Sydney Branch Meeting: DDOS and Organisational Liability

Starts: Wednesday 19 October 2011, 8:15AM

Finishes: Wednesday 19 October 2011, 10:00AM

Date: Wednesday 19 October 2011

Time: 8:15am for prompt 8:30am start of presentation, 10:00am expected close.

 

Venue: Westpac, 60 Martin Place, Plaza Level (Ground Floor) Meeting Centre

 

1st Presentation:

Topic: DDoS - Still Happening Today and What We Can Do

This presentation will provide an overview of how the types, reasons and uses of DDoS have evolved over time. The presentation will include an overview of the Wikileaks attacks, explaining how they were identified, analysed and mitigated, as well as showing the reverse engineering process of the opt-in botnet malware (LOIC) used in these attacks.

In the case of the Wikilieaks related attacks, as well as countless other DDoS attacks around the world, global Telcos and the world's largest CDN clearly struggle with very large or complex DDoS attacks. As such, an overview of the way other service providers commonly approach the DDoS problem, and how any less than robust solution is easily exploited by DDoS attacks, will also be explored. Finally, this briefing will also provide an overview of new and innovative attack vectors being utilised, as well as how DDoS is being used in a variety of ways as part of more complex cyber attacks. In addition this presentation should provide you with options for mitigating these risks.

Speaker: Oliver Kwan

Oliver Kwan is the Prolexic Regional Sales Director for Asia. With over 10 years' experience working in the Internet hosting and security industry in Asia, Europe, North and South America, Oliver has worked with many large public and private sector enterprises to host and secure their web facing systems. Today, tens of thousands of domains and hundreds of organisations, including some of the world's largest online gambling operators, entrust their networks to Prolexic Technologies. As Prolexic fights between 10 to 50 DDoS attacks every single day on behalf of their clients, Oliver is well placed to discuss the past, present and future risk that cyber attacks like DDoS pose to online business.

 

2nd Presentation:

Topic: Organisational Liability for Information Security in Australia

In this presentation, the major areas of organisation liability for losses suffered through information security incidents in Australia will be reviewed, including:

Negligence - Liability in negligence for failing to take reasonable care:

  • Is there a duty in regard to information security?
  • What is the duty?
  • Issues with causation and recovery for economic loss

Other torts - Breach of Confidence, Breach of Privacy, Nuisance

Breach of Contract - Liability in contract:

  • Will exclusions of liability be enforceable?
  • Will there be implied terms in regard to reasonable security?

Breach of Privacy (State and Federal) - in particular NPP 4.1:

  • What is "reasonable security"?
  • What are the consequences of breach?

Corporations Act Liability - Corporate and Company Officer Liability

 

As well, some consideration will be given to some likely future developments including:

Data Retention legislation

Privacy Act Amendments including:

  • Statutory right to sue for Breach of Privacy
  • Mandatory Data Breach Notification laws

Impact of adopting EU Cybercrime Convention

 

Speaker: Jodie Siganto, LLM, CISSP

Jodie Siganto is currently a non-executive director of Bridge Point Communications, specialists in data networking and security. She is also a director of Bridge Point Training, an (ISC)2 educational affiliate, focusing in the delivery of IT security and network related training courses around Australia.

In addition to her role with Bridge Point, Jodie is currently completing a PhD at Queensland University of Technology in the area of Information Security Law.

Prior to Bridge Point, Jodie was the Legal Counsel for Dell Financial Services based in Singapore, and prior to that General Counsel - Asia for Unisys.

Jodie is a long standing and very active AISA member. She currently serves as the Brisbane representative for the AISA ISMS Users Group committee, and regularly helps as a mentor for AISA CISSP Study Groups in Brisbane.

 

Many thanks to our sponsors:

Sponsorship opportunity available for this meeting! For the details, please email Sponsor@aisa.org.au.

AISA thanks Westpac for providing the venue for our Sydney Branch meetings in 2011.

Westpac logo