XII Ural Forum
Information security of financial sphere

Program

February 18 (Tuesday)

Time HALL 1 HALL 2
10:00
10:20
KEY REPORT

Dmitry Skobelkin,
Deputy Governor of the Bank of Russia
 
10:30
11:50

Discussion
Financial Sphere Future: accessible, comfortable, secure

Moderator:
Alexey Bobrovskiy, Russia-24

Probable speakers:

Anatoly Aksakov, the State Duma
Yury Kontemirov, the Federal Service for Supervision of Communications, Information Technology, and Mass Media
Igor Lyapunov, Rostelecom
Iliya Massukh, the Competence center for import substitution within the Digital Economy program
Boris Simis, Positive Technologies
Artem Sychev, the Bank of Russia

Agenda:

  • Risks in financial sphere. Who holds responsibility: State? Society? Market?
  • Is HR a key element?
  • Stimulate or regulate, what option does fit better for Information Security market?
  • Ways to develop cyberculture.
 
11:50
12:00
The Awards Ceremony «Information security»  
12:00
12:30
Coffee-break
12:30
14:00

Session 1
Cooperation between financial institutions and law-enforcement bodies

Moderator:
Oleg Insarov,
the Prosecutor General’s Office 

Speakers:

Vadim Uvarov, the Bank of Russia

Valeriy Lyah, the Bank of Russia

Georgiy Luntovskiy, Association «Russia»

The Ministry of Justice of the Russian Federation

The Ministry of Internal Affairs of the Russian Federation

Session 2
OPEN API development on financial market

Moderators:
Dmitriy Dubinin, the Bank of Russia 
Igor Ramzanov, FinTech Association

Speakers:
Igor Ramzanov,
FinTech Association
Pilot OPEN API project Bank (is being clarified)
International expert (is being clarified)
Pavel Krilov, Group-IB

Agenda:

  • OPEN API development and standardization in Russia.
  • Open API piloting: Bank N Case 
  • International practice of open API assurance.
  • Threats to open API and its protection. 
14:00
15:00
LUNCH

15:00
16:30

Session 3
Digital economy — one year on the go

Moderator:
Olga Kraeva, the Bank of Russia

Speakers:
Dmitriy Dubinin,
 the Bank of Russia
Nikolay Zybarev, “Digital Economy”
Igor Lyapunov, Rostelecom
Iliya Massukh, the Competence center for import substitution within the Digital Economy program
Vladimir Prostov, Federal security service 
Dmitriy Reutskiy, Ministry of Digital Development, Communications and Mass Media of the Russian Federation
Roman Teknedjanov, Ministry of Digital Development, Communications and Mass Media of the Russian Federation
Alexander Chernishov, Roskomnadzor  

Agenda:

  • Digital sovereignty and all-time information security.
  • What have done and what will have done?
  • Legislative initiatives on “Digital Economy in the R.F.” program. 
     

Session 4
Application of Distributed Ledger technology in real world

Moderators:

Lev Shumsky, CISO at FinTech Association
Anatoly Konkin, IT- director, FinTech Association

Speakers:
Zulfiya Kahrumanova,
the Bank of Russia
Jorn Erbgut, University of Geneva (Switzerland)
Aleksey Tsvetkov, FinTech Association
Alexksander Chгburkov, TK159 
Stanislav Smyshlyaev, CRYPTO-PRO

Agenda:

  • Secure and Expandable Smart Contracts in Masterchain
  • Distributed Ledger technology. Personnel date security.  Smart Contracts regulation problem. 
  • Masterchain 1.0 Certification in the first person
  • Russian cryptography incorporation into client interface for Masterchain functioning
  • Distributed Ledger technology standardization: status and plans
16:30
17:00
Coffee-break
17:00
18:30

Session 5
Discussion:
Fast-cheap-secure: choose your way.
The best model to software development in current business environment

Moderator:
Sergey Pazizin, VTB Bank 

Agenda:

  • Flexible development and traditional waterfall process combination.
  • Is it possible to ensure security in development and testing process?
  • How does Information Security incorporate in flexible development process, without detriment?
  • Vulnerability analysis practice.   
  • Necessity of regulation. 

