Africa CACS Presentations and Descriptions 

 
 

 Panel Sessions Panel Sessions

Beginner Beginner       Intermediate Intermediate       Advanced Advanced

Track 1—IT Audit and Assurance

111—Additional Information Coming Soon!

Monday, 19 August | 10:45 – 11:45

 


121—A Low Budget Approach to Log Analysis for Incident Response Intermediate

Monday, 19 August | 12:45 – 13:45

Bernard Wanyama, CISA, CISM, CGEIT, CRISC
Director
Syntech Associates

This session will highlight the value of cybersecurity incident response as a key capability in an organisation's cyber resilience strategy. It will provide insight on best practices for collecting and managing IT event data using open source solutions to enable higher visibility, faster threat hunting and deeper investigation.

Participants will learn about the latest threats and the various types of logs and machine-generated information that can be used to gain situational awareness about cyber risk in an enterprise IT environment. We shall demonstrate a low-budget approach based on open source technology such as Elasticsearch (ELK) and other projects that can provide a world-class logging platform for common technology infrastructure such as web services, databases and networks.

We shall also demonstrate how to perform investigations and detect both common and new attacks that target enterprises. The participants will also understand how machine learning can be applied to derive value from log data through behavioral analytics and anomaly detection.

After completing this session, you will be able to:

  • Understand the principles of incident response capability and the value it adds to the overall cybersecurity resilience of an organisation.
  • Design and develop an actionable, risk-based log management plan as part of the overall incident response plan for cybersecurity for an organisation.
  • Understand the wide range of threat activity (old and new) common to enterprise networks and how it can build up into incidents which have the potential to turn into breaches.
  • Design and implement log analysis controls using a low-budget approach by maximising the utility of common standard in-built system features (event log, netflow & syslog) and open source tools such as the Elasticearch stack.

131—Auditing IT Governance Intermediate

Monday, 19 August | 14:00 – 15:00

Osman Azab, CISA, CISM, CGEIT, CRISC
Deputy General Manager, Audit
Arab African International Bank

Boards and executive management need to extend governance to IT and provide the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives. Given the prevalence, reliance, and ubiquity of IT in many enterprises operations and business model, IT should be considered an integral part of overall enterprise governance.

Increasingly, top management is realizing the significant impact that information technology (IT) can have on the success of the enterprise. Management hopes for heightened understanding of the way IT is operated and the likelihood of it being leveraged successfully for competitive advantage. In particular, boards and top management need to know if its IT management is:

  • Likely to achieve its objectives?
  • Resilient enough to learn and adapt?
  • Judiciously managing the risks it faces?
  • Appropriately recognizing opportunities and acting upon them?

After completing this session, you will be able to:

  • Understand basic concepts of Corporate Governance.
  • Understand what is IT Governance.
  • Understand why to audit IT Governance.
  • Understand how to prepare an IT Governance audit program.

141—Auditing Blockchain Advanced Managerial

Monday, 19 August | 15:30 – 16:30

Leighton Johnson, CISA, CISM, CRISC, COBIT 5
CTO, Senior Security Instructor
ISFMT

Bitcoin exploded on the monetary scene in 2008, and then rose dramatically in 2015-2017 to soaring heights. Today, it is relatively steady in its current values as investors, technologists and the general public began to understand its core technology, the Blockchain, and the potential uses. This presentation is designed to give an audit introduction to this core technology, the Blockchain, the fundamental concepts behind it and how to evaluate it use today.

Blockchain permits transactions to be gathered into blocks and recorded; cryptographically chains blocks in chronological order; and allows the resulting ledger to be accessed by different servers. It is used without a central authority between individuals or entities with no basis to trust each other, but choose to enter into a relationship to transfer value or the ownership of assets. Thus, the Blockchain contains a history of the transactions about an asset in an encrypted secure agreed-upon manner. Uniquely, the Blockchain is a distributed process with asset history (a block) as a core principle wherein each block of data is managed independently of any central authority, like a bank.

After completing this session, you will be able to:

  • Understand the characteristics and value proposition of Blockchain.
  • Identify the top security risks with each of the major Blockchain deployments.
  • Learn how to audit the use and advantage of the various Blockchain implementations.
  • Identify control issues with Blockchain.

