Arrival and Registration
International keynote speaker Blinded Random Block Corruption Attacks: the next level
Rodrigo Branco, senior principal security researcher, Intel
Protecting user privacy in virtualised cloud environments is an increasing concern for both users and providers. This presentation argues that the privacy claim of any technology that uses different encryption keys to isolate hypervisor administrators from guest VMs cannot be guaranteed. This will be demonstrated via a new instantiation of a Blinded Random Block Corruption Attack. Under the same scenario assumptions that the per-VM keying method addresses, the attack allows a cloud provider administrator to use the capabilities of a (trusted) hypervisor in order to login to a guest VM (besides the encrypted memory). This completely compromises the user's data privacy. Furthermore, we also demonstrate that even non-Boolean values can be effectively targeted by attackers, forcing the elevation of privileges of a process running in a protected VM as demonstration.
- Find out how memory encryption by itself is not necessarily a defence-in-depth mechanism against attackers with memory read/write capabilities
- Deliberate the concept that 'a better guarantee is achieved if the memory encryption includes some authentication mechanism'
Thought-leadership Why are we still getting hacked?
Herman Young, group CISO, Investec
Organisations are constantly under threat of attack and nothing has changed in the cyber security space in the last 20-plus years. These attacks are generally unsophisticated and leverage purely on misconfigurations. Why is that? Why haven't we evolved in the cyber security defence space?
- Potentially uncomfortable questions will be posed for your reflection
- Suggestions and practical solutions will be brought to the table for discussion
Hot off the Press Security Survey results unveiled
Gareth James, network and security specialist, VMware sub-Saharan Africa
The results from the first SA-wide security survey will be unveiled by our survey sponsor VMWare during this not-to-be missed session.
Do you want to hear the responses, of C-Suite security professionals across South Africa, to these questions, and more?
- Did you suffer an outsider attacks in the past year?
- Did you suffer an information security breach in the past year?
- Did last year's Wannacry attack affect you?
- How quickly can you remediate security breach events in general?
Do you want a copy of the survey results? They will be made available at the close of the event this afternoon. Hand us your completed evaluation form and benefit from invaluable insight.
Networking, Business Matchmaking and Refreshments
The importance of adaptive fraud risk strategies which ensure customer satisfaction
Davina Myburgh, director: product, innovation solutions group, Transunion
In this talk we will explore the growing access fraudsters have to data and how identity management strategies that result in a positive customer experience are critical to businesses to manage their risk whilst growing their business.
- Understand the related security concerns associated with the growing access to digital data
- Gain insight into why online fraud is increasing
- Highlighting the importance of data integrity
- Four identity management strategies to approve more customers unveiled
Innovating in cyber security using DevOps
Jason Suttie, head of engineering, The Foundery: RMB's disruption and innovation unit
Through the application of sound security principles to DevOps, DevSecOps can help your organisation to innovate in Cyber Security. This talk explains DevSecOps, how to implement it in your organisation and the innovation in security velocity that DevSecOps brings.
- An understanding of DevSecOps
- How to implement DevSecOps in your organisation
- Innovation in security velocity using DevSecOps
Lunch, Networking and Business Matchmaking
Break into Tracks
Stranger than fiction
Nithen Naidoo, CIO and co-founder, Snode
Many organisations in SA are often left in the dark when it comes to some potentially severe vulnerabilities in their networks. This is either because none of their existing technologies and methodologies have been able to detect the threat, or they opt to only deal with the "bigger" issues that are brought to light by hype, rather than the smaller and often more dangerous issues that are left to linger. Or it's as simple an explanation as they didn't think it was possible for it to exist! This talk delves deeper into some of the stranger things that have been uncovered within the cyber security landscape of SA over the past year, as well as what you can do to protect yourself against similar threats in your environment.
- A better understanding of the cyber security landscape in SA and the threats that exist inside it
- What you can do to safeguard yourself against such threats
Dr Bright G Mawudor, head of cyber security services, IS
Mobile applications are the new entry level to corporate networks as they connect to internal systems and lack basic security. Most organisations do not have or even understand policies around devices that are allowed (or are not allowed) into their environment, thus leading to a breaches, one way or the other.
- This presentation will show just some of the ways mobile applications can be compromised, the various mistakes made in software developments, best ways to implement BYOD policies and device management, as well as remediation methods that should be employed.
A simple recipe to ensure your information security cake isn't a flop
Manuel Corregedor, COO, Telspace Systems
When baking a cake, there are three important aspects that need to be considered in order to ensure your cake will be a success: the ingredients, the tools you are using and the baker making the cake. Should one of these aspects not be in place, the cake will most likely be a flop or will not be as great as it should have been. The same can be said for information security. Corregedor will discuss how organisations continue changing their recipes for information security, resulting in a cake that no one wants to eat or one which leaves a bitter taste in people's mouths. As with any great cake recipe, it is important to stick to the original recipe (although you can always add new toppings)!
- A recipe for an information security cake
- Lessons learnt
- Adapting the recipe for other tastes, ie, changing environments/threat landscapes
Are we there yet? Mature your enterprise security operations by mastering the basics
Maletsema Phofu, Information security & investigations manager, Eskom Holdings SOC
Are you still struggling with security basics and unable to sleep at night? Are you overwhelmed by security technologies in the market?
This session will provide an experience-based overview of basic security principles and practices that helps organisations to achieve a comfortable level of network and systems security.
With technology changing faster than most organisations can keep up, defining and building the needed security capabilities is often the most difficult part. The session will also propose an approach to get the organisation out of the fire-fighting mode towards the achievement of growth, agility and innovation.
- Getting up to speed with the security basics
- Adopting more advanced security strategies
Thought-leadership Translating 'cyber' to English
Keitumetsi Tsotetsi, cyber security risk assurance consultant, PwC
The age-old miscommunication between IT and business has intensified with the elevated importance of cyber, which seems to be an encrypted language on its own. Tsotetsi will take a look at how to translate technical security requirements into business requirements, taking into consideration strategy, risk, governance and compliance.
- This session will delve into the progression of asking questions differently.
Taking access management beyond tick-box compliance
Patrick Ryan and Amanda Hechter will discuss and present on a practical approach that can be used for the successful implementation of identity and access governance (IAG) in a way that a number of benefits can be realised, not just ticking boxes to say the organisation complies with external and internal compliance requirements.
- A high level and holistic approach to ensure IAG implementation success
- Aspects to consider when implementing IAG solutions
- Building a business case and implementing IAG
Close of Summit
Cyber incident readiness as part of an information security strategy
Advocate Jacqueline Fick, executive head: forensic services, Cell C
A reactive or tactical approach to information security may introduce significant costs and opportunity loss. As businesses innovate to develop products and services taking advantage of the digital economy, dealing with information security proactively will reduce the risks and speed up entry into this space.
Cyber incident readiness is the organisation's potential to maximise the use of digital evidence to aid in an investigation, with the intent to:
- Reduce the time taken to respond to an incident;
- Maximise the ability to collect credible and meaningful evidence; and
- Minimise the length/cost of an investigation.
How to become a digital forensics practitioner
Jason Jordaan, principal forensic scientist and MD, DFIRLABS
CSI television shows have resulted in forensics being seen as sexy, and the same can be said for information security. Interest in digital forensics is growing even though the field is still largely misunderstood and unregulated. Literally anyone can say they are digital forensics practitioners, which brings significant risk.
- Understand the nature of digital forensics work
- Identify the key skill and knowledge areas required of a digital forensics practitioner
- Understand the training and development requirements of a digital forensics practitioner
- The reality and limitations of vendor training and certification
- Understanding the risks of using non-competent digital forensics practitioners
Convergence: cyber security and digital forensics
Junaid Amra, director: incident response and cyber securities, PwC
Cyber crime trends are driving change at every level within organisations. One of these is that incident response teams are requiring a converged team of cyber security and digital forensics experts in order to deal with current and emerging attacks
- A better understanding of the differences between cyber security and digital forensics teams in terms of what they bring to the table
- Trends driving the need for the convergence of these teams
- Benefits of a converged team
International Industry perspective Hacking incident response
O'Shea Bowens, security operations expert, Novartis
This presentation will unveil the techniques and strategies that can be applied to foster 'flexibility' during incident response, into information security programs and security operations centre environments. Most SOC environments experience a disconnect in response time, insufficient or unrealistic capabilities of technology, inadequate skill sets, and overall lack of sufficient communication attributes to breaches. These occurrences aren't all categorised as top-down issues, but instead highlight an issue of underutilisation of resources (most importantly, the information security team). Let's hack incident response together and find the solution.
