ISMG Events
  • Summits
  • Roundtables
  • Faculty
  • About ISMG Events
  • Contact us

Virtual Cybersecurity Summit: India & SAARC

March 23-24, 2021

Register Now

WELCOME / Summit Overview

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

ISMG, a global industry in information security news, will host its flagship event of 2021 Cybersecurity Virtual Summit: India & SAARC on March 23-24, 2021.

The year 2020 has been chaotic for enterprise security dealing with COVID-19 associated challenges, which also led the practitioners to find new ways to address the cybersecurity challenges in securing the distributed work environment. Experts hope the year 2021 will bring in new vigor as the CISOs are expected to rethink security and risk strategies as the industry is ushering in new forms of threats and also fight the unknown unknowns.

Join our virtual summit to gain expert insight from the stalwarts of the InfoSec industry on the myths and realities about deploying new frameworks and risk mitigation tools, taking a tactical and strategic approach to building cyber defenses in responding to new forms of threats and how to take control of security in this ‘virtual’ enterprise world.

Details

Free Registration

23 and 24 March 2021 at 8:30 am IST

Register Now
For queries, contact:
email at priti.dutta@ismg-summits.com / mahesh.verma@ismg-summits.com

Speakers Associated with ISMG

  • Event Gallery

Justice BN Srikrishna

Former Judge, Supreme Court of India

Brijesh Singh

Inspector General of Police-Training, Govt. of Maharashtra

Loknath Behera

State Police Chief and Director General of Police, Kerala State

Sameer Ratolikar

CISO, HDFC Bank

Ashutosh Jain

CISO, Axis Bank

Bharat Panchal

Chief Risk Officer - India, Middle East and Africa, FIS

Amit Sharma

Director & Advisor (Cyber), Ministry of Defence, GoI

Sridhar Sidhu

EVP-Enterprise Information Security, Wells Fargo

FEATURED SPEAKERS

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Varun Haran

Managing Director, Asia & Middle East, ISMG

Suparna Goswami

Associate Editor, ISMG

Vernon Co

Senior PreSales Consultant APAC, EfficientIP

Bithal Bhardwaj

Group CISO, GMR Group

Mathan Babu Kasilingam

CISO, Vodafone Idea

Mansi Thapar

CISO, Jaquar Group

Sanjay Tiwari

CISO, India Infoline Group

Manoj Abraham

Additional Director General of Police, Kerala Police

Swati Sharma (Swati Anuj Arya)

FSI Compliance Specialist, Amazon Internet Services Private Limited

Sridhar Sidhu

Senior Vice President and Head of Information Security Services Group, Wells Fargo

Pavan Duggal

Advocate, Supreme Court of India and Cyber Law Practitioner

Jeewapadma Sandagomi

Senior General Manager-Enterprise Risk Management, Mobitel (Sri Lanka)

Justice B.N. Srikrishna

Former Judge, Supreme Court of India, and Chairman of the Data Protection Committee

Anshu Sharma

Vice President (Cyber Operations, Management and Response), Wells Fargo

Md.Mahbubul Alam Rafel

Head of Information Security, Prime Bank - Bangladesh

Rajashekar P

Director, ISAC

Srinivas Poosarla

Head - Global Privacy & Data Protection, Infosys Technologies

Yask Sharma

CISO, Indian Oil Corp.

Rishi Rajpal

CISO, Concentrix

Lt. Gen (Retd) Rajesh Pant

National Cybersecurity Coordinator-PMO, GoI

Ashwath Reddy

Principal Consultant, Software Integrity Group, Synopsys

Sameer Raje

General Manager & Head of India, Zoom Video Communications

Commodore T G J Amarsena

CEO, CERT, Srilanka

Draft Agenda / Session Date & Time



  • Tuesday, March 23rd

  • Wednesday, March 24th

  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:30 am -
9:00 am
8:30 am - 9:00 am

Registration & Exhibit Browsing

9:00 am -
9:15 am
9:00 am - 9:15 am

Opening Remarks

9:15 am -
9:45 am
9:15 am - 9:45 am

Keynote: Enterprise Security in an Adaptive Era: Are CISOs Shifting Priorities?

As analysts say, after feeling so defenseless in the face of calamity, enterprises are moving to an adaptive era. With the distributed workforce will come the inevitable discomfort of potentially exposing organizations to cyberattacks if the right precautions are not taken to adapt to this new phenomenon.

Should CISOs start making tough decisions when allocating scarce resources for data security? Since there is no limitless budget and no endless resources, what should they prioritize and how ruthless they need to be.

