Capability Development Programme

Transcription

1 KPMG Cyber Security Centre Capability Development Programme March KPMG International Cooperative ( KPMG International ). KPMG International provides no client services and is a Swiss entity with which the independent member firms of the KPMG network are affiliated.

2 KPMG Cyber Security Centre Contents Introduction... 3 Cyber Security Landscape... 3 Key Cyber Security Indicators in Singapore... 4 The KPMG Cyber Security Centre (CSC)... 5 Overview... 5 KPMG Cyber Security Framework... 5 Capability Development Programme Overview... 6 Overview... 6 Programme Structure... 6 Key Programme Components... 7 Who should participate?... 7 Programme Tracks... 8 Programme Fee... 8 Application Closing Date... 8 Programme Component Details... 9 Overview... 9 Programme Schedule Capability Maturity Assessment (Lite) Cyber Security Conference Structured Classroom Learning Knowledge Sharing Forum Proof-Of-Concept (POC) Programme Partners Overview Programme Partners Information Registration Form Capability Development Programme 2

3 Introduction The focus on Cyber Security is growing rapidly as a result of high profile security breaches threatening damages to critical infrastructures and data loss. It is no longer a question whether your organisation will be breached, but when. Cyber Security Landscape Organisations are increasingly subjected to increasing amounts of legislative, corporate and regulatory requirements which require them to show that they are managing and protecting their information appropriately. At the same time, changing work patterns involving remote access, big data, cloud computing, services on demand and mobile technology are increasing your organisation s exposure to cyber threats. While these threats are not new and some have been with us since the early 1990s, the focus on cyber security is growing rapidly as a result of high profile security breaches. These breaches have threatened financial systems and in some instances, damaged physical infrastructure across critical national and corporate infrastructures. It is no longer a question of whether your systems will be breached, but when. KPMG s analysis of the current technology and security landscape reveals three key megatrends and parameter shifts being: Loss of control over computing environment Consumerisation of information technology (IT) increases the attack breadth and thus, straining existing defences. The rapid adoption of disruptive technologies with limited consideration of risk implications has also resulted in the lost of control over the computing environment. State of continuous compromise Rise of sophisticated, determined, organised and well-funded attackers performing advanced targeted attacks capable of bypassing traditional protection mechanisms and in some instances, the threats persist undetected for extended periods. Right-spending and capabilities With the pressure to optimise capital and operational spend on already constrained IT and security budgets, organisations are forced to make assumptions that existing security measures are sufficient to mitigate against today s advanced security threats. This has challenged the ability of many organisations in acquiring, retaining and enhancing relevant talent in their workforce. Escalating cyber risks Cyber risk ranks 3 rd among 50 risks globally among 588 senior and board level executives polled in Lloyd s Risk Index 2013 Named in the Top 5 global risks by the World Economic Forum since 2012 Cost per breached record ranges from US$78 to US$233 based on the Ponemon Institute Cost of Data Breach Study: Global Analysis 2013 Growth of mobile malware tripled 2012 numbers at more than 120,000 samples Kaspersky Lab IT Threat Evolution 2013 Capability Development Programme 3

4 Key Cyber Security Indicators in Singapore With the increasing focus on critical infrastructure protection, organisations are subjected to additional regulatory requirements requiring them to have measures in place for managing and protecting their sensitive information. In Singapore, there are a few key indicators for cyber security focus areas being: National Cyber Security Masterplan 2018 (July 2013) The masterplan led by Infocommunications Development Authority of Singapore (IDA) under the guidance of the National Infocomm Security Committee (NISC) aims to strengthen resiliency against cyber threats which includes the enhancement of critical infrastructure such as Cyber Watch Centre (CWC) and Threat Analysis Centre (TAC). Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines and Notices (June 2013) MAS TRM is a mandate for financial institutions (FIs) to ensure monitoring and swift detection of IT incidents. FIs are also expected to report discovery of any IT security incidents within one hour to MAS. Computer Misuse and Cybersecurity Act (March 2013) Computer Misuse Act has been renamed as Computer Misuse and Cybersecurity Act to allow the Singapore Government to take more effective, timely and proactive measures against cyber security threats. Capability Development Programme 4

