Took place at Hotel Crystal Crown at Petaling Jaya, Selangor, the seminar aimed at educating the audience on the impact and consequences that arise from cyber attacks in the digital environment that we have become reliant on.
On 27th July 2017, Petaling Jaya – University of Malaysia of Computer Science and Engineering (UNIMY), recently conducted a Cyber Security Seminar for a group of industry professionals and its own students. Speaking to the intimate crowd of close to 30 were Dr. Sean Brian Maynard and Dr. Atif Ahmad, both professors from the University of Melbourne, Australia. Dr. Sean Brian Maynard specializes in security policy, culture, and Sector Education & Training Authority (SETA) while Dr. Atif Ahmad focuses on secure risk management and security strategy.
The seminar was delivered in two (2) parts. First was introduction to issues concerning enterprise security management. Dr Atif touched on trends in information security threats that stem from modern information security strategy. According to Dr Atif, causes for poor security often stem from the following:
4) Lack of awareness and communication within an organization
1) Disagreement on the role of information security between management and IT team.
2) A compliance culture rather than investigate culture, and
3) Lack of awareness on information security and its threats
He also suggested that to overcome those problems senior management must take charge of Information Security if risks were to be mitigated effectively and continuously.
After a short break, the second session resumed with topics on leveraging incident response teams for enterprise security management. In an interactive session, Dr Atif and Dr Maynard shared their experience in the setup and the responsibilities of Incident Response Teams along with the guidelines for security learning.
Dr. Atif pointed out that often companies use the Interactive Response Technology (IRT) System as their first line of defense. While it’s better than having no defence at all but the scope, mission and vision for IRTs prevent them from being an effective antidote to sophisticated attacks. This is due to the fact that IRTs is typically triggered by the occurrence of a potential incident. Or IRT system is created in ad hoc, reactive manner at the time an incident is detected.
Dr. Atif highlighted that, “There are six phases in Incident Response Process: preparations (steady state), identification (declare an incident), containment (start clean-up), eradication (finish clean-up), recovery (back in production) and lessons earned.”