UK: Information Security Forum Congress, 3-6 November, Chicago

Last week I was lucky enough to attend and speak at the International Security Forum (ISF) annual Congress in Chicago, home of the newly elected President, US of A.

Spread over 4 days and attracting up to 620 delegates, this is one of the most eminent information security conferences, where the great and good gather and take stock of the world in their expert eyes, with the obligatory wining and dining thrown in for good measure.

The location chosen did not disappoint – I have never been to Chicago before but had heard only favourable reports from friends and colleagues and the 'Windy City' duly delivered!  From the moment the imposing panorama of skyscrapers appeared on the horizon as our cab driver meandered his way into Downtown Chicago through heavy traffic, I was hooked on this striking city.

The main conference started on the Sunday morning with a fascinating talk in the main auditorium from Gene Kranz who was part of the Apollo 13 mission.

I stayed in the main auditorium after Gene's speech for a roundtable between Nellie Kroes, Director of Digital Communications at the European Commission and Trevor Hughes , CEO of the International Association of Privacy Professionals, expertly chaired by Nicholas Witchall, of BBC journalism fame.  Both Nellie and Trevor spoke briefly about the new proposed EU Data Protection Regulations and Trevor gave his thoughts – expressed in some cases through the interesting medium of contemporary art pictures – on the challenges some of the new requirements pose. The main takeaway I took from this session was Nellie's intention that the new Regulations will be in place by 2014; whether that intention is realised remains to be seen.

In a later session for a specialist Privacy group, we were treated to the inside track from Trevor Hughes on the latest rumours from Brussels on which parts of the proposed EU Data Protection Regs were likely to be 'watered down'. These included the 2% of annual turnover fine; the controversial 'Right to be forgotten' proposal; and the draft requirement to notify a security breach to a regulator within 24 hours.  If this turns out to be true, some CEOs might sleep a little easier in their beds!

On Monday I delivered my presentation on 'The global privacy conundrum:  EU v US'.  The idea was to compare and contrast the two jurisdictions' approach to privacy and the challenges both world powerhouses are facing.  To do this, I brought along a US colleague, Robert Glaser from our Houston office, to present the view from across the pond but he was unfortunately left with little time to deliver his side of the speech due to the fevered debate that kicked off over the proposed EU Regs!

To round off my congress experience I dropped in on a talk about the ISF's 'Threat horizon: 2013-2015'.   Not being an expert in the area of Cyber security, I thought I would take this opportunity to learn something.  And learn something I did.  While there is a lot of 'noise' about the prevalence of cyber attacks, I was astonished to hear that if someone wanted to launch an attack on a certain company, all that was needed was to log on to particular online forums, download a piece of software, select a desired target and hit the "Go" button! If that's the case I think our cyber security team will find themselves in plenty of work for years to come...

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.