Asia-Pacific Information Security Leadership Achievements - ISC

Sponsored by:Asia-PacificInformation SecurityLeadership Achievements17 July 2012 . Hilton Tokyo Hotel . Tokyo, Japan

Ministry of Internal Affairs & CommunicationsI would like to express my sincere respect to (ISC) 2 for their great efforts andcontributions toward fostering information security professionals through theirrenowned certification and education programs.I’m very pleased that the sixth annual Asia-Pacific ISLA celebration is being hostedin Japan this year. I would also like to extend to all of you my warmest welcome.With the recent rapid progress in ICT and various online services, growing threatsto information security have become increasingly complex and now easily affectother fields. Therefore, ensuring that information security is recognized as one ofthe most urgent priorities to address throughout the world is crucial. Establishing asafe and secure online environment can be realized through collaboration amongstthe government, the private sector, experts, and general users, and it is essentialto that end, to develop outstanding information security human resources from aglobal perspective. These individuals will play a key role in each institution and/orwill engage in raising our citizens’ awareness. Because ultimately, the prevention ofinformation security threats occurring across borders depends on the specialistswho actively use and protect our technologies.I am sure that the ISLA program, which honors contributions to the improvementof the information security workforce, will encourage and motivate the nextgeneration charged with leading this field. I also expect this event to provide aprecious opportunity for information security professionals from the Asia-Pacificregion to expand and deepen their perspectives and knowledge by networkingwith other global leaders.Lastly, I would like to express my appreciation and congratulations to all ofthe honorees here tonight for their efforts and contributions, and wish for thecontinued success of ISLA in the years ahead.Mr. Yasushi Sakamoto, Deputy Director-General of Minister’s Secretariat forInformation and Communications Bureau, Ministry of Internal Affairs andCommunicationsMinistry of Economy, Trade and IndustryI am honored to be here this evening to celebrate the achievements of securityprofessionals and practitioners who are committed to improving the securityposture of the systems, infrastructures, and devices that we rely on every day. I praise(ISC) 2 for creating this opportunity to publically recognize the often behind thescenes work of Asia-Pacific’s information security leaders through the ISLA program.Last year’s unfortunate natural disasters caused subsequent security incidents thatmade us rethink our strategies and policies for protecting Japan’s information assets.In fact, immediately following these incidents, we established taskforces to evaluateand improve national security strategy, including security workforce development.Although plans have been developed and some already implemented, they willonly be effective long-term if government, industry stakeholders, academia, securityexperts, and our citizens work together with a cohesive, secure mindset. I commend(ISC) 2 for increasing the number of qualified information security professionalsthrough its credential and education programs in Japan and worldwide.We share (ISC) 2 ’s mission to equip securityprofessionals with the knowledge and skillsnecessary for mitigating the most prominentthreats of the present and the future. Ibelieve in the recognition that this programprovides in this industry, as it serves asa catalyst to motivate the workforceto strive for excellence worthy ofrecognition throughout their careers.Lastly, I congratulate all of this year’shonorees, and hope you enjoy theevening of celebrations. I encourage youto take advantage of this networking andknowledge sharing platform in an effort tocontinuously improve your skill sets and career.Best wishes for the continued success of theAsia-Pacific ISLA program for years to come.Mr. Toru NakayamaDeputy Director-GeneralCommerce and Information Policy BureauMinistry of Economy, Trade and Industry- 4 - - 5 -

About (ISC) 2 ’s Information SecurityLeadership Achievements ProgramThe Asia-Pacific Information Security Leadership Achievements (ISLA) programis held annually by (ISC) 2 in cooperation with the (ISC) 2 Asian Advisory Board torecognize outstanding leadership and achievements in workforce improvement andpublic awareness of information security professionals throughout the Asia-Pacificregion in the following categories:Senior Information Security Professional(examples include: CSO, CISO, information security manager or senior securitymanager with significant information security management responsibilities)who has significantly contributed to the enhancement of the informationsecurity workforce by demonstrating a leadership role in any informationsecurity workforce improvement initiative, program or project. Candidatesin this category typically should have at least ten years of work experience,seven of which are directly related to information security.Managerial Professional for an Information Security Project(non-information security professional examples include: CIO, CFO, program/project manager, etc.) who has significantly contributed to the enhancementof the information security workforce by demonstrating a leadership rolein any information security workforce improvement initiative, program orproject in the last 12 months. Candidates in this category typically shouldhave at least ten years of work experience and occupy a senior-level positionwithin their organization.Information Security Practitioner(examples include: managing a security awareness and training program,conducting difficult, complex security evaluations, etc.) who has distinguishedhim/herself for implementing and/or managing the implementation of acomponent of a security program. Candidates in this category typically shouldhave at least six years of work experience, three of which are directly relatedto information security.Special Recognition – “Community Service Star”In an effort to bolster public awareness of information security throughoutthe region, the Asia-Pacific ISLA program will recognize an honoree who hassignificantly contributed to building or broadening security awareness withintheir community or beyond within the last 12 months.History of the ISLA ProgramThe ISLA program began in 2007 after the success of our U.S. GovernmentInformation Security Leadership Awards (GISLA). The goal of the program is torecognize outstanding leaders for their workforce improvements, initiatives andinnovations within the Asia-Pacific region. (ISC) 2 ’s mission is to raise publicawareness of information security on a global scale.Testimonials:‘I’ve attended Asia-Pacific ISLA gala dinners in the past and have always beenimpressed by the high benchmark that the pioneers from this region set. Thisyear, it is an honor for me to meet with peers from diverse information securityprofessions and geographical locations. I look forward to addressing tonight’sdignitaries, honorees, and guests in Tokyo.’- Prof. Howard Schmidt, CISSP, CSSLP, Former Special Assistant to thePresident, Cybersecurity Coordinator for President Obama‘I welcome all dignitaries and 2012 honorees to this year’s AP ISLA gala dinner,held in my home country of Japan. I congratulate the remarkable achievementsand contributions of the honorees to the information security profession. Your visitto Japan is also an encouragement to the Japanese people and our economyafter the tragic natural disasters in 2011.’- Prof. Hiroshi Yasuda, Dr.E., CISSP, Asian Advisory Board, (ISC) 2‘I was honored to be part of the celebration in 2011. The ISLA recognition hasgiven me the credentials to back up my belief that we, information securityprofessionals, really make a difference for the community at large. For that, wethank (ISC) 2 for making an effort in honoring our peers.’- Chiung-ying (CY) Huang, CISSP- ISSAP, ISSMP, Director, Information SecurityOperations of Acer e-Enabling Data Center, Acer Inc., 2011 ISLA Senior InformationSecurity Professional Showcased Honoree‘I commend (ISC) 2 for continuously recognizing the true professionals of thisindustry for six years. Receiving the recognition from ISLA is exciting and verysignificant for me who work for the media industry. I will keep reinforcing myefforts to provide the community at large with updated information about theimportance of information security.’- Soyoung Choi, Vice President, Media Group Infothe, South Korea, 2011 ISLAManagerial Professional for an Information Security Project Category ShowcasedHonoree & Community Service Star- 8 - - 9 -

