|
|
 |
 |
|
|
|
|
Tentative Conference Agenda |
|
|
|
|
| 17th March, 2010 (Wednesday) |
| 08:15 - 09:00 |
REGISTRATION |
| 09:00 - 09:40 |
Opening Keynote: Corporate IT Forensics for a New Decade
Various factors over the past decade have driven the advancement of digital forensics, establishing it as a standard component of large corporate environments. This rapid growth has brought new challenges and change, and corporations must adapt how they implement and manage the digital forensics function. This talk presents an overview of corporate digital forensics today, and the directions it is headed in the new decade. Key challenges and areas of change in digital forensics are highlighted.
Dr. Bruce Nikkel
Head of IT Investigation & Forensics, Group Security Services
UBS AG, Switzerland
|
| 09:40 - 10:10 |
Keynote One: Bot Nets .... The Hidden Risks
Over the past few years, there has been a noticeable increase in frequency and severity of DDoS (Distributed Denial of Service) attacks as well as sophisticated malware attacks. These attacks can disrupt the functionality of any internet-facing device (most notably web servers), typically resulting in loss of revenue and/or affecting brand reputation. While such attacks can be easily accomplished, many businesses still do not fully realize the potential severity of large scale DDoS and Malware attacks (resulting from BOT NETS) as well as the necessary controls to mitigate them.
This presentation will explore the essence of BOT NETS and what types of risks and possible impacts they can cause to business. In addition we will discuss the security capabilities required to mitigate these type of attacks.
Mr. Stanley Quintana
Executive Director
AT&T Global Applications Services Strategy
|
| 10:10 - 10:40 |
Keynote Two: The Evolution of Risk Based IT Security
Enterprises rely heavily on security solution in place for "Protection".
However,
What kind of security alerts generated from your IPS should be considered by your IT team?
Do you receive regular reporting from your team on the overall security status?
What are the guidelines and procedures to internals for there are security outbreaks?
Enterprises should re-visit their security posture from the Governance, Risk and Compliance points of view.
Risk is a part of the process of Governance, Risk and Compliance - all of which now have board level visibility and decision making process. Governance, Risk, and Compliance are highly related but distinct activities that solve different problems for different sets of constituents of an organization.
Movement from a reactive to proactive buying cycle to now understanding the business impacts of security solution deployment and how it will impact the companies risk register have been critical steps taken within the security industry over the last 2 years.
In this presentation I hope to give you an outline for the drivers of risk based IT Security purchasing and the reasons why risk is important to all IT Security professionals and board members alike.
Mr. Matthew Gyde
General Manager, Security Solutions, Solutions Development Group
Datacraft Asia Pte. Ltd.
|
| 10:40 - 11:10 |
Keynote Three: Hacked while Browsing - Using the Web to Spread Malware
Each year sees an increase in the volume and sophistication of security threats on the Internet. The authors of so-called "malware" continue to discover and develop more sophisticated exploits and methods to generate and propagate more malicious code such as key loggers and system monitors. Many of these infections are occurring through the end users use of the browser.
Criminals are both creating sites within the single intention of spreading malware and well as hacking legitimate websites or using Email to send spam and phishing with links to malicious websites. These methods have resulted in up to 50 percent of corporate desktop computers infected with some sort of malware. Global organized crime gangs profit from these activities through illegal drug sales, spam, bank fraud, identity theft, and corporate espionage. To effectively combat these threats, those responsible for the security of companies need to educate their user communities and assess solutions that have strong capabilities in protecting web access and email.
The best defense is a solution whose security database spans both web and email threats. Attendees learn how infections can occur, the potential risks of an attack, and how organizations can prepare to confront these threats."
Mr. Eric Ng
Security Architect
Cisco Ironport
|
| 11:10 - 11:30 |
Morning Networking Coffee Break |
| 11:30 - 12:00 |
Keynote Four: Adapting to the New IT Ecosystem
The data center is undergoing a radical shift, from server virtualization to private cloud environment, and to public cloud computing - a computing model that promises massive flexibility, scalability and cost saving. But concerns over security and compliance are holding back adoption. An overhaul of the defense-in-depth perimeter security practices that we have been using for 15 years is in order.
Securing this new IT ecosystem requires revisiting best practices to adapt to the dynamics of a perimeter-less environment. Security and compliance controls need to extend across the physical, virtual, and cloud continuum.
