International Cyber Risk Management Conference

ICRMC™3rd Annual

2017 International Cyber Risk Management Conference

March 2-3, 2017Allstream Centre - Toronto, ON

www.icrmc.com

Because cyBer risk is everyone’s BusinessTM

Cyber Security: Closing the Gaps

Thank you to our Sponsors

Platinum Sponsors

Gold Sponsors

Silver Sponsors General & Media Sponsors

Interested in Sponsorship?

Take advantage of this opportunity to reach your target audience at the premier event for cyber risk management. ICRMC sponsorships are a unique opportunity for you to gain exposure to influencers and thought leaders.For more information about becoming a sponsor, please contact laura.viau@icrmc.com

©2016-2017 by the International Cyber Risk Management Conference, a division of MSA Research Inc.

Supporting Sponsors

Canada’s Association of Information Technology (IT) Professionals.

33

Is Cyber Risk Part of Your Business Reality?

3

Close the Gaps on Cyber RiskDon’t miss the year’s most important cyber security event.

In today’s rapidly evolving technological landscape, business cyber risk is a serious problem, with new threats emerging almost daily. Staying on top of those risks means being vigilant, and remaining aware of the latest trends and solutions. The International Cyber Risk Management Conference (ICRMC) aims to give organizations the forum they need to share experiences, learn from expert advice and get the answers they require – to help them prepare for and mitigate cyber risk.

Now in its third year, ICRMC has earned a reputation as one of the world’s most trusted cyber security events. Attracting cyber risk professionals from across Canada, the U.S. and the globe, representatives come from business, academia, law enforcement, banking and more. Attendees share one thing in common: they see a potential for cyber threat and want to protect their organizations data by facing that possibility head on.

• Corporate Risk Managers

• CISO’s, CTO’s, CSO’s, CIO’s, CRO’s

• Internal Audit

• Board Risk/Audit/Governance Committee Members

• Corporate Technology Risk and Security Professionals

• Insurance Brokers, Insurers, MGA’s and MGU’s

• Claims Professionals

• Regulators and Government

• Law Enforcement

• Legal Counsel

• Audit/Risk and Actuarial Consultants

• Academics and Researchers

The International Cyber Risk Management Conference (ICRMC) was designed to explore the latest approaches to cyber risk, offering real-world understanding and expert advice. It’s for everyone who faces cyber risk in their organization – not just IT professionals. Whether you’re involved in governance, mitigation, risk transfer and/or post-event response, it’s the place for you. Past attendees have included:

Why Should You Attend?

If preparing for cyber risk is part of your business, and securing your data a priority, ICRMC is the place to be.

Talk to others facing the same threats, and learn from top experts in the field, with:

Open discussions on today’s most pressing risks

ICRMC speakers will change the way you think about cyber risk

Opportunities for networking and idea sharing

Solution-oriented panels designed to drive change

The most current news on tools, products and technology

4

AGENDA

9:00 - 10:00 The Year in Review: Lessons Learned

Charles CarmakalVice President, Mandiant

Scott JonesAssistant Deputy Minister, Communications Security Establishment

Ben CottonPresident & CEO, CyFIR

A world in flux, where multiple threats affecting almost every corner of the globe, and involving almost all types of risks continued unabated in 2016. Profound and disturbing events, be it shocking moments of extremist violence, the increasing effects of climate change, sabre-rattling on far Pacific shoals, Russian belligerence over the Baltics and Eastern Europe, the EU under continuous strain, from dismemberment to economic stagnation, or the US election, it is a world under stress.

Despite this long list of either imagined or existential peril, one threat vector consistently grabs global headlines - security breaches of data leading to consequentially negative impacts on privacy, along with the frequent loss of assets, both financial and intellectual.

So what were some of the most impactful incidents over the past year? Why are they distinct, whom have they affected most, but equally important, what does it tell us in regards to both the threat and about those who purvey them?

Other inquiries to be pursued in this opening session include:

Are there signs of improvement in organizational defences? Who is truly winning the battle for cyber security in this second decade of the 21st Century? What types of attacks have been most harmful to organizations and institutions? What precipitated or facilitated the success or failures?

But finally, and a primary issue for this discussion, what are the lessons to be learned from the history and context of the past year?

Join this opening, plenary session that will set the stage for an exciting agenda of learning, exchange of ideas, dialogue and one-of-a-kind knowledge development experience in the realm of cyber risk management.

