Understanding What is New in China Cybersecurity Law and What We Cannot Do (26 Apr 2018)

Understanding What is New in China Cybersecurity Law and What We Cannot Do (26 Apr 2018)

Understanding What is New in China Cybersecurity Law and What We Cannot Do Date: 26-April 2018...

Supporting Event: "Stay Smart, Keep Cyber Scam Away" Seminar (25 May 2018)

"Stay Smart, Keep Cyber Scam Away" SeminarBuild a Secure Cyberspace 2018 Date: 2018-05-25Time:...

(ISC)2 APAC Secure Webinar - Stronger Security Posture through Zero Trust and API Management (9 May 2018)

(ISC)2 APAC Secure Webinar - Stronger Security Posture through Zero Trust and API Management (9 May 2018)

(ISC)2 APAC Secure Webinar - Stronger Security Posture through Zero Trust and API...

  • Understanding What is New in China Cybersecurity Law and What We Cannot Do (26 Apr 2018)

    Understanding What is New in China Cybersecurity Law and What We Cannot Do (26 Apr 2018)

  • Supporting Event: "Stay Smart, Keep Cyber Scam Away" Seminar (25 May 2018)

  • (ISC)2 APAC Secure Webinar - Stronger Security Posture through Zero Trust and API Management (9 May 2018)

    (ISC)2 APAC Secure Webinar - Stronger Security Posture through Zero Trust and API Management (9...

Topic

Developing a responsible disclosure program for SaaS CSPs

Date

22 January 2015 (Thursday)

Time

19:00 - 20:30

Venue

Rm 204, 2/F, Admiralty Centre, 18 Harcourt Road, Hong Kong
(access via the shopping arcade escalators through Exit A, Admiralty MTR Station).

Seats

PISA / (ISC)2 Hong Kong Chapter members , supporting organization or institute.

(1 CPE will be claimed for the (ISC)2 members who complete the whole event with sign in and sign out.)
Registration

Use this Registration Form

Agenda

Outline
How will your organization respond when a 3rd party discovers a security vulnerability in your website or SaaS application? Is this a case for the legal department or should it be handed over to IT operations? You might be worried about reputation loss if the 3rd party decides to release details of the vulnerability to the public. Every organization offering SaaS services should have policies and processes in place to effectively resolve security vulnerability reports. Developing a responsible disclosure program will help you achieve that goal.
Once established, organizations can mature their responsible disclosure policy and procedures by setting up a bug bounty program to invite 3rd parties to discover and report vulnerabilities in your service. This presentation describes how to develop a responsible disclosure program and explains the best practices of working with often very young security researchers.

 

Speaker bio
Since the end of 2012 Erik is working as a security team lead for an innovative Hong Kong based company offering cloud SaaS services. Before his relocation to Hong Kong Erik worked for Cisco Systems, Shell, and various government agencies as a Unix and security contractor.


Agenda
19:00-19:15 - Registration and Networking Time
19:15-19:20 - PISA update and coming activities
19:20-19:30 - PISA Cloud Security SIG update
19:30-20:15 - Developing a responsible disclosure program for SaaS CSPs
20:15-20:30 - Q & A

Organizer - Professional Information Security Association (PISA)
- (ISC)2 Hong Kong Chapter