Registration of Participants

Opening of the Forum

Welcoming video address by Elvira Nabiullina, Governor, Bank of Russia
Keynote speech by German Zubarev, Deputy Governor, Bank of Russia

Plenary Discussion
Cyber Resilience and Operational Reliability – Regulators’ View

Moderator:

Aleksei Bobrovsky, Chief Producer, TASS

Participants:

German Zubarev, Deputy Governor, Bank of Russia
Aleksandr Shoitov, Deputy Minister of Digital Development, Communications and Mass Media of the Russian Federation
Milos Vagner, Deputy Head, Roskomnadzor
Dmitry Shevtsov, Head of Department, FSTEC of Russia
A representative of the Executive Office of the Government of the Russian Federation
A representative of the Russian Federal Security Service

Presenting the Bank Information Security award to its winners

Coffee Break

HALL 1

HALL 2

Session 1. Banking Product Security

Moderator:

Sergei Pazizin, Deputy Head of the Information Security Department, VTB Bank

Presentations:

Dmitry Gadar, Vice President, Director of the IS Department, Tinkoff Bank
Artem Kalashnikov, Project Director, Gazprombank
Dmitry Sobolev, CEO, National Innovation Center
Anton Gavrilov, Head of DevSecOps, Jet Infosystems
Sergey Deev, product manager of Solar appScreener, Rostelecom Solar

Discussion topics:

• Challenges in creating secure banking products: business logic security; IS compliance; lack of vulnerabilities
• Compliance assessment using the security profile developed by the Bank of Russia
• Compliance assessment by FSTEC requirements for the level of trust
• Development technologies
• Bug Bounty

Session 2. Payment Security

Moderator:

Pavel Krylov, Head of Fraud Hunting Platform, Group-IB

Presentations:

Artem Gutnik, Head of Cyber Security, NPCS
Aleksei Golenishchev, Head of Cyber Fraud Prevention, Alfa Bank
Aleksandr Motichev, Head of Cyber Fraud Prevention, Raiffeisenbank
Igor Katkov, Head of Anti-Fraud, BI.ZONE
Igor Mituyrin, SberBank
Sergey Khrenov, Head of Cyber Fraud Prevention, Megafon

Lunch

Discussion
IS Services for Financial Organizations: Outsourcing vs Insourcing

Moderator:

Sergei Sherstobitov, CEO, Angara Technologies Group

Invited Participants:

Vechyaslav Kasimov, Head of Information Security Department, Moscow Credit Bank
Artem Kalashnikov, Project Director, Gazprombank
Aleksei Yudin, IS and Fraud Prevention Manager, Qiwi Bank
Roman Kisloshyk, Head of IT-division, Stroylesbank
Aleksei Lukatsky, Business Security Consultant, Cisco Systems

Discussion topics:

• Factors influencing the choice between outsourcing and insourcing
• Financial model; switching providers and vendors
• SOC performance evaluation criteria
• Processes and people manageability

Session 3. Financial and Cyber Literacy: To Prevent, Not to Harm

Moderator:

Veniamin Kaganov, Director, Financial Literacy Development Association

Invited Participants:

Mikhail Mamuta, Head of the Consumer Rights Protection and Financial Inclusion Service, Bank of Russia
Igor Ashmanov, CEO, Ashmanov & Partners
Olga Zubareva, Deputy Head of Department, Bank of Russia

Discussion topics:

• Approaches and tools to improve FL and CL
• Best practices

Coffee Break

Session 4. Issues of Identification, Authentication and Use of Electronic Signatures by Banking Stakeholders

Moderators:

Aleksei Sabanov, Deputy CEO, Aladdin R.D.
Stanislav Smyshlyaev, Deputy CEO, CryptoPro

Discussion
SOC Reincarnation

Moderator:

Dmitry Gadar, Vice President, Director of the IS Department, Tinkoff Bank

Invited Participants:

Sergei Golovanov, Chief Security Expert, Kaspersky Lab
Teimur Kheirkhabarov, Head of Cyber Threat Monitoring and Response Center, BI. ZONE
Anton Yudakov, CEO of Solar JSOC, Rostelecom Solar
Igor Kubyshko, Head of SOC, Tinkoff Bank
Aleksei Lukatsky, Business Security Consultant, Cisco Systems

Discussion topics:

• ThreatHunting
• Automated attribution of relevant attack scenarios and corresponding TTPs based on MITRE ATT&CK, FSTEC Threat Database and MITRE SHIELD
• Indicators of compromise. Why are they ineffective?
• Incident management approaches and tools

Issues of identification and authentication in banking communication
Aleksei Sabanov, Deputy CEO, Aladdin R.D.