10:00 - 10:25 Networking Break sponsored by PwC

7:30 - 8:45 Registration opens; Breakfast sponsored by Lloyd's

8:45 - 9:00 Welcome & Acknowledgements and Intro Address

Joel BakerPresident & CEO,MSA Research Inc.

ICRMC Emcee Adam SegalDirector of Cyberspace and Digital Policy Program at Council on Foreign Relations

Thursday, March 2

Moderator: Ray BoisvertProvincial Security Advisor, Associate Deputy Minister, Ministry of Community Safety and Correctional Services

5

AGENDA

How much is an organization willing to invest in cyber security, to ensure a breach doesn’t happen now or in the future? The answer depends on who it is you ask – whether it’s the organization’s board or management. Each has a different risk appetite, and the funding provided to protect, detect and respond to cyber threats and events depends on where those appetites reside.

This investment gap represents a fundamental challenge for almost all organizations today, as they juggle with the challenges of building defenses against cyber risk while dealing with limiting funding constraints. Join this session to discuss what you need versus what you

get, and the reasons for the difference – and find out practical approaches to address this ongoing dilemma.

10:30 - 11:30 The Investment Gap (What You Need vs. What You Get)

Moderator: Richard Wilson

Partner, Cybersecurity & Privacy Consulting Leader,

PwC

Vivek KhindriaDirector Information

Security,Bell

Moderator: José Fernandez

Associate Professor,École Polytechnique

de Montréal

Benoit DupontScientific Director,

Smart Cybersecurity Network (SERENE)

To assess an organization’s cyber risks and make the right decisions at all levels of business, each stakeholder – from system administrators and risk managers to top-level decision makers – needs the right knowledge. Without it, they’ll be unable to identify the threats specific to them, and costly wrong decisions can result.

While these stakeholders play key roles as first responders, they’re often left blind. In this session, a panel of experts will examine the gaps in knowledge that prevent individuals from making optimal decisions when faced with cyber threats.

• What gaps do system managers and risk managers face when identifying and evaluating the effectiveness of technical and procedural risk mitigation strategies?

• What gaps do users encounter when facing situations that could lead to a compromise in the systems they use and the information contained within?

The session will also look at real-world solutions, examining ways in which organizations can address these knowledge gaps.

11:30 - 12:30 The Knowledge Gap (Internal Training/Awareness, including Communication)

Benoit GagnonDirector Cybersurveillance and Information Security,

Canadian Corps of Commissionaires SALTA

Thursday, March 2

Luis CanepariVice President, IT

Goldcorp Inc.

Craig GauthierFounder & President,

Strategy Line Inc.

6

AGENDA

ICRMC is pleased to announce Tom Ridge, former Governor of Pennsylvania, as one of the 2017 keynote speakers. As the first U.S. Secretary of Homeland Security, Ridge helped develop a national strategy to prevent terrorist attacks against the United States.

He now focuses on cyber threats, overseeing Ridge Global and helping companies prepare for and mitigate cyber risk. In 2016, he partnered with the Honourable David Peterson, former Premier of Ontario, to form Ridge Canada Cyber Solutions.

12:30 - 2:00 Lunch and Presentation sponsored by Ridge Canada Cyber Solutions

Keynote Speaker: Tom Ridge First U.S. Secretary of Homeland Security and 43rd Governor of Pennsylvania, Chairman of Ridge Global

2:00 - 3:00 The Governance Gap: Going Behind the Scenes

David BruyeaSVP & CISO, CIBC Technology

Brian O’DonnellExecutive in Residence, Global Risk Institute

Susan Wolburgh JenahCorporate Director

Cyber security governance has emerged as a hot topic for a range of stakeholders, including boards of directors, executive management, shareholders, customers and regulators. In a fast-moving world where competition for digital presence, speed to market and agile development is an everyday reality – all part of an ever-evolving technological landscape – these individuals, and the organizations they represent, are grappling with the appropriate balance and tone of governance and oversight. A resulting governance gap is rapidly developing.

Exploring a framework for governance, this session will look at effective means of addressing this gap in the dynamic cyber security landscape.

3:00 - 3:25 Networking Break sponsored by CyberScout

Moderator: Adel MelekGlobal Vice ChairmanRisk Advisory,Deloitte

3:30 - 4:30

Thursday, March 2

7

AGENDA

Organizations of all sizes are rethinking how best to allocate their time, resources and budgets in order to improve cyber threat visibility. Detecting the source of cyber threats has become one of the primary challenges organizations face today – a challenge that continues before, during and after an attack.

