27 - 28 November, 2018 | Sydney, Australia

Conference Day One: Tuesday, 27 November 2018

8:30 am - 9:00 am Conference Registration and Arrival Coffee

9:00 am - 9:10 am Opening Remarks by IQPC Australia and the Conference Chair

Asaf Ahmad, CISO at NSW Fire Brigade

Asaf Ahmad

CISO
NSW Fire Brigade

9:10 am - 9:50 am INTERNATIONAL KEYNOTE CASE STUDY: Botnets, Automated and Distributed Threats – Strengthening your Government Security Posture through a Multifaceted Objective and Action Oriented Approach

Automated and distributed threats are increasing globally; their aim is to crush network resources by sending enormous quantities of spam and subsequently disseminating malware. Prevalent ransomware attacks are distributed through botnets that ultimately hold systems and data hostage for currency; and false advertising campaigns that influence and intimidate communities through social media are increasing and often impacting political and business agendas. In this session, Sherry Rumbolt, will guide you through a proactive approach to addressing each of these scenarios through partnership, innovation, education, and stronger leadership.

  • Overview of problem scope including trends with Internet of Things (IoT).
  • Areas of challenge; how to assess/understand constraints and build manageable priorities.
  • Identify meaningful objectives to overcome threats and developing an obtainable plan.
Sherry Rumbolt, Senior IM/IT Security Officer at Department National Defence, Canada

Sherry Rumbolt

Senior IM/IT Security Officer
Department National Defence, Canada

9:50 am - 10:20 am Thought Leadership Session

10:20 am - 10:50 am Speed Networking

10:50 am - 11:20 am MORNING TEA & NETWORKING BREAK

Industry experts discuss their unique vulnerabilities and challenges in the cyber space including the pressing issues of sophisticated cyber threats and digital landscape transformations. Concentrating on recent experiences in their organisations this panel will share their critical security decisions and actions taken to increase both internal and external cyber defences.

  • The insider threats and the need to effectively mitigate them with internal skills and awareness training.
  • Proactively addressing the shortage of skilled cyber security professionals, and non-technical employees lacking awareness of cyber security practices.
  • Identifying and prioritising the most pressing security concerns and establishing solutions in an ever-expanding cyber security market.
Darren Argyle, CISO at ICARE

Darren Argyle

CISO
ICARE

Toby McMahon, DCISO at Australian Taxation Office

Toby McMahon

DCISO
Australian Taxation Office

Marco Figuroa, CISO at Department Finance, Services & Innovation NSW

Marco Figuroa

CISO
Department Finance, Services & Innovation NSW

Asaf Ahmad, CISO at NSW Fire Brigade

Asaf Ahmad

CISO
NSW Fire Brigade

Vishwanath Nair, Head Information Security and Risk at Western Sydney Local Health District

Vishwanath Nair

Head Information Security and Risk
Western Sydney Local Health District

12:00 pm - 12:40 pm CASE STUDY: A Practical Cyber Security Strategy for the Australian Parliament

This session will cover a practical 5 stage model that had been implemented by the Australian Federal parliament and can be adopted to build cyber resiliency in any organisation.

  • Current threat environment faced by the Australian Parliament will be highlighted.
  • Stepping through an adaptable model adopted by the parliament to deliver prediction, protection, detection, response and measurement capabilities in it cyber practices.
  • Real examples will be provided on the implementation of the model as well as advice and guidance for other organisations that may wish to adopt a similar journey
Ian McKenzie, CTO at Department of Parliamentary Services

Ian McKenzie

CTO
Department of Parliamentary Services

12:40 pm - 1:40 pm NETWORKING LUNCHBREAK

1:40 pm - 2:20 pm CASE STUDY: ICARE Cyber Security Strategies to Reduce Risks Through an Integrated and Collaborative Approach Across the Organisation

Progression in tech innovations and the movement towards digital data storage provides Governments with many benefits, but it also creates increased security risks - connectedness invites accelerated threats. ICARE responded to this progression by improving threat prevention internally, Darren Argyle presents the solutions practiced:

