Wowed by depth of coverage
Can you Detect Serious Cybersecurity Lapses and Control Issues?
WannaCry, NotPetya – With recent ransomware attacks crippling computers worldwide at an unprecedented rate, it is now crucial for companies to take a holistic approach in anticipating vulnerabilities, reviewing security measures, and identifying opportunities to strengthen enterprise-wide security. How can businesses keep up with deadly threats such as DDoS, APT to assess the effectiveness of cyber security controls, policies, procedures and detect key risk areas?
Examine Latest Attack Methods, Mitigation Measures to Secure Critical Assets
Join this 2-day workshop to acquire skills in cyber risk prevention, incident response and cybersecurity audit to enhance cyber resilience. By examining actual cases, learn key threats (Dark Net, Deep Web), emerging dilemmas (big data, AI, SMART GRID) and their implications on businesses. Practise hands-on learning in launching network attacks, malwares, application vulnerabilities to gain an in-depth understanding of how attacks work to strengthen your cyber defence. Gain best practice sharing on penetration testing techniques, cyber incident analysis, cyber risk management framework and risk-based cyber audit methodology to improve enterprise security.
- Practical, real life examples and sample checklists on critical areas of concern in cyber security assurance
- Hands-on exercises including how to exploit vulnerabilities and defend against them
- Demos, videos, quizzes to reinforce participants’ understanding of key cybersecurity principles
Cyber Underground, cloud, mobility: Key trends, implications
Malwares, SQL injection, social engineering
Fingerprinting, user harvesting, access control
Containment, eradication, recovery
Risk scenarios, application, mitigation measures
How to assess cyber risk and reduce impact of attacks?
12 key elements to build the cyber audit framework
Benefits of Attending
- Examine current and emerging trends in analytics, critical infrastructure, key threats, actors and motivations
- Adopt risk-based cyber audit best practices – Planning, fieldwork execution, reporting, ongoing activities
- Understand the attack lifecycle and methodologies in network, application and cryptography attacks
- Learn common application vulnerabilities – Cross-site scripting (XSS), cross-site request forgery (CSRF)
- Gain insights on how to apply different frameworks of attack tools – Kali Linux, Metasploit and more
- Discover latest attack methodologies and how they work – Ransomware, trojans, viruses, rootkit
- Assess how penetration testing can be used as a tool to improve enterprise security and when to use it
- Find out how to analyse and respond to cyber incidents – Incident preparation and detection best practices
- Pick up tips on how to plan and implement “Secure by Design” and how to secure risk-sensitive assets
- Draw insights on the controls to be put in place to mitigate known and emerging cyber threats
- Apply cyber intelligence to establish threat awareness, detect patterns, identify and manage risks
- Hear how to clean up after a cyber attack – Business continuity and disaster recovery planning
- Gather tips on how to prepare, plan, exercise, simulate, wargame in building and maintaining a response plan
Manish has over 22 years of experience at multi-national companies, and extensive experience developing innovative technical solutions to address complex business issues.
Presently Head of the Cyber Security Risk practice in Grant Thornton, Manish is responsible for advising clients on strategic and tactical solutions for technology regulation, information security, cyber security, governance, risk, and compliance. Manish also assists government agencies and international law enforcement agencies on cyber security matters. Before joining Grant Thornton, Manish was with PricewaterhouseCoopers, where he led the Technology Risk practice.
Previously he established the Payment Card Industry (PCI) Centre of Excellence (COE) in EMEA in 2012. The PCI COE supports and advises clients on PCI compliance challenges and achieved the PCI Qualified Security Assessor (QSA) company status. Manish also helped develop the Association of Banks in Singapore (“ABS”) Guidelines on Control Objectives & Procedures for Outsourced Service Providers.
Recently Manish has embarked on projects to help his clients develop pragmatic cyber security strategies with the knowledge gained from working with Interpol and other government agencies. He has trained with US ex-blackhat hackers to get a greater understanding of the hacker’s mind-set.
What Past Delegates Have Said
Hope he has more time to elaborate – excellent presentation and interesting topic!
Very well-prepared presentation. Impressive, good sharing
Who Should Attend
Senior level executives in charge-of cyber and data security risk management including Audit, IT Audit, IT and Information Security
Session 1: Introduction to Cybersecurity & Key Principles
- Cybersecurity objectives and roles
- Information security vs. cybersecurity
- Confidentiality, integrity and availability
- Authentication and non-repudiation
Session 2: Cyber Threat Landscape – Latest Trends, Implications
- The latest threat landscape
– Key threats, threat actors and motivations
– Cyber Underground – The Dark Net and Deep Web
- Key trends, current and emerging dilemmas
– Cloud and mobility
– Big data and analytics
– Artificial intelligence
– Critical infrastructure and SMART GRID
- The latest threat landscape
Session 3: Attack Methodologies
- Attack lifecycle – Learning the steps of launching a cyber attack
- Understanding attack methodologies of:
– Network attacks – Man in the Middle, Ping of Death, DDoS
– Application attacks
– Wireless attacks
– Cryptography attacks
– Social engineering
- Malicious software
- Application vulnerabilities
– SQL injection
– Cross-site scripting (XSS)
– Cross-site request forgery (CSRF)
- Learning about different frameworks of attack tools – Kali Linux, Metasploit and more
Session 4: Penetration Testing (PT)
- How PT can be used as a tool to improve enterprise security
- What to expect from PT and best practices in using it
– PT recap
– PT strategies
– PT categories
– When to use PT?
– Reports and findings
- User harvesting
- Access control
- Privilege elevation
Session 5: Cyber Incident Analysis and Response
- Incident preparation
- Incident detection and analysis
- Containment, eradication and recovery
Session 6: Pragmatic Cyber Risk Framework
- How real life companies manage cyber risks – Risk scenarios, application, mitigation measures
- Cyber risk prevention
– Planning and implementing “Secure by Design”
– Securing risk-sensitive assets – Controls to mitigate known and emerging threats
– How to assess and manage cyber risk and compliance?
– Key security considerations – Design, requirements, strategy
- Cyber risk detection
– Identifying crown jewels and third party relationships
– Establishing threat awareness and ability to detect patterns
– Applying cyber intelligence to identify and manage risks
– How to proactively assess cyber risk?
- Cyber risk response
– Prepare, plan, exercise, simulate, wargame
– Building and maintaining a response plan
– How to react quickly to cyber attacks and reduce the impact?
– Cleaning up, business continuity and disaster recovery planning
Session 7: Effective Cybersecurity Audit Approach
- Risk-based audit methodology best practices
– Fieldwork execution
– Ongoing activities
- Examine 12 key business and foundation elements to build your audit framework
– Key elements and how to use the elements
– Questions and latest tools
– Findings and reporting
- Risk-based audit methodology best practices