Figure 1: Picture from the Conference about Cyber Security Strategy

The first area is the financial services in particularly mobile payment services with technology like block chain, biometrics and how they will affect the financial services sector and they bring in a representative from several banks and financial institutions to come and speak to their cyber security pertinence and suppliers. Then moving on to the second area is the Cyber IOT (Internet of Things) comes with some issues that’s related to connected car. they insuring that the security that build in by design and how these products and services to get rolled out and one thing that he mentioned and argue very strongly is with that new ground breaking technologies security is always the key and it is not usually that the first thing the developers think about. They bringing in some of the experts with in this sectors to talk with their members to insure that the security systems built-in by their designs. The last area that Talal said is about Cloud Security. Cloud security is major topic that not only for their cyber security members but for total technology sector. techUK company ran an event with small federation businesses found that more than 70% of their members are scared about moving over to the cloud and the reason for that is due to security concerns and issues that the cloud has it. Therefore, they trying to reassure persons raise awareness about the important of the cloud security by running an event with their some of the small federation businesses members and bring them in to talk with some of TechUK company members to about the cloud security and the importance of the cloud. Moreover, they ran a key events with the government regarding to raise an awareness about a various polices of government that it is coming out for cyber security space for the next coming two years. Then the speaker switch to raise a two key points, first is about the cyber demonstration center. the speaker defined the cyber demonstration center that it is located in One Victoria street in London and it’s an opportunity for companies showcase their capacities for potential clients or customs, and these customers can be from around the world. the speaker stated the mission idea behind this center is if the company has a great technology in SME (Small and Medium-sized Enterprises) they can use this center to showcase their ability to buyer for example in Saudi Arabia or Qatar. The center is free of use in the first time but afterward is charged with small fee for companies and especially aimed to help the SME (Small and Medium-sized Enterprises) for showing their activities to bigger audience and the speaker rise point that it is shame that the center is not been used for industry as much as it can be, the speaker is pleased to keep InTouch if any from the audience have a question about the center. The second point is the announcement of opening the national cyber security center and initially announced in November 2015.the center is one stop shot for cyber security from the government level that’s bringing to gather various different level players that involved in cyber and national level (the department of culture media sport – national cybercrime unit – national crime agency – Government Communications Headquarters) all these players have a part with in the cyber landscape. what the center is essentially trying to do is bring together a various government bodies and also bring in the best of the industry and the best of academia to try to help particularity SME to commercialize and do some ground breaking researches. Apart of helping SME is helping a researches to bring some of the creative ideas to the market. Then the speaker is shifted to announced some other events that related to his talk about cyber security for industry and companies.

• 3^rd Keynote speaker: John Godwin, the Director of Compliance & IA in Skyscape Cloud Services Company. The reason of being John in the event to talk about something specific and something current and become a challenge over the coming years is the new coming GDPR (General Data Protection Regulation). Then the speaker talks about the SkyScape Cloud Services, that they afformed in 2011 and they provide a cloud services solely for the public sector. actually most of people doesn’t know SkyScape but the used the company services (Taxed your car – follow tax return online – online booking to visit someone in the person) that most of the government department putting their cloud services with them, there is a lot of going on with the government. the speaker mention that there are a lot of cloud providers in the market but when it is coming to data protection for the government most of these providers fall.so, the right of the heart of the data security and privacy they don’t end up of picking up of all the government businesses and put them in the cloud trust us and where they keep their data safe. But, keeping data secure and have credibility and trust to do that is a real key value. So, as an organization they have sort of badges such as Personal data and cloud environment, this become a quite important now. Let’s starts further back from data protection first of all Make a differentiation.

Cyber security is all about keeping your data safe and its very hostel word because there are a lot of hackers, technical controls and security breaches.   Cyber security is only effect you at one point in your life, it will bother you if someone hacked your bank account, you will get really upset.

Cyber Security is not an issue for the majority, the majority of the time, it is an issue of the most in some point but it’s not there and even nobody think about it in these days. On the Other hand, we need to think about all of the attribute of the privacy such as where either rich, poor or where either young or old and so on, it is really doesn’t matter where does it set on the system but it is really hard to ignore. By thinking about where is the privacy that infiltrating our life by think how it get there and how they know about me such as pop-up that it comes in our browsers on the right hand side, where it’s come from, where is the connectivity comes from? also, if you visit a supermarket like Tesco’s or Sainsbury’s, how they flooding us with their latest offers based on our shopping habits, how they knew about it? it is a huge market is happing there.  moreover, the visibility of your personal data in social media for example if we don’t control our Facebook profile very well a lot of people can see thing that they don’t should be see. Therefore, privacy doesn’t need a breach to be important, it is here and everyday it is effecting everyone of us, and that’s really what GDPR (General Data Protection Regulation) all about. as businesses they need to understand that they have role to play and understand the privacy of data that belongs to their customers, staff, suppliers and other organizations as well. The new GDPR, it will impact everybody such as organizations, charities, schools, local football club or bingo ball, everyone will have sort of data process activities and will be effected that what the GDPR wants us to do. The speaker talks about the most important attributes of the GDPR (General Data Protection Regulation), what they mean and what we should do about. There are 12 attributes but the speaker picks up 4 of them and they are: Territorial Scope, Data Subject Consent, Accountability and Privacy by Design, Right to Be Forgotten (one of the complicated attribute).