Aspects of authentication and use of electronic signatures from mobile devices
Stanislav Smyshlyaev, Deputy CEO, CryptoPro

User components for remote identification via UBS
Dmitry Ulybin, Project Director at the Digital Identity Unit, Rostelecom

Application of mobile solutions for electronic signature and authentication in banking processes
Anton Meluzov, Head of the Services and Products Development Department, Infotecs Internet Trust

Electronic signature for bank clients. Aligning technology and legislative stacks
Denis Kalemberg, CEO, Safetech

Issues of identification and authentication of users in light of the new regulatory framework
Aleksei Kachalin, Managing Director – Head of Cryptography, Authentication and Identification, SberBank

Problems and opportunities of identification and authentication of users and application of electronic signature in the light of the new regulatory framework
Aleksei Degtyarev, Tinkoff Bank

OPEN-AIR GALA DINNER

PITCH SESSION
FinTech

Moderators:

Lev Shumsky, CSO, Yandex Bank
Maksim Mitusov, Yandex Fintech

Presentations:

Confidential data in blockchain: myth or reality?
Anatoly Konkin, Head of Products, Distributed Registry Systems

Security of Open API environment
Andrei Volkov, Chief Systems Analyst, Open API Development, FinTech Association

Sergey Dormidontov, product manager, Yandex

PITCH SESSION
Certification Centers. All You Wanted to Know but Were Afraid to Ask

Presentations:

Andrei Karshin, Deputy Director of the Security Department, Bank of Russia
Victoria Nikitina, Head of Department, Bank of Russia

PITCH SESSION
The transition of payment systems to Russian means of information security

Presentations:

Vladimir Prostov, advisor, CryptoPro
Aleksander Potashnikov, deputy director of Development Center, Infotecs

PITCH SESSION
Strategies of National Payment System Development and IS Provision

Presentations:

Oleg Perestenko, Deputy Director of the National Payment System Department, Bank of Russia
Ekaterina Zhelunova, Head of Department, Bank of Russia

Workshop
DLP in the Financial Sector

Rostelecom Solar + SberBank

Coffee Break

Discussion
Global Digitalization – Global Services

Moderator:

Nadezhda Grosheva, Correspondent, Business FM radio station

Invited Participants:

• Olga Polyakova, Deputy Governor, Bank of Russia
• Kirill Pronin, Director, Financial Technologies Department, Bank of Russia
• Andrei Borisenko, Deputy Director of the Legal Department, Bank of Russia
• Artem Sychov, First Deputy Director of ISD, Bank of Russia
• Igor Lyapunov, Vice President, Rostelecom
• Natalya Kasperskaya, President, InfoWatch

Workshops
Promising IS Technologies

Detecting attacker tactics using MITRE ATT&CK model with deception techniques
Aleksandr Shchetinin, CEO, Xello
Aleksei Makarov, CTO, Xello

SD-Branch + Zero Trust Network Access to protect financial organizations
Yury Zakharov, System Engineer, Fortinet
Aleksei Andriyashin, CTO for Russia and CIS, Fortinet

Provision of GOST VPN channel security
Rostelecom-Solar + VTB

Lunch

Session 5. Current Regulatory Issues

Presentations:

Andrei Vybornov, Deputy Director of ISD, Bank of Russia
Mikhail Bukhtin, Head of Risk Modeling Division at the Department of Banking Regulation, Bank of Russia

Discussion topics:

• Regulator’s innovations and plans
• Risk management (716-P)
• CII – threat modeling and categorization practices
• Growing regulation. How to handle it effectively?