Speakers:
Igor Ashmetkov,
Gazprombank
Dmitriy Gadar, Tinkoff Bank
Artem  Gutnik, National Payment System (NSPK)
Sergey Demidov, Moscow Exchange
Andrey Ivanov, Yandex Cloud
Dmitriy Kyznetsov, Positive Technologies
Shrimant Tripathy, World Bank

Session 6
Information Security SAS service for small and medium banks

Moderator:
Alexey Voylukov,
Association “Russia”

Representative of the Bank of Russia

Speakers:
Aleksandr Barinov,
Rostelecom-Solar
Cybersecurity services for banks 

Vladimir Dmitiev, CyberArt
External Cybersecurity services for banks 
«What should be wrong»

Anna Shestakova, ACRIBIA

Vulnerabilities outsource management: Process №3 GOST 57580 practice  

Agenda: 

The issue of information security in small and medium banks gets more sensitive every day, especially when other companies are under risk. The small banks are in worse situation because they can’t afford staff and purchase a costly equipment, software and services. The regulator requirements fulfilling also has negative impact on business.  The solution for medium and small banks may be information security services outsource.     
 

19:00
21:00
DINNER

 

February 19 (Wednesday)

Time HALL 1 HALL 2
10:00
11:30

Session 7
Best practices of compliance with Bank of Russia regulation. What does the regulator expect of banks?

Moderator:
Andrey Vibornov,
the Bank of Russia

Speakers:
Andrey Vibornov,
the Bank of Russia 
The Bank of Russia normative documents’
requirement fulfilling: risks and best practice

Aleksandr Dudka, the Bank of Russia
Do you read the standard? We improve it!

Sergey Pazizin, VTB
Audit by the procedure of STO BR, 382-П, GOST P 57580.1-2017 and the Bank of Russia letter

Dmitriy Romanchenko, IBS
FID Antifraud и АСОI FinCERT services use

Technical Workshops
Perspective technologies in Information security

Moderators:
Aleksey Lukatsky,
business — consultant on information security
The Bank of Russia representative

Vladimir Dryukov, Rostelecom-Solar
Information about threats to SOC life   

Aleksey Tsvetkov, FinTech Association
Secure Smart Contracts development in Masterchain

Egor Nazarov, CrossTech Solutions Group
Docs Security designation and constant documents links in Blockchain age
 

11:30
12:00
Coffee-break
12:00
13:30

Panel discussion
International practices of information security and cyber resilience regulation. Operational and cyber risk management in financial institutions

Moderator:
Dmitry Tulin,
First Deputy Governor of the Bank of Russia

Speakers:

  • Representative, BRICS (Brazil or India)
  • Vasily Khizhny, Eurasian Economic Union (Belarus)
  • Shrimant Tripathy, Head, IT Risk and Security Advisory, World Bak Group
  • Representative, The Ministry of Foreign Affairs of the Russian Federation
  • Michael Buhtin, the Bank of Russia 
  • Artem Sychev, the Bank of Russia

Agenda:

  • Regulation and Supervision of cyber resilience 
  • Cyberdrills = stress-test 
  • Operational risks vs Information Security risks: together or severally?

Technical Workshops
Perspective technologies in Information security

Mihail Ordinarcev, Stanislav Gontarenko, FinTech Association
Infrastructure inventory and monitoring of information security from Scratch 

Andrey Zaikin, CROC
Application security providing in digital transformation age

Ruslan Ivanov, Cisco
Way to ensure interaction control and secure application using in modern data center, taking into account traditional approach, microservices and containers. 
 

13:30
14:30
LUNCH
14:30
16:10

Session 8
Efficient SOC development

Moderator:
Dmitriy Gadar,
Tinkoff Bank

Speakers:
Ekaterina Zhelunova,
the Bank of Russia
Cyberdrills organization based on attack’s scenarios analysis, the Bank of Russia approach 

Aleksey Pavlov, Rostelecom-Solar 
Focus of attention. Correct and wrong SOC tasks

Aleksey Novikov, Positive Technologies
TI in SOC: immediately or wait for a little?

Vseslav Solenik, R-Vision
Automation of data operation «threat intelligence»: what, why and how?

Dmitry Kolyshkin, Informzaschita
We have pentest!  Warn everyone!

Technical Workshops

Perspective technologies in Information security

Moderator: 
Lev Shumsky,
FinTech Association  

Aleksey Lukatsky, business - consultant on information security 
New technologies used in Information Security, review (blockchain, VR, AI, robots etc.)

Anton Antropov,  Rostelecom-Solar
Dmitriy Ulibin,  Rostelecom

Single biometrical system  

Anton Tihonov, McAfee
How do constant monitoring and burden control organize not only in “Clouds” 
 

16:10
16:40
Coffee-break
16:40
18:00

Session 8 (Continue)
Efficient SOC - complex, but affordable 

Speakers:

Sergey Golovanov, Kaspersky lab 
Attack on financial sphere in 2019 review. Practical examples and recommendations. 

Igor Kubyshko, Tinkoff Bank
Tinkoff Security Operations Center – How It’s Made
Dmitriy Gadar, Tinkoff Bank

Session 9
Comprehensible external audit: quality assessment issue and trust in audit’s result

Moderator: 
Vladimir Golovanov,
InfoTeCS
Anastasiya Haribina, Association ABISS, AKTIV.CONSULTING

Speakers:
Vadim Kudryavcev, Elvis-plus

Work organization of efficient interaction between customer and auditor
Representative of “DialogNauka” company   

18:00
19:00
DINNER

 

February 20 (Thursday)

Time HALL 1 HALL 2
10:00
11:30

Session 10
Authentication in finance – practices and perspectives


Moderator: 
Aleksey Sabanov,
deputy director in “Aladdin R.D.”

Speakers:
Anton Meluzov,
InfoTeCS, Internet-Trust 
Authentication  of parties and objects of digital legal relations in Russia – practice and trends
 
Ivan Berov,  Rostelecom
Biometric mobile Authentication 

Bank representative

Aleksey Sabanov, “Aladdin R.D.”
Authentication as basis for trust for online transactions 

Session 11
Fast payment system: risks and opportunities

Moderator:
Alla Bakina, the Bank of Russia

Probable Speakers:

Artem Gutnik, National Payment System (NSPK)
Vyacheslav Kasimov, MCB
Vitaly Kopisov, SKB-bank
Artem Sychev, the Bank of Russia
Vadim Yanborisov, Uniteller

Agenda: 

  • Security standards for fast payment system and fast payment system participants  
  • Security in fast payment system: cryptographical protection, protection on net and practical level
  •  Fast payment system and hidden risks in information risks mitigation
  • How is transactions secure ensured in   Fast payment system on system’s participant. 
  • Is outsourcing in fast payment system threat or opportunity?  Nuances of provider or aggregator work.      
     
11:30
12:00
Coffee-break
12:00
13:00

Public talk

Moderator: 
Alexey Bobrovskiy, Russia – 24

Speakers:
Zulfiya Kahrumanova, the Bank of Russia
Artem Sychev, the Bank of Russia
 

Technical Workshops

Sergey Vahonin, DeviceLock
DeviceLock DLP: Countermeasures to leaks of confidential information in real time.  

13:00
14:00
LUNCH

15:00
16:30

Session 12
Reducing social engineering risks in 2019

Moderator:
Lev Shumsky,
FinTech Association 
Artem Kalashnikov, the Bank of Russia 

Speakers:
Representative of the Bank of Russia Service for Consumer Protection and Financial Inclusion 

Olga Limonova, Antiphishing
Psychology of digital attack on financial institutions: evolution from 2016 to 2020

Dmitri Kolyshkin, Informzaschita
Social engineering or psychological attack 

Pavel Krylov, Group-IB
Quid pro quo 
 

Round table
Information security metrics.
Business view on CISO efficienc

Moderator:
Aleksey Lukatsky,
business - consultant on information security 

Speakers:

Artem Ilin, Tinkoff Bank
Tinkoff metrics 

Representative of Rostelecom-Solar

First of all, information security is a constant process and to show the result is necessary to use tools. Metrics are such the tool, which allows to show 
efficiency and resilience of process of information security for different target groups, from ordinary specialists to heads of information security departments.  

15:30
16:00
Coffee-break
16:00
17:40

Session 13
Requirements of 187 Federal Law and experience of its fulfilling. 
(16:00-17:30)

Speakers:

  • Elena Torbenko, FSTEC of Russia
  • Artem Sychev, the Bank of Russia
  • Banks 
  • Integrators 

Agenda:

  • Practice of classification of critical information infrastructure in financial sphere
  •  The Bank of Russia requirements on exchange date of protection information incidents fulfilling
  • Reaction to computer attacks on critical information infrastructure  

Session 14 
Anti-fraud technologies in payment systems

Moderator:
Aleksey Golenishhev,
Alfa Bank
Representative of the Bank of Russia 

Speakers:
Aleksey Golenishhev,
Alfa Bank
Cross-channel fraud as a reality and Cross-channel fraud monitoring as a must-have

Aleksey Sizov, Jet Infosystems 

Victor Gylevich, BSS
Digital footprints for personal digital identification. Practical example of technology

Dmitriy Berger, Zolotaya Korona
Fraud detected. What’s next?!

Nikolay Pyatiizbyantsev, Gazprombank 
Civil liability for theft with Electronic payments   

17:40
17:55

Ural forum in 15 minutes 

Aleksey Lukatsky, business - consultant on information security

 
18:00
19:00
DINNER
19:00
20:30
 

Closed session for financial organizations
Only for Russian participants   

Moderator:
Andrey Vybornov, the Bank of Russia
Artem Kalashnikov, the Bank of Russia 

 

February 21 (Friday)

Youth Day

(Оnly for Russian participants)

Get a program for national banks of the BRICS and EAEU countries