The commissions Meetups Steering committee
Partners confirmed on Le Before 2021
An intense day of high-level content: roundtables, commissions by sector and meetups.
The roundtables aim at giving an overview of the current issues in the industry and defines the main topics that will be addressed during the commissions.
The commissions is where participants debates in small workgroups on transversal topics such as: data protection, cyber context, technology trends, compliance, governance, regulation, or providers’ management. Participants share their views and experiences. The result of the reflexion of each commission is synthesised and presented on the next day on Wednesday morning before the opening of Les Assises and available for all the participants throughout summary sheet.
1) Regulation, sovereignty… What national and international context for tomorrow?
Presidents: Philippe Loudenot Cyber Security Delegate, Pays de la Loire Regional Council and Sébastien Bombal, Technical Director at the Ministry of the Economy, Finance and Recovery Moderator: Mélanie Benard-Crozat, Journalist. Editorial director of S&D magazine
Faced with an extremely complex subject, the work of the committee will revolve around three highlights:
A 2020–21 review
- regulatory and normative changes
- national and international initiatives in terms of cybersecurity and digital sovereignty
A feedback that will be based on a questionnaire sent upstream to all participants.
A debate which will have to answer various questions:
- Do we have the right standardization tools?
- What are the supervisory bodies for these initiatives? How effective are the actions?
2) The resilience of organizations in the face of new crises.
Presidents: Patrick Menez Deputy Group CSO Axa and Stéphane Tournadre Director of Security SI Servier
Moderator: Caroline Moulin-Schwartz, Speaker and Technical Delegate of CRiP
As crime and geopolitical conflicts drift into cyber, it has never been so difficult to imagine the crises to come. And yet our governments are actively preparing for new forms of war. But what about our organizations? How to prepare to live in a system where the threat will be permanent? How to learn to manage crises which will become complex and multifactorial? Beyond cyber crisis management, we must prepare for new forms of resilience. We will be working on this foresight exercise in the next Before. An exercise that will allow us to co-construct new resilient systems that integrate the notion of systemic crisis.
3) When geopolitics invites itself into cyber, when clashes between states weigh on the security of companies, how to apprehend these new risks and integrate them into the definition of an IS strategy?
Presidents: Fabrice Bru Cybersecurity Director, "Groupement Les Mousquetaires" and Administrator of CESIN and Dominique Guiffard Group CTO, Savencia
Moderator: Jérôme SAIZ Consultant, Opfor Intelligence
Geopolitical contexts have accustomed us to economic, cultural, industrial and political wars. We see that these wars are spreading more and more in the digital arena.
Thus, we can become collateral victims by using digital services that can be the target or weapon of geopolitical conflicts between nations (eg SolarWind). In addition, we are challenged to implement a long-term global IS strategy, taking into account the varied and even contradictory national regulatory contexts. Today we are disarmed. Geopolitics is not always a risk taken into account by CISOs. They are sometimes ignorant of the cultural and political approaches of the countries where their company operates. The following questions may arise:
- How to follow the evolutions of the geopolitical situation in order to adapt the IS and SSI strategies?
- Should we take more into account the geopolitical contexts in our projects, in our strategic plans?
- Should we plan for "cultural, ethnic, political and religious" training when working internationally, adapted to the digital world?
- If the infrastructures of our strategic suppliers (Microsoft, Google, AWS, etc.) are the subject of major attacks, are we among the customers to be "sacrificed"? What are the impacts in our resilience strategy? Can we become pawns in the digital war between states (eg Stuxnet)? How to identify actors and stakeholders?
We invite you to share your experiences, testimonies, thoughts on a new subject, unexpected but which has become more significant, that we must take into account in our choices and risk analyzes.
4) Extended company: How to develop trust within its ecosystem?
Presidents: Thierry Auger Corporate CIO & Group CISO, Lagardère and Olivier Ligneul Cybersecurity Director, EDF Group
Moderator: Cécile Desjardins, Journalist
The extended enterprise has become a true ecosystem made up of partners, suppliers, freelancers, etc. but also tools and applications, increasingly driven by the cloud. Accelerated by the pandemic, Digitalization and remote work are now leading us to realize the need to develop trust and to orchestrate the rules of administration, security, compliance, monitoring of this ecosystem ...
- What are the challenges?
- What transformations need to be made?
- Do we need a rapid adjustment of the regulations applicable to each other and therefore work with the competent authorities?
- Do we need a Chief Ecosystem Officer? What would be its mission and what would be its tools?
5) The innovative cybertech ecosystem: Let's decipher it together!
Presidents: Malika Pastor Director of Information Systems and Digital, Colliers Group and Cyrille Tesser Director of digital legal investigation, La Poste Group
Moderator: Annick Rimlinger, Safety & Security, Cyber & Data Protection Director, Aema Group
This commission proposes to address four main areas of reflection:
- SMART & STRATEGIC TECHNO TRENDS: What emerging innovations in CyberTech to watch for its CyberProtection and to transform its extended IS?
- STANDARDS / LABELS / CERTIFICATION: Which ones to meet legal constraints & to respect regulatory compliance (and mainly data security)?
