The 2008 NISC agenda features a range of technical
breakout sessions and a
panel session on day one, followed by the main conference presentations
on days two and three.
We are delighted
to have the following speakers confirmed, please click the speaker name
for detailed information.
John
Finch, Information Security Manager, Plymouth City Council
Superintendent Brett
Lovegrove, Head of Counter Terrorism, City of London Police
Bryan Littlefair, Chief Information
Security Officer, Vodafone
Phil Cracknell, Security Advisor,
PGP
Keith Foggon, Head of Digital Forensics,
Serious Fraud Office (SFO)
Owen Sayers, Security Consultant,
Cap Gemini
Colin Williams, Director, Software
Box
Iain Sutherland, Information
Security Research Group, University of Glamorgan
Mark Brett, Activity Manager, SOCITM''s
Performance Management Group and SOCITM Learning Manager
Alan Grisedale, Partner, Robert
Muckle LLP
Harvey Mattinson, CESG and Strategy
Consultant
Sadie Creese, Director of e-Security,
Warwick University
Dave Bryant, Child Exploitation &
Online Protection centre (CEOP)
Martin Leven, Director of Technology,
Essentia
Professor Richard Walton, Visiting
Professor, Royal Holloway
Vernon
Poole, Business Consultant, Sapphire
Alan Moffat, Head of ICT, Strathclyde
Fire and Rescue Service
Frank
Nesbitt, Forensic Service Manager, Tait Walker
Lord Erroll (Merlin)
Alastair
Irons, Educational Consultant
Ian
Bryant, Information Assurance Advisor, UK National Archives
Brian Barbour, Chief Information
Security Officer, Standard Life Plc
Mike Humphrey, Head of Information
Assurance and Accreditation, SOCA
John
Strange, Deputy Director, SOCA
Dr. Ian Levy, Technical Director, CESG
Bill Orme, Security Business Manager, Microsoft
 |
Name: Keith Foggon
Company: Serious Fraud Office
Presentation Title: The Forensic Approach to Complex Fraud |
| |
Synopsis: This session
will discuss the technical and procedural forensic issues that
occur when dealing with large and complex fraud. Keith will explain
the SFOs approach to handling Electronic Evidence and how the
Unit copes with the massive quantities of data encountered when
analysing material from multinational evidence sources.
Biography: Keith leads of one of the largest and prestigious
Computer Forensic units in the UK delivering digital forensic
investigation and analysis services to facilitate the investigation
of large, complex and multinational fraud. The Serious Fraud Office
(SFO) was established by the Criminal Justice Act 1987 and is
part of the Criminal Justice System. Under that Act its role is
to investigate and prosecute cases of serious or complex fraud
in England, Wales and Northern Ireland and contribute to deterring
such fraud.
Back
to Top
|
 |
Name: Owen Sayers
Company: Cap Gemini
Presentation Title: “Communities of Interest”
– mapping trust across public sector – experiences from
Criminal Justice |
| |
Synopsis: Federated ID
and trust is de rigueur – but how do you identify whom you
can trust and to what extent when building a Federated model?
A short intro to the CJIT model for Domains of Control and Communities
of Interest
Biography: An experienced Security Practitioner accredited
to supply Compusec advice and consultancy to HM Government departments
and organisations through the CESG CLAS scheme, with a background
of infrastructure design and solutions architecture. Owen has
an eclectic skill set, encompassing large scale LAN and WAN design,
disaster recovery and business continuity, eCommerce analysis
and design, Physical and Information security, and messaging systems
of multiple flavours.
Back
to Top
|
 |
Name: Mark Brett
Company: The
Society of Information Technology Management (SOCITM)
Presentation Title: What are the governance issues around
Shared Services? Do you want to be the weakest link? |
| |
Synopsis: The Shared Services
agenda, partnership working and simple outsourcing all require
different organisations to share information and resources. This
session will explore the softer non-technical governance, HR and
risk issues. We will explore some of the approaches and offer
some guidance on where to start.
Biography: Mark Brett is the Society of Information Technologies
(Socitm) lead officer for information management. Mark has 24
year experience of Local government, in IT, Housing and Emergency
Planning. Mark has worked at both the local and regional level,
having been instrumental in establishing Local Government WARPs
in the UK. Mark is currently working on the Local Government delivery
approach to the National IA Strategy.
