Super Early Bird Fee

Register and Pay
by 31 Aug '17

Early Bird Fee

Register and Pay
by 29 Sep '17

Regular Fee

Register and Pay
after 29 Sep '17

$1,495.00(USD) $1,645.00(USD) $1,795.00(USD)

Group Discount! Enjoy 10% off when you register for 3 or more
or
For groups of 3, 4th comes for free

IMPORTANT NOTES
  1. Super Early Bird and Early Bird promotion: Discount will only be valid if payment is received by stipulated date.
  2. Group Discount only applies to registrations from the same company registering at the same time, issued in a single invoice and of the same billing source.
  3. Only corporate registrations will be accepted.
  4. Registered members of IIA-Hong Kong can enjoy 10% off event fees. (Please quote partner code & membership number.)
  5. Bank charges & taxes are to be borne by registrants, if applicable.
  6. Full payment is mandatory upon registration for admission to the event.
  7. Walk-in delegates will only be admitted on the basis of space availability at the event and with immediate full payment.
  8. Fee includes lunch, refreshments and documentation.
  9. The organiser reserves the right to make any amendments that it deems to be in the interests of the event without any notice.
  10. Any information provided by registrants will be used for the primary purpose of event administration and upcoming events updates. For more information, please visit: http://www.conferences.com.sg/privacy-statement/

CANCELLATION & REPLACEMENT:

A replacement is welcome if you are unable to attend. A full refund less 10% administrative charge will be issued for cancellation received in writing by 29 Sep 2017. A 50% refund and a set of documentation will be issued for cancellation received by 13 Oct 2017. Regrettably, no refund will be issued for cancellation received after 13 Oct 2017 or for “no show” participant. You will however receive a set of documentation.

Can you Detect Serious Cybersecurity Lapses and Control Issues?

WannaCry, NotPetya – With recent ransomware attacks crippling computers worldwide at an unprecedented rate, it is now crucial for companies to take a holistic approach in anticipating vulnerabilities, reviewing security measures, and identifying opportunities to strengthen enterprise-wide security. How can businesses keep up with deadly threats such as DDoS, APT to assess the effectiveness of cyber security controls, policies, procedures and detect key risk areas?

Examine Latest Attack Methods, Mitigation Measures to Secure Critical Assets

Join this 2-day workshop to acquire skills in cyber risk prevention, incident response and cybersecurity audit to enhance cyber resilience. By examining actual cases, learn key threats (Dark Net, Deep Web), emerging dilemmas (big data, AI, SMART GRID) and their implications on businesses. Practise hands-on learning in launching network attacks, malwares, application vulnerabilities to gain an in-depth understanding of how attacks work to strengthen your cyber defence. Gain best practice sharing on penetration testing techniques, cyber incident analysis, cyber risk management framework and risk-based cyber audit methodology to improve enterprise security.


Unique Features

    • Practical, real life examples and sample checklists on critical areas of concern in cyber security assurance
    • Hands-on exercises including how to exploit vulnerabilities and defend against them
    • Demos, videos, quizzes to reinforce participants’ understanding of key cybersecurity principles

Programme Highlights

Cyber Threat Landscape

Cyber Underground, cloud, mobility: Key trends, implications

Latest Attack Methodologies

Malwares, SQL injection, social engineering

Penetration Testing Best Practices

Fingerprinting, user harvesting, access control

Cyber Incident Analysis and Response

Containment, eradication, recovery

Pragmatic Cyber Risk Framework

Risk scenarios, application, mitigation measures

Cyber Risk Prevention, Detection, Response

How to assess cyber risk and reduce impact of attacks?

Effective Cybersecurity Audit Approach

12 key elements to build the cyber audit framework

Benefits of Attending

  • Examine current and emerging trends in analytics, critical infrastructure, key threats, actors and motivations
  • Adopt risk-based cyber audit best practices – Planning, fieldwork execution, reporting, ongoing activities
  • Understand the attack lifecycle and methodologies in network, application and cryptography attacks
  • Learn common application vulnerabilities – Cross-site scripting (XSS), cross-site request forgery (CSRF)
  • Gain insights on how to apply different frameworks of attack tools – Kali Linux, Metasploit and more
  • Discover latest attack methodologies and how they work – Ransomware, trojans, viruses, rootkit
  • Assess how penetration testing can be used as a tool to improve enterprise security and when to use it
  • Find out how to analyse and respond to cyber incidents – Incident preparation and detection best practices
  • Pick up tips on how to plan and implement “Secure by Design” and how to secure risk-sensitive assets
  • Draw insights on the controls to be put in place to mitigate known and emerging cyber threats
  • Apply cyber intelligence to establish threat awareness, detect patterns, identify and manage risks
  • Hear how to clean up after a cyber attack – Business continuity and disaster recovery planning
  • Gather tips on how to prepare, plan, exercise, simulate, wargame in building and maintaining a response plan
 

Workshop Leader

Manish Chawda

Partner,

Pragma Singapore

CBS2-Pragma

 

Manish has over 22 years of experience at multi-national companies, and extensive experience developing innovative technical solutions to address complex business issues.

