Platinum Sponsors :
Gold Sponsors :
General Sponsors :
Organizers :
Website: www.issummit.org Enquiry: (852) 2788 5884
INFORMATION SECURITY SUMMIT
2015Information Anywhere Anytime –
Mobile, Analytics, Cloud, IoTs – Security Friends or Foes
Online Registration https://www.issummit.org
Summit Date : 15 - 16 September 2015 (Tuesday - Wednesday)Venue : Hong Kong Convention and Exhibition CentreWorkshops : 17 September - 13 October 2015Venue : 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon
2015
INFORMATION SECURITY SUMMIT 2015
MAIN CONFERENCE 15 September 2015 (Tuesday)
Hong Kong Convention and Exhibition Centre, 1 Expo Drive, Wanchai, Hong Kong
SUMMIT TIMETABLE (DAY 1)
Remarks- (E) : English (C/E) : Cantonese with English terminology - The Organizers reserve the right to modify the programme schedule without prior notice.
08:30 – 09:00 REGISTRATION
09:00 - 09:45
Welcome Speech (E)Mrs. Agnes Mak, MH, JP
Executive Director Hong Kong Productivity Council
Opening Address (E)Ir. Allen Yeung
Government Chief Information Officer OGCIO, The Government of the HKSAR
09:45 - 10:25
Keynote 1 INTERPOL's role and effort in Combating Cybercrime (E)
Dr. Madan Mohan Oberoi Director, Cyber Innovation & Outreach
INTERPOL
10:25 - 10:55 Break
10:55 - 11:35
Keynote 2How Cyber Intelligence can improve your Security Resilience (E)
Mr. Harry Pun Heads of Core BUs and Alliance
Dimension Data
Track 1 Track 2
11:35 - 12:05
1.1Security Issues: Application Security and the
Internet of Things (E)Mr. Wesley Simpson
Chief Operating Officer International Information System Security
Certification Consortium, Inc., (ISC)²®
2.1Security Delivery Platform (E)
Ms. Johnnie Konstantas Director, Security Solutions
Gigamon Inc.
12:05 - 12:35
1.2Networked Home Appliances (IoT) and
Vulnerabilities (E)Mr. Hikohiro Y. Lin
Head of Panasonic PSIRTPanasonic
2.2BYOM: Bring Your Own Malware (E)
Mr. Matthew Wong Yun-lam Consulting Systems Engineer for
Hong Kong and Macau FireEye Inc.
12:35 - 13:50 Lunch Break*
13:50 - 14:30
Keynote 3Best Practices for Scoping Infections & Disrupting Breaches (E)
Mr. Paul Pang Chief Security Strategist, APAC
Splunk Inc.
14:30 - 15:00
1.3Fighting Adaptive Attacks Requires Adaptive
Defense with Response Automation (E)Mr. Leow Jun Wei
Regional Solutions Consultant Guidance Software Inc.
2.3Any device, Anywhere, All-round Protection (C/E)
Mr. Siupan ChanSales Engineering Manager, Greater China
Sophos Hong Kong Company Limited
15:00 - 15:30
1.4Detect and Defend Your Network from
Targeted Attacks in Real Time (E)Mr. Tony Lee
ConsultantTrend Micro Limited
2.4IoT Security: Understanding the Challenges
while Mitigating the Risk (E)Mr. Leslie SinSystems Engineer
Cisco Systems HK Limited
15:30 - 16:00 Break
16:00 - 16:30
1.5So you want a
Threat Intelligence capability? (E)Mr. Gavin Reid
Vice President of Threat IntelligenceLancope, Inc.
2.5Combating APT and Crypto Ransomware
with minimal extra investment (C/E)Mr. Eric Kwok General Manager Lapcom Limited
16:30 - 17:10
Keynote 4Securing your Mobile Applications, a Holistic Approach (E)
Mr. Joseph Au-Yeung, VP, Cloud & Cyber-security, PCCW Solutions Limited Mr. Saket Modi, CEO, Lucideus
17:10 - 18:00
Panel DiscussionFriends: How can Organizations achieve Effective Information Security? (E)
Mr. Frank YamModerator
* Lunch will not be provided.
INFORMATION SECURITY SUMMIT 2015
MAIN CONFERENCE 16 September 2015 (Wednesday) Hong Kong Convention and Exhibition Centre, 1 Expo Drive, Wanchai, Hong Kong
SUMMIT TIMETABLE (DAY 2)
Remarks- (E) : English (C/E) : Cantonese with English terminology (P/E) : Putonghua with English terminology - The Organizers reserve the right to modify the programme schedule without prior notice.
08:30 – 09:00 REGISTRATION
09:00 - 09:40
Keynote 1Cybersecurity as a Business Discipline (E)
Mr. Ramsés Gallego Security Strategist & Evangelist
Dell Software
09:40 - 10:20
Keynote 2Better Security through Micro Segmentation and security services in overlay networking (E)
Mr. Tim Hartman Senior Manager, Network & Security Systems Engineering,
Asia Pacific and Japan – Networking and Security Business Unit VMware, Inc
10:20 - 10:50 Break
10:50 - 11:30
Keynote 3Fighting Malware Through Big-Data & Public/Private Partnership – Microsoft Cybercrime Center (E)
Mr. Keshav Singh Dhakad Regional Director - Digital Crimes Unit Asia
Microsoft Operations Pte Limited
11:30 – 12:10
Keynote 4Cyber Security & Threat Intelligence Defense – Preparing For The Changing Landscape (E)
Mr. Jack Chan Security Strategist
Fortinet International Inc.
