General Information
Held in Victoria, British Columbia, Canada this conference is a must attend for those working in the privacy and security fields. Presented by the Office of the CIO and the Ministry of Finance, Government of British Columbia, this three-day conference, is recognized as one of the top tier events in North America. Anyone working in the information privacy and security fields will benefit from the speakers, discussions and networking at the conference. Attendees are from every level both within government and private industry. The conference draws an international audience of some 1,000 delegates with an interest in cutting edge policy, programs, law, research and technologies aimed at the protection of privacy and security.
Reasons to Attend
- Get face-to-face dialogue with international industry experts who have successfully implemented best practices solutions
- Learn about current trends, issues and actions
- Obtain your annual Continuing Professional Development credits
- Discover new methods and products that can lower expenses and increase revenues
- Take the pulse of what is happening for tools, technologies, and processes
- Get Immediate answers and solutions to issues current in your organization
Conference Rates
Early Bird registration by December 16, 2016 |
Regular registration after December 16, 2016 |
|
Public Sector | $595.00 CAD (plus GST) |
$725.00 CAD (plus GST) |
Private Sector | $725.00 CAD (plus GST) |
$925.00 CAD (plus GST) |
Registration Fees Include
- 2 plated lunches
- All coffee breaks
- All keynotes, plenaries, panel sessions and applied sessions
- Pre-conference educational sessions
- Access to networking lounges
- Networking reception Thursday evening
- Conference portfolio
- Conference materials
- On-line access to presentations post-event
Victoria Conference Centre
There’s nowhere in the world like Victoria. It’s small yet sophisticated; a technology leader and an historic capital city; a vibrant business community yet surrounded by nature. At its heart is the Victoria Conference Centre – an exceptional experience for delegates and world-class support for planners.
Victoria Conference Centre
720 Douglas Street,
Victoria, BC
V8W 3M7
*Invited Speaker
Click on the date of the agenda you would like to view. Please note the timezone listed on the agenda.
Wednesday, February 8, 2017
8:00am •
Registration Open
9:00am – 12:00pm • Theatre
IBM presents: Safe Guarding the Data When Legacy Defenses Are Not Enough
In this workshop, attendees will:
• Get insights into external and internal data threats
• Shifting Industry responses to data threat trends
• Guardium Data Protection case study
• Peer round table discussion (led by a IBM Data Protection SME)
9:00am – 12:00pm • Saanich Room
BC Ministry of Finance – Privacy, Compliance and Training Branch and BC Ministry of Technology, Innovation and Citizens’ Services – Information Security Branch presents: Finding Privacy and Security in the Cloud!
The Province of BC is potentially moving towards the use of cloud services, including Microsoft Office 365. Each of these services needs to be evaluated to ensure they meet our privacy and security objectives. This workshop will walk attendees through the steps that the BC Government took to ensure that privacy and security objectives and controls could be met and that the risk was manageable when implementing and using O365 cloud services. This project allowed for collaboration and will explore the partnership between security, privacy and the vendor provider.
Upon attending this workshop, participants will be able to:
• Understand the evaluation process and be able to apply that to any cloud service they wish to consume, including O365
• Obtain a safer online presence through the use of privacy tools, device settings and best practice principles.
• Privacy and Security evaluation process will be examined including the STRA and PIA activity
• Leverage the process and information into their own evaluations
8:30am – 12:00pm • Oak Bay Room
BC Ministry of Technology, Innovation and Citizens’ Services – Information Security Branch presents: Breach the CyberWall and Win 1st Prize
Be part of the first ever CyberWall Competition at Victoria’s 2017 Privacy and Security Conference. Expect a fun, challenging, educational and team-building event, designed for people with minimal or entry-level hacking skills.
Teams of 4 will work together to break through cyber defenses, disrupt a virtual company and capture the secrets. Be part of the winning team and take home the coveted 1st prize. Tom Levasseur, veteran cyber breach event organizer and owner of Hackingaway.org, leads each team through the event ensuring an organized, productive and learning experience.
This morning session is less technical, so suitable for people with only basic IT skills. The session lasts 3.5 hours and does not require any previous hacking knowledge! The competition is not an event for people with advanced hacking skills.
Participants play the role of the cyber criminals trying to break into the target organization's IT infrastructure. The target is composed of firewalls, routers, servers and desktops in a complex and realistic but safe environment. By working in teams everyone contributes the skills they have - and learns from each other.
Teams work together to be the first to break through to each stage, gather points, and win the challenge. Then wrap up with time to understand, and learning to defend.
First come first serve, plan to register quickly following registration opening January 23rd. Registration instructions will be provided in advance of the event. A waiting list will be created in case of over registration.
Participants must bring their own laptop; laptops will not be provided. Participants will be using RDP (Remote Desktop Protocol) software for this event. RDP software is included in all recent versions of MS-Windows, and available for free download from Mac App Store. Participants will connect using a network wire. Your laptop must have a RJ45 connector or a USB-to-Ethernet 10/100 connector.
Upon attending this workshop, participants will be able to:
• Understand how hackers use tools and techniques to exploit vulnerabilities in computer systems;
• Where authorized, use specific tools and techniques to test system security in their organizations;
• Understand how to better protect systems from attack;
• Call on others from the event for advice and help.
*Please note this session is now full.
9:00am – 12:00pm • Esquimalt Room
Palo Alto Networks Presents: Protecting Endpoints from Today’s Modern Threats
Over the past few years, the security industry as a whole has struggled – and more often failed – to prevent successful breaches. Time and again we have heard of organizations falling victim to exploits, malware or ransomware attacks.