211—Auditing Smart Contracts Intermediate

Tuesday, 20 August | 9:00 – 10:00

Taun Phan, CISSP
Partner
Caplock Security LLC

Smart contracts are tamper-proof computer codes on the blockchain that enable automated execution of agreements, rights, and obligations in digital form between two of more parties. Smart contracts provide standardization, speed, security, and certainty to transaction settlement. Accordingly, smart contracts are poised for rapid adoption as organizations seek to reduce transaction costs using blockchain technology.

One prevailing argument is that the combination of smart contract with blockchain technology reduce or eliminate the demand for audits as the underlying technology is both self-enforcing and verifiable to ensure data accuracy and integrity. However, the reality could not be further from the truth. In the blockchain era, auditors need additional skills beyond preparing and examining records, and attesting that internal control processes are working properly. In other words, auditors must be able to read and understand smart contract codes, and to relate the codes to the organization's internal control processes.

This session provides the attendees with key understanding of the fundamental concepts behind smart contracts, the legality, the risks relating to their use, and how that may impact audit activities. The session provides the launchpad from which auditors can better prepare to carry out audits of smart contracts as more organizations seek to adopt the use of blockchain technology to support their solutions and service offerings to their customers.

After completing this session, you will be able to:

  • Identify possible use cases of smart contracts.
  • Understand the legality of smart contracts. Are smart contracts legal mechanism in establishing agreements? What legal frameworks support or does not support the use of smart contracts? What governance consideration should be in place?
  • Learn the key concepts of smart contracts, and how the smart contracts may differ between permissioned and permissionless blockchains using actual smart contract examples from Solidity and Golang.
  • Recognize the technical, operational, and cybersecurity risks of smart contracts, and what controls can be implemented to minimize the risks from the use of smart contracts.

221—Six Control Principles for Audit of a Financial Services Blockchain Intermediate

Tuesday, 20 August | 10:30 – 11:30

Kreeban Govender
Senior Manager
Deloitte

This session, prepared by Deloitte’s Risk Advisory Blockchain practice, explores six control principles essential for blockchain adoption on a global scale:

  • Best Practice – Standard for Blockchain Development
  • Interoperability and System Integration Controls
  • Audit Rules
  • Cybersecurity Controls
  • Enhancement of Traditional ICT Controls
  • Business Continuity Planning

After completing this session, you will be able to:

  • Understand the fundamental differences between blockchain (Distributed Ledger Technology or DLT) based financial services applications and traditional financial services applications.
  • Identify differences in the application of internal audit procedures against for Distributed Ledger Technology.
  • Consider three macro factors which we consider essential to the widespread adoption of private DLTs within the financial community in the long term; Governance, Legal and Regulations, Standards.

231—Enterprise Resource Planning (ERP) System Audit Risk and Assurance Intermediate

Tuesday, 20 August | 12:45 – 13:45

Moonga Mumba
Director, Corporate Strategy
Zambia Revenue Authority

Organisations are designed to deliver specific objectives be it profit or not profit. They need processes that are supported effective and efficient systems. ERPs have become commonplace in business management by integrating key business activities end-to-end. Modern ERPs are now naturally having web interfaces to provide services seamlessly across oceans. However, this integration of business processes pose risks that organisations need to be aware of. This presentation highlights the key features of ERPs as well as provides practical insights into audit and assurance of integrated systems.

After completing this session, you will be able to:

  • Appreciate how an Enterprise Resource Planning (ERP) systems are structured.
  • Understand how User Administration is done in an ERP system with practical illustrations.
  • Have an appreciation of transaction codes and their respective security.
  • Appreciate risks in ERP implementations and the importance of the Information Systems Auditor Involvement in system security management during implementation, deployment, operation and maintenance of an ERP.

241—Is the Adoption of IT Strategic Alignment a Panacea for Success? - From an Audit Perspective Advanced Managerial

Tuesday, 20 August | 14:15 – 15:15

Abraham Nyirongo, CISA, CISM, CGEIT
Managing Consultant
Cyberskills Consulting

The presentation will seek to establish whether implementing IT strategic alignment does ensure success for an organisation. Many reports and papers have been written on the merits and demerits of IT strategic alignment. The alignment of the business and IT functions has been subject to a lot of debate in the IT management domain. It is well established that an organisation can deliver appropriate IT services if its business and information technology strategies and goals are aligned. Business-IT alignment can be defined as the extent to which business activities are enabled and supported by information technology. This alignment is often referred to as IT strategic Alignment.