Track 1 Track 2
12:10 - 12:40
1.1Techniques for Protecting Business-Critical
Information in Public, Private and Hybrid Cloud Environments (E)
Mr. George ChewArea Vice President, APAC/JAPAN
Vormetric, Inc.
2.1Cloud user's guide to Cloud Security Assurance
and Compliance (E)Mr. Ronald Tse
Founder Ribose
12: 40 - 14:00 Lunch Break*
14:00 - 14:30
1.2Managing the Unmanageable (C/E)
Mr. Chris Chau Lead Sales Engineer
Citrix Systems HK Limited
2.2Recent Threat: Our Incident Handling and
Case Study (E) Mr. Zhao Wei
CEO Beijing Knownsec Information Technology Limited
14:30 – 15:00
1.3Cyber Range in One Box (P/E)
Mr. Smith Sun Senior Business Development Manager, China
Ixia Technologies International Limited
2.3Privacy and Cybersecurity: Legal and
Regulatory Developments (E)Mr. Michael Jackson
Associate Professor, Faculty of Law The University of Hong Kong
15:00 – 15:30
1.4The importance of
Encrypted Traffic Management (E)Mr. David Leung
Senior Solution Engineer Blue Coat Hong Kong
2.4Are your Mobile Apps well protected? (E)
Dr. Daniel LuoResearch Assistant Professor
The Hong Kong Polytechnic University
15:30 – 16:00 Break
16:00 – 16:30
1.5Taking The Fight To Advanced Threats with
Symantec (E) Mr. Avinash Lotke
Business Development Director, Threat Protection Business Symantec Asia Pacific & Japan
2.5Rethinking Passive DNS (E)
Mr. Brandon Dixon, Lead Developer and Co-founder, PassiveTotal
Mr. Steve Ginty, Co-Founder, PassiveTotal
16:30 – 17:10 Keynote 5
TBC
17:10 – 18:00
Panel DiscussionFoes: Horror Stories of Attacks against Organizations (E)
Mr. Paul Jackson Moderator
* Lunch will not be provided.
09:45 – 10:25
10:55 – 11:35
11:35 – 12:05
12:05 – 12:35
13:50 – 14:30
INFORMATION SECURITY SUMMIT 2015
SPEAKERS (Day 1)15 September 2015 (Tuesday)
Hong Kong Convention and Exhibition Centre, 1 Expo Drive, Wanchai, Hong Kong
KeynoteINTERPOL’s role and effort in Combating Cybercrime (E)
Dr. Madan Mohan Oberoi Director, Cyber Innovation & Outreach, INTERPOL
Dr. Oberoi will provide an overview of the new INTERPOL Global Complex for Innovation (IGCI) in Singapore and how IGCI will be leading global efforts to provide operational support, capacity building and harmonization of international legal structures in the fight against cybercrime.
KeynoteHow Cyber Intelligence can improve your Security Resilience (E)
Mr. Harry Pun Heads of Core BUs and Alliance, Dimension Data
Cyber Security has made its way from server room to boardroom and even the Oval office. This underlines the fact that we are facing a huge challenge that is only getting more apparent as we move more to the IoT, Enterprise Mobility, BYOD, virtualisation, cloud and social media. New doors into organisation and more devices create a bigger surface of attack and cause data breaches that become regular headline news. Keeping your organisation secure requires a proactive approach to security. Traditional security controls are no longer enough to keep your business secure, and must evolve to a risk aware and intelligent platform that not only protects but can quickly detect and respond to potential threats.
Security Issues: Application Security and the Internet of Things (E)
Mr. Wesley Simpson Chief Operating Officer, International Information System Security Certification Consortium, Inc., (ISC)²®
With the IoT, we must ask ourselves where traditional security begins and logical security ends. With the generational shift in the use of technology such as vast use of mobile and wearables devices, as attackers and adversaries become more sophisticated in their efforts, we are increasingly seeing exploits that involve both traditional and logical attack vectors. Fewer and fewer people understand how all of this works. How do they work together – what are the devices doing, collecting, and transmitting what to whom. In a sentence, technology is being adopted faster than our ability to secure it.In this presentation, Wesley will be delineating the idea of application security at the source and how we can deploy the 5 Star Automotive Safety Program and how we can begin securing our environment starting with our own selves.
Networked Home Appliances (IoT) and Vulnerabilities (E)
Mr. Hikohiro Y. Lin Head of Panasonic PSIRT, Panasonic
We will talk about changes in the feature of Networked Home Appliances (IoT) and risk of connecting them to the Internet. We will also explain the trends in Vulnerability Analysis for Networked Home Appliances and Security functions that is required for CE products in the IoT era.
KeynoteBest Practices for Scoping Infections & Disrupting Breaches (E)Mr. Paul Pang Chief Security Strategist, APAC, Splunk Inc. To successfully prevent infections from becoming a data breach, security analysts need the ability to continuously collect, analyze, correlate and investigate a diverse set of data. This session will discuss the specific data sources and capabilities required to determine the scope of an infection before it turns into a breach. This session will go over:• The capabilities required to distinguish an infection from a breach• The specific analysis steps to understand the scope of an attack• The data sources required to gain deep and broad visibility• What to look for from network and endpoint data sources
Security Delivery Platform (E)
Ms. Johnnie Konstantas Director, Security Solutions, Gigamon Inc.
Today’s security architectures are being reconfigured for detection and protection. This means focus and investment is shifting away from the perimeter and toward methods for finding compromise in the network and eliminating the threat. To do this organizations require pervasive network visibility more than ever before. This is the purpose of a security delivery platform and during this session we will examine its basic architecture and functions. Attendees will understand how the SDP can help raise security in their environments.
