India & SAARC Summit
November 16 - 17, 2021
This virtual summit's agenda will cover Zero Trust, IAM, Ransomware, Privacy, Fraud, Payments, IoT, Cryptocurrency, End Point Protection, Cloud Security and more.
ISMG's geo-targeted, industry-specific, and topic-driven agendas provide actionable education and exclusive networking opportunities with your peers and our subject matter expert speakers.
Lt.Gen (Retd) Rajesh Pant
National Cybersecurity Coordinator
PMO, Govt. of India
Keyur Desai
CIO - Essar Ports & Shipping, Head InfoSecurity - Essar
Essar
TG J Amarasena
CEO
Cert Sri Lanka
Vinit Sinha
Director-Cybersecurity South Asia
Mastercard
Kapil Madaan
Chief Information Security Officer
Minda Corporation Limited
Out of a career spanning over three decades, Mr. Sunder has dedicated 14 years to Reliance Nippon Life, where he has been at the
Chandan Pani
CISO
Mindtree
C Vijayakumar
Head of Information and Cybersecurity
Standard Chartered Bank
I believe as a CISO we need to have attitude of learning and critical way of thinking. Unless you have the habit of acquiring new knowledge it becomes very difficult in knowing the tactics, trend and process of ever growing...
Dr Triveni Singh
SP, Cyber Crime
Uttar Pradesh Police
View Agenda
Cybersecurity Challenges: Sri Lanka's Cyber Roadmap for 2022
TG J Amarasena, CEO, Cert Sri Lanka

Globally, threat intelligence systems have reported a near 40% increase in cyber-attacks since the start of COVID-19, and Sri Lanka, which is rising as a South Asia and a global financial hub, is attracting numerous cyber-attacks due to the large volume of financial transactions.

As Sri Lanka's Cybersecurity Bill gets ready for its launch shortly, the plenary session discusses the cybersecurity challenges the organizations face and the cyber roadmap for 2022 CISOs to build the first line of defense against any attack.

TG J Amarasena
  • 09:15 AM
  • 09:44 AM
Keynote: Establishing Cybersecurity and Resilience for a Post Pandemic Era: Lessons from the Past
Lt.Gen (Retd) Rajesh Pant, National Cybersecurity Coordinator, PMO, Govt. of India

The foremost on the minds of the security practitioners during the year was survival and building resilience. Building a more resilient cybersecurity ecosystem in the post-pandemic era is critical with an appropriate strategy and technology. The keynote will discuss the challenges faced by the enterprises in 2021 with the increased threats, persistent attacks, and malware intrusions against organizations across sectors.

The session will discuss:
How to harness new technologies in securing the digital era
Tactical and strategic initiatives taken by the government in establishing a secure cyber enterprise
A risk-based cybersecurity approach to transform the organization as cyber resilient

Lt.Gen (Retd) Rajesh Pant
  • 09:45 AM
  • 10:14 AM
  • 10:15 AM
  • 10:29 AM
Track A
A Zero Trust Security for the Modern Workforce

The modern workforce is more mobile than ever before. Users and devices can connect to applications from anywhere. The perimeter has shifted from network gateway to endpoint. The requirement arises to protect them everywhere. A Zero Trust security model establishes trust in users and devices through authentication, verification, and continuous monitoring of each access attempt with custom security policies that protect applications. 

The session will discuss:
Enable device posture and compliance through Zero Trust Framework.
Establishing user identity and authentication using a ‘zero trust’ framework
Enforce compliance through security policies to establish continuous validation and monitoring

  • 10:15 AM
  • 10:29 AM
Track B
Protect your network from edge-to-cloud: Convergence of Zero Trust and SASE

The need for enhanced business agility and secure remote access to support the digital transformation to protect the network from edge-to-cloud has led enterprises to adopt the security access service edge, or SASE, model. Organizations are leveraging SASE to establish and enable ‘zero trust’ network access.

With SASE comes the possibility of implementing centralized policy enforcement based on identity at globally distributed points of presence (PoPs).

This approach helps enable ‘zero trust’, a fundamental element of SASE. A zero-trust architecture is built upon the idea of least privilege and is designed to ensure users access specific resources and nothing else.