ISLA•2011Jakarta, Indonesia- 10 - - 11 -

(ISC) 2 Asian Advisory Board MembersDr. Ir. Cahyana AhmadjayadiSenior Expert to the Minister for Politics and SecurityMinistry of Communications and Information TechnologyINDONESIADr. Ir. Cahyana is currently senior advisor to the minister for politics and security for theministry of communications and information technology, and is also on the Board ofCommissioners for Bank Mandiri, the largest bank in Indonesia.He has been instrumental in completing the first Cyber Law in Indonesia – TheInformation and Electronic Transaction Act (UU ITE No 11 Tahun 2008). He also servesas an executive team member for the National ICT Council, providing ICT directionfor Indonesia.He earned a master’s degree in law and a Ph.D. in cyber law from Padjadjaran University.Apart from TCS, his previous experience was with PT Infotimur Sistimatama, Jakarta,Indonesia and CMC Ltd, New Delhi.Sanjay is and has been a member of various security committees at national andinternational levels and is the winner (from a list of global nominations) of theprestigious and coveted Alliance for Enterprise Security Risk Management’s secondannual Excellence in Security Convergence and Contribution to Enterprise Risk ManagementAward for 2007. He also won the Microsoft Security Strategist Award 2007 in the IT /ITeS and telecom category in India. Sanjay is an advisory board member for the Centrefor Strategic Cyberspace + Security Science headquartered in London, UK. Sanjay is aregular speaker and has written papers for industry and academic forums.Prinya Hom-anek, CISSP, CSSLP, SSCP, SANS GIACGCFW, CGEIT, CRISC, CISA, CISMPresident & FounderACIS Professional CenterTHAILANDSanjay Bahl, CISM, CIPP/ITAdvisory Board Member of the Centre for Strategic Cyberspace+ Security Science, Senior ConsultantINDIASanjay Bahl is a senior consultant providing consultancy in the areas of governance, risk,compliance, security, and privacy for a national-level project in India.Until recently, he was the CSO for Microsoft Corporation (India) Pvt. Ltd. where hewas responsible for interaction with government, academia, key strategic accounts, andthe CxO community, with respect to Microsoft’s security strategy and public policydirection.He has been in the IT industry since 1984 with experience in various areas. He wasresponsible for development of the Middle East operations for TCS as the regionalmanager, European service delivery manager, and CIO for Hughes Telecom (India) Ltd.on secondment from TCS. Prior to TCS, he developed and executed large and complexsoftware and turnkey projects, product evaluations, and sales and marketing initiatives.Mr. Prinya Hom-anek has over twenty years of IT and information security specialisttraining experience in network and data communications, Internet and network security,information security, fraud and forensic investigation, penetration testing, ISMS, andgeneric information security consulting in both public and private sectors. He foundedand serves as the president for the most successful information security training,consulting, and managed security service providers in Thailand – ACIS ProfessionalCenter (ACIS). He is recognized as one of Asia-Pacific’s leading information securityprofessionals.Mr. Hom-anek currently serves as a senior committee member on various boards,including the (ISC) 2 Asian Advisory Board, ISACA Thailand committee, and ThailandInformation Security Association (TISA) committee. He has published more than 130information security articles in magazines and newspapers. He is frequently invited toappear on TV and radio program in Thailand, providing his expert opinion on informationsecurity-related topics.Mr. Hom-anek is also a senior IT and information security consultant for many of Thailand’sgovernment departments and agencies as well as several major banks. Mr. Hom-anekhas provided consultancy for many international organizations and is a visiting lectureron information security and IT audit topics at a number of universities and collegesthroughout Thailand.- 12 - - 13 -

YBhg. Lt. Col. Dato’ Husin Jazri, CISSP, CBCPChief Executive OfficerCyberSecurity MalaysiaMALAYSIAHusin Jazri has more than twenty years of experience in information and communicationsystems security, obtained from a long-time military career and his work with researchinstitutions and government agencies in Malaysia. He is currently the Chief ExecutiveOfficer of CyberSecurity Malaysia, an agency under the Ministry of Science, Technologyand Innovation, Malaysia (MOSTI).He holds a bachelor’s degree in engineering from the University of Hartford, Connecticut,U.S.A., a post graduate degree in system analysis from University of ITM, Malaysia, amaster of science degree (with distinction) in information security from Royal HollowayUniversity of London, U.K., and a master of business administration degree from theUniversity Putra Malaysia. Col. Husin Jazri has been a visiting lecturer at the Universityof Technology Malaysia since 2004.He was a member of the (ISC) 2 Board of the Directors from 2006-2008, chairpersonof the Asia-Pacific Computer Emergency Response Team (APCERT), chairperson ofthe Malaysia IT Security Association from 2003–2007, and vice president of Institutefor Mathematical Research, University Putra Malaysia (UPM) from 2006-2008.He is currently a member of the (ISC) 2 Asian Advisory Board, chairperson of theOrganization of Islamic Countries Computer Emergency Response Team (OIC-CERT),and chairperson of the Malaysian Vocational Advisory Committee – Information andCommunication Technology (ICT) and Department of Skills Development, Ministry ofHuman Resources.Husin Jazri was the 2009 Showcased Honoree for (ISC) 2 ’s Asia-Pacific Information SecurityLeadership Achievements in the senior information security professional category and therecipient of the prestigious (ISC) 2 Harold Tipton Lifetime Achievement Award in 2010. Col.Husin received the 2010 ASEAN Chief Security Officer Award, Vietnam and the MalaysiaComputer Industry Leadership Award 2010.Ryan (Yong-Nam) Kang, CISSP, CISA(ISC) 2 Korea Chapter PresidentSenior DirectorHewlett PackardSOUTH KOREARyan (Yong-Nam) Kang has been working as an IT services & security professional foreighteen years. He is currently (ISC) 2 Korea chapter president and senior director ofHewlett Packard, supervising printing & personal system business in Korea.For the past 5 years, he has been devoted to growing the CISSP community in Korea.In the beginning of 2012, the CISSP community of Korea became the first official (ISC) 2Chapter in the world, with over 3,500 CISSPs.He started his career at LG as a Software Researcher in 1994 and as an IT Consultantat Hewlett Packard for over ten years, he has been leading the IT security industry ofKorea in evolving the mobile Internet environment.Mr. Kang holds a master’s degree in computer science from Pusan National Universityof Korea. He also completed the visiting scholar’s program at the School of InternationalRelations & Pacific Studies at UC San Diego, U.S.A.Wang Jun, CISSP, CISAChief Engineer, Research FellowChina Information Technology Evaluation CenterCHINA- 14 - - 15 -

