How to Negotiate a Proper SLA

Panel Discussion

Security and privacy are twins when it comes to providing tools to secure the users' data. However, they are un-identical twins; they are different. Security relates to the protection of data from threats, such as hackers, while privacy encompasses how personal data is collected, managed, stored and shared. Enterprises today are realizing the importance of both, since business impact will be immense if these issues are ignored.

MODERATOR : Tze Meng TAN (Head of Data Cloud Department, Digital Infrastructure and Services Division, MDEC)
PANELISTS:
- Madhav CHABLANI (Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting)
- Riwzi WUN (Partner, RHTLaw Asia)
- Sarbojit M BOSE (Education Director, CSA Singapore Chapter & CCSK Instructor)

How privacy & security professionals can cooperate to achieve better compliance with laws & standards, reduce risks & costs to their organization

The pandemic has caused drastic changes in the way in which most entities operate. In this new ecosystem, cloud services have become the primary source of computing and processing capabilities. Increased use of cloud services requires increased workforce to manage and operate these systems, and ensure that compliance requirements are met and best practices maintained. Cloud services encompass numerous privacy and security issues. At a time when privacy and security professionals are scarce, organization may help increase efficiency and do more with less if they can encourage privacy and security professionals to cooperate in their tasks.
In this session we will discuss some of the new privacy and security issues that cloud users and providers may be facing, and how cooperation between privacy and security professionals might help increase efficiency.

The presentation will look at obligations and desired responses arising from data breaches.

Securing Authorization and Architecture Off-Premise

With accelerated cloud adoption particularly during the COVID-19 pandemic, cloud has become a life-line to numerous organizations for sustaining their operations working from home, but yet it also raises the concern of embroiling into a cyber pandemic of malware outbreak, data breaches and disrupted operations. This presentation hopes to help the audience to navigate the realities of on-premise to cloud migration and address key security concerns relating to new vectors of attack that off-premise operations invite.

Blockchains are here to stay, and they’re being attacked. Why? Because that’s where the money is, literally (have you seen the price of Ethereum lately?). Combine this with Turing complete smart-contracts (often with security flaws) and it becomes obvious why attackers are so interested. The good news is that we’ve done this before, and we can not only learn from the past but we know what the gaps are this time around and we can close them faster. In this session, I’ll cover the real attacks we’re seeing today, and the attacks we can expect to see tomorrow. We’ll also talk about how to prevent them, and what the future (might) bring with respect to Blockchain security.

Panel Discussion

Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? Is a hybrid cloud one or two clouds? How does a CSC manage two different clouds under different ownership? And ensure their different security compliance? What are the challenges in using hybrid clouds?

MODERATOR : Onn Chee WONG (CTO, Resolvo Systems Pte Ltd)
PANELISTS:
- Ian LOE (CTO, NE Digital)
- Narudom ROONSIRIWONG (SVP & Head of IT Security ​Kiatnakin Phatra Bank & Co-chair, Hybrid Cloud Security WG, CSA)
- Feng ZOU (Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA)

Understanding the trends, security concerns and state of Industrial Control Systems (ICS) cloud helps pave the way. ICS with access to the cloud via web-enabled services are where IT and OT (Operational Technology) converge resulting in an integrated process and information flow that brings with it a more complex architecture. As ICS advances from communicating with networks within the enterprise to interacting externally via IoT platforms and the cloud, the efficiency, effectiveness and scalability, improve. These advances create additional complexity and a larger attack surface which in turn has increased the opportunity for cyberattacks.

Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper. However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This presentation will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices.

As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.This presentation will provide the overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases.

Cloud security is on everyone’s mind, from CEOs and CISOs to admins and endusers. As a result, cloud security spend has increased exponentially in recent years, yet companies still struggle to effectively and efficiently secure their cloud environments. To solve this problem, companies must radically rethink the concept of cloud security by pivoting from the traditional security paradigm to embracing the cloud. They must leverage and practice good architecture to build environments where security is part of the very fabric of the solution.


Join Jorn Lutters, Sophos Sr. Security Architect Lead, Public Cloud, for a deep dive into cloud security architecture best practices and how automation and integration can help you optimize the effectiveness of your cloud security spend.

Attendees of this presentation will gain insight into:
- What is driving change and how will it play out?
- What are the implications for security, compliance, and audits?
- What is the right level of automation to increase efficiency but not incur additional risk?
- Why will automation augment and not replace IS audit, control, and security professionals?
- How are compliance automation tools being adopted today?

The risks and importance of your third parties vary drastically. To build an efficient third-party risk management (TPRM) program, its critical to prioritize which vendors and suppliers present the most risk, as well as which ones are essential to your operations.​ Insight into your third parties’ inherent risks can change the way you run your TPRM program, helping to increase security and performance. By understanding where to prioritize your time, you can onboard key vendors faster, spend the right amount time performing due diligence, and invest the most resources assessing and monitoring the third parties that matter most.​

In this webinar, you’ll learn how inherent risks can help you: ​
– Determine the type, depth, and level of validation for vendor assessments​
– Tier your third parties by criticality​
– Build workflows across teams and involve the right stakeholders at the right time​
– Streamline and scale your TPRM program

Organizations today are operating in a “risk-volatile” business landscape. Technology adoption is accelerating and so is reliance on third parties. COVID-19 disrupted operating models of organizations like no other; the shift to mass remote work exacerbated security, data privacy and compliance risks. Risk failures can be quite expensive, ranging from compliance penalties to operational disruption to the loss of key stakeholder support.

Organizations that don’t take a rigorous approach to IT risk management will struggle to maintain their desired risk profile and miss critical issues -- even as they spend more money and time on cybersecurity and security assurance. In this webinar, we’ll discuss why a shift to a more disciplined risk management approach is necessary, and how to make that shift from a practical standpoint.

Key topics covered include:
- Characteristics of today’s IT risk landscape and why taking a risk-first approach is more important than ever before
- Compliance Operations methodology -- a new methodology to manage IT risks in a consistent, disciplined approach
- How to take an incremental approach to standardize and automate key security assurance tasks

The biggest takeaway from the SolarWinds attacks shouldn’t be that it may have employed over
1000 hackers, or that its full implications won’t be known for many months - it is that this
targeted compromise of Microsoft Office 365 is relevant to so many organizations.

What the SolarWinds campaign proved is that any organization exposed to an Office 365
account compromise could experience the same lateral escalation that resulted in this
devastating incident - driven by trust relationships existing across connected clouds.

How do security leaders and operational practitioners respond to this troubling event?

Join us for an informational “how-to” best practices webinar to discuss tactics for securing Office
365 and connected cloud applications from attacks. We’ll outline key topics including:
-Adapting Office 365 access controls based on user, data and device context
-Logging cross-cloud incidents to investigate problematic events
-Using analytics to Identify lateral threats across Office 365 and other clouds
-Amplifying native Office 365 data controls with DLP, E-DRM and encryption
We’ll also touch on elements of the MITRE ATT@CK Cloud Matrix that can be used to help
frame defenses in depth.

Register today!