"My first Les Assises" mentoring session
Wednesday 9 October | 3:00-3:30pm
You've just arrived, the opening conference is over and you're thinking "where on earth am I going to go?" Don't worry, I'm going to explain everything to you! From best practice to organising your diary, from party management to getting a better overview of the Grimaldi Forum venues, the idea of this session is to get together with new guests, answer any outstanding questions, share your thoughts and help you have a great conference!
- Hosted by: Loïs Samain, CISO, EDF Hydro
Regulatory overview: what's on the horizon for the end of the year?
Thursday 10 October | 10:00-10:30 am
Let's decipher regulations together! It's true that regulations are not an easy subject to tackle, but they have to be complied with! That's why we've put together an overview of the regulatory landscape, highlighting the key aspects to bear in mind for each key regulation. We'll discuss the business impact of the IA Act, the Cyber Resilience Act, NIS2 and DORA in a pragmatic and operational way. Join us for a stimulating and informative discussion on the regulations shaping the future of cybersecurity.
- Garance Mathias, Lawyer at the Court of Paris
- Paul-Olivier Gibert, President, AFCDP
Building a remediation plan after a cyber incident
Thursday 10 October | 11:00-11:30 am
The remediation of a cyber security incident is a little-known subject with considerable stakes. On the basis of its operational feedback and its strong expertise, in 2023 ANSSI launched a sharing of its vision of the doctrinal bases in remediation with the ecosystem. After a public consultation, we published a doctrinal corpus “Cyberattacks and remediation” at the start of 2024. While these documents provide a theoretical basis, it is not always easy to put them into practice. In response to this problem, we propose to present the choices structuring a remediation and implementation approach. The presentation focuses on the construction of a remediation plan based on the “Piloting Remediation” guide, which is the operational part of the corpus. Based on concrete examples, the presentation will provide the audience with a common thread for organizing an organization's survival in the face of a cyber incident and structuring its rebound.- Prachea Thiounn, CERT-FR, ANSSI / Control Recovery Assistance Office
When our mental flaws open the door to cyber attacks?
Thursday 10 October | 2:00-2:30 pm
According to an IBM study, human error is the main cause of 95% of cybersecurity breaches. In other words, if human error were entirely eliminated, 19 out of 20 security breaches might not have occurred at all. There are 3 reasons for this statistic: the tendency of individuals to overestimate their own intelligence, cognitive biases and, finally, the sense of familiarity built (by design) into AIs to make them easier to use. In this meetup, we'll explore the limits of human (and artificial) intelligence, and in particular the influence of cognitive biases, through concrete, playful examples.
- Camille Morvan, Cognitive Science Researcher, Harvard and co-founder, Goshaba
Legal liability: what do CISOs - and their CEOs - risk?
Thursday 10 October| 3:00 - 3:30 pm
New European regulations (the NIS-2 Directive, the DORA Regulation, etc.) and other local or sector-specific regulations (SEC, New York Department of Financial Services (NYDFS), etc.) provide for the Information Systems Security Officer or senior management to be held liable in the event of a breach of cybersecurity. What is the reality of this legal risk, whether civil or criminal? What measures can be taken to protect against it? What is the scope of a delegation of authority?
- Nicolas Arpagian, Vice-President, HeadMind Partners
- Garance Mathias, Lawyer, Paris Court of Appeal
OSINT: what the CAC40 top 20 have to hide
Thursday 10 October | 4:00-4:30 pm
Many employees, including COMEX members, claim they have nothing to hide. Yet, in this talk, we will demonstrate how simple Open Source Information Retrieval (OSINT) techniques can be exploited by criminals. We'll explore how these methods can lead to presidential fraud, compromised information systems, organized protests and even physical attacks on VIPs. The personal and professional information of top 20 CAC 40 executives, harvested via Open Source Intelligence, can have a direct impact on the security of the organization's information systems, as well as on the survival of the company. This session aims to raise awareness among executives of the importance of protecting digital information, and to show how OSINT can be used for malicious purposes.
- Sylvain Hajri, Founder & CEO, Epieos