Back
to Top
|
 |
Name: Iain Sutherland
Company: Information
Security Research Group, University of Glamorgan
Presentation Title: Security Risks: Data Disposal |
| |
Synopsis: This presentation
explores some of the issues surrounding the security of corporate
data that is stored in information systems which have reached
the end of their life-cycle. It summarises results of some recent
research into data disposal practices. It highlights the potential
risk of data being recovered by a third party and the resulting
implications on information security practices.
Biography: Dr. Iain Sutherland is a Senior Lecturer in
the Faculty of Advanced Technology at the University of Glamorgan.
He has been involved in a variety of research projects in the
area of information security including secure XML transactions,
reverse engineering metrics and residual data recovery. Dr. Sutherland’s
main field of interest is computer forensics. He currently maintains
Glamorgan University’s Forensics Computing Laboratory, which
handles cases for a number of organisations. He has acted as a
consultant and Expert Witness on civil and criminal cases.
Back
to Top
|
 |
Name: Colin Williams
Company: Softbox
Presentation Title: Redefining The Relationship Between
Business And Information Assurance |
| |
Synopsis: IT is now pervasive
across every sphere of human activity. We are reaching the point
where it is impossible to conceive of a modern economy functioning
without ubiquitous computing. And yet the vast potential of our
IT capability remains unfulfilled. If this potential is to be realised
then it is essential that we attain the provision of pragmatic,
appropriate and cost effective IA. Likewise it is essential that
we redefine the relationship between business and IA.
This session will explore emerging issues around the balance
between IA risk and business risk and it will discuss the dynamics
of risk management decision making in a business context. It will
then offer a view of what can be done to move towards a situation
in which IA actually does decode a business enabler.
Biography: Colin Williams joined SBL in 1994.
Initially, in the capacity of MoD contract manager. In a now distant
previous life, he was Head of History and Senior House Master
at a residential school in the north of England. Shortly after
joining SBL, Colin initiated and led the creation of the specialist
IT Security Group within SBL. SBL are now the market leaders in
the specialist provision of vendor independent IA products, services
and solutions to the UK HMG and the wider public sector.
Back
to Top
|
 |
Name: Alan Grisedale
Company: Robert
Muckle LLP
Presentation Title: Privacy or Business Protection –
Legal Aspects of Employee Monitoring |
| |
Synopsis: Stop and search,
CCTV, telephone recording, email, internet and GPS tracking ….
no, not Orwell’s 1984 but today’s reality. These are
just some of the methods of employee monitoring currently being
used by organisations. But what is the legal position?
Alan Grisedale of law firm Muckle LLP will highlight and explain
the legislative framework in this area and consider whether such
monitoring amounts to intrusion or a valid approach to business
protection.
Biography: Alan is a partner, and head of the
public sector services team at commercial law firm Muckle LLP.
Alan has been advising on ICT law issues for over 10 years, assisting
clients from both the public and private sector with their arrangements,
including system and service outsourcing, information management
and security, data protection and Freedom of Information.
Back
to Top
|
 |
Name: Brett Lovegrove
Company: City
of London Police
Presentation Title: Protecting the UK's Financial Critical
National Infrastructure |
| |
Synopsis: The City of London
dominates the global financial marketplace. It has all the elements
that would tempt international and domestic terrorists to attack
it as the UK's financial centre. Indeed, over the years it has been
attacked many times by Irish Republican terrorists. This session
reveals the lessons identified by the City of London police and
highlights the criticality of partnerships in the fight against
this threat Biography: Brett transferred to
the City of London over four years ago and he is the Head of Counter
Terrorism, and that includes the CT Section, Emergency Planning
and Business Continuity, CBRN, Police Search Advisors and Architectural
Liaison. His units undertake both overt and covert operations
that are wholly intended to protect the City from terrorist attack.
He is a member of two CT technology working groups for the Home
Office Scientific Development Board.
Back
to Top
|
 |
Name: Bryan Littlefair
Company: Vodafone
Presentation Title: Recent and Future Trends of the information
Security Space |
| |
Synopsis: Bryan will outline
what he and his team feel is the future for information security,
has the landscape change over recent years, and what will it evolve
into. How are information security professionals going to have to
adapt to face these new threats.
