Arrival and Registration
International keynote speaker Blinded Random Block Corruption Attacks: the next level
Rodrigo Branco, senior principal security researcher, Intel
Protecting user privacy in virtualised cloud environments is an increasing concern for both users and providers. This presentation argues that the privacy claim of any technology that uses different encryption keys to isolate hypervisor administrators from guest VMs cannot be guaranteed. This will be demonstrated via a new instantiation of a Blinded Random Block Corruption Attack. Under the same scenario assumptions that the per-VM keying method addresses, the attack allows a cloud provider administrator to use the capabilities of a (trusted) hypervisor in order to login to a guest VM (besides the encrypted memory). This completely compromises the user's data privacy. Furthermore, we also demonstrate that even non-Boolean values can be effectively targeted by attackers, forcing the elevation of privileges of a process running in a protected VM as demonstration.
- Find out how memory encryption by itself is not necessarily a defence-in-depth mechanism against attackers with memory read/write capabilities
- Deliberate the concept that 'a better guarantee is achieved if the memory encryption includes some authentication mechanism'
Thought-leadership Why are we still getting hacked?
Herman Young, group CISO, Investec
Organisations are constantly under threat of attack and nothing has changed in the cyber security space in the last 20-plus years. These attacks are generally unsophisticated and leverage purely on misconfigurations. Why is that? Why haven't we evolved in the cyber security defence space?
- Potentially uncomfortable questions will be posed for your reflection
- Suggestions and practical solutions will be brought to the table for discussion
Industry perspective Bringing cyber security to C-level and board – an imperative task in all organisations
Vincent Mello, manager: system administration and risk management, Rand Water
Cyber security cannot remain with the technical, operational teams and management only. C-level and the board are then found wanting when faced with serious, demanding and time-sensitive decisions in cyber security-related situations. All of the latest developments in the industry with regards to cyber security strategies, investment and reporting demand C-level and the board's attention.
The questions asked by too many C-level and board members is – where do we start, and how do we adequately and effectively perform their executive and oversight roles?
- Private and public organisational cyber security challenges – latest case studies and impact analysis
- Hard questions the C-level and board need to ask to ensure coverage on their cyber security initiatives
- Guide for C-level and the board to ensure cyber security risk is given the attention it deserves
- Role of the audit and risk committee at board level and how this can be measured
- Cyber security performance evaluation system/approach for C-level and the board in organisations
Networking, Business Matchmaking and Refreshments
The importance of adaptive fraud risk strategies which ensure customer satisfaction
Davina Myburgh, director: product, innovation solutions group, Transunion
In this talk we will explore the growing access fraudsters have to data and how identity management strategies that result in a positive customer experience are critical to businesses to manage their risk whilst growing their business.
- Understand the related security concerns associated with the growing access to digital data
- Gain insight into why online fraud is increasing
- Highlighting the importance of data integrity
- Four identity management strategies to approve more customers unveiled
Innovating in cyber security using DevOps
Jason Suttie, head of engineering, The Foundery: RMB's disruption and innovation unit
Through the application of sound security principles to DevOps, DevSecOps can help your organisation to innovate in Cyber Security. This talk explains DevSecOps, how to implement it in your organisation and the innovation in security velocity that DevSecOps brings.
- An understanding of DevSecOps
- How to implement DevSecOps in your organisation
- Innovation in security velocity using DevSecOps
Lunch, Networking and Business Matchmaking
Break into Tracks
Track one starts
Stranger than fiction
Nithen Naidoo, CIO and co-founder, Snode
Many organisations in SA are often left in the dark when it comes to some potentially severe vulnerabilities in their networks. This is either because none of their existing technologies and methodologies have been able to detect the threat, or they opt to only deal with the "bigger" issues that are brought to light by hype, rather than the smaller and often more dangerous issues that are left to linger. Or it's as simple an explanation as they didn't think it was possible for it to exist! This talk delves deeper into some of the stranger things that have been uncovered within the cyber security landscape of SA over the past year, as well as what you can do to protect yourself against similar threats in your environment.
- A better understanding of the cyber security landscape in SA and the threats that exist inside it
- What you can do to safeguard yourself against such threats
Dr Bright G Mawudor, head of cyber security services, IS
Mobile applications are the new entry level to corporate networks as they connect to internal systems and lack basic security. Most organisations do not have or even understand policies around devices that are allowed (or are not allowed) into their environment, thus leading to a breaches, one way or the other.
- This presentation will show just some of the ways mobile applications can be compromised, the various mistakes made in software developments, best ways to implement BYOD policies and device management, as well as remediation methods that should be employed.
A simple recipe to ensure your information security cake isn't a flop
Manuel Corregedor, COO, Telspace Systems
When baking a cake, there are three important aspects that need to be considered in order to ensure your cake will be a success: the ingredients, the tools you are using and the baker making the cake. Should one of these aspects not be in place, the cake will most likely be a flop or will not be as great as it should have been. The same can be said for information security. Corregedor will discuss how organisations continue changing their recipes for information security, resulting in a cake that no one wants to eat or one which leaves a bitter taste in people's mouths. As with any great cake recipe, it is important to stick to the original recipe (although you can always add new toppings)!
