Euro CACS/ISRM Track Descriptions 

 

Track 1:  Thwarting Cyberthreats

111—PCI DSS v 2.0 Security Strategies for Virtualised Environments

Jason Creech
Qualys

After completing this session, you will be able to:

  • Implement practical recommendations for prevention, remediation and mitigation of security risks in virtualised environments
  • Differentiate between the PCI DSS v2.0 requirements vs. guidance for virtualisation
  • Identify top 5 concerns regarding virtualisation deployments in the PCI DSS cardholder data environment
  • Explain the PCI DSS v2.0 changes that apply to virtualisation technology

121—Using COBIT 5 to Manage Information Security

Derek Oliver, CISA, CISM, CRISC
Ravenswood Consultants Ltd

Rolf Von Roessing, CISA, CISM, CGEIT
FORFA AG

Christos Dimitriadis, CISA, CISM, CRISC
Intralot S.A.

After completing this session, you will be able to:

  • Gain an understanding of COBIT 5 for Information Security
  • Manage security measures and ensure compatibility with business requirements
  • Protect security functions within the enterprise organisation

131—Mobile Security:  Where Are We today and Where Will We Be Tomorrow?

Steven Ackx
PwC

After completing this session, you will be able to:

  • Understand mobile security’s growing market and today’s business case versus security concern
  • Learn how to solve mobile security and privacy issues
  • Solve Bring Your Own Device (BYOD) anxieties
  • Identify the concerns in comingling personal and business data
  • Recognise how COBIT can assist in securing mobile devices

141—From Identity and Access Solutions to Access Governance

Michael Small
KuppingerCole

After completing this session, you will be able to:

  • Relate controls and measurements to COBIT and ISO27001
  • Set and monitor controls that measure performance of identity and access governance.
  • Identify who is responsible for identity and access governance together with their responsibilities.
  • Define identity and access governance
  • Explain why organisations have not realised the benefits expected from Identity and Access Management technology

211—Managing the Risk of Identity and Access

Kurt Johnson


221—Radical Changes in Technology:  How They Affect Business and the Role of IT Risk, Security and Assurance Practitioners

Norman Marks
SAP

After completing this session, you will be able to:

  • Appreciate the amazing pace of technology change, and why 2011 has been called the most radical year of change in the history of digital computing
  • Understand the way in which business is conducted is changing, not in small but in drastic ways
  • Consider how these changes represent radical shifts in risks—beyond cloud computing and the protection of data on mobile devices
  • Understand how the new technology has the potential for making the IT risk, security, and assurance professional more effective

231—Business Continuity Management:  Reducing Corporate Risk and Exposure Through Effective Processes and Controls Implementations

Marlin Ness, CGEIT, CRISC and Dan Stavola
Ernst & Young

After completing this session, you will be able to:

  • Audit the business continuity management process
  • Understand a business continuity management framework
  • Describe a standards-based business continuity management processes
  • Recognise the COBIT objectives that support managing risk in a business continuity management programme
  • Identify leading practices in business continuity management
  • Understand and describe the most significant risks associated with business continuity management domains

311—IT Governance Insights Germany – Sustainable Competitive Advantage Through IT Governance

Martin Groth, CISA,CGEIT


331—Information Security Within a Global Risk Perspective

Marcus Alldrick
Lloyd’s

After completing this session, you will be able to:

  • Identify corporate risk priorities and attitudes from around the world
  • Recognise the key risk areas and why they have changed over the last two years
  • Position of information security related risk in the priorities and the reasons behind this
  • Learn how information security can and does contribute to the reduction of more prioritised risks
  • Demonstrate why information security may not be the number one Board concern but increasingly why its business value is being realised both directly and consequentially

341—Daily Speaker ForumNEW

Continue the discussion in the daily speaker forum. Have a pressing follow up question? Need more information? This provides attendees the opportunity to network and collaborate with industry thought leaders.

