FAIR Institute Perth Chapter Meeting - Wed 11th August 12pm (Perth local time)
Strengthening Australia’s cyber security regulations and incentives
Wednesday 11th August, 12:00pm
Tannhauser HQ @ FLUX
Basement, 191 St Georges Terrace, Perth
Online Zoom Register here:
The newly formed FAIR Institute Perth Chapter warmly welcomes you to our August meeting. The FAIR Institute is the home of FAIR – the NIST endorsed cyber risk quantification standard for information security and operational risk. Join us and leading information risk, cyber security and business executives to collaborate on the development and the sharing of industry-leading best practices for quantifying and managing information risk.
Denny Wan (Chapter Co-Chair) will provide a short presentation on the key concepts in NISTIR 8286 and the process of rolling up measures of risk from risk registers.
Background: Home Affairs is currently inviting public submission on ‘ Strengthening Australia’s cyber security regulations and incentives‘. The WA public consultation event is scheduled on Wednesday 11 August and open for registration. The Consultation paper canvases feedback on 28 questions to support three key areas of action and the policy options of voluntary vs mandatory security governance standards.
NISTIR 8286 standard released in Oct 2020 is a blueprint for integriting cybersecurity and enterprise risk management (ERM). It is an effective process for setting clear expectation on cybersecurity management base on the enterprise risk appetite. The Standard explains the role of the enterprise risk appetite statement encouraging organisation to consume good risk in the pursuit of the corporate mission. The intergration process uses risk registers to set out cybersecurity risk and rolling up measures of risk usually addressed at lower system and organization levels to the broader enterprise level. The process produces a clear expection on cybersecurity management from the ERM perspective and enabling transparent disclosure of the organisation cyberrisk exposure and the security of their technology products.
A panel of business excutives and cyber experts will discuss their views on the Home Affair paper and how they set clear expectation on cybersecurity management in their organisations.
NISTIR 8286 standard is an effective approach for setting clear expectation on cybersecurity management base on the enterprise risk appetite
Please also make note of the Perth Chapter landing page to keep informed and updated on all that’s happening with local FAIR Institute news.
We look forward to meeting you in person, but we will have an option to join remotely if you cannot make it to Tannhauser HQ @ FLUX.
Moderator: Carl Celedin (Founder and Co-Chair of FAIR Institute Perth Chapter)
Carl joins the Perth Chapter as Co-Chair and is looking forward to enhancing the awareness of cyber risk quantification in Perth. As a Board Director and Local Councillor Carl possesses skills in Strategy, Risk & Governance and understands the importance of having controls that deliver the right outcomes for organisations. With 25 years experience spanning industries of Oil & Gas, Construction and Mining, Carl hopes to bring a broad perspective to the committee.
Members of the Panel:
Denny Wan (Principal Consultant, Security Express)
Denny Wan is a cyber security expert with over 20 years experience in the Australian IT security sector. He is the principal consultant of Security Express and the founder and chair of the Sydney Chapter of the FAIR Institute and Australian Cyber Insurance Think Tank. He has deep expertise in Cyber Risk Economics (CYRIE). It is an effective approach for prioritising cyber security investments and to explain its business values. He is a certified ISO27001 Lead Auditor, PCI QSA and CISSP. He is a postgraduate researcher at the Optus Macquarie University Cyber Security Hub researching into cyber risk management in the supply chains. This is a useful model for managing 3rd party supplier risks under compliance frameworks such as APRA CPS 234.
Patrick Fair (Principal at Patrick Fair Associates)
Patrick Fair is the principal of Patrick Fair Associates, an Adjunct Professor at the School of Information Technology, Faculty of Science, Engineering and Built Environment at Deakin University, the Chairman of the Communications Security Reference Panel at the Communications Alliance, A member of the IoT Alliance of Australia Security Workstream and General Advisor to and an author and General advisor in relation to LexisNexis Practical Guidance Cybersecurity, Data Protection and Privacy.
Nitesh Patel (Principal at Gilchrist Connell)
Nitesh Patel is a Principal at Gilchrist Connell who leads their Cyber team. He is a cyber and technology specialist who helps businesses limit the pain and loss they suffer from cyber-attacks and technology disputes.
Nitesh acts as a breach coach in response to cyber incidents, advises on notification obligations, corresponds with regulators on queries arising from incidents, acts for clients in litigated technology and cyber security disputes, advises on and drafts technology and cyber insurance policy wordings, and advises clients to improve their data security and breach response frameworks.
He also assists businesses to mitigate risk by advising on privacy and security obligations, developing internal structures to comply with those obligations and drafting agreement terms to protect the business.