projects like the Internet voting system and electoral data management system by Estonian National Electoral Committee. Epp Maaten is Certified Information Systems Auditor (CISA). 7
SPEAKERS SJOERD FEENSTRA Deputy Chief Information Officer and Head of Unit, Quality, Analysis and Management, Ministry of General Affairs, the Netherlands Since 2011, Sjoerd Feenstra is Head of Unit for Quality, Analysis and Management at the Ministry of General Affairs in the Netherlands. He also is Deputy Chief Information Officer and was responsible for the composition of the Dutch Governmental Strategy for Information Security. In 2005, he joined the Ministry of General Affairs as ICT Specialist and since then has been responsible for the department s information security and in cooperation with specialists from other ministries for the Dutch government s information security. Prior, he worked as web-developer and project manager at the Ministry of Justice. ZAFRUL SATTAR Head of IT Security, Competition Commission, United Kingdom Appointed in 2012, Zafrul Sattar is IT Security Manager at the Competition Commission in London. Before joining the Competition Commission in 2011, he worked as a deployable security analyst for the British Government for 4 years, working exclusively on secure networks. He worked with the Foreign and Commonwealth Office, Department of Foreign and International Development and Ministry of Defense at offices in the UK and abroad. Previously, he worked as a project manager, service desk manager, and rollout engineer for the aforementioned UK government departments. ADRIAN BOYLAN Head of Information and Communications Technology, London Borough of Richmond upon Thames, United Kingdom Since 2006, Adrian Boylan has been Head of Information and Communications Technology at the Borough of Richmond Upon Thames in South West London. Previously he was Assistant Director at Scope, England s national organisation for people with cerebral palsy and complex disabilities, and Head of Information at Christian Aid, one of the UK s leading international overseas development organisations. In these roles Adrian has also been responsible for promoting information distribution and use and protecting the right of individuals to access data as well as for ensuring data security compliance and staff security training. 8
ORGANISATIONAL MATTERS Date of Event 29 th - 30 th November 2012 Booking Number S-533 Event Language The event language will be English. Event Price 1389,- Euro, excl. German VAT (19%) The above price covers the following: Admission to the seminar Hand-out documents Seminar certificate, if seminar fully attended Soft drinks and coffee/tea on both event days Lunch on both event days Booking Modalities It is recommended to book soon as seats are limited. For organisational matters, we kindly ask you to complete the booking form in capital letters. BOOKING Fax: +49 (0)30 802080-250 E-mail: booking@euroacad.eu Phone: +49 (0)30 802080-230 For online booking please visit our website: www.euroacad.eu Contact European Academy for Taxes, Economics & Law Hausvogteiplatz 13, 10117 Berlin, Germany Phone: +49 (0)30 80 20 80 230 Fax: +49 (0)30 80 20 80 250 E-Mail: info@euroacad.eu Internet: www.euroacad.eu Your contact persons for the programme: Regina Lüning, M. Sc. econ. Head of Marketing and Sales Phone: +49 (0)30 80 20 80 246 Fax: +49 (0)30 80 20 80 259 E-mail: regina.luening@euroacad.eu Carolin Schmidt Junior Conference Manager Phone: +49 (0) 30 80 20 80 212 Fax: +49 (0) 30 80 20 80 259 E-mail: carolin.schmidt@euroacad.eu (Programme is subject to alterations) Event Location Arcotel John F Werderscher Markt 11 10117 Berlin, Germany Phone: +49 (0)30 2888 6578 95 E-Mail: reservation.johnf@arcotel.at Internet: www.arcotel.at Please contact the hotel directly and refer to the European Academy for Taxes, Economics & Law in order to benefit from a limited room contingent at a special price. Please book as soon as possible. Of course you can always look for an alternative hotel accommodation. 9
NOTE Please note, you can register as many delegates as you wish (except, the seminar is fully booked). You only need to copy this formular for as many persons you wish. European Academy for Taxes, Economics & Law Brauner Klingenberg GmbH Hausvogteiplatz 13 10117 Berlin / Germany Phone.: +49 (0)30 802080-230 Fax: +49 (0)30 802080-250 E-mail: info@euroacad.eu www.euroacad.eu BOOKING BOOKING NUMBER: S-533 (PR) 29 th - 30 th NOVEMBER 2012, BERLIN Herewith we register the following persons for the European IT Security Seminar: Delegate 1 Ms. Mr. First name Last name Department Job position Your organisation Street Postcode / City Country Phone Fax E-mail Delegate 2 Ms. Mr. First name Last name Department Job position Your organisation Street Postcode / City Country Delegate 3 Ms. Mr. First name Last name Department Job position Your organisation Street Postcode / City Country Phone Fax E-mail Phone Fax E-mail Invoice organisation To the attention of Street Postcode / City Country Phone Fax E-mail In case of registration of more than one delegate - do you prefer: single invoice? collective invoice? With my signature I confirm my registration and accept the General Terms and Conditions as legally binding. I herewith agree to receive further information from the European Academy for Taxes, Economics & Law NOTE Only Valid with Signature and Stamp 10 Place, Date Authorised Signature and Stamp
