This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2019 Singapore ICS Cyber Security Conference! (View the full conference website here)

Don’t miss the hottest ICS cyber security event in the APAC region -  Register Now
Back To Schedule
Wednesday, April 17 • 3:00pm - 3:30pm
IACS Security Audit - Why We Failed the Pentest

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Having conducting several security assessment, penetration testing, and security audits, there is a time when we failed the security audits or penetration testing exercise. Worst, is when we failed year after year. Audit reports are written by auditors, penetration testing are conducted by pen-tester, and the person who manages the IACS are the OTs. Reports, results and action items may not address the root cause of the findings. The writer may not have the same experience as the OTs on site. They play different roles with different experiences. I have seen reports that are similar each year from the same organization. Even when governance have been enforced and tracked, yet sometimes things do recurs.

This presentation will discuss:
  • Recurring findings of penetration testing exercises
  • How to assist the auditors / pen-tester on corrective actions
  • Importance of  a Security Baseline
This presentation will help you prepare and defend yourself during audits and penetration testing exercises. Stop recurring findings by reviewing previous reports and implementing long term and short term actions. Making your action plans achievable and not over-promising.  Plus improving your process on developing security baselines and its implementation. With this, you will be able to explain and assist the senior management on the findings and to improve their organizations in coming audit and penetration testing exercise. This will benefit and create more value for the organization during audit and penetration testing exercise.

avatar for Muhammad Reza Shariff

Muhammad Reza Shariff

Industrial Cyber Security Practitioner
Reza is a highly motivated professional with 15 years of experience in IT and information security for Oil & Gas and healthcare industry which includes knowledge on Plant Control System (PCS), Data Control System (DCS) and SCADA systems. He first started off as a Lead Engineer at... Read More →

Wednesday April 17, 2019 3:00pm - 3:30pm GMT+08
Olivia Olivia (Stamford Ballroom)