Supporting Event: Joint ICT Christmas Party (14 Dec 2018)

Supporting Event: Joint ICT Christmas Party (14 Dec 2018)

Joint ICT Christmas Party Date:  14 Dec 2018 (Fri)Time:  5:45-7:00pm (registration starts at...

Modern Endpoint Security (5 Dec 2018)

Modern Endpoint Security (5 Dec 2018)

Modern Endpoint Security Date: 5-Dec 2018 (Wed)Time: 7:15pm - 9:00pmVenue: ADC 203, HKU SPACE...

Supporting Event: Building Your Open Source Intelligence Capabilities (7 Nov 2018)

Supporting Event: Building Your Open Source Intelligence Capabilities (7 Nov 2018)

Building Your Open Source Intelligence Capabilities Date:  7 Nov 2018 (Wed)Time:  09:30 -...

  • Supporting Event: Joint ICT Christmas Party (14 Dec 2018)

    Supporting Event: Joint ICT Christmas Party (14 Dec 2018)

  • Modern Endpoint Security (5 Dec 2018)

    Modern Endpoint Security (5 Dec 2018)

  • Supporting Event: Building Your Open Source Intelligence Capabilities (7 Nov 2018)

    Supporting Event: Building Your Open Source Intelligence Capabilities (7 Nov 2018)

Topic

Developing a responsible disclosure program for SaaS CSPs

Date

22 January 2015 (Thursday)

Time

19:00 - 20:30

Venue

Rm 204, 2/F, Admiralty Centre, 18 Harcourt Road, Hong Kong
(access via the shopping arcade escalators through Exit A, Admiralty MTR Station).

Seats

PISA / (ISC)2 Hong Kong Chapter members , supporting organization or institute.

(1 CPE will be claimed for the (ISC)2 members who complete the whole event with sign in and sign out.)
Registration

Use this Registration Form

Agenda

Outline
How will your organization respond when a 3rd party discovers a security vulnerability in your website or SaaS application? Is this a case for the legal department or should it be handed over to IT operations? You might be worried about reputation loss if the 3rd party decides to release details of the vulnerability to the public. Every organization offering SaaS services should have policies and processes in place to effectively resolve security vulnerability reports. Developing a responsible disclosure program will help you achieve that goal.
Once established, organizations can mature their responsible disclosure policy and procedures by setting up a bug bounty program to invite 3rd parties to discover and report vulnerabilities in your service. This presentation describes how to develop a responsible disclosure program and explains the best practices of working with often very young security researchers.

 

Speaker bio
Since the end of 2012 Erik is working as a security team lead for an innovative Hong Kong based company offering cloud SaaS services. Before his relocation to Hong Kong Erik worked for Cisco Systems, Shell, and various government agencies as a Unix and security contractor.


Agenda
19:00-19:15 - Registration and Networking Time
19:15-19:20 - PISA update and coming activities
19:20-19:30 - PISA Cloud Security SIG update
19:30-20:15 - Developing a responsible disclosure program for SaaS CSPs
20:15-20:30 - Q & A

Organizer - Professional Information Security Association (PISA)
- (ISC)2 Hong Kong Chapter