The session will discuss:

  • Prioritizing and re-calibrating governance and compliance;
  • Setting security priorities with a clear understanding of critical business risks;
  • Harnessing new technologies.
9:45 am -
10:15 am
9:45 am - 10:15 am

Dark Web and Cryptocurrencies: Cybersecurity Nightmare for Businesses and Law Enforcement

Speaker:
Manoj Abraham, Additional Director General of Police, Kerala Police

Today's big challenge facing enterprise security is the 'dark web,' an ungoverned and seemingly ungovernable internet area where you can browse and communicate with complete anonymity. Through the use of dark web and crypto currencies, criminals have been able to very successfully run 'crime-as-a-service' model. The business and the security agencies have been able to make very little, if any, impact.

What can be done to make your enterprises' cybercrime - resilient', and how should law enforcement respond to this menace.

The session will discuss:

  • Challenges posed by Dark web and crypto currencies for enterprise security;
  • How is law enforcement responding to the investigation process and building technical capabilities;
  • New techniques and approaches being used to combat security threats from the 'dark web'.
10:15 am -
10:30 am
10:15 am - 10:30 am

How DNS Becomes the First Line of Defense Against Malware and Data Theft in a ‘Zero Trust’ Approach

Speaker:
Vernon Co, Senior PreSales Consultant APAC, EfficientIP

In this ‘zero trust’ era, DNS remains a favorite target and attack vector due it’s criticality for linking users to apps. 79% of organizations suffered DNS attacks, causing severe impacts such as app downtime. But as it sees almost all traffic intent, DNS is ideally placed to be your first line of defense against malware, ransomware and data theft, overcoming limitations of firewalls and IPS.

The session will discuss how client-based domain filtering and threat intelligence created from real-time analysis of DNS traffic:

  • Improves attack detection, protection and mitigation;
  • Bridges the security ecosystem silos by automating responses;
  • Helps SOCs in detecting and remediating threats more easily.
10:30 am -
11:00 am
10:30 am - 11:00 am Track A

Cloud IAM: An Effective Strategy to Solve the Integration Puzzle

Enterprises traditionally used on-premises IAM software to manage identity and access policies. With companies adopting cloud services, the process of managing identities is getting more complicated. Therefore, adopting cloud IAM solutions becomes a logical step. However, mapping single sign-on users and IAM roles can become challenging as users can have multiple functions that span several cloud accounts.

The session will discuss:

  • How best to manage IAM roles in the cloud;
  • What does cloud IAM include;
  • On-prem IAM Vs. Cloud IAM.
10:30 am - 11:00 am Track B

Security By Design: Protecting the Critical Information Infrastructure from Coding Deficits

As organizations continue to view Security as just a technology issue, CISOs must work with business and technology leaders to design safety into systems, processes, and people from the start.

Adopting a 'security by design' approach and weaving it into the digital transformation road map helps organizations protect critical information infrastructure defend against cyberthreats.

  • 'Security by design' approach for secure coding;
  • The principles and fundamental concepts of 'Security by design;
  • in-depth and least privilege in this approach.
10:30 am - 11:00 am Track C

Tech Spotlight: Enhancing Data Security in a Multi-cloud Environment

As organizations move from hybrid to a multi-cloud environment to experience benefits like accommodating peak usage, minimizing downtime, and avoiding vendor lock-in, they also usher in increased security vulnerabilities. How should the cybersecurity arsenal enhance multi-cloud data security and the technologies that can be harnessed to deliver the security promise?

The session will discuss:

  • How to ensure complete visibility over data;
  • Deploying contextual data leak prevention to help enhance monitoring;
  • Evolving a central management system for improved user access and control.
11:00 am -
11:15 am
11:00 am - 11:15 am

Expo Hall & Networking Break

11:15 am -
11:45 am
11:15 am - 11:45 am Track A

Supply Chain Attacks: Are Enterprises Able to Detect and Respond?

Speaker:
Mathan Babu Kasilingam, CISO, Vodafone Idea

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response.

The session will discuss:

  • How to respond to software-associated supply chain attacks?;
  • Intersection of DevOps and security;
  • Security by design approach to secure software applications and evaluating the third-party products.
11:15 am - 11:45 am Track B

Fireside Chat: Protecting Your Critical Infrastructure: Understanding Dual Sides of Cybersecurity

Speakers:
Bithal Bhardwaj, Group CISO, GMR Group
Rajashekar P, Director, ISAC

Cybersecurity is a two-sided proposition, requiring both defenses of internal networks and operating effectively in the cyber domain. The first side is to secure the networks that are undoubtedly necessary, organizing budgets, deploying people, processes, and technologies to secure the infrastructure. However, the weakest links in the cybersecurity posture are people and the facilities where the sytems are hosted physically. As you can guess, that is the far or second side of cybersecurity, that the teams should not lose sight of the need to couple the defense of their networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats to secure their overall environment. How do you protect your IoT, OT, and SCADA systems against threats? Is there a strategy to deal with the external threats?

