18th-20th February 2013

Fairmont The Palm Dubai,

5th ANNUAL

United Arab Emirates

MIDDLE EAST

Summit & Roundtable

The Premier Gathering for Information Security leaders

4
Keynotes from acknowledged security leaders:

Benefits of Attending

participation guaranteed ample time for Q&A, 1 Active speaker tables, group debate, panel discussions, roundtables. corporate case studies speakers are tasked 2 Practical with delivering premium business intelligence to tackle the key issues and arm you with insider information on recent projects & unique achievements. definitive assurance on managing security threats 3 Gain & preparing for the future. Ensure you have the latest knowledge on how to manage the threat of malware, data leakage risks, advanced targeted attacks and cloud security challenges. networking enjoy sponsored receptions & dinners 4 Dedicated with like-minded senior peers.

Shawn Henry, Former Executive Assistant Director, FBI & President, Crowdstrike Services

Suleyman Anil, Head, Cyber Defence Section, Emerging Security Challenges Division, NATO Global Heads of Security from UK, EU and US organisations share exclusive insights on recent projects and achievements:
Viktor Polic, Information Technology Security Officer, International Labour Organization (United Nations) & Adjunct Faculty, Webster University Geneva Avtar Sehmbi, Head of Information Security and Risk Management, Centrica Dr. John Meakin, Global Head of Security Solutions & Architecture, Deutsche Bank Simon Riggs, Senior Vice President, Information Security Officer, Global Information Security, Bank of America Merrill Lynch
One-to-One Meetings Sponsor

Session leaders include heads of information security and Chief Information Officers from:
American University of Sharjah, UAE Bank AlBilad Centrica CAIT Kuwait DU Dubai Bank Emaar Misr Emirates Investment Authority (UAE) Emirates Etisalat Gulf Air International Labour Organization (United Nations) Jumeirah Group  Khalifa University of Science Technology and Research (KUSTAR) National Bank of Abu Dhabi Maaden (Saudi Arabian Mining Company)  Mobily  Oman Data Park Saudi Aramco Saudi Hollandi Bank
Lunch Sponsor

Bronze Sponsor

The Global Leader In Audit and Information Security Training

www.mistieurope.com/cisome

5th ANNUAL

MIDDLE EAST

You are invited to participate in the programme that speaks directly to CIOs, CISOs, heads of information security, CTOs and senior technology risk executives in the Middle East. Now firmly established as the Middle Easts premier networking and thought leadership forum, MIS Training Institute is delighted to announce the 5th Annual CISO Middle East Summit & Roundtable (18th-20th February 2013), taking place in Dubai, the United Arab Emirates.
Mahmoud Yassin, Lead Systems & Security Eng. Data Center Group,, National Bank of Abu Dhabi Maitham Al-Lawati, Head -Governance, Risk & Compliance, Oman Data Park Majed Al-Shangiti, IT Director, Maaden Phosphate Company (MPC) Moataz Hassouna, Chief Information Officer, Emaar Misr Rashed Al Othman, Chief Information Officer, Information Technology Division, Bank AlBilad Roshan Daluwakgoda, Senior Director Strategy Planning, Risk Assessment & DR, DU (Emirates Integrated Telecommunications Company) Sameer Shaikh, IT Security Policies Manager, Emirates Sarith Bhavan, IT Security Manager, Jumeirah Group Taimur Ijlal, Head of Information Security, Dubai Bank Tareque Choudhury, Chief Security Officer MEA, British Telecom (BT) Walid Kamal, Senior Vice President, Technology Security & Risk Management, DU (Emirates Integrated Telecommunications Company) Zaki Alowini Director, Network and Information Security, Mobily Dr. Fadi Aloul, Associate Professor, Department of Computer Science & Engineering, American University of Sharjah, UAE

Summit & Roundtable

Dubai 2013 promises to provide the most relevant and thoughtful Summit yet, given recent emerging security trends and stories directly impacting the CISO profession. Examining tactical, operational and strategic challenges in: data leakage; privacy; insider threat, security governance; risk continuities; digital IP theft; mobile; encryption; cloud computing security issues; critical national infrastructure protection; countering the rise of cyber threats; network & application security and much more.