In this presentation Trend Micro will explore what is the 'Security That Fits' concept - customizable, scalable security that enable enterprises to benefit from virtualization and cloud computing without compromising the safety of their confidential data.
Mr. Siupan Chan
Principal Consultant
Trend Micro
|
| 12:00 - 12:45 |
Executive Insights Panel I: The Role of Information Security in the Enterprise...from the CIO & CEO's View
In companies worldwide, natural tensions and conflicts arise between information security priorities and those of the technology group as a whole.
Join us for an enlightening panel discussion with a CIO/CISO team from one of the world’s leading companies and learn how they manage these tensions to achieve outstanding results.
Session discovery topics:
* The CIO's view of security
* The importance of security to the enterprise
* The role security should play
* The appropriate scope of responsibility for the security function
* Tips for forging a powerful CIO/CISO partnership
CIO Panel Chair:
Mr. William Yin, Partner, Managing Director, Boston Consulting Group
Executive Panelists:
Mr. Andrew Patrick, CIO, Grant Thornton
Mr. Colin Rice, IT Director, The Dairy Farm Company Ltd.
Mr. Horace Chu, Head of Information Management Services, Gammon Construction
Mr. Robin Leung, Managing Director, Head of Global Information Technology Division, BOC INTERNATIONAL
|
| 12:45 - 13:45 |
CIO Networking Luncheon Roundtables (By Invitation Only)
Topic: 2010 Global Investment Strategy
Luncheon Presentation - Speaker: Mr. Johnny Ng, General Manager - Greater China, AT&T
(Sponsored by AT&T) |
| 13:45 - 14:30 |
Executive Insights Panel II: Security and Risk Management in Economically Challenging Times: Doing More with Less
Information security, like the rest of IT, needs to provide more functionality each year for the same or less cost. Attend this panel discussion and learn how to reduce security spending and improve your security profile.
Session discovery topics:
* How can organizations tactically change their security processes and technologies to quickly spend less and become more secure?
* How can organizations strategically change their security processes and technologies to reduce spending and improve security over the long term?
* How can risks increase in down economic environments?
* What is the best approach to security management strategies in a down market?
* Which tools, techniques and tactics can you use to manage the situation?
CIO Panel Chair:
Mr. Vincent Chan, Partner, Technology and Security Risk Services, Ernst & Young
Executive Panelists:
Mr. Franklin Lau, Deputy General Manager, IT, CITIC Pacific Ltd.
Mr. Pabs Medrero, Senior Director, Information Technology Asia, CB Richard Ellis Ltd
Mr. Gerrit W Bahlman, Director of Information Technology, The Hong Kong Polytechnic University
Mr. Richard Couzens, Head of Technology, CIGNA Worldwide General Insurance Company Limited
Mr. Micky Lo, Managing Director, Head of Asia IT Risk Management, JPMorgan Chase Bank N.A.
|
| 14:30 - 15:00 |
Keynote Six: Securing your office in your "pocket"!
You will find out security can be simple and accessible in both online and offline situation. It should be the enabler for people going mobile without compromising peace of mind. It should allow you to stay productive even if unwanted disaster happens out of control. Check Point has the solution for you so just come to learn the security that you should have.
Mr. Calvin Ng
Country Manager, Hong Kong & Macau
Check Point Software Technologies Ltd.
|
| 15:00 - 15:30 |
Keynote Seven: Data Protection: Security That Pays
True data protection must be a strategic approach comprised of encryption, secure key management, centralized policy and controls, and ongoing management to achieve data protection across databases, applications, networks and endpoint devices. By deploying a holistic encryption strategy, companies streamline processes across their security constituency and the ongoing administration of their systems, thereby reducing the overall management and upkeep costs of their security infrastructure. Through a comprehensive presentation, SafeNet will clearly define data protection and show how companies can meet both security and compliance needs while reaping the cost savings benefits of data protection strategy.
Mr. Sheung Chi Ng
Senior Security Consultant, CISSP, CISA
SafeNet
|
| 15:30 - 16:00 |
Keynote Eight: What is the difference between Walmart and your typical infosec executive?
Visibility. Visibility into inventory, sales, shelf time, etc lets the #1 retailer drive efficiency and save money. This session will examine the security improvements and savings in IT that network visibility drives. Segmentation, Scope assessment, Inventory, Triage, Forensics all experience dramatic benefit from visibility.
