Ireland COSAC Connect Melbourne

For 27 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. For the first time, COSAC is going virtual with COSAC Connect going live in September 2020.

View the schedule for our 2-day event or check out our panel of world class speakers ready to bring the COSAC ethos of collaboration and information security wisdom online. Registration is free of charge with sessions spread across world time zones to ensure COSAC continues to deliver value, wherever in the world you are located.

Tuesday 29th September 2020

09:00 BST Introduction & Welcome Speaker(s): David Lynas

David Lynas

Chairman, COSAC (Northern Ireland)

David Lynas is currently enjoying his thirty-eighth year of experience in Information Security, during which he has been invited to provide strategic advice to governments and industry clients on every continent. A globally renowned Enterprise Security Architect, Security Strategist, and Thought-Leader, he is the co-author of SABSA (the world’s leading free-use, open-source Security Architecture Methodology), CEO of the SABSA Institute CEO of David Lynas Consulting.
09:30 BST ​Securing the Digital Transformed World Speaker(s): Siân John MBE

Siân John MBE

Director SCI Business Development, Microsoft (UK)

Siân John MBE is EMEA/APJ Director of Cybersecurity Strategy at Microsoft. She leads a team of chief security advisors in EMEA and APJ who work with Microsoft’s customers as they evolve their security strategy to support digital transformation and cloud adoption. Siân has worked in Cybersecurity for nearly 25 years across strategy, business risk, privacy, and technology. Siân is a recognised thought leader in the industry. She is Chair of both techUK’s CyberSecurity Management committee and...

As organisations go through digital transformation Cybersecurity practices need to evolve to keep up. This half day session will explore some of the challenges and approaches to evolving security risk management to unlock the opportunity of digital transformation by managing and mitigating some of the threats. Topics will include:

-Changing control and risk frameworks – and reporting on risk to support digital transformation

-Identity as a perimeter and Zero Trust Networks

-Forensics and threat hunting in the hybrid cloud world

-Incident response, triage and remediation

-Securing the intelligent cloud and the intelligent edge – IoT, machine learning and hybrid cloud solutions

10:30 BST Using SABSA to Architect Zero Trust Networks Speaker(s): Chris Blunt

Chris Blunt

Security Architect, Aflac NI (Northern Ireland)

Chris is a seasoned cybersecurity professional. He has recently moved to Belfast from New Zealand where he co-founded and ran a highly successful information security and privacy consultancy. He is an exponent of business-driven security and is passionate about delivering pragmatic advice that enables organisations to achieve their business objectives.

In 2014, Google threw away its traditional approach to securing its services and reimagined what security should look like to be truly effective in today's world of distributed teams, systems, and applications.

But is it practical for an organisation without the resources of Microsoft, Amazon Web Service and Google to adopt these concepts?

This session will provide a brief overview of the zero-trust concepts before exploring how SABSA can be used to architect zero-trust networks. Finally, we will discuss the real-world applications of zero-trust, together with some of the challenges and how they might be overcome.

11:30 BST Dependency Modelling in SABSA - Dynamically Visualising Risk Speaker(s): Andy Clark

Andy Clark

Director, Primary Key Associates (UK)

Prof Clark is an acknowledged expert in Cryptography, I.S. Security, Systems Engineering, Information Forensics & Cyber Security. He has worked in the field of Computer and Information Systems Security and Cryptology since 1984 and is a registered expert witness with 20+ years’ experience of presenting computer and information systems evidence in a wide range of criminal & civil cases. He is a co-author of the SABSA Blue Book & was the first recipient of the COSAC award.

Dependency modelling is a way of analysing risks to an enterprise.  It uses a variety of different approaches to describe and predict how different systems components interact and interdepend.  Typically it provides graphical representations of these relationships that help systems engineers design and implement resilient systems.

A dependency model is based on goals and objectives and the prerequisites to satisfy these goals.  It is a positivist, top down approach that contrasts with other models that focus on faults, disasters and failures.

I first learned of Dependency modelling many years ago having been introduced to the subject by Professor John Gordon.  He had developed a toolset specifically designed to help systems engineers, among other things, model risks to critical infrastructure. I was particularly interested in how his techniques were based on 'good' things - goals that he called 'paragons' and the Bayesian engine he developed that enabled you to build a dependency model and then 'drive it in reverse' to infer the most likely elements to cause compromise of each paragon.  It occurred to me at the time that there were great similarities between paragons and SABSA Business Attributes and that, when I had time, I would explore that further.

In this presentation I shall outline John Gordon's excellent work and use some examples to highlight how it can be applied to SABSA Business Attribute-based Dependency Modelling.  I hope it will be of interest to both delegates who are expert in the field and others to whom it is new - my goal is to produce a catalyst for some of us to work together to use Dependency Modelling within SABSA to make the design of resilient business systems easier.

12:30 BST Digital Ethics : A BluePrint For The Future Speaker(s): Valerie Lyons

Valerie Lyons

COO & PhD Scholar, BH Consulting & DCU (Ireland)

I am an accomplished Information Security Risk Manager for the last two decades, with extensive experience at senior management level. I am also a fully qualified executive coach, with a Masters in Business and Leadership. I became aware that industry was becoming hugely focussed on addressing security and privacy through the compliance lens. Seeking to find a more sustainable and effective way to address these risks, I traded my senior management position for the opportunity to undertake a PhD.

Digital ethics, together with privacy, was one of Gartner’s top ten strategic technology trends. In the world of Cybersecurity, we are acutely aware of what privacy means but are we so clear about digital ethics? The current discourse on digital ethics focusses either on the intended ethical breaches resulting in damage to consumer trust – in other words ‘not doing right’ or on the potential misuse of big data and artificial intelligence. However digital ethics reaches far beyond this. With digital ethics comes the added variable of the ethical implications of things which may not yet exist, or things which may have impacts we cannot predict. Organisations continue to struggle to recognize and anticipate the unintended ethical issues associated with digital technologies. For instance, who twenty years ago would have anticipated the ethical issues now associated with current digital technologies such as reduced social skills, addiction, bullying and loss of self-determination - or in a broader digital context - the emerging erosion of democracy and the socio-political divisiveness of national security surveillance?  The biggest challenge right now is in thinking we can regulate digital ethics with compliance type checklists. This is because digital technologies are not neutral; they enshrine a vision and reflect a worldview which cannot be checklisted. What if, instead of checklists we could construct a navigational tool which guides our teams to focus, and refocus, on key areas more likely to be vulnerable to ethical compromise? Drawing on nascent research from the Omidyar Network and Institute for the Future, an overview of the 'Ethical OS' toolkit is presented including an overview of the process of undertaking a digital ethics review and the 8 key risk areas that organisational teams need to focus on. This toolkit doesn’t make an organisation ‘ethical’ but it does provide the organisation with an essential guide for its digital endeavours now and into an unknown future.