Are Data Breach Disclosures improving our Cyber Posture?
The presentation will review the objectives of the current Notifiable Data Breaches (NDB) scheme with particular focus on the ICT industry’s need for information to help improve Australia’s cyber security posture. The presentation will briefly review recent breach disclosures obtained under FoI by the presenter. Particular attention will be given to the voluntarily released disclosure provided by PageUp.
This disclosure will be reviewed to highlighting the lost opportunity available to the cyber security community to learn tangible lessons. Finally the proposed OAIC review of NDB will be discussed, suggesting there is a need to examine more than data breach disclosure publishing practices.
Speaker: Ian Brightwell, Principal Consultant DH4 Pty Ltd, adjunct Academic at UNSW in Cyber Security
Ian is an adjunct academic at UNSW in Cyber Security and principal consultant with DH4 Pty Ltd. He researches and lectures in information technology governance and advises clients on ICT program and procurement strategies. He has a particular interest the governance of enterprise ICT, cyber risk assessment and electronic voting.
We need to talk about Red Teaming
Red teaming in Australia is in limbo. To some, the phrase is purely marketing buzzwords, to others, it can mean any one of a number of things. Without a solid definition, it is difficult for a client to ascertain exactly what to expect when they engage a consultancy to deliver a red team, and this needs to change. This talk therefore aims to address the current state-of-play, the definition of the phrase 'red teaming', the benefits of being on the receiving end of a red team, and how an organisation can assess whether or not red teaming is the correct choice given their current posture to inform future security strategy.
Speaker: Troy Defty, Principal Security Consultant, PS&C Pure Hacking
Having worked in the UK InfoSec industry for around five and a half years, Troy abandoned a dreary sun-less London and has been working in the Australian industry out of Sydney for nearly a year. His interest and experience is largely in bespoke penetration testing engagements (red teaming, scenario-based assessments, etc.), with broad coverage across the penetration testing spectrum. Other interests include music, electronics, the outdoors, travel, and being bad at golf.
Participants will have the opportunity to ask questions of the speakers at the end of the presentation.
Light refreshments will be served after the presentation.
AISA members: Please sign in to register for this event
Non AISA Members: If you would like to become an AISA member you can join here
For more information about other AISA events, please visit our website here
Many thanks to our sponsors: