Welcome Address (Day 1)

Dec 6, 2023 9:05am ‐ Dec 6, 2023 9:15am

Identification: SAP2301

ISC2 Singapore Chapter Update

Dec 6, 2023 10:00am ‐ Dec 6, 2023 10:15am

Identification: SAP2303

Outside the Algorithm: Cognitive Hacking and Online Influence

Dec 6, 2023 10:25am ‐ Dec 6, 2023 11:05am

Identification: SAP2304

Cyberattack is about data and integrity not only network security, as breaches also effect an enterprise's values, reputation and brand. Cognitive hacking using dis-mis-mal-information is cyberattack aimed at manipulating perception and exploiting psychological vulnerabilities to change behaviour. This makes online influence campaigns across social media, the internet and networking infrastructure a cyber problem and solutions part of the cyber environment. Increasingly sophisticated AI-generated disinformation can amplify social tensions and unsettle communities, but to what degree can it be intentionally weaponised on a population without it's knowledge? The implications and extent of online disinformation damage remains unclear and mostly assumed not proven because it is difficult linking specific measurable indicators. Social media platforms are commercial businesses balancing financial incentives with at least the appearance of social responsibility and as Big Tech ramps up censorship purging dissenting voices, questions continue if this will fix the problem.

• Appreciate advanced dis-mis-mal-information campaigns and online influence across social media, internet and networking infrastructure is now recognised as a new cyber threat
• Understand types, techniques, pervasiveness and impact of cognitive hacking cyberattack manipulating psychological vulnerabilities to change behaviour

Control Validation Through Adversary Emulation at DTCC

Dec 6, 2023 10:25am ‐ Dec 6, 2023 11:05am

Identification: SAP2305

In this compelling presentation at the Secure Asia Pacific, I will delve into the cutting-edge practice of control validation through adversary emulation, specifically within the context of Depository Trust & Clearing Corporation (DTCC). Focusing on the crucial task of ensuring the effectiveness of our cyber security monitoring controls, I will highlight DTCC's innovative approach of emulating threat actors or adversary campaigns using the well-established MITRE ATT&CK framework. Through insightful analysis and real-world examples, I will demonstrate how DTCC successfully mimics adversarial behavior, allowing us to assess the robustness of our defensive measures. Attendees will gain valuable insights into the benefits and challenges of this proactive validation approach, as well as the practical steps taken by DTCC to implement it within the organization. From identifying control gaps to evaluating response capabilities, this presentation offers a comprehensive exploration of control validation through adversary emulation, offering attendees practical strategies to enhance their own cyber security practices.

• Learn about the practice of adversary emulation using MITRE ATT&CK framework.
• Gain valuable insights into DTCC's control validation practices, providing attendees with actionable guidance to establish or enhance their own control validation programs.
• Acquire firsthand experience with the tools, resources, and processes employed in adversary emulation, allowing attendees to develop practical skills and knowledge in this crucial area of cyber security.

Elevating Efficiency and Cloud Security: SaaS Products in Public Sector

Dec 6, 2023 11:25am ‐ Dec 6, 2023 12:20pm

Identification: SAP2306

This session will explore how the public sector can leverage Software as a Service (SaaS) products for optimal efficiency and cloud security. Discover best practices in adopting SaaS solutions while upholding robust security measures, data protection, and regulatory compliance. Gain insights from real-world examples and learn about effective vendor evaluation, authentication controls, data governance, and ongoing security monitoring.

• Learn best practices for adopting secure and efficient SaaS solutions in the public sector.
• Gain insights into effective vendor evaluation, authentication controls, and data governance for SaaS implementation.

DevSecOps Demystified - Navigating the Conundrum

Dec 6, 2023 12:30pm ‐ Dec 6, 2023 1:25pm

Identification: SAP2307

DevSecOps is often becoming a buzz word where organizations mostly don't get to unlock the real value of this critical topic. Some of the organizations start looking for a "silver bullet" technology solution to solve their software security challenges end to end. However, as they discover later, this issue requires a holistic approach that builds on DevOps framework and embeds security principles from in a system covering the "cradle to grave" journey. The session will touch upon key areas to firstly demystify DevSecOps, call out the myths and stress upon DevSecOps key tenets. Later the session will delve more into the 10 commandments to implement DevSecOps in a typical organization setting. Audience will also get some bite-size key takeaways to start/improve the DevSecOps journey confidently when they go back to their work.

• Demistifying DevSecOps - what it is and what it isn't
• Best practices for unlocking the value of DevSecOps pragmatically and sustainably

Managing Cyber Risk for IT and OT using NIST, IEC62443 & ISO27001

Dec 6, 2023 2:30pm ‐ Dec 6, 2023 3:15pm

Identification: SAP2310

Sandra will explain how cyber risk for both IT and OT (IACS) is managed enterprise-wide based on the company's Enterprise Cyber Security Governance Framework, which is comprised of two main elements - the Cyber Security Risk Management process and the integrated Control Framework. Sandra will explain the main elements of the Cyber Risk Management process and how it is applied to both IT and OT, reflecting a risk-based approach whilst at the same time meeting the compliance requirements of various standards and regulations, both global and country specific. The Control Framework includes multiple relevant standards such as NIST, IEC/ISA 62443, ISO27001+, multiple countries' Data Protection standards (e.g. EU, UK, Canada, Malaysia, Australia, etc), OWASP and PCI DSS.

• Learn how to create and apply a GRC framework for cybersecurity risk governance and management, that can be applied to both IT and OT (IACS), whilst addressing multiple standards, and diverse country and industry requirements
• Learn practical tips and advice on deploying and implementing the framework to diverse stakeholders

Fireside Chat: How to Build a Cyber Team from Scratch?

Dec 6, 2023 2:30pm ‐ Dec 6, 2023 3:15pm

Identification: SAP2311

Cybersecurity team needs to be carefully built and managed to reach optimum performance. Learn how to break down the details into manageable solutions, build a CSIRT, Cyberlab and also a culture of inclusivity.

CISO Panel: Emerging Technologies And Their Effect On The Security Landscape

Dec 6, 2023 4:30pm ‐ Dec 6, 2023 5:35pm

Identification: SAP2314

Welcome Address (Day 2)

Dec 7, 2023 9:00am ‐ Dec 7, 2023 9:15am

Identification: SAP2315