Advertise on ITWeb         Sat, 21 May, 23:58:49 PM

AGENDA: DAY 2 New strategies and tactics: Lessons from the battlefield

Agenda: Day 1 - 7 May Agenda: Day 2 - 8 May Workshops: Day 3 - 9 May SANS Training: 9 & 10  May

Day two is opened with a talk by Richard Bejtlich, MANDIANT's Chief Security Officer. Richard has more than 13 years of experience in enterprise-level intrusion detection and incident response working with the federal government, defense industrial base, and Fortune 100 companies. The other high-level talks presented by leading infosec experts during the plenary session will address pressing security issues and concerns, providing an essential update.

07h30 Exhibition opens

Jeremy Maggs,
journalist, radio host and television presenter

Formulating an attack-focused security plan

Richard Bejtlich
chief security officer, MANDIANT

This talk will introduce three types of threats: state-serving, self-serving, and public-serving. It will discuss three types of risk scenarios: theft, destruction, and disclosure. Five "big events" that have happened in security in the last 18 months will be examined.

The presentation will introduce the idea of "incident response as a continuous business process" as a countermeasure, and will discuss two key metrics for measuring the effectiveness of your IR operation.


  • Why do we need to focus on attackers, not vulnerabilities?
  • What are attackers actually doing and how does it differ from what the mainstream is saying?
  • What are the basics of implementing an attack-focused security plan?
The year gone by: highlights of the most interesting stories infosec of 2012, and a hypothesis on what the rest of 2013 holds in store for the industry

Patrick Gray
Risky Business

Phil Allen The Board Conversation: Why Identity & Access Governance is a business and not an IT decision:

Phil Allen
director, identity and access management, Dell EMEA

10h45 Tea break
Lessons learned when building and selling security software online - the Maltego story

Roelof Temmingh
managing director, Paterva

  1. Five slides and five years – the concise Maltego history
  2. What is Maltego? A quick demo of capabilities.
  3. Who uses Maltego and what does it tell us about our industry?
  4. Lessons learned – How to develop security software
  5. Lessons learned – Marketing and selling security software on the Internet


  1. What is Maltego and where did it come from?
  2. Who uses Maltego? Why and what for? What can we learn from this?
  3. What is a good strategy when developing and selling security software online?
Executive cyber risk responsibility: defence in depth, breadth and width for the enterprise

Doug DePeppe
JD, LL.M., director, Cyber-Risk Solutions,
The Soufan Group co-founder, Western Cyber Exchange

Cyber risk has become a "bet the business" problem. Many hacked businesses never recover. Others suffer substantial brand and reputation loss, and of course major impacts on the bottom line. With the pervasiveness and severity of attacks on the increase, with national governments unable to adequately protect businesses within its sovereign borders, it falls on leaders to take responsibility to protect their enterprise.

CIOs, CISOs, CSOs can all assist, but ultimately, building a resilient, sustainable cyber-ready organisation requires the leadership of the CEO. Moreover, failure to take ownership of this risk, indeed any failure to investigate risk, poses corporate liability exposure to leaders holding fiduciary responsibilities to others, such as to shareholders. 


  • What are the risk factors a leader should assess related to cyber security?
  • What duties do corporate leaders have in regard to conducting due diligence for cyber security?
  • What framework is available to build a cyber-resilient organisation?
12h35 Sponsor giveaways
13h05 Lunch
  Track 1 - Security and compliance
  The governance and management of information and technology has become a complex topic. Information security professionals work in an environment in which they have to address a range of threats while meeting regulatory and legal requirements. They also need to cater to the risks of rapid innovation in technology and an increasingly mobile workforce. This track will equip you to address evolving risk. This track will also address the subject of liberation tech. This will look at developing an understanding of how IT can be used to defend human rights, improve governance, empower the poor, promote economic development, and pursue a variety of other social goods that organisations need to be supporting.

Key questions this track will answer include:

  • How can my organisation meet compliance, audit, regulations and standards requirements?
  • How do I incorporate vulnerability and patch management into my GRC initiative?
  • How can I automate IT GRC within my organisation?
Privacy officers, regulators and reality: The global perspective

Daniella Kafouris
senior manager and lead data privacy/POPI compliance, Deloitte Risk Advisory

The topic will cover international case studies on privacy incidents worldwide. How companies reacted, what regulators did, and what are the lessons learnt from a South African perspective. This will provide insight as to what can be expected from a privacy or information protection regulator, as well as an understanding of the impact of South African privacy legislation.

Six points highlighting the key objectives the talk will meet:

  • Who is a privacy officer and what is he/she meant to be doing?
  • A comparison of data protection and privacy regulators across the globe.
  • An understanding of other jurisdictions that have privacy laws.
  • What is the reality that South African organisations will be facing with the Protection of Personal Information law?
  • What are the lessons learnt from a global perspective?
  • What should your strategy be?


