Conference Day One: Tuesday, 27 November 2018
8:30 am - 9:00 am Conference Registration and Arrival Coffee
9:00 am - 9:10 am Opening Remarks by IQPC Australia and the Conference Chair
9:10 am - 9:50 am INTERNATIONAL KEYNOTE CASE STUDY: Botnets, Automated and Distributed Threats – Strengthening your Government Security Posture through a Multifaceted Objective and Action Oriented Approach
Automated and distributed threats are increasing globally; their aim is to crush network resources by sending enormous quantities of spam and subsequently disseminating malware. Prevalent ransomware attacks are distributed through botnets that ultimately hold systems and data hostage for currency; and false advertising campaigns that influence and intimidate communities through social media are increasing and often impacting political and business agendas. In this session, Sherry Rumbolt, will guide you through a proactive approach to addressing each of these scenarios through partnership, innovation, education, and stronger leadership.
- Overview of problem scope including trends with Internet of Things (IoT).
- Areas of challenge; how to assess/understand constraints and build manageable priorities.
- Identify meaningful objectives to overcome threats and developing an obtainable plan.
9:50 am - 10:20 am Thought Leadership Session
10:20 am - 10:50 am Speed Networking
10:50 am - 11:20 am MORNING TEA & NETWORKING BREAK
11:20 am - 12:00 pm PANEL DISCUSSION: Senior Leaders Deliberate and Strategise Against Present and Future Cyber Security Challenges
Industry experts discuss their unique vulnerabilities and challenges in the cyber space including the pressing issues of sophisticated cyber threats and digital landscape transformations. Concentrating on recent experiences in their organisations this panel will share their critical security decisions and actions taken to increase both internal and external cyber defences.
- The insider threats and the need to effectively mitigate them with internal skills and awareness training.
- Proactively addressing the shortage of skilled cyber security professionals, and non-technical employees lacking awareness of cyber security practices.
- Identifying and prioritising the most pressing security concerns and establishing solutions in an ever-expanding cyber security market.
12:00 pm - 12:40 pm CASE STUDY: A Practical Cyber Security Strategy for the Australian Parliament
This session will cover a practical 5 stage model that had been implemented by the Australian Federal parliament and can be adopted to build cyber resiliency in any organisation.
- Current threat environment faced by the Australian Parliament will be highlighted.
- Stepping through an adaptable model adopted by the parliament to deliver prediction, protection, detection, response and measurement capabilities in it cyber practices.
- Real examples will be provided on the implementation of the model as well as advice and guidance for other organisations that may wish to adopt a similar journey
12:40 pm - 1:40 pm NETWORKING LUNCHBREAK
1:40 pm - 2:20 pm CASE STUDY: ICARE Cyber Security Strategies to Reduce Risks Through an Integrated and Collaborative Approach Across the Organisation
Progression in tech innovations and the movement towards digital data storage provides Governments with many benefits, but it also creates increased security risks - connectedness invites accelerated threats. ICARE responded to this progression by improving threat prevention internally, Darren Argyle presents the solutions practiced:
- Regular practice and training for information sharing and establishing a quick response to threats.
- Key control assessments and implementations (focus on 15 -20/100 controls e.g. two factor authentication).
- Coordinating collaboration with the private sector resourcefully and proficiently
2:20 pm - 3:00 pm PANEL DISCUSSION: Examining the Cloud as a Divergent Digital Landscape Instigating New Security Risks for Data
Government departments and agencies are trending towards aggregation critical systems. Unlike on premise data storage, the cloud produces a superior capacity, greater savings, convenience and increased data access flexibility. However, cloud services have created a systematic economic risk which requires reliance on vendors as a second party supply chain; reducing data control. Subsequently, a new environment requires new methods of defence.
- Exploring vendor inspection frameworks to ensure a trustworthy and secure cloud solution.
- Defining cyber security risk management and insurance as cloud service providers are not accountable for breaches.
- Exploring cloud innovation and encouraging staff to have a positive attitude and active training participation towards the cloud.
3:00 pm - 3:30 pm AFTERNOON TEA AND NETWORKING BREAK
3:30 pm - 4:10 pm CASE STUDY: Developing a Threat Model for Organisations through a Gamified Approach to Thwart Phishing Attacks:
A recently published threat report from Australian Cyber Security Centre has revealed that phishing is still one of the dangerous cyber-crimes to both individuals and organisations. Automated antiphishing tools have been developed and used to alert users of potentially fraudulent emails and websites. However, these tools are not entirely reliable in detecting phishing attacks, missing over 20 per cent of phishing websites because of the sensitive trust decisions made by humans during their online activities. It is not possible to completely avoid the end-user, one mitigating approach for cyber security is to educate and train the end-user in security prevention. Therefore, the aim of this research proposal focuses on designing and developing a serious game to educate individuals about online identity theft (phishing emails and URLs from legitimate ones).
- Defining the proposed game which encourages users to enhance their avoidance behaviour through motivation to protect themselves from phishing attacks.
- Analysing records of how users employed their strategies to differentiate phishing attacks from legitimate ones through the game and then develop a threat model understanding of how cybercriminals leverage their attacks within the organisation through the human exploitation.
- The future use of the developed threat model an be used to develop countermeasures i.e. both technical and non-technical) and educational interventions to the organisation.
Champagne Roundtable
You will hear peer-to-peer led case studies and best practice; you will also receive focused thought leadership insights as well a being provided with drinks to encourage conversation…
TABLE ONE
4:10 pm - 5:10 pm Unifying Strategy Strengths Across DepartmentsSecurity operations are independent to departments and agencies which inhibits a strengthened and connected cyber front. This roundtable will focus on:
- Aligning incentives more cooperatively across departments for more effective cyber security management.
- Assessing how to maximise the recently implemented and innovative Australian Cyber Security Centres.
TABLE TWO
4:10 pm - 5:10 pm Creating a Well-Rounded Business Case for EfficiencySenior executives who are rarely involved with cyber security often find the space technical and complex. Without support, the success of implementing a cyber security solution or strategy can be difficult. This roundtable will focus on:
- How to prioritise cyber security issues and accentuate necessity when risks require immediate attention.
- Creating an influencing business case where cyber security and cyber security culture may not be the departmental priority.