 Return to Event Page


Track 2:  Improving Audit Performance

112—Auditing Virtual Environments (Vmware Audit Programme)

David Ramirez, CISA, CISM
Barclays Bank

After completing this session, you will be able to:

  • Understand the key risks related to virtual environments, specifically the key risks related to VMware platforms supporting Windows and Unix systems
  • Leverage the audit work programme provided during the session in order to plan an audit of virtual environments
  • Prepare an evidence request to plan for their next VMware audit
  • Determine the relevance of this audit within their annual audit plan and define the best way to undertake the audit of virtual environments
  • Understand some of the risks involved with migrating key applications to a cloud model

122—Automating IT Data Collection and Compliance for GRCM Controls

Jason Creech
Qualys

After completing this session, you will be able to:

  • Leverage complementary solutions to maximise your IT GRCM investment
  • Avoid configuration control self-assessment and measurement
  • Deploy automated general computer control (GCC) collection
  • Establish detailed configuration controls and policy mappings
  • Integrate IT asset discovery mechanisms to dynamically update the IT asset repository

132—Tips to Speed up Your Auditing Process

Mike Gentile
Delphiis

After completing this session, you will be able to:

  • Learn how to apply IT audit principles and practices
  • Scope the audit—what to audit, when and how frequently
  • Communicate the audit findings—who needs to know

142—Preparing for the EU Directive

Demosthenes Ikonomou
ENISA

After completing this session, you will be able to:

  • Learn what actions are required for compliance
  • Understand if compliance will impact operations
  • Identify which components impact operations the most

212—KISS Principle for Information Security, Compliance and Risk Management in Complex Environments

Biljana Cerin, CISA, CISM, CGEIT
Ostendo Consulting Ltd.

After completing this session, you will be able to:

  • Avoid unnecessary complexity in information security and risk management whilst still effectively fulfilling compliance requirements
  • Integrate appropriate risk assessment and management methodologies, roles and responsibilities in business activities
  • Apply integrated risk assessment and audit techniques in a changing environment to continuously improve internal controls framework
  • Understand roles of information security, IT risk and business continuity management in operational risk management frameworks
  • Adopt and gain organisational understanding for application of internationally recognised standards and best practices

222—Practical Auditing of Wireless Communications

Rikard Bodforss, CISA
Omegapoint

After completing this session, you will be able to:

  • Understand that wireless risks do not end with securing your WiFi infrastructure
  • Discover techniques for assessing non-standard wireless communication
  • Learn how to include assessment of client settings in your audit scope
  • Recognise concerns in using open wireless networks

232—On the Road to Continuous Monitoring—Manage Risks in the Most Efficient and Effective Way

Dan French
Consider Solutions

Jan Hurda
Consider Solutions

After completing this session, you will be able to:

  • Manage compensating controls in the most efficient and effective way
  • Understand and apply a risk-based segregation of duties remediation approach
  • Successfully manage a continuous monitoring tool audit exploring the continuous monitoring specifics of IT assurance
  • Understand and set up rules based on risk utilising and deepening the common COBIT approach

242—Fraud:  Minimising Risk

John Horan
Caml Global Ltd.

After completing this session, you will be able to:

  • Recognise the fraud techniques used that keep fraud management at the top of the priority list
  • Determine the necessary controls and solutions to reduce an organisations fraud risk
  • Identify the controls you need to ensure the fraud in not internal

252—Aligning COBIT-Based Strategic IT Assurance

Gary Bannister, CGEIT
Consultant

After completing this session, you will be able to:

  • Understand how to use COBIT to support a variety of Strategic IT Assurance activities.
  • How to leverage COBIT when planning and performing assurance reviews, so that business, IT and assurance professionals are all aligned around a common framework.
  • Understand how to provide guidance on planning, scoping and executing assurance reviews using a roadmap based on well-accepted assurance approaches, supported by the COBIT Business Goals Cascade and COBIT Governance and Management processes.
  • Understand the COBIT 4.1 and COBIT 5 differences.