Haruto Kitano, CISSP, JGISP, BS7799 Lead AuditorProduct Business Development DirectorOracle Corporation JapanJAPANSecurity and Audit Committee, the Office of Supreme Public Prosecutor’s advisoryboard; and the Ministry of National Defense Advisory Board. He received three majormedals and presidential awards from the South Korean government and the Legionof Merit Medal from the U.S.A. His writings and published books include InformationSystem Audit Manual, Guidelines for Information Systems Security, System SecurityManagement and Cyber Warfare.Haruto Kitano has been working for Oracle Corporation Japan since 2001, and waspromoted to product business development director in 2006, focusing on databaserelated security.He is currently a committee member of the Database Security Consortium in Japan, amember of the Common Criteria Task Force at IPA (sub-organization of Meti / Japanesegovernment), and Asian Advisory board member of (ISC) 2 . Mr. Kitano has been a vocalprofessional within the IT security industry in Japan. He is also a researcher at SecureSystem Laboratory of Institute of Information Security (IISEC), which is the first Japanesegraduate school specializing in information security.Greg Mazzone, CISSP, CISAAUSTRALIAThroughout his career, Greg has undertaken a diverse range of IT and IT securityrelated consultancies, reviews, and audits in the commonwealth, state and local levels ofgovernment, as well as in the private sector.Dr. Jae-Woo Lee, Fellow of (ISC) 2 , CISA, CISMCo-Chair, Asian Advisory Board, (ISC)²Chair Professor, Graduate School of International Affairs andInformation, Dongguk UniversitySOUTH KOREADr. Lee is the chair professor at Dongguk University, Graduate School of InternationalAffairs & Information, and president of the Cyber Forensic Professional Associationin Seoul, South Korea. He is also co-chairperson of the (ISC) 2 Asian Advisory Board,chairperson of the Advisory Board of the CSO Association in Seoul, and senior advisorfor the Korea Industrial Security Institute. Following his retirement as a major generalfrom the Korean Air Force, Dr. Lee pursued his career in the information securityprofession. He holds a master of science degree in systems management from theUniversity of Southern California, U.S.A, and received his doctorate degree from KonkukUniversity in South Korea.Greg has been involved in the Australian government commonwealth ICT securityspace for ten years. This has included involvement with the various reviews andupdates to the Australian Government Protective Security Manual (now PSPF) and theAustralian Government ICT Security Manual (formerly ACSI33). He provided cybersecurity policy and technology oversight during the recent development of the newAustralian Government Information Security Protocol.Greg was the Deloitte representative on the Australian IT Security Forum from 2001-02. In 2003, he was a private sector contributor to the development of the AustralianGovernment Defense Signals Directorate infosec Registered Assessor Program (iRAP),and was one of the programs’ first registered assessors.Greg is currently a member of the Standards Australia IT Security Techniques Committee,which oversees the Australian information security standards. He also provides theAustralian contributions to the ISO/IEC committee responsible for the ISO/IEC 27Kstandards.Dr. Lee has served in numerous leadership and advisory capacities within the industry,including: the first president of the Korea Information Security Agency; an organizerof the Korea National Computerization Agency; board member of the KoreanGovernmental Security Committee; chairperson of the National Information System- 16 - - 17 -

Freddy Tan, CISSPCo-Chair, Asian Advisory Board, (ISC) 2Chairperson, Board of Directors, (ISC) 2Cyber Security Strategist, Public Safety & National SecurityMicrosoft AsiaSINGAPOREFreddy enjoys enabling emerging information communications (infocomm) markets to“level up” their security posture to allow their communities to trust infocomm services.Before Microsoft, Freddy served with the Ministry of Defense, Singapore (MINDEF) andSingapore Armed Forces. Over the course of his twenty-five years with the MINDEF,he was involved in many aspects of infocomm security, ranging from security policyformulation to security monitoring and incident response.He has participated as a working committee member on various infocomm securitymasterplan projects with the Infocomm Development Authority (IDA) of Singapore.He was also a member of the Singapore National Infocomm Competency Framework(NICF) Technical Committee. He was awarded an (ISC) 2 President’s Award in 2003 inrecognition of his volunteer work with the organization.He is a frequent speaker at security events in Bangladesh, Brunei, Indonesia, Malaysia,Philippines, Singapore, Sri Lanka, South Korea, Thailand, the United States of America,and Vietnam. He has also been called upon by media in Bangladesh, Malaysia, Singapore,and South Korea for his opinions regarding cyber security.Charles Wale, CISSP, CISA, CRISCDirector, Lee Douglas & AssociatesAUSTRALIACharles Wale has fifteen years of experience in the information security industry. Hebegan his career working within the information risk management practice of KPMG,initially in London, U.K., and then in Melbourne, Australia. He led their informationsecurity practice in Melbourne, building it from two to five staff members within twoyears. He has also worked for Cybertrust (now Verizon Business) in their informationsecurity consulting practice and Fujitsu Consulting, where he spent some time as thecaretaker of the national information security consulting practice in Australia. He wasthe manager of the southern region of the information security consulting practicefor Telstra in Melbourne for three years. He is now the director of Lee Douglas &Associates’ Information Risk Management and Security practice.Mr. Wale has been heavily involved with the Australian Information Security Association(AISA), an (ISC) 2 Affiliated Local Interest Group (ALIG), for the past ten years. He assistedduring the early days of the Melbourne branch, when the organization was known asthe Information Security Interest Group (ISIG). He became the Melbourne branch chair,a position he held for two years, before chairing the Branch Chair Committee for oneyear. He also sat on the AISA Executive Board for three years. He was the founder andmoderator of the Australian AISA CISSP Forum. He has been a CISSP for seven years,and holds the CISA, CRISC and, until recently, the PCI-QSA certifications.Dr. Meng-Chow Kang, CISSP, CISADirector and Chief Information Security Officer for Chinaand A-P/JCisco SystemsSINGAPOREBased in Singapore, Dr. Kang has been a practicing information security professional formore than twenty years, with field experience spanning from technical to management inthe various security and risk management roles within the Singapore government, majormulti-national financial institutions, and security and technology providers. Dr. Kang hasbeen contributing to the development and adoption of international standards relatingto information security since 1998, and initiated the formation of the Regional AsiaInformation Security Standards (RAISS) Forum in 2004, which has since completed thedevelopment of a number of regionally focused standards deployment guides, and hasbeen serving as a regional platform contributing to international standards developmentin ISO and ITU-T. Since 2006, Dr. Kang has also been the convenor of ISO/IEC JTC 1 SC27 WG 4 – “Security Controls & Services”, responsible for managing and coordinatingthe development of a series of international security standards supporting the needsfor the implementation of the ISO/IEC 27001 standard for information security riskmanagement.- 18 - - 19 -