 

Presently Head of the Cyber Security Risk practice in Grant Thornton, Manish is responsible for advising clients on strategic and tactical solutions for technology regulation, information security, cyber security, governance, risk, and compliance. Manish also assists government agencies and international law enforcement agencies on cyber security matters. Before joining Grant Thornton, Manish was with PricewaterhouseCoopers, where he led the Technology Risk practice.

 

Previously he established the Payment Card Industry (PCI) Centre of Excellence (COE) in EMEA in 2012. The PCI COE supports and advises clients on PCI compliance challenges and achieved the PCI Qualified Security Assessor (QSA) company status. Manish also helped develop the Association of Banks in Singapore (“ABS”) Guidelines on Control Objectives & Procedures for Outsourced Service Providers.

 

Recently Manish has embarked on projects to help his clients develop pragmatic cyber security strategies with the knowledge gained from working with Interpol and other government agencies. He has trained with US ex-blackhat hackers to get a greater understanding of the hacker’s mind-set.

What Past Delegates Have Said

Wowed by depth of coverage

Hope he has more time to elaborate – excellent presentation and interesting topic!

Very well-prepared presentation. Impressive, good sharing

Who Should Attend

Senior level executives in charge-of cyber and data security risk management including Audit, IT Audit, IT and Information Security

 

Agenda

  • Session 1: Introduction to Cybersecurity & Key Principles

    • Cybersecurity objectives and roles
    • Information security vs. cybersecurity
    • Confidentiality, integrity and availability
    • Authentication and non-repudiation
  • Session 2: Cyber Threat Landscape – Latest Trends, Implications

    • The latest threat landscape
      – Key threats, threat actors and motivations
      – Cyber Underground – The Dark Net and Deep Web
    • Key trends, current and emerging dilemmas
      – Cloud and mobility
      – Big data and analytics
      – Artificial intelligence
      – Critical infrastructure and SMART GRID
  • Session 3: Attack Methodologies

    • Attack lifecycle – Learning the steps of launching a cyber attack
    • Understanding attack methodologies of:
      – Network attacks – Man in the Middle, Ping of Death, DDoS
      – Application attacks
      – Wireless attacks
      – Cryptography attacks
      – Phishing
      – Social engineering
    • Malicious software
      – Trojans
      – Viruses
      – Ransomware
      – Rootkit
    • Application vulnerabilities
      – SQL injection
      – Cross-site scripting (XSS)
      – Cross-site request forgery (CSRF)
    • Learning about different frameworks of attack tools – Kali Linux, Metasploit and more
  • Session 4: Penetration Testing (PT)

    • How PT can be used as a tool to improve enterprise security
    • What to expect from PT and best practices in using it
      – PT recap
      – PT strategies
      – PT categories
      – When to use PT?
      – Reports and findings
    • Fingerprinting
    • User harvesting
    • Access control
    • Privilege elevation
  • Session 5: Cyber Incident Analysis and Response

    • Incident preparation
    • Incident detection and analysis
    • Containment, eradication and recovery
  • Session 6: Pragmatic Cyber Risk Framework

    • How real life companies manage cyber risks – Risk scenarios, application, mitigation measures
    • Cyber risk prevention
      – Planning and implementing “Secure by Design”
      – Securing risk-sensitive assets – Controls to mitigate known and emerging threats
      – How to assess and manage cyber risk and compliance?
      – Key security considerations – Design, requirements, strategy
    • Cyber risk detection
      – Identifying crown jewels and third party relationships
      – Establishing threat awareness and ability to detect patterns
      – Applying cyber intelligence to identify and manage risks
      – How to proactively assess cyber risk?
    • Cyber risk response
      – Prepare, plan, exercise, simulate, wargame
      – Building and maintaining a response plan
      – How to react quickly to cyber attacks and reduce the impact?
      – Cleaning up, business continuity and disaster recovery planning
  • Session 7: Effective Cybersecurity Audit Approach

    • Risk-based audit methodology best practices
      – Planning
      – Fieldwork execution
      – Reporting
      – Ongoing activities
    • Examine 12 key business and foundation elements to build your audit framework
      – Key elements and how to use the elements
      – Questions and latest tools
      – Findings and reporting