312—Scoping an Assessment:  Which Approach is right

Greet Volders, CGEIT
Voquals

After completing this session, you will be able to:

  • Estimate the scope and resources of the process assessment
  • Understand the purpose of process improvement and process capability
  • Develop an effective methodology

322—Process Assessment Model (PAM) Exercise Based on COBIT

Greet Volders, CGEIT
Voquals

After completing this session, you will be able to:

  • Understand the enterprise need and value of performing an IT process assessment
  • Realise how using the new COBIT Assessment Process approach adds value to satisfy an enterprise’s needs
  • Scope different focus areas

332—Making the Move from COBIT 4.1 to COBIT 5

Gary Bannister, CGEIT
Consultant

After completing this session, you will be able to:

  • Distinguish between governance and management
  • Understand the organisation around the five governance of enterprise IT (GEIT) principles and seven enablers
  • Deliver a new process reference model
  • Recognise how COBIT 5 covers enterprise activities end-to-end

342—Daily Speaker ForumNEW

Continue the discussion in the daily speaker forum. Have a pressing follow up question? Need more information? This provides attendees the opportunity to network and collaborate with industry thought leaders.

Return to Event Page


Track 3:  Audit Practices That Make an Impact

113—Migrating to COBIT 5 for Auditors

Derek Oliver, CISA, CISM, CRISC
Ravenswood Consultants Ltd

After completing this session, you will be able to:

  • Understand the COBIT 5 content equivalent from COBIT 4.1
  • Recognise how the new content/guidance of COBIT 5 enhances the auditor’s effort
  • Realise how auditors can use this revised and new content in their audit work

123—Case Study:  Developing and Implementing an IT Risk Management Audit Programme

Urs Fischer, CISA, CRISC
Fischer IT GRC Beratung & Schulung

After completing this session, you will be able to:

  • Establish the Risk Universe (Banks, Funds, Insurances)
  • Plan and Scope an IT Risk Management Assurance Programme
  • Define possible risk scenarios for the Risk Universe (Banks, Funds, Insurances)
  • Develop and perform assurance programme
  • Report results that are useful to the organisation

133—Grimhilda’s Mirror:  Information Security in the Business World

Wendy Goucher
Idrach, Ltd

After completing this session, you will be able to:

  • Understand the concepts of intrinsic and extrinsic motivation
  • Appreciate the different areas of an organisation and why they are different
  • Understand the importance of the cultural approach to information security in business
  • Gain insight into how to tap into the motivations of different groups for increased effectiveness of information security

143—IT Audits of Cloud and SaaS

Yves Le Roux, CISM
CA Technologies

After completing this session, you will be able to:

  • Recognise various business process models
  • Determine how to evaluate and analyse what is best for your organisation
  • Identify process execution models

213—IT Audit 3.0 Future Technological Challenges and Their Impact on Our Audit Work

Klaus Fochler
Dr. Fochler & Company GmbH

After completing this session, you will be able to:

  • Discuss the evolution of IT auditing as a profession from its early days up to the present
  • Explain why IT auditors are important
  • Understand the challenges IT auditors face today
  • Assess the impact of upcoming technologies on the IT audit universe
  • Identify training and organisational requirements for future IT auditors and IT auditing units

223—SSAE-16 Audit and Assurance—A Case Study of Assessment of a Large Business Process Outsourcing (BPO) Firm

Ashit Dalal, CISA, CISM, CGEIT, CRISC
eDelta Consulting

After completing this session, you will be able to:

  • Acquire and apply necessary knowledge gained from the session
  • Discover key requirements of SSAE-16 Audit as applied to outsourcing firms to meet contractual requirements
  • Identify key IT and security issues/concerns using risk-based approach
  • Define, assess and evaluate the Internal control environment as required under SSAE-16 Audit requirements
  • Adopt and deploy “SSAE-16 (SOC-1)” Methodology to provide reasonable assurance and validation
  • Demonstrate compliance with applicable regulatory/contractual requirements

233—Security and Audit Issues in a Virtualised Environment

Yves Le Roux, CISM

After completing this session, you will be able to:

  • Understand the risks in moving into virtual data centres
  • Identify security and audit programme needs in a virtualised environment
  • Learn what security and audit tools are available

243—Gaming Audit:  What you need to know

Gunnar Ewald
Head Internal Audit LOTTO Hamburg

After completing this session, you will be able to:

  • Understand the importance of audit issues in the lottery market
  • Recognise lottery distributor needs

253—Designing and Audit Programme for a Virtual Environment

Gert-Jan Timmer, CISA


313—Strategic IT Assurance Based IT Assurance Framework

Hans Henrik Berthing, CISA, CGEIT, CRISC
Verifica

After completing this session, you will be able to:

  • Develop an IT strategic assurance plan
  • Use COBIT as framework for the IT assurance plan
  • Involve management and Board of Directors in governance of IT
  • Integrate IT Audit with Financial Audit
  • Use risk-based IT audit in practice
  • Understand how technology can facilitate IT audit goals for risk identification and measurement
  • Discuss audit programs based on the IT Assurance Framework

323—COBIT 5 for Security: Coverage and Assurance

Vernon Poole, CISM, CGEIT, CRISC
Sapphire

Rolf von Roessing, CISA, CISM, CGEIT
FORFA AG

After completing this session, you will be able to:

  • Understand how to implement the practical guidance provided in COBIT 5 for information security
  • Understand and implement improved information security management arrangements within your enterprise
  • Understand and implement improved information security governance arrangements within your enterprise
  • How to align COBIT 5 for Information Security with other information security standards—ITIL; ISO27001

333—Privileged Account Management: Who's Touching My Data?

Ramsés Gallego, CISM, CGEIT
Quest Software

After completing this session, you will be able to:

  • Identify who is a privileged user and what information each user may access on the system
  • Minimise the vulnerabilities that may cause losses and reputational damage to an organisation.
  • Manage numerous privileged accounts in a systematic and secure manner

343—IT Audit and Security:  Friends or Foe?

David Ramirez, CISA,CISM

After completing this session, you will be able to:

  • Understand the priorities of each and recognise the opportunities for alignment
  • Recognise the risks perceived by each
  • Identify the common compliance goals to deliver a compliant and secure environment

Return to Event Page


Track 4:  Solving IT and Business Issues!

114—Every Step You Take:  Geo Apps vs. Privacy

Richard Hollis, CISM, CRISC
Risk Factory

After completing this session, you will be able to:

  • Identify the necessity for securing personal geo-location data
  • Realise the financial value of personal geo-location data
  • Understand the uses of geo-location data by businesses.
  • Articulate the risk to personal privacy presented by current geo-location applications used by businesses

124—Can We Trust the Cloud? About Security, Privacy, Audit and the Cloud

Yves Le Roux, CISM
CA Technologies

After completing this session, you will be able to:

  • Explain the various benefits and challenges concerning the trust in a cloud environment
  • Realise the Economics Value of Online Customer Data
  • Understand the customer concerns about integrity and accountability of data stored in the Cloud at different levels of granularity
  • See where the standardisation is going in the Cloud security and Privacy environment

134—Why a Comprehensive Information Security Strategy is Essential for Effective GRC

Marcus Alldrick
Lloyd’s

After completing this session, you will be able to:

  • Identify reasons why GRC (Governance, Risk Management and Compliance) is increasingly coming to the fore in the minds of information security professionals
  • Develop critical relationships between governance and strategy and the underlying business drivers and influences
  • Recognise the increasing regulatory and legislative demands in reaching compliance and legislation
  • Identify the complexities of the current economic climate increasingly requiring effective risk management
  • Understand the role of the CISO in providing assurance, no longer the sole domain of Audit
  • Demonstrate the importance of formulating and implementing a comprehensive information security strategy

144—Keeping Patients’ Data Safe—Identity Management for Healthcare

Andrea Craig
Ernst & Young, LLP

Andrew Wintermuth
EMEIA Financial Services

After completing this session, you will be able to:

  • Use frameworks and leading practices for reviewing a Healthcare organisation’s IAM capabilities
  • Understand the requirements and control objectives for access lifecycle management in maintaining confidentiality and integrity of Electronic Medical Records systems
  • Understand common use cases for IAM at a Healthcare organisation
  • Identify key risks and leading practices related to IAM and information security at a healthcare organisation
  • Define the role of Identity and Access Management and how it can provide an infrastructure to support the adoption of Healthcare IT
  • Understand the current landscape Healthcare IT initiatives

