Identification: SAP2301
Identification: SAP2303
Identification: SAP2304
Cyberattack is about data and integrity not only network security, as breaches also effect an enterprise's values, reputation and brand. Cognitive hacking using dis-mis-mal-information is cyberattack aimed at manipulating perception and exploiting psychological vulnerabilities to change behaviour. This makes online influence campaigns across social media, the internet and networking infrastructure a cyber problem and solutions part of the cyber environment. Increasingly sophisticated AI-generated disinformation can amplify social tensions and unsettle communities, but to what degree can it be intentionally weaponised on a population without it's knowledge? The implications and extent of online disinformation damage remains unclear and mostly assumed not proven because it is difficult linking specific measurable indicators. Social media platforms are commercial businesses balancing financial incentives with at least the appearance of social responsibility and as Big Tech ramps up censorship purging dissenting voices, questions continue if this will fix the problem.
Learning Objectives:Identification: SAP2305
In this compelling presentation at the Secure Asia Pacific, I will delve into the cutting-edge practice of control validation through adversary emulation, specifically within the context of Depository Trust & Clearing Corporation (DTCC). Focusing on the crucial task of ensuring the effectiveness of our cyber security monitoring controls, I will highlight DTCC's innovative approach of emulating threat actors or adversary campaigns using the well-established MITRE ATT&CK framework. Through insightful analysis and real-world examples, I will demonstrate how DTCC successfully mimics adversarial behavior, allowing us to assess the robustness of our defensive measures. Attendees will gain valuable insights into the benefits and challenges of this proactive validation approach, as well as the practical steps taken by DTCC to implement it within the organization. From identifying control gaps to evaluating response capabilities, this presentation offers a comprehensive exploration of control validation through adversary emulation, offering attendees practical strategies to enhance their own cyber security practices.
Learning Objectives:Identification: SAP2306
This session will explore how the public sector can leverage Software as a Service (SaaS) products for optimal efficiency and cloud security. Discover best practices in adopting SaaS solutions while upholding robust security measures, data protection, and regulatory compliance. Gain insights from real-world examples and learn about effective vendor evaluation, authentication controls, data governance, and ongoing security monitoring.
Learning Objectives:Identification: SAP2307
DevSecOps is often becoming a buzz word where organizations mostly don't get to unlock the real value of this critical topic. Some of the organizations start looking for a "silver bullet" technology solution to solve their software security challenges end to end. However, as they discover later, this issue requires a holistic approach that builds on DevOps framework and embeds security principles from in a system covering the "cradle to grave" journey. The session will touch upon key areas to firstly demystify DevSecOps, call out the myths and stress upon DevSecOps key tenets. Later the session will delve more into the 10 commandments to implement DevSecOps in a typical organization setting. Audience will also get some bite-size key takeaways to start/improve the DevSecOps journey confidently when they go back to their work.
Learning Objectives:Identification: SAP2310
Sandra will explain how cyber risk for both IT and OT (IACS) is managed enterprise-wide based on the company's Enterprise Cyber Security Governance Framework, which is comprised of two main elements - the Cyber Security Risk Management process and the integrated Control Framework. Sandra will explain the main elements of the Cyber Risk Management process and how it is applied to both IT and OT, reflecting a risk-based approach whilst at the same time meeting the compliance requirements of various standards and regulations, both global and country specific. The Control Framework includes multiple relevant standards such as NIST, IEC/ISA 62443, ISO27001+, multiple countries' Data Protection standards (e.g. EU, UK, Canada, Malaysia, Australia, etc), OWASP and PCI DSS.
Learning Objectives:Identification: SAP2311
Cybersecurity team needs to be carefully built and managed to reach optimum performance. Learn how to break down the details into manageable solutions, build a CSIRT, Cyberlab and also a culture of inclusivity.
Identification: SAP2314
Identification: SAP2315