In Nepal, organizations’ have started to invest on technology and infrastructure, but it’s getting tougher as these organizations have to deal with large volume of critical data. IT Security experts, they know Cyberspace is full of spams, phishing, malwares, botnets, ransomware and spyware, getting sophisticated day by day. Thus, with the intent to raise awareness about Information Security Management process, this workshop was organized on 11th and 12th December, 2015.
This workshop was specifically prepared for those who have operational, managerial and policy making responsibilities in their organizations and designed to update on the art of information security both in terms of theoretical and practical sessions. This provided the chance for hands on experience with the latest techniques and methods prevalent in information security.
The two-day workshop was held at Indreni Banquet and Foodland at New Baneshwor, Kathmandu and the speakers in the workshop were:
Mr. Mukund Pokhrel (CA, CISA)
Information System Expert CA Mukund is CEO and Co-founder of Rigo Information Technology and an expert in Enterprise Applications and Business Process Management. He is also a well-known trainer in Auditing and Fraud Analysis.
Mr. Saroj Lamichhane (CEH, MCSA, CISSP Security)
System Security Expert Saroj is Chief Operating Offiece and Co-founder of Rigo Information Technology and a system security expert with specialization in information security management with more than 8 years’ experience in the security domain.
Mr. Bijay Limbu Senihang (CEH, CISSP)
Information Security Expert, Security Speaker
Bijay is Chief Technology Officer and Co-founder of Rigo Information Technology, has more than 5 years’ experience in the security field. He is also a security speaker and renowned trainer for Certified Ethical Hacker and Information Security.
Mr. Sachin Thakuri (CEH)
Sachin is Head of Research and Development and a security researcher. He has been acknowledged by Facebook, Google, and twitter for finding security issues. He has been in this field for more than 5 years. He has also taken part in Google Def Con Hacking Conference 2015 and Black Hat Security Conference in USA.
The first day of workshop, 11th December 2015 started with the familiarization Information Security and its need in current scenario for every organization. To implement information security, Information Security Governance plays a vital role which was discussed along with emerging security threats such as Advanced Persistent Threats (APT), Denial of Service and Social Engineering. Attackers manipulate these techniques to obtain critical data and information from their target. These techniques were shown in live demo on web application hacking. The top ten vulnerabilities found in Applications and software used in any organization was presented. The countermeasures for those problems were addressed and provided.
The second day of workshop, 12th December 2015, started with discussion for Planning for Security in an organization which acts as a catalyst for IT Risk Assessment and Management. The current scenarios of Malware, Virus, Worms, Spyware, Trojan Horse, Ransomware and Botnet were discussed. Further, the session was on practical demo of System hacking. The live demonstration of how manual Malware analysis was presented along with the automated analysis process. Various things that needs to be addressed during analysis was also delivered in the workshop. Also live demo of how ransonware works, and the mitigation process was also discussed. In case of the information security threats targeting an organization, incident response management must be carried out.
This two-day workshop was an interactive session where the speakers and participants discussed about information security management, IT policy requirement and implementation along with live demonstration of web application and system hacking. The countermeasures were discussed with reference to different case scenarios. Also, incident response management and implementation process were discussed.