5 The KPMG Cyber Security Centre (CSC) The threats posed by cybercriminals and hacktivists are growing in scale and sophistication. Is your organisation becoming increasingly vulnerable as technology advances and working practices evolve? Overview The KPMG Cyber Security Centre (CSC) serves as a platform for thought leadership, capability development and innovation for cyber security. It seeks to gather companies, institutes of higher learning and security technology vendors into a collaborative environment. Together, these industry players will work towards enhancing organisational defences against evolving cyber threats. Our initiatives are based on three key thrusts: Empower, Transform and Innovate. KPMG Cyber Security Framework KPMG Cyber Security Framework is developed based on the guiding principles that no matter how good your defences are, there still is a risk of a successful attack. Our framework is purposely intelligence-led to build understanding of the diverse threat landscape and put this insight at the heart of cyber security decision-making. This overarching framework helps our clients take a holistic approach to cyber security and to be more prepared and more resilient to threats. Threat Intelligence Sits at the heart of the framework and implement the building blocks of intelligence and, in mature organisations, use intelligence as a springboard for delivering effective cyber security. Prepare Understand vulnerabilities and improve preparedness against cyber attack. Protect Design and implement cyber defence infrastructure. Detect and Respond Respond to and investigate cyber attacks. Integrate Embed cyber security in the culture and decision making of organisations. Transformation Design and deliver a wholesale program of change to improve cyber security capability. Capability Development Programme 5

6 Capability Development Programme Overview Do you know how mature your organisation s cyber security capability is? KPMG can work with you to help increase your organisation s preparedness against cyber threats and to achieve capabilities in early threat detection, rapid response and robust recovery. Overview The first programme to be rolled out under the CSC is the Capability Development Programme. Through this six-month programme, KPMG in Singapore will help participating organisations enhance their cyber security preparedness by: implementing framework and architecture for early detection of cyber threats and robust incident response; acquiring expertise in discovery, analysis, containment and eradication of malware threats; and developing cyber security intelligence capabilities so that organisations are keenly aware of the cyber environment and are ready to defend themselves against cyber attacks. The programme is structured to provide participating organisations with critical skillsets and a holistic view of cyber defence in the face of today s cyber threats. Programme Structure Participating organisations will be challenged to upgrade their skills, engage in cyber war gaming exercises as well as develop and implement proof-of concepts. Through a structured series of classroom learning and hands-on implementation, participating organisations will: gain foundational knowledge of cyber security from globally recognised cyber security professionals and learn to tackle today s urgent cyber security issues sharpen cyber threat detection and incident response capabilities through exercises in Singapore Polytechnic s Cyber Wargame Centre. Participating organisations will be exposed to real-world tactics employed by attackers and learn how to handle crisis while maintaining regular business and operational processes. develop proof-of-concept frameworks and solution architectures targeted at specific industry problem statements customised to their organisation s environment. KPMG cyber security specialists and our security technology vendors will work with participating organisations on these projects. Capability Development Programme 6

7 Key Programme Components Programme Component Cyber Security Conference Description Outcome Duration Industry cyber security specialists will be invited to share their insights Obtained insights on how to on the latest trends and mitigation transform their cyber security. approaches against cyber threats. 1 day Cyber Maturity Assessment (Lite) Assess participating organisation s preparedness against cyber attacks. Established roadmap for cyber security preparedness. Up to 5 days Structured Classroom Learning Four critical cyber security areas below will be covered by trainers: Cyber Defense Cyber Intelligence and Threat Detection Cyber Response and Recovery Malware Analysis and Digital Forensics Acquired critical cyber defence skillsets to detect and respond to cyber threats. 12 days (3 days per session) Cyber War Game Exercise Cyber war games will be conducted in a state-of-the-art cyber range at Singapore Polytechnic s Cyber Wargame Centre using simulated scenarios to drill participating organisations on concepts learned. Improved awareness of cyber risk and response capabilities. 3 days Proof-of-Concept (POC) Approved POC will be defined and implemented in the participating organisation s operating environment with the support of our Programme Partners. Obtained hands-on experience relevant to participating organisation s Up to 4 months Knowledge Sharing Forum Platform to share and obtain insights on the outcome of POCs implemented by participating organisations. Obtained further insights from lessons learnt 1 day Who should participate? Organisations embarking on cyber security initiatives to enhance their preparedness and resiliency should consider nominating employees with the following job roles aligned to the National Infocomm Competency Framework (NICF) for participation: Information Security Consultant Security Administrator Security Engineer Capability Development Programme 7

8 Programme Tracks Under the programme, KPMG is offering two tracks to cater for different organisations needs: Full Programme Partial Programme (without POC) Note: IDA ilead Expanded Grant is not applicable for the Partial Programme without POC track. Programme Fee The fee for both the Full and Partial Programme is S$3,000 per person from each participating organisation (programme components may not be shared by more than one individual except the registered participant or substitute), excluding the prevailing GST rate. IDA ilead Expanded Grant This programme is part of the Infocomm Development Authority of Singapore (IDA) Infocomm Leadership and Development Programme (ilead) Expanded. It aims to help Singapore s infocomm manpower keep pace with technology changes. Eligible organisations may submit an application to IDA for the ilead Expanded grant subject to IDA s approval. Application Closing Date 26 March 2014, 5:00 pm.

9 Programme Component Details KPMG has designed our capability development programme to empower your organisation to know your cyber risks linked to business outcomes; understand the latest approaches and best practices; identify fit for purpose solutions; and to develop your cyber security transformation roadmap. Overview Our programme starts with working together with the participating organisation on a Cyber Maturity Assessment (Lite) to quickly assess the maturity in cyber security defence and preparedness in cyber security response. This will be followed by structured classroom learning and cyber exercises scheduled across the programme duration. Participants in the programme will also undertake a POC implementation to further enhance their capability through hands-on implementation. While the above is the recommended programme structure, participating organisations have the flexibility to conduct the CMA based on a suitable schedule within the six months programme duration. Additionally, participating organisations may embark on the POC programme component based on a suitable schedule but must be completed within 12 months of programme commencement. Capability Development Programme 9

10 Programme Schedule Date Time Programme Component 01 Apr Cyber Security Conference Apr Structured Classroom Learning Apr Structured Classroom Learning May Structured Classroom Learning Jun Structured Classroom Learning Jul Structured Classroom Learning 12 Sep Industry Sharing Cyber Security Conference Cyber Defense Foundation Training Cyber Intelligence and Threat Detection Cyber Incident Response Malware Analysis and Digital Forensics Cyber Wargame Exercise Knowledge Sharing Forum Cyber Maturity Assessment (Lite) The program will start with a Cyber Maturity Assessment (Lite) to assess participating organisations preparedness against cyber attacks. The high level gaps identified will help participating organisations in prioritising their cyber security efforts and allocation of resources. The programme participant will work with KPMG as part of the assessment team. Senior executive sponsorship is required to ensure management support and commitment for the success of the assessment. Cyber Maturity Assessment (Lite) CMA1 CMA2 Cyber Maturity Assessment (Lite) Early Signup Cyber Maturity Assessment (Lite) Signup Objective Duration Outline Learning Outcomes Assess organisation s ability to protect its information assets and its preparedness against cyber attack. 3-5 days The Cyber Maturity Assessment (CMA) benchmarks an organisation against a cyber maturity model and provides a rounded view of people, process and technology to: Understand areas of vulnerability; Identify and prioritise areas for remediation; and Demonstrate both corporate and operational compliance. KPMG Security Consultants together with Participants will assess the cyber maturity level through a combination of questionnaires, interviews and workshops to address the following six key dimensions: Executed using Leadership and Governance Information Risk Management Human Factors Operations and Technology Business Continuity and Crisis Management Legal Compliance Analyse the cyber threat environment and advise management on the organisation s cyber defence effectiveness. Understanding of organisation s cyber maturity level and prioritised areas for management action plan. Capability Development Programme 10

11 Cyber Security Conference The Cyber Security Conference brings together industry experts to share their insights on the latest cyber security trends allowing participating organisations to plan for and cater to emerging threats, as well as, understanding how similar organisations are transforming their cyber defences. The conference for 2014 is themed Transforming Your Cyber Security. Non-participants in the Capability Development Programme may attend at a fee. Cyber Security Conference SC Cyber Security Conference Objective Duration Hear from industry cyber security specialists on their insights of the latest trends and mitigation approaches against cyber threats. 1 day Confirmed speakers for the Transforming Your Cyber Security conference: Freddy Tan Member, Board of Directors, (ISC) 2 Craig Stires Research Director, IDC Pierre Noel Chief Security Officer (Asia), Microsoft Justin Harvey Chief Solutions Strategist, FireEye Outline Stephen McCombie Senior Manager for Advanced Cyber Defense Practice (APJ), RSA Roy Katmor Director for Security Strategy, Akamai Nishant Ranjan Solution Architect, McAfee Nicholas Percoco Director, KPMG in Chicago Stan Hegt Manager, KPMG in Netherlands Learning Outcomes Obtain insights on latest trends and mitigation approaches against cyber threats. Capability Development Programme 11