BYOM: Bring Your Own Malware (E)Mr. Matthew Wong Yun-lam Consulting Systems Engineer for Hong Kong and Macau, FireEye Inc.In today’s world of ubiquitous end-user computing, mobile device usage and BYOD continue to expand within the enterprise and has catapulted mobile security to the top of the priority list. BYOD security concerns like loss of company or client data and unauthorized access to confidential information are more important than ever. Meanwhile, cyber threats are now becoming more sophisticated and these attacks have extended to mobile devices to infiltrate into the organization’s network. This has created new challenges for security professionals tasked with balancing business enablement and risk. What measures should enterprises take to mitigate these risks? Find out how you can protect your organisations from advanced threats through mobile devices. In this session, Matthew will share about:• Evolving threats on mobile devices, in applications and in the network• Security measures to detect attacks and prevent threats and respond to incidents in minutes• Best practices for how organizations can adapt to these new mobile security threats
15 September 2015 (Tuesday) Hong Kong Convention and Exhibition Centre, 1 Expo Drive, Wanchai, Hong Kong
14:30 – 15:00
15:00 – 15:30
16:00 – 16:30
16:30 – 17:10
17:10 – 18:00
INFORMATION SECURITY SUMMIT 2015
SPEAKERS (Day 1)Fighting Adaptive Attacks Requires Adaptive Defense with Response Automation (E)
Mr. Leow Jun Wei Regional Solutions Consultant, Guidance Software Inc.
Attackers are always looking for new vulnerabilities to exploit technologies with large-scale adoption or use/create/modify malware that changes just enough to avoid known detection methods. The same malware or vulnerability is rarely used after public discovery. The defenses widely in use today are limited to technology that is overly reliant on the known, is unable to adapt when attackers change their patterns, or find easier ways to sneak onto our networks undetected. Therefore deflecting adaptive attacks becomes critical.
Detect and Defend Your Network from Targeted Attacks in Real Time (E)
Mr. Tony Lee Consultant, Trend Micro Limited
As tactics and techniques behind targeted attacks and advanced threats continue to evolve, having a flexible line of defense is crucial. To do so, leading organizations are enhancing their security posture with the ability to detect and respond to advanced malware, zero-day exploits and attacker behavior that is behind targeted attacks. This presentation will review the major requirements and capabilities needed for a strong cyber-defense against targeted attacks.
So you want a Threat Intelligence capability? (E)
Mr. Gavin Reid Vice President of Threat Intelligence, Lancope, Inc.
Once the realm of government organizations, the collection, analysis and leveraging of threat intelligence for advanced cybersecurity is now something all corporations should be focused on,” said Reid. “Unfortunately“, few organizations are sure how to do it. My session will demystify the threat intelligence function, and provide security teams with best practices for setting it up within their organizations for improved cyber threat detection and incident response.”Specifically, Reid’s session will outline:• What threat intelligence is• Best practices for developing a threat intelligence function• Common pitfalls to avoid when setting up a threat intelligence practice• How threat intelligence fits in with other components of an enterprise security strategy
Panel DiscussionFriends: How can Organizations achieve Effective Information Security? (E)
Mr. Frank Yam Moderator
KeynoteSecuring your Mobile Applications, a Holistic Approach (E)
Mr. Joseph Au-Yeung VP, Cloud & Cyber-security, PCCW Solutions Limited
Mr. Saket Modi CEO, Lucideus
Mobile applications are hot on every CIO’s agenda. Yet implementing secure mobile application posed major challenges to every IT teams.In order to ensure the corporate brand value and protect customer information assets, we will introduce an end-to-end approach which covers everything from Awareness Trainings, Security Maturity Assessment, Secure SDLC (SSDLC), Proactive and Reactive protection methods, as well systematic training workshop for mobile developers.
Any device, Anywhere, All-round Protection (C/E)
Mr. Siupan Chan Sales Engineering Manager, Greater China, Sophos Hong Kong Company Limited
Not every Enterprise has the expertise and resources to manage every IT security.In this session we’ll examine the inherent complexity of security products and the very different needs of small and large organizations. Then we’ll look at a simpler alternative: cloud-based security and threat monitoring service.
IoT Security: Understanding the Challenges while Mitigating the Risk (E)
Mr. Leslie Sin Systems Engineer, Cisco Systems HK Limited
This session will discuss security threats arise when implementing Internet of Things (IoT). IoT converges an organization's existing information technology (IT) and operational technology (OT) networks, in addition to potentially billions of sensors, devices, and other smart objects. This convergence significantly expands security challenges, due to its increased breadth and depth over existing network connectivity.IT and OT networks are managed with different priorities in mind, and each has distinct security needs. The priority of the IT network is to protect data confidentiality. The focus of the OT network is on physical security and secure access to ensure operational and employee safety.
Combating APT and Crypto Ransomware with minimal extra investment (C/E)
Mr. Eric Kwok General Manager, Lapcom Limited
APT and Crypto Ransomware are the hottest topic among IT security practitioners and are posting real threats to enterprises. Combating these emerging threats can be really expensive. So how businesses with average IT budget better protect itself from it?
09:00 – 09:40
09:40 – 10:20
10:50 – 11:30
INFORMATION SECURITY SUMMIT 2015
SPEAKERS (Day 2)16 September 2015 (Wednesday)
Hong Kong Convention and Exhibition Centre, 1 Expo Drive, Wanchai, Hong Kong
KeynoteCybersecurity as a Business Discipline (E)
Mr. Ramsés Gallego Security Strategist & Evangelist, Dell Software
Security turned into Cybersecurity when we connected our systems, when our data started flowing around. This is an era where the terms cyber-resiliency, cyber-warfare, cyber-protection have become first page on the news and we need to get ready. We need to expect the unexpected. This is the epoch for the businesses to understand this dimension and start asking the right questions to the right people at the right time. This is the time to embrace the cybersecurity challenge and start talking about Enterprise Risk Management.