Attendees will learn the latest trends in visibility, its applicability to infosec, and how you can use visibility to explain security in the context of the business.
Mr. Charles Kaplan
Technical Leader, office of the CTO
Riverbed
|
| 16:00 - 16:10 |
Afternoon Networking Coffee Break |
| 16:10 - 16:40 |
Keynote Nine: Unified Content Security Platform for Modern Threats at the Lowest Total Cost of Ownership
Websense® TRITONTM is the first and only solution to combine industry-leading Web security, email security, and data loss prevention technologies into one unified architecture. The TRITON solution delivers increased content security and cost savings helping organizations achieve a significant return on their security investments while enabling them to leverage all the benefits of Web 2.0 - unlike point solutions that rely on redundant multi-vendor management tools. Compared with such limited and restrictive solutions, the TRITON architecture also enables superior control and flexibility providing unrivaled visibility into an organization's security operations and protects remote offices and mobile workers just as effectively as at corporate headquarters.
TRITON lowers total cost of ownership by:
* Streamlining content security appliance infrastructure and using Security-as-a-Service (SaaS) to reduce cost and complexity while extending coverage and visibility.
* Delivering the flexibility to choose a single platform or to implement a mix that best suits an organization's needs with Websense TruHybridTM deployment, the industry's first and only security platform that reaches across the global enterprise, unifying deployment of high-performance appliances at a corporate headquarters with SaaS at branch and remote offices.
* Providing efficiencies through its single interface and unified policy management for on-premise and cloud-based deployment spanning Web security, email security, and data loss prevention and providing greater visibility, control, and management capabilities.
[This section will be conducted in Cantonese]
Mr. Matthew Wong
Technical Manager, North Asia
Websense
|
| 16:40 - 17:10 |
Keynote Ten: 2010 Predictions for Security Landscape - Why Cloud Security is Your Best Option
Fact:
With compromised computers issuing 83% of the 107 billion spam messages distributed globally each day, the shutdown of botnet hosting ISPs, such as McColo in 2008 and Real Host in 2009, appear to have made botnets re-evaluate and enhance their backup strategy to enable recovery in just hours.
Fact:
It is predicted that in 2010 botnets will become autonomously intelligent, with each node containing an inbuilt self-sufficient coding in order to coordinate and extend its own survival.
*Source: MessageLabs Intelligence 2009 Annual Security Report
As the botnets continued to wreak havoc throughout 2009, the malware family's newest offspring, the Bredolab trojan, gradually began to gain momentum and infiltrate more and more inboxes. Most often hidden behind a zip file, Bredolab's objective is to disable the system's host-based security software, enabling it to download its malicious content. Along with these malicious email threats, web malware continued to spread as the number of compromised and malicious websites grew. According to MessageLabs Intelligence Reports, more than 80% of blocked sites hosting malware were actually legitimate sites that had been compromised. This trend has increased the amount of time malware is hosted, as it can take up to four months to completely remove it. Many traditional security technologies were ill-equipped to handle the situation and in this session, our speaker is going to tell you why Cloud Security (or Hosted Security) delivered over the Internet from a service provider's data centers, is your best option.
Mr. Nigel Mendonca
Regional Director, Asia
Symantec Hosted Services
|
| 17:10 - 17:45 |
Executive Insights Panel III: INFORMATION SECURITY CONCERNS & CHALLENGES 2010-2015
The innovation rate in IT remains high - new products introduce new & unknown vulnerabilities & have side effects that are hard to anticipate. Emerging risks are driven by the inevitable adoption of products seen as "useful" such as virtualization, cloud computing, mobile everything & Web 2.0 social networks. Then there are activities hitherto considered to be acceptably low risk such as off-shoring. Other domains of risk relate to the significant dependence of societies on public sector services & how these are (under)resourced.
CIO Panel Chair:
Mr. Thomas Parenty, Managing Director, Parenty Consulting Limited (Hong Kong)
Executive Panelists:
Dr. Fleming Woo, Director, Information Technology Services Centre, Lingnan University
Ms. Fanny Cheng, Director of IT, MGM Grand Macau
Ms. Suk Wah Kwok, CIO, Aon Hong Kong Ltd
|
| 17:45 |
Closing Remarks by Chair |
|
|
|
|
|
Remarks: The above agenda is subject to change without prior notice. |
|
|
|
|
|