Most organizations deploy a mixture of security solutions to protect their endpoint systems, including one or more traditional antivirus solutions. With the proliferation of free and low-cost tools, threat actors can now generate new and unique attacks that evade signature-based antivirus. Current endpoint security solutions and antivirus cannot protect users and systems against evasive, unknown or zero-day attacks. Recent studies have confirmed this - traditional endpoint security solutions are stopping less than 40% of known malware variants.
Organizations are now re-evaluating their endpoint security approach with advanced endpoint security solutions. Some organizations have been inquiring about Endpoint Detect and Response (EDR) capabilities. Although breach detection and incident response are important as part of an overall security program, they must be secondary priorities compared to prevention. Why? A focus on prevention is the only effective, scalable and sustainable way of reducing the frequency and the impact of cyber breaches in your organization as the threat landscape continues to evolve and grow annually.
In this workshop, we will discuss the 5 (five) capabilities/requirements needed today to prevent successful attacks, while also demonstrating in a hands-on lab:
• A simplified approach to managing attacks
• Break down the sophisticated threat lifecycle
• Prevent successful execution of advanced attacks originating from executables, data files or network-based exploits
• Take on the roles of the targeted individual, attacker and security professional
• Understand the chain-like nature of exploits
• Experience the power of advanced execution control to thwart attackers
Please bring your laptop as this will be required for the workshop. Instructions will be provided to access a cloud-based Virtual Machine (VM) environment using a web browser or RDP client and all activity is safely and securely done from the confines of the VM. Participants will need to have administrator rights on the laptop they will be using.
1:00pm – 4:00pm • Theatre Presentation Files Vulnerability Session
BC Ministry of Technology, Innovation and Citizens’ Services – Information Security Branch presents: Are Your Systems Vulnerable to Hacker Attacks? Achieving Success through Shared Experience
This seminar provides an overview of BC Government’s Vulnerability Management Program and how we navigate management of risks through partnerships. This is a panel session with a selection of professional representatives who will provide different viewpoints from their positions in the industry. In bringing these groups together for discussion, the audience will learn about real life experiences and key factors for achieving successful vulnerability management in your areas of business.
After attending this workshop, participants will be able to:
• Understand the BC Government’s Vulnerability Management Program
• Understand what is needed to plan a vulnerability assessment
• Know what to expect from a vulnerability assessment
• Understand how to attain customer requirements prior to an assessment
• Identify how and why risk is assessed by audit professionals
• Understand the different professional perspectives of vulnerability management
• Clearly understand recommended remediation next steps – how to manage the results
• Realize the important questions to ask the Assessor before mitigation takes place
1:00pm – 4:00pm • Saanich Room
BC Ministry of Education presents: Digital Threat Assessment: How Publicly Available Social Media Data Guides Current Risk Assessments in School Safety
The data was there…. They said. Unfortunately, the vast majority of recent school violence cases have had pre-incident precursors leaked online in the form of social media posts. Knowing where, how, and when to look for this information is the current challenge that school officials and law enforcement face. The real time gathering and assessment of open source social media data plays a critical role in mitigating and preventing school violence. Our youth are facing a myriad of challenges in the digital environment that include being radicalized, cyberbullied, targeted, trolled, extorted and being provided with further justification towards violence. This workshop will provide the most current landscape of the social media world used by students and how we can harness its’ intricacies to ensure the safety of our schools.
Learning Outcomes:
• A detailed look at the current uses and abuses of social platforms
• A provincial lens on the successes of the ERASE Bullying Strategy
• Using simple verification techniques to determine validity and credibility of online posts
• The critical role that social media plays in school safety emergencies
• How to make sure that the professionals in the room have their own online privacy protected
1:00pm – 4:30pm • Oak Bay Room
BC Ministry of Technology, Innovation and Citizens’ Services – Information Security Branch presents: Breach the CyberWall and Win 1st Prize
Be part of the first ever CyberWall Competition at Victoria’s 2017 Privacy and Security Conference. Expect a fun, challenging, educational and team-building event, designed for people with minimal or entry-level hacking skills.
Teams of 4 will work together to break through cyber defenses, disrupt a virtual company and capture the secrets. Be part of the winning team and take home the coveted 1st prize. Tom Levasseur, veteran cyber breach event organizer and owner of Hackingaway.org, leads each team through the event ensuring an organized, productive and learning experience.
This afternoon session is for people with more technical experience. The session last 3.5 hours and does not require any previous hacking knowledge! The competition is not an event for people with advanced hacking skills.
Participants play the role of the cyber criminals trying to break into the target organization's IT infrastructure. The target is composed of firewalls, routers, servers and desktops in a complex and realistic but safe environment. By working in teams everyone contributes the skills they have - and learns from each other.
Teams work together to be the first to break through to each stage, gather points, and win the challenge. Then wrap up with time to understand, and learning to defend.
First come first serve, plan to register quickly following registration opening on January 23rd. Registration instructions will be provided in advance of the event. A waiting list will be created in case of over registration.
Participants must bring their own laptop; laptops will not be provided. Participants will be using RDP (Remote Desktop Protocol) software for this event. RDP software is included in all recent versions of MS-Windows, and available for free download from Mac App Store. Participants will connect using a network wire. Your laptop must have a RJ45 connector or a USB-to-Ethernet 10/100 connector.
Upon attending this workshop, participants will be able to:
• Understand how hackers use tools and techniques to exploit vulnerabilities in computer systems;
• Where authorized, use specific tools and techniques to test system security in their organizations;
• Understand how to better protect systems from attack;
• Call on others from the event for advice and help.
*Please note this session is now full.
