Speaker:
Jayesh Ranjan IAS, Principal Secretary, Information Technology, Electronics and Communications Department, Government of Telangana

Critical infrastructure - energy, defense and transportation among the components - forms the backbone of a nation's economy, security and health. Hence, it is imperative to secure critical infrastructure elements, such as power grids, communication and finance.

State-sponsored attacks are gaining momentum and sophistication, and a persistent cyberattack on critical infrastructure could play havoc. The challenge, then, is to find new ways to mitigate risks emerging from rising threats to critical infrastructure. The most critical challenge for every region or nation is defining what critical infrastructure is, which needs to be protected at any cost. In addition, while in many ways organizations have created a glass house believing it to be secure, in most cases it is not resilient enough to protect against threats.

This session will discuss:

• What's needed to protect and defend this critical infrastructure;
• What global security guidelines to adopt while protecting the networks;
• Why some classes of technologies could be implemented right away without having to go through some of the legacy challenges.

Speaker:
Anubhav Wahie, Business Manager- Cybersecurity, Cisco India

The Cyber threat landscape has evolved leaps and bounds over the last few years. The discussion on breaches, now at the board room level, is focused on preparedness, predictive intelligence and effective incident response. Leveraging a credible source of threat intelligence is foundational-in addition to its contribution to proactive threat hunting, it provides "relevant" insights to the cyber security operations center.

There is a continuous traction on building incremental capabilities. However, balancing best of breed capabilities with building a strong platform is extremely essential in operationalizing this setup. The platform approach helps with information exchange across vectors, which is critical to effective security operations. Lastly, time to detect and remediate can reduce the extent of impact and its containment. This can be achieved through automation.

This session would discuss:

• Building the first and last line of defense with endpoints
• Using network as a platform to address insider threat detection capabilities
• Leveraging integration capabilities across solution to build a platform
• Elevating SoC effectiveness with "meaningful" and "contextual" threat feeds.

Speaker:
Prakash Padariya, Head - Information Security, GE India Technology Center

Visibility has been a big challenge for every security practitioner. The exponential increase in the volume of incidents as well as the amount of threat intelligence and advisories that a typical security team needs to sift through on a daily basis, along with the increasing sophistication and stealth employed by advanced attackers, makes detecting an intrusion like finding a needle in a haystack. Traditional approaches are failing to effectively scale to address contemporary challenges, and a fresh look at visibility is necessary for active threat hunting, which active defense and cyber hunting can provide. By bringing broad military deception strategies to cybersecurity, deception technology puts the narrative squarely back in the hands of the defender in the event of an intrusion.

This session addresses:

• Making incident response and remediation an active, near real-time process;
• Creating an early warning system that gives practitioners the chance to determine motives;
• Devising a strategy for effectively incorporating deception tech into a security strategy.

Speaker:
Ravi Krishnan MuthuKrishnan, Product Security Architect, Visa

As businesses surge ahead with agile development processes, cloud and DevOps, traditional security can no longer be the show stopper. Security needs to integrate with the DevOps process to ensure responsibility is shared and security is built in.

DevSecOps enables application security testing by the developer and by the tester all the way into pre-production - whether it is static, dynamic or software composition analysis - in a more automated fashion.

This session will review:

• How can security teams work on aligning their incentives with operations and with developers?
• What is the benefit of doing so and what are the challenges?
• What are the regulatory mandates and compliance issues around secure coding?

Speaker:
Yogesh Kulkarni, Professional Services Lead - APAC, Rapid7

Security has always been a price sensitive market, and there are many vendors who meet some of the parameters of managed security services providers' and customers' requirements. But in some cases organizations choose solutions by compromising the features over price. What is the correct balance between the two and what are the basic foundational parameters for choosing the right solution? This session will explore the 'Basic Categorization" on how to choose the right solution to reduce risk, and increase the security posture.

Session will address:

• Common shortcomings of the procurement process
• Basic categorization for choosing the right product
• Finding the balance between cost and functionality

Speaker:
Santhosh Varkey, Manager, Sales Engineering, Sophos

Sophisticated attacks comprise of a combination of delivery of exploit techniques, cryptojacking and exploiting user ignorance, enough to run the wrong program. Next generation threats routinely exploit legacy technologies which fail to identify and response to these threats. Way forward is Next Gen technologies, including deep Machine Learning and coordinated defense .This session will also include a live demonstration of exploit technique and blocking credential theft with machine learning.

Session will address:

• Next generation threat vectors and MO
• Gaps in legacy framework and why they are failing
• How machine learning and coordinated defene are relevant

Speaker:
Sunil Varkey, CISO, Wipro Limited

Cyber threat intelligence is a key cyber risk management enabler, providing the context necessary to inform decisions and action across the business. Whether related to incident response, monitoring and detection, or governance and policy making, well-structured cyber threat intelligence functions serve stakeholders across the business. They ensure that knowledge of current and anticipated relevant threats is provided in relevant formats.

This presentation discusses the role intelligence programs play and steps organizations can take to transform security operations to be intelligence-led. It reviews:

• How cyberthreat intelligence can provide the necessary context to inform security decisions across an enterprise;
• How businesses can transform their security operations to be intelligence-led;
• What needs to be done to infuse threat intelligence capabilities across the organization?

Speaker:
Vinit Goenka, Member Governing Council, CRIS - Center for Railway Information System, Organisation Under Ministry of Railways

The Cambridge Analytica debate throws up tough questions around the need for a strong data protection and privacy regime in India. In an age where privacy regime around the world are being strengthened and becoming more mature, the Indian approach to privacy and data protection remains a non-starter, with a data protection legislation still on the drawing board for the last half a decade. Democracies around the world are suffering from the misuse of personal information being harvested and analyzed, from social media and other sources, political parties to direct their political campaigns and influence the public opinion and the voting process.

The speaker will share deeper insight on the mechanics of how this process works, if it is illegal and why; and more importantly, the implications for the world's biggest democracy if we are not able to understand and address this issue, and put in the correct checks and balances. What does the government need to do to prevent and mitigate this kind of abuse? What are the regulatory requirements to introduce and enforce world class privacy and data protection standards in India?

Session will address:

• How the Cambridge Analytica saga illustrates the power of personal information;
• Why the lack of a robust data protection and privacy law is a grave concern in the Indian knowledge/ Information economy;
• What are the implications for the democratic process;
• What are the regulatory requirements to bring about robust privacy and data protection?
• What is the possible remediation / checks & balances? How can the government prevent breaches of private and sensitive personal information?

Speakers:
Latha Reddy, Distinguished Fellow, East West Institute, New York & Former Dy. National Security and Cybersecurity Adviser of India
Rudra Murthy, CISO, Digital India, Ministry of Home Affairs
Sanjay Sahay, Additional Director General of Police - Cyber, Karnataka Police
Srinivas Poosarla, Head - Global Privacy & Data Protection, Infosys Technologies
Subhajit Deb, CISO, Dr. Reddy's Laboratories

The privacy movement is gathering steam in India, with the Supreme Court recently ruling privacy is a fundamental right of citizens. However, a more immediate scramble is underway is to understand how Indian enterprises have started adapting to GDPR regime.

How has the GDPR mandate impacted Indian organizations, specifically those conducting business with EU nations and handling EU citizens' data? What are some challenges related to compliance with GDPR, and what is expected of organizations in the case of a data breach? What can practitioners expect the implications and impact to be, and how will it change the business imperatives, in the view of the hefty fines GDPR could impose? And what do Indian practitioners stand to learn from the changes taking place in the privacy landscape worldwide?

In this session, a panel of information security, cyber law and privacy experts, moderated by Sanjay Sahay, Additional Director General of Police-Cyber for Karnataka Police, will address:

• How GDPR will impact Indian organizations;
• Which control frameworks and standards for managing data privacy are relevant in India;
• What lessons GDPR can provide for creating a practical privacy framework for India.

Speakers:
Gyana Bardhan Pattnaik, Global Head-Embedded Horizontal & Application Software & IoT, L&T Technology Services
Minatee Mishra, Director, Product Security
Ravikiran Avvaru, CISO, Toyota Kirloskar
Vishal Jaitak, Cybersecurity Leader, GE Digital

The government of India is hopeful that the nation can build a $15 billion Internet of Things industry by 2020. MeitY has been developing standards for operating IoT across technologies and using data security as an enabler for adopting IoT. According to a recent study, India now has 41 IoT use cases, including smart manufacturing supply chain, service operations, transportation/logistics, healthcare, smart governance and smart utilities.

The growing number of IoT devices can potentially provide a direct conduit to some very private and valuable information in your company. In our rush to connect everything, security and privacy are often afterthoughts.

For IoT to become a business enabler in India, security considerations must be adequately addressed. It's essential to take a structured approach to implement security by design, with secure coding and end-to-end encryption of data. Because IoT devices generate huge amounts of data - and protecting data privacy is critical - it's crucial to secure the originating source of the data.

This panel will discuss:

• Creating a security blueprint for IoT projects and devising an architecture;
• How to secure codes at the design stage;
• A collaborative approach with effective team integration;
• The role of blockchain technology in improving security.