  1. What is a privacy officer?
  2. What will the Information Protection Regulator do?
  3. What is the reality that South African organisations will face with the Protection of Personal Information law?

The benefits of Advanced Electronic Signatures

Heinz Kuhn
senior manager: Legal Services, Department of Co-operative Governance and Traditional Affairs

Maeson Maherry
solutions director, LAWtrust

15h30 Tea break

IT asset disposal – a view into a telco world

Kayode Adesemow
information assurance consultant, chartered engineer and project manager

While IT asset disposal is a necessary part of day-to-day operations, do organisations actually dispose of their IT assets properly? We take a look at an experience at a major telco to highlight the risks an organisation is exposed to. In the midst of strategic investments into complex best-of-breed GRC initiatives, a retrospective into the basic building could help ascertain effectiveness of an organisation’s control. In this brief discussion, we look at a telco’s oversight over its IT asset interface with its IT support function.

It is a well-known fact that intruders, like flowing water, will explore the weakest opening, much like a chain with the weakest link. As strong as an organisation’s information security and internal controls are, it takes just the non-effectiveness or non-existence of a control for a vulnerability to be exploited and a breach to occur.


  1. With POPI imminent, what should you be thinking about in terms of your IT asset disposal vis-à-vis information confidentiality and privacy?
  2. How to know if your IT asset disposal is creating a loophole for data breach indemnification, reputation damage, espionage, etc?
  3. How do you integrate IT asset disposal with IT service desk: which careful considerations should be taken?
An overview of the cyber security legal and regulatory landscape in SA – facts, promises and wishes

Prof Basie von Solms
research professor, Academy for Computer Science and Software Engineering: University of Johannesburg

This presentation will investigate some (a few important ones, but surely not all) of the components of the legal and regulatory landscape related to cyber security in SA. These components will be discussed in three categories:
  • Those components which exist and which should be complied with – facts.
  • Those which have been announced but are still outstanding – promises.
  • Those which do not yet exist, but according to the author, should exist – wishes.


  1. To what extent is government internally committed to IT governance (ITGov) and cyber (information) security governance (CyberInfSecGov)?
  2. What dictates how high in a company the 'cyber security buck' stops?
  3. What cyber security regulations could help SMEs and ordinary citizens to cyber protect themselves?
  Track 2 - New offensive techniques
  The world of infosec is very dynamic. Even seasoned security professionals are faced with the new challenges brought about by smart devices, social networks, virtualisation, cloud computing, malware and regulations. The new offensive techniques track reveals the latest attack methods that organisations need to be aware of. This track will inform you about new challenges, and ways in which to overcome these.

Key questions this track will answer include:

  • When embracing BYOD, what security issues should be a priority?
  • Which new security threats should be on my radar?
  • How can my organisation stay ahead of security threats?

head: security research, MWR InfoSecurity

Pin pads or payment terminals are widely used to accept payments from customers. These devices run payment applications on top of the device-specific firmware. It should come as no surprise to anyone that these applications and operating systems are just as vulnerable as any other systems when it comes to handling user input.

As the use of chip-and-pin continues to replace the fairly basic magnetic stripe cards, these devices are handling more and more complex information from untrusted sources; namely, the EMV protocol spoken by all major payment smart cards. On top of this, many of these terminals are connected through Ethernet, GPRS, WiFi or phone lines, which add to the overall attack surface.
This presentation will demonstrate how vulnerabilities in payment terminals allow attackers to compromise the terminals through malicious chip-and-pin cards.


  1. Are widely deployed payment terminals vulnerable to software weaknesses?
  2. Could these vulnerabilities be exploited on common pin pads?
  3. What is the impact of successful exploitation?
SHA256 Vulnerabilities exposed by Bitcoin

Dr Frans Lategan
security engineer with Amazon Web Services

SHA256 is currently the most secure, widely used cryptographic hash function available (at least until SHA3/Keccak becomes more widespread). It is also a key component of the Bitcoin crypto currency, and more than 7 * 10^20, or more than 700 exa-hashes, have been calculated on a basis which is essentially a differential crypto attack on SHA256.

We discuss the properties of an ideal cryptographic hashing algorithm, and how SHA256 deviates from the expected behaviour of an ideal hash based on the growing database of Bitcoin blocks, which are hashes with particular properties.
Although this does not translate into any practical attack on SHA256, these findings could result in new Bitcoin blocks being found faster than predicted, if this knowledge is being used effectively by an attacker, and is nevertheless a mathematical weakness in SHA256.


