Building Cyber Security and Protecting Industrial Control Systems in Asia Pacific
7-8 September 2022 l Online l Going Live: 9AM SGT
Agenda Day 1: 7 September 2022
9:00 am - 9:45 am
SGT
CISO PANEL DISCUSSION: How Do You Ensure Good Compliance Against Government Reforms?
Simon Lee-Steere -
Deputy Chief Security Officer,
nbn Australia
Daryl Pereira - Director, Office of the CISO, Google Cloud APAC
Alexander Wilson - Head of Security and Risk Services, AGL Energy
Considering the passage of the SLACIP Act, entities which own or operate critical infrastructure assets should begin considering whether their existing organisational processes will be sufficient to comply with their impending obligations, or whether new measures will need to be put into effect in order to bring themselves into conformity with the minimum requirements contemplated by the Act and the accompanying draft Risk Management Program Rules. This panel discussion will address:
- What does good practice and effective compliance look like?
- What necessary steps are you taking to enhance your resilience and security maturity road map?
- What’s the minimum viability to show demonstrated compliance with an all-hazards risk approach?
- How are you ensuring your critical infrastructure assets comply with the standards?
- How is the role of the CSO and CISO developing to enhance the convergence of security to encompass all hazards?
10:00 am - 10:45 am
SGT
Securing Critical Infrastructure with XDR
CK Chim -
Field CSO (APJ),
Cybereason
While critical infrastructure defense has always been a high-priority objective, there’s still some disconnect in the world of critical infrastructure security around preparedness. According to a report covered by PRNewswire, a majority (84%) of critical infrastructure organizations indicated they had suffered at least one security breach involving their Operational Technology (OT) between 2018 and 2021; yet, 56% of respondents to the same study said they were “highly confident” that they wouldn’t experience an OT breach in 2022.
In his session, CK Chim will share how hackers get easy access to critical infrastructure organizations and how we can defend against attacks by removing complexity and leveraging artificial intelligence and machine learning to correlate the vast amount of telemetry.
Sponsored by: Cybereason
11:00 am - 11:45 am
SGT
Zero Trust, Identity, Least Privilege
Scott Hesford -
Director of Solutions Engineering, APJ,
BeyondTrust
Zero Trust security models eliminate persistent trust and enforce continuous authentication, least privilege and adaptive access control. In doing so, a zero-trust strategy reduces the threat surface and minimizes threat windows.
Organizations who adopt zero trust can look to get off the hamster wheel of compliance-as-a-strategy, needing to continually meet new compliance mandates as they impact the business. Instead, zero trust allows IT security leaders to build a business-enabling strategy that can then be mapped against whatever mandates come down the pipe. At the core of zero trust is identity. It has an important role to play in least privilege with the need to manage the access and privileges of identities, both human and machine, is key.
Whether it is a corporate user on a work-issued laptop or an employee of a third-party maintenance company, providing the right amount of access for just the right length of time to both IT and OT systems is critical for the security of critical infrastructure.
Join us for a discussion of cyber security leaders and practitioners as they discuss how zero trust has strengthened their cyber defences while enabling their business.
Sponsored by: Beyond Trust
12:00 pm - 12:45 pm
SGT
FIRESIDE CHAT: The Significance of Securing Medical Devices for Enhanced Patient Safety
Simon Cowley -
Principal Cybersecurity Officer,
Victorian Department of Health
- What implications does this have on the supply chain and patient safety?
- What does the cyber security assurance framework look like when it comes to securing medical devices?
- What steps are you taking to build a robust framework for resilience and create an uplift in security controls?
- Can we unpack incidences and examples of how attacks have caused vulnerability and exposure to wider attacks?
- What steps are you taking to engage with stakeholders to drive collaboration within the Health sector?
- Why are you looking to take an increased risk-based approach going forward and what strategies are you looking to implement for the year ahead?