Prof. Hiroshi Yasuda, Dr. E., CISSPEmeritus ProfessorThe University of TokyoProfessor, Dean, School of Science Technologyfor Future Life JapanTokyo Denki UniversityJAPANProf. Hiroshi Yasuda received his B.E., M.E. and Dr.E. degrees from the University ofTokyo. Thereafter, he joined the Electrical Communication Laboratories of NTT. Afterserving twenty-five years in his previous position as vice president and director of NTTInformation and Communication Systems Laboratories at Yokosuka, he left NTT to workat The University of Tokyo. He was acting director of the Center for Collaborative Research(CCR) for two years, and is now a professor at Tokyo Denki University. He is a memberof the IT Strategic Headquarters (Japan). In the sphere of international standardization,he served as chairperson of ISO/IEC JTC1/SC29 (JPEG/MPEG Standardization). He alsoserved as the president of DAVIC (Digital Audio Video Council).Mr. S.C. Leung is currently the senior consultant of the Hong Kong Computer EmergencyResponse Team Coordination Centre, supervising the security incident response team andcoordinating with local and overseas parties. He has twenty years of experience servingthe banking, Internet solutions providers, telecommunications, and consultancy industries.S.C. Leung holds several information security designations, including CISSP, CISA, andCBCP. He is a frequent speaker on the topic of information security awareness. He hadbeen invited to speak for the Hong Kong Monetary Authority, Hong Kong Police Force,government departments, schools, and local non-governmental organizations, as wellas overseas conferences for (ISC) 2 , APECTEL, CNCERT/CC of China, and NationalUniversity of Singapore. He was chosen as a 2007 showcased honoree for (ISC) 2 ’s Asia-Pacific Information Security Leadership Achievements for his contributions to productneutral security awareness to the public.He is involved in several committees, including chairperson of Internet Society HongKong; founding chairman of Professional Information Security Association (PISA) inHong Kong; board member of Cloud Security Alliance Hong Kong and Macau Chapter;and program committee member of PISA.He has received numerous awards, including the Takayanagi Award in 1987, theAchievement Award of EICEJ in 1995, The EMMY from The National Academy ofTelevision Arts and Science in 1996, the Charles Proteus Steinmetz Award from IEEE in2000, the Takayanagi Award in 2005 and The Medal with Purple Ribbon from The Emperorof Japan in 2009. He is a Life Fellow of IEEE, Fellow of EICEJ and IPSJ, and a member ofTelevision Institute. He wrote International Standardization of Multimedia Coding in 1991,MPEG/International Standardization of Multimedia Coding in 1994, The Base for the DigitalImage Coding in 1995, The Text for Internet in 1996, The Text for MPEG 2 in 2002, TheText for Content Distribution in 2003, Power to the Edge (translation supervisor) in 2009,Rebuilding Japan after the Great East Japan Earthquake and Tsunami in 2011.Other Asia-Pacific ISLA Nomination ReviewCommittee Members (Non-Asian Advisory Board)S.C. Leung, CISSP, CISA, CBCPShowcased Honoree, Information Security Practitioner(ISC) 2 Asia-Pacific ISLA 2007Senior Consultant, Hong Kong Computer EmergencyResponse Team Coordination CentreHONG KONGAnthony Lim, MBA, CSSLPHonoree, Senior Information Security Professional(ISC) 2 Asia-Pacific ISLA 2010Regional Director, SecureAge Technology LtdSINGAPOREAnthony Lim is one of, if not the first, CSSLP in Asia-Pacific, as well as an (ISC) 2 evangelistand Application Security Advisory Board member. In 2010, he was recognized as anhonoree for (ISC) 2 ’s Asia-Pacific ISLA program, and received a President’s Award for hisvolunteer work with the organization. From 2006 through 2011, he was IBM’s Asia-Pacificapplication security business inaugural leader, and is currently spearheading a new clouddata protection solution. Anthony is a pioneer and veteran cyber-security professionaland business leader in the Asia-Pacific region. He was Check Point’s founding Asia-Pacific managing director, CA’s first security brand manager, and held similar stints fora couple of other US security vendors. He is a long-time popular speaker and contentcontributor for many industry, business, and tertiary-education conferences and media(broadcast, print, Internet). He has sat on several government cyber-security workingcommittees in the region and also presented at some international meetings for NATOand multi-national defense think-tanks on cloud and application security issues.- 20 - - 21 -

About the Nomination Review CommitteeThe 2012 (ISC) 2 Asia-Pacific Information Security Leadership Achievements (ISLA)Nomination Review Committee is comprised of members of the (ISC) 2 Asian AdvisoryBoard as well as honorees from previous Asia-Pacific ISLAs. The Committee evaluatedall nominations that were received based on the information submitted on theirnomination forms, focusing on their leadership track record, mentoring abilities, impactof their information security workforce improvement, initiative or program in the lasttwelve months, results of the program, and applying innovation to solve problems in theimplementation of their program.After evaluating all the nominations, the Nomination Review Committee discussed themerits of each of the nominees in a closed session to ensure that all of the nomineeswere qualified to be recognized at the sixth annual ISLA event. In addition, theCommittee reached consensus on specific projects submitted by the nominees thatdeserved recognition as showcased honorees.The members of the 2012 ISLA Nomination Review Committee include:Sanjay Bahl, CISM, CIPP/IT, member, (ISC) 2 Asian Advisory Board, Advisory BoardMember for the Centre for Strategic Cyberspace + Security Science, Senior ConsultantPrinya Hom-anek, CISSP, SSCP, CISA, CISM, SANS GIAC GCFW, Security+, ITILFoundation, member, (ISC) 2 Asian Advisory Board, President & Founder, ACISProfessional CenterDr. Meng-Chow Kang, CISSP, CISA , member, (ISC) 2 Asian Advisory Board, Directorand Chief Information Security Officer for China and A-P/J, Cisco SystemsHaruto Kitano, CISSP, JGISP, member, (ISC) 2 Asian Advisory Board, Director of ProductBusiness Development, Oracle Corporation JapanDr. Jae-Woo Lee, Fellow of (ISC) 2 , CISA, CISM, Co-Chair, (ISC) 2 Asian Advisory Board,Chair Professor, Graduate School of International Affairs and Information, DonggukUniversityS.C. Leung, CISSP, CISA, CBCP, (ISC) 2 Asia-Pacific ISLA Showcased Honoree 2007,Senior Consultant, Hong Kong Computer Emergency Response Team CoordinationCentreAnthony Lim, MBA, CSSLP, (ISC) 2 Asia-Pacific ISLA Honoree 2010, Regional Director,SecureAge Technology Ltd.Charles Wale, CISSP, CISA, member, (ISC) 2 Asian Advisory Board, Director, Lee Douglas& Associates- 22 - - 23 -

