ScriptOCTOBER 2017

The

BulletinUPDATES:

CREST WorkshopsCREST Events Industry Events

CREST’s new membership application and renewals portal From 1 November all membership applications and membership renewals will need to be completed through the new CREST membership portal.

The portal has been developed to streamline the membership application process. Companies either applying for membership, renewing membership or adding disciplines are now able to complete the application forms online, saving their work as they go along and uploading all the required supporting documentation directly onto the portal.

Any potential new members that have signed an NDA and are currently in the process of filling out a paper based application form have until 15 January 2018 to submit it. After that they will have to fill out the application through the portal.

If you would like to discuss the process please contact: portal@crest-approved.org

Call for Papers - CRESTCon 2018: 3 May 2018, Royal College of Physicians, London You are invited to submit your presentation proposals for the technical stream at CRESTCon 2018.

Presenting at CRESTCon gives you the chance to share your experience, skills and knowledge with over 400 senior delegates from the professional security industry.

All CRESTCon presentations must be technical in nature and relate to penetration testing and assurance, incident response or threat intelligence. We are particularly looking for presentations that showcase new or on-going security research, present new threats and vulnerabilities or highlight advances and innovation in security testing techniques, tools or methodologies.

If you have a proposal for a presentation, please email a synopsis along with your biography to allie.andrews@crest-approved.org before 30 November 2017 for consideration by the CREST conference review committee.

Speakers will be given a 30 or 45 minute session to include a Q&A.

CRESTCon runs alongside the IISP’s annual congress. This year we also welcome BCS who will be running a third stream. CRESTCon is a unique event that brings together leading technical and business information security professionals and is a key date in the industry calendar, attracting an impressive line-up of speakers and senior delegates. For more information go to: www.crestcon.co.uk

Interviews with last year’s speakers can be found at: www.youtube.com/crestadvocate

For information on exhibiting and sponsorship opportunities contact: Debbie.jones@crest-approved.org

UPDATES:

New MembersWe would like to welcome the following companies as CREST Members

• Armadillo Sec Ltd• D2 Network Associates Ltd• Enable IT• Grant Thornton Consulting CJSC• L&T – Larsen & Toubro Infotech Ltd • Leidos Innovations UK Ltd• Orpheus Cyber Ltd• Prism Infosec Ltd• Quann Asia Pacific Pte. Ltd – part of Certis CISCO Security• Quorum Cyber Security Ltd• SoftsCheck Singapore Pte Ltd • Spirent Communications

CREST SOC Accreditation – first phase available from 1 NovemberSpecial offer: Phase 1 free until 1 February 2018

Following extensive input from CREST members and the wider industry over the last 10 months through workshops, webinars, interviews and onsite visits, the first phase of CREST SOC Accreditation is available from 1 November.

This new accreditation scheme will help the buying community understand how SOCs work. The key criteria required in an effective service will, in particular, enable the buying community to differentiate the services provided.

Phase 1 is the first part of the accreditation process and consists of an application form. This phase is offered free of charge until 1 February 2018. After this date, the cost going forward will be £750+VAT.

Phase 2 is the onsite audit and is due to be introduced in January 2018. This will be conducted by a qualified auditor and will have to be completed within 6 months of completion of the application form.

The audit fee will be £1,500+VAT per day and the initial audit takes 1.5 days and will cover 1 SOC; each additional SOC will be a 1-day audit. 50% of SOCs within scope must be audited and must take place within a three-year period. This also allows the cost of the audit to be staggered across the three years.

Phase 3 will be the technical assessment and is due to launch on 1 June 2018.

There will be two levels of membership. The first (1) will be awarded on successful completion of both the application form and onsite audit. The second (2) will be awarded on successful completion of the application form, onsite audit and technical assessment.

Following successful completion of each phase, companies will be added to the CREST website as detailed in the table here:

For more information or to apply please contact: newmembers@crest-approved.org

*Please note the free application offer applies to SOC company membership application only. Should you wish to apply to any other CREST membership the £750+VAT application fee will apply.

UK: Cyber Security Europe 2017 (IP EXPO) 4-5 October 2017, ExCeL

CREST exhibited and supported IP EXPO/Cyber Security Europe at the ExCel, London. It was a very successful event with plenty of foot traffic and great to see CREST members exhibiting and presenting at the event. Thank you to all the Members that visited the stand and supported CREST and to the staff that managed the stand.