12 Structured Classroom Learning The Structured Classroom Learning will be conducted by cyber security practitioners on the frontline of the battle against cyber threats, focusing on the following four critical cyber security areas: Cyber Defense Foundation Cyber Intelligence and Threat Detection Cyber Response and Recovery Malware Analysis and Digital Forensics Structured Classroom Learning Objective Duration Outline Learning Outcomes C1 Cyber Defense Foundation Training Understand the fundamentals of cyber threat detection and response frameworks and techniques. 3 days Focus on understanding fundamentals of cyber threat detection and response through lectures, case studies and exercises: Cyber intelligence threat and vulnerability Threat detection - traffic analysis, correlation of indicators Cyber response preparation, identification, containment, eradication and recovery Malware analysis methods and techniques for identification, containment and eradication Digital forensics preservation of evidence and analysis Understand the key areas of focus to design, implement and manage a cyber defense framework and architecture. Structured Classroom Learning Objective Duration Outline Learning Outcomes C2 Cyber Intelligence and Threat Detection Develop capability to research, develop and implement advanced technologies based on algorithms and data models to detect, analyse and mitigate security attacks. Focused on building a situational aware architecture through use of large security data sets and integration with external threat intelligence sources. 3 days Focus on understanding adversarial threats, detection methods and security intelligence approaches through lectures, case studies and exercises: Fundamentals of traffic analysis and tools Understanding the Kill Chain Common attack vectors and different classes of attacks Understanding the adversary and their evasion techniques Intrusion detection methodologies and techniques Network forensics and correlation of indicators Technologies and algorithms in security intelligence and analytics Open source intelligence (OSINT) and intersections of data, information and intelligence Role and value of cyber intelligence threat and vulnerability Collection and analysis methods for actionable intelligence Integration techniques to preventive cyber defence measures Analyse cyber attack methods to determine capabilities, propagation characteristics, and detection signatures. Manage cyber intelligence framework and architecture in terms of organisational teams, governance processes and security technology solutions Capability Development Programme 12

13 Structured Classroom Learning Objective Duration Outline Learning Outcomes C3 Cyber Response Develop capability to design, implement and manage a cyber response framework and architecture to handle and rapidly respond to cyber incidents. 3 days Focus on understanding cyber response framework and architectures required to rapidly respond to an identified breach through lectures, case studies and exercises: Incident response organisation and team structure Incident response and handling fundamentals Handling network, malicious code and insider incidents Key tools, techniques, and procedures to properly respond to intrusions Proper incident scoping and detection of all compromised systems Analysis methods to identify exactly how the breach occurred and what was taken Key approaches to eradicate a current incident Use of threat intelligence to determine if the same adversary returns to the enterprise Incident reporting and recovery Manage cyber response framework and architectures to support organisations in performing situational analysis, planning a course of action and coordinating the response plan to narrow the breach window and rapidly contain and eradicate the problem. Structured Classroom Learning Objective Duration Outline Learning Outcomes C4 Malware Analysis and Digital Forensics Develop capability to design, implement and manage a malware analysis and digital forensics framework and architecture to contain, eradicate and recover from malware attacks. 3 days Focus on understanding malware analysis digital forensics processes and techniques through lectures, case studies and exercises: Configuration of the malware analysis lab Malware analysis toolkit Basic static, dynamic and behavioral analysis of malicious code Automated malware analysis Forensic toolkit Chain of evidence and custody Methods of forensic imaging process Preservation of evidence Forensic analysis methods Forensic reporting Design and implement security technology environment and process frameworks to contain, eradicate and recover from malware attacks. Capability Development Programme 13