1:00pm – 4:00pm • Esquimalt Room Presentation Files Compliance and Audits Session
BC Ministry of Finance – Privacy, Compliance and Training Branch presents: Information Management: Compliance and Audits
It is a generally accepted truism that effective information management is critical not only to the protection of organizations and their lines of business but also to the safeguarding of individuals’ privacy and freedom of information expectations and rights. But, how can we really know how effective our own information management practices are? The answer is: we find out. In partnership with Deloitte this session uses the approach taken in the B.C. government to explore how to conduct a risk-based information management compliance review and audit across four key domains: privacy, access (FOI), records management and information protection. Attendees will use case studies to explore the tools, techniques and strategies required to tackle this strategic and operational challenge in their own organization.
1:00pm – 4:00pm • Sidney
BC Ministry of Finance – Corporate Information Records Management Office presents: Providing Access to Government Records in the Digital Age
Are you curious about the intriguing world of Access to Information and how decisions are made about releasing information to applicants? This workshop provides an overview of accessing records under the Freedom of Information and Protection of Privacy Act (FOIPPA), with an interactive discussion using case studies to learn what a Freedom of Information Analyst must consider when processing a request. As leaders of FOI Access to Information services on behalf of the public bodies, Information Access Operations provides guidance to public body clients in fulfilling their obligations under the legislation, and how the landscape is changing with more and electronic records and digital information, where electronic records can be copied and sent to multiple locations at the press of a button. In an age of immediate information, with the ability to access records 24/7 individuals expect to obtain information quickly.
This workshop will provide an overview of the various initiatives and work completed by the Information Access Operations Office (IAO) in responding to FOI requests. The workshop will provide some case studies and discussion on responding to access requests.
Thursday, February 9, 2017
7:30am •
Registration & Networking Lounge Open
8:45am - 9:45am • Salon AB
Keynote Speaker: Cybersecurity Without Illusions
The security of our networks just keeps getting worse. More attackers, from governments to criminals, are finding ever more imaginative ways to exploit their access to our data. Yet from smart phones to the smart grid and the internet of things, we are doubling down on digitization and its conveniences.
Is there a strategy for achieving security in cyberspace? Calls for “better” hardware and software have a thirty year history of failure, as do calls for putting encryption everywhere. There are a few bright spots. Attribution of attackers will continue to improve. So will retribution and perhaps deterrence.
But restoring trust, order, and security to cyberspace will challenge every comfortable assumption we’ve cherished about digital technology. Achieving security in a digital world will mean choosing the least unsatisfactory future and then struggling for it, without illusion.
9:45am - 10:15am • Salon AB
Keynote Speaker: From Regulated to Regulator: Two Perspectives on Privacy
Drew McArthur is best known for his work managing consumer and employee privacy at TELUS until his retirement in 2007. Nine months ago, he assumed the role of Acting Information and Privacy Commissioner for B.C. and now enforces the Freedom of Information and Protection of Privacy Act and the Personal Information Protection Act. From mobile device management to video surveillance to national security, Drew will share the successes and surprises he’s encountered as his role has changed from regulated to regulator.
10:15am - 10:30am • Upper & Lower Foyers
Morning Break - Sponsored by Ziften
10:30am - 11:00am • Salon AB Presentation Files Carey Frey
Concurrent Keynote Presentation - It’s Secure! Or Is It…How Do You Know for Sure?
As Canada increasingly embraces the digital economy, we are also confronting the growing risk to our privacy and security from cyber threats.
Yet instead of working to simplify the problem, the security community has created a wildly complex and disparate set of competing frameworks, standards, technology products and services all claiming to be the one and only silver bullet we need to be truly secure.
How does any consumer, organization, business or government make sense of it all?
To cut through the complexity and to protect itself and its customers, TELUS is becoming Secure-by-Design.
From - the Cloud - to 5G - to SDN - to NFV - to IoT, TELUS is defining measurable security outcomes to clearly and transparently demonstrate its security and we will let you be the judge.
Presentation Files Carey Frey
10:30am - 11:00am • Theatre
Concurrent Keynote Address - (R)evolution of Physical and Cyber Security
There has been “disruptive” changes in how we conduct physical and cyber security as the boundaries are being broken down due to advances in technology. Join Deloitte Directors, Peter Sloly, former Deputy Chief of Police, Toronto Police Service and Kent Schramm, former Chief Information Security Officer for the Province of Ontario and a former military officer as they present three key lessons learned over the course of their careers in security. Further, they will explore the future implications of the convergence of the physical and cyber domains as they relate to the privacy and security of information.
11:05am - 12:20pm • Salon AB
Concurrent Panel Session - Panel A: The Most Disruptive Technology for Public and Private Sector in the Next 10 Years
Public Sector is complex and centralized in responsibility for governance and public service delivery, yet fragmented and often disconnected in organizational structure and the ability to share data. Blockchain could be used to address current systems and increase the effectiveness of public service delivery. Blockchain could serve as the official registry for government-licensed assets or intellectual property owned by the citizens and businesses. Blockchain could also help in back office functions to coordinate and streamline process within the public sector. While interest in the technology is growing, public sector applications using this technology are rare.
Blockchain is an amazing technology which has the potential to be applied in a myriad of ways, but also has its drawbacks. The open ledger system, while giving a lot of power to individuals, also has the disturbing potential to leave them exposed. The trick lies in the implementation of Blockchain, and the concerns of privacy, security and flawless execution have to be addressed in the real world. Digital legal tender isn’t without risk, however and could be met with political resistance, holding back innovation. Security is also a big issue with “Big Brother” tracking your financial life. What is the balance between #PrivacySecurity and how do we become #StrongerTogether?
