Strengthening Australia’s cyber security regulations and incentives
Wednesday 11th August, 12:00pm (Perth Local Time)
Location:
Tannhauser HQ @ FLUX
Basement, 191 St Georges Terrace, Perth
In-Person Register Here:
Online Zoom Register here:
Please also make note of the Perth Chapter landing page to keep informed and updated on all that’s happening with local FAIR Institute news.
Background: Home Affairs is currently inviting public submission on ‘ Strengthening Australia’s cyber security regulations and incentives‘. The WA public consultation event is scheduled on Wednesday 11 August and open for registration. The Consultation paper canvases feedback on 28 questions to support three key areas of action and the policy options of voluntary vs mandatory security governance standards.
The consultation process seek submission on how the Australian Government can incentivise businesses to invest in cyber security, including through possible regulatory changes.
Presentation #1
Presentor: Denny Wan
Topic: Responsible Disclosure Policy (RDP)
The consultation process invites submissions on creating stronger incentives for Australian businesses to invest in cybersecurity. Q22 explores the role of policy options for Responsible Disclosure for software vulnerabilities. The paper suggests that RDP is a cost-effective way for businesses to find and address vulnerabilities and financing the research effort through a bug bounty program.
In this presentation, Denny will walk through the proposed RDP options and an overview of the NISTIR 8286 standard and how to could be applied to RDP. This standard was released in Oct 2020 as a blueprint for integrating cybersecurity and enterprise risk management (ERM). It is an effective process for setting clear expectation on cybersecurity management base on the enterprise risk appetite. The Standard explains the role of the enterprise risk appetite statement encouraging organisation to consume good risk in the pursuit of the corporate mission. The intergration process uses risk registers to set out cybersecurity risk and rolling up measures of risk usually addressed at lower system and organization levels to the broader enterprise level. The process produces a clear expection on cybersecurity management from the ERM perspective and enabling transparent disclosure of the organisation cyberrisk exposure and the security of their technology products.
Panel Discussion
A panel of business executives and cyber experts will discuss their views on the Home Affair paper and how they set clear expectations on cybersecurity management in their organisations.
Carl Celedin (Moderator, Founder and Co-Chair of FAIR Institute Perth Chapter)
Carl joins the Perth Chapter as Co-Chair and is looking forward to enhancing the awareness of cyber risk quantification in Perth. As a Board Director and Local Councillor Carl possesses skills in Strategy, Risk & Governance and understands the importance of having controls that deliver the right outcomes for organisations. With 25 years experience spanning industries of Oil & Gas, Construction and Mining, Carl hopes to bring a broad perspective to the committee.
Denny Wan (Chapter Co-Chair)
Denny Wan is a cyber security expert with over 20 years experience in the Australian IT security sector. He is the principal consultant of Security Express and the founder and chair of the Sydney Chapter of the FAIR Institute and Australian Cyber Insurance Think Tank. He has deep expertise in Cyber Risk Economics (CYRIE). It is an effective approach for prioritising cyber security investments and to explain its business values. He is a certified ISO27001 Lead Auditor, PCI QSA and CISSP. He is a postgraduate researcher at the Optus Macquarie University Cyber Security Hub researching into cyber risk management in the supply chains. This is a useful model for managing 3rd party supplier risks under compliance framework such as APRA CPS 234.
Patrick Fair (Principal at Patrick Fair Associates)
Patrick Fair is the principal of Patrick Fair Associates, an Adjunct Professor at the School of Information Technology, Faculty of Science, Engineering and Built Environment at Deakin University, the Chairman of the Communications Security Reference Panel at the Communications Alliance, A member of the IoT Alliance of Australia Security Workstream and General Advisor to and an author and General advisor in relation to LexisNexis Practical Guidance Cybersecurity, Data Protection and Privacy.
Nitesh Patel (Principal at Gilchrist Connell)
Nitesh Patel is a Principal at Gilchrist Connell who leads their Cyber team. He is a cyber and technology specialist who helps businesses limit the pain and loss they suffer from cyber-attacks and technology disputes.
Nitesh acts as a breach coach in response to cyber incidents, advises on notification obligations, corresponds with regulators on queries arising from incidents, acts for clients in litigated technology and cyber security disputes, advises on and drafts technology and cyber insurance policy wordings, and advises clients to improve their data security and breach response frameworks.
He also assists businesses to mitigate risk by advising on privacy and security obligations, developing internal structures to comply with those obligations and drafting agreement terms to protect the business.