A fireside chat will experts discuss:

  • Preventing attacks against using CPTED design;
  • Security by design approach using SQuaRE standards;
  • How does Information Sharing help responding to threats.
11:15 am - 11:45 am Track C

Implementing "Zero Trust": A Practitioner's Approach

Speaker:
Sanjay Tiwari, CISO, India Infoline Group

The biggest challenge for practitioners today is to enable greater flexibility for a remote workforce while being fully compliant and secure. The "zero trust" model can play a critical role, but implementing it is a daunting task, and there's no "one size fits all" approach to making the transition to a zero trust architecture. This session provides a practical approach to adopting zero trust, outlining the strategy, the possibilities for leveraging existing investments and the need for new investments.

This session will also discuss:

  • Improved privileged access management using 'zero trust';
  • Limiting exposure of sensitive data in light of the remote workforce and targeted attacks and new cybercrime scams;
  • A five-step methodology to implementing 'zero trust' and stakeholder engagement.
11:45 am -
12:15 pm
11:45 am - 12:15 pm Track A

Security and DevOps: An effective Integration Process for Enhanced Security

The intersection of DevOps and InfoSec is always considered to be a challenge and often raises questions about why security benefits from combining the two. While most security practitioners understand the need to be part of the development cycle, they always struggle to keep pace as DevOps processes mostly occur outside the purview of information security.

It is imperative to have the intersection of DevOps and InfoSec to prevent hacks similar to the recent SolarWinds. The session will discuss:

  • Why DevOps is a game-changer for security;
  • The different ways to embed security into DevOps;
  • Writing more-secure code to protect applications from cyberattacks.
11:45 am - 12:15 pm Track B

Role of Micro-segmentation in Building a ‘zero trust’ framework

Micro-segmentation is being considered as it is said to create secure zones and moves security away from identifying IP addresses by granting access to users to relevant applications based on their role. It's a core technology for 'zero trust' to create process-level visibility and provide secure access. How challenging is it to make a segmentation of your network as you see more convergence happening?

This session will discuss:

  • How micro-segmentation delivers zero trust;
  • How to address challenges of deploying micro-segmentation;
  • Why can micro-segmentation accelerate cloud adoption?
11:45 am - 12:15 pm Track C

Automation: The Game Changer in Reducing Third-Party Risks

Third-party risks have been the Achilles' heels for organizations for many years now. The recent SolarWinds incident showed the world the impact third party risks can have on companies globally. With the distributed work environment becoming the new norm, it is no longer practical to have a manual process to manage third parties' risks. Automation is the name of the game when dealing with third-party risks as it enables quicker vendor assessments and selection with less downtime.

Automation also helps in promptly resolving newly identified risks with vendors and enables addressing risks on repeatable processes, allowing humans to focus on the most significant threats.

This session will discuss:

  • The need for automation in dealing with the third parties;
  • Tools, technologies, and processes required to assess large-scale risks;
  • Steps to deploy and implement the automation processes.
12:15 pm -
12:30 pm
12:15 pm - 12:30 pm

Networking break

12:30 pm -
1:00 pm
12:30 pm - 1:00 pm Track A

Panel Discussion: Women in IT Security and Privacy: Bridging the Skill Gap

Speakers:
Mansi Thapar, CISO, Jaquar Group
Swati Sharma (Swati Anuj Arya), FSI Compliance Specialist, Amazon Internet Services Private Limited
Anshu Sharma, Vice President (Cyber Operations, Management and Response), Wells Fargo

The ongoing challenges to fill mass cybersecurity job vacancies amid the backdrop of a lack of diversity continues to haunt one of the world’s hottest industries.

According to analysts, we are witnessing the ratio of women rising in the cybersecurity industry growing by 11% year on year.

However, the big challenge is how to retain them and bridge the skill gap and empower them. What are the unique challenges women CISOs face in their journey?

The session will discuss:

  • Changing role of women in IT security and privacy;
  • Essential skills that women prefer to build;
  • Women’s contribution to securing the enterprise – strategic and tactical initiatives.
12:30 pm - 1:00 pm Track B

Securing the Telecom Infrastructure in the Digital Transformation Era

Speaker:
Jeewapadma Sandagomi, Senior General Manager-Enterprise Risk Management, Mobitel (Sri Lanka)

The telecom sector in Srilanka is going through an overhaul to drive digital transformation due to the ongoing pandemic. As a result, the traditional enterprise security role is also going through this change to meet the new technological, social, and business demands and derivatives. It’s become imperative for enterprise security to protect customer data against growing threats and leaks. Enterprises need to delve into adopting the best risk mitigation strategies and harness technologies in getting the data and networks exposed to vulnerabilities.

The session discusses:

  • How to harness new technologies in protecting the telecom infrastructure and customer data;
  • Best risk mitigation practices and framework to secure the ecosystem;
  • Evolving compliance and privacy standards to meet the regulatory requirements.
12:30 pm - 1:00 pm Track C

Right to Privacy: Applying the Principles of Data Protection and Privacy Framework

Speakers:
Pavan Duggal, Advocate, Supreme Court of India
Srinivas Poosarla, Vice President and Head (Global), Privacy & Data Protection, Infosys Ltd.
Justice B.N. Srikrishna, Former Judge, Supreme Court of India, and Chairman of the Data Protection Committee
Md.Mahbubul Alam Rafel, Head of Information Security, Prime Bank - Bangladesh

The issue of balancing ‘Privacy’ with ‘Data Economy’ has once again come to the forefront, triggering a host of debates and petitions by government, human rights activists, CISO, CPO, and legal experts. Some of the challenges the industry is grappling with are fair use of data, the validity of a data privacy consent, balancing security with privacy, use of algorithmic decision making, data sharing with partner entities. It becomes critical to understand how the ‘data protection and privacy framework’, which includes regulation, standards, and policies, can be leveraged to provide privacy assurance to consumers and strike the right balance for the larger public good.

Some of the areas, the panel will deliberate:

  • Right to privacy in the context of data protection and privacy bill;
  • What are the risks of relying on consent as a means to process or share data ;
  • What are the challenges faced on achieving data protection and privacy by use of emerging tech
  • “Implications of data sharing and use by social media conglomerates, for instance, the recent Whatsapp Privacy policy
1:00 pm -
1:30 pm
1:00 pm - 1:30 pm Track A

Vulnerability Management: Evolving a Successful Program

With the COVID-19 throwing up enormous challenges at the CISOs, forcing them to take a good, hard look at viable security projects, the one that tops the list is risk-based vulnerability management. This is the “last mile effort” involved in already joint bulk vulnerability assessment and telemetry and bringing in additional information in the form of threat intelligence.

The session will discuss:

  • How to ascertain which vulnerabilities are likely to be exploited;
  • How to proactively manage risk and make a strategic decision with dynamic and continuous visibility;
  • Discovering the gaps in processes and tools.
1:00 pm - 1:30 pm Track B

Threat Intelligence and Hunting Operations: AI as a New Defense Tool

While organizations invest a lot in gathering data, more often than not, they are not able to utilize the data intelligently. With enterprises, including large ones, facing increasing attacks, efficient threat intelligence can go a long way in using evidence-based knowledge to determine the risk of the system. Today, all AI research efforts are focused on building a specialized Artificial intelligence that can help identify threats faster than before. The current application of AI provides additional analytics horsepower to already existing technologies. AI thus lends to these applications greater effectiveness and value.

Moreover, with cyber attackers also leveraging AI for attacks, security teams need to be prepared even more to counter such intelligent threats and anticipate what is coming. However, deploying machine learning and AI without preparation and ongoing support may make things worse.

This session will discuss:

  • How to evaluate a good feed;
  • How to set the right process for AI-based threat intelligence with suitable algorithms;
  • How to derive actionable threat intelligence using analytics.
1:00 pm - 1:30 pm Track C

DMARC: Authentication to Mitigate the Risk of Domain Spoofing

Phishing attacks are evolving, increasing in number, and becoming more sophisticated every passing year. Unsurprisingly, phishing attacks were one of the top threats to organizations in the year 2020. Even the world’s largest corporations aren’t immune and experience more than 1,000 phishing attacks a month. Several training attempts have failed to solve email’s fundamental flaw – anyone can send an email using someone else’s identity. Phishing attacks have also been the cause of several data breaches leading to loss of intellectual property and loss of brand reputation. Most enterprises have been trying to introduce a DMARC- Domain-based Message Authentication, Reporting & Conformance policy to establish the email authentication standard that enables senders to gain visibility into how their email domains are used and abused.

However, details of implementing DMARC are not widely understood yet. Though DMARC usage has grown exponentially, most of those who implemented DMARC did not get it right.

