Wednesday 13 October 5:00-5:45pm
The state of the health treat
Observation: in recent months the world of health has been particularly attacked. So much so that some experts note that “Health has been a laboratory for other sectors”.
In addition, to the attacks on hospitals, there are worrying data leaks in medical biology laboratories in western France. Several questions arise about the before, during but also after:
- Did we secure critical systems at the start of the crisis?
- How to deal with the problems in the regions?
- How are the supply chains (eg vaccines) secured?
- What lessons can be learned from these crises?
Speakers: Cédric Cartau (RSSI & DPO - CHU de NANTES); Charles BLANC ROLIN (RSSI - Center hospitalier de Moulins-Yzeure) Moderator: Philippe Loudenot(Cyber Security Delegate - Pays de la Loire Regional Council) et Axel Castadot (Head of the knowledge & anticipation division of the operations sub-directorate, ANSSI)
Geopolitics at the heart of the cyber debate
"There is a global aggressiveness in the cyber space on the part of the big states, that is the sense of the story." This recent statement by Guillaume Poupard shows the central role that geopolitics has taken on in the cyber space. How has the situation evolved in recent months to become one of the major concerns of the authorities? What are France's weapons in this cybernetic world? How to position yourself vis-à-vis the call from Paris, which rather advocates "disarmament".
Speakers: Aude Gery (Doctor of Law. Researcher - GEODE), Julien Nocetti (Senior Lecturer - Military Academy of Saint-Cyr Coëtquidan, Associate Researcher - IFRI), Général Didier Tisseyre (ComCyber) ; Stéphane Descous (Navigation Cyber Security Referent & Infosec Officer - Thales Alenia Space)
Moderator : Mélanie Benard-Crozat (Journalist, Editor-in-Chief - S&D Magazine)
Cyber insurance => Insurance not all risks
The last few months have seen a change in posture on the part of insurers, particularly under pressure from the public authorities who accuse them of paying ransoms too easily. But more generally, the explosion of attacks is calling into question the economic model of cyber insurance. Insurers are changing their offers, becoming more demanding to the point that some companies are wondering about subscribing. What is the state of the market? How to get the different stakeholders to come to an understanding in order to best manage the risk?
Speakers: Eric Vautier (RSSI ADP); Laure Zicry (Head of FINEX Cyber - Willis Towers Watson); Philippe Cotelle (Head of Cyber Insurance Management Airbus / Administrator of AMRAE); Valéria Faure-Muntian (Member of Parliament for La Loire)
Moderator : Florence Puybareau (Director of Content - DG Consultants)
Round table organized by Amrae
Risk management: lessons from a crisis
What lessons can we learn from the crisis we went through, particularly in terms of cyber risk management? What has it taught us about the relationship between Risk managers and CISO? What are the avenues for improvement and how to prepare for the next (crises)?
- How to define essential services?
- What structure to put in parallel to protect yourself?
- Who to lean on when operational staff are "upset"?
- Identify the “ancillary” actors who are essential for crisis management / resolution
Speakers: Oliver Wild (Chairman - AMRAE, Director of Risk and Insurance - Veolia group); Didier Fournier (Director of Cybersecurity - Veolia Group) and Anne Piot d’Abzac (Vice-President and General Secretary - AMRAE and VP Chief Risk Officer - Ipsen Pharma)
Moderator: Jerome Saiz (Consultant - Opfor Intelligence)
Round table organized by le Clusif : User awareness of cyber security
Ten years after the call from the director of ANSSI to apply the fundamentals, user awareness remains a must in cybersecurity. User first line of defense: Over 90% of successful cyber attacks start with an unfortunate user action. Le Clusif stimulates exchanges on best practices for improving cyber behavior: working group on awareness, sharing of awareness projects in the CISO Space, partnership with the cybermalveillance.gouv.fr platform. The round table will take stock of practices: newsletters, online training, simulation of attacks, escape game, training in cyber crisis management ...
Speakers: Henri CODRON, head of the RSSI space and administrator of CLUSIF, Christophe GIRAULT, RSSI and DPO of the Sorégies group, Sylvain LAMBERT, RSSI of Pôle Emploi, Nicolas VIELLIARD, Cybersecurity Operations Director of the Danone group
Elevator Pitch for startups
Come listen and discover the new nuggets of cybersecurity during this elevator pitch which will allow you to discover the technological solutions of tomorrow.
- AQUA Security
- CEQUENCE SECURITY
- CLEAR SKYE
- SIS ID
Speakers : Héloïse Aubert (Marketing Director - DG Consultants) et Axel Vergnerie (Communication Manager - DG Consultants)
Friday 15th October 3-3:45pm
CISO on the verge of a nervous breakdown
CISO has become a “warrior”. He / she is constantly under (big) pressure but do we give him / her the means to assume / to ensure? What future does he see? A number of them are on the verge of burnout (or more). How to help the CISO to verbalize, demystify, assume…?