11:05am - 12:20pm • Theatre
Concurrent Panel Session - Panel B: Open Data
Open data is defined as data made accessible in formats that can be manipulated by computers and without restriction on how the data can be re-used. Should those who hold data (usually governments) give up control over how they use data and allow greater scrutiny to unlock the innovation through the use of data? Key concerns without sensitivity to the kinds of data in question raise serious issues of how our privacy is at risk. Productive dialogue is essential between #PrivacySecurity and open data and how the two concepts are unfolding in this data rich world.
11:05am - 12:20pm • Salon C Presentation Files IoT Panel
Concurrent Panel Session - Panel C: Internet of Things: The Emerging Threat Frontier
By 2020 there will be 30 Billion “connected things” that enrich our lives, businesses, and organizations such as thermostats, medical devices, cars, industrial equipment, presenting an exciting opportunity for innovation and business opportunities. Today the number of “things” connected to the internet surpasses the number of people. Despite these benefits increased connectivity between devices and the Internet create security and privacy risks.
Potential security risks could be exploited to harm consumers by enabling unauthorized access and misuse of the personal information, facilitating attacks on other systems and creating safety risks. Denial of service attacks are more effective the more devices the attacker has at their control. Unauthorized persons might exploit security vulnerabilities to create risk to physical safety. Privacy risks involve the direct collection of sensitive personal information such as precise geo-location, financial account numbers, health information, habits, location, and physical conditions may allow an entity that has not directly collected sensitive information to infer it. How do we begin to address the issues of #PrivacySecurity #StrongerTogether on the emerging frontier of the IoT?
12:20pm - 1:35pm • Salon AB
Luncheon Keynote Address - #Policing in the Digital Age
Director Mario Harel, President of the Canadian Association of Chiefs of Police, will discuss the interplay of privacy and security in the context of policing today by drawing upon some of the key priorities of Canadian police leaders as reflected in the work of the Association. Police are operating in an age when some individuals freely share their lives and views using new technology, and others conduct criminal acts hidden from public and police view because of privacy protections and limited police powers. In an environment of concern for security of individuals, communities and the nation, privacy can help both those who commit crimes and help and hinder those who are victims of crime. Director Harel presents the CACP case for a balance that will protect society while preserving legal rights.
12:20pm - 1:35pm • Crystal Ballroom (in Empress)
Networking Luncheon
1:35pm - 2:10pm • Salon AB Presentation Files Diana Kelley
Keynote Speaker: The Emerging Era of Cognitive Security
Today, businesses and data security leaders are looking for ways to better anticipate and even predict threats before they happen. Companies have a huge amount of data to process and very little time to do it, and new forms of targeted attacks have evolved. These new threats require new thinking, and that’s where the latest cognitive capabilities can help.
Presentation Files Diana Kelley
2:15pm - 2:45pm • Salon AB
Applied Session: Incident Response – What are the First 24 Hours Really Like?
Herjavec Group’s Matt Anthony will share his decades of experience in information security, as a CISO, as a Managed Services practice builder and now as an Incident Response executive leader, offering a behind the scenes look at what really happens during an incident. He will highlight the NIST and ISO best practices that have supported the modeling of Herjavec Group’s own IR practice, and he will engage with executive leaders from Splunk, Tanium and Cylance for a brief panel on how evolving technology and customer proactivity are changing the ways enterprises prepare for an incident today.
2:15pm - 2:45pm • Salon C
Applied Session: The Future of Security
As technology changes rapidly around us, we need to continuously adapt and invent new safeguards to help keep our communities safe. Ongoing research into security and privacy is a constant and essential part of achieving this. There are several active areas of security and privacy research. Some of these include: software engineering, usability, penetration testing, spam-prevention and detecting and responding to new online threats.
In this segment, our student researcher will share with you some leading edge discussions, discoveries and ideas in the areas of security and privacy.
2:15pm - 2:45pm • Theatre
Applied Session: Keeping Data Safe: Guardium Data Protection Case Study
• Case study background
• Challenges to securing sensitive data
• The Guardium solution
• Business and compliance benefits
2:15pm - 2:45pm • Saanich Room
Applied Session: Safeguarding Content with a Data-Centric Security Model
The Internet forever altered how organizations manage content. Sensitive information resides in more places, yet it is becoming increasingly difficult for internal teams to safeguard it everywhere. With rising opportunities and incentives for insiders and external parties to exfiltrate unprotected, sensitive data from systems and electronic devices, it’s imperative for organizations to consider new security measures to help thwart attacks.
Faced with protecting sensitive documents, organizations turn to encryption methods, which we’ve seen echoed in compliance frameworks - encrypt your data at rest, and encrypt your data in motion. But, not all encryption methods are the same, and they must be evaluated based on the threat models for a given environment, which is time consuming and onerous.
Attend this session to learn about a data-centric security model that aims to secure content at every step in the enterprise content lifecycle by providing additional layers of protection against evolving threats and resulting in the following:
- Persistent protection—Enforce access control at the file layer
- Dynamic control—Updates access control and permissions to documents on-the-fly
- Continuous monitoring—Record all valid and invalid access attempts, including what has been done with the content (who, what, when, and where
2:15pm - 2:45pm • Oak Bay I Room Presentation Files Ray Pompon
Applied Session: Build Secure Solutions Successfully with Systems Theory
How and where do you defend your organization? Why do some control deployments fail to achieve traction? The systems we protect are products of complex technical, social, and economic interactions that can create unpredictable responses. A change to one part of the system can result in multiple unforeseen consequences to others.
Many security architectures that began as clean designs now stagger forward on as a patchwork of point-solutions. Users are treated as passive objects with no agendas of their own and security is seen as pixie dust to be sprinkled over an organization to patch holes. Not surprisingly, the level of assurance and utility of such systems are fall far below expectations. You cannot afford to waste time or resources - the risks are mounting too quickly.