It is the view of many researchers and practitioners that IT strategic alignment is an important contributor to the success of an enterprise. It was also established that implementing IT strategic alignment does ensure success if properly implemented and based on a sound business strategy. A weak business strategy would have a negative effect on the organisations IT strategic alignment. The basis of an IT strategic plan is to support the business organisation. The presentation will explore the possible audit objectives of auditing IT strategic alignment, present key areas of audit and key contributing factors for successful implementation of IT strategic alignment.

After completing this session, you will be able to:

  • Understand the role IT strategic alignment contributes to the achievement of strategic objectives in an organisation.
  • Understand the pros and cons of IT strategic alignment in an organisation.
  • Understand key objectives of auditing IT strategic alignment in an organisation.
  • Understand the key areas which require auditing in order to assess the effectiveness of IT strategic alignment in an organisation.


Return to Event Page >>
 

Track 2—IT Governance

112—COBIT and Governance in the World of Artificial Intelligence Intermediate

Monday, 19 August | 10:45 – 11:45

Etienne Shardlow
CEO
Symphonise Consulting

For the foreseeable future, humans will remain our primary decision-makers in business and elsewhere. Already, many decisions are being made with the guidance of artificial intelligence, systems that are learning from decisions previously made by humans. Many ethical concerns are already being raised as AI systems are learning and enhancing human bias, with "bias in - bias out" fast becoming a catchphrase.

This session will raise and attempt to answer a number of pertinent questions:

  • How do we as business and IT professionals use best practice in good corporate governance in guiding our use of artificial intelligence?
  • Are we using these cutting edge technologies for the right reasons and in the right way?

As a member of the South African sub-committee contributing to the new International Standard ISO/IEC 38507 for the Governance of the Use of Artificial Intelligence by Organisations, the speaker will give insights into global concerns around the use of AI.

As a regular trainer of COBIT training courses, the speaker will discuss the use of COBIT 2019 as a framework to support the good corporate governance of the use of I&T including AI, as well as the use of AI to support governance decision making.

After completing this session, you will be able to:

  • Describe some of the many concerns organisations have around artificial intelligence, machine learning as an emerging technology, particularly in the areas of ethics and corporate governance.
  • Understand the role that good corporate governance plays in the use of Artificial Intelligence in a way that supports an organisation's strategic goals and objectives.
  • Understand the role that artificial intelligence can play in cultivating stronger corporate governance.
  • Describe how the COBIT 2019 Framework supports the governance of emerging technologies including machine learning and artificial intelligence.

122—Additional Information Coming Soon!

Monday, 19 August | 12:45 – 13:45

 


132—Your Supplies Know You, Do You Know Them? Intermediate

Monday, 19 August | 14:00 – 15:00

SheLeadsTechSandhya Mohan-Pillai
Director
Mobius Consulting

Third parties support core functions on an increasing basis, especially to promote efficient and effective business operations within organisations. In this talk, Sandhya Mohan-Pillai will provide the following: - Key issues/challenges faced by organisations as a result of an increased reliance on third parties. A view of Global incidents and breaches related to Third Parties. - How to identify third parties and determine your exposure them based on Strategic risk as your sensitive information they may have access to. -Practical guidance on how organisations can holistically approach Third Party risk management including streamlining and automation of key processes. This approach is based on leading industry codes of practice as well as our knowledge in managing the information risks that third parties pose to organisations. - Link Third party risk management to Information Security and privacy and how this is a fundamental component in these disciplines

After completing this session, you will be able to:

  • Understand of the Third party landscape and the various challenges and issues facing organisations when trying to govern and manage Third parties
  • Provided with the importance of Third Party management and why it is so relevant now
  • Know practical guidance on how organisations can holistically approach Third Party risk management
  • Understanding of how Third Party Risk management can integrated with you broader Risk, Compliance, Information Security and Privacy initiatives

142—Challenges to Effective Data Management – Solutions from a Governance Perspective Advanced Managerial

Monday, 19 August | 15:30 – 16:30

SheLeadsTechThembekile Mayayise, CISA
Chief Advisor
Eskom

Data is an important asset in many organizations. There are many threats which face organizations regarding the management and protection of classified data. Taking into account the various types of data in an organization, it is paramount that adequate protection measures are put in place to protect data in motion/ in use, at rest and at creation.