• Territorial Scope: GDPR a peace of regulation applies all about Europe, they going to make sure that there is a EU foot prints, so all these large organizations that might base offshore or even based on America that make sure they have an accountable EU representative, the speaker doesn’t know what that mean yet where like Microsoft, Amazon, twitter or Facebook are start of open up a EU accountable organization representative for this purpose but that what’s the GDPR expected them to do and the speaker don’t think that is an easy ask but it is one of the requirements must to have a foot prints in the EU to make some body accountable for compliance for GDPR with in the European Union .
• Data Subject Consent: they want to make sure consent meets all these requirements. First of all, it must be Voluntary, its got to be specific, what the individually signed for, it’s got to be unambiguous and not hidden, it is also able to be revoked, recorded, all of these five attributes must be there and most of us think how might I will record all this. The other thing they need to think about when its become a law, that it will be retrospective, so beyond that market all your existing database got to be validate to continue receiving information by a specific consent.so, there are a lot of work to be done in this space, this one of the worst areas. they will start thing of about that how we protect our business organization from legislative penalties. That why the speaker is here to make sure these thing will be well understood and the other reason, that is not a quick and easy thing to fix but culturally over the next year and half, they got time to start to think about control into their businesses they need to think about to make sure that to ticking all these boxes and now is a good time to thinking ahead.
• Accountability and Privacy by Design: As provider of IT systems and services they need to demonstrate that their services are designed with privacy in mind even when the organization that he of what the speaker represents, that deal with a lot of government data and systems, they have still need to prove thing like CSU accreditation and all the other thing that they have, that the design and how they float data into different infrastructure and tiers of their land scape has been probably designed to make sure that the data protection in cope. That will be simple in some organizations that making sure the manual processes with some body filling up a letter sending it back to you on spreadsheet and pass that spreadsheet to the printer, that’s a transaction, how they make sure that in that transaction is designed in privacy and how they make sure right level of security. Some of them done a privacy impact assessments according to the job that they also have to prof as an organization that has of each own organizations that they assist effective privacy and there is a format of how to do that. documentation and record they need to keep but also they need to know how to manage customer requests, they will be asked a lot more about the data in their systems the way they processing it and where, what they do with it. A lot of interactions that they have previously, at the moment you need to write to data protection person and pay him 10 pounds and see what they know about you. But it is very specific to you and your record, it doesn’t talk about how that record it is been used with the system which a bit more what GDPR going to be provide to the citizens.
• Right to be Forgotten: if you don’t like junk mail landing in our mat, you can tell the organization and within the new law you will not receive any more junk mail in your mat. However, it is one of the closes to make sure that organizations ask to remove data can do so, some of complex organizations they knew that it is a hard task because they got a complex data base structure that comes from different places in the same time, what about the data that have been backed-up and what about the data that set in their offsite storage on the achieved tape that it is comes out once every ten years, some of was deleted how they going to do that bit, its hard task. people can choose which they can consent it any time and most importantly they need to make sure there are no other legal processes for retaining it. also, the speaker raises an example of right to be forgotten in Google Vs Spain that it comes in a little box in the bottom of the google searches, so that it is a result of Google Vs Spain were certain results no longer presented to you because they are not allowed to by court order in Spain to do and we will see more of this will comes throw, some of us seen that but they didn’t understand the context behind it, it is the right to be forgotten. the companies need to be careful and make sure the way of removing somebody else identity from their records, they removed all of their identity from their records not just the easy ones and it going to be copies and backups.

1. 1^st presentation ( techUK )
2. 3^rd Presentation (Skyscape Cloud Services)

This section is divided into four sub-sections that discuss and reflect each aspect.

Social Aspects:

Ethical Aspects:

Legal Aspects:

the best speaker was the 1^st one, Mr. Talal, because his information was so clear and simple to understand in compassion with the 3^rd speaker, moreover, the tone of the 1^st speaker was clear and easy to understand. the 3^rd speaker use very complicated terms and abbreviations that need to looked up after the event and he speak very fast that it’s hard to keep up with him and I feel sometimes lost because of that. The event timing and duration of was so suitable to attend. the event is well organized and free to attend but it was focused mostly to professional members of cyber security but it is good opportunity to speak with various people after the speaks. the event Organizers (South East Cyber Security Cluster) were so friendly and cheerful, that they welcome us to attend even without previous reservation. Moreover, they try to introduce us to the most of the people in the event for example, we meet with one of team members of cyber security staff that working in BT (British Telecoms), that he encourages us to work in cybersecurity after graduation. Also, it was good opportunity to talk with speakers after the event and ask them about some information that related to their presentation and they happily answer us especially Mr. Talal.