  1. How do you build a distinguisher to reliably distinguish between SHA256 and a true random hash?
  2. How are Bitcoin blocks 'found' and new Bitcoins mined?
  3. Why has Bitcoin had an impact on password security (specifically why more than ever passwords should not be re-used between sites)?
15h30 Tea break
Cryptanalysis of the Enigma

Ben Gatti
independent software hacker, and

Robert Weiss
founder, Password Crackers

In this talk, Bob Weiss and Benjamin Gatti will analyse Enigma, the World War II-era Nazi encryption machine.

The encryption theory behind Enigma is covered, including a detailed under-the-hood view of a typical device.
The presentation will be concluded with a demo – using a laptop in an effort to crack an Enigma message.


  1. How did the Enigma change the course of WWII, cryptography and computing?
  2. How did the plasticity of the Enigma's crypto facilitate the largest crypto project in history, and the invention of the first electronic programmable digital computer?
  3. How does the Enigma machine hold up to modern attacks and computers?
88MPH: Digital tricks to bypass physical security

Andrew MacPherson
operational manager, Paterva

Enhancements in digital security have come a phenomenally long way from the days of the 'Wild West' of the Web, where anyone with skill seemed to be able to take over any server. Today, servers are much more protected and systems are in place to track, log and alert administrators of even possible attempts.

With that being said, physical security has moved at almost a snail’s pace (at least with regard to implementation), with people still relying on locks, magnetic stripes and RFID. Additionally, it is also accepted that should someone have physical access to your server, they can easily compromise it either by making copies of data, installing malicious software, or taking the physical device with them.

This talk will look at some old and new hardware that make bypassing physical hardware much easier, including the following:

  1. Listening to two-way communications with $20 hardware (RTLSDR): What good are your security guards if anyone can 'hear' where they are without them knowing? I will demonstrate listening to two-way radios and other interesting signals with HDSDR/SDR#.
  2. Magnetic stripes are often used on access cards to unlock doors depending on access levels. I will demonstrate how magnetic stripes work, as well as how to replay, clone and spoof your own, from bank cards to door swipes.
  3. RFID tags: For companies that have 'upgraded' from magnetic stripe technology, a lot have moved to RFID badges to do the same job, yet they often suffer from the same symptoms as above. I will demonstrate copying tags as well as cloning to gain access, including passive RFID and something more complex such as the Mifare range of RFID cards.
The idea with this talk is to make people aware that while having the digital security firmly in place is very important, they should also consider the physical security they currently have.


  1. What should I be concerned about when it comes to the physical security of my organisation?
  2. What tools can people use to breach my physical security and what should I be on the lookout for?
  3. What are the implications of using RFID entry tags, simple car and gate remotes, and non-secured two-way radios?
  Track 3 - Incident response and forensic approaches
  As infosec professionals get more involved in incidents day to day, they need to know how to handle situations, and to be aware of what and how the forensics aspect works. It is essential to have an accurate idea of the risk your organisation faces. Learn how to create a plan for exactly what to do before, during, and after an incident. This track will inform you of the technical and administrative details of effective incident response planning, as well as which tools are available to you.

Key questions this track will answer include:

  • How can our security team prepare for and respond to any emergency incident?
  • How to do we assess the possible damage from an incident?
  • How do we preserve the integrity of the evidence?
Breaking, forensicating and anti-forensicating SAP Portal and J2EE Engine

Alexander Polyakov
chief technology officer, ERPScan

One of the most critical SAP applications in terms of cyber attacks is SAP Portal, which is based on J2EE engine, because it is usually available from the Internet and provides access and connections to other internal SAP and legacy systems.

In this talk, the security architecture of SAP Portal itself and custom applications like iViews will be reviewed, and I will demonstrate how SAP Portal can be attacked. But the main area of the talk will be focused on forensics and finding attack patterns in log traces and other places to understand if it is possible to completely reverse complex attack patterns. Finally, I will look at how attackers can try to hide their attacks and how it is possible to deal with it.
There have been a lot of talks covering attacks, but now we will move to the understanding of how to deal with them in the cyber crime era.


  1. How can hackers break your SAP Portal applications and access internal resources?
  2. How do users securely configure SAP Portal and J2EE Engine?
  3. How can companies analyse log reports and traces for identifying and preventing cyber attacks on SAP applications?
The role of big data and analytics in forensics and incident response

Yolandé Byrd
director, FACTS Consulting

This is the era of ‘big data’. The business landscape is being shaped by data as never before. This presentation will focus on how big data can be used in forensic investigations, fraud prevention, incident response, etc.


  1. Does data matter?
  2. Where can I apply data analytics?
  3. What does Effective Organisations do?
15h30 Tea break
Recovery from chaos: a practical look at a real-world example

Tony Olivier
managing director, Performanta Consulting & Mobile Security, and

Brendan Kotze
managing director, Performanta Services

The approach in this talk is to present a case study, based on an experience with a real-world customer which needed assistance.