Poor data management practices could result in data loss, theft or data deletion which could have financial and reputational consequences. The management of data to ensure maximum protection can be cumbersome when data is not classified. Data classification is a fundamental step in ensuring protection of data in every organization. This presentation will unpack various approaches to data classification and effective strategies to data management in an organization. The presentation ultimately aims to unpack the following regarding data management i.e. What data needs to be managed and protected?, Why? Who needs it to be protected? and How should data be managed in a corporate environment?

In a nutshell, the aim of this presentation is to:

  • Share the latest trends in data management
  • Unpack what data management entails in a corporate environment
  • Discuss the numerous challenges to implementing effective data management practices (this will be demonstrated through a case study)
  • Share common mistakes which organizations make when implementing data management strategies.

After completing this session, you will be able to:

  • Understand the difference between data and information and to understand key stakeholders in data governance and their roles and responsibilities.
  • Understand various challenges and risks which impact the effectiveness of data management in various organizations and how to address them.
  • Identify the current trends and practices in data management and understand the governance approaches which can be adopted for proper data governance.
  • Implement effective data management practices and necessary controls to ensure a well governed data.

212—Governance, Risk and Compliance (GRC) Digital Transformation Advanced Managerial

Tuesday, 20 August | 9:00 – 10:00

Mahmoud Abouelhassan
Senior Manager
E-Finance

In these days we are focusing on topics related to enterprise risk and compliance, I’ve noticed the strong intention for companies and governments to step toward digital transformation on governance, risk, controls, and compliance (GRC). The process of digitalizing the GRC will focus on a series of doubts, misunderstandings, judgments, or obstacles—and all can be defined as myths. I will identify a list of these myths. If we held some of these, we’ll get rid of them. Make a move and support a powerful enterprise risk and compliance strategy. There are many solutions claim that it can manage GRC. We all know the purpose of GRC: To meet business objectives, safeguard the company, and provide business continuity.

We’ll focus on some areas:

  • Continuous controls monitoring
  • Loss and fraud prevention
  • Enterprise risk and audit management
  • Cybersecurity

Can we have a GRC solution without technology? In the digital era, with the intelligent enterprise era now in front of us, we can’t survive without technology. I can’t imagine a risk, control, and compliance team mitigating enterprise risk without automated tools to help safeguard the company. All companies now from different sizes around the world automating core functions like finance, human resources, procurement, supply management, and others. Companies will not suffer from incidents and its relevant damages if they operated rhythm as the business processes.

After completing this session, you will be able to:

  • Realize the critical need for GRC Digital Transformation.
  • Understand the Digital Transformation Journey and its business benefits.
  • Know the roadmap to GRC Digital Transformation.
  • Plan for GRC Digital Transformation

222—Satellite Systems for Navigating Governance of Enterprise IT Intermediate

Tuesday, 20 August | 10:30 – 11:30

SheLeadsTechEunice Peter
Office of the Auditor General - Kenya

In IT Governance requires more than one satellite systems to assist in navigation. At the same time, we need to create a formal enterprise and IT governance structure without losing focus on creating value for our stakeholders. For us to achieve this, we need to ensure proper balance of performance and conformance and leverage industry available best practices.

Before we begin navigating, we need knowledge and tools. Knowledge of a start point, expected end point, planned route, time to be taken and the capabilities. Likewise, we need tools of a clear map, compass and GPS.

Satellite systems need to be pinpointed and prioritized. Firstly, cascading goals which are the most important enabler goals to be achieved. The expected result of goals cascading is to understand what areas of the business have the most valuable impact to creating value.
Secondly, pain points which are challenge areas which cause pain. The expected result of analyzing pain points is to respond to issues that are clearly causing concern but have not been acted upon.

Thirdly, risk scenarios, looking at business goals affected and the most appropriate responses. The expected result of analyzing risk scenarios is to support informed decision making based on likelihood and impact.

Fourthly, all regulatory and legal compliance requirements. The expected result of analyzing compliance requirements is to ensure proper responses are in place. In conclusion, the ultimate goal is to create stakeholders value.

