Panel information
our schedule
Beyond CVSS: Risk-based asset prioritisation in a world of limited defences
Organisations can’t protect every system equally, traditional vulnerability scoring models like CVSS fall short. This session explores how to identify, classify, and prioritise assets based on real business risk rather than technical severity alone. Attendees will learn how to combine asset criticality, threat likelihood, exploitability, exposure, and business impact to build a defensible, risk-driven security strategy.
The presentation will also cover practical approaches to mapping assets to business processes, understanding crown-jewel systems, and making informed trade-offs when security resources are constrained.
The presentation will also cover practical approaches to mapping assets to business processes, understanding crown-jewel systems, and making informed trade-offs when security resources are constrained.
The threat within: Securing modern networks against insider risk without breaking trust
Insider threats, malicious, negligent, or compromised remain one of the hardest security challenges to detect and manage. This session examines how organisations can strengthen internal security without eroding employee trust or violating privacy expectations.
Topics include improving internal observability, monitoring encrypted and cryptographic traffic responsibly, detecting lateral movement, and reducing blind spots created by zero-trust and cloud-first architectures. The session also addresses legal, ethical, and regulatory considerations, exploring where the line lies between necessary security monitoring and individuals’ rights to privacy in modern digital workplaces.
Topics include improving internal observability, monitoring encrypted and cryptographic traffic responsibly, detecting lateral movement, and reducing blind spots created by zero-trust and cloud-first architectures. The session also addresses legal, ethical, and regulatory considerations, exploring where the line lies between necessary security monitoring and individuals’ rights to privacy in modern digital workplaces.
Business continuity in the age of disruption: Preparing for ransomware, failures, and third-party risk
Modern business continuity planning must account for a wide range of operational disruptions, with ransomware representing just one albeit highly visible threat among many. This session explores how organisations can design resilient continuity strategies that protect critical operations against cyber incidents, system failures, supplier outages, and cascading third-party risks.
Attendees will learn both foundational and advanced approaches to continuity, including asset dependency mapping, recovery prioritisation, backup and restoration integrity, crisis decision-making, and testing under realistic scenarios.
The session also examines how ransomware fits into broader continuity planning, ensuring organisations can maintain operations, recover quickly, and adapt even when prevention controls fail—across both internal environments and extended supply chains.
Attendees will learn both foundational and advanced approaches to continuity, including asset dependency mapping, recovery prioritisation, backup and restoration integrity, crisis decision-making, and testing under realistic scenarios.
The session also examines how ransomware fits into broader continuity planning, ensuring organisations can maintain operations, recover quickly, and adapt even when prevention controls fail—across both internal environments and extended supply chains.
Upcoming events