Terms & Conditions for Conferences, Seminars and other Training Courses 1. Area of Application The following terms and conditions settle the contractual relationship between conference participants and the European Academy for Taxes, Economics & Law Brauner Klingenberg GmbH [referred to as European Academy for Taxes, Economics & Law in the following]. Differing terms and conditions, as well as, other settlements and/or regulations have no validity. 2. Registration / Confirmation of Application A registration can be made via internet, mail, fax, or email. The registration is considered granted and legally binding if not rejected by the European Academy for Taxes, Economics & Law in writing within seven (7) days after receipt of registration. The registration will be supplemented by a booking confirmation via email. Partial bookings are only valid for seminars designed in modules. 3. Service The course fee covers the fee per participant and course in net, subject to current German VAT. It includes training course documents as per course description, a lunch meal/ snack and refreshments during breaks, as well as, a participation certificate. The European Academy for Taxes, Economics & Law has the right to change speakers/instructors and to modify the course program if and where necessary while maintaining the overall nature of the course. All registered participants will be notified in case of a course cancellation due to force majeure, due to speakers preventions, due to troubles at the chosen location or due to a low registration rate. Course cancellation notification due to a low registration rate is issued no later than two (2) weeks before the course date. Course fees are reimbursed in the cases listed above; however, reimbursement for travel expenses or work absenteeism is only granted in cases of intention or gross negligence by the European Academy for Taxes, Economics & Law. Any reimbursement of travel expenses are to be considered as an exceptional goodwill gesture and form no future general obligation. In case of disturbances and/or interruptions, the European Academy for Taxes, Economics & Law commits itself to solve or limit any problems that might occur in order to maintain and continue the course as planned. 4. Payment Date and Payment, Default of Payment Payment of the course fee is payable immediately upon receipt of invoice. Where payment is not received or lacking clear assignment to a participant prior to commencement of the course, the European Academy for Taxes, Economics & Law may refuse the relevant participant s participation in that course. The course fee, however, is still due immediately and can be claimed as part of a dunning procedure or legal action. In accordance with BGB 247 (1), in case of default of payment within the stipulated time period, default interest on arrears of at least 5% above the ECB base rate is due and payable. The European Academy for Taxes, Economics & Law can claim higher damage for delay if and where proven. Equally, the participant may prove that a damage has not occurred or has had less effect than estimated by the European Academy for Taxes, Economics & Law. Payment shall be made by cashless bank transfer; cash or cheques will not be accepted. The European Academy for Taxes, Economics & Law is not liable for any loss of means of payment. The participant may only offset such claims against the European Academy for Taxes, Economics & Law s as are undisputed, legally recognized or recognized in writing by the European Academy for Taxes, Economics & Law. The right of retention is only acceptable in accordance with a counterclaim based on the same contract. 5. Cancellation Cancellations need to be issued in writing. Cancellation by the participant will be subject to cancellation charges as follows: 30 days or more prior to commencement of the course: service charge of 80,00 net, subject to current German VAT, payable immediately, course fee will be reimbursed, two (2) weeks to 30 days prior to commencement of the course: 50% of course fee net, subject to current German VAT, payable immediately, non-attendance or cancellation less than two (2) weeks prior to commencement of the course: 100% of course fee net, subject to current Germany VAT, payable immediately The European Academy for Taxes, Economics & Law gladly accepts without additional costs a substitute participant nominated in case of a cancellation if the substitute participant is registered at least three (3) days prior to the commencement of the course. Neither cancellation of a specific module/part of the course or substitution per module/per day is possible. 6. Copyright Seminar/course documents are protected by property rights and may not be duplicated, processed, amended, circulated or published in any other way without the written consent of the European Academy for Taxes, Economics & Law. The European Academy for Taxes, Economics & Law reserves all rights. 7. Liability All seminars and courses are prepared and presented by qualified speakers and instructors. The European Academy for Taxes, Economics & Law accepts no liability for the upto-dateness, correctness and completeness of the seminar documentation, as well as, presentation of the seminar. 8. Applicable Law, Place of Jurisdiction, Place of Performance All cases shall be governed and construed in accordance with German law to the exclusion of the UN Sales Convention. As far as legally admissible, place of performance and place of exclusive jurisdiction shall be Berlin, Germany. 9. Data Protection The European Academy for Taxes, Economics & Law protects personal data by taking appropriate protection measures. For the purpose of optimization of the product and service portfolio and according to the regulations of the data privacy laws, it stores and processes person-specific data on the training participants. Hence, all European Academy for Taxes, Economics & Law website hits are registered. All personal data will, in accordance with the law, be used for documentation requests, placed orders or other enquiries in order to send information out by post. The European Academy for Taxes, Economics & Law will, in accordance with the law, inform participants by email about special offers that resemble previously booked seminars. If and where personal data needs to be transferred to countries lacking appropriate data protection schemes, the European Academy for Taxes, Economics & Law shall grant alternative adequate protection. Furthermore, the European Academy for Taxes, Economics & Law will use personal data as far as participants have granted respective permission. When collecting personal data, the European Academy for Taxes, Economics & Law will always ask for permission regarding email information about offers. The participant may, at any time, express their objection to data collection for the purpose of advertisement or address via email or fax. Any data provided to the European Academy for Taxes, Economics & Law will be processed for reservations and bookings, as well as, for information about other seminars. Names and company names will be published in a participants list and forwarded to the mailing company. 11