This session will include:

  • How to get the DMARC deployment right?
  • Use cases in mitigating domain spoofing risk applying DMARC policy;
  • Combatting phishing attacks by complying with the policy.
1:30 pm -
2:00 pm
1:30 pm - 2:00 pm

Panel Discussion: Implementing SASE for Better Security: A CISO's Perspective

Speakers:
Moderator: Geetha Nandikotkur, Managing Editor-Asia & Middle East, ISMG
Sridhar Sidhu, Senior Vice President and Head of Information Security Services Group, Wells Fargo
Yask Sharma, CISO, Indian Oil Corp.
Rishi Rajpal, CISO, Concentrix

The need for enhanced business agility and secure remote access to support digital transformation has led to the adoption of the security access service edge, or SASE, model among enterprises. Some say CISOs now don't have to procure individual discrete security solutions and tie them into the network security layer; instead, they can source from one logical place using the SASE security model.

While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.

While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.

The session will discuss:

  • Factors security teams need to evaluate when considering SASE adoption;
  • How SASE architecture can help safely connect users to the data, applications, and resources;
  • Using a subscription-based model for improved security.
2:00 pm -
2:30 pm
2:00 pm - 2:30 pm

Expo Hall and Networking

View Schedule
  • Hall A
  • Hall B
  • Hall C
  • Hall D
8:30 am -
9:00 am
8:30 am - 9:00 am

Registration & Exhibit Browsing

9:00 am -
9:15 am
9:00 am - 9:15 am

Opening Remarks

9:15 am -
9:45 am
9:15 am - 9:45 am

Keynote: Enterprise Security in an Adaptive Era: Are CISOs Shifting Priorities?

As analysts say, after feeling so defenseless in the face of calamity, enterprises are moving to an adaptive era. With the distributed workforce will come the inevitable discomfort of potentially exposing organizations to cyberattacks if the right precautions are not taken to adapt to this new phenomenon.

Should CISOs start making tough decisions when allocating scarce resources for data security? Since there is no limitless budget and no endless resources, what should they prioritize and how ruthless they need to be.

The session will discuss:

  • Prioritizing and re-calibrating governance and compliance;
  • Setting security priorities with a clear understanding of critical business risks;
  • Harnessing new technologies.
9:45 am -
10:15 am
9:45 am - 10:15 am

Dark Web and Cryptocurrencies: Cybersecurity Nightmare for Businesses and Law Enforcement

Speaker:
Manoj Abraham, Additional Director General of Police, Kerala Police

Today's big challenge facing enterprise security is the 'dark web,' an ungoverned and seemingly ungovernable internet area where you can browse and communicate with complete anonymity. Through the use of dark web and crypto currencies, criminals have been able to very successfully run 'crime-as-a-service' model. The business and the security agencies have been able to make very little, if any, impact.

What can be done to make your enterprises' cybercrime - resilient', and how should law enforcement respond to this menace.

The session will discuss:

  • Challenges posed by Dark web and crypto currencies for enterprise security;
  • How is law enforcement responding to the investigation process and building technical capabilities;
  • New techniques and approaches being used to combat security threats from the 'dark web'.
10:15 am -
10:30 am
10:15 am - 10:30 am

How DNS Becomes the First Line of Defense Against Malware and Data Theft in a ‘Zero Trust’ Approach

Speaker:
Vernon Co, Senior PreSales Consultant APAC, EfficientIP

In this ‘zero trust’ era, DNS remains a favorite target and attack vector due it’s criticality for linking users to apps. 79% of organizations suffered DNS attacks, causing severe impacts such as app downtime. But as it sees almost all traffic intent, DNS is ideally placed to be your first line of defense against malware, ransomware and data theft, overcoming limitations of firewalls and IPS.

The session will discuss how client-based domain filtering and threat intelligence created from real-time analysis of DNS traffic:

  • Improves attack detection, protection and mitigation;
  • Bridges the security ecosystem silos by automating responses;
  • Helps SOCs in detecting and remediating threats more easily.
10:30 am -
11:00 am
10:30 am - 11:00 am Track A

Cloud IAM: An Effective Strategy to Solve the Integration Puzzle

Enterprises traditionally used on-premises IAM software to manage identity and access policies. With companies adopting cloud services, the process of managing identities is getting more complicated. Therefore, adopting cloud IAM solutions becomes a logical step. However, mapping single sign-on users and IAM roles can become challenging as users can have multiple functions that span several cloud accounts.

The session will discuss:

  • How best to manage IAM roles in the cloud;
  • What does cloud IAM include;
  • On-prem IAM Vs. Cloud IAM.
10:30 am - 11:00 am Track B

Security By Design: Protecting the Critical Information Infrastructure from Coding Deficits

As organizations continue to view Security as just a technology issue, CISOs must work with business and technology leaders to design safety into systems, processes, and people from the start.

Adopting a 'security by design' approach and weaving it into the digital transformation road map helps organizations protect critical information infrastructure defend against cyberthreats.

