Singapore ICS Cyber Security Conference | 2019

Having conducting several security assessment, penetration testing, and security audits, there is a time when we failed the security audits or penetration testing exercise. Worst, is when we failed year after year. Audit reports are written by auditors, penetration testing are conducted by pen-tester, and the person who manages the IACS are the OTs. Reports, results and action items may not address the root cause of the findings. The writer may not have the same experience as the OTs on site. They play different roles with different experiences. I have seen reports that are similar each year from the same organization. Even when governance have been enforced and tracked, yet sometimes things do recurs.

This presentation will discuss:

• Recurring findings of penetration testing exercises
• How to assist the auditors / pen-tester on corrective actions
• Importance of  a Security Baseline

This presentation will help you prepare and defend yourself during audits and penetration testing exercises. Stop recurring findings by reviewing previous reports and implementing long term and short term actions. Making your action plans achievable and not over-promising.  Plus improving your process on developing security baselines and its implementation. With this, you will be able to explain and assist the senior management on the findings and to improve their organizations in coming audit and penetration testing exercise. This will benefit and create more value for the organization during audit and penetration testing exercise.