KeynoteBetter Security through Micro Segmentation and security services in overlay networking (E)
Mr. Tim Hartman Senior Manager, Network & Security Systems Engineering, Asia Pacific and Japan – Networking and Security Business Unit, VMware, Inc
This session will discuss why traditional network design and operational methods need to change and how current technologies are enabling organizations to build granular security policies with the operational model of the Virtual Machine.
KeynoteFighting Malware Through Big-Data & Public/Private Partnership – Microsoft Cybercrime Center (E)
Mr. Keshav Singh Dhakad Regional Director - Digital Crimes Unit Asia, Microsoft Operations Pte Limited
Cybercrime is on a rapid rise at a global scale, becoming a multi-billion dollar industry, and causing enormous amount of disruption & losses. Particularly, malware facilitated crimes are having the most devastating impact on businesses (particularly financial sector), governments and individuals. Malware (malicious codes) are multiplying in numbers by the form, types & threats and can do untold amount of damage without warning, like hacking confidential information, stealing private and personal information, key-logging passwords, hi-jacking email/social media accounts via identify theft, committing financial theft & wire-fraud, causing disruption of IT systems & critical networks, denial of service attacks, etc.
Microsoft takes the impact of malware facilitated cybercrime very seriously to protect its customers’ data & privacy, and its own platforms & intellectual property. Microsoft’s Digital Crimes Unit (DCU), through global public-private partnerships, targets cyber-criminal organizations that are looking to make illegal profits through spread of vicious malware infections. DCU’s Cybercrime Center engages in legal & technical operations to disrupt and take-down malware networks (e.g., botnets), liberating infected devices in the process at a global level, and making it more expensive for cyber-criminals to operate. In that effort, DCU partners with cybercrime experts across industries, governments, criminal law enforcement, cybercrime experts, academia, to identify and eliminate cyber threats impacting the entire digital ecosystem. Through these operations, and partnerships under DCU’s Cyber-Threat Intelligence Program (CTIP) with global Computer Emergency Response Teams (CERTs), ISPs, Industry Bodies, etc., DCU has enabled successful identification and cleaning of millions of infected devices globally - a task which is ongoing.
Hong Kong similarly faces huge challenges in fighting cybercrime considering it’s a big financial hub in the Asia region and Microsoft is committed to help Hong Kong fight cybercrime with effective sharing of cyber threat intelligence, through public-private partnerships.
11:30 – 12:10 KeynoteCyber Security & Threat Intelligence Defense – Preparing For The Changing Landscape (E)
Mr. Jack Chan Security Strategist, Fortinet International Inc.
How does mindset around security needs to adopt with the growing usage of internet, IoTs, BYOD and cloud computing? What role does threat intelligence plays in the changing security landscape? In this presentation Jack Chan from Fortinet’s FortiGuard lab will present the changing threat landscape, the types of threat intelligence required to combat security on a day-to-day basis, a taste of the dark web and where the ideal cross over between security and convenience should be.
12:10 – 12:40 Techniques for Protecting Business-Critical Information in Public, Private and Hybrid Cloud Environments (E)
Mr. George Chew Area Vice President, APAC/JAPAN, Vormetric, Inc.
The cloud computing has transformed the way organizations approach IT, enabling them to become more agile, introduce new business models, provide more services, and reduce IT costs. Yet for security professionals, the cloud presents a huge dilemma: How do you embrace the benefits of the cloud while maintaining security controls over your organizations’ assets? This session cover: • Cloud/virtualization Computing Security Challenges • Techniques for Encrypting Data in the Cloud • Strategies for Secure Transition to the Cloud
16 September 2015 (Wednesday)Hong Kong Convention and Exhibition Centre, 1 Expo Drive, Wanchai, Hong Kong
14:00 – 14:30
12:10 – 12:40
14:30 – 15:00
INFORMATION SECURITY SUMMIT 2015
SPEAKERS (Day 2)
Managing the Unmanageable (C/E)
Mr. Chris Chau Lead Sales Engineer, Citrix Systems HK Limited
Due to the boom in the mobility and web access, accessing your corporate resources and customer information could be anytime and anywhere. Citrix will introduce our Delivery Network Solutions, in order to cater the potential risks to your corporate information and reputation.
Cyber Range in One Box (P/E)
Mr. Smith Sun Senior Business Development Manager, China, Ixia Technologies International Limited
Ixia CyberRangeInOneBox solution supplies an Environment to simulate real world traffic scenarios, Attacks, Malware, hostile behavior... With it, you can Practice attacking vs defending, you can do POC test for new product and technology, you also can do security training for IT people.
Recent Threat: Our Incident Handling and Case Study (E)
Mr. Zhao Wei CEO, Beijing Knownsec Information Technology Limited
We would like to brief about our recent technology and platforms, how we could deal with and understand our recent threats and try to mitigate the risk. The session will be with demonstration and case studies, it would be practical.
Privacy and Cybersecurity: Legal and Regulatory Developments (E)
Mr. Michael Jackson Associate Professor, Faculty of Law, The University of Hong Kong
This presentation will discuss recent legislative and regulative developments in relation to privacy and/or cyber security in Hong Kong and overseas which impact on the cyber risks of the Internet.
Cloud user's guide to Cloud Security Assurance and Compliance (E)
Mr. Ronald Tse Founder, Ribose
Cloud service providers (CSP) often claim their services are "secure". How much of that should you trust? In this session we discuss the notion of cloud security assurance from the perspective of the cloud user: introducing different types of assurances, comparing existing assurance schemes, considering international and regional issues, and most importantly, showing how to discern the truth behind smokescreens.