The session will discuss:
How to offer a unified, integrated solution applied access controls consistently across the endpoints to make ‘zero trust’ a reality
How does it enable enforcing security policies across your network?
Establishing a single, holistic view of the entire network

  • 10:15 AM
  • 10:29 AM
Track C
XDR: A Proactive Approach to Build Effective Access Controls Against Attacks

As enterprises strive to defend against future threats, the new buzz word XDR, a unified security and incident response platform, helps streamline and simplify security management.

This is emerging as a next-generation endpoint environment that requires next-generation defenses.

The session will discuss:
How have the endpoint attack surface and attacks evolved in 2021?
How to enhance SoC capabilities to have proactive warnings of threats?
Where does XDR fit into these?

  • 10:30 AM
  • 10:59 AM
Track A
Using a 'Zero Trust' Approach to Manage and Protect your Endpoints

Endpoints have proven to be the easiest gateway for hackers to infiltrate organizations’ networks. With the advent of remote working in the wake of the pandemic, an increasing number of users access company networks through unverified or unauthorized devices.

The session will discuss:
How conventional methods of endpoint protection and workarounds like VPN proved ineffective in protecting endpoints
CISO strategies to overcome roadblocks in new zero trust implementations
How to apply zero trust in hybrid cloud and work environments

  • 10:30 AM
  • 10:59 AM
Track B
Applying the ‘Zero Trust’ Principles to Secure a Hybrid Cloud

In today's circumstances remote work is up by over 100%, demanding our security and infrastructure capabilities to overnight adapt to this change. Moving to the cloud is not only a good to have practice but a necessity now. But how to ensure data in cloud is not only protected but accessed by the right people. Organizations are trying a 'Zero Trust' in managing security remotely.

This session will discuss:
How to take a 'Zero Trust' approach to secure a hybrid cloud environment
What are some practical challenges of 'Zero Trust' architecture
How to leverage existing investments

  • 10:30 AM
  • 10:59 AM
Track C
Rise in BEC Scams? Applying the Principle of Least Privilege Access

As technology continues to take hold of business transactions, it is of little surprise that the businesses are subject to a host of cyber-attacks, including business email compromise or BEC scams.

One way to reduce the BEC scam's damage is to apply the principle o least privilege and create a detailed enterprise risk management plans that spell out procedures to secure accounts. Giving all employees access to payment information outside of their normal job functions can multiply the problem.

The session will discuss:
Shortcomings in efforts to detect BEC scams
Defining and managing access controls in a non-static environment
The best processes for investigating these scams

  • 11:15 AM
  • 11:44 AM
Track A
Context-based Security: A ‘zero trust’ Approach to Isolate Threats and Insulate Data

Experts say establishing context between security silos is key to a successful ‘zero trust’ implementation. Can organizations set context-based policies that involve all security disciplines, which is the primary step to a ‘zero trust’ strategy? The keynote discusses the promise of a ‘zero trust,’ which offers a framework and plans for securely connecting the right users to the correct data and at the right time under the right conditions, which is critical for establishing the business resilience, with the context being the key.

The session will discuss:
How to get started with the ‘zero trust’ journey
Making sure the access is consistently made available across touch points
Insulate sensitive data from rising malware intrusions using a ‘zero trust’ framework

  • 11:15 AM
  • 11:44 AM
Track B
Enterprise Readiness with IoT Security: Are CISOs Challenged?

Zero Trust has evolved beyond the purview of access management. The advent of Industry 4.0 (soon to be superseded by Industry 5.0), IoT and the proliferation of connected devices have rendered traditional measures like air-gapping practically useless. Creating a Zero Trust architecture requires in-depth understanding of IoT and OT systems connected on the network.

The session will discuss:
Challenges CISOs face in controlling and monitoring connected devices access to protect critical business applications
How to incorporate privileged access to critical IT and OT infrastructure
How to solve the problem of backward compatibility to embrace zero trust?

