31 March 07:30 - 18:307A Odenplan, Stockholm

Speakers

Ulf Berglund
Event Chairman & Board Member, CSA Sweden Chapter

Ulf Berglund has a long experience from leading positions in the field of information security. He has been an honourable President of the CSA Sweden Chapter which he  launched in Sweden back in 2012. He is also co-author of the book Guide to the Cloud. He has a background as an officer, his last active years he was principal officer, IT security and information security expert at the Military Intelligence and Security Service (MUST). He has held positions as CTO, senior consultant and senior consultant for companies such Pointsec, Ernst & Young and Technology Nexus. Ulf's consultant and the experience derived from companies like Skandia, Scania, Swedish Match, the Stockholm Stock Exchange (OMX), the Swedish Central Bank, Apoteket AB (pharmacy), H&M and Länsförsäkringar Bank AB. He is the founder and owner of U&I Security Group AB.

Emil Dahlin
CIO, Svevia AB

Emil Dahlin has over 30 years documented experience in the IT industry and he is currently CIO, SVP Digital Business Development & IT of Svevia AB, a company that specialises in building and maintaining road infrastructure, employs about 2,000 staff dispersed across 100 locations in Sweden and Norway. He has also worked as a strategic advisor and consultant on a senior level for different consultant vendors. In addition, he has held top positions such as: Head of Group IT-Infra, PMO & SAM at PostNord AB, CIO at Qbranch AB & Axians SE and CTO at Norsk Hydro AB. 

Conny Larsson
Chairman, Sig Security

Conny is the chairman of Sig Security, a Swedish non-profit organization specialized in information and IT security. Conny has a master degree in Law and IT and is specialized in Telecommunication and Information Technology Law. Between 2009 and 2017 he worked for the Swedish law firm Gärde & Partners AB in Stockholm and now in his own law firm since 2018. Before that he was a corporate counsel at the major Swedish telecom operator TeliaSonera for nearly fifteen years and also at Flextronics Network Services. In addition he was a legal counsel at the Swedish Telecom Agency and the Swedish Enforcement Agency. Altogether he has been working as a lawyer specialized in Law and IT for more than 30 years.

Martin Bergling
Board Member, Sig Security

Alexandra Searle
Privacy Director, Ericsson

Anders Jared
CISO, Systembolaget

Sivan Harel
Regional Sales Director, Northern Europe & Israel, Pcysys

Sofia Cerwall
Group Security Advisor, Ericsson

Andrew Beckett
Managing Director EMEA, Kroll Inc

Andrew Beckett is a managing director and EMEA leader for Kroll's Cyber Risk Practice. Andrew began his career at GCHQ where he held a variety of roles including head of the branch responsible for providing cyber security advice to government departments and penetration testing.  He also served in the Organization for the Prohibition of Chemical Weapons (OPCW). This is an International Civil Service organization operating under the auspices of the UN where Andrew was the first head of the Office of Confidentiality and Security and charged with setting up this team. Andrew went on to run his own commercial consultancies before joining Airbus Defense and Space in the UK as the head of Cyber Defense, a role he filled for five years before joining Kroll. Andrew is a visiting professor of Cyber Security at the University of South Wales.

John Wallhoff
President, ISACA Sweden Chapter

John Wallhoff (CISA, CISM, CISSP), President of ISACA Sweden Chapter & independent advisor. He is an experienced expert in the field of IT-Governance, IT Service Management and Information Security. Over the past 25 years he has been working with a wide range of organisations in different industries/sectors.

Björn Gustafsson
Head of National Security, Telia Sverige AB

Björn Gustafsson is currently Head of National Security at Telia Sverige AB since 2016. Before joining Telia he served as a CISO of Stockholm's municipality and City for 8 years where he was responsible for effectively managing and coordinating the development of the Stockholm City’s security work. During his tenure he led numerous projects and processes in information security, security protection and the city's risk and vulnerability analysis. Björn has also 20 years of experience at the Swedish Armed Forces where he worked at the command and control regiment security department as chief information security officer. Besides, he is a renowned educator that shares his works and findings to others in the security community.

