The value of organisational culture in a new secure world

Steven YorkGeneral Manager, Group Compliance, Information Security & Business Resilience, Group Risk for the Bank of Queensland discusses ‘The value of organisational culture in a new secure world’. 

In the final presentation at the 2017 CISO Leaders Summit in Melbourne, Steven York, General Manager, Group Compliance, Information Security & Business Resilience, Group Risk for the Bank of Queensland discussed ‘The value of organisational culture in a new secure world’. His roundtable discussion covered topics such as:

  • Security is a people issue not a technology issue
  • There are three pillars for the modern organisation – technology, security and culture
  • Culture needs to extend to the home and family of the employee to reduce the threats of BYOD and mobility
  • Understanding that social engineering and insider threats are two of your greatest enemies

Steve is the General Manger, Group Compliance, Security and Business Resilience for the BOQ Group. He reports to the Chief Risk Offcer. He has been with the organisation for 5 years and is a member of several management committees and reports to the Risk and IT Board Committees. He has direct responsibility for; – the Group compliance function and regulator engagements – fraud detection, response and recovery – investigations – physical security – business continuity management – cyber security governance and policy.

14. Steven York

#CISOLeadersSummit #MediaCorpInternational

The life-cycle of cyber crime

Ben Case, Detective Sergeant Cyber Crime Operations, Australian Federal Police and David McLean, Manager Cyber Crime Operations, Australian Federal Police discuss ‘The life-cycle of cyber crime’.

Our next round table at the 2017 CISO Leaders Summit was presented by Ben Case, Detective Sergeant Cyber Crime Operations, and David McLean, Manager Cyber Crime Operations of the Australian Federal Police who discussed ‘The life-cycle of cyber crime’. The round table discussion was certainly of interest to the delegates as it covered topics such as:

  • Understanding that the modern security proposition needs to understand the entire lifecycle of the cyber threat
  • Understanding that the primary threat comes from organised crime is NOT script kiddies
  • Understanding that the security proposition must account for brand restoration
  • Understanding the elements of the cybercrime lifecycle: the dark web; intelligence; security posture; incident response; incident resolution; brand recovery

Detective Sergeant Benjamin Case has been in law enforcement for 14 years and currently leads a cybercrime investigations team. He has broad experience across policing and with the intelligence community. Sergeant Case has lead several major cyber crime investigations including computer intrusions into Australian critical infrastructure, distributed denial of service attacks (DDOS), malware investigations, and financially motivated cyber-attacks. Through his domestic ally and internationally, he has a very detailed knowledge and expertise on the current Cybercrime environment and threats.

Commander David McLean is currently performing the role of Manager Cyber Crime Operations within the Australian Federal Police Cyber Crime Operations portfolio. In that capacity Commander McLean is responsible for the investigation of significant criminal acts which may compromise computer systems relied upon by the Australian critical infrastructure community or information systems of national and international significance. Previous senior executive roles occupied by Commander McLean include Manager Professional Standards responsible for internal investigations and maintenance of the AFP integrity framework; Deputy Chief Police Officer, ACT Policing, the AFP’s community policing arm; and Chief of Staff, responsible for the coordination of information, administrative and support services provided to the Commissioner and AFP Executive. From 2004 to 2007, Commander McLean was stationed in Washington DC where he served as the AFP Senior Liaison Officer responsible for cooperation with the United States and Canada on policing issues. Commander McLean is a graduate of the AFP Management of Serious Crime Program, the AFP International Senior Command Program and the Australian Institute of Police Management. He holds a Bachelor of Business and a Graduate Diploma of Executive Leadership.

#CISOLeadersSummit #MediaCorpInternational

Why security is a business proposition not technology

The second panel discussion focused on ‘Why security is a business proposition not technology’ and was moderated by General Manager for Cyber Security Brian Hay who was joined by Audrey Hanson of Sydney Trains, Lachlan McGill of Healthscope and Carlos Lara of Youi Insurance.  

The second panel discussion at the 2017 CISO Leaders Summit focused on ‘Why security is a business proposition not technology’ and was moderated by General Manager for Cyber Security Brian Hay who was joined by Head of Information Security for Sydney Trains – Audrey Hanson, Lachlan McGill, Information Security Manager at Healthscope and Carlos Lara, Cyber Security & Strategy Manager at Youi Insurance.

