Eng. Mohammed Aldoub

Cybersecurity Consultant and Global Trainer

Dr. Fawaz Alkhateeb

Taher Group Law Firm and KILAW, Kuwait

Mr. Kyle Brundage

System Administrator, Office of Military Cooperation-Kuwait

Dr. Reem AlShammari

Corporate Solutions DTx Leader in Kuwait Oil Company & Founding Partner of Women in Cyber Security Middle East (WiCSME)

Transforming Business in a Resilient, Secure and Safe Business Environment

Abstract:

Questions covering:

• Business Transformation and Cyber Security Partnership?
• How to become Business Resilient with proper Cyber Security posture?
• Success Stories to share.
• Golden Nuggets and Take sways.

Mr. Osama Abduo

Fortinet, Middle East

Protecting Smart Cities with Smart Security

Abstract:

Attackers never sleep! They are always targeting our assets. The more our cities become smart, the broader the attack surface will be. This cyber-exposure encourages the attackers to target our networks, jump inside, and cause the damage. In this session, we will take a look at the latest attacks trends, and how attackers can take over control and exfilterate data causing an impact on multiple aspects including financial, reputation, time, and more. The second part of this session will show how our networks can be intelligent enough to provide the maximum level of security. Security which understands who, what, where and when, to contain and counter the various types of attacks.

Mr. Patrick Nicely

Chief Warrant Officer Two, DoD - US Army

Mr. Bradley Jumper

Chief Warrant Officer Two, DoD - US Army

Risk Management

Abstract:

In our presentation, we will conduct a brief overview of risk management as it pertains to cybersecurity. We will cover what risk management is to include some key terminology and concepts such as assets, threats, vulnerabilities, etc. We will discuss some of the items covered during a risk assessment/analysis. Additionally, we will go over the risk response options including mitigation, transference, avoidance and acceptance. We will review physical, logical and administrative control categories. Further discussion of controls will include a discussion on the following control types: preventive, deterrent, detective, compensating, corrective, and directive. We will close with a listing of industry best practice risk frameworks currently in use.

Eng. Ali AlEnezi

Public Institution for Social Security

Building the Cybersecyrity Foundations: Basic Hygiene

Abstract:

A number of frameworks and standards provides guidance on what cybersecurity controls basic or otherwise should be in place to protect the organisations. Examples of these frameworks include National Institute of Standards and Technology (NIST) Cybersecurity Framework, International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001 the Center for Internet Security (CIS). During this session, we will provide a starting point for an effective cybersecurity program by showing a list of basic controls from ISO/IEC 27001 the CIS including a few additional control practices that may not be truly basic today.

Eng. Ali Alkhaled

Central Bank of Kuwait

Mr. Belal AlSheikh

Palo Alto Networks, Kuwait

Mr. Mohammed B. AlJouan

Board Member - Kuwait Economic Society

Mrs. Wafaa AlSarraf

Ministry of Higher Education

Officer Shambrella McLendon

Chief Warrant Officer Two, DoD-US Army

Moderated by:

Dr. Dari Alhuwail

Kuwait University

Eng. Ali AlKhaled

Central Bank of Kuwait

Achieving Cyber Resilience in Kuwait Banking Sector: Context – Approach – Challenges

Abstract:

This talk will highlight the key role of the Central Bank of Kuwait (CBK) in addressing Cybersecurity/Cyber Resilience in the State of Kuwait. A role that is multi-contextual and multi-dimensional. The following will be the two major pillars of the talk:

1. Managing Cybersecurity at the Central Bank of Kuwait – CBK as an “Organization” within the context of: Government Sector, Regional Central Banking Community, and International Central Banking Community.
2. Managing Cybersecurity in Kuwait Banking Sector – CBK as a “Regulator” of the Banking Sector within the context of the State of Kuwait and Internationally.

The talk will also highlight the following key areas:

1. CBK’s journey towards “Cyber Resilience” on an organizational-level and on s Sector-level.
2. CBK’s key initiatives, as a leading organization, in establishing and nurturing the culture of Cybersecurity in Kuwait, through: Awareness campaigns, Training programs, Engagement with community, ..etc.

Mr. Belal AlSheikh

Palo Alto Networks, Kuwait

Uplift Your Security Resilience With Zero Trust Enterprise Strategy

Abstract:

Palo Alto Networks advocates for the Zero-Trust Enterprise strategy as a more efficient way for enterprise customers to combat today’s increasingly sophisticated attacks and threats. Disruption is the hallmark of 2022. Combining the digital transformation and sudden outbreak of the COVID-19 pandemic has created ‘chaos with no control’, not necessarily because organisations have more employees but because they are all in different geolocations, operating from various networks, on multiple devices, which cybercriminals exploit and subsequently has led to tremendous growth in cyberattacks worldwide.

Relying on a conventional security approach is no longer a practical option for securing high-value assets. Adversaries will always be one or more steps ahead. Attacks are increasingly sophisticated, and the need for a multi-layered E2E cybersecurity strategy is more compulsory than ever, aiming to enforce the defense-in-depth principle across the digital ecosystem.