Johanna Mannung
Enterprise Security Architect, Swedish Police Authority

Johanna Mannung is a security architect at the Swedish police authority, working with all aspects of it- and information security. During her 20 years in the IT sector she has held a number of  varying positions, from researcher into privacy in p2p networks to a developer for IAM solutions. Today she gets to use all her experience in securing one of the most important organizations in Sweden.

Dimitrios Stergiou
CISO, Trustly

Dimitrios is currently employed as the Chief Information Security Officer for Trustly. He is an experienced senior Information Security and Risk professional with over 20 years’ experience in Risk Management, IT audits and Information security. Before joining Trustly, Dimitrios held positions at Modern Times Group, NetEnt, Entraction, Innova S.A and Intracom S.A. Dimitrios holds a M.Sc. in Information Security and is a Certified Lead Implementer for ISO 27001:2013, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC) professional and Certified Information Systems Security Professional (CISSP). He is also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional / Europe (CIPP/E).

Kjell Löfgren
President, CSA Sweden Chapter

Kjell has 15 years of experience in Cyber ​​Security. In 2018 he became chairman of the Cloud Security Alliance Swedish chapter. He also works at NCC Group as Regional Manager, Sweden. Among other things, Kjell participated and built up Stay Secure, which became the Swedish market leader in E-mail Security. He also has many years of experience in EDR, Endpoint Detection and Response, SIEM and Web Security. 

Johan Schauman
Head Digital Co-development, Swedish Tax Agency

Johan/Mr Schauman has been working at the Swedish tax agency for almost twenty years in many different roles. More recently as a change leader for the agency´s digital transformation and currently as head of co-development, creating prerequisites and enabling external parties to develop solutions with the agency´s data, code or professional experience and expertise. He is utterly convinced that the only way to create a sustainable digital community is through collaboration between the private and the public sector.


Josef Joo
Head of Global Cyber Defense & Incident Response, Schneider Electric

Jarkko Rautula
CISO, IKEA Group

A degree qualified and highly experienced Information Security and Data Privacy Leader with a strong, 20 + years strategic, tactical and operational planning background in Information Security, Data Privacy, Business Continuity Management/Disaster Recovery, Risk management and Leadership/People management. Currently holding the position of group CISO at Ingka (IKEA) group.

Schedule

Registration Starts


Chairman Opening Remarks


Cyber Security for critical infrastructure: How to prepare and respond to cyber threats?

Critical infrastructure requires different aspects for risk management to be considered and enforce different priorities when designing the infrastructure due to potential impact from failures, but still the basics of cyber security remain the same. In this session we will touch some of the concerns in relations to sectors of critical infrastructure addressing following questions; 

  • What specific risks are necessary to manage?
  • How can providers of infrastructure products assist?
  • Is it feasible to use cloud services?

Swedish National Security in a global business perspective

This presentation will explore how the "New Swedish National Security Protection Act" is putting a lot of demands on those who are engaged in “Security sensitive activities” 

Key takeaways:

  • How does the protection Act apply to a multinational and global business?
  • For whom is the Swedish National Security important?
  • Who is responsible for Swedish National Security?
  • Who will pay for the needed investments?

How to allow change and stay secure: A case study of the Swedish Police Authority

In this keynote,  Johanna talks about the challenges facing the Swedish Police authority. Due to the nature of police work modern tools, high availability and mobility is needed without compromising information security and confidentiality. By combining information security and technical testing and surveillance the police authority allows modernization with a high degree of control.
Key  takeaways:

  • How do you stay on top of  IT-security in a complex environment and a rapid development pace? 

1500+ Cyber Investigations Later: Trends To Beware


Coffee Break & Networking In The Expo Area


The Breakout Sessions


Cyber Insurance: Mitigating risks through insurance

"Growing cyber resilience with Continuous Risk Validation"

Navigating the landscape of global regulatory developments for Data Protection and Privacy; Finding a path in a global company

More than a year on from GDPR, one could assume we all know what is needed and are implementing it all flawlessly? Are we really? Or has GDPR triggered a global evolution on data privacy regulatory reform? And do we know how to handle it? Or Who to handle it? Or who is best to handle it? These are all questions that all of us in the privacy space have encountered at least once, and we have come up with some solutions, some workable ways, in the companies we work in and the teams we drive.  The session is set up to be a knowledge sharing session, to provide some insights into how I believe a workable solution can be found, and lessons we have learnt along the way. 