214—Mobile Security—A Technical Look

Wendy Goucher

After completing this session, you will be able to:

  • Identify point of purchase security for mobile apps
  • Recognise vulnerabilities in mobile devices

224—The Information Security Tug of War

Wendy Goucher
Idrach, Ltd

After completing this session, you will be able to:

  • Better understand the importance of a sound security culture within an organisation.
  • Use the insight to improve communication and training of security practice within their organisation
  • Better understand the threat from newer technologies, especially mobile device technology, and how that can be effectively managed
  • Appreciate how the design of policy and procedures meets the expectation of a secure workforce
  • How to use behaviour modification as a more long term solution to security threat than targeted technologically specific solutions that change quickly.
  • Have a better insight into the desire for secure operations that many staff have- and how this can be harnessed

234—Just Between Us:  The Current State of Electronic Eavesdropping Technology

Richard Hollis, CISM,CRISC
Risk Factory

After completing this session, you will be able to:

  • Understand the wide variety of technologies used for audio surveillance
  • Identify the most common methods used by governments and businesses to obtain intelligence
  • See the inherent surveillance capabilities in current personal computing and telephone devices
  • Deploy basic techniques to identify and prevent electronic eavesdropping

244—Controlled Service Environment (CSE) for Balanced Compliance and Performance

Ben Martin


254—Speaker ForumNEW

Please check back for more information.


314—EU Privacy Directive Compliance—A Practical Approach

Christos Dimitriadis, CISA, CISM, CRISC
Intralot S.A.

After completing this session, you will be able to:

  • Determine the jurisdiction that will bind your organisation to the EU directive
  • Identify the directive’s timetable for implementation and the intended result
  • Recognise the business benefit to the EU directive
  • Understand compliance needs and benefits
  • Gain a practical roadmap towards building a privacy programme
  • Get a preview of the upcoming changes in Europe

324—The Key Steps to Securing Buy in to a Risk Management Programme

Peter Tessin, CISA,CRISC

After completing this session, you will be able to:

  • Understand the principles and practices of effective risk management
  • Learn how to apply these in your enterprise--through adopting COBIT for Risk
  • Gain commitment and buy in from senior management to improve risk management

334—EU Directive/Legal Considerations—ENISA

Yves Le Roux, CISM

After completing this session, you will be able to:

  • Understand who is responsible and associated liabilities
  • Identify what to consider in managing agreements
  • Determine if your data management strategy is in compliance

344—COBIT 5 for Information Security: Practical Guidance for Product and Service Delivery

Vernon Poole, CISM, CGEIT, CRISC
Rolf von Roessing, CISA, CISM, CGEIT
Christos Dimitriadis, CISA, CISM, CRISC

After completing this session, you will be able to:

  • Understand COBIT 5 for Security
  • Gain detailed and practical guidance on how COBIT 5 for security may be used in delivering products and services

Return to Event Page


Track 5:  IT Risk and Exposure Management

115—Risk and Agility

Antonio Ramos Garcia, CISA, CISM, CRISC
Leet Security, SL

After completing this session, you will be able to:

  • Understand scenarios according to Cynefin model
  • Select better risk strategies for complicated and simple scenarios
  • Select the best security measure according to agile principles
  • Improve security while keeping the organisation agile
  • Identify scenarios where traditional approaches to risk management are not enough (complex vs. complicated or simple scenarios)
  • Apply agile principles to risk management

125—Implementing an IT Compliance Management System

Markus Gaulke, CISA, CISM, CGEIT, CRISC
KPMG AG Wirtschaftsprüfungsgesellschaft

After completing this session, you will be able to:

  • Identify an exemplary Implementation
  • Build an IT Compliance Framework
  • Recognise typical compliance organisation setup
  • State the components of an integrated IT compliance management system

135—Gaming:  Security Control Standard

Gunnar Ewald, Head Internal Audit
LOTTO Hamburg

After completing this session, you will be able to:

  • Understand the importance of security issues in the lottery market
  • Recognise necessary controls

145—Speaker ForumNEW

 


215—Privacy—Current Tasks and Challenges

Markus Bittner, CISA, CISM, CGEIT, CRISC
Straight Advisors Ltd. & Co. KG

After completing this session, you will be able to:

  • Recognise how cyber criminals are becoming more sophisicated
  • Understand how to balance the need to share common information with privacy requirements
  • Identify access strategies and lifecycles
  • Learn how to secure a Cybersecurity workforce

225—Ensuring Business Continuity and Avoiding Lock-in in the Cloud

Michael Small
KuppingerCole

After completing this session, you will be able to:

  • Identify the key business continuity challenges of the different Cloud Computing models
  • Divide the responsibilities for business continuity between Cloud Provider and Cloud Consumer
  • Identify the risks of becoming locked into a single Cloud Provider and how to manage these risks
  • Understand how ISACA’s IT Control Objectives for Cloud Computing can help
  • Understand what different types of Service Organisation Controls reports cover and how these are relevant to business continuity and Cloud Computing

235—An update:  IT Security Management Standardisation

Rainer Rumpel
RUMPEL Management GmbH

After completing this session, you will be able to:

  • Identify the essentials of the new ISO/IEC 2700x standards on ISM auditing
  • Understand the changes to the recently revised ISO/IEC 2700x ISM standards
  • Obtain a survey on sector-specific ISO/IEC 270xx standards
  • Recognise one approach to information security controls for process control systems in the electric power industry (DIN SPEC 27009)

245—Enable the Truth:  Risk Management Techniques that Support Honest Response

Mike Gentile
Delphiis

After completing this session, you will be able to:

  • Identify the impact of non-compliance has on an organisation
  • Recognise how to address limited budgets, resources and skill-sets in the process
  • Determine how to obtain a true depiction of the risk environment
  • Learn specific techniques to modify the risk environment and support an honest assessment response

255—How to Improve your Risk Management Capability through the Adoption of COBIT for Risk

Peter Tessin, CISA, CRISC

After completing this session, you will be able to:

  • Understand the changes that are being introduced through COBIT for Risk
  • Identify where COBIT for Risk is in its development, key achievements so far, next steps and timetable for release
  • Recognise the benefits that COBIT for Risk will bring and how these can be gained in practise

315—Moving Forward with Technology

Biljana Cerin, CISA, CISM, CGEIT
Rikard Bodforss, CISA

After completing this session, you will be able to:

  • Identify the technology explosion and the devices of the future
  • Understand its impact on you and your organisation
  • Recognise how to balance the opportunity with the risk

325—Big Data: Why it's Important to Security Programme

Miguel Crespo, CISM
Ali Khan


335—Cloud Computing Security

Christos Dimitriadis, CISA, CISM, CRISC
Intralot S.A.

After completing this session, you will be able to:

  • Recognise security issues faced by cloud providers and security issues faced by customers of cloud providers
  • Identify if the cloud provider infrastructure maintains the security levels you need
  • Determine the appropriate security controls to implement according to asset, threat, and vulnerability risk assessment

345—Green IT and Sustainability

Jason Emmons, Partner
Deloitte Austria

After completing this session, you will be able to:

  • Identify solutions that organisations can implement to reduce, manage and support green initiatives
  • Determine the investion and ROI on Green IT initiatives
  • Recognise the Green IT initiatives you already have in place and how to capitalise on them


Return to Event Page


Pre-Conference Workshops

WS1—IT Risk (2 Days)
Saturday, 8 September and Sunday, 9 September

Urs Fischer, CISA, CRISC
Fischer IT GRC Beratung & Schulung

This workshop presents the principles and application of information risk management as it relates to information security. It offers a structured risk register and a method for assessing control effectiveness. Attendees will learn the link between business and IT risk, and how risk is managed by the use of suitable controls. Content will dive into the difference between embedded monitors and early warning indicators and how the effectiveness of an individual control, or group of controls, can be measured. Leave with the knowledge and skills to effectively assess your organisations risk appetite and tolerance; improve risk awareness and communication; evaluate risk scenarios; and determine your risk response.