14 Structured Classroom Learning Objective Duration Outline Learning Outcomes C5 Cyber Wargame Exercise Employ security intelligence, malware analysis and cyber response techniques in a cyber exercise with war gaming scenarios conducted in a cyber range. 3 days Focus on participant s ability to use relevant techniques to defend against cyber attacks, whilst keeping the production environment and internal procedures up and running: Preparation of team roles and environment for blue and red team exercise Handling of crisis situations Evaluate how people and teams work in stressful situations Manage roles, tasks and delegation during large scale cyber attack Manage business processes while in crisis mode Debriefing on outcome of cyber exercise Integrate security intelligence, malware analysis and cyber response techniques in a cyber defense scenario Knowledge Sharing Forum The Knowledge Sharing Forum serves as a platform for the participating organisations to share their lessons learnt based on their POC implementation. The objective is to enhance cooperation and increase participant s knowledge across critical cyber defence skillsets. KPMG will facilitate and moderate the session to ensure learning outcomes and maintain confidentiality of participating organisation s information. Industry Sharing SF Knowledge Sharing Forum Objective Duration Outline Learning Outcomes Foster a more collaborative cyber security community among user enterprises, institutes of higher learning and security technology vendors. 1 day Participants to share the details of POCs implemented in terms of: Problem statements to be solved Implementation approach POC results and lessons learnt Obtain further insights from the outcomes of POCs implemented. Capability Development Programme 14

15 Proof-Of-Concept (POC) After going through the Cyber Maturity Assessment, the participating organisations should have a high level understanding on cyber defence areas that require improvements. KPMG will work with the participating organisations to define a POC to evaluate governance frameworks and technology solutions to address a specific area of improvement. Participating organisations may work with selected Programme Partners (see page 16) for technology driven improvements. Such technology POCs will be conducted on-site within participating organisation s operating environment and KPMG will assist to facilitate the arrangements with the Programme Partners. Our KPMG Cyber Security Team will directly support participating organisations for non-technology focused POCs. A critical objective of the POC is to enable experiential learning by the programme s participants who will be expected to play a key role in the definition, development and implementation of the project. Proof-of-Concept P1 Project Definition P2 Concept Development P3 Concept Feasibility Study P4 Project Implementation P5 Project Reporting Objective Co-develop proof-of-concept (POC) frameworks or solution architectures to solve specific problem statements and implement these POC projects into their user enterprise operational environment. Duration 4 months Outline Participants will work with KPMG specialists who will provide cyber security subject matter guidance, facilitate the POC development and implementation, and coordinate with solution vendors (as required). Projects may include but not limited to the following problem statements: Faced with today s advanced security threats, most enterprises do not have a clear strategic plan and implementation roadmap aligned to a Cyber Defence Maturity Model. What are the capabilities that define such a model and the building blocks to achieve the desired state of maturity? Enterprises are taking weeks to months from compromise to discovery and eventually containment. How do we build a framework and architecture for early threat detection and rapid incident response? Enterprises are not effectively leveraging security data for predictive threat detection. What is the data that matters and how do we make use of the collected data effectively and efficiently to identify indicators of compromise? Threat detection today is reliant on reactive security monitoring. How do we implement a practical exploration-driven threat detection framework to identify the unknown unknowns? Malware is by far the most effective means for an attacker to infiltrate an organisation, persist undetected for long periods of time and exfiltrate data from the compromised environment. What is the framework and architecture required for identification, analysis, containment and eradication of the malware threat? Learning Outcomes Further enhance lessons learnt from the structured learning component of the programme. Capability Development Programme 15

16 Programme Partners KPMG recognises that capability development of the ecosystem requires greater collaboration between user enterprises, technology solution vendors and institutes of higher learning. Our Programme Partners bring to the platform, market leading solutions and learning environments to support participants on their cyber defence roadmap. Overview KPMG has lined up the following Programme Partners that address different aspects of the KPMG s Cyber Security Framework: Singapore Polytechnic (SP) Cyber Wargame Centre provides a well-equipped environment for conducting simulated cyber war games. FireEye Malware protection against advanced cyber threats such as Advanced Persistent Threats (APT) RSA A combination of Security Incident Event Management (SIEM), network forensics, big data analytics and threat intelligence to monitor, detect and response to cyber threats. McAfee Connect industry-leading security solutions to their enterprise infrastructure to increase visibility, gain efficiencies, and strengthen protection against cyber threats. Akamai Provide cloud computing security, prevent data theft/downtime and mitigate Denial of Service (DoS) attacks by extending the security perimeter outside the data center. Programme Partners Information In this section, we will provide more information on KPMG s programme partners such as their company profile, overview of solutions relevant to cyber security, resources committed to the POC, as well as, the pre-requisites for POC implementing their solutions. Singapore Polytechnic Singapore Polytechnic (SP) is one of the established polytechnic in Singapore setup in 1954 to train technologists and professionals to support the industrialisation and economic development of Singapore. To date, it has more than 16,000 full-time and part-time students whom are pursuing a total of 68 diploma courses. SP has recently launched the Cyber Wargame Centre to provide students from the School of Digital Media & Infocomm Technology with hands-on experience of a security professional. The SP Cyber Wargame Centre consists of several labs which are setup for various purposes such as launching attacks, setting up network defences, conducting forensics investigation and performing malware analysis. Programme Support KPMG CSC Capability Development Programme will be using the SP Cyber Wargame Centre for conducting the Cyber Exercise as part of the Structured Classroom Learning. Participating organisations will play the role of the blue team in responding to cyber attacks by the red team in this stimulated environment. Capability Development Programme 16

