ISACA Joint IHL Event 2013

The Singapore ISACA Student Groups (TP, SP, NYP) came together on the Saturday, 30th March 2013 for a Joint Institute of Higher Learning (IHL) event themed “Road to InfoSec Professional (Learning Journey)” at Singapore Management University (SMU).

Firstly, Mr Tong Seng Chee, the director of Academic Outreach ISACA (Singapore Chapter) shared about how the organizing committee took 4-5 months to organize this event, wishing that the future generations would continue organizing it. There are a total of 3 ISACA student groups that are recognized in Singapore out of 16 ISACA student groups worldwide. Mr Tong encourages the participants to “Never say no”. Take up the challenges and opportunities and that the key thing is not what you know but the resources that you can find.

Next, Mr Lenoard Ong, the president of ISACA (Singapore Chapter) shared his story on how he started working from network security to project management. Mr Ong shared that “A good mix of technical skills and soft skills will be beneficial for your career” stating that companies can do a lot more with security such as iBanking.

Thirdly, Mr Ryan, a penetration tester in security.assessment.com. Mr Ryan shared his experience as an intern system administrator, moving to an IT administrator before being a penetration tester in Singapore. He has various experiences working in Indonesia, Thailand, Japan, Singapore and New Zealand.

Last but not least, Mr Teh KaiWen shared his experience in TP where he took up IT security which is an advantage as he learnt both programming and security. He joined ISACA Student Group (TP) during his junior year and became the president in his senior year.

After a short break, Lightning talks were given by the different students from the different student groups. Firstly, Nicholas started the lightning talk by presenting on Infocomm Security, the approach to learning how different exploits work by using a bottom up approach. Next, Jeremy continued the lightning talk by presenting on “Bypassing Python Sandbox Security”. After Jeremy, Wee Kiat continued by looking at binary from a different way, “File Type Binary Data Visualisation”.

Next, Verbena Ong and Gerald Quek from TP shared about the “Facebook Forensic Toolkit v2.0”. Originally created by Teh KaiWen, the 2nd version of Facebook Forensic Toolkit includes a graph and word cloud generator that can be used to help the SPF narrow down suspects for a crime. After the “Facebook Forensic Toolkit v2.0” talk, Lim XiuMei, Tan Heng Yeow and Tan Chuan Yang from TP shared about the “Cold Boot Project” which was used to obtain the memory of the RAM and compare the rate of decay before an image is totally lost on the RAM.

After the sharing by TP students, Yong Xiang from NYP shared about password auditing. Technology advances and password auditing has moved on to cloud cracking where the hash must be submitted online. Yong Xiang shared that the complexity of a password is much more important as compared to the length of the password.

Last but not least, Choon Heng from SP shared about social engineering. It is easier to get password by knowing the person as mentioned by Choon Heng. One example is whereby the security questions that are usually used to reset or change password, “Who is your best childhood friend?”. According to Choon Heng, you can get close to that person and just ask the answer straight. One thing that the divisor engineers have is confidence. Common techniques such as familiarity exploit and creating a hostile situation can be used. Lastly, using the advantage of human tendency to trust, it is easy to obtain any password from a person.

After the lightning talks by the students from different schools, Mr Tong end off the event by sharing that new exploits are generated everyday so even if the IT students have graduated, they can still continue learning in order to counter these exploits.

This slideshow requires JavaScript.

All ‘Bout Security Seminar 2013

The All ‘Bout Security (ABS) Seminar 2013 was held on 13th March and it marks the second time I have attended the seminar event. Just like every ABS, speakers from the I.T Security industry are invited to give a talk on current security standards and ways to protect our digital assets.

This year, the main topic of the seminar revolves around Mobile and Application security. The seminar kicked off with Vincent Tay from Balanced Consultancy Pte Ltd giving a talk about security frameworks using mobile devices.

The next speaker is Christopher Low from ThinkSECURE Pte Ltd who gave a talk on Mobile Security.