Biography: To be confirmed.
Back
to Top
|
 |
Name: Alan Moffat
Company: Strathclyde
Fire and Rescue
Chairman: Head of ICT for the Strathclyde Fire and Rescue
Service and Chairman of the Scottish Information Assurance Forum
(SIAF) |
| |
Biography: Alan Moffat is
the Head of ICT for the Strathclyde Fire and Rescue Service. Alan
was previously the Technical Design and Security Manager for Strathclyde
Police, involved in the design and implementation of national infrastructures
for both criminal justice and national security purposes. Alan is
the Chairman of the Scottish Information Assurance Forum (SIAF),
a group of information security specialist from within public sector
organisations of Scotland, dedicated to improving Information Assurance
between agencies and their partners.
Back
to Top
|
 |
Name: Frank Nesbitt
Company: Tait
Walker
Presentation Title: Fraud and Your Response |
| |
Synopsis: What is fraud?
Would you know if a fraud was operating within your organisation?
Has your organisation made a fraud statement and does it have a
fraud response plan? Would you know what to do if a fraud was discovered?
Fraud can strip the assets of a business so quickly the consequences
could be dire not just to your business but to others reliant upon
you. This session will enlighten and dispel the myths as well as
provide solutions to what is a very destructive crime.
Biography: Frank Nesbitt is a retired Northumbria
Police Officer having served 30 years almost entirely as a detective.
The last 13 years of service Frank was in the Economic Crime Unit
and investigated all manner of fraud from probate fraud to public
sector corruption. He was instrumental in the establishment of
the Computer Crime Unit at this Police Force. In November 2005
Frank qualified from the University of Teesside with a Masters
degree in Fraud Case Management and is presently a Member of the
Expert Witness Institute. Now employed at Tait Walker Chartered
Accountants as a Forensic Service Manager.
Back
to Top
|
 |
Name: Vernon
Poole
Company: Sapphire
Presentation Title: IT Governance,Metrics,Measurement and
Benchmarking |
| |
Synopsis: My presentation
will outline why organisations need to develop effective metrics/measurement
mechanisms.
There is a range of practical models being developed for organizations
to adopt. For example, ISO 27004 has created a new standard totally
devoted to this subject to get to grips with effective IT Governance.
IS metrics are vital for business resilience through an effective
management/measurement model.
Organisations need to develop formal processes to build an effective
measurement model capable of responding to a growing number of
threats to meet regulatory and contractual requirements and demonstrate
continuous improvement.
The main ingredients are:-
> effective measurement management
> practical ways to ensure compliance with the growing number
of regulations/laws e.g possible disclosure laws
> ability to achieve the necessary awareness of why metrics
are vital to business resilience
> production of continuous monitoring metrics – through
both Help Desk & shared responsibility
Biography: Vernon is Head of Business
Consultancy, responsible for Sapphires team of consultants who
deal with Information Assurance and all best practice standards
on Information Security Management and associated areas (ISO27000
series; ITIL; COBIT; ValIT). Vernon began his career in consultancy
with CAPITA and has over 20 years experience in information security
management consultancy & training. He has also worked in the
public sector (local & central government) and with Aid to
Industry (audit & security training group) – the latter
being acquired by Deloittes which resulted in Vernon becoming
a European leader performing a number of Information Security
and Control related assessments on behalf of a number of major
clients.
Back
to Top
|
 |
Name: Martin
Leven
Company: essentiagroup
Presentation Title: Secure Outsourcing |
| |
Synopsis: How secure should
you expect your customer data to be when you outsource your contact
strategy and business processes to a third party? This session will
examine the issues that have affected the call centre industry in
recent years and the benchmark security and assurance standards
that your supplier should adhere to when acting on your behalf.
Biography: Martin is the director of technology
at The essentiagroup, a Glasgow based BPO that specializes in
the Health, Lifestyle and Pharmaceutical markets. The essentiagroup
has five locations around the UK handling in excess of 15000 contacts
daily on behalf of prestigious clients such as COI, Dept of Health,
BMA, Scottish University for Industry and fronts brands such as
Frank, Child Protection Line, Know the Score, Connexions Direct,
learn direct scotland and Smokeline.