  • 'Security by design' approach for secure coding;
  • The principles and fundamental concepts of 'Security by design;
  • in-depth and least privilege in this approach.
10:30 am - 11:00 am Track C

Tech Spotlight: Enhancing Data Security in a Multi-cloud Environment

As organizations move from hybrid to a multi-cloud environment to experience benefits like accommodating peak usage, minimizing downtime, and avoiding vendor lock-in, they also usher in increased security vulnerabilities. How should the cybersecurity arsenal enhance multi-cloud data security and the technologies that can be harnessed to deliver the security promise?

The session will discuss:

  • How to ensure complete visibility over data;
  • Deploying contextual data leak prevention to help enhance monitoring;
  • Evolving a central management system for improved user access and control.
11:00 am -
11:15 am
11:00 am - 11:15 am

Expo Hall & Networking Break

11:15 am -
11:45 am
11:15 am - 11:45 am Track A

Supply Chain Attacks: Are Enterprises Able to Detect and Respond?

Speaker:
Mathan Babu Kasilingam, CISO, Vodafone Idea

We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response.

The session will discuss:

  • How to respond to software-associated supply chain attacks?;
  • Intersection of DevOps and security;
  • Security by design approach to secure software applications and evaluating the third-party products.
11:15 am - 11:45 am Track B

Fireside Chat: Protecting Your Critical Infrastructure: Understanding Dual Sides of Cybersecurity

Speakers:
Bithal Bhardwaj, Group CISO, GMR Group
Rajashekar P, Director, ISAC

Cybersecurity is a two-sided proposition, requiring both defenses of internal networks and operating effectively in the cyber domain. The first side is to secure the networks that are undoubtedly necessary, organizing budgets, deploying people, processes, and technologies to secure the infrastructure. However, the weakest links in the cybersecurity posture are people and the facilities where the sytems are hosted physically. As you can guess, that is the far or second side of cybersecurity, that the teams should not lose sight of the need to couple the defense of their networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats to secure their overall environment. How do you protect your IoT, OT, and SCADA systems against threats? Is there a strategy to deal with the external threats?

A fireside chat will experts discuss:

  • Preventing attacks against using CPTED design;
  • Security by design approach using SQuaRE standards;
  • How does Information Sharing help responding to threats.
11:15 am - 11:45 am Track C

Implementing "Zero Trust": A Practitioner's Approach

Speaker:
Sanjay Tiwari, CISO, India Infoline Group

The biggest challenge for practitioners today is to enable greater flexibility for a remote workforce while being fully compliant and secure. The "zero trust" model can play a critical role, but implementing it is a daunting task, and there's no "one size fits all" approach to making the transition to a zero trust architecture. This session provides a practical approach to adopting zero trust, outlining the strategy, the possibilities for leveraging existing investments and the need for new investments.

This session will also discuss:

  • Improved privileged access management using 'zero trust';
  • Limiting exposure of sensitive data in light of the remote workforce and targeted attacks and new cybercrime scams;
  • A five-step methodology to implementing 'zero trust' and stakeholder engagement.
11:45 am -
12:15 pm
11:45 am - 12:15 pm Track A

Security and DevOps: An effective Integration Process for Enhanced Security

The intersection of DevOps and InfoSec is always considered to be a challenge and often raises questions about why security benefits from combining the two. While most security practitioners understand the need to be part of the development cycle, they always struggle to keep pace as DevOps processes mostly occur outside the purview of information security.

It is imperative to have the intersection of DevOps and InfoSec to prevent hacks similar to the recent SolarWinds. The session will discuss:

  • Why DevOps is a game-changer for security;
  • The different ways to embed security into DevOps;
  • Writing more-secure code to protect applications from cyberattacks.
11:45 am - 12:15 pm Track B

Role of Micro-segmentation in Building a ‘zero trust’ framework

Micro-segmentation is being considered as it is said to create secure zones and moves security away from identifying IP addresses by granting access to users to relevant applications based on their role. It's a core technology for 'zero trust' to create process-level visibility and provide secure access. How challenging is it to make a segmentation of your network as you see more convergence happening?

This session will discuss:

  • How micro-segmentation delivers zero trust;
  • How to address challenges of deploying micro-segmentation;
  • Why can micro-segmentation accelerate cloud adoption?
11:45 am - 12:15 pm Track C

Automation: The Game Changer in Reducing Third-Party Risks

Third-party risks have been the Achilles' heels for organizations for many years now. The recent SolarWinds incident showed the world the impact third party risks can have on companies globally. With the distributed work environment becoming the new norm, it is no longer practical to have a manual process to manage third parties' risks. Automation is the name of the game when dealing with third-party risks as it enables quicker vendor assessments and selection with less downtime.

Automation also helps in promptly resolving newly identified risks with vendors and enables addressing risks on repeatable processes, allowing humans to focus on the most significant threats.

