In today's rapidly advancing digital world, it's vital to understand the interconnected nature of cyber threats as they affect the global public good, highlighting the urgency for cyberpeace across all dimensions. As the cyber threat landscape expands, with emerging technologies and malicious actors posing risks that resonate across borders and sectors, it's imperative to consider cybersecurity as a public good. This approach underpins collective resilience and protects nations, industries, and individuals. At the same time, addressing the widening cybersecurity workforce gap is critical, as the lack of skilled professionals spans from private to public sectors, affecting organizations of all sizes. The dialogue will explore effective practices to cultivate a diverse workforce equipped with the necessary skills for a secure digital future.
This session aims to provide an overview and status update of ISC2 Singapore Chapter programmes and activities for ISC2 members.Learning Objective:
In this compelling presentation at the Secure Asia Pacific, I will delve into the cutting-edge practice of control validation through adversary emulation, specifically within the context of Depository Trust & Clearing Corporation (DTCC). Focusing on the crucial task of ensuring the effectiveness of our cyber security monitoring controls, I will highlight DTCC's innovative approach of emulating threat actors or adversary campaigns using the well-established MITRE ATT&CK framework. Through insightful analysis and real-world examples, I will demonstrate how DTCC successfully mimics adversarial behavior, allowing us to assess the robustness of our defensive measures. Attendees will gain valuable insights into the benefits and challenges of this proactive validation approach, as well as the practical steps taken by DTCC to implement it within the organization. From identifying control gaps to evaluating response capabilities, this presentation offers a comprehensive exploration of control validation through adversary emulation, offering attendees practical strategies to enhance their own cyber security practices.Learning Objectives:
As cloud-native infrastructures evolve, the need for advanced security controls such as Attribute-Based Access Control (ABAC) over traditional Role-Based Access Control (RBAC) becomes apparent. This talk will explore the journey from RBAC to ABAC, highlighting the limitations of RBAC and how ABAC's fine-grained, context-sensitive controls meet modern demands. We'll discuss ABAC's key benefits, supported by case studies of successful transitions from RBAC to ABAC. Additionally, we'll offer practical advice on implementing ABAC effectively. Attendees will gain insights into the future of access control in cloud environments, helping them leverage ABAC to enhance their organization's security.Learning Objectives:
This session will explore how the public sector can leverage Software as a Service (SaaS) products for optimal efficiency and cloud security. Discover best practices in adopting SaaS solutions while upholding robust security measures, data protection, and regulatory compliance. Gain insights from real-world examples and learn about effective vendor evaluation, authentication controls, data governance, and ongoing security monitoring.Learning Objectives:
Over the years, malware infections are becoming a norm and attackers has become evidently better technically, posing challenges to cybersecurity professionals. In the light of escalating cyberthreats, I am here to shed some lights into an actual Blackcat ransomware incident that crippled one of the largest manufacturing companies in Singapore leading to millions of losses. I will address some of the lessons learnt and painpoints in details as well as preparation effort that can be put in place to effectively manage security incidents.Learning Objectives:
Sandra will explain how cyber risk for both IT and OT (IACS) is managed enterprise-wide based on the company's Enterprise Cyber Security Governance Framework, which is comprised of two main elements - the Cyber Security Risk Management process and the integrated Control Framework. Sandra will explain the main elements of the Cyber Risk Management process and how it is applied to both IT and OT, reflecting a risk-based approach whilst at the same time meeting the compliance requirements of various standards and regulations, both global and country specific. The Control Framework includes multiple relevant standards such as NIST, IEC/ISA 62443, ISO27001+, multiple countries' Data Protection standards (e.g. EU, UK, Canada, Malaysia, Australia, etc), OWASP and PCI DSS.Learning Objectives: