Is your Website secure enough? What to look for…

 

During this monthly professional development session Brad Ellis will address a commonly asked question – “Is our website secure ?”

While on the surface, this may seem like a simple question, where the answer is expected to be yes or no; more often than not, the answer is “It depends !”.

In order to inform the response to “Is our website secure enough ?”; Brad recommends an architectural approach as this assists in making sure that your business’s needs are identified and implemented; that risks are identified and managed to acceptable levels.

This approach is recommended as every organisation’s website is different, as they support a diverse range of business needs and functions; have multiple internal stakeholders, suppliers, 3rd party code and analytics engines and have thousands of configuration items.

It is important to keep in mind that websites offer the public significant insight into a wide range of your organisation’s security capabilities and processes; and security analysis techniques like passive analysis can discover good and bad practices.

 

CPE Hours

1.5 hours, based on the assumption you have signed the attendance sheet when attending

 

Registration and Admittance

•           Due to our sponsoring partner’s facilities, access requirements and for catering purposes, we request that you register for this event to ensure you are able to attend.

•           Registration to this session is open and free of charge to all current and prospective ISACA members.

•           A registration door prize will be drawn from the list of duly registered attendees.

 

Agenda

·         5.30pm – Registration and session sign-in – required to receive applicable CPE credits

·         6:00pm – START – Welcome, Introductions, Agenda

·         6:05pm – Monthly PD Session, Questions & Answers

·         6:50pm – The Soapbox – Chapter Updates, Announcements and Issues of interest to members

·         7:00pm – 15min Topic presentation

·         7:15pm – Networking opportunity – drinks and finger food to be served

·         8.00pm – Event Ends

 

Location

EY Melbourne Office – 8 Exhibition St Melbourne VIC 3000

 

About the Speaker

 

Brad Ellis is the Principal Consultant of Ellis Network Associates covering all aspects of cyber security. During previous presentations at ISACA’s Melbourne Chapter, Brad earnt a reputation as “The Web Security Guy”. Brad’s clients have remarked on his “No-nonsense approach to security policy enforcement & best practice”. This no nonsense approach is important with high value websites, as a wide range of your organisation’s security capabilities are on public display.

 

Brad has more than two decades of professional experience, with nearly twenty of those years focused exclusively on security in a diverse range of organisations from sectors covering Service Providers, Tertiary Education, State Government, Finance and the Utilities sector. His has many professional certifications, with the most recent addition being the SABSA Chartered Foundation Certificate (SCF).

Influencing the Board – A Fool’s Errand

 

As the information security industry matures and information security increasingly becomes recognized as an important aspect of any enterprise organisation, there is greater and greater drive and aspiration to be able to ‘influence the board’. Whether you’re a partner at a Big4 consulting firm, a small independent business operator or even an internal Security Manager or CISO, attaining influence of an enterprise board is considered to be crucial to the success of any security programme.

 

Unfortunately, this approach is misguided and typically driven as a result of a misunderstanding of what the role of the board and its members are in defining and guiding the strategy of an organization. This typically results in wasted time, effort and precious resources. Worse yet, attempting to influence the board can have unintended consequences and actually impair your ability to effect organisational change.

 

This presentation will help attendees to better understand the role of the board, how boards function and why attempting to influence the board is largely a waste of time. We will also discuss the underlying psychology of influence and why it works; identify appropriate stakeholders within a typical enterprise organisation and how to apply the psychology of influence to those key stakeholders – ensuring that your security programme has the best chance of holistic adoption and ultimately, success.

 

CPE Hours

1.5 hours, based on the assumption you have signed the attendance sheet when attending

 

Registration and Admittance

•           Due to our sponsoring partner’s facilities, access requirements and for catering purposes, we request that you register for this event to ensure you are able to attend.

•           Registration to this session is open and free of charge to all current and prospective ISACA members.

•           A registration door prize will be drawn from the list of duly registered attendees.

Agenda

 

 5.30pm – Registration and session sign-in – required to receive applicable CPE credits

6:00pm – START – Welcome, Introductions, Agenda

6:05pm – Monthly PD Session, Questions & Answers

6:50pm – The Soapbox – Chapter Updates, Announcements and Issues of interest to members

7:00pm – 15min PD Session

7:15pm – Networking opportunity – drinks and finger food to be served

8.00pm – Event Ends

 

Speaker

Craig Searl

 

Craig is Co-Founder and Chief Apiarist (CEO) of Hivint and SecurityColony. Craig has over 15 years of experience in the security industry, working in the finance, government, telecommunications and infrastructure sectors. An alumni of the SIFT and Stratsec organisations, he was heavily involved in their acquisition and transition into BAE Systems Applied Intelligence. Prior to founding Hivint, Craig was the regional leader of BAE Systems’ cyber security business, with management responsibility for up to 150 staff across Australia, Malaysia and Singapore.

 

With a strong technical background, Craig now works with senior executives to better understand how security can provide significant benefits to their business, and implementing and overseeing programs to achieve this.

 

Craig is a Graduate of the AICD’s Company Director’s Course, holds a B.CompSci from The University of Newcastle, is a practicing PCI QSA and a CISSP. Well known in the industry, Craig has appeared on the 7:30 Report and has been quoted in the AFR, SMH, The Age, CSO Magazine and Australian IT on security-related topics. Craig regularly presents at industry and sector-specific conferences, recently including the AusCERT, ACSC, WAckhon, Cyber In Business, Security in Government (Singapore) and CarolinaCon (USA).

Membership & Certification Information Session

Invitation to a FREE Information Session

Tuesday, 18 September 2018

Membership for IT Professionals, Students and Educators

With over 140,000 members and 217 chapters established in over 188 countries worldwide, ISACA is internationally recognised as a high-performing organisation that addresses global, national and local information systems and business issues.

With nearly over 1,100 members in Melbourne from over 200 organisations, ISACA Melbourne chapter offers a tremendous wealth of knowledge, experience and support to our members.Our chapter  hosts monthly professional development sessions on various topical issues in IT security, audit, governance etc. and provides an outstanding forum to network with some of the most talented information systems audit and control professionals in the area.

Types of Membership:

  1. Professional Membership

For Individuals interested in or employed in IT audit, information security risk and IT governance fields, ISACA professional membership equips you with the resources, training and education you need to expand your professional development opportunities.

 

  1. Recent Graduate Membership

For those that have just graduated from a college or university within the last 2 years, ISACA is proud to offer this brand new membership category.  Position yourself for success in your chose field by taking advantage of this unique membership opportunity!

 

  1. Student Membership

Student membership is for individuals currently enrolled full-time in accredited undergraduate and graduate programs. Learn about student qualifications to join. Become a Student Member and connect with industry leaders who can help you reach your career goals.

 

Date              :    Tuesday, 18 September 2018

Time             :    Registration from 5:15pm for a 5:30pm start.   Concludes at 6:30pm

Location       :    Chartered Accountants Australia & New Zealand (Level 18, Bourke Place, 600 Bourke Street, Melbourne 3000)

Cost              :    Registration for this event is FREE.