International Keynotes by:

Shawn Henry, Former Executive Assistant Director, FBI & President, Crowdstrike Services Suleyman Anil, Head, Cyber Defence Section, Emerging Security Challenges Division, NATO
Viktor Polic, Information Technology Security Officer, International Labour Organization (United Nations) & Adjunct Faculty, Webster University Geneva Avtar Sehmbi, Head of Information Security and Risk Management, Centrica Dr. John Meakin, Global Head of Security Solutions & Architecture, Deutsche Bank Simon Riggs, Senior Vice President, Information Security Officer, Global Information Security, Bank of America Merrill Lynch

Speaker PanelIncludes Information Security Directors& Cyber Experts from the region Including:
Ahmad Kamali, Senior Director, Business Continuity & Crisis Management, Etisalat Ali Al-Otaibi, Head of Information Security, Operations & Technology Group, Saudi Hollandi Bank Guru Periyasamy, Head IT Support Services, Emirates Eng. Hussain Alsafran, Unit Head, CERT, CAIT Kuwait Furqan Ahmed Hashmi, (PMP, CCIE, CISSP, TOGAF), Network and Security Architect, Emirates Investment Authority, UAE Dr. Jassim Haji, Director of IT, Gulf Air Jacob Kuriyan, Director, Information Technology, Khalifa University of Science Technology and Research (KUSTAR) Dr. John Meakin, Global Head of Security Solutions & Architecture, Deutsche Bank Kais Barakat, Senior Information Protection Analyst - Information Protection Management Division, Saudi Aramco

One-to-One Meetings Sponsor

Bronze Sponsor

HP is a leading provider of security and compliance solutions for modern enterprises that want to mitigate risk in their hybrid environments and defend against advanced threats. Based on market leading products from ArcSight, Fortify, and TippingPoint, the HP Security Intelligence and Risk Management (SIRM) Platform uniquely delivers the advanced correlation, application protection, and network defense technology to protect todays applications and IT infrastructures from sophisticated cyber threats.

BeyondTrust is the global leader in securing the perimeter within to mitigate internal threat and the misuse of privileges. With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Identity Management (PIM) solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the worlds 10 largest banks, seven of the worlds 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities.

Lunch Sponsor

Qualys, Inc. -is the leading provider of on demand IT security risk & compliance management solutions delivered as a service. Qualys Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate & continuous view of their security & compliance postures. The QualysGuard service is used today by more than 3,500 organizations in 85 countries, including 40 of the Fortune Global 100 & performs more than 200 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company. Qualys has established strategic agreements with leading managed service providers & consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, SecureWorks, Symantec, Tata Communications, TELUS & VeriSign.

Register Now at www.mistieurope.com/cisome Enquiries Tel: +44 (0)20 7779 8202

Day One: CISO Middle East Summit Monday 18 February 2013

9.00 9.25 Coffee and Registration Chairmans Opening Remarks 2.30  Executive

Opening 9.30 
Keynote

Keynote: Promoting a Safer Cyber Culture in the UAE

Relations & Communications - How Security can Convince and Influence Senior Management to Achieve Greater Buy-in Throughout the Business?

 ariq Al Hawi, Director, The United Arab Emirates Computer T Emergency Response Team, aeCERT (a TRA Initiative) invited

Keynote: 9.50 

 The cyber threat to our information networks is one of the most significant economic and national security threats we face, and it is increasing at an unprecedented rate. The hostile environment we operate in has rendered traditional security strategies obsolete. How can you best understand this threat, and make your networks more resilient? Shawn Henry, Former Executive Assistant Director, FBI & President, Crowdstrike Services

The Cyber Threat to Critical Infrastructure and How We Change the Security Paradigm

10.30 Keynote

Keynote: Cyber Defence and National Security

Suleyman Anil, Head, Cyber Defence Section, Emerging Security Challenges Division, NATO

  Practical ways to raise the profile of security: is reporting at board-level a pipedream, or a viable solution? Presentation tips to put forward your business case  Developing meaningful security and risk metrics to deliver a return on security investment Chaired by: Simon Riggs, Senior Vice President, Information Security Officer, Global Information Security, Bank of America Merrill Lynch Co-Facilitators: Rashed Al Othman, Chie f Information Officer, Information Technology Division, Bank AlBilad Sarith Bhavan, IT Security Manager, Jumeirah Group Roshan Daluwakgoda, Senior Director Strategy Planning, Risk Assessment & DR, DU (Emirates Integrated Telecommunications Company) Sameer Shaikh, IT Security Policies Manager, Emirates  Jacob Kuriyan, Director, Information Technology, Khalifa University of Science Technology and Research (KUSTAR) 3.20 3.50 Afternoon Coffee Break & Exhibition Deployment Roundtables benchmarking discussions led by experts & peers who will share proven experiences in these 2 topical areas requested by the audience. Attendees will be asked to select their preferred discussion. Key learning points will be shared back to the group.