Systems Theory has been used for decades in engineering, biology, ecology, sociology, and psychology. It can also be highly useful in architecting and analyzing security systems. This talk will cover the concepts of System Theory, focusing on using modeling and engagement techniques for protection. We will explore examples on spotting unintended outcomes, identifying where to apply controls for maximum effectiveness, and solving problems at the right subsystem.
Presentation Files Ray Pompon
2:15pm - 2:45pm • Oak Bay II Room
Applied Session: Safely Enabling Microsoft Azure & AWS Cloud / Hybrid Data Centers
Microsoft Azure & Amazon AWS are accelerating data center transformation, resulting in organizations needing to support a hybrid architecture that combines your on premises resources along with the cloud. From a security perspective, your challenge remains the same: how to protect your applications and data, regardless of their location.
Join us to learn how the Palo Alto Networks can securely enable your hybrid data center. You will learn:
· Security: Considerations when moving to Cloud
· Visibility: Consistent visibility across clouds is one of the most common issues with multi-cloud deployments
· Threat Prevention: Block known and unknown threats is a critical requirement to protect applications and data no matter where they reside
· Automation: The ability to natively integrate into a variety of environments to match the dynamic and on demand nature of cloud services
2:15pm - 2:45pm • Esquimalt Room
Applied Session: Privacy Engineering Objectives as the Foundation of Information Systems
This session will focus on privacy engineering objectives from the business point of view, as the core foundation behind building information systems that implement an organization’s privacy goals and support the management of privacy risk. These objectives include: predictability, manageability and disassociability – the equivalent to the information security objectives of confidentiality, integrity and availability. The session will touch on how consumers can use third-party credentials to access online/digital services in a secure way, without compromising their privacy.
Key takeaways include:
• Audience will learn how a privacy-enhanced identity federation can meet the stringent objectives of privacy engineering
• User-centric privacy-enhanced systems must meet organizational goals, yet still provide consumers with complete control of their information
2:15pm - 2:45pm • Sidney Room Presentation Files David Izzard & Lanny Cofman
Applied Session: Azure EMS –Access, Convenience & Security for the City of Surrey in One Fell Swoop
Public Sector adoption of the cloud has been relatively slow in Canada when compared to the private sector. While the cloud certainly provides tremendous benefits to public sector organizations, it is often viewed as being privacy and security landmines. As a result, many public sector organizations have moved very slowly in their move to the cloud, often limiting deployments to small pilot projects or limited deployments. The City of Surrey has taken an aggressive approach. Leveraging Microsoft’s EMS platform, the City of Surrey is adopting the cloud within the organization. Through this presentation, attendees will learn about Microsoft’s EMS platform and how the City of Surrey has leveraged this platform to not only provide greater and more convenient access to its staff, but also improve the overall security posture for the City.
2:15pm - 2:45pm • Colwood Room
Applied Session: CASB: Mitigating Risk with Improved Visibility into Cloud Applications and Infrastructure
One of the biggest security challenges enterprises face today is caused by the adoption of cloud services. Enterprises must learn how to protect themselves against new threats from cloud services which sit outside the firewall, eroding the network perimeter. Many organizations struggle to provide the necessary security capabilities to support this transition, all while continuing to apply traditional on-premise security controls. Some in regulated industries, such as healthcare and finance, face even bigger challenges to meet various regulations and guidelines.
This session will identify security issues enterprises face in the cloud and address necessary tools and services that are available today. By pairing the right Cloud Access Security Broker (CASB) with the native capabilities available from cloud service providers, enterprises can address all of their data security governance requirements in the cloud.
2:45pm - 3:00pm • Upper & Lower Foyers
Afternoon Break - Sponsored by Ziften
3:00pm - 4:10pm • Salon AB
Concurrent Panel Session - Panel A: Virtual, Augmented, and Mixed Reality: A Brave New World
The wonders of Virtual Reality (VR) have been promised to us for some time. Thanks to sci-fi saturation it feels like an important component of the future and a statement about how far technology has come since of the invention of the television. And now the future might be present. 2016 is the “year of VR”. Is there something unsettling about it? How will our privacy and security concerns be addressed? Will greater immersion lead to identify theft? Is VR another means of state surveillance? How will third-party influences be monitored?
3:00pm - 4:10pm • Theatre
Concurrent Panel Session - Panel B: Privacy, National Security and Accountability: How Can Public Trust Be Ensured?
The public debate about accountability of government intelligence agencies centres on the need to enhance public trust. The firestorm of criticism sparked by the disclosures of Edward Snowden has resulted in transparency as the central theme in an ongoing public debate. Yet as the threat environment continues to evolve, governments struggle to develop tools to protect their citizens from the threats of terrorism and cyber attacks while at the same time ensuring their freedoms and privacy. Canada’s government has made strengthening accountability a priority with new legislation that establishes a National Security and Intelligence Committee of Parliamentarians. Meantime, civil society groups, academics and the media raise concerns about privacy, but they do not have access to state secrets about government intelligence-collection programs, nor the checks and balances surrounding them. In this panel, you will hear representatives from the media, privacy advocacy, a Canadian intelligence agency, and a federal government watchdog present their perspectives and debate the issue of trust.
3:00pm - 4:10pm • Salon C
Concurrent Panel Session - Panel C: Citizen e-ID
Gartner defines citizen electronic identification (e-ID) as the orchestrated set of processes and technologies managed by governments to provide a secure domain to enable citizens to access these core resources or services. Enterprise-wide authentication technologies, including biometrics, are rapidly changing this area of IT investment by leading governments globally.
4:15pm - 4:45pm • Salon AB Presentation Files Steve Martino
Keynote Speaker: Pervasive Security for the Digital Economy, Securely Connecting Everything
Digitization is rapidly changing our world as we know it today. It is forcing organizations to create entirely new value positions to their customers, produce new “digital” products/services to delivery on these opportunities and driving new business/consumption models. As businesses prepare for an increasingly digital economic future and the pace and voracity of attacks accelerate, Cybersecurity has become a top concern. Today's technology trends like mobility, cloud, and the Internet of Things are multiplying the points of infiltration into the network. As a result, organizations must continually adapt their defensive strategies while enabling rapid discovery and remediation of the breaches across the attack continuum to secure their digital business. Hear how Cisco is addressing Cybersecurity and what you should consider in building your own Pervasive Security model.
Presentation Files Steve Martino
5:00pm - 5:45pm • Upper Foyer
Networking Reception - Sponsored by Rogers
Friday, February 10, 2017
7:30am •
Registration & Networking Lounge Open
8:45am - 9:35am • Salon AB Presentation Files
Keynote Address: Media in the Age of Terror: How the War on Terror Became a War on Journalism
After a successful career as a journalist, and after accepting the post of Al Jazeera English Bureau Chief in Cairo, Mohamed Fahmy was falsely accused of being a member of the Muslim Brotherhood—a group designated as a terrorist organization by the Egyptian government. He and his colleagues were imprisoned in the Scorpion maximum security prison in Egypt for over 438 days, living with members of the Muslim Brotherhood, al-Qaeda, and ISIS.
After massive international outcry against his sentence, Fahmy was finally pardoned of all charges in September 2015.
Now, in his riveting keynotes, Fahmy discusses the“Media Trial of the Century” and his incredible ordeal. He talks about what it takes to survive solitary confinement and imprisonment with hardened extremists, far from home and family—offering unparalleled insights into the motivations of insurgents. He explains how press freedoms and ethics are threatened by states and endangered by media organizations. And he speaks of the role NGOs and human rights advocates play for journalists and prisoners of conscience.
He writes and speaks about the rise of ISIS in Iraq and Syria and the Arab revolutions and fall of Arab dictators as a witness from the frontlines—drawing on the success and shortcomings of Western foreign policies in the Middle East.
His unique knowledge as a Canadian-Egyptian, coupled with years of experience as a journalist, human rights advocate, and political prisoner engrossed in the politics of the Middle East and bearing witness to its evolution, means he provides his audience with a perspective rarely presented in western mainstream media.
Fahmy does not stop at analyzing the politics of the Middle East, which left him a pawn in a geopolitical rift between heads of states.
In his quest to turn his imprisonment into an achievement rather an impediment he speaks about his quest to improve consular services provided to Canadians imprisoned abroad or risking arrest. He is currently working with civil society groups in Canada on developing and introducing a bill to parliament in hopes of enshrining a law that obligates the Canadian government to intervene when one of its own is jailed abroad.
9:35am - 10:15am • Salon AB Presentation Files John Wunderlich
Keynote Address: The Fall and Rise of Individual Autonomy: How Privacy Enhancing Technologies and Protocols Can Reclaim the Web for Alice and Bob
The Internet of “No one knows you’re a dog” has been replaced by the Internet of “We know what kind of dog you are, and what you did last night.” Most people don’t particularly want to be surveilled or tracked across the Internet but have resigned themselves to it. The inability (or apparent unwillingness) of people to act on their expressed preference for privacy is known as the privacy paradox, and is related to their assessment that they have no agency in most web relationships as web users. In other words, from a privacy perspective, the relationship between Alice and Bob is broken or possibly even abusive.
While “Terms of Use” and “Web Privacy Statements” that give Alice only a take it or leave it option make a certain amount of sense from a corporate risk management point of view, it has led to today’s unhappy adblocked world. There is no way for organizations that might want to deal with their users as people instead of as personal data ore to be mined.
But protocols, systems and architectures for Internet scale identity and autonomy can enable companies to fulfill the promises of privacy enhancing technologies and break the privacy paradox. What would a privacy enhancing data ecosystem look like?
Presentation Files John Wunderlich
10:15am - 10:30am • Upper & Lower Foyers
Morning Break: Sponsored by Thales
10:30am - 11:00am • Salon AB Presentation Files Cheryl Soderstrom
Concurrent Keynote Address: Digital Transformation and Cybersecurity: What Could Possibly Go Wrong?
What is a digital business and what are the principles of digital transformation driving the new economics? Why is digital transformation so hard? We will discuss four approaches to get to tangible business value, and an almost magical case study of digital transformation done extremely well, including the underpinning privacy and cybersecurity implications. This session will also highlight key digital and cybersecurity technologies to watch for future industry transformation and disruption.
Presentation Files Cheryl Soderstrom
10:30am - 11:00am • Theatre Presentation Files John Weigelt
Concurrent Keynote Address: Transforming Governments Services with Privacy
Governments around the world are transforming their service delivery with a focus on greater citizen engagement, employee empowerment, agile service delivery and resource optimization. Modern technologies and innovative services form the basis of many of these transformative initiatives, often challenging the existing policy frameworks for security and privacy. Join John Weigelt as he explores examples of government service transformation and describes how governments are addressing their privacy and security obligations using cloud based services.
