Gary Gaskell
[Infosec Services Pty Ltd]
Gary has been a pure play cyber security specialist since 1993.

This career has been built on a masters degree by research in the security field and extensive experience across government and large enterprises. In 2013 his contributions were recognised by the Australian Information Security Association when they awarded him as their Information Security Professional of the Year.

In recent years, he has focused on better ways to communicate cyber risks to the C suite and boards in keeping with the focus of boards in governing cyber security risks.

Gary has served the ICT industry for 28 years. He specialises in cyber security risk management and assurance. He has presented over 50 articles and conference presentations in Australia and internationally. He combines communications and business analysis skills with a detailed knowledge of technical security controls. He served for 17 years on the Standards Australia committee for IT security.

An update on the Cloud Security Alliance for Australia

So every CIO is talking about ‘cloud first’ and every CISO is worried about whether the security of their data in their cloud based services is sufficient. The global Cloud Security Alliance is at the forefront of the security of cloud computing – both for cloud providers and consumers.

The Cloud Security Alliance is revamping their activities for Australia. This presentation will give an overview of the CSA activities in Australia and how you can be involved. It will also present the new Cloud Controls Matrix (v4) and discuss the path forward for engineers and auditors of cloud based services.

Tutorial: Cyber Security Risk Management

There is a great diversity of opinion on where and how best to protect information systems. It is common for so-called “experts” to disagree, sometimes quite fervently. To obtain a clear and consistent view of a sound control environment, the best practice approach is to use risk management techniques. Risk management can ensure that no weak links in the (security) chain are overlooked and the most important issues are made a priority. It also demonstrates to the business why your security program makes business sense.

Risk management is not rocket science, but it is a significant departure from the traditional control and vulnerability based approaches to cyber design and information security management. This tutorial provides practical information and tools to help you conduct an effective information security risk assessment and implement a risk management based security plan to manage security for your organisation.

At this tutorial you will be provided with the skills and techniques to identify, assess and evaluate the priority cyber security risks and to translate the information into a business context for your senior management. This tutorial will assist technologists and IT managers to determine work priorities and to enhance their credibility with senior management. The tutorial includes a workshop that develops a risk assessment for a hypothetical situation.

Spaces Selling Fast!