Security is Everyone’s Responsibility

Phishing attack. Malware. Hacking, Denial of Service. Breach. – just some of the keywords business stakeholders dread to hear about on a business-as-usual day or worse, on a weekend!. A typical mammoth in the room most business leaders conveniently chose to ignore. Top-lines and bottom-lines, mergers and acquisitions, market share and trend analysis, sustainability and corporate social responsibility, etc are some of the ‘top-of-mind’ discussions that easily get preference over planning for cyber security. However, the security ‘cost-centre’ is significant in upholding the company brand long term by providing the force-field protection against future litigation expenses over data breaches leading to even potential bankruptcy. With IoT and BYOD permeating into company networks, data touch points and exposure to vulnerabilities have exploded into echelons of geometric proportions for CISOs (Chief Information Security Officer) to reckon with.

 

The cyber threat landscape is evolving at a phenomenal rate. Moreover, it is not just new modes of attack or increased points of vulnerability that are proving problematic for security professionals; attitudes towards security are changing, too. Comfort levels with sharing information, transacting online and trusting third parties have never been higher. “Focus on utilising the FAIR (Factor Analysis of Information Risk) ontology to have appropriate conversations with the Board and business stakeholders. Change the language to gain Board and Executive buy in, Utilise Cyber Risk Quantification to answer questions posed by the Board and adopt a recognized security framework and benchmark your organisation against industry peers”, says Jason Anderson, Head of Information Security, QSuper, speaking at the recent CISO Leaders Summit Australia in Melbourne. FAIR is a cyber risk quantification exercise that allows for well informed decision making on cyber security risk. It has become the international standard to quantify risk that all stakeholders can understand.

 

“People are your best and also weakest line of defense”, shared Berys Amor, Director of Technology, Corrs Chambers Westgarth, speaking at a panel discussion session. Working with HR to understand risks at the employee level about security certainly goes a long way in increasing the awareness. People not native to it do not find it fun to deal with and it is IT’s responsibility to spread that awareness and comfort level among them. Damien Scalzo, Chief Information Officer, Mercedes-Benz Financial Services AU/NZ, believes that the ROI to this topic is to have a framework that embeds security from start to finish. Raising awareness about consequences and being proactive is key. Employees need to be educated in bite-sized chunks and not in long e-learning modules and they need to be empowered to act in situations of breach by identifying it and not punishing them for incidents.

“It takes years to build a favourable company reputation, but today, company reputation can literally become severely damaged, if not irrevocably lost, in a single day” – Warren Buffet

For creating a strategy around security, understanding what the ‘crown jewels’ are, to start with, is of paramount importance. While having multiple layers of security around various types of data depending on their use and importance is key, smaller organisations do struggle with budget constraints to enable a robust protective solution.

“Digital transformation is not a moment in time, but a way you do business”, said David McGrath, Chief Digital Officer, Clubs Australia. He continues to elaborate, “When you are undertaking a big change, security has to be front and center. It’s about the risk and governance. When things go wrong, there is unlimited budgets to fix it.” There is a need to make the risk visual, understandable, and tangible that enables boards and execs to make that decision. Boards and CFOs are starting to put data as an asset item on the balance sheet. This makes it easier to fund the protection, growth, and resources needed to continue to evolve on it. This helps security not become a cost and creates the right budget to be able to execute the security strategy for businesses.

Engaging leaders from various industries to present and brainstorm on these kinds of topics has been Media Corp International’s strength over many years. Events like the CISO Leaders Summit across Australia and the Asia-Pacific region creates a highly collaborative platform for our delegates, speakers, vendors and sponsors to share ideas and knowledge from among the best brains in the industry.

 

– Jilfy Joseph

 

For more information about the CISO Leaders Summit Australia please register your interest at http://cisoleaders.com.au/

For all media enquiries please contact:

Stacey Alker – Marketing Director, Media Corp International

E: stacey@mediacorpinternational.com

P: +61 (0) 484 963 072

 

Security is Everyone’s Responsibility

Phishing attack, malware, hacking, denial of service, breach – keywords business stakeholders dread to hear about on a business-as-usual day or worse, on a weekend!. A typical mammoth in the room most business leaders conveniently chose to ignore. Top-lines and bottom-lines, mergers and acquisitions, market share and trend analysis, sustainability and corporate social responsibility, etc are some of the ‘top-of-mind’ discussions that easily get preference over planning for cyber security. However, the security ‘cost-centre’ is significant in upholding the company brand long term by providing the force-field protection against future litigation expenses over data breaches leading to even potential bankruptcy. With IoT and BYOD permeating into company networks, data touch points and exposure to vulnerabilities have exploded into echelons of geometric proportions for CISOs (Chief Information Security Officer) to reckon with.

The cyber threat landscape is evolving at a phenomenal rate. Moreover, it is not just new modes of attack or increased points of vulnerability that are proving problematic for security professionals; attitudes towards security are changing, too. Comfort levels with sharing information, transacting online and trusting third parties have never been higher. “Focus on utilising the FAIR (Factor Analysis of Information Risk) ontology to have appropriate conversations with the Board and business stakeholders. Change the language to gain Board and Executive buy in, Utilise Cyber Risk Quantification to answer questions posed by the Board and adopt a recognized security framework and benchmark your organisation against industry peers”, says Jason Anderson, Head of Information Security, QSuper, speaking at the recent CIO-CISO Leaders summit in Melbourne. FAIR is a cyber risk quantification exercise that allows for well informed decision making on cyber security risk. It has become the international standard to quantify risk that all stakeholders can understand.

 

“People are your best and also weakest line of defense”, shared Berys Amor, Director of Technology, Corrs Chambers Westgarth, speaking at a panel discussion session. Working with HR to understand risks at the employee level about security certainly goes a long way in increasing the awareness. People not native to it do not find it fun to deal with and it is IT’s responsibility to spread that awareness and comfort level among them. Damien Scalzo, Chief Information Officer, Mercedes-Benz Financial Services AU/NZ, believes that the ROI to this topic is to have a framework that embeds security from start to finish. Raising awareness about consequences and being proactive is key. Employees need to be educated in bite-sized chunks and not in long e-learning modules and they need to be empowered to act in situations of breach by identifying it and not punishing them for incidents.

“It takes years to build a favourable company reputation, but today, company reputation can literally become severely damaged, if not irrevocably lost, in a single day” – Warren Buffet

For creating a strategy around security, understanding what the ‘crown jewels’ are, to start with, is of paramount importance. While having multiple layers of security around various types of data depending on their use and importance is key, smaller organisations do struggle with budget constraints to enable a robust protective solution.

“Digital transformation is not a moment in time, but a way you do business”, said David McGrath, Chief Digital Officer, Clubs Australia. He continues to elaborate, “When you are undertaking a big change, security has to be front and center. It’s about the risk and governance. When things go wrong, there is unlimited budgets to fix it.” There is a need to make the risk visual, understandable, and tangible that enables boards and execs to make that decision. Boards and CFOs are starting to put data as an asset item on the balance sheet. This makes it easier to fund the protection, growth, and resources needed to continue to evolve on it. This helps security not become a cost and creates the right budget to be able to execute the security strategy for businesses.

Engaging leaders from various industries to present and brainstorm on these kinds of topics has been Media Corp International’s strength over many years. Events like the CIO-CISO Leaders Summit across Australia and the Asia-Pacific region creates a highly collaborative platform for our delegates, speakers, vendors and sponsors to share ideas and knowledge from among the best brains in the industry.

 

– Jilfy Joseph

 

For more information about the CISO Leaders Summit Australia please register your interest at http://cisoleaders.com.au/

For all media enquiries please contact:

Stacey Alker – Marketing Director, Media Corp International

E: stacey@mediacorpinternational.com

P: +61 (0) 484 963 072

 

Articulating Cyber Security Risk to the Board – Jason Anderson

WORKSHOP 3

Jason Anderson, Head of Information Security, QSuper

This session will look at how to go about articulating cyber security risk to the board in a way they understand.  It will focus on utilising the FAIR ontology to have appropriate conversations with the Board and business stakeholders.

