Aligning IT security strategy and governance. (N-sight)

Location:Abbey Hotel, Grimbergen


New Year, familiar problem: security! IT security risks constantly evolve and grow, so our defences must as well. Digitisation, with cloud and with new technologies like AI and IoT, has cemented security’s place as a vital layer in the organisation's infrastructure and in the development of every application.


Creating, implementing, testing and aligning the IT security strategy is thus an issue that is spreading out and up, to every level of the company. During this session we’ll hear about the growing role of the CISO in the organisation and the Boardroom from Verizon, how to optimise resources for cyber resilience from Deloitte, how to validate security solutions from Davinsi Labs, and what new security challenges are raising their heads in the Domain Name System world. We’ll wrap up with a new tool from Beltug to help you inform the company’s Board about information security risks, to help align governance.





Hotel Abbey, Kerkeblokstraat 5, 1850 Grimbergen


*Beltug is offering Crowdbeamer streaming at our events, so that every participant can get the most from our speakers' expertise. Just download the free app, and then during the presentation you can see the current slide on your mobile device and annotate notes!




12:30 Welcome coffee


13:00 Introduction


Ann Guinée, Communication Manager, Beltug (English)


13:15 Security Strategy 2020+: the CISO in the boardroom


Threats actors are getting more dangerous and capable. The attack surface is spreading into cloud SaaS and IaaS/PaaS, while data privacy regulations and fines are increasing. In the face of all this, organisational structures are shifting to bring the CISO into the boardroom. How can the CISO manage this change, and leverage cutting-edge visibility to gain more Board-level influence and keep the organisation safe?


Emmanuel Baeyens, CISO Advisory, Verizon (English)


13:45 Q&A: Your questions, your experience


14:00 A strategic approach to managing cyber risk: business-driven and-threat based


Cyber risk is in continuous evolution. The pervasiveness of cyber across industries creates new advantages for leading organisations, but the threats remain. No organisation has unlimited resources to dedicate to cyber security. Therefore, it is important that organisations invest in those capabilities that will contribute the most to their overall cyber resilience, i.e. their resilience to external and internal cyber threats. We will share how one Deloitte client developed a business-driven and threat-based strategic approach to managing cyber risk.


Daria Bogush, Senior Cyber Security Consultant, Deloitte (English)


14:30 Q&A: Your questions, your experience


14:45 Continuous security validation


Companies are spending their budgets on implementing preventive and detective security controls. But once implemented, these solutions are often blindly trusted to do what they are supposed to. How can you validate they will indeed work when attacks happen? Attack simulation can provide key insight into whether your security controls correctly detect and/or block attacks.


Koen Bossaert, Solutions Lead, Davinsi Labs (English)


15:15 Q&A: Your questions, your experience


15:30 Coffee break


16:00 Case: DNS, the overlooked attack vector?


The Domain Name System is an often-overlooked attack vector in cybersecurity. In this presentation, we’ll hear how and why, and gain some insight about the latest security challenges and privacy developments in the DNS world that affect your IT security defence.


Kristof Tuyteleers, Security Officer, DNS Belgium (English)


16:30 Q&A: Your questions, your experience


16:45 Aligning Board and IT security


When IT governance is addressed at the Board level, the organisation’s performance increases.  But how should information security be presented to the Board?  Beltug has a new tool for our members, available on the website. This template presentation (with examples) shows you a way to present security risks, security by design, incidents & crisis simulation, projects & budget, GDPR & privacy. By informing Board members about information security risks, company and Board can be aligned on information security governance.


Claude Rapoport, President, Beltug (English)


17:15 Q&A: Your questions, your experience


17:30 Wrap up & Closing drink


18:30 End