Khawaja Faisal Javed, CISA, CRISC, CBCPManager of Operations and ICT ProductsSGS Pakistan (Pvt.) LimitedPAKISTANSenior Information Security Professional CategoryShowcased Project: InfoSec-ISO Standards & Courseware Development,Mentoring, and AuditingMr. Khawaja Faisal Javed has been working as manager of operations & ICT productsfor SGS Pakistan (Pvt.) Limited (a Subsidiary of SGS S.A. based in Switzerland)since 1999. Responsible for controlling the day-to-day activities related to overallauditing and training operations in systems and services certification in Pakistan.And in addition, he is handling the management, execution, and development ofauditors and trainers in the ICT products (ISO27K, ISO20K and BS25999) divisionin Pakistan & other GCC countries. Previously, he served multinational and nationalorganizations in the field of ICT, financial derivative online trading, as well as trainingand consultancy.Mr. Khawaja possesses vast and extensive experience based on over twenty yearsin IT GRC, information security management systems, IS auditing/training/coaching/consultancy, IT service delivery/support, IT infrastructure, BCP/DRP, system analysisand design, and business process re-engineering (BPR). He has immense experiencein designing, developing, and delivering training courses, including approximately4,500 hours of training and around 700 third-party certification audits in nearly 30countries worldwide. He is one of the first in Pakistan to achieve IRCA, UK registeredLead Auditor for ISO 27001 Information Security Management System in 2005 andis currently the only itSMF, UK approved ISO20000-IT Service management-LeadAuditor in Pakistan. He is the only IRCA, UK approved Lead Trainer in Pakistan,for conducting BS 25999 BCMS & ISO 20000 ITSMS and ISO 27001 ISMS. Hewas part of a volunteer group that developed the first version of an InternationalStandard for Information Security Mgmt System Auditing Guidelines - ISO 27007,released by ISO/IEC in Nov 2011.About the Showcased ProjectMr. Khawaja has designed and conducted several certification courses on informationsecurity and related topics, training approximately 2,000 professionals from over300 organizations worldwide. Outside his job responsibilities, he has dedicated histime to serving the security community through voluntary research. Mr. Khawajais a member of the first release of an Information Security Management SystemAuditing Guideline Standard - ISO 27007. He also voluntarily contributed to thedevelopment of an ISO27K implementation toolkit on an online forum www.iso27001security.com, which aim is to help information security students, novices,professionals, and organizations willing to implement an effective ISO27001 project.”I have a passion for information security and wanted to achieve high standards not onlyfor myself, but also for community. Although this project involved a lot of traveling awayfrom my family, I gained a great deal of professional satisfaction. Now, in addition, I amrecognized for these contributions, which is a wonderful and unexpected bonus,” saidMr. Khawaja Faisal Javed.“Mr. Khawaja developed many foundational information security pillars in Pakistan. Hisperseverance in encouraging an open exchange of IT governance, IS audit, controls,and assurance approaches is highly commendable. He has also played a pivotal rolein expanding the knowledge and skills of his community in the interrelated fields of ITgovernance, IS audits, security, controls, and assurance. ”-Dr. Jae-Woo Lee, 2012 Nomination Review Committee MemberMr. Khawaja is a keynote speaker and presenter at international conferences oninformation security, BCM, and ITSM. He holds an MBA degree with specializationin management information systems. He is also the president of the ISACA LahoreChapter and a member of DRI.- 28 - - 29 -

Information Security Practitioner CategoryJae Hyeon Baek, CISSP, CISAManager / HR Information Security TeamBSG (Business Service Group)SOUTH KOREAHe has expertise in Linux based product development/customization, security-patching/hardening, penetration testing, and integration of open source solutions. He is activelyinvolved in security practices, development, consultancy, VA/PT, with prestigious financialorganizations and banks. Murtuja has conducted various security training sessions forreputable organizations and has also presented at various open community conferences.Project: Information Leadership Program & Volunteer Research Community forSecurity Professionals in KoreaMr. Baek is a specialist in administrative security and cyber forensics. He is currently incharge of information security management at BSG (Business Service Group), a wellknownfinancial institution in South Korea. Mr. Baek is also the director of the (ISC) 2CISSP Korea Chapter, an (ISC) 2 authorized instructor, and the planning team managerfor Cyber Forensics Professional Association(CFPA).He holds a master’s degree from the Dongguk University in information security (cyberforensics) and is pursuing his Ph.D. in criminal law (digital evidence) at the SeonggyungwanUniversity Law-School. He gives lectures on various information security topics at theCyber University of Korea and Korea Productivity Center (KPC).Murtuja Bharmal, CEHCo-FounderNull Open Security Community andPayatu Technologies Pvt. Ltd.INDIANouman Qadeer Khan, GSECAsst. Manager, International CooperationInternational Multilateral Partnership Against Cyber Threats(IMPACT)Project: Enhancing International Cooperation and Capacity BuildingNouman Khan has nine years of experience in the IT and cybersecurity industries andis currently an executive of policy and international cooperation at the InternationalMultilateral Partnership Against Cyber Threats (IMPACT). He is responsible for lookinginto the development of IMPACT’s partner countries and relationships between partnersin the industry, international organisations, academia, and government.In previous capacities at IMPACT, Nouman assisted in training and outreach, includingnational cybersecurity programmes focused on increasing awareness for Internet users(enterprises, parents, children, and ministries) in Malaysia.Nouman has a bachelor’s degree in computer science and is currently working towardshis master of computer science degree. He has presented at international conferences,forums, and seminars and has published articles for both local and international publications.Project: Null - The Open Security CommunityMurtuja is co-founder of Null (open security community) and Payatu Technologies Pvt.Ltd. He previously worked on IBM-ISS (Internet Security System) projects as a seniorsystem engineer as well as the Securegate UTM (Unified Threat Management) product,including the design and development of various features such as firewall, IPS, VPN,application proxies, and authentication modules.- 32 - - 33 -

Muhammad Muslim Mansor, CISSP, CEH, GSECInstructor/ Principal Security ConsultantEC-Council Academy Sdn BhdMALAYSIAProject: Development of Certified & Security-Aware Workforce amongst Malaysia’sGovernment Agencies, Private Institutions, and UniversitiesMuhammad Muslim is a principal security consultant, invited lecturer for multiple universitiesand colleges, and a researcher in network security and cyber forensics. He has worked inthe cyber security field for the past 10 years. He is also a certified EC-Council Instructor forEC-Council Academy Sdn Bhd.He is a reviewer/contributor for forensics research strategies under the National R&DRoadmap for Self Reliance in Cyber Security (MOSTI & MIMOS) and has served on theindustry panel for UTM’s Master of Informatics (Information Assurance & Control). Inaddition to knowledge sharing, Muhammad Muslim frequently acts as lead security consultantto multiple forensic investigations and security posture assessment exercises for governmentagencies, banks, and small medium industries (SMIs) across Asia-Pacific.Muhammad Muslim holds a bachelor’s and master’s degree in telecommunication engineering(honors), and is currently pursuing his Ph.D. in network forensics. He is also a member of theSANS/GIAC Advisory Board, International High Technology Crime Investigation Association(HTCIA) Asia-Pacific Chapter, OWASP (International & Malaysia Chapter), IMPACT Alumni,ISPA.my, IEEE Computer Society, and IEEE Communication Society.web security, incident/exploit analysis, client side security (browser & PDF exploitation &analysis), code obfuscation, honeypot technology, system development, and automation.Adnan is active in open source contribution and is the project founder, developer, andcontributor to numerous open source projects. Among his projects that have beenmade available freely to the public are DontPhishMe and MyPHPIPS. DontPhishMe isan anti-phishing add-on for Mozilla Firefox and Google Chrome which utilizes thepattern matching techniques to provide Malaysian Internet users with information andnotifications to protect them against phishing websites related to banking. MyPHPIPS isan open source PHP Web Application Intrusion Prevention System that intends to assistthe web developer/maintainers to secure their PHP CMS/application deployments withminimal resources (i.e., time and money). Both projects, DontPhishMe and MyPHPIPS, aremainly designed to provide an additional security mechanism for public Internet users inpreventing sophisticated online threats.He holds a bachelor’s degree in information technology, majoring in security technology,from Multimedia University and is a member of the GIAC Advisory Board.Adam R. Saeed, CISSPSenior ConsultantM. Yousuf Adil Saleem & Co. | Consultant for Deloitte ToucheTohmatsu Limited (DTTL)PAKISTANProject: IT Policies & Procedures based on 27001/2 for Bank Alfalah LimitedAdnan Mohd Shukor, GPEN, GCIHSenior Analyst, Malaysian Computer Emergency ResponseTeam (MyCERT)Cybersecurity MalaysiaMALAYSIAProject: Public/End-User Security Initiative (VIA DONTPHISHME & MyPHPIPS)Adnan bin Mohd Shukor is a senior intrusion analyst at Malaysian Computer EmergencyResponse Team (MyCERT), CyberSecurity Malaysia. His responsibilities include participatingin the development and coordination of numerous cyber drill exercises, both nationallyand internationally. He possesses experience in network security, penetration testing,Mr. Adam Saeed is a senior consultant for Deloitte Pakistan. He is an information security andbusiness continuity specialist with eight years of diverse experience in different domains. Hehas developed security solutions for complex infrastructure and business related problems,specially the implementation and maintenance of data center operations, solution integrationwith Unix & Microsoft technologies, due diligence, IT governance, IT risk assessment, costreduction, and project management. He has conducted and supervised a number ofinformation security and business continuity reviews, including the implementation of ISO27001 in organizations throughout Pakistan and the Middle East.Before joining Deloitte in 2010, he founded his own security consultancy company, M. YousufAdil Saleem & Co. where he developed Unix audit tools and performed compliance reviewsfor clients in Pakistan and the Middle East.He obtained his bachelor’s degree in computer science from the University of Karachi. In2005, he provided public lectures on Linux Technologies to students at PAF KIET University.- 34 - - 35 -