Key takeaways:

  • Implementing GDPR; what are the common challenges and how to overcome them
  • How does one keep track of all the global requirements?
  • Navigating agendas for Privacy; Legal, Security Compliance – working towards seamless implementation and workable synergies

Breakout Session D


Breakout Session E

Breakout Session F

Client Case-Study Presentation (Reserved)

Lunch Break - One-to-One Meetings


Round Table Discussion Sessions

Cyber Security for critical infrastructure: How to prepare and respond to cyber threats?

In this round table session John will use the ENISA definition of security measures for operators of essential services (OES) to discuss what best practice and baseline security measures to be applied and relate it to our joint experience from working with cyber security. 

The targeted sectors for this session include; Energy (Electricity, Oil & Gas), Transport (Air, Rail, Water, Road), Financial & Banking, Healthcare, Drinking Water Supply & Distribution, Digital Infrastructures.

Major Breach Response Mistakes and How To Avoid Them

IAM & IGA

TIBER EU, the European framework for Threat Intelligence-based Ethical Red Teaming

The TIBER-EU has been developed by the European Central Bank. The purpose is to establish a common framework for testing, and improving, resilience against sophisticated cyber attacks. The TIBER-EU framework has been designed for companies and organizations that are part of the core financial infrastructure, whether national or European. However, it can also be used for all types or sizes of companies and organizations in the financial and even in other sectors.
Key takeaways:

  • Advantages and disadvantages of TIBER EU?
  • What obstacles need to be crossed to implement TIBER EU?
  • How can / should we prepare for the introduction of the TIBER EU framework?
  • How will TIBER EU affect your organization and your daily work?  

“When can we achieve sufficient efficiency? With infinite ways of breaching security how do we implement countermeasures to be secure enough?”

It is hard to keep track of our it-environment as new initiatives are taken, transformation to cloud and mobility is constantly moving. This session is a discussion about how we manage to take control over a complex situation and how we decide what countermeasures are needed to obtain adequate security.

Key takeaways:

  • How do we keep track of all attack vectors in our it-environment?
  • Guidelines, standards, ways-of-working.
  • How do we avoid overlapping, cluttering and gaps in our protection?
  • Who has the IT-security map – for real?
  • How do we define enough?

Penetration testing: Godsend or necessary evil?

The expansion of regulatory frameworks in multiple domains (e.g. PSD2, NIS, GDPR) had led to increased focus in how organizations manage their Information Security and how they verify that the deploy effective controls. One of the verifications methods suggested is the execution of a penetration test on regular (or well-defined) intervals. But, do these mandatory penetration tests add value to the target organization? Or is it just to check one more box in a long compliance checklist? Key takeaways:

  • What are your experience with penetration testing?
  • How can one select the most appropriate vendor for the activity?
  • What do you (as a customer of the test) want to see more of (or less of)?

Cloud requirements and opportunities - how can technology, law and business meet?

This round table session will be hosted by Conny Larsson and Martin Bergling  who are both Board Members at SIG Security.

Key takeaways:

  • "Everything should be outsourced to the cloud!"- But is there information that cannot be outsourced? If so, which one?- How can one handle a separation between the two types of information?
  • Our confidence in the cloud suppliers- Can we have confidence in that security requirements are met? How?- What role does the Cloud Act and Patriot Act play for our trust in suppliers affected by these requirements?
  • Conflicts of interest between new business opportunities and regulatory changes- How should legislation or other regulation be modified so that new business opportunities, e.g. based on cloud services or other new technology, can be utilized?- Is it eg appropriate to specify requirements and conditions in law, or should they be given in regulations or other directions from the regulator or supervision authorities?
  • About 95% of personal data incidents reported to the Swedish Data Inspection Board (‘Datainspektionen’) are closed, and as a private individual you can never receive relevant compensation in a possible dispute.- Can we, as individuals or companies, trust GDPR to work?- Or is GDPR and ‘Datainspektionen’ just window dressing?

Cloud requirements and opportunities - how can technology, law and business meet? - Co-Host

Coffee Break & Networking In The Expo Area


“Tax by design – the Swedish model goes tech”

The Swedish tax agency does not think that just smoothing och tuning  it's old processes is enough to maintain trust from it's own customers. If we want people and businesses to keep paying tax voluntarily, we need to step up and offer them the possibility to handle tax in their own preferred environment, integrated in real time transactions. To pull this through, we need completely new technical solutions and business models. This offers many serious challenges, not the least from an it-security perspective.

Key takeaways:

  • Everyone is talking API´s, and so are we. But why has it been so hard for us to walk the talk? 
  • Why is the API strategy so crucial for our transformation? 
  • Securing data and the integrity of the customer in house is hard enough; How will we manage security if we share your data to others? 

    Panelist

    Panelist

    Panelist


      Panelist

      New Technologies and the changing Cyber Security Landscape

      Today's increased cyber attacks and breaches have prompted us to act fast and with precision thanks to the new emerging technologies. With Ai, Machine Learning, Blockchain, Big Data, IoT and Cloud, it's  safe to say we are facing a paradigm shift.

      Key takeaways:

      • What are biggest challenges in terms of the new landscape?
      • Do we have sufficient skilled security workforce to drive current and future projects? Or do we need the same people in the near future as we have now?

      Keynote Presentation (Vacant)


      Closing Presentation - (Vacant)


      Event Chairman's Closing Remarks

      Netwoking Cocktail Reception Starts

      Welcome to the 4th Edition of the IT Security Insights Conference. This edition will provide insights into the biggest challenges faced by organisations on the Swedish market. The main themes of the event comprise: cloud security, cybersecurity for critical infrastructures, Cyber Insurance, IoT security, the new protective security Act in Sweden, legal compliance and identity governance, patch  management, information security training initiatives and latest cybercrimes.

      We have a fantastic 1-day well-structured program with top customer case-studies, a leadership panel debate and round table discussions where attendees will learn and get tools to apply in their own organisations after the event. We are also glad to announce that we have introduced breakout sessions at our upcoming event. This is in an effort to separate technical sessions from strategy-oriented ones thus, giving the delegates the right to select sessions they find great value in.

      The event schedule covers: 8 plenum sessions, 6 breakout sessions, 9 round table sessions and 1 panel debate. 

      The conference is limited to 200 delegates and up to 20 exhibitors who will be showcasing their own products and solutions in the exhibition area. So, join us whether your main objective is to network with IT Security professionals in attendance or you are actively looking for the latest solutions to improve your organisation’s security posture.

      7A Odenplan is an accessible and modern venue occupying a floor plan of 2000 sqm with a large courtyard. It offers flexible rooms, good food and a roof terrace that overlooks Odengatan with a fantastic panoramic view of the city of Stockholm.

      7A Odenplan has a perfect city location with subway, commuter train and most city buses a few steps from the entrance. those who intend to drive a car, there is a parking garage in the house below with direct access up to the meeting room. Warm welcome!

      Address: Norrtullsgatan 6, 113 29 Stockholm Visit venue at: http://www.7a.se/konferenseven...

      By Subway from T- Centralen: • Take the green line with train no.s: 17, 18 & 19 on the subway from Stockholm Central towards any of the following destinations: Odenplan, Alvik, Åkeshov, Råcksta, Vällingby and Hässelby Strand.

      • Get off at Odenplan - approx travel time 4 minutes.

      • From the Subway station it takes 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time. There is a subway going every 5 minutes.

      By Train from Central Station • Take the commuter train from Stockholm Central towards any of the following destinations: Märsta, Kungsängen, Uppsala and Arlanda Airport.

      • Get off at Odenplan station - approx travel time 4 minutes

      • From the underground it will take at least 3 minutes’ walk to get out of the station. Then approx. 2 minutes to the venue, 7A Odenplan. Use Google Maps and you will be there in no time.

      • The commuter trains go 4-6 times per hour.

      By car Address: Norrtullsgatan 6, 113 29 Stockholm, Sweden

      By taxi We recommend the following companies: Taxi Stockholm +46 88-15 00 00 Taxi Kurir + 46 88-30 00 00 Taxi 020 + 46 20-20 20 20