15:00 – 15:30 The importance of Encrypted Traffic Management (E) Mr. David Leung Senior Solution Engineer, Blue Coat Hong Kong
Industry has been focusing on varies technologies on protecting their organization from Advanced Threats. However, we always missed the importance of visibility on these threats. Research shows that there is a rising trend on attacks hidden in encrypted traffic. David will talk about the importance of Encrypted Traffic Management and how to address those challenges.
Are your Mobile Apps well protected? (E)
Dr. Daniel Luo Research Assistant Professor, The Hong Kong Polytechnic University
The prosperity of mobile app economy provides lucrative and profitable targets for hackers. Among OWASP’s top ten mobile risks for 2014, the lack of binary protections makes it easy to reverse, modify, and repackage Android apps. This talk discusses mobile app protection from two aspects. First, we introduce how attackers turn popular apps into malware and then describe our research on quickly detecting such repackaged apps. Second, we sketch how newly emerging packing services harden Android apps and then present our recent research on unpacking such hardened apps.
16:30 – 17:10
17:10 – 18:00
SPEAKERS (Day 2)16 September 2015 (Wednesday)
Hong Kong Convention and Exhibition Centre, 1 Expo Drive, Wanchai, Hong Kong
KeynoteTBC
Panel Discussion Foes: Horror Stories of Attacks against Organizations (E)
Mr. Paul Jackson Moderator
Rethinking Passive DNS (E)
Mr. Brandon Dixon Lead Developer and Co-founder, PassiveTotal
Mr. Steve Ginty Co-Founder, PassiveTotal
Having a good set of historical data is like having a time machine. As threat researchers, passive/active DNS provides us with a map of an attacker's infrastructure behaviors and history. Unfortunately, this data set is static, lacking context, additional enrichment data and the ability to persist analysis to guide analyst assessments.
In the early days of threat infrastructure analysis, we simply displayed passive DNS results inside of an HTML table. While smaller sets of data were easy to analyze, as resolutions grew, so did the complexity of the data and the effort needed to properly analyze it. This can lead to mistakes being made, missed changes, and failure to really understand the data set due to the quantity of data presented.
According to a January 2014 study published by MIT, the human brain is capable of processing an entire image in as little as 13 milliseconds of exposure. With this in mind, we looked to remake these raw data sets into color-coded, visual indicators and images that allow analysts to interpret results faster, reduce analysis and assessment time, and persist findings.
Attendees should expect to walk away with a better understanding of how DNS data is useful in security research, different ways to interpret the data, and tools that could provide assistance when performing analysis.
16:00 – 16:30 Taking The Fight To Advanced Threats with Symantec (E) Mr. Avinash Lotke Business Development Director, Threat Protection Business, Symantec Asia Pacific & Japan
Advanced persistent threats (APTs) have been perfected and they are fast outpacing defensive measures, leaving many organizations unwittingly vulnerable. It has become impossible to distinguish the safe from the dangerous; almost no company, whether large or small, is immune. In 2014, advanced attackers targeted 5 out of 6 large companies, a 40 percent increase over the year before, and there were almost 1 million new malware variants developed daily. Join the session and learn about how to stop the next advanced attack.
SCHEDULE
THU
17 SE
P 201
5
TUE
22 SE
P 201
5
THU
17 SE
P 201
5
WED
23 SE
P 201
5
FRI
25 SE
P 201
5
FRI
18 SE
P 201
5
THU
24 SE
P 201
5
MON
5 Oct 2
015
WED
7 Oct 2
015
MON
12 O
CT 201
5
MON
21 SE
P 201
5
THU
24 SE
P 201
5
TUE
6 OCT 2
015
THU
8 OCT 2
015
TUE
13 O
CT 201
5
Workshop 1 Enterprise Risk Management and Auditing for the new era of Cloud, Mobility and Identity Speaker : Mr. Ramsés Gallego
Workshop 3 (Day 2)
Hacking and Analyzing Your Android Application (Hands-On) Speaker: Mr. Anfa Sam
Workshop 2 (Day 2)
Analyst Methods for Cyber Espionage Analysis [Hands-on] Speakers: Mr. Brandon Dixon and Mr. Steve Ginty
Workshop 4 (Day 2)
Securing Custom Mobile Applications for Safe, Profitable E-Commerce Speakers: Mr. Richard Stagg and Mr. Michael Dahn
Workshop 6Cybersecurity Fundamentals Speaker: Mr. Frank Chow
Workshop 8 (Day 1)
Advanced Web Application Pentest Kungfu (Hands-On) Speakers: Mr. Anthony Lai and Mr. Zetta Ke
Workshop 8 (Day 2)
Advanced Web Application Pentest Kungfu (Hands-On) Speakers: Mr. Anthony Lai and Mr. Zetta Ke
Workshop 9 (Day 1)Securing your Enterprise Mobility - Strategy, Operations and Technology (Hands-on) Speakers: Mr. Aditya Modha and Mr. Vilakshan Jakhu
Workshop 2 (Day 1)
Analyst Methods for Cyber Espionage Analysis [Hands-on] Speakers: Mr. Brandon Dixon and Mr. Steve Ginty
Workshop 4 (Day 1)
Securing Custom Mobile Applications for Safe, Profitable E-Commerce Speakers: Mr. Richard Stagg and Mr. Michael Dahn
Workshop 5 (Day 2)
Let's get your hands dirty with Honeypot Sensors (Hands-On) Speaker: Mr. Tan Kean Siong
Workshop 3 (Day 1)
Hacking and Analyzing Your Android Application (Hands-On) Speaker: Mr. Anfa Sam
Workshop 5 (Day 1)
Let's get your hands dirty with Honeypot Sensors (Hands-On) Speaker: Mr. Tan Kean Siong
Workshop 7 ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27018 Information Security Standards - Auditing, Awareness and Updates Speaker: Mr. Danny Yip
Workshop 9 (Day 2)Securing your Enterprise Mobility - Strategy, Operations and Technology (Hands-on) Speakers: Mr. Aditya Modha and Mr. Vilakshan Jakhu
17 September – 13 October 2015 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon
INFORMATION SECURITY SUMMIT 2015
WORKSHOPS
Workshop 1 (1 Day)
Enterprise Risk Management and Auditing for the new era of Cloud, Mobility and IdentitySpeaker : Mr. Ramsés Gallego Medium of Instruction: English
Workshop 2 (2 Days)
Analyst Methods for Cyber Espionage Analysis [Hands-on] Speakers : Mr. Brandon Dixon and Mr. Steve Ginty
Medium of Instruction: English
Nature & Objectives: Course Outline:■ Discovery of new approaches and technologies for
Enterprise Risk Management and Auditing in 'The Nexus of Forces’
■ Understanding of ‘the new normal’■ Comprehension of the realities that shape the world
we live in
Information is the currency in today’s world. Companies are understanding that a new approach is needed when it comes to provide assurance that sensitive data will be protected to fight the threats to cybersecurity. Organizations around the globe are embracing a new vision that will become the foundations for tomorrow. This is the need of a shift in perception. We need to move from Technology Risk to Enterprise Risk. A new beginning. A new dawn. Enterprises are moving from what once was a domain of technology to a new reality; that, at the end of the day, what it really matters is mitigating enterprise risk, the risk appetite of the company as a whole. What it is really important these days is to realize that not only is instrumental to execute correctly, with the proper attitude, with the right mindset, but also to embrace the overarching discipline of Governance, to empower end users while, at the very same time, the assurance of the responsible use of resources is guaranteed.By attending this session, insights will be gained on how to provide value for the business, through technology, in a changing security landscape where ‘The Nexus of Forces’ (Cloud. Mobility, Identity) are paramount for success. The attendee will be able to discover new angles for engaging with the business and provide communication channels and reporting methods to protect the two most important assets for a company: people and information. Knowledge will be shared in the area of metrics and indicators that provide tangible value, in business terms for the C-level suite. This is the very much needed new dimension. From Technology Risk to Enterprise Risk. A New Beginning.
Who Should Attend:✓ CIOs✓ CTOs✓ Chief Risk Manager✓ Chief Audit Executives✓ Security Directors✓ Risk practitioners✓ Auditors
Nature & Objectives: Course Outline:To understand multiple techniques and processes to identify, defend and analyze Cyber Espionage malware (APT).
The Threat Intelligence workshop will focus on advanced threat actors and techniques analysts could use to identify or defend against them. The class will be tailored towards information security professionals with a background in the understanding of malicious attacks. Demonstrations of real-world attacks and analysis will be done through interactive labs using the PassiveTotal platform and Maltego transforms. Attendees will walk away with a better understanding of how to obtain, process and analyze attacks to mine more threat intelligence from them.
Who Should Attend:Those looking to understand more about analysis techniques centered around APT events.
Requirement for Participant:Register for an account and confirm your email on passivetotal.org. We will be able to sign-up users on the day of, but it will be a lot faster for each user to already have an account.
SEP 2015
17THURSDAY
SEP 2015
17THURSDAY
09:30 – 17:00
09:30 – 17:00
SEP 2015
18FRIDAY
INFORMATION SECURITY SUMMIT 2015
WORKSHOPS 17 September – 13 October 2015 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon
Workshop 3 (2 Days)
Hacking and Analyzing Your Android Application (Hands-On)Speaker : Mr. Anfa Sam Medium of Instruction:
Cantonese with handout in English
Workshop 4 (2 Days)
Securing Custom Mobile Applications for Safe, Profitable E-Commerce Speakers: Mr. Richard Stagg and Mr. Michael Dahn
Medium of Instruction: English
Nature & Objectives: Course Outline:
■ Understand general attack vectors■ Finding vulnerabilities■ Secure development
• Intro to Android Application Architecture• Intro to OWASP Top 10 Mobile Risks• Static Analysis• Dynamic Analysis• Application Analysis in PracticeWho Should Attend:
✓ Mobile (java / objc) development experience✓ Rooted android phone (optional)
Requirement for Participant:Students have to bring their own notebook computer with the following software:
• Windows 7 or 8 with JRE & JDK 1.7.x with 30GB free disk space• VM Player version 7 (https://www.my.vmware.com/web/vmware/
free#desktop_end_user_computing/vmware_player_7_0)• GenyMotion for Windows 2.5
(https://www.genymotion.com/#!/download)• Android Studio Bundle 141
(https://www.developer.android.com/sdk/index/html#other)
Nature & Objectives: Course Outline:■ Moderately technical training, with discussion time
likely to be more technical.■ There is a focus on e-commerce/payment apps, but
the instruction is applicable to all custom mobile apps.
■ Objectives are to teach all those involved in the lifecycle of a custom mobile application how to create and preserve security throughout the app's whole life, and – as a beneficial side-effect – how to achieve compliance with mandatory standards.