ABOUT JASON ANDERSON

Jason has been working in Information Security for more than 20 years and has a wealth of experience in Security, Risk Management, IT Governance and Compliance. He joined QSuper in June 2017 as the Head of Information Security.
Prior to this Jason was employed in similar roles across a wide range of industries both in Australia and the UK including Suncorp and SABMiller. Jason is a transformational security leader who has experience in delivering large security improvement programs and discussing issues at Board level. Jason holds various industry certifications including CISSP and an MBA from Southern Cross University.

Protecting the 3rd Largest City in WA – Gary Hale

WORKSHOP 2

Gary Hale, Chief Information Security Officer, Curtin University

During Gary’s workshop he shared his views and challenges involed in his role to create an agile, collaborative and resilient environment that enables learning, teaching and importantly fast tracks innovation while noting the increasing level of attacks on these institutions.

ABOUT GARY HALE

Curtin is an internationally focused research and teaching university based in Perth, Western Australia. We have campuses in Dubai, Malaysia, Mauritius and Singapore with strong connections to businesses, industries and over 90 universities worldwide.

With an emphasis on real-world issues, our students graduate job-ready with the skills to make tomorrow better.

AI & Machine Learning: Friend or Foe – Rhys MacFarlane

WORKSHOP 1

Rhys MacFarlane, Chief Security Officer, Luxury Escapes

Rhys held a workshop that addressed the rapidly escalating threat of AI/ML; assisting threat factor’s in target selection; scanning for enterprise vulnerabilities; and potentially covering all trace of an attack.

This workshop explored how AI/ML could also become a great ally to IT and security professionals – allowing for more advanced threat scanning and to enhance security teams’ efficiency by flagging and prioritizing issues in real time. Any improvements will undoubtedly be used by threat actors and it’s the duty of Security Officers to stay prepared and ahead of this coming wave.

ABOUT RHYS MACFARLANE

Experienced Chief Security Officer – skilled in Physical Security, Loss Prevention, Risk Management, Internal Investigations, Leadership and Network Security. Strong military and protective services professional with a Bachelor of Arts – BA focused in Security, Terrorism and Counterterrorism from Murdoch University.

A CISO’s Playbook: Defence – Dynamic Security Strategies for an Uncertain Future – John Kouroutzoglou

ROUNDTABLE DISCUSSION

John Kouroutzoglou, Information Security & Compliance Manager, Domain Group 

This interactive roundtable discussion provided a high level look at the following list of threats and how they’re addressed while including Q&A opportunities as the presentation covered these various topics:

  • Insiders & Outsiders
  • 3rd Parties
  • Competitors
  • Personal security risks
  • Physical security

ABOUT JOHN KOUROUTZOGLOU

John Kouroutzoglou has been involved in physical and cyber security operations and consulting for over 15 years. He has worked for large global organisations which include: Alcatel-Lucent, HP and EY. John is currently the Information Security & Compliance Manager at leading real estate tech company – Domain Group.

 

 

 

Converged Security (Physical and Virtual Security) – Nitin Singh

ROUNDTABLE DISCUSSION

Nitin Singh, Director of Cyber Security, Victoria University 

Nitin’s roundtable discussion questioned whether the convergence of physical and cybersecurity makes sense.

Physical and cybersecurity are traditionally two distinct functions with similarities and synergies that are not leveraged most often. Everything across physical and cybersecurity systems, process and capabilities is converging which can have significant impact on safety and security of an organisation.

ABOUT NITIN SINGH

Experienced, certified (CISA/CRISC), results-driven and qualified Technology Risk, Audit and Compliance professional with 9 years of experience to strategise, execute and manage complex risk and compliance assessments across technology, security, business operations and large transformation programs.

