2022 edition

Speech by HE Mr Pierre Dartout, Minister of State of the Principality of Monaco, followed by speeches.

Christian-Marc Lifländer, Head Cyber and Hybrid Policy Section, Emerging Security Challenges Division, NATO Headquarters, Brussels, as Head of the Cyber Defense Section, Mr. Lifländer is responsible for leading the development and implementation of NATO-wide cyber defense policy. Assises is delighted to welcome Mr. Lifländer for a talk on the impact of the geopolitical situation on cybersecurity issues.

Guillaume Poupard, Director General of ANSSI, will then speak on a number of topical cyber issues: "Changing scale to collectively raise our level of cybersecurity" Ransomware, denial-of-service attacks, computer sabotage, cyber espionage - these are all words that are now regularly in the news, and part of the daily lives of businesses, administrations and all French citizens.

 

Faced with a professionalized threat affecting more and more entities, of all sizes and often poorly protected, it is imperative that we change scale to better protect ourselves. NIS 2, cloud, innovation: there are many challenges to be met, and all of us need to raise the nation's level of cybersecurity. The conference will close with a round-table discussion between Christian-Marc Lifländer, Head Cyber and Hybrid Policy Section, Emerging Security Challenges Division, NATO Headquarters, Brussels, Guillaume Poupard, Director General, ANSSI and Thierry Auger, President of Assises 2022 and Corporate CIO & Group CISO, Lagardère.

Testimonials from an Olympic champion and a fighter pilot on an aircraft carrier

In an increasingly turbulent world in economic, social, climatic and geopolitical terms, how can we develop a resilient mindset to better face the present and the future? How can we learn to prepare ourselves for the unknown, and maintain an operating margin that allows us to take control of our actions? During this plenary conference, a former Olympic swimming champion and an aircraft carrier fighter pilot will share their respective experiences and show that uncertainty, far from being a brake, can be a formidable lever for action.

With :

• Alain Bernard, Double Olympic Swimming Champion
• Guillaume Schutz, Carrier-borne fighter pilot & second-in-command of escadrille 57S

Corporate infrastructure has evolved. The threat landscape is constantly evolving. Cybersecurity must evolve too. In this keynote, Tomer Weingarten will review the recent history of cybersecurity, and explore its future over the next decade. What is XDR? What are the results? How can the right use of data keep you one step ahead of today's and tomorrow's adversaries? Because the XDR era will be won by those who understand how to make the most of the power of their data, and know how to leverage it to go faster. Cybersecurity innovation, thought leadership and new perspectives will be the highlights of this provocative and interesting discussion.

With :

• Tomer Weingarten, CEO, SentinelOne

Corporate infrastructure has evolved. The threat landscape is constantly evolving. Cybersecurity must evolve too. In this keynote, Tomer Weingarten will review the recent history of cybersecurity, and explore its future over the next decade. What is XDR? What are the results? How can the right use of data keep you one step ahead of today's and tomorrow's adversaries? Because the XDR era will be won by those who understand how to make the most of the power of their data, and know how to leverage it to go faster. Cybersecurity innovation, thought leadership and new perspectives will be the highlights of this provocative and interesting discussion.

With :

• Tomer Weingarten, CEO, SentinelOne

OVHcloud and its ecosystem are determined to create a European cloud alternative that can challenge the position of the GAFAMs. This conviction is based on a shared culture and strong values: transparency, trust, responsibility and innovation. In its quest to respond to technological, societal and environmental challenges, OVHcloud is committed to offering relevant solutions to its customers. During this Keynote, Michel Paulin, CEO of OVHcloud, will be the spokesperson for this key vision for our future. He will explain his commitment to creating an open, reliable and trusted cloud. Also, he will present how OVHcloud's industrial model is one of the most innovative and efficient in a world where resilience is at the heart of our concerns.

With :

• Michel Paulin, Managing Director, OVHcloud

We are now 2 years away from the opening of the Paris Olympic Games. Paris 2024 represents a budget of 7.3 billion euros, 13.4 million tickets on sale from February 2023, 600,000 spectators for the opening ceremony on the banks of the Seine, 10,500 athletes expected, and nearly 40 venues in the Paris region and beyond. The potential ramifications of a cyber-attack on such a large-scale event cannot be overstated. Achieving this delicate balance between accessibility and security is a constant challenge for event organizers. As cyber-attacks intensify and the attack surface expands, it is essential to take proactive measures to deal with potential threats, but also to restore normal activity as quickly as possible in the event of a compromise. Detecting and responding to attacks is no longer enough. Today, only AI can provide a holistic response to these challenges. It has become a vital member of cyber security teams, whatever the sector. During this keynote, Karim Benslimane, Director of Cyber Intelligence at Darktrace will share the advances and technological results of the Cyber AI Research Center to prevent, detect, respond and remediate cyber attacks.

