(ISC)2 HK Chapter AGM cum Feature Talk: The Era of BlockChain and Smart Contract Development (20 Jan 2018)

(ISC)2 HK Chapter AGM cum Feature Talk: The Era of BlockChain and Smart Contract Development (20 Jan 2018)

(ISC)2 HK Chapter AGM cum Feature Talk: The Era of BlockChain and Smart Contract...

Supporting Event: How to get ready for your Cloud Security Certificates (18 Jan 2018)

CSA HKM Knowledge Sharing Event – January 2018 (Special)“How to get ready for your Cloud Security...

[Limited Time Offer] CCSP Online Self-Paced Training Package

[Limited Time Offer] CCSP Online Self-Paced Training Package

CCSP Online Self-Paced Training Package The training package enables you to...

  • (ISC)2 HK Chapter AGM cum Feature Talk: The Era of BlockChain and Smart Contract Development (20 Jan 2018)

    (ISC)2 HK Chapter AGM cum Feature Talk: The Era of BlockChain and Smart Contract Development (20...

  • Supporting Event: How to get ready for your Cloud Security Certificates (18 Jan 2018)

  • [Limited Time Offer] CCSP Online Self-Paced Training Package

    [Limited Time Offer] CCSP Online Self-Paced Training Package

Topic

Developing a responsible disclosure program for SaaS CSPs

Date

22 January 2015 (Thursday)

Time

19:00 - 20:30

Venue

Rm 204, 2/F, Admiralty Centre, 18 Harcourt Road, Hong Kong
(access via the shopping arcade escalators through Exit A, Admiralty MTR Station).

Seats

PISA / (ISC)2 Hong Kong Chapter members , supporting organization or institute.

(1 CPE will be claimed for the (ISC)2 members who complete the whole event with sign in and sign out.)
Registration

Use this Registration Form

Agenda

Outline
How will your organization respond when a 3rd party discovers a security vulnerability in your website or SaaS application? Is this a case for the legal department or should it be handed over to IT operations? You might be worried about reputation loss if the 3rd party decides to release details of the vulnerability to the public. Every organization offering SaaS services should have policies and processes in place to effectively resolve security vulnerability reports. Developing a responsible disclosure program will help you achieve that goal.
Once established, organizations can mature their responsible disclosure policy and procedures by setting up a bug bounty program to invite 3rd parties to discover and report vulnerabilities in your service. This presentation describes how to develop a responsible disclosure program and explains the best practices of working with often very young security researchers.

 

Speaker bio
Since the end of 2012 Erik is working as a security team lead for an innovative Hong Kong based company offering cloud SaaS services. Before his relocation to Hong Kong Erik worked for Cisco Systems, Shell, and various government agencies as a Unix and security contractor.


Agenda
19:00-19:15 - Registration and Networking Time
19:15-19:20 - PISA update and coming activities
19:20-19:30 - PISA Cloud Security SIG update
19:30-20:15 - Developing a responsible disclosure program for SaaS CSPs
20:15-20:30 - Q & A

Organizer - Professional Information Security Association (PISA)
- (ISC)2 Hong Kong Chapter