During this round table, the results of a survey carried out by CESIN and the Advens firm on the stress of the CISO will be presented.
Speakers: Jean-François Louâpre (Senior Cyber Security Consultant), Bruno Kerouanton (former CISO and SSI expert) and Sabrine Guiheneuf (CESIN board member), Yann Ofanowski (Neurocognitive & Behavioral Coaching - Altamind)
Moderator : Cécile Desjardins, Journalist
Local authorities: What lever to better protect yourself?
Local and regional authorities have "taken dear" in recent months in terms of cyber attacks. As ANSSI reminds us, "a regulatory framework requires them to put in place various measures intended to secure their information systems, their digital services, and to protect the personal data of their citizens". They can now benefit from tools and funding under the cybersecurity component of France Relance. This round table will be the occasion for an overview.
Speakers: Gwenaelle Martinet (Advisor to the CEO of ANSSI, in charge of the “cyber” section of France Relance - ANSSI) and Éric Freyssinet (Deputy commander of the Gendarmerie nationale's cyberspace command) and Mauna Traikia (Territorial digital development advisor of Plaine Commune / Grand Paris - Vice President of the Digital Transformation of Territories Challenge)
Moderator : Mélanie Benard-Crozat (Journalist, Editor-in-Chief - S&D Magazine)
New attacks / new models: How to take into account these new scourges?
Recent attacks (eg SolarWind, Kaseya) have shown a paradigm shift. Attackers no longer directly target their final target, but rather suppliers up the chain. The consequences can be dramatic, especially since companies are still helpless in the face of these new risk models. What is the responsibility of the suppliers? How to work together to build end-to-end digital security?
Speakers : Henri d’Agrain (general delegate - Cigref) ; Garance Mathias (lawyer at the Paris bar - Mathias Avocats law firm) and Nicolas Arpagian (teacher at the EGE School of Economic Warfare)
Moderator : Florence Puybareau (Directrice des Contenus - DG Consultants)
Ebios Club round table: Building paths of attack from the ATT & CK MITER repository - Putting it into practice
Based on a simple use case, come and watch a concrete demonstration and discover:
- The results of the work of the Club EBIOS community aimed at adapting the MITER repository for use within the framework of the EBIOS Risk Manager.
- A method for gradually building a path of attack by using the tool and references to techniques from the MITER repository, translated and qualified by the Club.
- The modalities so that you can now exploit this work in your ecosystem.
Speakers: Valentin Lacaze (member of Club EBIOS) and Jean Olive (Vice-president of Club EBIOS)
Round Table organized by Cesin : Cyber insecurity, and if we take the problem at the root?
Since the origins of "computer security", there has been a sort of inevitability of poor software from a security perspective. The number of identified vulnerabilities is increasing exponentially to such an extent that the CISO is forced to make choices because it is now impossible to patch everything. Security spending is skyrocketing for the same reasons. For thirty years we have become accustomed to regularly receiving software updates as well as the famous patches and we had to create gas factories to manage them as soon as they were published. DevOps has only made matters worse with lifecycles that mostly do not incorporate security. The Solarwinds hack reminds us that attacks can creep into massively used software, including by large publishers, with increased risk against which there are few means of action. 100% software security is impossible, but should we resign ourselves and do nothing to improve the situation? Without going into "Ya Ka" theories, CESIN believes it is time to think about solutions. This round table will help launch the debate and identify areas for improvement.
Speakers: Didier Gras (Group Chief Information Security Office - BNPP); Philippe Loudenot (Cyber security delegate - Regional Council of Pays de la Loire) and Eric Singer (CISO EMEA - Schneider Electric)
Moderator: Alain Bouillé (General Delegate of CESIN).
Results of the first survey by the cybersecurity trades observatory
ANSSI, DGEFP and Afpa conducted an analysis of the cybersecurity job market and a study among professionals working in cybersecurity. Many of them spoke about their professional trajectory, their training course, their future. These results, which are rich in information, bear witness to a dynamic job market, and make it possible to identify specificities according to the professions exercised and professional environments: Where do cybersecurity professionals practice their profession? What types of structures do they work in? What is their remuneration? How were they recruited? How do they see themselves in the future? The speakers will present the results to you during this round table. It will also be an opportunity to discuss these issues in terms of recruitment, training and career management.
Speakers: Alexandre Besnier (Project manager, Business Prospective Department - AFPA) ; Aurélie Bauer (Head of CFSSI "Information Systems Security Training Center" - ANSSI)