Keynote
Keynote

10.50

Keynote: Risk and Security Metrics: Knowing Your Enemies and Knowing Yourself
Viktor Polic, Information Technology Security Officer, International Labour Organization (United Nations) & Adjunct Faculty, Webster University Geneva Coffee Break

11.20

Building 11.50 
Case Study

 Simon Riggs, Senior Vice President, Information Security Officer,

Cybersecurity Public and Private Partnerships

DeploymentRound Table DeploymentRound Table

Social media, mobile and smart devices and the cloud: How should security strategy differ when coping with these new technologies?
  Building a security awareness culture around social

Global Information Security, Bank of America Merrill Lynch

12.20  The

 Todays CIO needs to be more aware of the new and emerging security risks than ever before. What is the CIOs perspective of security? What keeps the CIO awake at night? How can we build pragmatic technology infrastructures within the business risk framework? Where does the CIO sit in relation to the CISO? How can security influence business strategy & drive performance? Managing the complex change agenda Panellists: Dr. Jassim Haji, Director of IT, Gulf Air  Majed Al-Shangiti, IT Director, Maaden Phosphate Company (MPC) Moataz Hassouna, Chief Information Officer, Emaar Misr  Rashed Al Othman, Chief Information Officer, Information Technology Division, Bank AlBilad

CIO Perspective of Security: Risk Management & Business Strategy

networking and mobile applications and services which access the cloud  Identifying the key challenges around employee education and awareness  Key risks and opportunities around deploying Bring Your Own Device in the enterprise  Benefits and risks of leveraging community developers for corporate application development Facilitators include:  Dr John Meakin, Global Head of Security Solutions & Architecture, Deutsche Bank Avtar Sehmbi, Head of Information Security and Risk Management, Centrica Dr. Fadi Aloul, Associate Professor, Department of Computer Science & Engineering, American University of Sharjah, UAE  Cloud Computing

Interview Panel

1.00 Networking Lunch 2.00

Special Case Study

in the Middle East: Key Strategy and Security Challenges

  Lessons learned: How to take positives from the crisis to help the business to move forward  Implementing a robust disaster recovery plan to prevent future issues from occurring  Kais Barakat, Senior Information Protection Analyst -Information Protection Management Division, Saudi Aramco

What does it take to recover from an Information Security Crisis?

 Assessing public, private and hybrid clouds and their suitability as a regional cloud solution  Defining the cloud- some aspects of cloud computing are well-documented, but how many Middle East companies are actually using the cloud?  Key GCC legal and regulatory issues- data centre location Facilitators Include: Simon Riggs, Senior Vice President, Information Security Officer, Global Information Security, Bank of America Merrill Lynch Eng. Hussain Alsafran, Unit Head, CERT, CAIT Kuwait Moataz Hassouna, Chief Information Officer, Emaar Misr Maitham Al-Lawati, Head -Governance, Risk & Compliance, Oman Data Park Close of Day One

4.40

Register Now at www.mistieurope.com/cisome Enquiries Tel: +44 (0)20 7779 8202

Day Two: CISO Middle East Summit Tuesday 19 February 2013

8.45 8.55
Case Study

Coffee and Re-registration Chairs welcome back and summary of Day 1

9.00 Data Loss Prevention  Dr John Meakin, Global Head of Security Solutions & Architecture, Deutsche Bank 9.30
Case Study

 Integrating cyber security intelligence into risk and security incident management Facilitators include: Roshan Daluwakgoda, Senior Director Strategy Planning, Risk Assessment & DR, DU (Emirates Integrated Telecommunications Company) Taimur Ijlal, Head of Information Security, Dubai Bank

9.50
Case Study

10.10

The key challenges of training and skill-set generation  Next steps for more experienced security professionals - How to find a well-rounded team member when hiring staff - How to develop and retain your security team Panellists: Dr John Meakin, Global Head of Security Solutions & Architecture, Deutsche Bank Tareque Choudhury, Chief Securit Officer MEA, British Telecom (BT) Advise MEA

Recruiting, managing and retaining an effective information security team

Panel

Case Study

Driving strategic change while leading a highly motivated information security function
Key case study from the information security head of a leading FTSE 100, multi-national utility company, headquartered in the UK. Avtar Sehmbi, Head of Information Security and Risk Management, Centrica