This talk will engage the audience in a "how would you solve this?" format. It will reveal what actions the team took and will evaluate the success of the response. This particular case is that of a customer in which everything appeared to have gone wrong – and it tested the team’s abilities to resolve the issue.

17h25 Close of conference
17h45 -  20h30
Cyber Readiness Challenge brought to you by register here.
Operators monitor for attacks
17 Apr 2013 – Distributed denial of service strikes can cause major traffic headaches for cellphone companies.
Desperately seeking cyber security skills
17 Apr 2013 – Skills training in SA is on par with international standards, but the country does not have enough experts to prevent cyber attacks, says UJ’s Basie von Solms.
Spending needed to thwart attacks
11 Apr 2013 – Most security issues can be contained to some extent, if companies are prepared to invest.
SA fails on forensic readiness
4 Apr 2013 – Forensic readiness is crucial to successful investigations and prosecutions, yet few South African firms are prepared, says Cyanre.
Cyber security risk cannot be eliminated
25 March 2013 – In the past two years, there has been remarkable development and spread in organised hacking of corporates, says expert.
IT-based fraud on the increase
25 March 2013 – The ease with which fraudsters can acquire tools needed to commit fraud and the explosion in data are contributing to the growth, says Paladion.
BYOD - no turning back
20 March 2013 – For most organisations, it's too late to stop BYOD, but it's not too late to manage it, says a security expert.
Formulating an attack-focused security plan
26 Feb 2013 – To successfully formulate an attack-focused plan, start with an assessment to find live attackers on the network, says MANDIANT.
Info security needs new focus
12 Feb 2013 – Information security has to shift beyond perimeter protection to understanding the attacker, says De Beers.
SA progresses in cyber crime fight
8 Feb 2013 – Moves are afoot to get SA’s cyber crime policing up to speed with the rest of the world, says ISG.
Understanding "bad guys" key in cyber warfare
6 Jan 2013 – Offence-oriented defence has become key in the battle against cyber crime, according to a security expert.
For the latest headlines visit our Security Summit news portal
in partnership with

in partnership with

in partnership with
in partnership with
in partnership with
in partnership with             
in partnership with



About our speakers
About our sponsors
View the post-event video
View picture gallery
Cyber Readiness Challenge


in partnership with
Established in 2009, Performanta specializes only in the discipline of Information Security. The company provides technology, services and consulting solutions allowing them to give customers an end to end information security service. Their focus on pragmatic solutions is reflected in their motto: Practical Trust Performanta.

Symantec protects the world’s information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world.

Unified security management key to rapid response
24 Apr 2013 - Visibility of the entire ecosystem, and immediate access to necessary information, is key to effectively managing information security, says McAfee.
Consolidation: a new infosec imperative
17 Apr 2013 – Addressing multiple security areas with a variety of solutions can result in weak points and areas being overlooked, says McAfee.
Security certificates 'an infosec weak spot'
12 Apr 2013 – Malware with embedded digital security certificates can easily penetrate enterprise systems, says Venafi.
For the latest headlines visit our Security Summit news portal

Fees listed below exclude VAT 
Conference only 7 & 8 May
Standard delegate fee R 6,210.00
Conference (7 & 8 May) plus full day workshop - 9 May
Standard delegate fee R 7,590.00
Workshop only 9 May
Workshop 1: Governance of information security
Workshop 2: Digital forensics
Workshop 3: Information Security Incident Response - A Survival Workshop
Standard delegate fee R 2,720.00
Delegates who attended a previous ITWeb's Security Summit qualify for VIP status. Should you qualify please contact Maggie Pienaar on (011) 807-3294 for more details .
Group bookings:
4 for the price of 3
7 for the price of 5
12 for the price of 8
To register a group please contact Maggie Pienaar
on 011 807 3294 or email . Please note that in order to qualify for group discounts all delegates must be registered at the same time. Group bookings do not apply to workshops.

Follow us on twitter and tweet about your thoughts around this event, #itwebsec

Do you want to join other leading security vendors and firmly position your company, brand, products and services to a high-level business decision maker audience at southern Africa’s only business focused information security event?
Don’t miss out on the opportunity to capitalise on the valuable marketing opportunities ITWeb’s annual Security Summit offers and 
click here to learn about available sponsorship options or contact Debbie Visser, for a customised proposal designed to meet your objectives and budget.

Sensepost is an independent company that provides services in the Information Security Services area. Combining experience and knowledge, SensePost specialises in Information Security Consulting, Training, Security Assessment Services and IT Vulnerability Management.


Tweet about the ITWeb Security Summit