Dr. Waheeda Almayyan

PAAET, Kuwait

A Data Mining Approach for Filtering Out Social Spammers in Large-Scale Twitter Data Collections

Abstract:

Social networking services – such as Facebook.com and Twitter.com – are fast-growing enterprise platform that has become a prevalent and essential component of daily life. Due to its popularity, Twitter draws many spammers or other fake accounts to post malicious links and infiltrate legitimate users' accounts with many spam messages. Therefore, it is crucial to recognize and screen spam tweets and spam accounts. As a result, spam detection is highly needed but still a difficult challenge. This article applied several Bio-inspired optimization algorithms to reduce the features' dimensions in the first stage. Then we used several classification schemes in the second stage to enhance the spam detection rate in three real Twitter data collections.

Dr. Mohamed Torky

Higher Institute of Computer Science and Information Systems, Egypt

Authenticating and Verifying Drone Charging Transactions: A Novel Blockchain Protocol

Abstract:

Unmanned Aerial Vehicles (UAVs) (or Drones) is fast becoming an important technology that will play pivotal roles in many non-military fields and industrial applications in the next few years. However, the biggest challenge is that drones are not sufficiently regulated and authenticated, which raises a significant concern in drones cybersecurity and internet of energy (IoE). One of these authentication challenges is verifying drone charging transactions with ground charging stations. Malicious operators of energy within IoE network will heavily threaten security and privacy of both of UAVs and charging stations through various malicious attacks, such as, privacy leakage, falsification, node impersonation, and fake charging transactions, etc. Blockchains are an emerging technology that has drawn considerable interest for managing and securing transactions in IoE networks. Blockchains promise transparent, tamper-proof, and secure protocols that can enable untraditional solutions for securing and authenticating real time transactions especially when combined with smart contracts. In this work, a Blockchain protocol is proposed for authenticating and verifying drone charging transactions with ground charging stations. The proposed protocol is based on ED25519, a highly secure public-key signature system, which is based on Edwards-curve Digital Signature Algorithm (edDSA) for generating ED25519-based keys (private and public) used to authenticate the identities of drones and charging station points in Blockchain-based IoE networks.

Dr. Mohamed Elsersy

Lecturer, Computer Information Science, Faculty of Computer Information Systems, Higher Colleges of Technology, UAE

Privacy-Preserving Data Sharing Scheme for Healthcare Systems

Abstract:

The extensive use of electronic medical records (EMRs) has become extremely helpful for professionals in the medical industry for efficient diagnosis and treatment. It is beneficial for medical professionals to see the notes from other professionals as it is almost impractical to get the patient medical history verbally. Utilizing ongoing advances in healthcare, many institutions are transitioning from paper-based records to electronic medical records. A cloud is an excellent option for hosting large amounts of data like all the EMRs from a hospital. There is a pressing need to safeguard the shared information with a scheme that ensures secure data sharing. We propose a privacy-preserving data sharing scheme for healthcare systems. Our proposed scheme provides patient records only accessible to authorized personnel. Because patient privacy and data protection are critical, all patients' data must be encrypted before sending it to the cloud provider. This data encryption creates a need for a doctor, nurse, or even the patient themselves to find which file is there to access it. To do this, we will need to use a method for searching over encrypted data. However, with homomorphic encryption, you can update encrypted data in the cloud environment without ever having to decrypt it. Our proposed scheme will use a kNN encryption scheme to employ a trusted key distribution center (KDC). That will enable multiple doctors to search over encrypted data while ensuring that our cloud server is the only service that allows such searching. Patient data will be encrypted utilizing the KDC services and uploaded to the cloud server that holds a KDC session key. The proposed method shows an efficient performance compared to the existing schemes.

Mr. Osama Abduo

Fortinet, Middle East

Security Fabric Workshop

Location

S-3D-1019

Abstract:

Today’s networks are highly complex environments with borders that are constantly changing. In response to this highly complex environment, an integrated security approach has become a necessity, with firewalls being the center of this security fabric, and multi-functional devices that counter an array of threats to your network.

In this workshop, participants learn the basics of how to install a FortiGate and use it to protect a network. FortiGate enables security-driven networking and consolidates industry-leading security capabilities, such as SSL inspection, antivirus, web filtering, and application control. By doing this, FortiGate meets the performance needs of highly scalable, hybrid IT architectures, enabling organizations to reduce complexity and manage security risks. FortiGate simplifies security complexity and provides visibility into applications, users, and networks. FortiGate utilizes purpose-built security processing units (SPUs) and threat intelligence services from FortiGuard Labs to deliver top-rated security and high performance threat protection.

Participants who attend this workshopwill learn how to:

• Install a FortiGate device in a network
• Configure basic routing
• Create security policies
• Apply security scanning
• Configure local user authentication
• Use the CLI
• Configure the Fortinet Security Fabric