Third party risk has emerged as a key risk for organizations across the globe due to increasing regulatory scrutiny and increase in the number of third-party incidents impacting organizations. Regulators expect organizations to manage third parties – and by extension, fourth parties – in the same way they manage an internal function or division. Third Party refers to any organization-owned or non-organization entity with whom the organization engages in a business relationship. Third party can be anybody external to a company and provides goods or services to the company. Other terms used in this conjunction are Vendor, Supplier, Dealer, associate etc. Third parties continue to be an easy target, as evidenced in major incidents in the last few years. As per, 2018 Taking the Pulse of Third-Party Risk Management Survey by CFC and Aravo, 57% Responders don't have an inventory of all third parties with which they share sensitive information and 74% Believe that Third-Party vendor selection overlooks key risks, with 64% saying that their organization focuses more on cost than security when outsourcing. Significant component for a Third-Party Risk Management (TPRM) framework is identifying and minimizing potential business risks, including regulatory and legal liabilities arising from outsourcing of business functions to third party vendors. Third party risk oversight effort should be driven by third party risk profile covering entire third-party risk spectrum from inception to termination. Organization identify, categorize and prioritize their third-party arrangements. Post analysis of the arrangement, risk exposure of third parties is validated which includes due diligence. Different types of assessments are conducted based on supplier risk profiles and list of requirements are determined to be assessed. Gaps are identified and managed prior to the final sign-off to contract termination. With a plethora of software solutions in the market, selecting & customizing a solution that meets the needs of the business while staying compliant to regulatory requirements is a challenge. Third party risk intelligence and automation can be leveraged to improve efficiency and effectiveness of third-party risk management.

In this talk, we would walk you through the current and emerging healthcare cybersecurity scenario. There would be case studies to demonstrate some of the medical device (possible) hacks. Will also touch upon, how the regulators and industry is adapting to handle these threats.

As fraudsters continually refine their techniques to steal customer's credentials, organizations have found new ways to fight back with new tools that use behavioral bio-metrics and cognitive fraud detection. It is critical to know how cognitive abilities would help in managing risks, compliance and governance as well as help in maximizing detection, reducing false positives and optimizing strong authentication. The session will describe various models used for behavior pattern analysis and demonstrate how this may be integrated into a real-world SOC to achieve a proactive posture. It will address: - Developing a risk framework with cognitive security; - The technological expertise available to detect these anomalies and patterns.

PDPB - Privacy new paradigm for India.

Traceability & Transparency Cyberattacks are one of the key areas of concern for all enterprise without exception to any industry or their market share. Leaders are in continuous tussle to be ahead of the attackers and it requires a huge amount of effort in terms of money, time and change in attitude. This change in attitude has certainly elevated CISO’s position to the board, but it has also come up with its own cons. In an endeavor of fixing the problems in an enterprise, we happen to make many temporary fixes which do not help us in long term. This has lead to a situation, where we have multiple security solutions to prevent same vulnerability or no security solution for many vulnerabilities. Leaders are in a need to device some method to have a transparency across the enterprise, which could help them map vulnerabilities with the existing controls they have in the system and also to the new required controls. This approach will not only increase the ROI but will also enhance the security posture of the organization. However, this problem cannot be resolved by simply documenting the type of controls you have and the vulnerabilities that they help to prevent. We will require bringing more traceability into the system by mapping interactions between business and security teams, which will eventually lead us to Transparency as an output. SABSA is one such methodology/framework, where business decisions are being taken on a risk-driven approach. It helps us by disintegrating the business request into various layers (in the context of security), such that all these interactions are two-way traceable. Business will have a real-time view of their request progress along with how this request is going to influence the security needs of an organization, hence bringing more transparency by traceability.

Several data driven initiatives using Big Data have created novel value for individuals, society and organizations. In recent times, many security issues and privacy concerns have been widely notified in the purview of Big Data. It is also observed that Big Data Analytics on distributed personal data of individuals can provide much needed insight for security and privacy in several domains.

As per Wikipedia, a digital identity is information on an entity used by computer systems to represent an external agent. That agent may be a person, organization, application, or device. ISO/IEC 24760-1 defines identity as "set of attributes related to an entity. In a very simple term, the digital identity is the compilation of information about the entity that exists in digital form. This can be digital attributes of the entity as well as digital activity that carried out by the entity. The digital identity is some sort currency on the web and can be used to give trustworthy access to systems, accounts, online activities etc. But there are challenges in keeping it secure as these are personal attributes and information which may be vulnerable to hacking and exposure. Many organizations are adapting the digital identity to verify their customers and online users to enable business. I will briefly talk about the latest trends in digital identity and challenges in keeping the digital identity secure.

Quantum cryptography seems to be more of physics and less of maths. However, this session will look to unravel some of the key concepts of quantum cryptography, the concepts used and the possible attack surfaces that can take place even in quantum key distribution.