BACKGROUND & SCOPE :
Proactive security and threat intelligence to thwart new cyberthreats
For public and private organizations IT systems, the Cloud, mobile, BYOD and other IoT trends are making increasingly difficult to protect their data and networks from more and more sophisticated cyber-attacks. A holistic approach of information security management is necessary to address the growing attack surface formed of hundreds of sources, devices and applications.
Yet, even with the most innovative cybersecurity technologies at application, endpoint and network levels, the flow of data and the need to react fast to security incidents are often overwhelming human’s ability. Security policies, skilled security team and end users’ judgement aren’t enough either to prevent security breaches across the entire IT infrastructure.
To scale their cyberthreat resilience, more and more organizations – not only the largest ones – are moving to security analytics and automation to enhance the prevention of security breaches, to quickly identify and respond to security incidents and, ultimate goal, to predict them.
This security intelligence marks a step beyond the traditional perimeter security approach and static rules of technologies such as Security Incident and Event Management systems (SIEM) and Identity and Access Management (IAM): a shift from reactive to proactive security.
This new approach relies on a set of real-time advanced analytics revolving around machine learning / AI / User Behaviour Analytics tech foundations associated with a necessary rethink of security management strategies, policies and mindsets for true “cyber resilience” and threat intelligence.
OBJECTIVES & FORMAT
Learning, assessing, discussing new cybersecurity tools and approaches
Over 2.5 days, the Security Automation World conference offers an independent platform to:
– Explore the state-of-the-art advanced analytics technologies for cybersecurity
– Review and assess the tools and platforms shifting from security monitoring to prediction
– Share models and best practices to implement adaptive security architectures
– Think forward threat intelligence to face the new cyberthreat landscape
Security Automation World will gather security practitioners and innovators from public and private sectors and anyone interested in keeping pace with the latest proactive security trends.
Held in the framework of Smart Security Week, Security Automation World is complementary to parallel conferences addressing complemantary security technologies to block and prevent attacks: World e-ID and Cybersecurity covering access and identification management and Connect Security World covering IoT Security.
LIST OF TOPICS
Security Automation World is looking for novel expert-level contributions in the following topics. We welcome suggestions of topics that presenters feel qualified to address.
Threat Detection & Response
● Advanced Analytics Platforms
– Big Data and advanced analytics for cyber security
– Behaviour analytics, user activity monitoring, enterprise threat detection
– Machine Learning for security, Machine Learning-as-a-Service (MLaaS)
– AI Security applications, Cognitive security
– Endpoint Detection and Response (EDR)
● Techniques, methods and models
– Situation/context aware security
– Unified/holistic security analytics
– Formal methods for security analytics
– Formal semantics of security policies
– Analytics of attacks motive and attribution
– Configuration testing, forensics, debugging and evaluation
– Cyber resilience approach
– Attack forensics and automated incident analysis
– Cyberthreats modeling
– Advanced persistent threat techniques detection
– Moving target defense
● Best Practices
– Implementing a risk-based security framework
– Security orchestration best practices
– Moving from SIEM to security analytics
– Automated identity management
– Risk-based authentication (RBA)
– Implementations lessons
● Compliance and Policies
– Risk management and compliance
– Centralised policy management and audit
– Security policy management
– Security metrics, indicators of compromise
– Security awareness policy
– Compliance, Accountability and provenance
– Evaluation and certification schemes and legal frameworks
● Security Strategy
– Automation to solve security talents scarcity
– Aligning security objectives to business strategy
– Manual vs automated monitoring
– Balancing automated and human expertise in a security team
● Cooperation with external partners, cooperation between government/regulation bodies and industry
● Government initiatives status and outlook: US CISA (Cybersecurity Information Sharing Act), EU directive NIS (Network and Information Security), New York State DFS…
● Structured threat information standards, implementation and progresses: IDMEF (Intrusion Detection Message Exchange Format), IODEF (Incident Object Description Exchange Format), ISI (Information Security Indicators), STIX (Structured Threat Information Expression), TAXII (Trusted Automated Exchange of Indicator Information), CybOX (Cyber Observable Expression)…
Aimed at a broad range of security practitioners in businesses (any size) and public organizations as well as professional evolving in data security sensitive environments, the conference will gather:
– Security managers, CISO/CSOs, CRMO/CROs, IT/security analysts, Risk Managers etc.
– Digital Security experts from Academia and Industry
– Data scientists and engineers, Data Warehousing and Business Intelligence experts
– Technology decision makers from Government departments and enterprise
– Regulators and standard bodies, CERTs
– Managed security services providers and implementers, IT/SaaS providers and implementers, Network operators and technology manufacturers
HOW TO SUBMIT?
Please send your speaking proposals using the submission template.
Authors are invited to submit their proposals electronically to email@example.com.
If authors do not receive acknowledgment within 72 hours, they are kindly invited to contact directly firstname.lastname@example.org.
All speaking proposals must be original ones and should be informative and impartial. The Program Committee will reject commercially-oriented presentations.
Deadline for abstract submission: Friday May 19, 2017
Decisions and Presentation
Notification of acceptance or rejection will be sent to authors on Friday June 16, 2017.
Authors of accepted presentations commit themselves to present their paper at the conference. In case of personal impediment, the speaking person should appoint the backup speaker.
Registration fee is included in the Platinum, & Gold & Silver sponsor packages for one speaker. Regular registration speaker’s registration rate is €550 excl. vat. Speaker registration gives access to the conference & proceedings, breaks and lunches, networking tool. Speakers’ travel and accommodation expenses are not covered by the organizers.
Proceedings of the conference will be available at the opening of the event. Clear instructions about the proceedings will be sent to the authors of accepted presentations.
The organizers commit themselves not to disseminate the presentations before the conferences.
Other important dates:
► Official Program Appearance: July 15, 2017
► Complete presentation for the proceedings: September 1st, 2017
Additional Participation Opportunities
► If you are a supplier of security intelligence solutions and expertise, you are also invited to take part in the exhibition.
► Awards: the “Smart Security Awards” will spotlight the best digital security solutions. Finalists will be invited to the Awards ceremony during the Gala Evening. The Awards selection process will start in May 2017, get prepared!