With :

• Karim Benslimane, Director of Cyber Intelligence, Darktrace

Over the past few years, the posture of the CISO has changed considerably, and with it, his or her missions and what the company expects of him or her. The CISO of 2022 must be a true "Swiss Army knife": managing teams, communicating at all levels of the organization, talking to HR, presenting action plans to Comex, knowing how to convince... These are qualities and skills that are not learned in engineering school, but throughout one's career. This round table will provide an opportunity to examine how to acquire these soft skills, and to identify the players who can support CISOs in this process.

Moderated by Cécile Desjardins, journalist

With :

• Sabrine Guiheneuf, CISO, CESIN Administrator
• Gérard Le Comte, Director of Cybersecurity Programs, Professional Coach, Mentor
• Nicolas Vielliard, Cybersecurity Operations Director, Danone and Clusif Administrator

Faced with an ever-increasing number of cyber risks, and in a digital environment that continues to accelerate, what can technological innovations offer today? What are the challenges for CISOs? How do they tackle these issues? And how can they stay "on the cutting edge" when they are faced with severe budgetary, technical and human constraints? After identifying what is meant by technological innovation in cyber, this round-table discussion will attempt to answer the many questions CISOs are asking themselves to understand how to integrate it into their roadmap.

Moderated by Jérôme Saiz, Corporate Protection Expert - OPFOR Intelligence

With :

• Sabine d'Argoeuves, IS/IT Corporate Security Manager, Danone
• Thomas Anglade, Head of Data Science - OT security
• Maxime Cartan, Co-founder & CEO, Citalid

It's an understatement to say that for the past two years, the situation between insurers and companies regarding cyber risk has been tense. In its latest study, AMRAE (Association pour le Management des Risques et des Assurances de l'Entreprise) even points out that some large organizations have decided not to take out insurance. And this at a time when cyber risks are on the increase.

The reason: premiums that are too high for customers, while insurers are struggling to find their business model and prefer to withdraw. Against this backdrop, what room for manoeuvre do the protagonists have? How can risk be assessed so that it is acceptable to all? What have companies that have opted out of their insurance put in place? How can insurers add value to their offers?And how can we respond to rating agencies?

Moderated by Florence Puybareau, Content and Communications Director, DG Consultants

With :

• Gilles Berthelot, Group Digital Security Director, SNCF
• Philippe Cotelle, Head of Cyber Insurance Management of Airbus Defence & Space-Administrator of AMRAE
• Sébastien Heon, Cyber Solutions Deputy Chief Underwriting Officer, Scor
• Anne Cridlig, Head of Professional Indemnity & Cyber Department Financial Lines, Zurich Insurance

Russia's invasion of Ukraine last February raised fears of an explosion of conflict-related cyber attacks in Europe. While the catastrophic scenarios did not materialize, the event did bring geopolitics a little more to the fore. In the space of just a few months, the subject has found its way onto every corporate board and Comex. CISOs are also concerned, and must be prepared to face up to new digital threats. This round-table discussion will look at the impact of this situation on companies, their adaptability in the face of these issues, and the posture of CISOs.

Moderated by Mélanie Benard-Crozat, Editor-in-Chief, S&D Magazine

With :

• Christine Dugoin-Clément, Researcher at the "Risques" Chair, at the Observatoire de l'intelligence artificielle Paris 1 and at CREOGN
• Guy Phillipe Goldstein, Strategic Advisor, Expon Capital
• Michel Cazenave, Director | DSSR | Regional CISO-CSO France & Maghreb, PwC

There can be no cybersecurity without working closely with both internal and external ecosystems. Yes, but that's a problem when you consider that many attacks and threats come from a supplier or service provider. Trust then turns to distrust. This round-table will focus on how to work together with all the links in the chain (from subcontractors to government authorities). What are the prerequisites for working with service providers (in particular, establishing a risk analysis)? And why it has never been so important to cooperate with the business lines.

Moderated by Caroline Moulin-Schwartz, Consultant and Technical Delegate, CRiP

With :

• Maricela Pelegrin-Bomel, National ISS Manager Etablissement français du sang
• Nadège Reynaud, Cybersecurity Director, TNP Consultants
• Vivien Mura, Head of Industry and Technology Division, ANSSI
• Gauthier Lulka, Chief Information Security Officer, Murex

Cyber Security Governance is an iterative approach to managing corporate risks:

- Define the roles and responsibilities of the various players.

- Set technical and behavioral objectives via policies and standards

- Present the operational maturity to be reached and the appropriate means to be implemented and

- Reassure through threat detection and treatment, business continuity and resilience capabilities on information systems.

