Despite heightened attention and unprecedented levels of security investment, the number of cyber incidents and their associated costs continues to rise. The concern typically revolves around the growing sophistication of malicious hackers and other adversaries, and whether being secure is even possible in today’s rapidly evolving landscape of cyberattacks. Cybersecurity is a broad and ever-evolving discipline. As organisations seek to protect their organisations, it is important to understand how attackers typically achieve their objectives and the cybersecurity capabilities that any organisation should consider building in order to respond to these threats. In this session, we will discuss the following:
- Anatomy of a cyberattack – introducing the cyber kill chain and the steps attackers take to achieve their objectives
- Responding to cyberattacks – layered defence and cybersecurity capabilities, and the shift from prevention to detection
- Cybersecurity capabilities – introducing cybersecurity capabilities and the key features of each capability. These capabilities include cybersecurity management, extended enterprise, application security, infrastructure security, identity and access management, data security and data leakage prevention, threat intelligence, security operations, vulnerability management, incident response and business resilience
- Review the anatomy of a cyberattack – introducing the cyber kill chain, and the steps attackers take to achieve their objectives
- Respond to cyberattacks – layered defense and cyber security capabilities, and shift from prevention to detection
- Identify Cybersecurity capabilities and the key features of each capability
- Aspiring, New and Experienced Directors
|Virtual Classroom Format|
|Interactive Facilitated Learning|
Ho Siew Kei
Executive Director, Risk Advisory – Cyber Risk, Deloitte Malaysia
Ho Siew Kei is an Executive Director within Deloitte’s Risk Advisory practice in Malaysia. He has more than 18 years of experience in risk and controls encompassing IT audit and advisory, and cybersecurity assessments services for clients in various industries, focusing on clients in the banking and insurance industries.
Previously, he spent 7 years in the United Kingdom – in an IT Risk & Compliance role for a major financial institution and as a Manager in another big 4 professional services firm based in London.
In his current role, Siew Kei manages vulnerability assessment engagements, and cybersecurity maturity and compliance assessments for Malaysian companies, focusing on financial services.
His qualifications and professional affiliations include Cybersecurity Audit Certificate, ISACA; Certified Information Systems Auditor (CISA), ISACA; Certified Practising Accountant (CPA), CPA Australia and Certified Information Systems Security Professional (CISSP).
Tuesday | 16 June 2020 (Facilitator: Ho Siew Kei)
|Module One||Background to cyber-attacks||30 minutes|
|Module Two||Anatomy of a cyber-attack & cyber kill chain||45 minutes|
|Module Three||Case studies: examples of cyber-attacks from the viewpoint of the cyber kill chain||30 minutes|
|Module Four||Introducing cybersecurity capabilities||30 minutes|
|Module Five||Describing the features of core capabilities||45 minutes|
*The duration excludes introduction & housekeeping and virtual breaks
|Lecture, case-studies, discussion, polling|