Presentation Files John Weigelt
11:05am - 12:15pm • Salon AB Presentation Files Drones Panel - Keri Bennett
Concurrent Panel Session - Panel A: Drones
The Federal Government plans to introduce regulatory requirements for small drones weighing 25 kilograms or less operated within visual line of sight. A growing number of individuals are flying aircraft that have no pilot and can be controlled using a smartphone or tablet. A new industry that creates regulatory challenges for safety and privacy. Drones can be outfitted with high-powered zoom lenses, night-vision or infrared imaging systems, and video software that can recognize specific people, events or objects that flag movements or changes in routine. These features demand an emphasis on personal protection in regulations and licensing standards.
Unmanned aerial vehicles are used for a wide range of government related and commercial applications, including search and rescue, agricultural surveys, cinematography, police investigations, and meteorology. How do we match the benefits of the use of drones while protecting the identity of drone users, and balancing the privacy and surveillance of our citizens?
11:05am - 12:15pm • Theatre
Concurrent Panel Session - Panel B: Ransomware: Will You be the Next Digital Hostage?
The threat of ransomware has grown at an unprecedented rate. Business was booming for cybercriminals last year as ransomware was the most common form of malware and gave rise to Ransomware as a Service (RaaS). Victims are forced to consider whether they have sufficient backups to restore systems and data in a timely manner or whether to pay the ransom. Organizations are having to consider whether they should purchase cyber insurance to mitigate risk. What steps is your organization taking to avoid falling victim and how will you prioritize both prevention and response? Attend this session if ransomware and current threats are a concern for your organization.
12:15pm - 1:30pm • Salon AB
Luncheon Keynote Address: Privacy Upstream, Discrimination Downstream: The (Un)Intended Consequences of Data Analytics
12:15pm - 1:30pm • Crystal Ballroom (in the Empress) Presentation Files Stewart Cawthray
Luncheon Keynote Address: Social Threats – Social Media as an Attack Vector for Cyber Threats
Social media has become a core business & communications platform and every industry now faces a unique set of risks on social, many of which have put organizations in the press or at the center of controversy. Whether it’s blocking targeted phishing attacks, protecting corporate accounts from compromise, fighting fraud or defending against scams and impersonating accounts, social media security is critical for modern business success.
Social media security is the process of analyzing dynamic social media data in order to protect against cybersecurity and business threats. Social media is an evolving attack vector which many organizations are blind to.
This session will review the types of threats and why organizations should be concerned about them.
Presentation Files Stewart Cawthray
1:30 - 2:00pm • Salon AB Presentation Files Conn Nicoll
Applied Session: Education Reduced Breaches. Who Knew?
There’s so much amazing cyber security technology deployed in the field… So why are breaches from phishing attacks still on the rise? A major security gap in most organizations is not technology. It is their employees on the front line who are most vulnerable to attacks and often ignored by the security team. Join us as we look at the root causes for successful phishing attacks and what you can do to prevent them. We’ll look at some of the strategies TELUS introduced to embed a culture of security into our organization and convert this weakness into our first line of defence.
Presentation Files Conn Nicoll
1:30 - 2:00pm • Salon C
Applied Session: The Future of Security
As technology changes rapidly around us, we need to continuously adapt and invent new safeguards to help keep our communities safe. Ongoing research into security and privacy is a constant and essential part of achieving this. There are several active areas of security and privacy research. Some of these include: software engineering, usability, penetration testing, spam-prevention and detecting and responding to new online threats.
In this segment, our student researcher will share with you some leading edge discussions, discoveries and ideas in the areas of security and privacy.
1:30 - 2:00pm • Theatre
Applied Session: Stop the Bleeding, Start Cleaning: Four Steps for Evolving Your Privileged Account Security Program
The average enterprise environment contains 3-4x more privileged accounts than employees. The sheer numbers and political challenges can seem overwhelming in the face of a marathon approach. Join CyberArk as we discuss how to start your privileged account security program and quickly add accountability to built-in backdoor admin accounts, control access to your most critical assets and immediately mitigate the risk of high-value accounts used in discovery or vulnerability management processes.
1:30 - 2:00pm • Saanich Presentation Files Marcus Troiano
Applied Session: Cybersecurity in 2017: Preparing for the Road Ahead
The events of 2016 have brought to light the profound effects cyber-attacks can have on a wide range of the global economy – from governments to banks, and law firms to technology companies. While the nature and objective of these attacks have varied, their impacts continue to be significant. This session will examine what we should be expecting to see in 2017, and how best to prepare for another year which is sure to introduce new and diverse challenges.
Presentation Files Marcus Troiano
1:30 - 2:00pm • Oak Bay I Room Presentation Files David Izzard
Applied Session: Capability Based Planning for Security Investments
Making the case for investing is security initiatives is always a challenging exercise. Outside of legislative and regulatory pushed like PCI, it is often difficult to both justify near term investments, and develop a long term investment plan. Too often, yearly security investment decisions are based on “flavour of the week” technologies rather than being based on a long term investment plan and security roadmap. The City of Surrey has chosen to take a new approach to its security investment strategy by leveraging Business Architecture concept known as Capability Based Planning. Through this presentation, attendees will learn about Capability Based Planning concepts, and how the City of Surrey used this approach to develop a long term security investment roadmap for the organization.
Presentation Files David Izzard
1:30 - 2:00pm • Oak Bay II Room
Applied Session: Left to Their Own Devices?: Privacy Implications of Wearables in the Workplace
Emerging trends in wearable technology include ergonomic sensors for occupational health and safety, biometric sensors for professional athletes, augmented reality headsets for shipping and receiving, and smart ID badges for personnel tracking and remote monitoring. However, very little is known about the variety of uses for these technologies in workplaces, their prospects, and the extent to which they fall under existing privacy regimes (i.e., PIPEDA). This OPC-funded project aims to raise awareness about the potential privacy issues associated with wearables by examining the practices and information that arise from their use in Canadian workplaces. Our presentation will discuss preliminary findings of our multiphase study exploring the opportunities and enthusiasm for wearables in the workplace. We will provide current examples of wearable implications and applications in Canadian workplaces; current high-interest use-cases in the enterprise; and initial assessment and recommendations for the wearable future of privacy.