The discussion covered areas such as:

  • Understanding that security is a people issue
  • Understanding that it is possible to achieve a ROI on security
  • Understanding that security is about risk and brand and how to communicate that message to the board
  • Understanding that security is about prevention, detection and RESPONSE (highlighting that there is currently insufficient consideration given to response)

Moderator:      

Brian Hay, General Manager, Cyber Security (Former Detective Superintendent QLD Police Services) 

Panellists:          

Audrey Hanson, Head of Information Security, Sydney Trains

Lachlan McGill, Information Security Manager, Healthscope

Carlos Lara, Cyber Security & Strategy Manager, Youi Insurance

Brian is General Manager at Cyber Security and a former Detective Superintendent of QLD Police Services. He is a cyber security evangelist, thought leader, mentor, public speaker, executive roundtable facilitator and CISO advisor.

Audrey is a goal oriented Cyber Security leader with extensive experience in leading developing and managing strategies, transformations, and programs, which deliver commercial and operational objectives across the enterprise. I have proven experience in working with senior business stakeholders in developing and leading programs for change. I can effectively communicate and advocate at both executive and operational levels. I have broad experience across industry, domains, and methodologies. I have experience successfully leading Security practices and programs across both IT and OT.

Lachlan is the Information Security Manager for Healthscope and is an information security professional with over 25 years experience in the IT industry,sSpecialising in security governance, strategy and reporting.

Carlos is an experienced ICT professional with specialist security skills and excellent client-facing, architecture and consultative skills. Proven ability to bring to the market innovative, leading products and solutions oriented to business strategic goals. Passionate about customer engagement and driving new business opportunities in a highly competitive environment.

#CISOLeadersSummit #MediaCorpInternational

Strength through collaboration

Scott Ainslie Regional Director of Financial Services Information Sharing and Analysis Center (FS-ISAC) speaks about ‘Strength through collaboration’ at the 2017 CISO Leaders Summit in Melbourne. 

Regional Director of the Financial Services Information Sharing and Analysis Center (FS-ISAC) presented at the 2017 CISO Leaders Summit in Melbourne.  His workshop presentation focused on the need to share and collaborate as the only way that a CISO can be prepared against cyber-attack. This is reflected by the global strength of FS-ISAC and its growing relationship with intelligence communities and law enforcement.  The CISO appointment is now more challenged than ever before and represents an enormous challenge for those who prefer isolation to collaboration.

Scott has served in a wide variety of roles across a career distinguished by the breadth and depth of its exposure to the modern information technology security risk environment.  Scott has developed a broad knowledge of regulatory compliance and key control requirements specific to the governance of information security across diverse and complex enterprise environments. He recently joined the Financial Services Information Sharing and Analysis Center (FS-ISAC) as the Regional Director for Australia and New Zealand.  FS-ISAC is a not-for-profit information sharing community supporting the global financial sector and with over 7,000 members globally represents the world’s largest threat intelligence sharing and collaboration organisation.

His primary goal is to facilitate the development of the Australian and New Zealand cyber and physical intelligence sharing communities, and to support the planning and implementation of the FS-ISAC International Growth Strategy.  This role includes engaging with existing and potential members at a ‘C level’, to determine their information security risks and the measures necessary to mitigate any discovered exposure.  His frank and personable style aims to encourage and facilitate member and business partner capabilities providing positive outcomes that promote business synergy through collective and collaborative security.

Scott is a member of multiple security, risk, intelligence, and information security industry related organisations both in Australia and overseas.  His active membership in these wide-ranging communities provides an ideal platform for applying a multi-domain risk based approach to cyber security management across industry and government sectors. A noted and entertaining speaker, he often presents to the global intelligence and information security community on issues of threat management and cybersecurity.

11. Scott Ainslie

#CISOLeadersSummit #MediaCorpInternational

The five compelling issues for security in the next 5 years

Brian Hay, General Manager at Cyber Security and former Detective Superintendent of QLD Police discusses ‘The five compelling issues for security in the next 5 years’ at the 2017 CISO Leaders Summit in Melbourne. 

Brian Hay, General Manager at Cyber Security and former Detective Superintendent of QLD Police conducted a workshop on ‘The five compelling issues for security in the next 5 years’ at the 2017 CISO Leaders Summit in Melbourne. The discussion touched on a number of areas such as:

  • An appreciation of what the future holds for the security manager
  • An insight into the direction of the threat landscape
  • A view of the 5 compelling issues we can expect and prepare for over the coming years
  • An appreciation on how we can become proactive as opposed to reactive

Brian Hay is a cyber security evangelist, thought leader, mentor, public speaker, executive roundtable facilitator and CISO advisor.

 10. Brian Hay

#CISOLeadersSummit #MediaCorpInternational

The changing nature of cyber-attacks: current trends

‘The changing nature of cyber-attacks: current trends’ was the workshop topic presented by Dr Mamoun Alazab, Cyber Security Lecturer at Macquarie University, at the 2017 CISO Leaders Summit.

Dr Mamoun Alazab, Cyber Security Lecturer at Macquarie University conducted a workshop at the 2017 CISO Leaders Summit on ‘The changing nature of cyber-attacks: current trends’. This workshop highlighted that there is a lack of understanding about the cyber-attacks and what mechanisms can be used in improving both detection and prevention.

Providing a secure cyber space is now a key concern for governments and private sector organisations throughout the world, which requires development of critical infrastructure and an organisational and national/international research agenda supported by multidisciplinary expertise. This presentation provided an overview of cybercrime from a technological and a criminological perspective, and explained how criminological theories can be applied to mitigate cyber-attacks.

The purpose of this presentation was also to describe recent trends, such as zero-day exploits, botnet attacks against internet banking applications, the emergence of the darknet, the role of organised crime, cybercrime-as-a-service, ransomware, and spear phishing emails. Dr Alazab also illustrated how new analytics can be used to uncover hidden patterns in cyber-attacks such as malware and spam emails, draw on real world data.

Dr. Mamoun Alazab is a Cyber Security researcher and practitioner with industry and academic experience. He holds a PhD in IT Cyber Security in 2012. Dr. Alazab’s research is multidisciplinary and includes both technological and criminological perspectives of computer crime, with a focus on crime detection and prevention. Dr Alazab works as a Lecturer in Cyber Security at Macquarie University. He is lead investigator at the Australian National University (ANU) Cybercrime Observatory since 2012, he is Adjunct Senior Research Fellow at the ANU. He has published more than 50 research peer-reviewed papers, and is widely cited. Dr Alazab worked as an Assistant Professor at the American University of the Middle East, and was also awarded Japan’s most prestigious academic award a fellowship from the Japan Society for the Promotion of Science through the Australian Academy of Science in 2015. He is a Senior Member of the IEEE, Cybersecurity Academic Ambassador, and has worked closely with government and industry on many projects, including IBM, UNODC, Trend Mirco, the Australian Federal Police, the Australian Communications and Media Authority, Westpac, and the Attorney General’s Department.

 9. Dr Mamoun Alazab

#CISOLeadersSummit #MediaCorpInternational

Securing the cloud: it’s security Jim but not as we know it

Ian Gibson 3

Ian Gibson, Chief Information Officer for SuperChoice discusses ‘Securing the cloud: it’s security Jim but not as we know it’.

Chief Information Officer for SuperChoice, Ian Gibson, discussed in his keynote presentation at the 2017 CISO Leaders Summit about ‘Securing the cloud: it’s security Jim but not as we know it’. This presentation covered:

  • Changing nature of infrastructure security and its implications
  • Cloud automation and its implications for security
  • What the increasing security requirements mean for business and what they need to do about it
  • Security as a business opportunity and how to communicate that to the Board

Ian Gibson is the Chief Information Officer and Responsible Officer for SuperChoice Services Pty Limited where he has been completely transforming the technology business. Prior to joining SuperChoice, Ian worked in senior executive and CIO roles including at Adaptra, CitiStreet, Link Market Services and the National Australia Bank.  He also co-founded a boutique consulting firm and has worked with several technology start-ups. Ian was a Partner in Accenture’s Strategy practice where he focused on business and IT-enabled strategic and operational planning.  His consulting work ranged across several industries, both locally and internationally, and for some of the largest clients in their respective industry. Ian is also a Non-Executive Director and Company Secretary focusing on technology start-ups and NFPs. Ian has a BSc (Computer Science & Mathematics) and an MBA from Melbourne Business School and is a Fellow of the Australian Institute of Company Directors.  He is a regular speaker and has authored more than 43 publications including twice nominated for Thought Leadership awards.

8. Ian Gibson

#CISOLeadersSummit #MediaCorpInternational

Managing Risk: Is Cyber Risk Different?