  • Regular practice and training for information sharing and establishing a quick response to threats.
  • Key control assessments and implementations (focus on 15 -20/100 controls e.g. two factor authentication).
  • Coordinating collaboration with the private sector resourcefully and proficiently
Darren Argyle, CISO at ICARE

Darren Argyle

CISO
ICARE

2:20 pm - 3:00 pm PANEL DISCUSSION: Examining the Cloud as a Divergent Digital Landscape Instigating New Security Risks for Data

Government departments and agencies are trending towards aggregation critical systems. Unlike on premise data storage, the cloud produces a superior capacity, greater savings, convenience and increased data access flexibility. However, cloud services have created a systematic economic risk which requires reliance on vendors as a second party supply chain; reducing data control. Subsequently, a new environment requires new methods of defence.

  • Exploring vendor inspection frameworks to ensure a trustworthy and secure cloud solution.
  • Defining cyber security risk management and insurance as cloud service providers are not accountable for breaches.
  • Exploring cloud innovation and encouraging staff to have a positive attitude and active training participation towards the cloud.
Nalin Arachchilage, Lecturer in Cyber Security at UNSW

Nalin Arachchilage

Lecturer in Cyber Security
UNSW

Charlotte Wood, Director Cyber Security Dept. Finance at Services and Innovation NSW

Charlotte Wood

Director Cyber Security Dept. Finance
Services and Innovation NSW

Bob Smart, IT Security Lead at SA Water

Bob Smart

IT Security Lead
SA Water

3:00 pm - 3:30 pm AFTERNOON TEA AND NETWORKING BREAK

3:30 pm - 4:10 pm CASE STUDY: Developing a Threat Model for Organisations through a Gamified Approach to Thwart Phishing Attacks:

A recently published threat report from Australian Cyber Security Centre has revealed that phishing is still one of the dangerous cyber-crimes to both individuals and organisations. Automated antiphishing tools have been developed and used to alert users of potentially fraudulent emails and websites. However, these tools are not entirely reliable in detecting phishing attacks, missing over 20 per cent of phishing websites because of the sensitive trust decisions made by humans during their online activities. It is not possible to completely avoid the end-user, one mitigating approach for cyber security is to educate and train the end-user in security prevention. Therefore, the aim of this research proposal focuses on designing and developing a serious game to educate individuals about online identity theft (phishing emails and URLs from legitimate ones).

  • Defining the proposed game which encourages users to enhance their avoidance behaviour through motivation to protect themselves from phishing attacks.
  • Analysing records of how users employed their strategies to differentiate phishing attacks from legitimate ones through the game and then develop a threat model understanding of how cybercriminals leverage their attacks within the organisation through the human exploitation.
  • The future use of the developed threat model an be used to develop countermeasures i.e. both technical and non-technical) and educational interventions to the organisation.
Nalin Arachchilage, Lecturer in Cyber Security at UNSW

Nalin Arachchilage

Lecturer in Cyber Security
UNSW

Champagne Roundtable

You will hear peer-to-peer led case studies and best practice; you will also receive focused thought leadership insights as well a being provided with drinks to encourage conversation…

TABLE ONE

4:10 pm - 5:10 pm Unifying Strategy Strengths Across Departments
Security operations are independent to departments and agencies which inhibits a strengthened and connected cyber front. This roundtable will focus on:

  • Aligning incentives more cooperatively across departments for more effective cyber security management.
  • Assessing how to maximise the recently implemented and innovative Australian Cyber Security Centres.
Charlotte Wood, Director Cyber Security Dept. Finance at Services and Innovation NSW

Charlotte Wood

Director Cyber Security Dept. Finance
Services and Innovation NSW

TABLE TWO

4:10 pm - 5:10 pm Creating a Well-Rounded Business Case for Efficiency
Senior executives who are rarely involved with cyber security often find the space technical and complex. Without support, the success of implementing a cyber security solution or strategy can be difficult. This roundtable will focus on:

  • How to prioritise cyber security issues and accentuate necessity when risks require immediate attention.
  • Creating an influencing business case where cyber security and cyber security culture may not be the departmental priority.
Ian McKenzie, CTO at Department of Parliamentary Services

Ian McKenzie

CTO
Department of Parliamentary Services

5:10 pm - 5:10 pm End of Day One & Networking Drinks