In its early days, governance was primarily concerned with compliance. Today, it must respond to both conjectural and structural needs, regardless of the CISO's technical or organizational skills. From now on, Cyber Security governance must integrate new dimensions such as fluctuating business constraints, opportunities to be seized, company drivers and the values of its CISO.

This round table will provide an update on new approaches to cybersecurity governance.

Moderated by Alain Bouillé, CESIN General Delegate

With :

• Eric Singer, CISO EMEA at Schneider Electric
• Fabrice Bru, Cybersecurity Director, STIME
• Hervé Dubillot, CISO Pomona Group
• Maxime Descombes, CISO Groupe Bel

Data security has always been at the heart of the work of cybersecurity managers. But while major advances have been made in the security of data in transit and data in storage, there is still a lot of ground to cover: the security of data during processing! Numerous technologies are currently being developed, both in hardware - for better isolation within processors and memory - and in software, with the emergence of new encryption mechanisms. These technologies should play a key role in reducing the risks associated with cloud computing. The concept of Confidential computing is emerging, becoming more normalized and accelerating. But what exactly is it? What are the concrete applications today? Will we be able to achieve "ultimate" security in the future, when we can process data while keeping it encrypted?

The stakes are high, and this exceptional round table, which will bring together some of the market's leading hyperscalers, key players in the development of these new technologies, will provide an opportunity to discuss this fundamental issue for CISOs.

Moderated by Thierry Auger, CIO Corporate & Cybersecurity Director Lagardère Group

With :

• Mathieu Jeandron, Public Sector Tech Lead France&Benelux, AWS
• Thiébaut Meyer, Office of the CISO, Google Cloud
• Julien Levrard, CISO OVHcloud
• Arnaud Jumelet, National Security officer, Microsoft France

Over the last few years, we've seen a veritable revolution within industrial companies: emergence of new uses, particularly with mobility and the Cloud, Industry 4.0, industrial dataLake, Digital Twin, etc. Organizations increasingly need to exchange with this industrial world (OT), which was once compartmentalized and designed to remain independent. Yesterday's theoretical "Purdue" model hardly applies to today's architecture models. This round table will provide an opportunity to take stock of the current situation, highlight new developments and look ahead to the medium and long term.

We'll be discussing the technical and organizational means that need to be put in place to successfully support the digital transformation of manufacturers, without sacrificing the protection of industrial processes.

Moderated by Loïs Samain, CISO, EDF Hydro and member of CESIN's Lab OT.

With :

• Orion Ragozin, CISO Idemia
• Frédéric Mirault, Group Sr Industrial Cyber Risk Manager, Suez and co-leader of CLUSIF's Industrial Systems Cybersecurity WG
• Nicolas de Peslouan, CISO of Stime DSI Groupement Les Mousquetaires and member of CESIN's Lab OT

In France, the number of vacancies in the cybersecurity sector runs into the thousands, and the phenomenon is only growing, at the risk of increasing the danger for talent-starved organizations. Although training courses are on the increase, they are far from sufficient to absorb the demand. It's imperative, indeed vital, to multiply sources, open up horizons and change our approach to the profiles we're looking for. This round-table discussion will provide an opportunity to learn about new recruitment and training methods, to go beyond stereotypes, and to consider the industry's responsibility in this shortage.

Moderated by Cécile Desjardins, Journalist

With :

• Gilles Casteran, CEO, AIGAVE
• Martin Jalenques, Regional Cyber Security Manager Schneider Electric
• Emmanuel Retif, Human Resources Director, Cloud Infrastructure Services France, Capgemini

The aim of this round table is to present the structuring role of EBIOS RM in supply chain risk management. On this occasion, a number of major players in the field of information systems will present the challenges and expectations in terms of securing the supply chain, and will illustrate their testimonials with feedback.

With :

• Vincent Loriot, Head of the Digital Security Management Division-Sub-Directorate Strategy-ANSSI
• Olivier Ligneul, Director of Cybersecurity, EDF Group
• Dominique Guiffard, IT & Digital Services Group CTO Savencia
• Maricela Pelegrin-Bomel, National ISS Manager Etablissement français du sang

Triple sales in the cyber sector and create 37,000 jobs by 2025. This is the ambition of the national acceleration strategy for cybersecurity, with a plan worth over one billion euros. What's the roadmap behind it? What is the government's overall strategy? What resources are needed to achieve these ambitions? What coherence is there at European level? What are the expectations and recommendations of experts and politicians to meet these challenges? What are the priorities, investment and development strategies for the emergence of talent? Find out from our guests.

Moderated by Mélanie Bénard-Crozat, Editor-in-Chief S&D Magazine

With :

• Gilles Babinet, Co-Chairman, Conseil National du Numérique
• William Lecat, Investment Director, Cyber Impact Ventures, Auriga Partners
• Elena Poincet, Founder and CEO, Tehtris
• Aurelien Palix, Deputy Director of Networks and Digital Uses, DGE

In 2017, the work of CLUSIF members was already showing the value of IT security dashboards: the indicators were being used for continuous security improvement and in communication with organizational management. Today, cybersecurity performance indicators are omnipresent in the activities of CISOs. Members of the Espace RSSI du Clusif will give an overview of good indicator practices: Cyber Rating to evaluate suppliers, Cyber Score of web services to increase user confidence, Dashboards to raise awareness and obtain management support, Comparison / Evaluation of entities in an international or distributed organization to increase their security performance...

With :

• Henri CODRON, coordinator of Clusif's CISO Area
• Benoit FUZEAU, President of Clusif and CISO of Casden Banque Populaire
• Sylvain LAMBERT, CISO at Pôle Emploi
• Nicolas VIELLIARD, Clusif Administrator and Cybersecurity Operations Director at Danone
• Jean-Marc BOURSAT, Security Officer at Totalenergies

President of a ready-to-wear company that has just set up shop in the Metaverse, Madame Crypto starts receiving insulting and hateful messages from an anonymous avatar. Then, the odious virtual character informs her that he holds all her customers' personal data and demands a crypto-currency ransom. Finally, Mrs. Crypto's own avatar is stabbed to death and found lying on the ground in a pool of blood. How can the vicious cycle be stopped? What are the rights and duties in the Metaverse? What justice is there for the victim and his assailant? Come and follow the investigation and the unfolding of a trial in the world that could well be tomorrow's.

With :

• Christiane Féral-Schuhl, Lawyer, Cabinet Féral-Schuhl
• Myriam Quemener, General Counsel, Paris Court of Appeal
• Anne Souvira, Head of the Paris Police Prefecture's cyber mission at the DILT
• Gérard Rio, Founder of Assises
• Jérôme Saiz, Expert in corporate protection - OPFOR Intelligence

After 24 hours of your first Assises, it's time to get together and take stock: how are things going?

Do you still have questions? The idea of this session is to get together with new guests, answer any outstanding questions, share your thoughts and help you in the home stretch!

With :

• Lois Samain, CISO, EDF Hydro and Co-founder of ComptoirSecu Podcast

A real headache for CISOs, update management is nonetheless crucial. Faced with the hemorrhaging of critical vulnerabilities, come and take part in a "battle" between Eric Singer, who considers this process to be mature and under control, and Didier Gras, for whom there are areas for improvement in order to obtain a commitment to results. Sensitive souls abstain!

With :

• Didier Gras, IT Risk & Cybersecurity Officer, BNP PARIBAS and Director of CESIN and
• Eric Singer, CISO EMEA, Schneider Electric Eric Singer, CISO EMEA, Schneider Electric

Presented two years ago at the Assises by Michel Van Den Berghe, the Cyber Campus project came to fruition this year. The site, which opened its doors to the cyber community last February, is now home to over 160 organizations, institutions and schools, including teams from the Hermes Group. At this meet-up, Julien Bachelet will present the initial benefits of working in this totem of French cybersecurity, and discuss future prospects with participants.

With :

• Julien Bachelet, CISO and Cybersecurity Director, Hermes

On July 5, 2022, the European Parliament passed new legislation on digital services (Digital Service Act) and digital markets (Digital Market Act), imposing standards on the responsibility of online companies. But what are we really talking about? Who is affected, and what are the consequences for companies and their CISOs? A meet-up to look beyond the acronyms and understand the objectives and stakes of these new regulations.

With :

• Myriam Quéméner, General Counsel at the Paris Court of Appeal

Is unrestricted deployment a reality? Does the management of this new model impose new rules? Is the EDR/XDR solution as "authoritarian" as anti-virus was a decade ago? Should we abandon traditional defenses, and rethink the whole defense system for greater efficiency and better results? What are the KPIs of these solutions?

With :

• Eric Doyen, IS Operational Security Director, Malakoff Humanis

Zero trust" is gaining ground in companies, but is still very often associated with the IT environment alone. However, generic IT security principles can also be applied to industrial environments. Using Schneider Electric as an example, this meet-up will show how the two worlds can converge, and recall the seven principles on which to base this approach.

With :

• Eric Singer, CISO EMEA, Schneider Electric

Because automatic protection systems are not 100% reliable, users of digital systems are often an organization's first and last line of defense against information risks and cyber-attacks. Injunctions to do or not to do are not effective: the statement of rules must be accompanied not only by how to follow them, but also and above all by why they must be respected. And from what real and specific risk we are protecting our organization by applying each of them. In short, to make sense. By using the most appropriate channel according to the message, it is possible to get closer to the dream objective of awareness-raising: Changing behavior.

With :

• Antoine Bajolet, Co-animateur de l'Espace RSSI du Clusif, RSSI/RPCA for the Henner Group