After completing this session, you will be able to:

  • Understand Governance Risk Compliance (GRC).
  • Understand multiple satellite systems in navigating Governance of Enterprise IT.
  • Navigate Governance Risk Compliance (GRC) efforts in a holistic manner.
  • Leverage multiple satellite systems and techniques in balancing performance and conformance when determining GRC priorities.

232—The Cathedral and The Bazaar - Does Governance Still Play a Role in an Agile World? Intermediate

Tuesday, 20 August | 12:45 – 13:45

Christian F. Nissen, CISM, CGEIT
Senior Consultant
CFN Consult

Most organisations leverage more than one delivery model in their provision of digital products and services. The delivery models span from the traditional predictive plan-driven approaches, over adaptive agile approaches to integration of existing services from multiple sources.

But how does this diversity affect the way we govern and control the provision of digital products and services?

In this presentation, the speaker will briefly introduce his views on agility and governance as concepts and then turn to giving practical examples of the challenges we face in governance of agile delivery models as well as providing solutions for using more traditional means of governance of agile and continuous delivery of digital services. Then he will share some ideas for agile approaches to governance itself.

However, the biggest challenge many organisations face is not how to govern different delivery models, but how to govern the mesh of delivery models that in reality cannot be kept separate, but in many projects and product development initiatives are tangled together. The last part of this presentation will therefore give practical examples and ideas on how to govern the balance between performance and conformance (compliance and stability) in environments that draws on all three approaches at the same time.

After completing this session, you will be able to:

  • Distinguish between different delivery models and their respective needs for governance and control
  • Use different means to govern and control agile delivery.
  • Adopt an agile approach to governance.
  • Govern a mesh of diverse delivery models.

242—The Development of a COBIT 5 / COBIT 2019 Web-based Software Toolkit Advanced Technical

Tuesday, 20 August | 14:15 – 15:15

Neels Kruger
Professor
North-West University/University of Pretoria

This will be a practical demonstration of a Web-based Software toolkit developed in support of COBIT 5 and COBIT 2019 assessment and implementation.

It will be practically demonstrated how web-based software can enable IT Auditors and/or IT Consultants to prioritize and cascade Business and IT Goals to IT Objectives and how IT Component's maturity can be determined. Furthermore, It will be demonstrated how COBIT 19 Component Maturity Assessments link to Enterprise Architecture, and "other" frameworks such as ITIL and TOGAF. The session will end with demonstrating how COBIT 19 based software can be used as a starting point in building a road map to COBIT 5 or COBIT 19 implementation.

After completing this session, you will be able to:

  • Understand the methodology behind the development of a Web-based Software Toolkit in support of COBIT 5 / 2019 Assessments and Implementation (as applicable to Private and Public entities).
  • Understand how software tools can be used to prioritize and cascade Business Needs to Business Objectives (or Governance requirement), to ICT Objectives (i.e., ICT Processes and Components/Enablers as per the COBIT 5 or COBIT 2019 Frameworks).
  • Understand how web-based software tools can be used to assess the capability or maturity level of ICT Objectives (processes) and Components (enablers) as per the COBIT 5 or COBIT 2019 Frameworks.
  • Understand how web-based software tools can be used to priorities which IT Components/Enablers (inclusive of Processes, Structures, Principles, Information, Culture, People, Services, infrastructure and applications, etc., (need intervention).


Return to Event Page >>
 

Track 3—Risk and Compliance

113—Innovative Risk Identification Approach Advanced Managerial

Monday, 19 August | 10:45 – 11:45

SheLeadsTechNeetu Choudhary, CGEIT
Project Lead-CMMI
DP World, Jabel Ali Freezone

5 step innovative approach to identify risk. Approach is innovated by me based on my experience in risk and quality management. Step 1 is Customer requirements – Customer requirements, operational capabilities and operational constraints are the primary source of requirement related risks. Decision matrix used for analysing the requirement related risks. All requirements on column, capabilities and constraints on top row.

2. Project Objective and scope

3. CTQ - Critical to quality identified from customer requirements. Determine what is most important to your customer. Develop an understanding of what is critical to quality (CTQ) from the voice of the customer (VOC). These parameters will be how the customer measures the project’s performance after completion.