Session 6. Interaction Between Financial Organizations and Law Enforcement Agencies

Moderator:

Vadim Uvarov, Director of ISD, Bank of Russia

Invited Participants:

Valery Lyakh, Director of the Department for Countering Misconduct, Bank of Russia
Ministry of Internal Affairs, Prosecutor General’s Office, banks, Interpol

Discussion topics:

• State-public interaction in countering money laundering
• Collection and use of digital evidence
• Digital economy mechanisms to improve interaction between society, state and business
• Plans to further improve current interaction

Coffee Break

Business Game
(Aleksei Lukatsky)

A closed session for financial organizations

Moderator:

Sergei Pazizin, Deputy Head of the Information Security Department, VTB Bank

Changes in supervisory rules (PD, CII, Bank of Russia requirements)

Cyber exercise: results. Typical mistakes made by organizations supervised by the Central Bank

Q&A: All You Wanted to Know but Were Afraid to Ask

Dinner

Partner Activities

Session 7. Security Architecture and Technologies

Moderator:

Denis Batrankov, New Security Strategies Consultant, Palo Alto Networks

Presentations:

• Fighting bot activity in financial ecosystems: an MSSP perspective
  Georgy Tarasov, Product Manager, Qrator labs
• Pavel Krylov, Head of Fraud Hunting Platform, Group-IB
• Ilya Osadchiy, Business development director, Tiger Optics

Session 8. Using Clouds in Financial Organizations

Moderator:

Lev Shumsky, CSO, Yandex bank
Andrei Ivanov, Yandex.Cloud

Practical experience in providing cloud services to financial organizations
Andrei Ivanov, Yandex.Cloud

Barriers to using cloud services and ways of overcoming them
Ivan Guzev, Head of Cloud Services, Fintech Association

GOST 57580.1-2017 in public cloud – outsourcing implementation
Aleksandr Ivantsov, Senior Information Security Engineer, Deiteriy

Discussion

Coffee Break

Session 9. Cyber Risk Insurance.
Methods and Real Cases

Moderator:

Aleksei Artamonov, Vice President, AlfaStrakhovanie Group

Invited Participants:

Vladimir Chistyukhin, Deputy Governor, Bank of Russia
Filipp Gabunia, Director of the Insurance Market Department, Bank of Russia
Tatiana Lavrova, Head of Corporate Underwriting, AlfaStrakhovanie
Vladimir Golovanov, Deputy Head of Analytics, InfoTeCS
Daria Koshkina, Head of Cyber Threat Analysis, Rostelecom Solar
Andrei Ivanov, Yandex.Cloud
Valeriy Baulin, Group IB

Questions:

• Cyber risk insurance in Russian and foreign practice. “Out-of-the-box” and individual insurance solutions
• Insurance in cases of IS solutions outsourcing and use of cloud technologies
• Professional information security audit when executing an insurance contract
• Cyber risk insurance as an element of a comprehensive information protection system

PITCH SESSION
IS-Related Matters in Data Management Strategy Concept

Presentations:

Aleksei Lukovnikov, Director of the Data Management Department, Bank of Russia
Andrei Vybornov, Deputy Director of ISD, Bank of Russia

Lunch

Session 10. Aspects of Ensuring IS in Non-Credit Financial Organizations

Moderator:

Mikhail Shabanov, Chairman of the Economic and Information Security Committee, NAUFOR

Invited Participants:

Sergei Demidov, Director of Operational Risk at the Information Security and Business Continuity Department, Moscow Exchange
Vladimir Kurlyandchik, Director of Business Development, ARQA Technologies
Andrei Bazhin, Independent Information Security Expert
Vladimir Golovkin, Deputy Head of Information Security, Finam
Dmitry Svyatny, Head of Financial Operations Protection and Information Security, Managing Director, ATON
Aleksei Stepin, Head of Information Security, Sber Asset Management

Session 9. Ecosystem Security. Internal Regulation of IS in a Company Group

Moderator:

Rustem Khairetdinov, Director of Growth, Bi.ZONE

As an asset to be protected, an ecosystem is a set of interconnected digital systems that constantly exchange data with each other and with external systems. Each digital system in the ecosystem has its own purpose, its own owner, its own lifecycle and its own regulation depending on functions and processed data. At the same time, any digital system in an ecosystem can be a “weak link” that, if compromised, can give an attacker access to the infrastructure and data of the entire ecosystem.

In addition, different digital systems within an ecosystem may be regulated differently and even by different regulators. How to ensure practical and paper-based security across the entire ecosystem? What approaches and technologies are used to protect ecosystems? Segmentation, architectural solutions, requirements management systems, non-transmission of raw data, embedded and overlaid technical solutions: we will discuss best practices of their use at the plenary session.

Ural Forum in 15 Minutes

Concluding Remarks

Dinner

Closing Party (Sunrise Hotel)
Special guest of the evening: VALERY SYUTKIN