Thank you also to all of you who took part in the filming at the event.

Company Member (1) Member (2)

Application Form

Onsite Audit Technical Assessment

Company X ✔

Company Y ✔ ✔

Company Z ✔ ✔ ✔

UPDATES:

Singapore: Cloud & Cyber Security Expo 201711-12 October 2017, Singapore

Asia’s dedicated cloud security event for business, a 2-day event that CREST attended as an exhibitor. A big thank you to James Cooper from NCC Group for helping on the stand and for AiSP, who hosted the stand. Thank you also to AiSP, who had the stand next to CREST, for all of their support both before and during the event.

USA: Infosecurity North America 20174-5 October 2017, Boston

Infosecurity North America was a new event from the Infosecurity Group who already run 7 leading information security events around the world. Thank you to the organisers for including us in the launch event in the USA and to Arc for helping on the stand. We look forward to seeing you there again next year.

UK: DISA Annual Conference 18-19 October 2017, Oxfordshire

We were delighted to accept the invitation to attend the Defence Industry Security Association’s annual conference this month. DISA acts as a collective representative body interacting with HM government and agencies within the defence arena.

USA: Cyber Security Chicago 2017 (IP EXPO)18-19 October 2017, Chicago

Adriana Costa-McFadden was flying the flag for CREST in the USA for this two-day event along with Tom Brennan the Chair of CREST Americas. Tom also gave a great presentation in the IoT Security Theatre on the first day titled: ‘Duct tape, chewing gum and cyber evolution’. Enormous thanks to both for supporting CREST at this busy event.

UPDATES:CRESTCon 2018 early bird sponsorship packages3 May 2018 - Royal College of Physicians, 11 St Andrews Place, Regent’s Park, London NW1 4LE

20% discount for Earlybird bookings for the first 6 sponsors to sign up.

Additional savings for Corporate Members of CREST and IISP

Sponsor Packages are as follows:

Platinum Package - £15,000 (Earlybird £12,000)

Membership rate £12,000 (Earlybird £9,600)

• Only one Platinum Sponsor

• 12ft table in large exhibition space in premium position of your choice (if space is vacant)

• Choice of additional sponsorship

• 8 delegate passes

• Speaking slot in chosen stream

• Opportunity to place your published research in the event bookshop

• Largest logo displayed on pre-event marketing and during conference

• Logo to be displayed in Exhibition Hall

• Banner in Reception area

• Full page in the conference brochure

• Video interview by professional journalist

• Email shot promoting your presence

• 3 pieces of corporate literature or merchandise included in the delegate pack

• 2000 word editorial in the IISP & CREST newsletters

• Social media and PR promotion through CREST and IISP

• Largest logo and web link on conference website.

Gold Package - £10,000 (Earlybird £8,000)

Membership rate £8,000 (Earlybird £6,400)

• 12ft table exhibition space in premium position of your choice

• Choice of additional sponsorship excluding drinks

• 6 delegate passes

• Speaking slot

• Opportunity to place your published research in the event bookshop

• Large logo displayed on pre-event marketing and during conference

• Full page in the conference brochure

• Video interview by professional journalist

• Email shot promoting your presence

• 2 pieces of corporate literature included in the delegate pack

• 1000 word editorial in the IISP & CREST newsletters

• Social media and PR promotion through CREST and IISP

• Large logo and web link on conference website.

UPDATES:Silver Package - £6,000 (Earlybird £4,800)

Membership rate £4,800 (Earlybird £3,840)

• 6ft table space in exhibition area

• Four delegate passes

• Choice of additional sponsorship excluding lunch and drinks

• Opportunity to place your published research in the event bookshop

• Logo displayed on pre-event marketing and during conference

• 150 word entry in the conference brochure

• 1 piece of corporate literature included in the delegate pack.

• 500 word editorial in the IISP & CREST newsletters

• Social media and PR promotion through CREST and IISP

• Large logo and web link on conference website.