- KEY ACTORS / CYBERSEC INNOVATION CIRCLE: What role do Cyber partners play in ensuring this digital trust? (Startup; Cyber Campus; CyberDéfense Factory…)
- NEW CYBERSEC SKILLS (emergence): Who says new / emerging technologies says new methodologies says new skills but also new behaviors?
Meet-ups are small group activities offered by lawyers and experts. They address regulatory or legal points in a very practical way.
"The risk of corruption: Prevention, detection, sanctions"
- Animated by Garance Mathias, Lawyer at the Paris Bar, Cabinet Mathias Avocats
While waiting for the draft laws to overhaul the Sapin 2 law, whistleblowers:
Towards strengthening anti-corruption obligations
Towards a framework for lobbying
Towards a high authority for probity
How to anticipate these new risks? What compliance approach to take?
"AI, business and law"
- Moderated by Myriam Quemener, General Counsel, Paris Appeal Court, specializing in digital law
Artificial intelligence by deploying high-performance algorithms can help businesses but at the same time it raises legitimate questions.
Today, legal platforms, such as LegalTech, provide businesses with reliable digital solutions and cutting-edge IT tools.
Through real-time AI and intelligent automation, business decision-making and productivity can be improved. However, the use of AI and therefore algorithms cannot be done without prior reflection. Indeed, most innovative digital products and services now based on algorithms, it is confidence in the algorithmic processing of data from companies. consumers, which is a major strategic issue. This trust is established by developing a responsible "by design" algorithm approach, which requires companies to incorporate ethical criteria.
The meet up may address in particular:
- The challenges of AI for the company: between mistrust (the risk of bias) and trust
- Examples of AI applications
- What strategy to put in place for a responsible AI
- Build an AI roadmap
"Dealing with vulnerabilities in 2021: hope or despair?"
- Moderated by Jean-Marc Boursat, Group Enterprise CSO, TotalEnergies, Administrator of Clusif
The volume of publication on vulnerabilities is constantly increasing and the percentage of critical vulnerabilities is also increasing: IT teams must therefore apply more and more patches at increasingly short notice. What are the RSSI's weapons in the face of this seemingly lost battle?
The objective of the workshop is to share our findings and our difficulties in dealing with vulnerabilities in 2021 and to discuss good practices or solutions that allow us to get out of them. Participants will have to answer questions about The vulnerability treatment strategy: Should it be changed? Should we change the security policy in the face of changing circumstances? Responsibility sharing: How to empower stakeholders? How to educate businesses and users on the subject of vulnerabilities?
Management of remediation: How to avoid overloading the teams? How to industrialize the process and what are the conditions for success? Other questions can of course be debated on this broad subject.
"Risk mapping: First major step in risk management"
- Moderated by Helène Dubillot, Director of the Scientific Pole of AMRAE
Computer attacks, supply chain failures, natural disasters hampering business continuity, but also strengthening of the regulatory environment or volatility of currencies, or raw materials are all sources of uncertainty that can weigh on the achievement of objectives. business performance and profitability. In an increasingly uncertain and complex world, knowledge of risks and the means of controlling them is essential to the performance of companies. Risk Management is becoming more than ever the bedrock of responsible business. This implies, for companies to set up a system, led by a member of the organization and to define, with its Board of Directors / Supervisory Board, a specific risk appetite and risk management policy. Carrying out a mapping, which will formalize and prioritize the major risks, is a first step. The purpose of this meet-up will be to present this flagship risk management tool and to see its evolution over time.
Cyberinsurance: what do we do with your data?
- Moderated by Sébastien Héon, Deputy Chief Underwriting Officer at SCOR
Have you ever wondered what happens to the information you provide to insurers? Each year, CISOs present their company's cybersecurity to a panel of insurers. How is this information used? Are they too high level or on the contrary too technical? What are the essential subjects?
This workshop aims to discuss this annual dialogue between policyholders and insurers and to identify avenues for improvement.
Sharing information: why? How?
- Moderated by Eric Doyen and Didier Gras, Treasurer and Administrator of Cesin
The increasing volume of Cyber incidents, their impacts and the complexity of some attacks demonstrate the importance of information sharing within our Cyber community.
In an increased interconnected world, our companies simultaneously play a role of partner, supplier AND customer and it is not easy to maintain this sharing.
We wish to take advantage of the privileged moment of the Before to discuss, in a small group, the feedback and what we could capitalize on to maintain and develop this sharing which remains one of the keys to the success of our trusted community.
Corporate CIO & Cybersécurité Groupe Director, Lagardère
Technical Director - Customs and Excise
Cybersécurité Director ,"Groupement Les Mousquetaires" and CESIN
Scientific Director - Office of the Director General of the Gendarmerie Nationale
CISO/CSO, PwC France
Group CTO, Savencia
Cybersécurité Director , EDF Group
Deputy Group CSO, Axa
Responsable national de la sécurité des systèmes d'informations, Etablissement Français du sang
Vice President Global Chief Information Security Officer, Groupe SEB
Security Director SI Servier
Group CISO, ADP Group