After completing this workshop, you will be able to:

  • Apply key deliverables necessary to develop and maintain an effective risk management programme following the Risk IT Framework
  • Explain how the new Risk IT Framework relates to COBIT
  • Evaluate implementation and operational issues
  • Integrate IT risk management with ERM
  • Audit/Evaluate the risk management programme

WS2—Future Risks in Cybercrime and Cyberwar: Long-term Trends and Consequences
Saturday, 8 September

Rolf M. Von Roessing, CISA, CISM, CGEIT
FORFA AG

Get an in-depth analysis of the many types of security, cybercrime and cyberwar surveys and the underlying trends, benchmarks and studies that have been made available to the marketplace over the past several years. The results, when aggregated, deliver interesting insights into the history and future of cybercrime and cyberwar threats. If you need to acquire the skills to take decisive action to strengthen your organisational security arrangements and enhance your defense against future threats and risks from cybercrime and cyberwar this workshop is for you!

After completing this workshop, you will be able to:

  • Strengthen defense against future threats and risks from cybercrime and cyberwar
  • Take decisive action to strengthen organisational security arrangements
  • Draw the right conclusions from the empirical evidence and the trends identified
  • Identify key weaknesses and threats in terms of cybercrime and cyberwar as they relate to organisations
  • Understand the future developments of cybercrime and cyberwar
  • See the underlying trends across the multitude of surveys, studies and benchmarks available in the marketplace

WS3—Cloud Computing Security and Risk—Latest Best practice Guidance
Saturday, 8 September

Vernon Poole, CISM, CGEIT, CRISC
Sapphire

Michael Small
KuppingerCole

Looking for practical advice and guidance on security and risk in the cloud? This full day workshop will provide insights into today’s current cloud provider’s offerings with respect to security and risk requirements. Attendees will build on their knowledge of practical guidance
from The Cloud Security Alliance and ENISA and will also dive into emerging guidance from the BMIS methodology, COBIT 5 and ISO27017.

Attendees will learn what areas a CISM, CISA or CRISC need to address using a comprehensive approach covering security/risks; data protection/privacy; technology controls; and governance requirements need to be specified.

Recognise how the BMIS methodology can be used to provide the perfect platform to your approach. Using practical workshop scenarios to ensure that whether you operate in the public or private sector, you fully address the many questions and assurance that you require answering—these scenarios will utilise guidance from COBIT 5 (including RACI charts) and IT Risk; ISO27017; Cloud Security Alliance/ENISA latest guidance.

Join this highly participative workshop including a range of exercises and group discussions around a number of case-studies presented by two expert presenters who have covered most continents and deployed best practice guidance from ISACA; Cloud Security Alliance; ENISA; and ISO Community.

After completing this workshop, you will be able to:

  • Fully understand the security protocols required in venturing into the cloud
  • Challenge their cloud provider to ensure that best practice security & risk requirements; data protection & privacy requirements; and finally the technology control requirements are fully addressed
  • Ensure that the detailed service delivery arrangements and third party requirements are fully accounted for at the start of the contract negotiations
  • Provide guidance within their organisation concerning the information security governance requirements to be agreed by the Board & Senior Management`

WS4—Introduction to COBIT 5
Sunday, 9 September

Vernon Poole, CISM, CGEIT, CRISC
Sapphire

Rolf M. Von Roessing, CISA, CISM, CGEIT
FORFA AG

In this introductory workshop, learn how to effectively transition to or implement COBIT 5 in your enterprise.