Takashi YaoEvangelistNetAgent Co., Ltd.JAPANas secretary. He is the ICT Bureau chairman under the SMI Association of Malaysia. He isan effective presenter, column writer, and contributor to newspapers and magazines variouslanguages, including English, Mandarin, and Bahasa Malaysia. He is also a keynote speaker andoccasion moderator for many organizations in Malaysia.He holds a bachelor’s degree in computer science and microelectronics and an MBA degree,with a focus on multimedia marketing.Project: Information Security Workshop in JapanMr. Yao is an evangelist for NetAgent Co., Ltd., where he provides IT security products andservices to various companies.Previously, Takashi worked for Sumitomo-Chemical Systems Services Co., Ltd. where hemanaged IT security and network operations for over 12,000 clients. In 2004, he startedthe IT Security Workshop, which has been held forty times per year throughout Japan toprovide IT security education and awareness to over 1,650 attendees. As a result of thisinitiative, he was awarded Microsoft MVP for Consumer Security from 2005 to 2012.Managerial Professional for an InformationSecurity Project CategoryHwee Hsiung Lee, CEH, ISMS Lead Auditor,ABCPManager, Information Security Professional DevelopmentCyberSecurity MalaysiaMALAYSIAProject: Establishing the First Information Security Professional Association in Malaysia- The Information Security Professional Association of MalaysiaNahil MahmoodCEODelta TechPAKISTANProject: Workforce Improvement Project - Database Security Implementation andNetwork Security Video LecturesNahil is a seasoned information security professional in Pakistan with fifteen years ofexperience in IT. He is an established and credible leader in information security, holding anumber of leadership positions as president and founder of the Cloud Security Alliance inPakistan, chapter leader for OWASP, and founding board member and chapter leader forthe Pakistan Information Security Association.Previously, Nahil held the prestigious position of CISO for MCB Bank, one of the largestcommercial-banksin Pakistan, where he pioneered and initiated a database security projectwith IBM called Guardium solution. This was the first time that a database security projectwas implemented in Pakistan. He was also project director for PCI-DSS, and initiated theISMS27001 project at MCB Bank.Nahil has a bachelor’s degree from the University of Texas at Austin. He is an inspirationaland knowledgeable speaker at international conferences on topics such as cloud andinformation security.Mr. HHLee has more than twenty years of experience in the ICT environment, includingexperience in R&D, setup and commissioning of technology-based companies in thearea of multimedia development, training, e-learning, information security, and ICTbusiness development.Mr. HHLee initiated the first information security professional association in Malaysia, knownas the Information Security Professional Association of Malaysia (ISPA). He is currentlytaking the lead role in the association’s establishment and development, while also serving- 36 -- 37 -

Wahyudi, CISSPManager of Architecture, Strategy & SecurityIT Solution – Corporate Shared Service, PT. PERTAMINA(Persero)INDONESIAJaved Jabbar, CISSP, PMP, ISMESInformation Security ManagerNational Bank of PakistanPAKISTANProject: The Establishment of Information Security Management System in Pertaminaand Obtaining ISO 27001 CertificationMr. Wahyudi has twenty-two years of experience in information and communicationstechnology. He joined PT. PERTAMINA, an Indonesian state-owned energy company, as astaff member in the communications and electronics division in 1990. He has since heldseveral positions in the company, including head of the communications and electronicsdivision of a refinery business unit, a senior consultant of upstream IT solutions, and asenior specialist of computer infrastructures. He is currently manager of architecture,strategy & security and is responsible for managing the strategic IT plan and informationsecurity management systems.Mr. Wahyudi holds a bachelor’s degree in electro technique and master’s degree ininformation technology from Bandung Institute of Technology (ITB) in Indonesia.Senior Information Security Professional CategoryProject: Information Security Policy Design and its Harmonization with ISO 27001 &Sarbanes Oxley and ImplementationMr. Javed Jabbar is information security manager for the National Bank of Pakistan and isconsidered an information security pioneer in Pakistan. He has a proven track record ofsuccess and delivery in information security throughout his career and is believed by fewto be the most learned person within NBP. He holds an MBA degree in managementinformation systems.Mr. Javed Jabbar is considered an authority and a subject matter expert on information security.He carries more than a decade experience in system development, system administration,networking, telecommunication, and information security.Throughout his career, he has undertaken many initiatives and conducted various securityawareness sessions. Because of these initiatives, the daunting task of implementing NBP’sinformation security policy is progressing at a smooth pace. Due to his achievements, hisperformance has been recognized by the higher management and he has been rewardedseveral times during his tenure at National Bank of Pakistan.Saurabh Agarwal, CRISC, CISA, CISMDeputy General Manager - Information SecurityUnitech Wireless (Tamil Nadu) Pvt. Ltd.INDIAKoichiro Komiyama, CISSPManager, Global Coordination DivisionJPCERT Coordination CenterJAPANProject: Vendor Security Governance ProgramSaurabh is the deputy general manager of information security at Uninor and has twelveyears of industry experience. He has worked across various sectors including Telecom,Insurance, IT Services, GIS & BPO. He earned M.Sc. and MBA degrees and has completedan e-commerce application training program from S.P. Jain Institute of Management &Research in Mumbai.Project: CSIRT Capacity BuildingMr. Koichiro Komiyama is a manager of the global coordination division at the JPCERTCoordination Center, a national CSIRT in Japan. He joined JPCERT/CC in 2006 as aninformation security analyst in charge of research projects on malicious insider threats andphishing. In 2010, he was appointed to his current position. He has worked with CSIRTcommunities like APCERT and FIRST, while also working to help other countries/economiesdevelop their own CSIRTs.- 38 - - 39 -

