When it comes to cyber security, human-centric design can be used to create controls and processes that are more effective and easier to use for employees which in turn, increases education and awareness. Human-centric design involves understanding the behavior of the users who will be interacting with the controls and processes. By studying how employees interact with technology and identifying pain points and challenges, organizations can design more effective controls and processes that are easier to use and more likely to be followed.
For this session we are joined by Saleshni Sharma, Director, Regional Information Security Officer at Berkley Insurance. According to Saleshni, information security is closely related to risk appetite. The main role of any information security professional is to communicate risks effectively, whether it be business related, technology or personnel. โIf we do this successfully 80% of the difficult part of our job is doneโ. Saleshni enjoys working in a high-performance and highly collaborative environment and with that in mind, our session will discuss:
Many organizations have invested in security tools such as MFA, EDRs, MDMs, VPNs and more to mitigate phishing attacks. But security tools are used by real people, so they need to be supported with simple processes and great usability for maximum security efficacy.
Duoโs APAC cybersecurity leader, Emir Trhulj, will interview Adrian Foo, CIO at Hynds. The two will discuss Hyndโs journey towards zero trust, including challenges, considerations and solutions discovered along the way. In order to make progress towards zero trust security, itโs critical to get everyone on board. In this session, we will share best practices implemented to enable secure access for a remote workforce, providing the best experience for productivity without compromising on security.
This session will discuss:
In an increasingly interconnected world, where digital technologies permeate every aspect of our lives, cyber threats have become pervasive. By raising awareness about these threats, individuals can better understand the risks and adopt proactive measures to protect themselves and their sensitive information. Cyber awareness helps combat the social engineering tactics used by cybercriminals, as it enables people to recognize and avoid common scams and phishing attempts. Assessing the behavioural impact of cyber awareness initiatives allows organizations and policymakers to measure the effectiveness of their efforts and identify areas for improvement. Understanding how people's behaviours and attitudes towards cybersecurity change over time enables the development of targeted interventions and educational programs. Ultimately, by raising cyber awareness and assessing behavioural impact, we can empower individuals, strengthen cybersecurity defences, and create a safer digital environment for everyone.
For this session we will be joined by Dr Khan, Senior Lecturer, RMIT, who is an educator, researcher and consultant who undertakes research in the area of information systems and internet technologies. Dr Khan undertakes research projects that involve advanced data analytics and is currently working on AI and machine learning to address sustainability related problems, at micro, meso and macro scales. Our session will have a holistic approach to addressing:
In today's interconnected digital landscape, organizations are increasingly reliant on third-party vendors and technology solutions. While this brings many benefits, it also introduces significant security challenges. During our panel discussion, we aim to explore strategies and best practices for addressing security gaps and effectively managing the associated risks. The discussion will revolve around three key talking points:
As organizations increasingly adopt cloud-based and mobile technologies, it is becoming more difficult for IT departments to keep track of all of the technology that is in use within the organization. This can create security gaps, as unauthorized or insecure technologies may be used to access sensitive data.
To mitigate this risk, organizations should implement a process for vetting all new technologies before they are put into use. This process should include an assessment of the technology's security features and a review of the vendor's security practices. Additional talking points include:
2. Identifying potential risks with third-party vendors:
Third-party vendors can pose a significant risk to an organization's security. Vendors may have access to sensitive data, such as customer PII, and they may not have the same level of security expertise as the organization itself.
To mitigate this risk, organizations should carefully vet all third-party vendors before engaging them. This process should include an assessment of the vendor's security posture, including their minimum security standards, incident response plans, and security auditing requirements. Additional talking points include:
3. Implementing controls to manage data exposure and risk:
Once an organization has identified and mitigated the risks associated with third-party vendors, it is important to implement controls to limit the exposure of sensitive data. These controls may include data encryption, access controls, and monitoring systems. By implementing these controls, organizations can help to protect their sensitive data from unauthorized access, use, or disclosure. Additional talking points include: