Choose your topics

What is Risk Management in Cybersecurity?

Let’s explore the essentials of risk management in the context of cybersecurity to help you understand how to identify, assess and mitigate cyber threats effectively.

Cyber Risk Management Enterprise Risk Management
3 Best Practices for Data Privacy

With more technology comes more data, and with that a greater need for data privacy enforcement. What best practices should you be following?

Data Privacy
How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Cyber Security

What did we learn at ISF’s 30th Annual World Congress?

What did we learn at ISF’s 30th Annual World Congress?
Written by


Published on

12 Apr 2019

What did we learn at ISF’s 30th Annual World Congress?


The Event


The 30th ISF Annual World Congress in the last week of October 2019 saw us head over to Dublin. It brought together over 1,000 global senior executives and business leaders from the world of information security to share advice and ideas, and discuss their predictions for the future of our industry.

“Over a third of Members attending Congress 2019 highlighted that they wanted to more effectively manage information risk in their supply chain, identifying exposure in existing supplier relationships. Understanding and implementing the process for effective and proportionate supplier controls is important.” Information Security Forum

SureCloud’s Third-Party Risk Management Presentation


Key topics up for discussion included managing risk and providing assurance, government and management – all central to SureCloud’s ethos and services. SureCloud’s own Services Director, Alex Hollis, hosted a breakout speaking session on the second day of the event, discussing “Back to Basics: Are you Building your Third-Party Risk Management Program Effectively?”


As organisations’ third-party supplier ecosystems become increasingly dynamic and complex to embrace evolutions like the IoT and artificial intelligence, it becomes even more crucial for those organizations to approach third-party risk management logically and comprehensively. Missed the presentation? Watch it on our webinar channel here and download the free resource here.

But what did we learn from the broader ISF Congress programme?

Here are our key highlights.


1. Chris Hadfield on life aboard the International Space Station.


Chris Hadfield is a Canadian astronaut and former commander of the International Space Station (ISS) – whose Twitter feed while aboard the ISS enthralled millions of people around the world. He spoke on the second day of the Congress, giving his take on an astronaut’s guide to managing risk.


Clearly, the specific risks faced when it comes to space travel are challenges that most of us will never have to consider! Yet the stakes here on Earth can still be extraordinarily high – and there may be only one chance to get a particular element of risk management correct. Chris’s talk was a welcome exploration of how to handle the real hard edge of risk management with a clear head, and strategic allocation of different risk levels – as well as a charming reminder of the next-generation places digital technology is taking us.



2. Sophie Hackford’s keynote on Machine Earth.


Sophie Hackford is a futurist and founding CEO of the data and AI company 1715 Labs, currently working out of the Astrophysics department at the University of Oxford. Her keynote speech, “Machine Earth: how we are turning the world into a computer” was a fascinating exploration of, amongst other things, so-called ‘legacy avatars’. She discussed how avatars and digital ghosts had been endlessly imagined in science fiction, creating digital personas which can carry on after we die.

By 2100, Facebook will include the profiles of 3.6 billion dead people – in other words, the internet of the future will be inhabited by ghosts. We don’t have to sleepwalk into this world, Sophie argued, but we need to consider the data privacy and ethics associated with these transformations now.


3. The race for global supremacy in the tech sector.


Peter Hinssen’s keynote looked at the current fraught trade war negotiations between the United States and China. There are, he pointed out, far, far more STEM graduates in China than in the United States, and given that so many current and future defence systems will depend on technologies currently in development and innovation, the race is truly on. Cybersecurity, artificial intelligence, quantum research, and even nanotechnology all have a crucial role to play in the cyber defences of the future, and we need more talented young graduates, both at national levels and within individual organizations, to take on this challenge. China’s political leadership understands only too well how vital STEM leadership is for global leadership, to dominate and overtake the high-tech future.


Will Shenzhen become the new Silicon Valley?


4. The digital landscape needs phoenixes, not just unicorns.


On the subject of digital technology – we were struck by how many of the sessions focused on broadening our digital horizons. Not only in terms of our generation, but also when it comes to enabling the next, and re-imagining the impossible to make it possible. The ever-evolving threat landscape means that security and risk are more pertinent than ever before.


But this does not just mean that we need to keep hunting for the next digital ‘unicorns’ – one-off organizations and tools which offer something remarkably different to what came before. Survival in this dynamic landscape also means being able to learn from and build on the past. To create ‘phoenix’ businesses and technologies that expand on and innovate from previous successes – and even failures. A clear example illustrated was the rise of Walmart is this digital era.


This was the 30th anniversary of the ISF Annual World Congress, which provided a fitting time to reflect on the past and think about the future – where might we be 30 years from now? We can only begin to speculate. But we know for next year we will be in Warsaw, Poland at ISF’s 31st World Congress- see you then!


ISF Members watch the keynote speakers on-demand here.

ISF Members view the presentations here.