27 - 28 November, 2018 | Sydney, Australia

Conference Day One: Tuesday, 27 November 2018

8:30 am - 9:00 am Conference Registration and Arrival Coffee

9:00 am - 9:10 am Opening Remarks by IQPC Australia and the Conference Chair

Asaf Ahmad - CISO, NSW Fire Brigade
img

Asaf Ahmad

CISO
NSW Fire Brigade

9:10 am - 9:50 am INTERNATIONAL KEYNOTE CASE STUDY: Botnets, Automated and Distributed Threats – Strengthening your Government Security Posture through a Multifaceted Objective and Action Oriented Approach

Sherry Rumbolt - Senior IM/IT Security Officer, Department National Defence, Canada
Automated and distributed threats are increasing globally; their aim is to crush network resources by sending enormous quantities of spam and subsequently disseminating malware. Prevalent ransomware attacks are distributed through botnets that ultimately hold systems and data hostage for currency; and false advertising campaigns that influence and intimidate communities through social media are increasing and often impacting political and business agendas. In this session, Sherry Rumbolt, will guide you through a proactive approach to addressing each of these scenarios through partnership, innovation, education, and stronger leadership.

  • Overview of problem scope including trends with Internet of Things (IoT).
  • Areas of challenge; how to assess/understand constraints and build manageable priorities.
  • Identify meaningful objectives to overcome threats and developing an obtainable plan.
img

Sherry Rumbolt

Senior IM/IT Security Officer
Department National Defence, Canada

9:50 am - 10:20 am Thought Leadership Session

10:20 am - 10:50 am Speed Networking

10:50 am - 11:20 am MORNING TEA & NETWORKING BREAK

Industry experts discuss their unique vulnerabilities and challenges in the cyber space including the pressing issues of sophisticated cyber threats and digital landscape transformations. Concentrating on recent experiences in their organisations this panel will share their critical security decisions and actions taken to increase both internal and external cyber defences.

  • The insider threats and the need to effectively mitigate them with internal skills and awareness training.
  • Proactively addressing the shortage of skilled cyber security professionals, and non-technical employees lacking awareness of cyber security practices.
  • Identifying and prioritising the most pressing security concerns and establishing solutions in an ever-expanding cyber security market.
img

Darren Argyle

CISO
ICARE

img

Toby McMahon

DCISO
Australian Taxation Office

img

Marco Figuroa

CISO
Department Finance, Services & Innovation NSW

img

Asaf Ahmad

CISO
NSW Fire Brigade

img

Vishwanath Nair

Head Information Security and Risk
Western Sydney Local Health District

12:00 pm - 12:40 pm CASE STUDY: A Practical Cyber Security Strategy for the Australian Parliament

Ian McKenzie - CTO, Department of Parliamentary Services
This session will cover a practical 5 stage model that had been implemented by the Australian Federal parliament and can be adopted to build cyber resiliency in any organisation.

  • Current threat environment faced by the Australian Parliament will be highlighted.
  • Stepping through an adaptable model adopted by the parliament to deliver prediction, protection, detection, response and measurement capabilities in it cyber practices.
  • Real examples will be provided on the implementation of the model as well as advice and guidance for other organisations that may wish to adopt a similar journey
img

Ian McKenzie

CTO
Department of Parliamentary Services

12:40 pm - 1:40 pm NETWORKING LUNCHBREAK

1:40 pm - 2:20 pm CASE STUDY: ICARE Cyber Security Strategies to Reduce Risks Through an Integrated and Collaborative Approach Across the Organisation

Darren Argyle - CISO, ICARE
Progression in tech innovations and the movement towards digital data storage provides Governments with many benefits, but it also creates increased security risks - connectedness invites accelerated threats. ICARE responded to this progression by improving threat prevention internally, Darren Argyle presents the solutions practiced:

  • Regular practice and training for information sharing and establishing a quick response to threats.
  • Key control assessments and implementations (focus on 15 -20/100 controls e.g. two factor authentication).
  • Coordinating collaboration with the private sector resourcefully and proficiently
img