This session will discuss:

  • The need for automation in dealing with the third parties;
  • Tools, technologies, and processes required to assess large-scale risks;
  • Steps to deploy and implement the automation processes.
12:15 pm -
12:30 pm
12:15 pm - 12:30 pm

Networking break

12:30 pm -
1:00 pm
12:30 pm - 1:00 pm Track A

Panel Discussion: Women in IT Security and Privacy: Bridging the Skill Gap

Speakers:
Mansi Thapar, CISO, Jaquar Group
Swati Sharma (Swati Anuj Arya), FSI Compliance Specialist, Amazon Internet Services Private Limited
Anshu Sharma, Vice President (Cyber Operations, Management and Response), Wells Fargo

The ongoing challenges to fill mass cybersecurity job vacancies amid the backdrop of a lack of diversity continues to haunt one of the world’s hottest industries.

According to analysts, we are witnessing the ratio of women rising in the cybersecurity industry growing by 11% year on year.

However, the big challenge is how to retain them and bridge the skill gap and empower them. What are the unique challenges women CISOs face in their journey?

The session will discuss:

  • Changing role of women in IT security and privacy;
  • Essential skills that women prefer to build;
  • Women’s contribution to securing the enterprise – strategic and tactical initiatives.
12:30 pm - 1:00 pm Track B

Securing the Telecom Infrastructure in the Digital Transformation Era

Speaker:
Jeewapadma Sandagomi, Senior General Manager-Enterprise Risk Management, Mobitel (Sri Lanka)

The telecom sector in Srilanka is going through an overhaul to drive digital transformation due to the ongoing pandemic. As a result, the traditional enterprise security role is also going through this change to meet the new technological, social, and business demands and derivatives. It’s become imperative for enterprise security to protect customer data against growing threats and leaks. Enterprises need to delve into adopting the best risk mitigation strategies and harness technologies in getting the data and networks exposed to vulnerabilities.

The session discusses:

  • How to harness new technologies in protecting the telecom infrastructure and customer data;
  • Best risk mitigation practices and framework to secure the ecosystem;
  • Evolving compliance and privacy standards to meet the regulatory requirements.
12:30 pm - 1:00 pm Track C

Right to Privacy: Applying the Principles of Data Protection and Privacy Framework

Speakers:
Pavan Duggal, Advocate, Supreme Court of India
Srinivas Poosarla, Vice President and Head (Global), Privacy & Data Protection, Infosys Ltd.
Justice B.N. Srikrishna, Former Judge, Supreme Court of India, and Chairman of the Data Protection Committee
Md.Mahbubul Alam Rafel, Head of Information Security, Prime Bank - Bangladesh

The issue of balancing ‘Privacy’ with ‘Data Economy’ has once again come to the forefront, triggering a host of debates and petitions by government, human rights activists, CISO, CPO, and legal experts. Some of the challenges the industry is grappling with are fair use of data, the validity of a data privacy consent, balancing security with privacy, use of algorithmic decision making, data sharing with partner entities. It becomes critical to understand how the ‘data protection and privacy framework’, which includes regulation, standards, and policies, can be leveraged to provide privacy assurance to consumers and strike the right balance for the larger public good.

Some of the areas, the panel will deliberate:

  • Right to privacy in the context of data protection and privacy bill;
  • What are the risks of relying on consent as a means to process or share data ;
  • What are the challenges faced on achieving data protection and privacy by use of emerging tech
  • “Implications of data sharing and use by social media conglomerates, for instance, the recent Whatsapp Privacy policy
1:00 pm -
1:30 pm
1:00 pm - 1:30 pm Track A

Vulnerability Management: Evolving a Successful Program

With the COVID-19 throwing up enormous challenges at the CISOs, forcing them to take a good, hard look at viable security projects, the one that tops the list is risk-based vulnerability management. This is the “last mile effort” involved in already joint bulk vulnerability assessment and telemetry and bringing in additional information in the form of threat intelligence.

The session will discuss:

  • How to ascertain which vulnerabilities are likely to be exploited;
  • How to proactively manage risk and make a strategic decision with dynamic and continuous visibility;
  • Discovering the gaps in processes and tools.
1:00 pm - 1:30 pm Track B

Threat Intelligence and Hunting Operations: AI as a New Defense Tool

While organizations invest a lot in gathering data, more often than not, they are not able to utilize the data intelligently. With enterprises, including large ones, facing increasing attacks, efficient threat intelligence can go a long way in using evidence-based knowledge to determine the risk of the system. Today, all AI research efforts are focused on building a specialized Artificial intelligence that can help identify threats faster than before. The current application of AI provides additional analytics horsepower to already existing technologies. AI thus lends to these applications greater effectiveness and value.