Bronze Package- £3,000 (Earlybird £2,400)

Membership rate £2,400 (Earlybird £1,920)

• 4ft table space in exhibition area

• 2 delegate passes

• Logo displayed during conference

• Logo and web link on conference website

Demo Package - £3,500 (Earlybird £2,800)

Membership rate £2,800 (Earlybird £2,240)

• 6ft table space in demo area – Large Hall with Exhibitors

• 3 delegate passes

• Description of demo in the conference brochure

• Logo displayed during conference

• Logo and web link

Academia Package - £600 (Earlybird £500)

• Space in exhibition area

• 2 delegate passes

• Logo displayed during conference

• Logo and web link on conference website

Additional Sponsorship Opportunities

• Post Event Drinks Reception & Garden Party £3000

• Lunch £2500

• Coffee Breaks (am & pm) £1500

• Delegate bags – Sponsor to supply. A cost can be provided to produce on request. £2000

• Lanyards – Sponsor to supply. A cost can be provided to produce on request. £1500

• Pens and pads £1500

• Pocket Guides £1000

Don’t miss out. The 20% offer applies to the first 6 sponsors only.

To discuss your sponsorship packages available please contact either:

Marc Callaway on 07836 381075 marc@crestandiisp.com

Debbie Jones on 07714 217624 debbie@prpr.co.uk

The Script JULY 2013

Even

t D

iary

CREST Fellowship, 22 Nov, Tanner Warehouse, LondonThe CREST Fellowship ceremony and dinner takes place at The Tanner Warehouse, 50 Bermondsey St, London SE1 3UD on 22 November 2017.

Tickets are priced at £75. Places are limited so to book your place please contact allie@crest-approved.org as soon as possible.

CREST Fellowships recognise individuals for significant achievement or contribution within CREST or the technical information security industry as a whole. These are the first CREST Fellowships to be awarded and it will become an annual event.

A ‘Fellowship Yearbook’ is being produced that will include information on all the award recipients for 2017, along with photos from the evening.

Sponsorship opportunities are also available, please contact Debbie Jones on: debbie.jones@crest-approved.org

CREST and NCA Youth Cyber Crime Report Update WorkshopTo look at what has been achieved since the release of the report and produce and update http://www.crest-approved.org/wp-content/uploads/CREST_NCA_CyberCrimeReport.pdf

December – Date and Venue TBA

If you are interested in hosting this workshop, please contact: allie@crest-approved.org

Vulnerability Analysis WorkshopJanuary – Dates and venue TBA

If you are interested in hosting this workshop, please contact: allie@crest-approved.org

CRESTCon 2018Save the date 3 May 2018 to be held at the Royal College of Physicians in London.

Year 6 of CRESTCon will be held on 3 May 2018 at a change of venue this year. There will be additions to the programme with more content and more networking opportunities to look forward to.

AGMThe date of the next AGM is scheduled for 2 May 2018 at the Royal College of Physicians.

CREST Events:Bulletin

The Script OCTOBER 2017

The Script OCTOBER 2017

Even

t D

iary

CREST Workshops:Bulletin

Webinars:

CREST has a BrightTalk channel for hosting webinars and other videos and we will be stepping up our program of webinars in 2017 after a successful 2016. See https://www.brighttalk.com/channel/13519/crest. BrightTalk’s summit calendar for 2017 is listed below and we are looking for CREST members to take part.

Nov 14-16: The 2018 threatscape

Nov 14: 2017’s biggest breaches and why

Nov 15: Emerging threats & technologies

Nov 16: Threats on the horizon

If you are interested in presenting a technical webinar or would like us to host your content, then please submit your ideas for consideration to: allie@crest-approved.org . We will promote, run and record on the CREST channel.

The 2018 calendar will be coming soon!

The Script OCTOBER 2017

Even

t D

iary

Industry Events:Bulletin

Cyber Security Summit & Expo 16 November, Business Design Centre Ltd, 52 Upper St, London N1 0QH

The Cyber Security Summit is the UK’s leading one-day conference for those at the forefront of securing technology, data and networks across government, CNI, public sector and enterprise. In alignment with the National Cyber Security Strategy, the theme for this year’s summit is taking a joined-up national response to secure technology, data and networks.

The Summit provides a unique platform for leaders and implementers to engage in cross-sector debate and share insights to optimise UK cyber resilience and the fight against cybercrime. As an exclusive forum, this feature is a paid-for part of the Cyber Security Summit & Expo, providing exclusive keynote speakers, high-level discussion and closed-door debate. You should sign-up for the summit if you are responsible for Cyber leadership and policy within either a private or public-sector organisation.