4. CFS (Critical Success Factors) To fulfil the customer’s expectations, these factors must meet requirements. If CSFs are absent or do not meet the customer’s standards, it may cause a project failure; thus, risk identification is crucial in this step.

5. Imperfections - Assumptions, constraints and dependencies are the key factors every operation have and which lead to risk identification.
Assumption: This may be a risk that’s represented as a what-if question such as, “What if this assumption does not come true?”
Dependencies and constraints: When factors are dependent on one another, they cause risk. If there is a dependency of factor X on factor Y, some of the risk associated with Y is inherited by.

After completing this session, you will be able to:

  • Innovative and simple 5 steps approach for the risk identification, which is applicable for all domain and industry.
  • Describe detailed fish-bone for the 5 step risk identification approach with detailed example of each step.
  • Risk management complete cycle right form the risk identification to feeding back to risk learning.
  • Understanding of various parameters to qualify risk impact and how these parameter can be used for the risk identification.

123—Agile, DevOps and Compliance Advanced Managerial

Monday, 19 August | 12:45 – 13:45

Top-Rated SpeakerGuy Herbert
Head of IT Risk and Compliance
Atlassian

The session will lead participants through the agile development process and how this works with DevOps. They will be shown the interactions with compliance during that process and how they can use technology and process to improve their organisations development speed as well as hitting their compliance objectives. Specific audit controls and tests will be discussed so that participants will have concrete examples that they can take away and use in their organisations.

After completing this session, you will be able to:

  • Understand DevOps and Agile risks and controls.
  • Understand the DevOps and Agile process flow.
  • Design controls for DevOps and Agile developments.
  • Design audit plans for DevOps/Agile environments.

133—Additional Information Coming Soon!

Monday, 19 August | 14:00 – 15:00

 


143—Risk Maturity Models: Assessing ERM Effectiveness Intermediate

Monday, 19 August | 15:30 – 16:30

Daniel Udochi, CISA, CISM
General Manager Risk & Compliance Management
MTN

The proposed session will commence with a brief introduction to frameworks and standards for implementing enterprise-wide risk management; and would highlight the need for assessment of the ERM implementation in order to demonstrate it effectiveness to key stakeholders. Having established this need, the session will proceed to introduce the maturity model concept - providing detailed guidance on the underlying principles, construction and application to risk management. Leading Risk Maturity Models will also be discussed.

Following from the discussion, practical guidance will be provided on how to create and implement a best-fit risk maturity model unique to the organization. This guidance would be demonstrated using as case study the best-fit model developed for a telecoms operator.

The session would wrap up with some caveats for, and benefits of implementing a risk maturity model. Finally, questions from participants would be solicited and addressed as appropriate.

After completing this session, you will be able to:

  • Gain appreciation of various standards, frameworks, and guides for implementing enterprise-wide risk management programmes.
  • Understand the need for assessing the effectiveness of an organization's risk management programme.
  • Understand the concept of Risk Maturity Models, the principles behind its construction and use. Gain appreciate of leading RM models.
  • Understand how to create and implement "best-fit" Risk Maturity Models for your organization.

213—Emerging Mobile Payment Technology Cybersecurity, Disruption and Risk Development Advanced Managerial

Tuesday, 20 August | 9:00 – 10:00

Kaya Kazmirci
GM
Kazmirci Associates

Two fundamental changes in traditional payment methods are changing the landscape of spending: Emerging blockchain based currencies and alternative payment channels are disrupting time honored cash and credit card based transaction service providers. Enabling cheap transactions where traditional banking services are expensive is critical for supporting business growth (especially in the developing world where banking services are not always cheap or available). At the same time, ensuring appropriate privacy, security as well as the disclosure level that customers are demanding mandates innovation in a very conservative industry. The session's goal is to both describe emerging payment methods as well as their strengths and weaknesses related to traditional payment means. These new currencies enable new payment channels and require a new set of controls to ensure that they are both secure and convenient to use.