Darren Argyle

CISO
ICARE

2:20 pm - 3:00 pm PANEL DISCUSSION: Examining the Cloud as a Divergent Digital Landscape Instigating New Security Risks for Data

Nalin Arachchilage - Lecturer in Cyber Security, UNSW
Charlotte Wood - Director Cyber Security Dept. Finance, Services and Innovation NSW
Bob Smart - IT Security Lead, SA Water
Government departments and agencies are trending towards aggregation critical systems. Unlike on premise data storage, the cloud produces a superior capacity, greater savings, convenience and increased data access flexibility. However, cloud services have created a systematic economic risk which requires reliance on vendors as a second party supply chain; reducing data control. Subsequently, a new environment requires new methods of defence.

  • Exploring vendor inspection frameworks to ensure a trustworthy and secure cloud solution.
  • Defining cyber security risk management and insurance as cloud service providers are not accountable for breaches.
  • Exploring cloud innovation and encouraging staff to have a positive attitude and active training participation towards the cloud.
img

Nalin Arachchilage

Lecturer in Cyber Security
UNSW

img

Charlotte Wood

Director Cyber Security Dept. Finance
Services and Innovation NSW

img

Bob Smart

IT Security Lead
SA Water

3:00 pm - 3:30 pm AFTERNOON TEA AND NETWORKING BREAK

3:30 pm - 4:10 pm CASE STUDY: Developing a Threat Model for Organisations through a Gamified Approach to Thwart Phishing Attacks:

Nalin Arachchilage - Lecturer in Cyber Security, UNSW
A recently published threat report from Australian Cyber Security Centre has revealed that phishing is still one of the dangerous cyber-crimes to both individuals and organisations. Automated antiphishing tools have been developed and used to alert users of potentially fraudulent emails and websites. However, these tools are not entirely reliable in detecting phishing attacks, missing over 20 per cent of phishing websites because of the sensitive trust decisions made by humans during their online activities. It is not possible to completely avoid the end-user, one mitigating approach for cyber security is to educate and train the end-user in security prevention. Therefore, the aim of this research proposal focuses on designing and developing a serious game to educate individuals about online identity theft (phishing emails and URLs from legitimate ones).

  • Defining the proposed game which encourages users to enhance their avoidance behaviour through motivation to protect themselves from phishing attacks.
  • Analysing records of how users employed their strategies to differentiate phishing attacks from legitimate ones through the game and then develop a threat model understanding of how cybercriminals leverage their attacks within the organisation through the human exploitation.
  • The future use of the developed threat model an be used to develop countermeasures i.e. both technical and non-technical) and educational interventions to the organisation.
img

Nalin Arachchilage

Lecturer in Cyber Security
UNSW

Champagne Roundtable

You will hear peer-to-peer led case studies and best practice; you will also receive focused thought leadership insights as well a being provided with drinks to encourage conversation…

TABLE ONE

4:10 pm - 5:10 pm Unifying Strategy Strengths Across Departments
Charlotte Wood - Director Cyber Security Dept. Finance, Services and Innovation NSW
Security operations are independent to departments and agencies which inhibits a strengthened and connected cyber front. This roundtable will focus on:

  • Aligning incentives more cooperatively across departments for more effective cyber security management.
  • Assessing how to maximise the recently implemented and innovative Australian Cyber Security Centres.
img

Charlotte Wood

Director Cyber Security Dept. Finance
Services and Innovation NSW

TABLE TWO

4:10 pm - 5:10 pm Creating a Well-Rounded Business Case for Efficiency
Ian McKenzie - CTO, Department of Parliamentary Services
Senior executives who are rarely involved with cyber security often find the space technical and complex. Without support, the success of implementing a cyber security solution or strategy can be difficult. This roundtable will focus on:

  • How to prioritise cyber security issues and accentuate necessity when risks require immediate attention.
  • Creating an influencing business case where cyber security and cyber security culture may not be the departmental priority.
img

Ian McKenzie

CTO
Department of Parliamentary Services

5:10 pm - 5:10 pm End of Day One & Networking Drinks