New mobile apps are being launched at an incredible rate, and the potential for e-commerce over mobile devices is growing as new payment methods emerge.This two-day course looks at how to secure custom mobile applications, with a particular emphasis on e-commerce and payment security. We consider:
• Whole-lifecycle security, from design, through the software development lifecycle, testing, to deployment
• Safe interactions with digital wallets (Apple Pay, Google Wallet etc) and also new mobile payment techniques using NFC, “bumping” to pay, etc
• Detailed, specific guidance, with examples about:
- Securing the server side by design, detecting and responding to attacks
- Securing the communications between server and mobile, and between mobile and mobile
- Securing distribution and deployment of apps (both B2C and B2E, with enterprise app stores), and handling rooted/jailbroken devices
- Securing the client app, with a review of general principles, and technical specifics for iOS, Android and Windows devices
- Ongoing security, including updates, testing and vulnerability management through the whole life of the app
- Compliance issues, including PCI DSS, and how to make meeting compliance obligations a benefit, not an inconvenience
Who Should Attend:✓ Mobile application developers✓ Mobile application designers✓ Technical managers, security officers, auditors or
anyone else involved in QA for mobile applications
SEP 2015
21MONDAY
SEP 2015
23WEDNESDAY
09:30 – 17:00
09:30 – 17:00
SEP 2015
22TUESDAY
SEP 2015
24THURSDAY
17 September – 13 October 2015 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon
INFORMATION SECURITY SUMMIT 2015
WORKSHOPS
Workshop 5 (2 Days)
Let's get your hands dirty with Honeypot Sensors (Hands-On)Speaker : Mr. Tan Kean Siong Medium of Instruction: English
Nature & Objectives: Course Outline: Listening to the network traffics and detecting network attacks are always the exciting experiences.
In this workshop, we will have the real hand-on experience of setting up the open source honeypot sensors to detect network-based attacks. We will have an insight into notorious network protocols that commonly targeted by attackers and massive malware outbreaks in the past years.
In addition, we will showcase the recent developed IoT (Internet of Things) honeypot capability for Dionaea sensor, which could help us dive into the emerging IoT attacks landscape.
• Dive into notorious network protocols for massive malware outbreaks in the past years
• Highlight the strategy and best practices of honeypot deployment/management
• Explore the IoT attacks landscape and relevant network protocol
• Have an exciting hands-on experience of setting up honeypot network sensor
Who Should Attend: Those interested to understand more about detecting network attacks with honeypots.
SEP 2015
24THURSDAY
09:30 – 17:00
SEP 2015
25FRIDAY
Workshop 6 (1 Day)
Cybersecurity Fundamentals Speaker : Mr. Frank Chow Medium of Instruction:
Cantonese with handout in English
Nature & Objectives: Course Outline:This workshop wi l l introduce the concepts of cybersecurity using a systemic approach and will explore the direct influences on cybersecurity such as concepts, architecture principles and incident response and evolving technology (e.g. APT, Cloud, Mobile). (Help for the ISACA's Cybersecurity Fundamentals exam)
The Cybersecurity Fundamentals course consists of foundational knowledge across five key areas:
• Cybersecurity Concepts • Security Architecture Principles• Security of Networks, Systems, Applications and Data
• Incident Response • Security Implications and Adoption of Evolving Technology
(e.g. Advanced Persistent Threats, Mobile Technology, Cloud etc.) Who Should Attend:✓ Professionals with a familiarity of basic IT and
information security concepts and who need to ensure a sound foundation knowledge of cybersecurity.
✓ Anyone planning to work in a position that requires cybersecurity knowledge.
✓ Anyone interested in the field of cybersecurity.
OCT 2015
5MONDAY
09:30 – 17:00
INFORMATION SECURITY SUMMIT 2015
WORKSHOPS 17 September – 13 October 2015 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon
Workshop 8 (2 Days)
Advanced Web Application Pentest Kungfu Speakers : Mr. Anthony Lai and Mr. Zetta Ke
Medium of Instruction: Cantonese with handout in English
OCT 2015
7WEDNESDAY
09:30 – 17:00
OCT 2015
8THURSDAY
Workshop 7 (1 Day)
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27018 Information Security Standards - Auditing, Awareness and Updates Speaker : Mr. Danny Yip Medium of Instruction:
Cantonese with handout in EnglishNature & Objectives: Course Outline:The purpose of this Workshop is to: ■ Provide an Overview of ISO/IEC 27000, ISO/IEC
27001, ISO/IEC 27002, and ISO/IEC 27018 ■ Provide an in-depth analysis of the recent changes
to the new versions of ISO/IEC 27001 and ISO/IEC 27002
■ Provide an insight into Information Security Standards ISO/IEC 27000 (revised) & ISO/IEC 27017 to be released in the next 12 months
■ Provide awareness tips to assist preparation for an ISO/IEC 27001 certification audit
• Overview of ISO/IEC 27000, ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27018
• Overview of upcoming changes in ISO/IEC 27000 and ISO/IEC 27017• In-depth analysis of recent changes in ISO/IEC 27001 and
ISO/IEC 27002 and their impact to implementation of ISMS• Major challenges encountered in implementation and certification
audit of ISMS
Who Should Attend:✓ Auditors with an interest in ISO/IEC 27001
certification✓ Individuals interested in Information Security
Management Systems (ISMS) ✓ Managers responsible for ensuring information
security within their organization ✓ Organization planning to adopt a world-class
recognized approach to information security controls
✓ Anyone with an interest in understanding the changes to the new and upcoming versions of ISO/IEC ISMS Standards
OCT 2015
6TUESDAY
09:30 – 17:00
Nature & Objectives: Course Outline: We have already carried out Pentest Kungfu Part 1 about OWASP Top 10 and basic tricks and skills in both network and web application penetration test. We would like to present a little bit advanced on topic related to Cryptography, development framework and train you up with some mini-wargames.Basics of cryptography will be briefed but most of the time we will brief about tricks and attack on systems depending on crypto and hash in their authentication and session. Meanwhile, we will cover some common flaws of the development framework.In addition, it would be a practical session to play in group to review what you have learnt in OWASP Top 10 and tricks via CTF (Capture The Flag) game.This is the course for people have understood Pentest Kungfu part 1 from us or/and well understand OWASP Top 10.