The Cyber Security Expo will equip delegates with the knowledge and tools needed to ensure resilient cyber defence in their organisation. Through a programme of practical seminars, engaging show floor features and a highly topical GDPR Conference, the Expo offers hands-on learning for senior technology, security and data professionals. The programme offers a broad spectrum of education – whether you’re interested in defensive or offensive capabilities, or whether you have strategic or technical responsibilities.

09:40 - 10:00 Taking a Proactive Approach to Cyber Defence, Ian Glover, President, CREST

• Revisiting strategies to map and test vulnerabilities within your organisation

• Developing a Red Team cyber approach

• Simulating attacks with advanced threat intelligence to secure critical IT

• Shifting mindsets from incident response to continuous response

CREST is supporting, exhibiting and presenting at the event https://cybersecuritysummit.co.uk/.

If you require any further information then please contact: debbie@crest-approved.org

UK Security Expo 201729-30 November 2017, Olympia London - Grand Hall, Kensington, London, W14 8UX

UK Security Expo brings together 10,000+ international stakeholders of security to London from Government, Transport & Borders, Major Events, Military, Law Enforcement, Emergency Services, CNI and Private Sector. With over 250 world-class exhibitors and working closely with HM Government departments including the Home Office JSaRC regarding immersive demonstrations plus the Department for International Trade DSO who are hosting 50 Official Country Delegations, UK Security Expo is a major-scale exhibition with innovation at its core.

CREST is supporting, exhibiting and presenting at the event https://www.uksecurityexpo.com/

If you require any further information then please contact: debbie@crest-approved.org

Even

t D

iary

Industry Events:Bulletin

Cyber Threat Intelligence & Incident Response 201729-30 November 2017, Prospero House, 241 Borough High St. Southwark, London, SE1 1GA

Cyber Threat Intelligence and Incident Response is a premier forum for security professionals to address how a greater understanding of the cyber threat landscape can lead to exponential improvements in strategic planning and tactical decision making during cyber incidents. It is also the only conference in Europe that looks specifically at the role that threat intelligence plays in supplementing your cyber security strategy, bringing together like-minded practitioners to discuss case studies regarding how they are maximising the potential of threat intelligence.

09:10 - 09:50 The Importance of Trust through Accreditation of Threat Intelligence Partners - Ian Glover, President, CREST

• Taking a positive step towards creating a security culture of partner trust

• Exploring the benefit to businesses of providing tangible confidence in their chosen suppliers through a standardisation agency

• It is essential that the industry works together and shares best practice and knowledge in order to counter the risk of cyber-attack

CREST is supporting and presenting at the event https://cyberthreat.iqpc.co.uk/.

If you require any further information then please contact: debbie@crest-approved.org

Black Hat Europe 20174-7 December 2017, ExCeL Royal Victoria Dock, London, E16 1XL

This has been one of the leading information security events in the US over the last 20 years and after the success of Black Hat in the UK last year they have moved the venue to allow more delegates to attend. Black Hat provides attendees with the very latest in research, development, and trends in Information Security. Here, the brightest professionals and researchers in the industry will come together for a total of four days - two days of deeply technical hands-on Training, followed by two days of the latest research and vulnerability disclosures in the Briefings.

Register Now to Save £200 off Briefings with Code CRESTeu17 https://www.blackhat.com/eu-17/registration.html

CREST is supporting and exhibiting at the event and more information is to follow. https://www.blackhat.com/eu-17/

If you require any further information then please contact: debbie@crest-approved.org

The Script OCTOBER 2017

Even

t D

iary

Bulletin

Events to diarise for 2018Cyber Security for Industrial Controls 7-8 Feb 18 http://events.theiet.org/ cyber-ics/

Cloud Security Expo 21-22 Mar 18 http://www.cloudexpoeurope.com/

Cyber Security Manchester 25-26 Apr 18 http://www.ipexpomanchester.com/Cyber-Security

Cloud Expo Asia 16-17 May 18 http://www.cloudexpoasiahk.com/

Commissioning Show 27 Jun 18 http://www.healthpluscare.co.uk/the-commissioning-show

IP EXPO Europe 3-4 Oct 18 http://www.ipexpoeurope.com/

Infosecurity North America 3-4 Oct 18 https://www.infosecurity northamerica.com/

Industry Events:The Script OCTOBER 2017

Abbey House | 18-24 Stoke Road | Slough | Berkshire | SL2 5AG

CREST is a not for profit company registered in the UK, CREST (Int) company number 09805375