Prior to join JPCERT/CC, Mr.Komiyama worked for Internet Security Systems, where he wasresponsible for a large scale database for intrusion protection systems. He is an occasionalspeaker at conferences such as First, APWG, and many other events in Japan. He obtained abachelor of business degree from Aoyama Gakuin University (Japan).Binoy Koonammavu, CISSP, CISM, CISAManager - IT SecurityBurgan Bank s.a.kKUWAITHe is an adviser and former chairperson for KISIA. Mr. Lee is a member of the PrivateVerification Council for the NIS National Cyber Security Center, chairman of IT CooperationGroup in Korea Post, and a member of the Korea Software Enterprise Association (KOSEA).For his distinguished service in taking the lead in developing Korea’s information protectionindustry, he has received the Korea Cyber Security Award; the Industrial Service Medal in2010; and an award from the Ministry of Education, Science and Technology in 2008. Healso received a special prize at the Prime Minister’s Awards for contributing to Korea’sinformationization in 2006.He received his bachelor’s degree in computer science from Inha University, completed anadvanced management program at Korea University Business School, the CEO IT course atYonsei University, and the advanced industrial strategy program at Seoul National University.Project: Bank Information Security ArchitectureBinoy is a professional information security consultant with fourteen years of experiencein IT, information security, and business continuity. He is considered to be an expert ininformation security, network security, and developing ISMSs.He currently handles the CISO role at Burgan Bank, though his title is manager of IT security.He is in charge of a team of 6 security professionals focused on risk management, incidentmanagement, and access control management. Under his leadership, Burgan Bank hasachieved ISO 27001 certification and PCI DSS compliance validation by QSA company.Recently, he developed his company’s BCM program, and has received ‘b-elite’ status and theHigh Achieving Burgener Award.Deuk Choon LeeCEOIGLOO SecuritySOUTH KOREAProject: Implementation of Cooperation Program between Korean SecurityEnterprises for the Development of Information Protection Industry in AsiaDeuk Choon Lee, a representative and founder of IGLOO Security, has managed thecompany for thirteen years. Prior to IGLOO Security, he served as a head of the informationsecurity business division at Cybertek Holdings and head of the information business divisionin Korea Information Engineering Services (KIES).Peter Lilley, CISSPChief Executive OfficerBAE System StratsecAUSTRALIAProject: Bank Information Security ArchitecturePeter Lilley is an information security professional with over twenty years of experiencein the industry and co-founder of Stratsec. Throughout his tenure, Peter has providedspecialist IT security consultancy services to a diverse range of clients, including leadershipon major projects with the Australian government, Asian governments, and high profileorganisations in the commercial sector. Peter’s expertise includes security risk management,enterprise security architecture and the design, implementation, and management of nationalinformation assurance programs. He has been CEO of Stratsec since 2003 and again in2012 after the acquisition of Stratsec by BAE Systems.Peter Lilley is recognised amongst his peers and subordinates as an inspiring role model,challenging and driving the company to be the information security leader in Australia andAsia-Pacific. His leadership has seen Stratsec grow to 100+ consultants and a turnover ofmore than AUD$12 million, with an annual growth rate exceeding twenty-five percent.Under his leadership, Stratsechas ventured out of its Australian market, extending highlyspecialised information security business into South East Asia and the U.S.A. Under hisleadership, the company received numerous awards, including the highly prized TelstraAustralian Business of the Year Award in 2010.- 40 - - 41 -

Sean Lin, CISSP, CISA, CISMChief Inspector of PoliceHong Kong Police ForceHONG KONGMichio Sonoda, CISSP, CISA, CISMAssociate ProfessorCyber UniversityJAPANProject: Information Security Enhancement Program for the Hong Kong Police ForceMr. Lin is a chief inspector of police for the Hong Kong Police Force. He currently leads theinformation security team and acts as the departmental information technology securityofficer (the de facto CISO).He holds an MBA and a M.Sc. in information systems management and is a well sought afterspeaker, trainer, and presenter on information security, cybercrime, and law topics. He speaksfrequently at industrial conferences, university lectures, and public seminars. Mr. Lin receivedthe Hong Kong Ten Outstanding Young Persons Award for his exceptional contributions in civicand public services. He is also a distinguished toastmaster and a national public speakingchampion of greater China.Project: CTF HandlingMr. Michio Sonoda is associate professor of IT security at Cyber University, a researcher forthe Information-technology Promotion Agency (IPA), and a resercher of the Japan NetworkSecurity Association (JNSA).He plays an active role as a core member of the SECCON (Security Contest) Committeeand the Security Camp Committee. He is also a member of the Risk Management PlanningCommittee for the Shirahama Symposium.Sonoda holds a bachelor’s degree from Maiji Gakuin University, and in 2008, he wascommended by chief of the Ministry of Economy, Trade, and Industry.Dr. ir. Anand R. Prasad, CISSPSenior ExpertNEC CorporationJAPANPinyo Treepetcharaporn, CISSP, CISA, CISMSenior Manager - Security, Privacy & ResiliencyDeloitte Touche Tohmatsu Jaiyos Advisory Company LimitedTHAILANDProject: Global StandardizationProject: Enterprise Security ManagementDr. Anand R. Prasad is senior expert at NEC Corporation where he leads mobilecommunications related security activity.He has over 30 patent applications, has published 6 books, and authored over 50 peerreviewed papers in international journals and conferences. He is recipient of NEC Awardfor standardization for the work on prevention against unsolicited communication forIMS in 3GPP. He is the series editor for standardization book series of River Publishers,an associate editor of Institute of Electronics Engineers of Korea Transactions on SmartProcessing & Computing (SPC), advisor to the Journal of Cyber Security and Mobility,and chair of several international activities.Anand R. Prasad earned his Ph.D. and M.Sc. from Delft University of Technology in TheNetherlands.Pinyo Treepetcharaporn is senior manager in the enterprise risk services division of DeloitteSouth East Asia. He currently leads Deloitte’s security, privacy & resiliency team and controlrisk & compliance team in Thailand. He is responsible for the design, implementation, review,and evaluation of information security.He has over eleven years of hands-on experience in information systems security andauditing. Prior to joining Deloitte, he started his professional career with Ernst and YoungThailand as a technology and security risk assistant where he was involved in a number ofIT audits, security components, risk assessment assignments from clients in various industries.Pinyo holds a bachelor of arts in economics from Thammasat University and a master ofcommerce in information systems and management from the University of New SouthWales in Australia.- 42 - - 43 -