Case Study

Zaki Alowini, Director, Network and Information Security Mobily

Mobily Approach to Information Security Risk Management

12.00 Lunch 1.00

Improving the Effectiveness of Security Controls

Furqan Ahmed Hashmi, (PMP, CCIE, CISSP, TOGAF), Network and Security Architect, Emirates Investment Authority, UAE

1.20

  How the application security game has changed. New threat agents and new vulnerabilities  Malware vs Insecure Applications. How malware is now application aware and self-sufficient  Why you need to update your Risk Management Model. Technical and Management controls to combat the new threats  Taimur Ijlal, Head of Information Security, Dubai Bank 1.40

The evolving application security model

Panel
Case Study

 D  efining the CIO/CISO role in the absence of co-ordinated governance and regulation across the GCC region

10.30 11.00
Case Study

Morning Coffee Break & Exhibition

 ow Oman Data Park provides data backup H and secure cloud hosting services to government, banking and oil and gas sector clients in the domestic and regional markets
Maitham Al-Lawati, Head -Governance, Risk & Compliance, Oman Data Park

2.30

 Comparing and understanding the differences in policy and legislation across emirates and countries in the region  Assessing the top 5 security implementations in the last year  Strategies for improving the level of information security expertise in the GCC- developing security awareness campaigns, security committees and management orientation programmes Panellists: Walid Kamal, Senior Vice President, Technology Security & Risk Management, DU (Emirates Integrated Telecommunications Company) Sameer Shaikh, IT Security Policies Manager, Emirates Afternoon Coffee Break & Sponsors prize draw (Must be present to win!)

11.20

Deployment Roundtables benchmarking discussions led by experts & peers who will share proven experiences in these 2 topical areas requested by the audience. Attendees will be asked to select their preferred discussion. Key learning points will be shared back to the group.

 

Preparing for Targeted malware in the Middle East

DeploymentRound Table
 What are the real drivers behind the GCC region being targeted? What is just hype? Practical actions which can be taken to safeguard against this- how should your strategy differ when dealing with malware threats?  Building and establishing an effective security incident programme Facilitators include:  Tareque Choudhury, Chief Security Officer MEA, British Telecom (BT) Taimur Ijlal, Head of Information Security, Dubai Bank Majed Al-Shangiti, IT Director, Maaden Phosphate Company (MPC) Avtar Sehmbi, Head of Information Security and Risk Management, Centrica  

Hacktivism 3.00  Tareque Choudhury, Chief Security Officer MEA, British Telecom (BT)
3.20  Developing
Case Study Case Study

effective identity and access management in your organisation

 To what extent do organisations embrace identity management? is it wishful thinking or really effective?  The importance of pilots and testing to highlight identityrelated policy issues that must be ironed out before such a system could be implemented companywide.  Assessing the influence of cloud products on identity and access management- can IT maintain the necessary control over applications hosted in the cloud? Guru Periyasamy, Head IT Support Services, Emirates

3.40  Advanced

persistence threats attack anatomy and SOC detection

Mahmoud Yassin, Lead Systems & Security Eng. Data Center Group, National Bank of Abu Dhabi  Chairs Summary and close of Summit

Advanced Business Continuity planning in the Middle East

In the light of recent cyber attacks on Middle Eastern companies, what measure should security and business continuity professionals be taking to ensure your company can minimize disruption to business activities?  Assessing the impact of the new ISO 22301 standards

4.00

Register Now at www.mistieurope.com/cisome Enquiries Tel: +44 (0)20 7779 8202

Day Three: CISO Roundtable Middle East Wednesday 20 February 2013

 eld under the Chatham House Rule - a progressive H & open benchmarking forum on topics requested in advance directly by you the attendee. Draft items are listed below.

10.30

Facilitators include:  Shawn Henry, Former Executive Assistant Director, FBI & President, Crowdstrike Services  Simon Riggs, Senior Vice President, Information Security Officer, Global Information Security, Bank of America Merrill Lynch  Suleyman Anil, Head, Cyber Defence Section, Emerging Security Challenges Division, NATO  Dr John Meakin, Global Head of Security Solutions & Architecture, Deutsche Bank  Kais Barakat, Senior Information Protection Analyst Information Technology, Saudi Aramco  Avtar Sehmbi, Head of Information Security and Risk Management, Centrica  Viktor Polic, Information Technology Security Officer, International Labour Organization (United Nations) & Adjunct Faculty, Webster University Geneva 9.30 9.40 Chairmans Opening & Introductions

 Delegates will assume various roles in this interactive discussion of how to deal with a major cyber attack.  Participants take on the role of various parts of the organisation and discuss how best to prepare for and tackle the crisis; management, investor relations, press & media, information security, etc  How to develop a resilient business continuity plan and a durable workforce  Gaining greater management buy-what do executive management wish to see in order to approve funding for a security initiative and how do you show value? 11.10 11:30 Coffee Break

Session 2  Preparing for and Dealing with a Large Cyber Attack

12.20

Session 3 Information Risk Management

Led By: Viktor Polic, Information Technology SecurityOfficer International Labour Organization (UnitedNations) & Adjunct Faculty, Webster University Geneva

 Large or complex malware is always thought to be statesponsored, but this is not always the case. The media has created much Fear, Uncertainty & Doubt (FUD) around malware. This session focuses on de-FUD-ing the hype around targeted malware and hacktivists and provides a guide to dealing with the real issues.  Whats really changed and whats still the same?  Who are the new actors? e.g. well-funded criminal organisations  How must security strategy differ when coping with these threats?  Interpreting what the journalists say- Dealing with media hype around cyber threats

Session 1  Dealing with the Growing Threat of Targeted Regional Malware in the Middle East

12:50 13.00

Session 4 Data Loss Prevention

General Questions from Delegates Lunch and Close

Register Now at www.mistieurope.com/cisome Enquiries Tel: +44 (0)20 7779 8202

Web: www.mistieurope.com/cisome
MIDDLE EAST

Tel: +44 (0)20 7779 8202

18th-20th February 2013 Fairmont The Palm Dubai

Your Registration Code

IS130401-W
To register visit: www.mistieurope.com/cisome For enquiries, call: +44 (0)20 7779 8202
Special Residential Rate!
Special CISO Rate *
Vendor/Advisory Rate:

Price
1,500
2,195

Venue and Accommodation

The 5th CISO Middle East Summit & Roundtable will take place at: Fairmont The Palm, Dubai, P.O. Box 72413, Dubai, UAE Tel: + 971 4 457 3388 www.fairmont.com/palm-dubai/ Fairmont The Palm is located on the worlds largest manmade island shaped in the form of a palm tree. This beachside hotel showcases unrivalled views of the Arabian Gulf. At Fairmont The Palm, experience the true spirit of generosity at the vibrant heart of the Palm Jumeirah.

Included in the Fee:

 Entry Fee  Up to 22 CPE Points & Certificates  Official Materials  Web-link to Updated Materials Post-Event  All Lunches & Daily Refreshments  Networking Receptions & Dinners (details & number of functions to be confirmed)
* Please note the following terms & conditions apply to the above CISO rate:

Accommodation Reservations

Guests will be able to make their bookings on a first come first served basis at the conference rates: AED 1250.00 per single room, per night, and AED 1350 per double, per night. Room rates are inclusive of buffet breakfast, 10% municipality fee and 10% service charge. (All fee structures & percentages are subject to change without notice).  o reserve your room, please email lmccrave@ T mistieurope.com quoting CISO Middle East.  elegates are responsible for the arrangement and D payment of their own accommodation in Dubai, MIS Training Institute cannot guarantee availability or specific rates.

 CISO must demonstrate that they are currently practising as CISO, head of information security, or in a senior information risk or corporate security role (& not in a sales or marketing related role.)  The Guest must not be working for an organisation (or subsidiary, or independent consultant) that provides professional security product, vendor or recruitment services, software development, outsourcing, ICT or consultancy / advisory services to security or technology professionals.  The rate applies to registrations for the CISO Middle East Summit & Roundtable (3 days) & fully paid registrations.  The final decision on the rate applicable is at the discretion of MIS Training Institute.

Cancellation Policy:
Cancellation or transfer requests must be made in writing (letter or fax) and reach the MIS Training office 30 days before the conference commencement date. A full refund less a 100 administration fee will be given. Delegates who cancel less than 30 days before the conference commencement date, or who do not attend, are liable to pay the full fee and no refunds will granted. If you wish to transfer to a different conference within a six month period, you will be invoiced a 25% additional charge to transfer your registration and any difference in conference prices. You will not incur any additional charges if you wish to send a replacement delegate and your registration meets the above terms. Marketing choices: If you object to contact by telephone , fax , or email , or post , please tick the relevant box and return to K Bevan, MIS Training, Nestor House, Playhouse Yard, London EC4V 5EX. If you do not want us to share your information with other companies (including the sponsors) please tick this box .

Register Now at www.mistieurope.com/cisome Enquiries Tel: +44 (0)20 7779 8202