After completing this session, you will be able to:

  • Understand the operational details of several emerging technologies including Quantum computing, AI/ML, IoT and Image Processing that could significantly disrupt present operational norms as well as introduce improved ways of working.
  • Describe the ways that these Emerging Technologies might interact with each other and how these interactions impact us e.g. IoT and Image Processing will enable enterprises to visually monitor us 24/7 and thus enable a 1984esque police state.
  • Review vulnerable industries including financial services, health care and telecommunications as well as opportunities to avoid disruption prone technologies like present encryption method enabled blockchain applications.
  • Assess governance initiatives that could impact emerging payment technology risk (both disrupting and enhancing).

223—Why Your Privacy Programme is Failing Intermediate

Tuesday, 20 August | 10:30 – 11:30

SheLeadsTechRoelien Howell
Senior Managing Consultant
Mobius Consulting

 

 

SheLeadsTechCandice Jackson
Managing Consultant
Mobius Consulting

In the presentation, the speakers will discuss the changing privacy landscape; and how it practically affects organisations at a local and multi-national level. They will provide an outline of the success factors to establish, implement and maintain a Privacy compliance programme. They will refer to case studies, practical learnings and successes to leave you with valuable insight for driving a successful Privacy programme.

This talk will also offer insight into common pitfalls around privacy implementation and practical approaches to avoid costly mistakes and oversight.

After completing this session, you will be able to:

  • Understand common privacy implementation pitfalls and remedial actions - especially for long term strategies.
  • Gain a practical view of the leverage points that other functions in your organisation can offer for success.
  • Understand the crucial links between effective Privacy management and the emerging world of information security as well as related practices.
  • Setting up your control monitoring strategy with the help of Internal Audit.

233—Change Management for Digital Transformation: Case Study Advanced

Tuesday, 20 August | 12:45 – 13:45

SheLeadsTechRufina Achieng
Managing Consultant

Change management is a deliberate set of activities that facilitate and support the success of individual and organizational change and the realization of its intended business results. Change management is critical for digital transformations, which are complex changes that extensively impact the customer journey, how employees work and how decision-making is done for the enterprise. The success of digital transformations is hinged on people getting on board, and staying on board. Furthermore, in the course of the change, customer and external stakeholder demands must still be catered for.

The presentation will cover change management concepts using tailored stories, interactive polls, authoritative research findings and a case study. The case study will demonstrate how COBIT was leveraged in developing and implementing the change management approach for a digital transformation. At the end of the presentation, lessons from the case study will be unpacked, and participants will be challenged to implement quick wins for the changes they are managing.

After completing this session, you will be able to:

  • Articulate the importance of applying organisational change management principles so as to achieve successful outcomes in digital transformations and professional engagements such as IT governance, risk management, cybersecurity, and audit.
  • Adopt the top 5 success contributors for change management, based on authoritative research.
  • Act on key considerations in preparing for, managing and sustaining changes.
  • Make use of the available ISACA guidance for applying organisational change management.

243—Mobile Payments Rising Risks Intermediate

Tuesday, 20 August | 14:15 – 15:15

Salah Eddine Mahrach
Risk Manager & Compliance Director
Moroccan Agency for Sustainable Energy

As relatively new financial service, mobile payment (m-payment) is gradually growing in popularity and significantly changing consumers’ experience. Though, as any new technology, m-Payment comes with its fair amount of risks. Financial services, Fintech firms and payment institutions have to be increasingly warry of related ICT and Cyber risks, as vulnerabilities lurking in payment systems.

The purpose of the session is to understand the mobile payment ecosystem, discuss ICT and cyber risks and control m-payment operations and related supporting systems, and walk through the most relevant control objectives when auditing mobile payment.

After completing this session, you will be able to:

  • Discover the mobile payment and how it is positioned in the payment industry and advantages it brings to the payment ecosystem. Related key figures will be presented.
  • Understand Mobile Payment systems functioning, its key components and involved parties.
  • Enumerate known IT and Security risks related to Mobile Payment activity Systems with a focus on fraud risks, and understand common prevention and detection associated controls.
  • Walk through the most relevant controls objective for auditing mobile payment systems.


