(ISC)2 Toronto Security Nexus

Focused on Defining Cybersecurity, join us at (ISC)² Toronto Security Nexus to equip you, our security leaders, with the knowledge and tools necessary to tackle today’s threats, protect your organizations, and advance your career.

(ISC)2 TORONTO SECURITY NEXUS will feature these four topics:

  • Defining the Profession
  • Defining Threats
  • Defining New Technologies
  • Defining Industrial Control Systems and IoT

Why You Should Attend
Here’s your chance to take advantage of educational sessions, keynotes and networking with cybersecurity leaders in government, industry and academia. These tactical, focused learning opportunities will complement your broad understanding of cybersecurity strategies and principles, enabling you to become a more well-rounded, focused and effective practitioner. Learn from the most experienced in our profession while strengthening your organization’s security posture.

The Details

Date: Monday October 7, 2019.

Price: $60 for members and $120 for non-members

Registration: To register for the (ISC)2 Toronto Security Nexus at SecTor visit sector.ca/register and add (ISC)2 Toronto Security Nexus to your SecTor conference registration.

SecTor 2019: Conference sessions take place on Wednesday October 9 and Thursday October 10, 2019. The full conference schedule is now available on our Schedule page.

Venue: The (ISC)2 Toronto Security Nexus at SecTor will be held on Level 700 in the South Building of the Metro Toronto Convention Center (MTCC) in downtown Toronto. More information on how to get there is available at sector.ca/travel.

Who is the (ISC)²

(ISC)² is an international, nonprofit membership association for information security leaders like you. We’re committed to helping our members learn, grow and thrive. More than 130,000 certified members strong, we empower professionals who touch every aspect of information security. Go to www.isc2.org to find out more.

This Course has Sold Out

Agenda

10:00 – 10:10 Opening Remarks
10:10 – 10:40 Session #1: Professional Development Institute: Iron Sharpens Iron
10:40 – 11:00 Break
1100 – 11:30 Session #2: Reporting Cyber Incidents: Why Report to the Police?
11:30 – 12:15 Session #3: Cyber Security: How Much Is Enough?
12:15 – 13:15 Lunch Sponsored by Forescout
13:15 – 13:50 Session #4: An Object-Oriented Approach to Information Security Policy Management Development
13:50 – 14:30 Session #5: Y2Q Problem and its Security and Operational Implications for the Enterprises
14:30 – 15:00 Session #6: How to Move from Always-on Privileged Access to Just-in-Time Administration–& Drastically Reduce Your IT Security Risk
15:00 – 15:15 Break
15:15 – 17:00 Session #7: CISO Panel: Ajay Sood, Edward Kiledjian, Jeff Stark, Bob Gordon
17:00 Closing Remarks

*Timing and content subject to change

Speakers, Sessions, Bios

Below is the line-up for the (ISC)2 Toronto Security Nexus event at SecTor 2019. Expand each one to read more about each speaker and their session.

A look at (ISC)2’s Professional Development Institute (PDI) which aims to provide relevant continuing education opportunities post certification. In this session, we will review PDI initiatives to date, developed content, course types and how (ISC)2 works to identify topics and content to fulfill the learning needs of our membership and security professionals globally. Additionally, we will outline how you can contribute to our industry’s body of knowledge as we guide you through the course development process and how you can get involved in course development for the PDI. We need content experts as “Iron sharpens irons” and we need the best of the best to help us grow our course offerings. Bradley Wells, (ISC)2 CPE Evaluator and Charles Gaughf, (ISC)2 Professional Development Technical Content Lead

Under reporting of crimes is not new but there are new challenges when dealing within cyber related incidents. Business owners and security personnel are under pressure to recover and re-establish business continuity from attacks and reporting to law enforcement is often an after thought. Toronto Police Service has recognized the evolving needs of the public and have brought attention to cyber and online related incidents through dedicated personnel. Through expanding partnerships and outreach programs, Toronto Police Service is spreading awareness of cyber safety. By working collaboratively towards public awareness of incident reporting, we strive for decreased rates of victimization and increased successes of prosecution for online crime. Alpha Chan, Co-Ordinated Cyber Centre, Toronto Police Services

