2017 Agenda

Cyber Security: Closing the Gaps
Take a closer look at current gaps that exist in cyber security knowledge, governance, detection, insurance and response, at the 2017 International Cyber Risk Management Conference (ICRMC). The third annual event will see the addition of moderator Adam Segal, Director of Cyberspace and Digital Policy Program at Council on Foreign Relations, and will welcome keynote speaker Tom Ridge, the first U.S. Secretary of Homeland Security and founder of Ridge Global.

Download the brochure PDF by clicking the image.

Continuing Educations Credits:

RIBO Accreditation: 8 hours Management and 2 hours Technical

Day One: March 2
Conference WiFi
Conference AV
Mobile App
7:30am - 6:00pm
Registration Open
7:30 - 8:45am
8:45 - 9:00 am
Welcome & Acknowledgements and Intro Address
President & CEO,
MSA Research Inc.
ICRMC 2017 Emcee and
Director of Cyberspace & Digital
Policy Program at Council on Foreign Relations
9:00 - 10:00am
The Year in Review: Lessons Learned
Ray Boisvert
Provincial Security Advisor, MCSCS,
Government of Ontario
Vice President,
Assistant Deputy Minister,
Communications Security Establishment
President & CEO,

From climate change to domestic unrest to extremist violence, 2016 was inundated by threats from a range of fronts. Headlines revealed a world under strain, and security has never been more greatly tested.

That holds true in the digital arena as well, with increasingly escalating data breaches continuing to dominate the news cycle. For the organizations under siege, those breaches have led to a serious loss of assets, both financial and intellectual. They’ve also left citizens feeling like their privacy isn’t safe any longer.

Join this opening session to discuss the most impactful events of the past year. Why were they distinct, who did they affect the most, and what can they teach us about potential future threats?

  • Who is truly winning the battle for cyber security?
  • What types of attacks have been most harmful?
  • What are successful organizations doing right?
  • Are there signs of improvement in organizational defenses?

By examining the past year, this introductory session sets out to create the context organizations need as they close their cyber security gaps both now and in the future.

10:00 - 10:25am
Networking Break
10:30 - 11:30am
The Investment Gap (What You Need vs. What You Get)
Richard Wilson
Partner, Cybersecurity and
Privacy Consulting Leader,
Vice President, IT,
Goldcorp Inc.
Director Information Security,

How much is an organization willing to invest in cyber security, to ensure a breach doesn’t happen now or in the future? The answer depends on who it is you ask – whether it’s the organization’s board or management. Each has a different risk appetite, and the funding provided to protect, detect and respond to cyber threats and events depends on where those appetites resides.

This investment gap represents a fundamental challenge for almost all organizations today, as they juggle with the challenges of building defenses against cyber risk while dealing with limiting funding constraints. Join this session to discuss what you need versus what you get, and the reasons for the difference – and find out practical approaches to address this ongoing dilemma.

11:30am- 12:30pm
The Knowledge Gap (Internal Training/Awareness, including Communication)
José Fernandez
Associate Professor,
École Polytechnique de Montréal
Logicnet, EVA Technologies
Scientific Director,
Smart Cybersecurity Network

To assess an organization’s cyber risks and make the right decisions at all levels of business, each stakeholder – from system administrators and risk managers to top-level decision makers – needs the right knowledge. Without it, they’ll be unable to identify the threats specific to them, and costly wrong decisions can result.

While these stakeholders play key roles as first responders, they’re often left blind. In this session, a panel of experts will examine the gaps in knowledge that prevent individuals from making optimal decisions when faced with cyber threats.

  • What gaps do system managers and risk managers face when identifying and evaluating the effectiveness of technical and procedural risk mitigation strategies?
  • What gaps do users encounter when facing situations that could lead to a compromise in the systems they use and the information contained within?

The session will also look at real-world solutions, examining ways in which organizations can address these knowledge gaps.

12:30 - 2:00pm
Lunch and Presentation - Closing the Gaps: Easier Said than Done
Keynote Speaker: Tom Ridge
First U.S. Secretary of Homeland Security and
43rd Governor of Pennsylvania,
Chairman of Ridge Global
ICRMC is pleased to announce Tom Ridge, former Governor of Pennsylvania, as one of the 2017 keynote speakers. As the first U.S. Secretary of Homeland Security, Ridge helped develop a national strategy to prevent terrorist attacks against the United States. He now focuses on cyber threats, overseeing Ridge Global and helping companies prepare for and mitigate cyber risk. In 2016, he partnered with the Honourable David Peterson, former Premier of Ontario, to form Ridge Canada Cyber Solutions.
2:00 - 3:00pm
The Governance Gap: Going Behind the Scenes
Adel Melek
Global Vice Chairman Risk Advisory,
CIBC Technology
Executive in Residence,
Global Risk Institute
Corporate Director

Cyber security governance has emerged as a hot topic for a range of stakeholders, including boards of directors, executive management, shareholders, customers and regulators. In a fast-moving world where competition for digital presence, speed to market and agile development is an everyday reality – all part of an ever-evolving technological landscape – these individuals, and the organizations they represent, are grappling with the appropriate balance and tone of governance and oversight. A resulting governance gap is rapidly developing.

Exploring a framework for governance, this session will look at effective means of addressing this gap in the dynamic cyber security landscape.

3:00 - 3:25pm
Networking Break
3:30 - 4:30pm
The Detection Gap
Ray Boisvert
Provincial Security Advisor, MCSCS,
Government of Ontario
Director of Solutions,
National Lead, Canada,
Cisco Global Security
Sales Organization
Partner and Cyber Security Leader,
Deloitte LLP

Organizations of all sizes are rethinking how best to allocate their time, resources and budgets in order to improve cyber threat visibility. Detecting the source of cyber threats has become one of the primary challenges organizations face today – a challenge that continues before, during and after an attack.

  • What roles do insurers, government agencies, private sector organizations and service providers play in improving threat detection?
  • How can organizations best leverage technological investments in network visibility and analytics?
  • What can innovation, new hiring strategies, employee education, partnerships and intelligence sharing do to help close this gap?

This panel will examine the detection gap and review different methods organizations are using to address it.

4:30 - 5:30pm
Cocktail Reception
Day Two: March 3
7:30 - 8:30am
8:30 - 9:45am
The Insurance Gap
Greg Eskins
SVP and National Cyber Practice Leader,
Marsh Canada Ltd.
VP, Financial Lines,
AIG Canada
AVP, Professional, Media and Cyber Liability Product Manager,
Chubb Insurance Company of Canada
Anderson Kill
SVP, National Cyber and
Privacy Practice Leader,
Aon Canada Inc.
VP, Cyber Risk Engineering,
Axio Global

The pace of technological change continues to accelerate, leaving the insurance industry to catch up. The result is market volatility and gaps in underwriting, coverage and claims. To address these gaps, the insurance sector must design an effective and holistic risk management program.

The goal of this session is to provide useful and practical information on how to close some of the coverage and claims gaps, better understand the interconnectedness of various lines of insurance coverage, and help navigate potential problems when dealing with a claim.

9:45 - 10:30am
The Response Gap (Planning & Execution)
Alexander Rau
Senior Manager,
Consulting Services,
Senior Director - Advanced
Cyber Defense Practice,
Principal Consultant
Inspector, Strategy Management,
Toronto Police Service

Faced with a data breach, how would your organization respond? What would be the first thing you’d do to avoid serious, critical and long-term damage? Whether they expect it to happen or not, companies today need to be prepared with a cyber threat response plan, and have the tools they need to put it into action.

  • Is there a plan to deal with such a consequential organizational moment?
  • Who are the key staff that will lead or join the response, and what will be their first and last moves to restore operations?
  • What can be done to rebuild the trust that has been placed in serious jeopardy by this event?

This panel will delve into the critical steps involved in the response to a cyber breach, and look at the tools needed to plan for a successful outcome.

10:30 - 10:55am
Networking Break
11:00am - 12:00pm
Preparing for the Challenges Ahead
Chantal Bernier
Counsel Global Privacy and
Cybersecurity Group,
Dentons Canada LLP
Executive Director, Deloitte and
Former Deputy Chief,
Toronto Police
Advisory Services Forensic,
Chief Digital Officer, Department of Innovation, Science and Economic Development Canada and Senior Assistant Deputy Minister, Spectrum, Information Technologies and Telecommunications

Risk management means forecasting threats, assessing the likelihood and gravity of an occurrence, and developing mitigation measures to meet those needs. To create solutions that work, those risks must be assessed and categorized, and a lens must be turned to where future breaches may fall.

In the arena of cyber security, that starts with a look at the bigger picture, and the technological, criminal and regulatory trends expected to impact the cyber security environment in the near future. And it means determining the best ways to mitigate those risks.

  • What types of cyber attacks should you watch out for?
  • What kind of technology should you be ready for?
  • What in the way of government regulation should you expect?

Gathering some of the foremost experts in the field, this session will look at practical mitigation strategies and real-life solutions, examining the direction companies and organizations should take to protect themselves from cyber risk.

12:00 - 1:30pm
Lunch and Presentation: Confronting the State-Sponsored Cyber Menace
Keynote Speaker: Richard Fadden
Canada’s former Director of CSIS,
Deputy Minister of National Defense and
National Security Advisor to the Prime Minister
Mr. Fadden will discuss the current environment in which the cyber threat exists with emphasis on how that threat can be understood and reduced. He will also discuss the most appropriate role for the private and public sectors.
Conference Wrap Up