A focused KPMG event to address the current and emerging Cyber Security challenges

18 October 2018, 8:30AM - 4:30PM, EET

KPMG is organizing on the 18th October at Hilton Nicosia, the annual Cyber Security Congress, a focused KPMG event to address the current and emerging Cyber Security challenges. A rich agenda covering both technical and management matters with targeted presentations and demonstrations by International and local speakers covering the following topics:

  • Threat Intelligence-based Ethical Red Teaming (TIBER) EU framework 
  • Case studies of real world hacking techniques    
  • Strategies for reducing the impact of cyber attacks
  • The EU Network and Information Security (NIS) Directive 
  • Risk Management automation
  • Data Privacy
  • Services and Solutions


RSVP by 15th October with your Name, Company name and Position

+357 22 209292


Free attendance, Limited seats only.

This seminar may contribute to Continuing Professional Development requirements (6 CPD)


KPMG Cyber Security Congress

Connect with us

Conference Agenda

A rich agenda with targeted presentations and open discussion. For an overview of the presentations click on the Guide tab.

Morning Session

8.30 – 9.00 | Registration & Coffee

9.00 – 9.15 | Welcoming Address

George Tziortzis, Head of Management Consulting, KPMG Cyprus

9.15 – 10.40 | Red Teaming and the TIBER-EU Framework  (Threat Intelligence Based Ethical Red Teaming)

Jordi van den Breekel, Senior Consultant, Cyber Security, KPMG Netherlands

10.40 – 11.30 | Reducing the impact of targeted Cyber attacks

Chris Mills, Manager, Cyber Security, KPMG Australia

11.30 – 12.00 | Defending the Core – The EU Network and Information Security (NIS) Directive

Kosmas Pipyros, Senior Consultant, Cyber Security, KPMG Cyprus

12.00– 12.15 | Discussion


12.15 – 1.00 | Lunch & KPMG Marketplace

Information and Demonstrations of Services and Solutions

Afternoon Session

1.15 – 2.15 | Automation is everywhere, except in your Risk Management

Martijn Sprengers, Senior Manager, Cyber Security, KPMG Netherlands

2.15 – 3.00 | Predictions and Insights in the GDPR era

Idan Ben-Yaacov, Account Executive, OneTrust

3.00 – 3.45 | Emerging breach and attack simulation technologies

Gil Hazaz, Head of Sales, XM Cyber

3.45 – 4.15 | Q&A and closing 



Sessions Overview

Red Teaming and the TIBER-EU Framework (Threat Intelligence Based Ethical Red Teaming)
During this presentation we will walk through the Threat Intelligence  Based Ethical Red teaming (TIBER-EU) framework that enables European and national authorities to work with financial institutions to test and improvetheir resilience against realistic cyberattacks. We will discuss all four stages of the TIBER-EU process, and provide an in-depth view of realistic and targeted cyberattacks. We will present case studies on red teaming engagements where we reproduced real world hacking techniques to infiltrate corporate networks, to move between computers once inside, and to exfiltrate the crown jewels. At the end of the presentation you will be up to date on how cyber criminals work and think when targeting an organisation, and  how the TIBER-EU Framework can help your organisation to test and improve the cyber resilience of your organisation.


Reducing the impact of targeted cyber attacks

During this presentation we will discuss strategies for reducing the risk and impact of a targeted cyber attack. This will expand on the prior talk by walking through the stages of a realistic, targeted cyber attack and provide practical advice on potential mitigations. At the end of the presentation you will be aware of strategies to mitigating targeted cyber attacks.

Defending the Core – The EU NIS (Network and Information Security) Directive

‘Defending the core’ is referred to the state’s ability to protect critical infrastructure processes and controls that are used to secure information assets, what sometimes called the general duty of “cyber due diligence”. But how can critical vulnerabilities be mitigated and the most detrimental threats countered? The European Commission, as part of the EU Cybersecurity strategy, published the Network and Information Security (NIS)
Directive (EU 2016/1148) which is the first piece of EU-wide cybersecuriy  legislation. The specific Directive adopts a global approach at Union level concerning common minimum capacity requirements in order to respond effectively to major threats that cyber-attacks pose to the well-functioning of the internal market. The purpose of the presentation is to highlight the most important aspects of the Directive and to set strategic principles, guidelines and specific measures in order to mitigate risk associated with cyber security. The presentation provides a useful insights for stakeholders involved in the lifecycle of the national cyber security strategy, such as private, civil and industry stakeholders.

Automation is everywhere, except in your Risk Management – KPMG Digital Risk Platform

In today’s dynamic world full of new business opportunities and threats, stakeholders and regulators are pushing company Boards and management for better and more transparent management of risks. Although proper risk determination at its heart is making informed decisions,  we see these Boards and management making decisions on trust and gut feeling and not on facts. Risk management practices in most organizations, despite investment in GRC solutions, fall short of expectations. Practices are often soloed, completeness, automation and agility are a challenge, and neither investments, nor operational status can be satisfactorily explained in terms of the organization’s risk appetite.

We present our way to support organizations to achieve a step-change in the digitization of their risk management practices, by using our new cloud-based Digital Risk Platform. This platform enables organizations to better understand the risks to achieving their strategic objectives, and to factor risk insights into their strategic and operational business decisions. In addition, organizations can significantly reduce the labor cost of their risk management processes. We will demonstrate parts of the platform to perform control automation, manage shadow IT, implement risk quantification and establish dashboarding on cyber security controls.

Predictions and insights in the GDPR era

For the last several years, businesses across the globe have been preparing for the EU GDPR to become law. Now that the GDPR is here, what’s next for data privacy? In this session, OneTrust will discuss predictions and customer priorities in the GDPR era, as well as how partners like KPMG are incorporating their methodology into the OneTrust platform.

Emerging breach and attack simulation technologies

We're all continuously facing challenges such as dealing with very complex and dynamic networks with vague perimeters that are prone to human errors, asymmetrical battlegrounds between the attackers and the defenders and continuously, manually identifying and prioritizing potential attack vectors on time. Recently, a new category of solutions has emerged to help deal with these. This new technology domain, known as breach and attack simulation (BAS) tools, enables organizations to perform many types of security testing, attack and threat simulation, and control effectiveness assessments. This session will be dedicated to discuss the new BAS category and to present one of the tools.


Event resources