• What roles do insurers, government agencies, private sector organizations and service providers play in improving threat detection?

• How can organizations best leverage technological investments in network visibility and analytics?

What can innovation, new hiring strategies, employee education, partnerships and intelligence sharing do to help close this gap?

This panel will examine the detection gap and review different methods organizations are using to address it.

3:30 - 4:30 The Detection GapModerator:

Ray BoisvertProvincial Security Advisor, Associate Deputy Minister,

Ministry of Community Safety and Correctional Services

Jonathan RaymondNational Lead, Canada,

Cisco Global SecuritySales Organization

Bob GordonExecutive Director,

Canadian CyberThreat Exchange (CCTX)

Robert MassePartner, Cyber Risk Services,

Deloitte

Cocktail Reception sponsored by Zurich 4:30 - 5:30

Thursday, March 2

8

AGENDA Friday, March 3

8:30 - 9:45 The Insurance Gap

As we enter the 4th Industrial Revolution, the pace of technological change continues to accelerate leaving the insurance industry to catch up. As a result, there exists market volatility and gaps in relation to underwriting, coverage, and claims.

As the insurance market continues to evolve, we must mind the gaps in order to design an effective and holistic insurance risk management program.

The goal of this session is to provide useful and practical information on how to close some of the coverage and claims gaps, better understand the interconnectedness of various lines of insurance coverage, and help you navigate potential gaps when dealing with a claim.

Jacqueline DetablanVP, Professional Liability,AIG Canada

Matthew DaviesAVP, Professional,Media and Cyber LiabilityProduct Manager,Chubb Insurance Company of Canada

Moderator: Greg EskinsSVP and National Cyber Practice Leader,Marsh Canada Ltd.

7:30 - 8:30 Breakfast sponsored by Darktrace

Brian RosenbaumSVP, National Cyber and Privacy Practice Leader,Aon Canada Inc.

10:30 - 10:55

Scott KannryCEO,Axio Global

Darin McMullenSVP, E&O/Cyber Product Leader,Aon Risk Solutions

9

AGENDA

Peter TranSenior Director - Advanced

Cyber Defense Practice, RSA

Shane ShookCyber-Crime and

InfoSec Consultant

Shawna CoxonInspector,

Strategy Management,Toronto Police Service

Moderator: Alexander RauSenior Manager,

Consulting Services,Mandiant

Friday, March 3

So it’s late Friday afternoon. Most of the organizational staff have left the building, and a few senior executives are getting ready to close up for a long weekend that is almost within reach. Despite earlier struggles to rebalance the firm’s financials, the company’s last quarter exceeded market expectations. Then, as you leave the building, an automated text message from the server holding the most sensitive corporate data, such as financials and personnel records, spells out the following: “system shutting down due to unknown error”. Within minutes, the firm’s COO, who was busily reviewing her spreadsheets in order to craft a message to shareholders on the positive news finds a message on her screen saying “Game over… pay or lose it all”. A ransomware moment, that you thought could only happen to somebody else, is now your most unimaginable nightmare. Fingers freeze on the firm’s executive team’s collective keyboard.

What do you do? Whom do you call? Where do you go?

Like a person suddenly befallen by a serious medical event, such as a stroke, what is the first thing that must be done to avoid serious, critical and long-term damage?

Do you have a plan to deal with such a consequential organizational moment? How should the plan be invoked, who leads the incident, who else enjoins, what will be the first and last move to restore the organization’s operations? And, what is to be done to start rebuilding the trust placed in serious jeopardy by this difficult, but not hard to anticipate, event?

Join a panel of subject matter experts who will delve into the core element and critical steps for a successful outcome.

9:45 - 10:30 The Response Gap (Planning & Execution)

Networking Break sponsored by Symantec 10:30 - 10:55

10

AGENDA

Peter SlolyExecutive Director, Deloitte and Former Deputy Chief, Toronto Police

Kevvie FowlerPartner, AdvisoryServices Forensic,KPMG LLP

Corinne CharetteChief Digital Officer, Department of Innovation, Science & Economic Development Canada and Senior Assistant Deputy Minister, Spectrum, Information Technologies and Telecommunications

Risk management means forecasting threats, assessing the likelihood and gravity of an occurrence, and developing mitigation measures to meet those needs. To create solutions that work, those risks must be assessed and categorized, and a lens must be turned to where future breaches may fall.

In the arena of cyber security, that starts with a look at the bigger picture, and the technological, criminal and regulatory trends expected to impact the cyber security environment in the near future. And it means determining the best ways to mitigate those risks.