- Fostering an open source mind-set to incident response
- Maximising the talent and passion of information security team members
- Conduct a gap analysis
- Leverage incidents to attest the information security budget
Gus Clarke, head of cyber security, TYMEDigital by CommonWealth Bank SA
A number of watershed security events in 2017 held significant ramifications for the financial services sector, including an uptick in geopolitical activities that have impacting the cyber threat landscape. Attacks from cybercriminal actors continue to evolve in sophistication and brazenness, ranging from bespoke malware variants to new attacks against ATMs. This talk will deconstruct and timeline the evolution of previous and existing prevalent threats to the financial services sector, as well as detail how plans to potentially mitigate these threats.
- Learn what adversaries and threats the financial services industry face and how they combat them
- Understand how ATM jackpotting attacks work
- Find out how cyber attacks can affect an economy
Resilience engineering: keeping the lights on
Jonathan Coetzee, security engineer, Telic
At its core, information security is concerned with protecting the confidentiality, integrity and availability of information. In practice, however, availability of systems (and therefore the information contained in them) is often relegated to the ops team and takes a backseat to confidentiality and integrity.
This talk aims to show that availability of distributed systems should be a concern for infosec teams. I'll discuss various anti-patterns for resilience and failure modes that are often encountered in the field as well as patterns that contribute to more resilient systems. These concepts will have an emphasis on the numerous parallels between commonly accepted security and resilience best practices.
- Insight into security's role in enabling resilient systems
- Understand the parallels between traditional security concepts and best practices those for resilience
- Learn how to recognise anti-patterns for resilience
- Understand selection of patterns that can be leveraged to improve resilience
Close of Summit
Mini-Workshop and Live Demo Trape: the evolution of phishing attacks
Trape is a recognition tool that allows you to track people and make phishing attacks in real time, the information you can get is very detailed. The objective is to teach the world through this, how the big Internet companies could be monitoring you, getting information beyond your IP, such as the sessions of your sites or Internet services.
- Learn how the big Internet companies could be monitoring your business and get information beyond your IP
- Live demo
Cyber Security and SDWAN
Praven Pillay, managing director, Maxtec
It will be a broad technical talk, focusing on cyber security and SDWAN and how to prevent risk and secure networks.
- Audience will learn of risks and exposure to the Internet of Things and then get educated on how to overcome and prevent these risks.
Industry Perspective Establishing a quality vulnerability management programme
Lydie Nogol, senior manager information security, MTN Cameroon
The objective of this session is to provide a clear understanding of and best practices for managing vulnerabilities. It will present building blocks critical for creating a successful vulnerability management programme, including getting top management commitment and funding, establishing reports and metrics, having a holistic approach to avoid mistakes and put the focus at the right place, including challenges and uses cases for addressing issues.
- Understand the importance of setting up a vulnerability management programme
- Tips on getting top management support for managing threat and vulnerabilities
- Determine the value gain through metrics and measurement
- Understand key elements and approaches for successful implementation of vulnerability management programmes
- Take a best practices view of your own organisation and begin developing a vulnerability and threat management playbook
Defeating defensive regression
Martin Potgieter, technical director, NClose
Defensive regression is the concept that defence systems implemented today will regress and be somewhat less effective tomorrow. Although seldom spoken about, defensive regression is a real threat to our organisations today and in most cases it's too late when we realise this. Evidence of this reality can be found in almost all breach reports, where organisations had the latest and greatest technology but were still compromised without detection. In this talk we will define the concept of defensive regression and deep dive into some of the root causes of it, finally looking at different ways to mitigate against it.
- Provide an understanding what defensive regression is
- Look at the various causes of defensive regression
- Understand some of the mitigations to prevent defensive regression
Close of Summit
Track Four starts
Andrew Whittaker, practice lead, Ubusha
"Identity is the new perimeter" is a phrase often used in modern security architecture. But what does this mean? How can we stop the sprawl of user accounts, credentials and associated access (which requires identity governance and administration solutions to consolidate)?
- During this session, we will unpack the modern identity architecture: discussing how the advent of cloud identity providers (such as the Microsoft cloud) and security controls can ensure that Identity becomes a business enabler. CIOs who focus on Cloud, Mobile, Omni-channel and the Internet of Everything all rely on identity and require a transparent experience of this to truly be a successful. Components that support this include: providing federation, adaptive access controls and multi-factor authentication, along with single views of employees and customers (such as those from PingIdentity).