Possess expert communication skills across diverse groups and all levels of management hierarchy with proven track record to work with senior executives and business unit leaders across Audit, Technology, Risk and Compliance Divisions of ANZ, NAB and various boutique insurance organisations.

Sound understanding of COBIT, ITIL, ISO/IEC 27001, AS/NZS ISO 31000:2009, Regulatory Risk landscape across Oceania and Asia-Pacific countries such as APRA (AU), RBNZ (NZ), MAS (Singapore), HKMA (Hong Kong) and BOI (Indonesia).

Specialties: IT Program Risk Management, IT Risk Transformation, Internal Audit, IT General and Application Controls Assessments, Regulatory and Compliance Assessment, Technology Governance, Identity Management, Project Management, Project Risk, IT Service Management.

 

 

 

 

Security in a Digital First Age – Chary Chigurala

PANEL DISCUSSION

Moderator:
Chary Chigurala, Head of IT, Laminex

Panellists:

Berys Amor – Director of Technology, Corrs Chambers Westgarth

Damien Scalzo – Chief Information Officer, Mercedes-Benz Financial Services AU/NZ

David McGrath, Chief Digital Officer, Clubs Australia

Chary hosted a panel discussion that shared insights and knowledge on how we can ensure security in a digital first age. The cyber threat landscape that is evolving at a phenomenal rate is not just new modes of attack or increased points of vulnerability that are proving problematic for security professionals it is also attitudes towards security are changing, too. Comfort levels with sharing information, transacting online and trusting third parties have never been higher.

ABOUT CHARY CHIGURALA

A proven leader with 25 years industry experience in Fortune 100 and ASX 100 companies. He is incredibly passionate about designing and implementing future focused IT organisation strategies to succeed in the digital markets. His core skills include:

  • Providing vision and strategic leadership
  • Digital strategy
  • IT strategy & architecture
  • Leading high performance teams
  • Business engagement
  • IT enabled business transformation
  • Consulting
  • Large deal creation
  • P&L and budget management
  • Large projects management
  • Vendor management
  • IT service delivery and reporting

 

 

 

 

ABOUT BERYS AMOR

Berys Amor has worked in the legal sector for more than 25 years, starting in finance administration and then moving into information technology. She has worked for a number of top ten law firms and managed a range of areas within technology, including service delivery, training, system administration and project management. Berys has extensive experience in project management, having been a part of several large office moves and fit outs, major systems implementations and upgrades as well as the change management processes for implementing new systems.

Berys’ current role as Director of Technology at Corrs Chambers Westgarth involves collaborating with key business stakeholders to understand the business objectives and factors of success in the industry, and developing and implementing the IS strategy in line with the overall business strategy. She manages a national team which includes client technology solutions, IT project delivery, IT training, helpdesk and service delivery, and infrastructure and applications support. Berys is also a Knowledge Advisor for the International Legal Technology Association and was selected for CIO Australia’s top 50 CIOs for 2016.

 

 

 

 

ABOUT DAMIEN SCALZO

As a technology leader I am responsible for:
– creating an IT vision and delivering the IT Strategy in alignment with the business strategy
– instilling structure, discipline and prioritisation across IT activities
– planning and governance of all IT Plan, Build and Run activities
– building and coaching a highly effective team across Australia and New Zealand
– make or buy decisions
– contract negotiations
– supplier management
– IT risk and security management.

From 2014 to present I have extensively scaled the size of the team, IT landscape and delivery velocity.

With many years of experience with custom development implementations, I often support my team during detailed technical decisions in relation to architecture, integration, code, databases and infrastructure. This supports the best decision for the business, gains respect from my technical staff and leads to the creation of a culture of collaboration and best practice sharing within the team.

 

 

 

ABOUT DAVID MCGRATH

David is a globally credentialed technology executive, specialising in data-driven digital transformation across corporations of various sizes and locations. Successfully developing and implementing large scale company-wide change, David’s recent projects include the technical coordination and build of large scale data assets, importantly including its protection through security, governance, and data regulatory compliance.

Complementary to this approach is also the ability to successfully craft an operational structure for “all of business”, including educational change at a departmental level endorsed through Executive / Board buy-in.