After completing this workshop, you will be able to:

  • Discuss how IT management issues affect organisations
  • Understand the principles of the Governance of Enterprise IT and explain the differences between management and governance
  • Assess how the COBIT 5 Processes help guide the creation of the five basic Principles and the seven Governance and Management Enablers
  • Discuss the COBIT 5 Enabler Guide, including the Goals Cascade and the Process Reference Model
  • Describe the basics of how to implement COBIT 5
  • Understand the differences between COBIT 4.1 and COBIT 5 and what to consider when transitioning
  • Explain the benefits of using COBIT 5
  • List the training, products and support ISACA provides for COBIT 5

WS5—A Pragmatic Approach to Information Security and Risk Management
Sunday, 9 September

John P. Pironti, CISA, CISM, CGEIT, CRISC
IP Architects LLC

Information security and risk management programmes and capabilities do not have to be difficult or tenuous to effectively implement, sustain, or mature within organisations. By using a pragmatic, programmatic, and modular approach to design, implementation, and operation comprehensive proactive programmes and their associated capabilities can be easily introduced, sustained, and matured within organisations. This workshop will introduce and explore the concepts of developing an information security and risk management strategy, the structure and associated functions of an information security programme, threat and vulnerability analysis concepts and methodologies, and metrics and measures for effective information security governance. This workshop will utilise interactive discussions, examples, and cross industry case studies throughout to provide examples of discussion points as well as identify and explore current industry leading practices associated with information security and risk management.

After completing this workshop, you will be able to:

  • Use a pragmatic, programmatic, and modular approach to design, implementation, and operation comprehensive proactive programmes
  • Identify concepts to develop an information security and risk management strategy
  • Recognise functions of an information security programme, threat and vulnerability analysis concepts and methodologies
  • Utilise metrics and measures for effective information security governance programmes
  • Determine current industry leading practices associated with information security and risk management

Return to Event Page


Post-Conference Workshops

WS6—Introduction to COBIT 5
Thursday, 13 September

Vernon Poole, CISM, CGEIT, CRISC
Sapphire

Rolf M. von Roessing, CISA, CISM, CGEIT
FORFA AG

In this introductory workshop, learn how to effectively transition to or implement COBIT 5 in your enterprise.

After completing this workshop, you will be able to:

  • Discuss how IT management issues affect organisations
  • Understand the principles of the Governance of Enterprise IT and explain the differences between management and governance
  • Assess how the COBIT 5 Processes help guide the creation of the five basic Principles and the seven Governance and Management Enablers
  • Discuss the COBIT 5 Enabler Guide, including the Goals Cascade and the Process Reference Model
  • Describe the basics of how to implement COBIT 5
  • Understand the differences between COBIT 4.1 and COBIT 5 and what to consider when transitioning
  • Explain the benefits of using COBIT 5
  • List the training, products and support ISACA provides for COBIT 5

WS7—Securing Today’s Mobile Computing Devices
Thursday, 13 September

Ramsés Gallego, CISM, CGEIT
Quest Software

The user computing environment has changed considerably over the last decade. This workshop explains the many types of mobile computing devices that are currently used, the inherent vulnerabilities and risks in each, the technical and managerial/administrative controls that are available to counter risks, and the strengths and weakness of each solution. The importance of policy and the types of provisions that need to be included in a mobile computing security policy are emphasised and reinforced by a hands-on, in class mobile computing security
policy evaluation exercise. The workshop also presents state-of-the-art forensics procedures and considerations in capturing and preserving evidence from mobile devices.

After completing this workshop, you will be able to:

  • Identify the many types of mobile computing devices that are currently used, the inherent vulnerabilities and risks in each
  • Recognise the importance of policy and the types of provisions that need to be included in a mobile computing security policy
  • Develop forensics procedures and considerations in capturing and preserving evidence obtained from mobile devices

Return to Event Page

 


Special Events

Welcome Reception

Sunday, 9 September 17.00–19.00

Join us to celebrate the opening of EuroCACS/ISRM. The fun and informal setting provides an ideal environment to network with industry leaders, seasoned professionals and many of the speakers. Do not miss this opportunity to reunite with colleagues from around the world!


Solution Centre Reception

Monday, 10 September 17.00–18.30
The Solution Centre reception allows attendees the opportunity to learn and network with top industry providers while exploring the newest products and services available to IT professionals. Exhibitors will be available to demonstrate products and answer questions. Join us for this valuable event.


Networking Reception

Tuesday, 11 September 18.00–20.00

Unwind with us at the EuroCACS/ISRM networking reception for a few hours of relaxation, food, drinks and entertainment.

 

Return to Event Page