After both speakers have finished discussing on the topic of mobile security, it set me thinking:” All the time we use mobile devices in our everyday life, we are also exposing ourselves to some form of danger when we download apps without consideration. At the same time, mobile devices can also aid us in many forms of operations.”

The last speaker, Cecil Su, from MAISP e-Cop Singapore gave a talk on Application Security. As a student from the I.T security field, it is refreshing to learn about application security once again when listening to Mr Su talk about application security development cycles and other relevant ways of protecting application development.

Overall, the ABS seminar has always been an eye-opener experience for me as each year’s topics discussed in the seminar are always changing. With that, I look forward to next year’s All ‘Bout Security to broaden my experience and knowledge in I.T security.

Annual ISACA Day 2013

On 15th February 2013, ISACA Student Group @ Temasek Polytechnic had their annual ISACA Day in Temasek Polytechnic. We were honoured to invite Mr Leonard Ong, President of ISACA Singapore Chapter and Mr Ho Shee Yan, Head of Audit Division at Accounting and Corporate Regulatory Authority, as our guests. This year is also special as our past current presidents, Benjamin Lee and Teh Kaiwen, came to support the event.

The program kicked off with an opening speech from Yong Jia Jie, the current President of ISACA Student Group @ Temasek Polytechnic. Through his speech, Jia Jie gave an insight of the student group’s yearly activities as well as highlighting the benefits of joining as an ISACA member.

Following the opening speech, two groups of students from the Diploma in Digital Forensics presented the projects which they had worked on during their holidays. The first project was the “Facebook Forensics Toolkit”. Students from both Diploma in Digital Forensics and Cyber & Digital Security had worked together to build a forensics application that was able to retrieve and analyze Facebook data. The second project was the “Cold Boot Forensics”, an application that was capable of retrieving data from the RAM (Volatile Memory) even after the power was cut off.

After the projects sharing session, our guest speaker, Mr Ho Shee Yan gave a talk on the “Success Factors In Information Systems Audit”. Throughout his talk, he engaged the audience by sharing his past experiences in the field with them.

The day concluded with refreshments as well as students signing up as ISACA student members.

Thank you one and all for your support.

This slideshow requires JavaScript.

Annual Python Workshop 2012

On 27th December 2012, ISACA Student Group @ Temasek Polytechnic organized an annual beginner’s workshop course for python language. All members from the diplomas of Digital Forensics and Cyber Digital Security were invited to attend and learn something new for the duration of 2 days. The main goal of this event was to equip the participants with some knowledge of python.

Day 1 of the event started at 10am, some eager learners had made the effort to arrive earlier. By 10 .15 am, the lab was already full consisting of mostly juniors and a handful of freshmen. The day started with Zhen Yong teaching the participants the basic commands for python and a brief overview of the use of python. After a lunch break, they continued to learn the basis of python as well as exercising their skills on some challenging practices. At the end of the first day, the participants were equipped with basic skills in python.

The objective of the second day was to put the participant’s skills of python to use. The event started at 10am where participants were given a set of challenges to complete within 2 hours. Winston Ho emerged as the winner by completing an impressive amount of challenges within the time duration and was awarded a prize for the most number of challenges done. Through this workshop, the participants were equipped with new python knowledge and got a chance to get hands-on with the challenges.

We would like to thank Kwek Jing Yang, the vice president of ISACA Student Group @ Temasek Polytechnic and the committees Tan Zheng Yong, Nicholas Soh and Kenneth Tan for organizing the event and making the workshop a great success.

This slideshow requires JavaScript.

Digital Forensics Get Together Day

On the 28th of June, the annual Get Together Day for ISACA Student Group was held. This annual event is aimed at providing an opportunity for freshmen, juniors and seniors from the Diploma of Digital Forensics to interact with one another as well as to know one another.

The event started with Yong Jia Jie, the President of ISACA Student Group, giving an opening speech and introduced ISACA to the freshmen as well as informed the freshmen regarding ISACA Student Group’s aims and efforts.

This was followed by Gerald Quek, one of the event organizers as well as Heng Yeow, a helper from the Diploma of Digital Forensics, briefing the freshmen about the games that will be played. The freshmen were introduced to ice breaking games such as Double Whacko and Dog & Bone. The main game in the event was Running Man, similar to the version played in famous Korean variety game show, Running Man.

After an hour of fun, games and bonding, the freshmen were greeted with a generous finger food buffet provided by ISACA Student Group. The response was overwhelming and everyone had a great time networking and eating.

ISACA Student Group would like to thank all freshmen, juniors and seniors who attended the event and made it a success, especially the organizers Gerald Quek, Khairul Anwar and their course mates who made this event possible!

This slideshow requires JavaScript.

Credits to all photographers who have contributed their photos.

Interview with Teh Kaiwen

The Lee Kuan Yew Award is an award presented to the Singapore Citizen or Permanent Resident with best performance in mathematics and science modules, while maintaining a consistently good overall academic performance throughout the course of study at the polytechnic.

This year, we have a winner representing the School of Informatics & IT and he is non other than Teh Kaiwen. Aside from his outstanding academic performance, he has also contributed endlessly to ISACA Student Group @ Temasek Polytechnic by planning events and workshops as the position of the President in the year of AY 2011. Furthermore, his project on Facebook Forensic Toolkit has earned him the Tan Kah Kee’s Young Inventor’s Silver Award.  With his busy schedule on hand, we have managed to find time to interview him about his thoughts on winning the Lee Kuan Yew Award.

Question 1:

Tell us about your feelings and thoughts after winning the Lee Kwan Yew Award.

Answer:

“It came as a surprise, because even though I have done quite a lot in both my studies and cca, there were other people who were capable of getting this award as well. I think it might be my interview performance that helped with getting the award.”

Question 2:

What do you think a student should do or achieve in order to win the Lee Kwan Yew Award?

Answer:

“I believe that instead of just focusing on their studies, they should also get engaged in community service and contribute to the school by participating and organizing events. I think these areas are important because they actually give good leadership experience that you can’t get from just the academic side alone.”

Question 3:

There has been a lot of attention on the application that you are working on, can you tell us more about Facebook Forensics?

Answer:

“Facebook Forensics was conceived after I came back from my attachment with INTERPOL and was asked to do a forensics related project due to my experience with the area at INTERPOL. I decided on developing a Facebook centric forensics tool as it was more popular than other social networking sites such as Twitter. The goal of Facebook Forensics is to download user information from Facebook and provide the mechanisms to analyze and search through the data as Facebook themselves do not provide a very conducive search tool for user data.”

Question 4:

What are your plans after graduation from Temasek Polytechnic?

Answer:

“I’m planning to pursue a degree in a local university and I am currently considering the offers by NUS, NTU and SMU.”

ISACA Singapore Chapter 29th Annual General Meeting

On 19th April 2012, members of ISACA Student Group @ Temasek Polytechnic attended the 29th Annual General Meeting of ISACA Singapore Chapter which was held at Orchard Parade Hotel.

The meeting was started by Tin Aung Win, Honorary Secretary of ISACA Singapore Chapter who highlighted the agenda of the meeting, which comprised of the election for the Board of Directors.

A certificate of appreciation was presented to one of our lecturer, Ms Lock Hun Ya for her unending efforts in her support for our student group

In addition, the student committee members of ISACA Student Group @ Temasek Polytechnic in AY 2011 were also awarded certificate of appreciations.

The recipients of the certificates were:

President: Teh Kaiwen

Vice President: Koh Hong Ye

Secretary: Javier Ang

Treasurer: Brendon Koh

Asst. Secretary: Chopin Lim

Event Manager: Yong Jiajie

Publicity Office: Kwek Jing Yang