• OWASP Top 10 Quick Review • Intermediate level and advanced techniques in XSS and SQL Injection• Development Framework vulnerabilities
• Web security test technique with crypto • CTF game to test your skills
Who Should Attend: The target audience is for anyone who would like to get familiar with Web application penetration test, especially for those who are IT auditors or those who are system administrator/software developers as they could apply the learnt skills to test/audit the systems. It is also good for people who would like to transform themselves into penetration tester.
17 September – 13 October 2015 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon
INFORMATION SECURITY SUMMIT 2015
WORKSHOPS
Workshop 9 (2 Days)
Securing your Enterprise Mobility - Strategy, Operations and Technology (Hands-on) Speakers : Mr. Aditya Modha and Mr. Vilakshan Jakhu
Medium of Instruction: English
Nature & Objectives: Course Outline: Live Hands On Workshop with objective of providing the participants with a live hacker’s perspective of how popular hacks are executed along with walk around for ensuring the security against the hacks.
Mitigate against common vulnerabilities and security threats against web, wireless mobile applications & their platforms Live demonstrations and practical sessions of methods used to attack web applications, wireless networks, mobile devices, including OWASP Top 10 and other attacks. Each Individual to be provided with Certificate of Completion, Practical Toolkit (DVD) with tools used during the workshop, white papers, video tutorial etc.Who Should Attend:
✓ CIO & CISO ✓ Innovation Office and Strategy Team ✓ IT Security & Audit Professionals ✓ Application Developers ✓ Information Technology & Security Operations Team ✓ IT Risk management professionals & ✓ Mobile Application Developers
Requirement for Participant:Participants will need a spare smart phone (preferably an iPhone).
OCT 2015
12MONDAY
09:30 – 17:00
OCT 2015
13TUESDAY
INFORMATION SECURITY SUMMIT 2015
WORKSHOPS 17 September – 13 October 2015 1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon
2. Please fill in the form below to complete registration:
Company / Organization :
First Name : Surname : (Shown on Workshop Attendance Certificate only)
Position :
Phone : Fax :
Mobile : E-mail :
Address :
Name of Organizer / Supporting Organization (if applicable) :
1. Please " ✓ " the conference/workshop(s) you would attend and complete the form below for reservation!
Please send Cheque, made payable to “Hong Kong Productivity Council”, to:ITD, 2/F HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong (Attn: Ms. Tracy Choy) for seat confirmation.
For Enquiry: Please contact Ms. Tracy Choy at (852) 2788-5884.
Consent statement
PaYment
supporting organizations
media PartnersiPhone Android Cloud
www.linuxpilot.com
Personal data (including your name, phone number, fax number, correspondence address and email address) provided by you will be used for the purpose of the administration, evaluation and management of your registration by HKPC or HKPC’s agent. You have the right to request access to, and amend your personal data in relation to your application. If you wish to exercise these rights, please send email to: [email protected].
HKPC intends to use the personal data (including your name, phone number, correspondence address and email address) that you have provided to promote the latest development, consultancy services, events and training courses of HKPC. Should you find such use of your personal data not acceptable, please indicate your objection by ticking the box below:
□ I do not agree to the proposed use of my personal data in any marketing activities arranged by HKPC.
□ I do not agree to the proposed transfer of my personal data to HKPC's sponsor(s) involving in this event for any marketing activities.
香 港 工 程 師 學 會
資 訊 科 技 分 部
THE HONG KONGINSTITUTION OF ENGINEERS
Information Technology Division
The Institution ofEngineering and Technology
英國電腦學會(香港分會)
Internet Security and PKI Application Centre互聯網安全及PKI應用中心
Early Bird Price Normal Price
Non-Member Member of Organizer/ Supporting Organization Non-Member Member of Organizer/
Supporting Organization
Conference (Day 1) ■ * Free of Charge (Please select the session(s) you would attend!)
Conference (Day 2) ■ * Free of Charge (Please select the session(s) you would attend!)
Workshop 1 ■ HK$3,050 ■ HK$2,850 ■ HK$3,250 ■ HK$3,050
Workshop 2 ■ HK$5,750 ■ HK$5,550 ■ HK$6,000 ■ HK$5,750
Workshop 3 ■ HK$5,750 ■ HK$5,550 ■ HK$6,000 ■ HK$5,750
Workshop 4 ■ HK$5,750 ■ HK$5,550 ■ HK$6,000 ■ HK$5,750
Workshop 5 ■ HK$5,750 ■ HK$5,550 ■ HK$6,000 ■ HK$5,750
Workshop 6 ■ HK$3,050 ■ HK$2,850 ■ HK$3,250 ■ HK$3,050
Workshop 7 ■ HK$3,050 ■ HK$2,850 ■ HK$3,250 ■ HK$3,050
Workshop 8 ■ HK$5,750 ■ HK$5,550 ■ HK$6,000 ■ HK$5,750
Workshop 9 ■ HK$5,750 ■ HK$5,550 ■ HK$6,000 ■ HK$5,750
CPE Hours: A number of supporting organizations have indicated that recognition credits will be awarded for attendance and participation in the Information Security Summit Workshops. Please check with your local organization for the level of credits you will be entitled to receive.
Total: HK$
* EARLY BIRD price on or before 31 August 2015
INFORMATION SECURITY SUMMIT 2015
REGISTRATION