4-5 September, 2016
Dusit Thani, Dubai

Conference Day Two: Monday, 5 September 2016

08:30 - 08:50 Registration, refreshments and networking

08:50 - 09:00 Chair’s welcome and opening remarks

09:00 - 09:30 Organised E-crime: The new tool for stealing data, money laundering and conducting fraud

  • What should banks do to secure electronic payment gateways
  • Using contactless credit and smart cards to avoid physical contact with card holder and the merchant terminal as one of the techniques: Is this sustainable?
  • Teamwork between various stakeholders: Risk, information security, governance, forensics, electronic payments to isolate the e-crime

09:30 - 10:00 Digital fraud: Modernising cyber security to protect banks from evolving phishing and malware attacks

Jorge Sebastiao - Global ICT & Cyber Security Specialist, Independent Consultant, UAE
  • Defending information from unauthorised access and building a multi-tiered approach to improve defence mechanism
  • Balancing customer service excellence and fraud prevention using conventional and non-conventional methods
  • Using forensics tools to reduce risks of digital fraud and focus on threat protection operations

Jorge Sebastiao

Global ICT & Cyber Security Specialist
Independent Consultant, UAE

10:00 - 10:30 Building a centralised cyber security command centre: Intrusion detection, monitoring and risk mitigation in an evolving threat landscape

Mahmoud Yassin - Manager Data Center, National Bank of Abu Dhabi, UAE
  • Developing bio-metric ATMs to avoid cash money laundering and thinking beyond PINS and temporary digital Ids
  • System and security monitoring: Evolving smart banking security and using smart techniques to monitor intrusions and be prepared for sophisticated attacks
  • Working together as a team: Data centre, AML and IT security with risk management departments

Mahmoud Yassin

Manager Data Center, National Bank of Abu Dhabi

10:30 - 11:00 Networking coffee break

11:00 - 11:30 Cyber GRC: Getting the best out of ISO 27001, COBIT5 and UAE (IA) standards

  • Overview of the exisiting framework being used across the enterprise
  • Customising security objectives to fall in-line with the business processes
  • Securing the best from global practices to build a robust cyber GRC framework

11:30 - 12:00 Effective risk governance receipe for financial institutes

  • Understanding different lines of defences in the organisation with defined roles and responsibilities for each
  • The risk control framework embedded in key processes
  • Front to back risk views and enabling business decisions to align risk management strategy with organisation’s strategy

12:00 - 12:30 Cyber security assurance and framework: Driving it from the top

Alaa Nasrallah - Vice President – IT Audit, Arab Bank, Jordan
  • Cyber GRC: What’s the governance tone at the top?
  • Conducting periodic vulnerability assessments, penetration tests and improving the effectiveness of security controls to comply with the agreed cyber security framework
  • Using the “NIST” framework: Managing information security vendors and involving them in business continuity and IT disaster recovery plans to mitigate risks

Alaa Nasrallah

Vice President – IT Audit
Arab Bank, Jordan

12:30 - 13:00 Prayer and coffee break

13:00 - 13:30 BIG DATA: Using HADOOP tools to slow down financial data breachers

Tamer Al Ajrami - Head of Information Security, Capital Bank, Jordan
  • Transitioning from SIEM tools to HADOOP to manage size and complexity of data in organisations
  • Anticipating blind spots to ensure thorough preparedness and incorporating risk mitigation plans
  • Developing parallel HADOOP clusters in-line with the cyber security objectives of the organisation

Tamer Al Ajrami

Head of Information Security
Capital Bank, Jordan

13:30 - 14:00 What does data theft mean to different departments and what are the steps to minimise its subsequent impact

  • Bringing a level of consistency across data protection laws and legislations
  • I mmediate steps to be taken during a serious issue of data breach
  • Raising awareness of data security across deparments

14:00 - 14:05 Closing remarks by the Chair

14:05 - 23:59 Networking lunch and end of conference