David’s career background also includes digital product monetization, customer / audience growth, plus extensive digital marketing (programmatic) utilising data intelligence. David has successfully built teams from scratch as well as taken on established corporate units, leading both content, development & sales across APAC (including Japan), UK and the US.

Other elements include being a member of various Boards, Advisory Boards, and Investor relationships across technology and Not-For-Profit organisations, as well as being a sought after speaker at industry conferences.

Rhys MacFarlane, Chief Security Officer – Luxury Escapes

Experienced Chief Security Officer – skilled in Physical Security, Loss Prevention, Risk Management, Internal Investigations, Leadership and Network Security. Strong military and protective services professional with a Bachelor of Arts – BA focused in Security, Terrorism and Counterterrorism from Murdoch University.

  • What do you feel are the biggest challenges IT security leaders are currently faced with within their business?  

I feel one of the biggest challenges IT security leaders will be facing in 2019 and beyond will be a shortage of suitably qualified and experienced IT security professionals. Ours is a rapidly growing field and I believe we will see far more small to mid-range companies employing full time IT security teams from now on, as a result of the escalating threat and new regulations. This could lead to a very competitive recruitment market and subsequently the level of cyber security experts in the field will be spread very thinly.

As an IT leader, what do you feel businesses continue to get wrong when it comes to their IT security strategy?

I believe when it comes to IT security most businesses have more focus on the software and technical aspects of security than they should. It is my belief that a solid IT security strategy should be far more focused on end-user development and training. By no means am I saying the technical aspects are not important, as they definitely are. However, I believe that if you’re able to upskill your workforce they will be able to identify threats; recognise potential vulnerabilities in their current workflow; and ultimately aid in your ability to quickly respond to any potential issues or avoid them altogether.

What are the latest trends and behaviours you predict will be surfacing on the market over the coming 12 months?

I believe we will see a solid increase in the sophistication and number of credential theft attacks. I believe we will also see this being focused far more on those roles who have high level access to valuable data, i.e. human resources, accounts payable and those responsible for large data sets of PII information. I base this on the current levels of income being generated by the illegal sale of sensitive data, as the same dataset can be sold numerous times for a relatively large amount. Such high levels of income will be highly appealing to threat actors and will mean they are able to organize themselves to present a sophisticated threat.

What is one key takeaway you hope our IT audience leaves with after hearing your presentation on site?

My hope is that people leave the seminar with a realistic understanding of the current threat; and a sense of optimism in our ability to meet this threat. We are operating at a threat level that is unprecedented and this threat continues to grow, change and improve on an almost daily basis. New technologies are being deployed by threat actors that are incredibly sophisticated and I believe this will continue to advance at a rapid pace, with tech such as machine learning only in its infancy. However, I also think we are at a time of opportunity. I believe that most executives are now far more engaged with security than ever before and that there is large interest in the development of new and improved IT security technologies. If we are able to capitalise on this we will be able to develop our abilities, training and technology in-order to meet these new threats, and save ourselves from falling further behind.

Copyright 2019 © MediaCorp International. All rights reserved
x
x
x
x
X

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed a leo quis purus feugiat facilisis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Aliquam quis elit tristique, efficitur enim viverra, consequat odio. Duis porta ipsum ut magna dignissim vestibulum. Ut finibus augue nec mi maximus, nec laoreet arcu sagittis. Fusce pellentesque ipsum non lobortis bibendum. Sed consectetur dolor et ligula venenatis facilisis.

http://ohsleaders.com.au/

X

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed a leo quis purus feugiat facilisis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Aliquam quis elit tristique, efficitur enim viverra, consequat odio. Duis porta ipsum ut magna dignissim vestibulum. Ut finibus augue nec mi maximus, nec laoreet arcu sagittis. Fusce pellentesque ipsum non lobortis bibendum. Sed consectetur dolor et ligula venenatis facilisis.

http://ohsleaders.com.au/

X
x
x
Top of Page