Natalie van de Coolwijk

SA’s premier information security event, the ITWeb Security Summit, to be held in May, will address pressing issues for infosec practitioners.

South African enterprises are slow to understand that security breaches could cost them literally hundreds of millions of rands, says cyber insurance specialist Natalie van de Coolwijk.

Van de Coolwijk, MD at Cygeist, says specialist cyber insurance companies are starting to spring up in SA as enterprises abroad begin feeling the impact of major breaches.

“Global risk reports are citing cyber crime as one of the top 10 risks companies should be considering, but in South Africa, specialist cyber insurance is a new concept to most,” she says.

Van de Coolwijk will explore these issues during her presentation at the ninth annual ITWeb Security Summit, which takes place at the Sandton Convention Centre from 27-29 May.

Guy Golan, CEO of the Performanta Group, says he believes local enterprises are taking information security increasingly seriously, but in many cases they lack an understanding of practical steps to mitigate risk.

“Recent high-profi le international events and actual breaches with associated financial losses have renewed the focus on information security. For years, the information security industry has been warning of the risk of industrial espionage and hacking, but only now that we see actual incidents resulting in substantial financial losses, are companies taking the risk seriously.”

Golan says these losses, combined with new legislation that makes the board accountable for data security, is driving greater interest in information security from business management too. “We see today that business not only needs to get involved, but it wants to get involved,” he says.

Performanta will present a ‘how to’ track at the conference. Other tailored tracks at the event will cover governance, management, privacy, data protection, and offensive tools and technologies.

INFOSEC INFLUENCERS

International keynote speakers at the event include Jacob Appelbaum, independent computer security researcher, hacker and core member of the Tor project; Christopher Soghoian, principal technologist and senior policy analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union; Charlie Miller, security engineer at Twitter; and Haroon Meer, founder of Thinkst. They will share their global insights around surveillance and privacy, the Snowden revelations and what these mean for SA, and the failures of the infosec community.

Local experts including the Special Investigating Unit’s Jason Jordaan, IBM’s Greg Sinclair and Telkom’s Steve Jump will discuss corruption as it relates to cyber crime, security research pertinent to CIOs, and how best to develop a corporate security framework.

‘HANDS-ON’ WORKSHOPS

This year’s security summit agenda will feature three half-day workshops. Testing Web applications for security vulnerabilities will be covered by Rogan Dawes, assessment team leader, and Jurgens van der Merwe, lead security analyst, both from Sensepost.

Kris Budnik, MD at Slva Information Security, will present a security status reporting workshop, which will take a critical look at the nature, quality and business value of typical security status reports. Sharing real life examples, Budnik will examine what not to do when developing and sharing security status reports, dashboards and/or event or incident data.

Version 3.0 of the PCI DSS has officially been released. The ‘PCI 3 compliance – getting you ready’ workshop will assist delegates to decipher the new requirements, understand the impact and scope of the changes, and prepare their businesses to handle the changes effectively. Michael Aminzade, director: delivery – EMEA and APAC at Trustwave, will lead this workshop.

This three-day event will also include a comprehensive expo.

Investigating Unit’s Jason Jordaan, IBM’s Greg Sinclair and Telkom’s Steve Jump will discuss corruption as it relates to cyber crime, security research pertinent to CIOs, and how best to develop a corporate security framework.

‘HANDS-ON’ WORKSHOPS

This year’s security summit agenda will feature three half-day workshops. Testing Web applications for security vulnerabilities will be covered by Rogan Dawes, assessment team leader, and Jurgens van der Merwe, lead security analyst, both from Sensepost.

Kris Budnik, MD at Slva Information Security, will present a security status reporting workshop, which will take a critical look at the nature, quality and business value of typical security status reports. Sharing real life examples, Budnik will examine what not to do when developing and sharing security status reports, dashboards and/or event or incident data.

Version 3.0 of the PCI DSS has officially been released. The ‘PCI 3 compliance – getting you ready’ workshop will assist delegates to decipher the new requirements, understand the impact and scope of the changes, and prepare their businesses to handle the changes effectively. Michael Aminzade, director: delivery – EMEA and APAC at Trustwave, will lead this workshop.

This three-day event will also include a comprehensive expo.