• What types of cyber attacks should you watch out for?

• What kind of technology should you be ready for?

• What in the way of government regulation should you expect?

Gathering some of the foremost experts in the field, this session will look at practical mitigation strategies and real-life solutions, examining the direction companies and organizations should take to protect themselves from cyber risk.

Moderator: Chantal BernierCounsel Global Privacy andCybersecurity Group,Dentons Canada LLP

11:00 - 12:00 Preparing for the Challenges Ahead

12:00 - 1:30 Lunch and Presentation sponsored by AIG

1:30 Conference Wrap Up

Friday, March 3

Confronting the State-Sponsored Cyber Menace

Keynote Speaker: Richard FaddenCanada’s former Director of CSIS, Deputy Minister of National Defense and National Security Advisor to the Prime Minister

Conference AV sponsored by CyberNB

Conference WiFi sponsored by OutsideIQ

Register Online www.icrmc.com

Registration fees include access to all sessions, breakfasts, lunches and the cocktail reception.

ICRMC Mobile App sponsored by RiskRecon

The ICRMC app is useful before and during the conference, and can be accessed via mobile, desktop or tablet.

• View full list of attending delegates

• Message other delegates

• View the agenda

• Learn more about sessions, speakers, and our generous sponsors

ICRMC Fast Facts

Entry to all business sessions and social functions are restricted to registered attendees.

Registration desk opens on Thursday, March 2nd at 7:30am.

Conference officially concludes at 1:30pm on Friday, March 3rd.

Accommodation is not included in registration fee.

Attire: Business

Download the app: http://eventmobi.com/icrmc

Registration: (all prices are in Canadian dollars, plus applicable taxes)

Conference fee

Individual Delegates C$1,395 ea.

Three or more delegates* C$1,295 ea.

Academic discount available. Please contact kim.mccallum@icrmc.com for more information.

*Group discount not applicable in conjunction with other discounts

Cancellation Policy:

Cancellation fee of C$125 + HST applies per delegate, no refunds after January 31, 2017. Substitutions allowed at any time.

Save $100 per delegate by registering three or more

Questions? Please contact Kim McCallum at (416) 368-0777 x29 or kim.mccallum@icrmc.com

Visit www.icrmc.com for more details

Here’s what attendees said about past events

11

“Excellent conference!”

“Great speakers, engaging content. Speakers made it interesting and relatable.”

“Loved the reinforcement of key concepts and needs by multiple stakeholders.”

“It was risk management focused and had very high quality presenters.”

“Enjoyed hearing from leaders in the cyber security field.”

“This was my first time and I was extremely impressed. I found that it went smoothly, the presenters were knowledgeable and the content was amazing.”

Would you recommend the ICRMC to others?

RIBO Accreditation: 8 hours Management and 2 hours Technical

Joel BakerPresident & CEO, MSA Research Inc.

Chantal BernierCounsel Global Privacy & Cybersecurity Group, Dentons Canada

Ray Boisvert CEO, I-SEC Integrated Strategies and former Assistant Director, Intelligence, Canadian Security Intelligence Service (CSIS)

Gregory EskinsSVP and National Cyber Practice Leader, Marsh Canada Ltd.

José FernandezAssociate Professor, École Polytechnique de Montréal

Scott KannryCEO, Axio Global

Marcus LeCuyerArea Vice President, RSA Security

Greg MarkellPresident & CEO, Ridge Canada Cyber Solutions Inc.

Adel MelekGlobal Vice Chairman Risk Advisory, Deloitte

Alexander RauSenior Manager, Consulting Services, Mandiant

Jonathan RaymondNational Lead, Canada, Cisco Global Security Sales Organization

Brian RosenbaumSVP, National Cyber & Privacy Practice Leader, Aon Canada Inc.

Richard WilsonPartner, Cybersecurity & Privacy Consulting Leader, PwC

ICRMC 2017 Advisory Committee

Register Online - www.icrmc.com

2017 Keynote Speakers

Richard FaddenCanada’s former Director of CSIS,

Deputy Minister of National Defense and National Security Advisor to the Prime Minister

Tom RidgeFirst U.S. Secretary of Homeland Security,

43rd Governor of Pennsylvania and Chairman of Ridge Global

Connect with us on Twitter: @ICRMConf Follow the hashtag: #ICRMC2017

Don’t wait until March. Join the conversation now!

Check out our blog for the latest updates and cyber related news: http://blog.icrmc.com