2016 Spring Members Meeting - Session Synopsis
Presenter: Fergus Brooks, National Practice Leader, Cyber Risk, Aon Risk Solutions
Session: Cyber, The Fast-Moving Target
Synopsis: Risk landscape; Potential organisational liabilities; Legislation and the potential impact to organisations; How to prepare and deal with these risks using Australian examples of good and pathetic.
Presenter: Julie Canepa, CIO, Cisco Australia New Zealand
Session: Cisco’s Internal IT Digital Journey
Synopsis: Digital transformation is at the very heart of the Fourth Industrial Revolution, which is changing our understanding of doing business, of learning & development in a fundamental way – and with unrivaled speed. However, many organisations and individuals hesitate to acknowledge the depth and impact of current developments on their operating model and people. Julie Canepa, CIO Cisco ANZ will share insights on how Cisco itself is being disrupted, and how her team is taking on the challenge. She will describe the journey Cisco IT has embarked on, to enable the secure digital business, and learnings along the way. Gain insights on what Cisco is doing to drive growth and innovation through technology and culture, and what you can address and consider while going through your digital journey.
Presenter: Bruce Davie, Vice President and CTO, Asia Pacific Japan, Network & Security Business Unit, VMware
Session: Information Security — What does the future look like?
Synopsis: Many of the security challenges faced by IT leaders today can be traced to the fact that security was not a part of the original architecture of the Internet. The effects of several decades of attempts to improve cybersecurity include a high degree of complexity, lack of agility, and a patchwork of point solutions. There has been an architectural gap between the things we can secure (e.g. a network perimeter) and the things that matter (e.g. critical corporate data). However, we now have the ability to take a more principled and systematic approach to security by leveraging the technologies of virtualization and cloud computing. We will discuss a comprehensive architectural approach to security in which controls are applied directly to the assets we wish to secure, and where security and agility no longer need to be in conflict.
Presenter: James Culverhouse, General Manager - AusCERT
Session: The emerging AusCERT ISAC
Synopsis: This session will explore today’s threat landscape and how we got there. The team will show popular planning techniques used by attackers including the difference between 'low and slow' and 'spray and pray,' sources of intel (OS INT) that are used to build attacks as well as data correlation for execution. In the live demonstration of a hack the Mimecast team will show how easy it is to use email as an entry point and how readily available tools are used to compromise an end-user for financial gain.
Presenter: Nicholas Coates-Lam, Assistant Director/Senior Adviser Strategic Partnerships, CERT Australia
Session: Protecting our national interests online
Synopsis: As the national computer emergency response team, CERT Australia is responsible for providing advice and support to Australian industry, particularly the owners and operators of critical infrastructure and other systems of national interest. This session will provide a short overview on the role of CERT Australia and the services which it provides to Australian businesses. The session will also provide an overview of the cyber security environment from CERT Australia’s perspective.
Presenter: Craig Dore, Senior Security Architect, RSA Security
Session: Cybersecurity. Is this what “Working” looks like?
Synopsis: It is common knowledge that social engineering attacks are the #1 threat to any organisation. Yet, proper Identity Management is one of the most complex endeavours any organisation can undertake. The need for management of user access is clear, as users are the primary conduit for sensitive data. And failing to manage these users opens the organisation to all manner of risks, including potential compromise. The common phrase, “Identity is the new perimeter” could be re-phrased simply as: “Humans are the perimeter”. Security Technologies and particularly Security Vendors themselves, often forget this. Identity isn’t a product, it is actually a process. One that should be woven deeply into the social fabric of the organisation, not just on a technical level but a social one. Identities are people, too! RSA will illustrate this and provide some insight into the real problem: the users themselves.
Presenter: Tim Lane, Chair, CAUDIT Cybersecurity Community of Practice & IT Security Projects Manager, Griffith University
Session: Cybersecurity in higher education – where to from here?
Synopsis: Cyber-security is now a pressing issue and a major challenge for institutions around the world. In 2016 and 2017, cyber-security was ranked as number three on CAUDIT’s Top Ten issues, and for 2017 the need for secure collaboration was raised to number five on the list. In the USA cyber-security was ranked number one on the EDUCAUSE Top Ten issues for both years. Responses to dealing with cyber-security are many and varied so how do we approach this? This presentation will look at the question from three themes. Firstly, a brief update will highlight the current cyber threat landscape covering key areas of cyber activity and how they relate to the HE sector, secondly, the role of emerging cyber-security maturity models for determining and understanding risk posture and compliance will be presented. Thirdly, the recommendations contained in a report provided on the Top Ten will be discussed in context to future direction and strategies.
Presenters: Louise Schuster, Director Cyber Security AARNet and Steve Maddocks, Director Network Operations AARNet
Session: AARNet Cyber Security Plans with a DDoS deep dive!
Synopsis: We will share our Security Plans, focusing on the activities where we are adding value for our customers. It is an exciting time for security at AARNet. We will discuss our partnerships locally with members to run incident response exercises and provide awareness of security incidents and trends, nationally with AUSCert & CERT Australia to detect incipient attacks and breaches, and internationally through the Global NREN Security group to provide resiliency of research networks across the globe.
Presenters: Tim Wellsmore, Director of Threat Intelligence and Consulting, Mandiant International, a FireEye Company
Session: Advanced Threat Actors targeting the Australian Education Sector. The who, what and why
Synopsis: Universities and Research institutions are hubs of innovation and technological advances which are designed to progress our societies in future generations. Advanced Cyber threat actor groups and sponsoring nation states recognise the intrinsic value of these organisations and actively target them with espionage and financially motivated intent. In this presentation we aim to expand on the motivating factors behind these threats, and provide regional case studies of relevant examples and targeted information, as well as preparation strategies for the audience to assist them in their role in the modern cyber threat environment.