  • 11:15 AM
  • 11:44 AM
Track C
Dr Triveni Singh
Emerging Cybercrime Trends in Enterprise
Dr Triveni Singh, SP, Cyber Crime, Uttar Pradesh Police

Today's big challenge facing enterprise security is the 'dark web,' an ungoverned and seemingly ungovernable internet area where you can browse and communicate with complete anonymity. By using the dark web and cryptocurrencies, criminals have successfully run the 'cybercrime-as-a-service' model. The business and the security professionals have been able to make minimal if any, impact. What can be done to make your enterprises' cybercrime - resilient', and how should law enforcement respond to this menace.

The session will discuss:
Challenges posed by the Dark web and cryptocurrencies for enterprise security
How is law enforcement responding to the investigation process and building technical capabilities
New techniques and approaches used to combat security threats from the 'dark web

  • 11:45 AM
  • 12:14 PM
Track A
Kapil Madaan
OT/IT Convergence: Security with ‘Zero Trust’
Kapil Madaan, Chief Information Security Officer, Minda Corporation Limited

Most OT systems have been designed with very little consideration for security.  With increased cyber risk in this new digital transformation era, any approach to bridge the IT and OT divide is mission-critical for enterprise security. While a 'zero-trust' approach has proved to be successful for most organizations in an IT environment, how does it work in an OT setup? If you have deployed 'zero trust' for IT, what architectural changes are required for OT?

This session will discuss:
Building complete visibility and monitoring of your IT and OT assets with the right access control
Can a 'zero trust' approach support the OT/IT convergence?
How can zero trust enhance OT security?

  • 11:45 AM
  • 12:14 PM
Track B
Secure Coding and Security by Design: Applying the Principles of ‘Zero trust’

The transition to faster and more flexible DevSecOps and secure coding is challenging for cybersecurity teams. A zero trust architecture can provide security teams the power to manage the security and access control across applications with an independent connectivity layer. Both DevSecOps and ZTA can facilitate rapid and secure app development, promote interoperability, and mitigate threats in a resource-focused manner. But how to leverage ZTA for successful, secure coding?

This session will also discuss:
How are attacks against applications evolving
How to scale up DevSecOps leveraging zero trust framework
How to ensure secure development in a complex deployment environment

  • 11:45 AM
  • 12:14 PM
Track C
Advanced APT Attacks: Building Defense-in-Depth using ‘Zero Trust’ Concept

APTs are responsible for some of the most high-profile security breaches discovered in recent times. Historically, successful APT attacks have had a flat network design. As a result, security operators have to explore proactive security models like micro-segmentation based on the zero-trust architecture that effectively protect data across the enterprise. While zero trust principles doesn't stop the activities of an APT actor, it surely makes it harder to sniff freely around in the network.

The session will also discuss:
How ZTA helps in detection of existing and new threats
How PAM can defend against APT attacks
Ways to leverage existing technologies to prevent APT attacks

  • 12:30 PM
  • 12:59 PM
Track A
A ‘Zero Trust’ Approach to Securing Your CII in a Perimeter less World

Regions across India and SAARC have identified government, healthcare, financial institutions, energy, transport and telecommunications as super critical infrastructure and backbone for countries’ growth. These sectors are the biggest targets for cybercriminals who are waiting to hit where it hurts.  

Embracing a ‘zero trust’ is critical to help secure the blind spots which you don’t want attackers to see. Security experts intend to leverage ‘zero trust’ to modernize legacy systems and enhance productivity and integrate with interconnected devices to provide secure access.

The session discusses:
How to modernize legacy systems and enhance productivity implementing a ‘zero trust’ framework
Ensuring complete visibility and establishing user identity using ‘zero trust’
Implementing a micro-segmentation strategy

  • 12:30 PM
  • 12:59 PM
Track B
Insider Threat: How to Mitigate the Heightened Risk with a ‘Zero Trust’ Approach

A remote workforce. Economic stress. Pandemic fatigue.  These ingredients create a "perfect storm" for insider risk, whether through malicious acts or accident. What can you do to improve monitoring and mitigation of insider risk in these unique conditions?

The session will discuss:
A narrative of how enterprises have been affected by insider risk
How to mitigate the risks posed by malicious and unintentional insider threats
A ‘zero trust’ approach to detecting these threats

  • 12:30 PM
  • 12:59 PM
Track C
Relevance of Cybersecurity Certifications in Changing Threat Landscape

Certifications more relevant than ever: CISOs are not only faced with the challenge of keeping up with the latest types of cyber-attacks, but finding the right skills set for the teams.