When it comes to reducing cyber risk across the extended enterprise, today’s CISO is being driven to reinvent themselves to address the influx of devices and technologies accessing their networks. Yesterday’s view of cybersecurity is becoming obsolete as organizations and their Boards are demanding measurement of risk in real-time, across all facets of their infrastructure, including a willingness to enforce risk mitigation policies in an automated manner. Join this session to learn how others are embracing device visibility and automated controls to forge forward with confidence to manage this next transformational shift in the security ecosystem.

Advice on costs and benefits of cyber security program for industrial automation and critical infrastructure has become confusing and contradictory. For example, experts on a recent panel were heard to observe all of: “Security is pure cost,” “there has to be an ROI for every one of our security investments, so we use a risk-based approach, but none of the risk calculations are quantitative,” and “it all depends on the risk appetite of your board and executive.” Even more confusing to business leaders: it is always possible to be more secure, or less secure. We know that all for every security defense, there is an offense that will succeed. How then, should we evaluate cyber security funding requests? How can anyone ever know how much is enough? We explore the question “how much is enough” and draw some simple conclusions. We discuss how classic “natural disaster” risk models and other IT-centric security risk models that attempt to quantify the likelihood of attacks are poor fits to physical or cyber-physical security challenges. A good understanding of the characteristics of control system networks, industrial processes, safety systems, protection systems, security systems and attack capabilities are all prerequisites to an effective risk assessment. Assembling all this knowledge and these costs into a simple matrix for business leaders to understand and evaluate is very much possible. Mike Firstenberg, Director, Industrial Security at Waterfall Security Solutions Ltd

An Object-Oriented Approach to Information Security Policy Management Development and management of a security policy framework is difficult. Lengthy documents are often not the best way to convey the message effectively and assure policy compliance. This session will explore the challenges of developing and enforcing a security policy framework, and how moving into a lightweight, object-oriented approach can help to overcome these challenges. Learning Objectives: 1: Understand the challenges of developing and managing a security policy framework. 2: Learn how object-oriented design concepts can help with some of these challenges. 3: Take away a template for information security policy framework you can adapt and use. Pre-Requisites: Understanding of information security governance and policy framework development. Cuneyt Karul, Director of Information Security and Compliance at BlueCat

Quantum computing is an emerging technology that will present significant challenges for information security. Unfortunately, our understanding surrounding this new technology can be foreign and complex for those who are not experts in computer science, engineering, and/or quantum physics. This presentation is based on a knowledge translation project. The objective is to provide a practical introduction to the quantum threat in a clear and understandable manner. The project has three parts: the situation, analysis, and security roadmap. Part one explains what quantum computing is, the quantum threat, the impact on security, some quantum definitions and where quantum development is situated. Part two includes of an analysis of attack scenarios and mitigations and an examination of quantum key distribution, one of many positive impacts quantum computing. Part three is a roadmap that outlines important considerations for information security personnel when dealing with pending quantum threat. Here is the website of the lab: https://www.ryerson.ca/crl and below are my short bio and a small blurb about my lab cybersecurity experts, and is spearheading a crucial and ongoing dialogue with the Information and Computer Technology (ICT) industry in Canada. Dr. Atty Mashatan, CISSP, SOA Certified Architect, Director, Cybersecurity Research Lab, Ted Rogers School of Information Technology Management, Ryerson University

Powerful accounts with always-on privileged access proliferate across enterprises. Privileges for these accounts are always in active mode—for both legitimate use and misuse. But with Just in Time (JIT) Administration organizations can dynamically assign privileges to ensure identities only have the appropriate privileges when. JIT means you can implement a true least privilege model. Dan Deganutti, Beyond Trust

  • Ajay Sood, RVP, Armis
  • Edward Kiledjian, OpenText CISO
  • Jeff Stark, IGM Financial CISO
  • Bob Gordon, Executive Director CCTX

Sponsors