1:30 - 2:00pm • Esquimalt Room
Applied Session: A Practical Approach to Implementing Information Governance
Just over a year ago, a new information management act and the creation of a chief records officer role laid the groundwork for a new chapter in the quest “to promote effective information management by government bodies”1 in BC.
Historically, IT roles such as DA and DBA have owned accountability for corporate data and metadata assets. Data stewardship and information governance principles enable a shift of accountability from IT to business custodians, providing program executive and managers an unprecedented level of control of their data assets.
This session outlines an approach to implementing information governance within a stewardship driven custodial framework. This business-driven approach enables organizations to realize key goals of data access by all stakeholders, rational protection of personal information, quality and quantity management, and articulates principles to guide strategic decision making around information asset management.
1Information Management Act Div1. Part1. CRO Mandate; 3.d
1:30 - 2:00pm • Sidney Room
Applied Session: Update on OECD – Privacy and Security Initiatives
This session will provide an overview of the OECD’s work on implementing the Council Recommendation on Digital Security Risk Management, highlighting new work on cyber insurance. An update will also be provided on various other initiatives related to privacy, protection of children online and improving the evidence base for policy making in the digital economy.
1:30 - 2:00pm • Colwood
Applied Session: Understanding The Right Questions to Ask to Protect Your Privacy and Security
This is a practical session that will begin with an explanation of what attackers, and automated tools are doing today to compromise your privacy and security. After this session, you should have an understanding of the right questions to ask when choosing privacy and security tools to protect your devices at home and at work, to ensure you're picking the best one for your needs, with confidence.
2:00pm - 2:15pm • Upper Foyer
Afternoon Break - Sponsored by Thales
2:15pm - 3:30pm • Salon AB Presentation Files Digital Government Platforms Panel
Concurrent Panel Session - Panel A: Digital Government Platforms / Government as a Platform
Orchestrating transactions, payments, identity management and verifications, financial services and support programs across multiple agencies and globally across governments are catalysts driving the development of digital government platforms.
2:15pm - 3:30pm • Theatre
Concurrent Panel Session - Panel B: Intersection of Information Sharing, Privacy & Technology and an Ever Evolving and Shifting Security Landscape
In a time when cyber threats against organizations are at an all-time high, maintaining the confidentiality, integrity and availability of information as well as attribution requires a collaborative effort. Sharing intelligence and information amongst the private sector and government can be challenging and requires trust and new ways of thinking. This panel will explore ways that the public and private sector can work together while addressing and respecting the privacy concerns of all involved.
3:35pm - 4:30pm • Salon AB Presentation Files Joe Alhadeff
Closing Keynote Speaker
Presentation Files Joe Alhadeff
The 18th Annual Privacy and Security Conference is proudly sponsored by the following companies.
If you would like to sponsor this event, please download the Sponsorship Brochure for more information.
Title Sponsor
Platinum Sponsors
Gold Sponsors
Conference Sponsors & Exhibitors
VIP Reception Sponsor
VIP Dinner Sponsor
The Fairmont Empress Hotel
If you need to make accommodation arrangements, the Fairmont Empress is offering a special conference rate of $132/night for Corporate reservations and $105/night for Government reservations. Please note that this room block ends January 7, 2017.
Please contact the hotel directly at (250) 384-8111 to book a room or book online using the following links:
Government Reservations – https://resweb.passkey.com/go/privacysecuritygov2017
Corporate Reservations – https://resweb.passkey.com/go/prisecconf
Fairmont Empress
721 Government Street
Victoria, BC
V8W 1W5
https://www.fairmont.com/empress-victoria/
**Please note the room block at the Empress is now full. Additional rooms are available at the Chateau Victoria. Please see below for further information.
Chateau Victoria Hotel & Suites
If you need to make accommodation arrangements, the Chateau Victoria is offering a special conference rate of $117/night for Corporate reservations ($158 for a 1-bedroom suite) and $99/night for Government reservations ($139 for a 1-bedroom suite).
Please contact the hotel directly at 1-800-663-5891 or 250-382-4221 to book a room.
Chateau Victoria Hotel & Suites
740 Burdett Ave.
Victoria, BC
V8W 1B2
Harbour Air Flight Discount
Flying in from Vancouver or Seattle for the conference? Arrive in style in Victoria’s Inner Harbour with Harbour Air. Subject to availability, attendees will receive 20% discount on their goFLEX fares for confirmed travel to and from Victoria between February 4 and 12, 2017. Please note that all rates are subject to tax and fees. This offer cannot be combined with any other offers or promotions or be paid by Airbucks or TurboBucks. In order to receive this special discounted rate, attendees can contact the Reservation Department directly by phone at 1.800.665.0212 and quote the promotional code P&SC02-17 or book online at www.harbourair.com. Also be advised that you will need to provide a copy of your registration to the conference upon check-in.
All schedules and location information can be accessed through their website at www.harbourair.com.
YYJ Airport Shuttle
If you are needing transportation from the Victoria International Airport to Downtown Victoria why not consider using the YYJ Airport Shuttle.
When booking the shuttle if you mention “Reboot Communications” you will receive a special discounted rate of $22.50* for a one way trip or $35.20* for a round trip.
For more information please visit their website at www.yyjairportshuttle.com or call them at 1-855-351-4995.
*Prices include all applicable taxes