Previously the IT Manager of Edinburgh based PPL Therapeutics,
famed for cloning Dolly the Sheep, Martin moved on to become Head
of IT at Pharmaimaging group before joining The essentiagroup
as Director of Technology in 2005. Martin has been responsible
for implementing an industry leading contact management solution
and achieving compliance with ISO27001 in a particularly challenging
contact centre environment.
Back
to Top
|
 |
Name: Dave Bryant
Company: Child Exploitation & Online Protection centre
(CEOP)
Presentation Title: New Technology - New Threats - New
Responses |
| |
Synopsis: David will describe
how CEOP's unique approach to technology and industry partnerships
created an online and offline presence that has made a significant
contribution to the safety of children. David will discuss how a
successful relationship between Information Technology and Information
Assurance professionals supports CEOP's objectives.
Biography: David began his career in electronics
with the MoD in 1982, moving to Olivetti and then to the National
Crime Squad, where he delivered the national IT infrastructure.
During his 12 years within Law Enforcement, he has managed both
the support and development of secure IT services. As a Programme
Manager, he has advised on National and International projects.
Since 2006 he has been the CIO for the Child Exploitation &
Online Protection centre (CEOP).
Back
to Top
|
 |
Name: Lord
Erroll (Merlin)
Company:
Presentation Title: An overview of evolution of IT security
|
| |
Synopsis: To be confirmed
Biography: Lord Erroll (Merlin) has worked
in IT most of his life as well as spending 22 years in the Territorial
Army, and is a professional public speaker. He is also one of
the Hereditary Peers who was elected to stay in the House of Lords,
where he takes a particular interest in ICT, Countryside &
the Environment, the Constitution and Scottish matters.
Within Parliament, he plays an active role in several ICT groups,
especially those looking at regulatory issues involving Communications,
the Internet, Personal Identity and Government Data Sharing, linking
this with a Local Authority perspective through his work on the
board of LASSeO (The Local Authority Smartmedia Standards e-Organisation).
He sits on the council of PITCOM (Parliamentary Information Technology
Committee), is on the board of EURIM (European Information Group),
is Secretary of apComms (All-Party Communications Group), Vice-Chairman
of the All-Party Group on Entrepreneurship, and Treasurer of the
All-Party Group on Risk and Adventure in Society. In 2007 he sat
on the Science & Technology Select Committee’s sub-committee
on Personal Internet Safety.
He is President of E-RA (the E-business Regulatory Alliance)
and also sits on other bodies such as the Information Systems
Security Association (ISSA) and the Nominet (UK) Ltd. Policy Advisory
Boards.
Back
to Top
|
 |
Name: Sadie
Creese
Company: Warwick University
Presentation Title: The need for tangibility of risk
in Cyberspace |
| |
Synopsis: There is growing
evidence that people are not making the best decisions from a security
perspective when online or handling digital assets. This talk will
explore the issues, our current strategies for addressing them,
limitations, and opportunities to learn from cognitive science in
order to encourage more secure behaviours.
Biography: Profressor Sadie Creese is Director
of e-Security in the University of Warwick Digital Laboratory,
a new multi-million pound investment housing multi-disciplinary
research teams including the e-Security group. The scope of research
and innovation interests of the Group are broad, including almost
every aspect of security in cyberspace, the point of interface
with the physical domain, the management of information security,
the delivery of information assurance and the socio-political
context in which e-Security exists.
Back
to Top
|
 |
Name: Phil
Cracknell
Company: PGP
Presentation Title: Security and Risk - A peek into the
future |
| |
Synopsis: To be confirmed
Biography: Phil is regarded as one of the UK’s
leading security specialists. He has over 20 years experience
gained in a variety of high-profile technical and managerial commercial
and government security roles.
His publicity on the subject of wireless security have made Phil
somewhat of a security celebrity with appearances on Newsnight,
Channel 4 News, Sky News, ITV News and BBC’s Inside Out
as well as national press. He was responsible for the first published
war-driving surveys in London, 2001 and has continued to revisit
this each year on behalf of RSA Security.
A regular keynote speaker at National and International conferences,
Phil offers a unique insight into the world of information security,
hacking and risk management.