Ting Aung Win, CISSP, CISAManager (Information Security)Nanyang PolytechnicSINGAPOREexperience in designing and executing cyber security teams.Jia-chyi has also been the deputy director of Taiwan National Computer EmergencyResponse Team (TWNCERT) since 2003. He is involved in various global computersecurity activities such as Forum of Incident Response and Security Teams (FIRST) and theAsia-Pacific CERT (APCERT).Jia-Chyi has a master’s degree in engineering.Project: Information Security Programs to Increase Professionalism in the IndustryAung Win is the manager of information security for the School of Information Technologyat Nanyang Polytechnic (NYP). He currently leads various information security initiatives,including the design and implementation of various information security related coursesfor both young adults, as well as IT professionals. He is involved in the IT security awarenessinitiative in NYP and is currently managing the specialist diploma in IT security program forworking IT professionals.He has served in various voluntary organisations, including the executive committes ofISACA (Singapore Chapter), SiTF (Security & Governance Chapter), as well as (ISC) 2 ’sApplication Security Advisory Board (ASAB).Aung Win has been assisting the Association of Information Security Professionals (AISP)of Singapore as one of the reviewers of its Qualified Information Security Professionalcertification. He is also an external reviewer of QISP certification examinations. In addition,he was a member of the expert panel with National Infocomm Competency Framework,IDA Singapore, where he reviewed various IT and security professional/certificationcourses from various course providers and certification owners for suitability for IDACITREP funding.Jia-Chyi Wu, CISSP, BSI 7799/ISO27001 Lead Auditor, ISO 20000 LA Lead AuditorDeputy DirectorICST (Information and Communication Security TechnologyService Center)TAIWANSatoru YamasakiConvenor of SC27/WG1 JapanKogakuin UniversityJAPANProject: International Standardization for Information Security Management SystemsSatoru Yamasaki is convenor of ISO/IEC SC27/WG1 Japan where he is responsiblefor the establishment of ISMS family of international standards. He is currently leadingan international standards project for cloud security and privacy. Mr. Yamasaki is also avisiting fellow at Kogakuin University, teaching a secure systems engineering course forgraduate students.He had over thirty years of experience with IBM in the development of network managementsystems, architecture, and design of complex network systems software components, as wellas networking and security consulting. As the executive security consultant, Mr. Yamasaki leda number of engagements for finance, government, manufacturing, communications media,and distribution focusing on security policy and security architecture development, securityand risk assessment, ethical hacking, and risk analysis.Mr. Yamasaki earned his bachelor of science degree in mathematics from Kyoto University.Project: National Information & Communication Security Management and ServiceProgram (FY2011)Jia-chyi is the deputy director of the Information & Communication Security TechnologyCenter (ICST) of Taiwan, where he provides technical and strategy leadership to protectthe critical information infrastructure of government services. He has eleven years of- 44 - - 45 -

(ISC) 2 Board of Directors & ManagementSpecial Thank YouThe (ISC) 2 Board of Directors is comprised of information security professionals fromaround the world, representing a wide variety of organizations. All volunteers and (ISC) 2 -certified, the Board is accountable for oversight and governance and sets strategic directionfor the organization. Their leadership enables those credentialed by (ISC) 2 to attain thehighest levels of professionalism and merit in their areas of information security andsoftware security expertise.(ISC) 2 would also like to thank the following individuals and organizationsfor their contribution to the success of the sixth annual (ISC) 2 Asia-PacificInformation Security Leadership Achievements program.SponsorBoard OfficersFreddy Tan, CISSP, Chairperson (Singapore)Benjamin H. Gaddy, Jr., Vice-Chairperson, CISSP, CSSLP, SSCP, CISM, CHS-III, CFCP,(U.S.A.)Richard Nealon, CISSP, SSCP, CISM, CISA, Secretary (Ireland)Flemming Faber, CISSP, Treasurer (Denmark)Board MembersDoug Andre, CISSP, SSCP (U.S.A.)Dan Houser, CISSP-ISSAP, CSSLP, CISA, CISM (U.S.A.)David C. Krehnke, CISSP-ISSMP, CAP, CISM, CHS-III, IAM (U.S.A.)David Melnick, CISSP, CISA (U.S.A.)Alessandro Moretti, CISSP, CSSLP (Switzerland)Wim Remes, CISSP (Belgium)Prof. Corey Schou, Ph.D., CSSLP, Fellow of (ISC) 2 (U.S.A.)Prof. Jill Slay, Ph.D., CISSP (Australia)Greg Thompson, CISSP (Canada)Executive OfficersExecutive DirectorW. Hord Tipton, CISSP-ISSEP, CAP, CISAChief Financial OfficerDebra TaylorGeneral CounselDorsey Morrow, CISSP-ISSMPVenue and CateringHilton Tokyo Hotel, Tokyo, JapanEntertainmentMutsunoya, Tsugaru-TeodoriPhotographerMr. Masaharu AbeISLA Nomination Review CommitteeSanjay BahlPrinya Hom-anekDr. Meng-Chow KangHaruto KitanoDr. Jae-Woo LeeS.C. LeungAnthony LimCharles WaleGraphic DesignerAndrea Graves, (ISC) 22012 ISLA Project TeamKitty Chung, Head of Marketing Communications for Asia-Pacific, (ISC) 2Amanda D’Alessandro, Corporate Communications Specialist, (ISC) 2Clayton Jones, Managing Director for Asia-Pacific, (ISC) 2Toshi Kinugawa, Director of Business Development for Japan, (ISC) 2Sally Ko, Marketing Manager for Asia-Pacific, (ISC) 2Christina McCarthy, Marketing Programs Manager, (ISC) 2Lorraine Roscoe, Events Marketing Planner, (ISC) 2Jessica Smith, Acting Senior Marketing Development Manager, (ISC) 2Elise Yacobellis, Director of Corporate Development, (ISC) 2- 46 - - 47 -

The Changing Threat Landscape: Criminals Leveraging Both Broad-based and Targeted AttacksSecurity FundamentalsUse Strong PasswordsApply Updates RegularlyUse Anti-Virus SoftwareConsider the CloudInvest in Newer ProductsHolistic Approach12 3 41234PreventionEnsure you have implemented thesecurity fundamentals.DetectionRegularly monitor and conductadvanced analysis within yourorganization to identify threats.ContainmentIf the attacker is successful atbreaching, contain the threat so thatit does not spread.RecoveryHave a well-conceived recovery plansupported by suitably skilled responsecapability.Conficker Worm• The #1 threat facingbusinesses over the past2.5 years.• Detected almost 220 milliontimes worldwide since 2009.• 92% of Conficker infections inorganizations were the resultof weak or stolen passwords.• 8% of Conficker infections inorganizations were the resultof vulnerabilities for which anupdate exists.Targeted AttacksFocus on individuals or organizations. A specific target in mind.Attack MotivesTargets are chosen because of whothey are or what they represent.Common TacticsWeak PasswordsBroad-based AttacksBroad-based attacks reach a large number of people in hopes ofcompromising as many systems as possible.Attack MotivesTypically this tactic is used to stealidentities and money.Common TacticsWeak PasswordsMajority of people areunlikely to encountersuch a threat.Unpatched VulnerabilitiesSocial EngineeringMajority of cybercriminal activity istaking place.Unpatched VulnerabilitiesSocial Engineering| Security Intelligence Report www.microsoft.com/sir