Supporting Event: Certified Information Systems Security Professional (CISSP® ) certification (25 Jun 2018)

Supporting Event: Certified Information Systems Security Professional (CISSP® ) certification (25 Jun 2018)

Certified Information Systems Security Professional (CISSP®) certification Date: 25-29 June,...

Supporting Event: GDPR Hands-on workshop 2018 (26 Jun 2018)

GDPR Hands-on workshop 2018 Date: 26th June, 2018 (Tue)Time: 9:00am - 6:00PM (Whole day workshop...

Supporting: (ISC)2 Online Training Options (Especially for APAC based candidates)

Supporting: (ISC)2 Online Training Options (Especially for APAC based candidates)

1. CISSP Online Instructor-Led Training30 Apr - 27 Jun 2018 (19:00-21:30 | GMT+8)Training Only:...

  • Supporting Event: Certified Information Systems Security Professional (CISSP® ) certification (25 Jun 2018)

    Supporting Event: Certified Information Systems Security Professional (CISSP® ) certification (25...

  • Supporting Event: GDPR Hands-on workshop 2018 (26 Jun 2018)

  • Supporting: (ISC)2 Online Training Options (Especially for APAC based candidates)

    Supporting: (ISC)2 Online Training Options (Especially for APAC based candidates)

Topic

Developing a responsible disclosure program for SaaS CSPs

Date

22 January 2015 (Thursday)

Time

19:00 - 20:30

Venue

Rm 204, 2/F, Admiralty Centre, 18 Harcourt Road, Hong Kong
(access via the shopping arcade escalators through Exit A, Admiralty MTR Station).

Seats

PISA / (ISC)2 Hong Kong Chapter members , supporting organization or institute.

(1 CPE will be claimed for the (ISC)2 members who complete the whole event with sign in and sign out.)
Registration

Use this Registration Form

Agenda

Outline
How will your organization respond when a 3rd party discovers a security vulnerability in your website or SaaS application? Is this a case for the legal department or should it be handed over to IT operations? You might be worried about reputation loss if the 3rd party decides to release details of the vulnerability to the public. Every organization offering SaaS services should have policies and processes in place to effectively resolve security vulnerability reports. Developing a responsible disclosure program will help you achieve that goal.
Once established, organizations can mature their responsible disclosure policy and procedures by setting up a bug bounty program to invite 3rd parties to discover and report vulnerabilities in your service. This presentation describes how to develop a responsible disclosure program and explains the best practices of working with often very young security researchers.

 

Speaker bio
Since the end of 2012 Erik is working as a security team lead for an innovative Hong Kong based company offering cloud SaaS services. Before his relocation to Hong Kong Erik worked for Cisco Systems, Shell, and various government agencies as a Unix and security contractor.


Agenda
19:00-19:15 - Registration and Networking Time
19:15-19:20 - PISA update and coming activities
19:20-19:30 - PISA Cloud Security SIG update
19:30-20:15 - Developing a responsible disclosure program for SaaS CSPs
20:15-20:30 - Q & A

Organizer - Professional Information Security Association (PISA)
- (ISC)2 Hong Kong Chapter