Moreover, with cyber attackers also leveraging AI for attacks, security teams need to be prepared even more to counter such intelligent threats and anticipate what is coming. However, deploying machine learning and AI without preparation and ongoing support may make things worse.

This session will discuss:

  • How to evaluate a good feed;
  • How to set the right process for AI-based threat intelligence with suitable algorithms;
  • How to derive actionable threat intelligence using analytics.
1:00 pm - 1:30 pm Track C

DMARC: Authentication to Mitigate the Risk of Domain Spoofing

Phishing attacks are evolving, increasing in number, and becoming more sophisticated every passing year. Unsurprisingly, phishing attacks were one of the top threats to organizations in the year 2020. Even the world’s largest corporations aren’t immune and experience more than 1,000 phishing attacks a month. Several training attempts have failed to solve email’s fundamental flaw – anyone can send an email using someone else’s identity. Phishing attacks have also been the cause of several data breaches leading to loss of intellectual property and loss of brand reputation. Most enterprises have been trying to introduce a DMARC- Domain-based Message Authentication, Reporting & Conformance policy to establish the email authentication standard that enables senders to gain visibility into how their email domains are used and abused.

However, details of implementing DMARC are not widely understood yet. Though DMARC usage has grown exponentially, most of those who implemented DMARC did not get it right.

This session will include:

  • How to get the DMARC deployment right?
  • Use cases in mitigating domain spoofing risk applying DMARC policy;
  • Combatting phishing attacks by complying with the policy.
1:30 pm -
2:00 pm
1:30 pm - 2:00 pm

Panel Discussion: Implementing SASE for Better Security: A CISO's Perspective

Speakers:
Moderator: Geetha Nandikotkur, Managing Editor-Asia & Middle East, ISMG
Sridhar Sidhu, Senior Vice President and Head of Information Security Services Group, Wells Fargo
Yask Sharma, CISO, Indian Oil Corp.
Rishi Rajpal, CISO, Concentrix

The need for enhanced business agility and secure remote access to support digital transformation has led to the adoption of the security access service edge, or SASE, model among enterprises. Some say CISOs now don't have to procure individual discrete security solutions and tie them into the network security layer; instead, they can source from one logical place using the SASE security model.

While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.

While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.

The session will discuss:

  • Factors security teams need to evaluate when considering SASE adoption;
  • How SASE architecture can help safely connect users to the data, applications, and resources;
  • Using a subscription-based model for improved security.
2:00 pm -
2:30 pm
2:00 pm - 2:30 pm

Expo Hall and Networking

View Schedule

SPONSORS / This Summit's Sponsors

Efficient IP
Rapid7
Sophos
Synopsys
Zoom

VIRTUAL SUMMIT DETAILS / what to expect at our virtual event

View sessions, chat with speakers and technology experts in our Interactive Exhibit & Networking Experience, and browse our Resource Center to download educational assets to review post-summit.

If you miss any live sessions, feel free to log in and view on demand at your own pace. Session recordings will be available in our virtual environment after the agenda has ended.

ISMG Virtual Summit Attendee Guide
For more information please download our ISMG Virtual Summit Attendee Guide.

Meet Our Speakers

ISMG Global Events: 2020 and Beyond

ISMG's SVP of Editorial, VP of Global Events, and Group Director of Custom Events discuss the state of events.

The Critical Importance of Data Integrity

Microsoft's Diana Kelley on How to Keep Data Untampered

Steve Katz on Cybersecurity’s State of the Union

World's First CISO Weighs in on the Technologies and Trends Shaping 2019

The Challenge of Fighting Identity Fraud

IBM's Shaked Vax on Emerging Technologies to Assure Digital IDs

A Common Sense Guide to Mitigating Insider Threats

Randy Trzeciak of CERT Reviews the Latest Research

Register Today

To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.

Register Now
For queries, contact:
email at priti.dutta@ismg-summits.com / mahesh.verma@ismg-summits.com

Contact Us

Reach us: Reserve your attendance today to ensure you don’t miss the opportunity to meet, network and learn from the foremost experts in information security and risk management in this interactive environment.

+1 (609) 356-1499
events@ismg.io

Join the Community

Subscribe to get the latest happenings on our Roundtables, Summits, and other Events!

    • BankInfoSecurity
    • CUInfoSecurity
    • GovInfoSecurity
    • HealthcareInfoSecurity
    • InfoRiskToday
    • CareersInfoSecurity
    • DataBreachToday
    • CyberEd
    Home | Summits | Press Releases | Sponsorship
    © 2021 Information Security Media Group, Corp. |
    Privacy & GDPR Statement | CCPA: Do Not Sell My Personal Data