2018 is set to be another year where security breaches litter the headlines. Businesses who are not security-savvy and up to date with best practices, are putting themselves at risk.
With this in mind, the ITWeb Security Summit 2018 is hosting three half-day workshops, to be held on 21 May, at the Focus Rooms in Sunninghill.
An integrated solution
The first workshop, 'The Electronic Handshake: Obtaining GDPR and APAC region privacy and data protection regulatory requirements through an integrated IT compliancy solution', will be held by Gideon Bouwer, a cyber law and criminal law forensic specialist at Cyber Law Forensics.
According to Bouwer, no economic region will be untouched by the implementation of the GDPR in May this year. Organisations across the public and private sectors who engage in the processing of EU citizens privacy information, will have to be GDPR-compliant or face a fine of between 2% and 4% of their total global turnover. "Simply put, if a government or business is not GDPR-compliant, it can result in financial ruin."
This training session will provide delegates with an in-depth knowledge on how to reach GDPR and APAC region privacy and data protection regulatory requirements, through an integrated IT-compliancy solution. It will also cover the uniform requirements of privacy and data protection regulatory requirements, as well as how to comply simplistically and practically. Finally, it will discuss a practical and implementable IT compliancy solution.
Modern attack tools
The second workshop, 'Using Red Team tactics to create Blue Team solutions', will be held by Dr Jayson Street, infosec ranger at Pwnie Express. During this workshop, delegates will learn how to use modern social engineering attack tools and gain a better understanding of physical and network attack vectors.
Classroom hands-on exercises will include basic open-source intelligence (OSINT) skill-building, and risk evaluation of humans. The class exercises, real-world case studies, and demonstrations will emphasise building comprehension of attack techniques that can be used to create awareness programmes.
In addition, attendees will learn how to create a comprehensive strategy to better protect their company and its employees from social engineering attacks.
TLPT
The final workshop, 'Threat Led Penetration Testing', will be facilitated by Stewart Bertram, director, threat intelligence and professional services at Digital Shadows. It will examine what threat-led penetration testing (TLPT) is, and how it can be effectively used to increase the cyber security of an organisation.
This workshop aims to develop the understanding of TLPT through a combination of short theory lectures and practical sessions. Focus areas for the training will include the differences between the surface, deep and dark Web, defining critical functions within an organisation and developing threat-actor profiles.
IT is aimed at non-technical practitioners who wish to gain an understanding of TLPT, cyber-threat intelligence or who aspire to run their own TLPT projects in the future.
Be prepared
"At the end of the day, all businesses can do more when it comes to information security. To avoid expensive mistakes that can not only damage a businesses' bottom line, but it's reputation, security practices should be a top priority," says Angela Mace, CRM and events director at ITWeb.
Moreover, she says, in an evolving threat landscape, with more and more cunning adversaries, organisations need to evolve to handle increasingly sophisticated threats. "With that in mind, security professionals and other, less technical delegates should seriously consider attending this year."
Share