17 FireEye FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, Intrusion Prevention System (IPS), anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organisation across the primary threat vectors, including Web, , and files and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,100 customers across more than 40 countries, including over 100 of the Fortune 500. With the acquisition of Mandiant, the leader in endpoint security, incident response, and remediation; FireEye now offers the most complete library of actionable threat intelligence on advanced threats and a product suite that can apply that intelligence to detect and prevent attacks on both the network and on endpoints. RSA RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. We help the world s leading organisations (including 90 percent of the Fortune 500) succeed by solving their most complex and sensitive security challenges. These challenges include managing organisational risk, safeguarding mobile access and collaboration, providing compliance and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption and key management, SIEM, Data Loss Prevention and Fraud Protection with industry-leading enterprise Governance, Risk and Compliance (egrc) capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. Programme Support Relevant hardware appliances, software licenses and technical engineer support will be provided. Capability Development Programme 17

18 McAfee McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse, and shop the web more securely. Backed by its unrivaled global threat intelligence, McAfee creates innovative products that empower home users, businesses, the public sector, and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. Programme Support Relevant hardware appliances, software licenses and technical engineer support will be provided. Akamai Akamai is the leading provider of cloud services for helping enterprises provide secure, high-performing user experiences on any device, anywhere. If you've ever shopped online, downloaded music, watched a web video or connected to work remotely, you've probably used Akamai's cloud platform. Akamai helps enterprises accelerate innovation in the hyperconnected world by removing the complexities of technology so you can focus on driving your business faster forward. We enable enterprises to capitalize on market opportunities presented by trends like mobile and cloud while overcoming the challenges presented by security threats and the need to reach users globally. The Akamai Intelligent Platform reaches globally and delivers locally, providing unmatched reliability, security and visibility into your online business. Programme Support Relevant hardware appliances, software licenses and technical engineer support will be provided. Capability Development Programme 18

19 KPMG Cyber Security Centre Capability Development Programme Registration Form Please complete the following and *Delete where inapplicable 1. Registration Details Company Name: <Please indicate the legal entity name> Registered Address: Contact Person Salutation: Last Name: Designation: Contact Number: Dr / Mr / Mrs / Mdm / Ms / Others: * First Name: Fax Number: Programme Participants No. Salutation Last Name First Name Designation Contact Number Address Programme Option: Full Programme / Partial Programme (without POC) * 2. Programme Fee (applicable for both programme options) Programme Fee: S$3,000 (excluding Goods and Services Tax) per participant 3. Payment and Billing Information For programme fee, please make cheque or bank draft payable to KPMG Services Pte. Ltd. ( KPMG ), 16 Raffles Quay, #22-00 Hong Leong Building, Singapore KPMG will provide a tax invoice upon clearance of your cheque. We seek your understanding that there will be no refunds upon confirmation of registration. Please inform KPMG of substitution(s) prior to the start of the programme to avoid inconvenience. In circumstances beyond our control, we reserve the right to cancel the programme, or make changes to the schedules, venue and speaker(s)/trainer(s). Photography, audio, and/or video recording are not permitted during the programme activities unless authorised by KPMG. Capability Development Programme 19

20 Billing Address: <Please indicate if different from Registered Address > Attention Invoice To Last Name: Designation: Contact Number: First Name: Fax Number: 4. Disclaimers and Request for Consent The participating organisation agrees to allow KPMG to contact participants for future KPMG initiatives or mailer. Yes / No * The participating organisation agrees to allow KPMG to generate content for use from the interviews conducted. Yes / No * Acknowledged by the Participating Organisation Signature Date Name: Designation: Company Name: Contact us If you need further assistance, please contact: Chionh Hui Ming Tel: hchionh@kpmg.com.sg Jestina Pang Tel: jestinapang@kpmg.com.sg Capability Development Programme 20