Meena Meena 1

Meena Wahi, Director of Cyber Data-Risk Managers talks about ‘Managing Risk: Is Cyber Risk Different?’

In her roundtable discussion at the 2017 CISO Leaders Summit, Meena Wahi – Director of Cyber Data-Risk Managers talked about how CISOs are dealing with cyber risk. Are standard practices of managing risk serving them well? Is the eliminate, mitigate, accept and transfer the way to go? If not, are CISOs being challenged to devise new strategies to address the reputational, operational, compliance and financial impact of cyber incidents. As strategic partners in their businesses – what learnings do CISOs have to share?

Meena steered this interesting discussion on how CISOs are dealing with cyber risk. Meena is a specialist insurance broker for cyber risk who advocates that insurance must form part of total enterprise risk management strategy.

Cyber Data-Risk Managers are specialist insurance brokers for cyber insurance/data breach Insurance. Meena has been interacting with stakeholders in the evolving cyber risk/data privacy space in Australia and overseas since 2011. Contributing to the dialogue as a key player in the market, she advocates that cyber insurance must constitute a part of enterprise risk management strategy. Meena holds an MBA from Monash University and a Tier 1 (Insurance Broking) from ANZIIF.

 7. Meena Wahi

#CISOLeadersSummit #MediaCorpInternational

Website security and key management

Michael

Michael Klieman, Vice President Product Management at Symantec addresses the delegates at the 2017 CISO Leaders Summit on ‘Website security and key management’.

Vice President Product Management at Symantec, Michael Klieman, presented ‘Website security and key management’ as his roundtable discussion to delegates. In this session, he discussed perspectives on the increasing use of encryption within the enterprise, the associated management requirements, and importantly, how CISO policies are implemented and enforced.

This was a lively and informative session with topics ranging from:

  • SSL/TLS, Code Signing, SMIME, PGP, and other encryption applications
  • Key management & policy enforcement
  • Meeting browser, PCI, and other compliance requirements
  • Choosing public or private trust anchors for devices and IOT
  • Inventorying and managing keys in hybrid environments
  • Deploying automation
  • Integrating with visibility, DLP, and other security applications
  • Key-related vulnerability reporting and remediation
  • Cloud-based HSMs vs. on-premise

Michael is a senior executive and entrepreneur experienced in building successful businesses in the consumer, small business and enterprise technology markets. He is a high-energy, results focused leader with a track record of shepherding large-scale projects from ideation to implementation, both in Fortune 500 and de novo start-up settings.

 6. Michael Klieman

#CISOLeadersSummit #MediaCorpInternational

Mobile application and security testing

Asia Pacific Director for Cloud Security Alliance, Anthony Lim speaks about ‘Mobile application and security testing’.

Anthony Lim, Director Asia Pacific for Cloud Security Alliance has over 20 years’ professional experience as a cyber-security pioneering professional and he spoke to the 2017 CISO Leaders Summit on ‘Mobile application and security testing’. His workshop explained how mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing, which in turn imparts tremendous agility to the enterprise. Accompanying such convenience are risk management challenges due to a lack of transparency, leading to security concerns that include applications.

He explained how Cloud Security Alliance aims to create a safer cloud eco system for mobile applications by creating systematic approaches to application testing and vetting that helps integrate and introduce quality control and compliance to mobile application development and management. Many people can write mobile apps today but with the focus on functions, features, visuals and user experience, the security aspect of coding is often lagging and hackers are looking for such gaps to exploit.

 

#CISOLeadersSummit #MediaCorpInternational

X

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed a leo quis purus feugiat facilisis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Aliquam quis elit tristique, efficitur enim viverra, consequat odio. Duis porta ipsum ut magna dignissim vestibulum. Ut finibus augue nec mi maximus, nec laoreet arcu sagittis. Fusce pellentesque ipsum non lobortis bibendum. Sed consectetur dolor et ligula venenatis facilisis.

http://ohsleaders.com.au/

X

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed a leo quis purus feugiat facilisis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Aliquam quis elit tristique, efficitur enim viverra, consequat odio. Duis porta ipsum ut magna dignissim vestibulum. Ut finibus augue nec mi maximus, nec laoreet arcu sagittis. Fusce pellentesque ipsum non lobortis bibendum. Sed consectetur dolor et ligula venenatis facilisis.

http://ohsleaders.com.au/

X
x
x
Top of Page