Cybersecurity certifications have proven to not only put security professionals on the fast-track to career growth, but also to arm them with the latest in emerging technologies and security practices. Be it CISSP or CISM for aspiring CISOs or CISA and CEH for would-be auditors and pen-testers.

The session will  discuss:
Most sought-after security certifications pertaining to zero trust?
How CISOs can foster learning and certification programs for their security teams?
Analysing tangible benefits and business implications of security certifications

Micro-segmentation Security: Your Key to ‘Zero Trust’

To put into place a ‘zero-trust’ security model with a micro-segmentation strategy, the security teams need to see security is integrated into the workloads for data movement, both internally and in public cloud environments. Experts say understanding the actual behavior of the applications and services running on each system is critical to facilitate the ‘zero trust’ model.

The session discusses:
How to automate ‘zero trust’ micro-segmentation security
How to eliminate lateral movement of attackers with the defined actions
How to establish granular access control policies

  • 01:00 PM
  • 01:14 PM
  • 01:15 PM
  • 01:44 PM
Track B
Vinit Sinha
Payments Security: Remediating Third-Party Risks
Vinit Sinha, Director-Cybersecurity South Asia, Mastercard

Recently, the Reserve Bank of India emphasized the need for payments organizations to manage third-party risks efficiently to prevent fraud and make them accountable for fraud prevention.

In a fireside chat, the CISO of a payments organization will discuss the challenges organizations face with outsourcing activities related to audit, risk management, compliance, and associated functions.

The session will discuss:
Risk mitigation strategies with outsourcing
Need for data localization to manage security and data
Innovations in authentication and access management to establish payments security

  • 01:15 PM
  • 01:44 PM
Track C
IAM: Aligning with ‘Zero Trust’ in Building Authentication

Insider attacks and unauthorized access have resulted in major breach incidents like the ones seen at BigBasket, MobiKwik, and JusPay have reinforced companies to adopt a zero trust approach towards identity and access management. Zero trust has proved its worthiness, but it doesn’t come without challenges. Backward compatibility, costing, integration with multiple cloud platforms and lack of relevant skills have held back organizations from taking the leap.

The session will discuss:
Why a traditional identity and access management approach does not meet present day requirements?
How zero trust can help CISOs redefine access management and eliminate known weak points.
How zero trust can be implemented without impacting turnaround time and ease of access.

  • 01:15 PM
  • 01:44 PM
Track C
Chandan Pani
Keyur Desai
The rise in Ransomware Attacks: A ‘Zero Trust’ Response Strategy
Chandan Pani, CISO, Mindtree
Keyur Desai, CIO - Essar Ports & Shipping, Head InfoSecurity - Essar, Essar

As enterprises across Southeast Asia see a spike in ransomware attacks, practitioners are seriously considering deploying the ‘zero trust’ framework as a response strategy. The objective behind deploying this framework is to ensure that customer IT assets are completely hidden away from the customer. Access will be provided to the internal and external users to what they require.

The panel will discuss use cases:
How does ‘zero trust’ strategy help in preventing ransomware attacks
How to conceptualize the systems and resources to secure user access
Enhancing the threat detection and investigation capabilities with ‘zero trust’

Outlook 2022: Building a Cyber Resilient Enterprise For the Post COVID-19 Era
C Vijayakumar, Head of Information and Cybersecurity, Standard Chartered Bank

These cybersecurity threats are amplified by the ongoing pandemic in the region--increasing phishing attacks, targeted attacks, disruption, distortion, and deterioration. The emergence of technologies such as IoT, skill shortage, insider threats, and cloud movement has posed the most significant risks.

A panel of experts discuss:
Risks posed by increased digitization and cloud disruption;
Use of the right technologies and tools for enhanced security posture;
Use of predictive analytics and active defense in detecting threats;
Cybersecurity investments in 2021

C Vijayakumar
  • 01:45 PM
  • 02:14 PM

Speaker Interviews

November 16 - 17, 2021

India & SAARC Summit