- A recipe for an information security cake
- Lessons learnt
- Adapting the recipe for other tastes, ie, changing environments/threat landscapes
Are we there yet? Mature your enterprise security operations by mastering the basics
Maletsema Phofu, Information security & investigations manager, Eskom Holdings SOC
Are you still struggling with security basics and unable to sleep at night? Are you overwhelmed by security technologies in the market?
This session will provide an experience-based overview of basic security principles and practices that helps organisations to achieve a comfortable level of network and systems security.
With technology changing faster than most organisations can keep up, defining and building the needed security capabilities is often the most difficult part. The session will also propose an approach to get the organisation out of the fire-fighting mode towards the achievement of growth, agility and innovation.
- Getting up to speed with the security basics
- Adopting more advanced security strategies
Thought-leadership Translating 'cyber' to English
Keitumetsi Tsotetsi, cyber security risk assurance consultant, PwC
The age-old miscommunication between IT and business has intensified with the elevated importance of cyber, which seems to be an encrypted language on its own. Tsotetsi will take a look at how to translate technical security requirements into business requirements, taking into consideration strategy, risk, governance and compliance.
- This session will delve into the progression of asking questions differently.
Taking access management beyond tick-box compliance
Patrick Ryan and Amanda Hechter will discuss and present on a practical approach that can be used for the successful implementation of identity and access governance (IAG) in a way that a number of benefits can be realised, not just ticking boxes to say the organisation complies with external and internal compliance requirements.
- A high level and holistic approach to ensure IAG implementation success
- Aspects to consider when implementing IAG solutions
- Building a business case and implementing IAG
Close of Summit
Track two starts
Cyber incident readiness as part of an information security strategy
Advocate Jacqueline Fick, executive head: forensic services, Cell C
A reactive or tactical approach to information security may introduce significant costs and opportunity loss. As businesses innovate to develop products and services taking advantage of the digital economy, dealing with information security proactively will reduce the risks and speed up entry into this space.
Cyber incident readiness is the organisation's potential to maximise the use of digital evidence to aid in an investigation, with the intent to:
- Reduce the time taken to respond to an incident;
- Maximise the ability to collect credible and meaningful evidence; and
- Minimise the length/cost of an investigation.
How to become a digital forensics practitioner
Jason Jordaan, principal forensic scientist and MD, DFIRLABS
CSI television shows have resulted in forensics being seen as sexy, and the same can be said for information security. Interest in digital forensics is growing even though the field is still largely misunderstood and unregulated. Literally anyone can say they are digital forensics practitioners, which brings significant risk.
- Understand the nature of digital forensics work
- Identify the key skill and knowledge areas required of a digital forensics practitioner
- Understand the training and development requirements of a digital forensics practitioner
- The reality and limitations of vendor training and certification
- Understanding the risks of using non-competent digital forensics practitioners
Convergence: cyber security and digital forensics
Junaid Amra, director: incident response and cyber securities, PwC
Cyber crime trends are driving change at every level within organisations. One of these is that incident response teams are requiring a converged team of cyber security and digital forensics experts in order to deal with current and emerging attacks
- A better understanding of the differences between cyber security and digital forensics teams in terms of what they bring to the table
- Trends driving the need for the convergence of these teams
- Benefits of a converged team
International Industry perspective Hacking incident response
O'Shea Bowens, security operations expert, Novartis
This presentation will unveil the techniques and strategies that can be applied to foster 'flexibility' during incident response, into information security programs and security operations centre environments. Most SOC environments experience a disconnect in response time, insufficient or unrealistic capabilities of technology, inadequate skill sets, and overall lack of sufficient communication attributes to breaches. These occurrences aren't all categorised as top-down issues, but instead highlight an issue of underutilisation of resources (most importantly, the information security team). Let's hack incident response together and find the solution.
- Fostering an open source mind-set to incident response
- Maximising the talent and passion of information security team members
- Conduct a gap analysis
- Leverage incidents to attest the information security budget
Incident response in the context of POPIA
Russell Opland, global privacy ("POPIA") business expert
Close of Summit
Track Three starts
Mini-Workshop and Live Demo Trape: the evolution of phishing attacks
Trape is a recognition tool that allows you to track people and make phishing attacks in real time, the information you can get is very detailed. The objective is to teach the world through this, how the big Internet companies could be monitoring you, getting information beyond your IP, such as the sessions of your sites or Internet services.
- Learn how the big Internet companies could be monitoring your business and get information beyond your IP
- Live demo
Moving beyond legacy endpoint security
Industry Perspective Establishing a quality vulnerability management programme
Lydie Nogol, senior manager information security, MTN Cameroon
The objective of this session is to provide a clear understanding of and best practices for managing vulnerabilities. It will present building blocks critical for creating a successful vulnerability management programme, including getting top management commitment and funding, establishing reports and metrics, having a holistic approach to avoid mistakes and put the focus at the right place, including challenges and uses cases for addressing issues.
- Understand the importance of setting up a vulnerability management programme
- Tips on getting top management support for managing threat and vulnerabilities
- Determine the value gain through metrics and measurement
- Understand key elements and approaches for successful implementation of vulnerability management programmes
- Take a best practices view of your own organisation and begin developing a vulnerability and threat management playbook