Program (Draft)
February 16 (Wednesday)
Registration of Participants |
|
Opening of the ForumWelcoming video address by Elvira Nabiullina, Governor, Bank of Russia |
|
Plenary Discussion
|
|
Presenting the Bank Information Security award to its winners |
|
Coffee Break |
|
HALL 1 |
HALL 2 |
Session 1. Banking Product SecurityModerator: Sergei Pazizin, Deputy Head of the Information Security Department, VTB Bank
Presentations: Dmitry Gadar, Vice President, Director of the IS Department, Tinkoff Bank
Discussion topics:
|
Session 2. Payment SecurityModerator: Pavel Krylov, Head of Fraud Hunting Platform, Group-IB
Presentations: Artem Gutnik, Head of Cyber Security, NPCS
|
Lunch |
|
Discussion
|
Session 3. Financial and Cyber Literacy: To Prevent, Not to HarmModerator: Veniamin Kaganov, Director, Financial Literacy Development Association
Invited Participants: Mikhail Mamuta, Head of the Consumer Rights Protection and Financial Inclusion Service, Bank of Russia
Discussion topics:
|
Coffee Break |
|
Session 4. Issues of Identification, Authentication and Use of Electronic Signatures by Banking StakeholdersModerators: Aleksei Sabanov, Deputy CEO, Aladdin R.D. |
Discussion
|
Issues of identification and authentication in banking communication |
|
Aspects of authentication and use of electronic signatures from mobile devices |
|
User components for remote identification via UBS |
|
Application of mobile solutions for electronic signature and authentication in banking processes |
|
Electronic signature for bank clients. Aligning technology and legislative stacks |
|
Issues of identification and authentication of users in light of the new regulatory framework |
|
Problems and opportunities of identification and authentication of users and application of electronic signature in the light of the new regulatory framework |
|
OPEN-AIR GALA DINNER |
February 17 (Thursday)
PITCH SESSION
|
PITCH SESSION
|
PITCH SESSION
|
PITCH SESSION
|
|
Workshop
|
Coffee Break |
|
Discussion
|
Workshops
|
Detecting attacker tactics using MITRE ATT&CK model with deception techniques |
|
SD-Branch + Zero Trust Network Access to protect financial organizations |
|
Provision of GOST VPN channel security |
|
Lunch |
|
Session 5. Current Regulatory IssuesPresentations: Andrei Vybornov, Deputy Director of ISD, Bank of Russia
Discussion topics:
|
Session 6. Interaction Between Financial Organizations and Law Enforcement AgenciesModerator: Vadim Uvarov, Director of ISD, Bank of Russia
Invited Participants: Valery Lyakh, Director of the Department for Countering Misconduct, Bank of Russia
Discussion topics:
|
Coffee Break |
|
Business Game
|
A closed session for financial organizationsModerator: Sergei Pazizin, Deputy Head of the Information Security Department, VTB Bank
Changes in supervisory rules (PD, CII, Bank of Russia requirements) Cyber exercise: results. Typical mistakes made by organizations supervised by the Central Bank Q&A: All You Wanted to Know but Were Afraid to Ask |
Dinner |
|
Partner Activities |
February 18 (Friday)
Session 7. Security Architecture and TechnologiesModerator: Denis Batrankov, New Security Strategies Consultant, Palo Alto Networks
Presentations:
|
Session 8. Using Clouds in Financial OrganizationsModerator: Lev Shumsky, CSO, Yandex bank
Practical experience in providing cloud services to financial organizations Barriers to using cloud services and ways of overcoming them GOST 57580.1-2017 in public cloud – outsourcing implementation
Discussion |
Coffee Break |
|
Session 9. Cyber Risk Insurance.
|
PITCH SESSION
|
Lunch |
|
Session 10. Aspects of Ensuring IS in Non-Credit Financial OrganizationsModerator: Mikhail Shabanov, Chairman of the Economic and Information Security Committee, NAUFOR
Invited Participants: Sergei Demidov, Director of Operational Risk at the Information Security and Business Continuity Department, Moscow Exchange |
Session 9. Ecosystem Security. Internal Regulation of IS in a Company GroupModerator: Rustem Khairetdinov, Director of Growth, Bi.ZONE
As an asset to be protected, an ecosystem is a set of interconnected digital systems that constantly exchange data with each other and with external systems. Each digital system in the ecosystem has its own purpose, its own owner, its own lifecycle and its own regulation depending on functions and processed data. At the same time, any digital system in an ecosystem can be a “weak link” that, if compromised, can give an attacker access to the infrastructure and data of the entire ecosystem. In addition, different digital systems within an ecosystem may be regulated differently and even by different regulators. How to ensure practical and paper-based security across the entire ecosystem? What approaches and technologies are used to protect ecosystems? Segmentation, architectural solutions, requirements management systems, non-transmission of raw data, embedded and overlaid technical solutions: we will discuss best practices of their use at the plenary session. |
Ural Forum in 15 Minutes |
|
Concluding Remarks |
|
Dinner |
|
Closing Party (Sunrise Hotel)
|