Back
to Top
|
 |
Name: Professor
Richard Walton
Company: Royal Holloway
Presentation Title: Risk Management for Information Security |
| |
Synopsis: To be confirmed
Biography: Richard's GCHQ career culminated
in his appointment in January 1999 to the GCHQ Board as Director
CESG, the National Technical Authority for Information Assurance.
He held this post until October 2002 when he was seconded to the
Cabinet Office to initiate work on the production of a National
Strategy on Information Assurance.
He retired from the Civil Service in May 2003 and is now an independent
consultant (own company, Walton-Mackenzie Ltd) and visiting Professor
in the Information Security Group at Royal Holloway University
of London. He was appointed as an independent member of the Defence
Scientific Advisory Council in April 2004.
Back
to Top
|
 |
Name: Alastair
Irons
Company: Educational Consultant
Presentation Title: Challenges in Teaching Digital Forensics |
| |
Synopsis: This presentation
will explore the particular pedagogic challenges, issues and opportunities
associated with the teaching of computer forensics and digital forensics.
The paper will explore the need for the development of an accepted
body of knowledge, the balance between training and education and
the professional and ethical aspects required in teaching computer
forensics.
Biography: Alastair is an educational consultant
specialising in digital forensics. He was previously Associate
Dean in the School of Computing, Engineering and Information Sciences
at Northumbria University. Alastair has taught a range of subjects
including digital forensics, computer forensics and computer ethics.
His main area of subject research currently centres on the professional
certification and accreditation of digital forensics
Back
to Top
|
 |
Name: Ian
Bryant
Company: UK National Archives
Presentation Title: Whole Life Assurance of Information |
| |
Synopsis: Although the move
from Information Security to Information Assurance (IA) has meant
that more emphasis is being placed on the Integrity and Availability
of Information than was historically the case, this emphasis is
very much focused on the current operational use. If IA is to really
be taken on board, the assurance of information must be considered
from the cradle to the grave, and measures put in place to ensure
that information continues to be accessible and correct for as long
as it may have business value, or for as long as there may be statutory
or regulatory need. This session explores some of the implications
inherent in the moved to a whole life view of IA.
Biography: Ian Bryant is an Electronic Engineer
by profession, currently on loan from MOD to the National Archives,
where he is their Information Assurance (IA) Advisor. He has spent
his career in IA, including work for MOD as an Accreditor, the
Technical Security Authority, and Head of the Computer Security
Incident Response Capability, assignments for NISCC and Cabinet
Office (CSIA), and recently Head of the ITsafe Warning Service.
Back
to Top
|
 |
Name: Harvey
Mattinson
Company: CESG and Strategy Consultant
Presentation Title: Identity Management |
| |
Synopsis: Information Assurance
of ICT systems has historically concentrated on the protection of
confidentiality, integrity and availability through pragmatic, appropriate
and cost effective risk management. Today everybody is networked,
businesses require federated and global solutions and Government
policy demands shared services. We can no longer think of just integrity
of data, we need to ensure the integrity of business processes.
The presentation develops a trust model (“6A+P”) and
integrates that with what we mean by identity and how that supports
the business process of identity management.
Biography: Harvey Mattinson recently retired
from the CSIA (Cabinet Office) as Head of Accreditation. He now
works for CESG on a part time basis and spends the remainder of
his time working as a strategy consultant.
Back
to Top
|
|
Name: John
Finch
Company: Plymouth City Council
Presentation Title: A Standard Information Security Policy
to fit all Local Authorities |
| |
Synopsis: The Devon Information
Security Partnership was set up by all 13 Devon Local Authorities
and the two national parks in order to work together towards ISO27000.
One of the main requirements for the standard was an Information
Security Policy. Each authority had a completely different policy
and none of these met the requirements for the standard, so it was
decided to jointly develop a policy which could fit any organisation.
The talk will outline the structure of the policy, which is detailed
in a high level map, then will explain the different components
that make up the policy, how they were derived and what they will
mean for an organisation. Examples of the details of each level
will be given, which should help to clarify the value of the policy.
Finally, the implementation of the policy an organisation, will
be dealt with, and how it can be done with minimum initial disruption
to staff.
Biography: John is the Information Security
Manager for Plymouth City Council, a unitary local authority.
