Conference Day Two: Wednesday, 28 November 2018
8:30 am - 9:00 am Conference Registration and Arrival Coffee
9:00 am - 9:10 am Opening Remarks by IQPC Australia and the Conference Chair
9:10 am - 9:50 am OPENING KEYNOTE CASE STUDY: The Importance of Managing Cyber Incidents in the Public Sector
The 2017 Threat Report by the Australian Cyber Security Centre (ACSC) has highlighted a 15% increase in identified cyber security incidents. Cyber attacks with malicious intent are difficult to completely elude and have been an increasingly frequent threat and burden to the public sector. In this session Jacinta Thomson discusses the key management and response approaches to a variety of common digital breach scenarios.
- Creating awareness about threats with efficient mass-communication: Adhering to the Data Breach Notification Legislation.
- How departments should be trained to react internally to a breach and capably implementing strategies quickly to prevent data loss.
- Reflecting and analysing incidents to implement improvements for future strategies.
Jacinta Thomson
Director Security Management and AssuranceDepartment of Justice and Regulation VIC
9:50 am - 10:30 am CASE STUDY: Investigating Security Operations where Classified or Sensitive Information is Involved.
How does an agency ensure adequate security operations while not adding to its risk exposure in other areas? AUSTRAC has been exploring this field and has settled on a solution which ensures a high degree of security for our information while also implementing a high quality information security operations capability.
- The challenges of maintaining an adequate cyber security monitoring baseline, especially in a small organisation
- How restrictions on accessing classified data and systems effect choice of Security Operations Centre implementation
- Different shades of out-sourcing a SOC capability
- How do third party services or hosting impact your SOC decision?
- Security Operations solutions
10:30 am - 11:00 am MORNING TEA & NETWORKING BREAK
11:00 am - 11:40 am CASE STUDY: Developing Cyber Security Skills and Mentoring the Next Generation of Cyber Security Talent
This presentation will focus on addressing the challenges of attracting, retaining, and developing cyber talent within a constrained market. This includes tailoring career paths to resources, developing mentoring structures, optimising training structures, and creating a work place culture to retain cyber resources.
- Strategies used to build and retain Cyber talent
- Developing diversity within cyber security
- Establishing necessary attributes of successful teams and staff members
11:40 am - 12:20 pm PANEL DISCUSSION: Achieving Compatibility in a Multi-Vendor Environment by Effectively Integrating Cyber Security Solutions
Government departments and agencies manage a variety of solution providers at a time. Initiating a security overhaul can therefore induce issues with patching and integrating legacy with new technology systems.
- Identifying static security system measures and consolidating the network architecture.
- Automating cyber security management to defend against automated cyber threats, and eliminate inadequate patching.
- Creating a specialised threat analysis and protection plans with multiple vendors
12:20 pm - 1:20 pm NETWORKING LUNCHBREAK
1:20 pm - 2:00 pm CASE STUDY: Cyber Security and Governance: Questions Boards and Committees Should Ask About Cyber Security
Charlotte will provide an overview of the Office of the NSW Government Chief Information Security Officer (GCISO), which aims to provide ‘A cyber safe NSW: connected, protected and trusted.’ The Office of the GCISO takes an integrated approach to preventing and responding to cyber security threats across NSW safeguarding our information, assets, services and citizens. As the NSW Government leads the way on streamlined digital service delivery, we must also increase cyber resilience and invest to protect against cyber threats. Charlotte discusses that need for clarity of communication in regards to cyber security and the importance of asking questions to gain an understanding of cyber security risk. This will include:
- Creating greater transparency and engagement on cyber security risk.
- Assisting boards to ensure there is understanding and consistency with what needs to be asked of the cyber security team to mitigate risks.
- Identifying gaps in creating a cyber security governance framework to create a comprehensive risk management approach.
2:00 pm - 2:40 pm CASE STUDY: Exploring the Cyber Security Systems in Place to Protect Patient Information on My Health Record
Australia has been ranked second in the world for delivery of online services in this year’s UN E-Government Survey, just behind global leader Denmark. The online service ‘My Health Record’ provides a secure online summary of an individual’s health information which can be viewed securely online by doctors, hospitals, and other healthcare providers – even interstate. The Australian Digital Health Agency confirms that “it is secured with a comprehensive set of people, process, and technology controls to protect health records from a cyber-attack. The system has robust security controls to ensure the information is stored and accessed by only trusted connected health systems”.
- Creating and maintaining a system that meets the highest cyber security standards.
- Supporting the Health Sector cyber security journey
2:40 pm - 3:00 pm Solutions Clinic
3:00 pm - 3:30 pm AFTERNOON TEA & NETWORKING BREAK
3:30 pm - 4:10 pm Creating a Clear Security Overview using the Maturity Assessment Model and Looking at Medical Device Cyber Security as a Collaborative Approach
In a joint presentation Simon Cowley and Andrew Oldaker discuss their work at the Royal Melbourne Hospital where they are advancing towards stronger cyber defence capabilities. Compromised critical infrastructure - such as medical devices - can impact the capacity of an organisation to perform its primary business functions – such as treating and caring for patients. Healthcare organisations have a wealth of sensitive data, highly sought after by criminal elements, which leads them to be a favourable target. Collaboration, a whole-of-business strategy, and effective controls are essential to mitigate the cyber security risk of medical devices.
- The Maturity Assessment Model
- The structure of the model established analysing 72 mandatory controls.
- Benefits of labelling each hospital will a level of cyber security maturity and how it will attract pertinent questions on cyber capacity.
- Security for Medical Devices
- Explore the risks and challenges with industrial controls and critical infrastructure.
- An overview of the common vulnerabilities for medical devices that if exploited, could result in a cyber incident.
4:10 pm - 4:50 pm CASE STUDY: Identifying Cyber Security as a Business Strategy to both Simplify and Strengthen Digital Data Protection
The challenges of cyber security are huge and increasingly complex. Cyber security requires a new mindset. We will be looking at cyber security as a capability that is holistically integrated and enables business by instilling a culture of cyber security throughout an enterprise.
- How to create a simpler view: Establishing a universal structure and approach to cyber security resulting in effective implementation across the department.
- The step by step process of integrating the cyber security business strategy across the NSW Fire Brigade.
- Adapting and improving the strategy to defend evolving circumstances: Prevention instead of reaction.