He has been with the Council for 4 years, and has developed the
IT security role from inception, implementing incident reporting,
a new security policy, and a Management Information Security Forum
to liase with representatives form across the Council, along with
providing advice to staff and increasing IT security awareness.
Educationally, he is a current CISSP and his Msc thesis concentrated
upon IT Security awareness.
He has previously worked in IT for a diverse range of organisations
from Devon & Cornwall Constabulary to several large multinational
manufacturing companies
Back
to Top |
|
Name: Brian
Barbour
Company: Standard Life
Presentation Title: Influencing User Behaviour |
| |
Synopsis: To be announced
Biography: Brian was appointed Standard Life's
first Chief Information Security Officer at the start of 2007.
Before then, he was Risk Manager in Group Operations which covered
the Shared Service Centre with diverse areas such as HR, Legal,
IS and Premises, as well Hong Kong and Asia/Pacific. Before then,
Brian was IT and Corporate Services Director in Dublin where after
a strategic review of services, he moved IS development from locally
installed AS/400s to the mainframe using Service Oriented Architecture.
His previous experience in Standard Life includes Systems Improvement
Manager, and Telephony Manager where he was instrumental in establishing
call centres as well as making use of Computer Telephony Integration
for outbound marketing.
Brian has been with Standard Life since 1993 after a length period
at IBM where he was a Software specialist and a Software Operational
Support Manager.
Back
to Top |
 |
Name: Mike
Humphrey
Company: SOCA
Presentation Title: SOCA one year on – facing the
security challenges |
| |
Synopsis: Staff from the
SOCA Security Dept will give an overview on the progress of the
new organisation since last years NISC presentation and highlight
some of the security challenges that the agency faces.
Biography: Mike Humphrey MSc M.Inst.ISP, Head
of Information Assurance and Accreditation, Serious Organised
Crime Agency. Mike holds an MSc in IT Security, is a qualified
ISO27001 auditor, an elected member of the Information Assurance
Advisory Council’s (IAAC) Management Committee and is a
Govt Liaison Panel representative on the IAAC Board. After initially
being involved in one of the working groups during the formation
of the Institute of Information Security Professionals, he is
now a member of the IISP membership accreditation committee.
Back
to Top |
 |
Name: John
Strange
Company: SOCA
Presentation Title: SOCA one year on – facing the
security challenges |
| |
Synopsis: Staff from the
SOCA Security Dept will give an overview on the progress of the
new organisation since last years NISC presentation and highlight
some of the security challenges that the agency faces.
Biography: John Strange joined the National
Crime Squad in 2001 where he has held a number of appointments
including Information Security Officer and Protective Security
Manager. In 2004 he was appointed Departmental Security Officer
and Head of Security with direct responsibility for all aspects
of security across the organisation.
John has 34 years of experience in policing and security matters
gained during his career in the Royal Air Force and latterly in
the Law Enforcement Community. He has served in the UK and overseas
including the Middle and Far East, USA, Canada, Germany and Holland.
He is a specialist in Protective and IT Security and Strategy
and has worked with most of the major UK and overseas Police and
Security agencies.
Back
to Top |
|
Name: Ian
Levy
Company: CESG
Presentation Title: Threat, Risk and Assurance |
| |
Synopsis: Drawing on recent
information assurance events affecting Government Ian will explore
the aspects of threat and risk that Government systems - and increasingly
those outside Government - have to face. We'll also explore mitigation
strategies.
Biography: Dr. Ian Levy is a Technical
Director with a wide remit and range of responsibilities at CESG,
the National Technical Authority for Information Assurance and
part of GCHQ
Back
to Top |
 |
Name: Bill
Orme
Company: Microsoft
Presentation Title: Secure Mobility |
| |
Synopsis: Many organisations
gain significant value in deploying solutions that will allow them
to extend their business by providing employees, partners and customers
secure, policy-based access to applications and resources from any
Internet enabled device. MS Intelligent Application Gateway (MS
IAG), IAG is easy to use, administrate and can be accessed from
anywhere using a web browser. No matter how the solution is used,
or who uses it, MS IAG continues to provide a resilient, secure
and safe mobile environment for all to work in. During this session,
Bill will highlight the current issues surrounding Secure Mobility.
Back
to Top |
Back
to home
|