Return to Event Page >>
 

Track 4—Security/Cybersecurity

114—The Art of Active Cyber Defense Intermediate

Monday, 19 August | 10:45 – 11:45

Top-Rated SpeakerAli Pabrai
CEO
ecfirst

The FBI reports that over two million IoT devices may have been compromised by malware. Attack speeds exceeding 1 Tbps! Who can forget the massive cyber-attack of October 21, 2016? IoT + DDoS = Botnet army. Our past is a mirror to the future. The journey of the past had Mirai associated with it. Kaizen implies continuous improvement. The future is about a kaizen cyber defense program. And this is where organizations must implement a credible cybersecurity framework. Businesses must establish the foundation for an active cyber defense. Mirai to kaizen! The threats are “mirai”, and the cybersecurity framework, the foundation of your cyber defense, is the “kaizen!”

We can learn so much from the human defense mechanisms, including our immune system. From cradle to grave, the human body is vulnerable, and this is no different from PII that flows through your organization. This PII is under attack, constantly. The PII, such as ePHI, or European Union Personal data, or cardholder data, volume will only increase, and so will attack surfaces. The challenge to defend assets of value that extend across mobile platforms, IoT devices, and a diverse cloud eco-system is not insignificant.

The threat is asymmetric. The enterprise cyber defense must be symmetric and systematic. Businesses must implement a disciplined approach to address the multitude of compliance mandates continually. Cyber defense must be established firmly on a credible cybersecurity framework.

After completing this session, you will be able to:

  • Examine core elements of your digital business cyber immune system.
  • Assess enterprise readiness for attacks such as IoT + DDoS, botnets, ransomware and more.
  • Review options for and how to implement a credible cybersecurity framework
  • Step thru how a single cyber standard addresses GDPR, NIST CsF, 23 NYCRR 500, and more.

124—Cyber Warfare & the New Threats to Security Intermediate

Monday, 19 August | 12:45 – 13:45

Claudio Cilli, CISA, CISM, CGEIT, CRISC
Professor
University of Rome

The rules of cyber-war and why it's considered a real war, comparable to the conventional are shown using real life examples. The audience have the possibility to interact with the speaker anytime during the presentation. At the end of the session, attendees will have a knowledge of how dangerous cyber-warfare can be, and how it can be used against a nation or a big company. The attendees will also learn how to protect against the information flooding, the new frontier of cyber-war.

After completing this session, you will be able to:

  • Know critical infrastructures: what they are and why they need to be protected.
  • Comprehend cyber-warfare definition and techniques.
  • Understand the rules of cyber-warfare.
  • Protect their companies against cyber-attacks.

134—Auditing with SOC-CMM: Cybersecurity Detection and Incident Response Advanced Managerial

Monday, 19 August | 14:00 – 15:00

Vilius Benetis, CISA, CRISC
Cybersecurity Professional, CEO
NRD Cyber Security

Security Operations Center Capability Maturity Model (SOC-CMM) is freely available methodology for assessing organisations' cyber security operations - from governance, people, skills, processes and technology perspective. Speaker would share own experience using this tool in many diverse projects around the world: how best to use it, what are benefits and drawbacks. Session is valuable for IS auditors, for cybersecurity specialists, for CISOs, and other cyber security enthusiasts.

After completing this session, you will be able to:

  • Understand SOC-CMM model to choose it when needed.
  • Apply the SOC-CMM model for their audits or consultancies.
  • Understand SOC-CMM model limitations.
  • Assist SOC/CSIRT organisations to measure themselves and become more effective.

144—Developing a Cybersecurity Strategy to Contain Cyber Threats Advanced Managerial

Monday, 19 August | 15:30 – 16:30

Glory Idehen, MBT, SCF, CGEIT, CISM, CISA
Assistant Director- Capacity Development
Central Bank of Nigeria

Most times security initiatives or projects are commenced with to address particular threats or response to particular attack. This ad-hoc approach results in the organization having array of disjointed systems costing the organization huge financial and human resources that could have been put to better use.

This presentation would walk the audience through the steps to developing an Enterprise Cybersecurity Strategy. It starts with identifying the key drivers for change necessitating the need to have Cybersecurity strategy by the Chief Information Security Officer (CISO). The CISO or delegate would follow the steps below:

  1. Gather business stakeholders to solicit support for the initiative
  2. Identity the key assets of the organization and classify them according to their level of importance or criticality.
  3. Perform a thorough analysis to determine current and future threat or risk faced by the assets.
  4. Determine control gaps
  5. Propose cybersecurity initiatives to close the cybersecurity gaps identified above
  6. Seek and get Management approval of the strategy and funding for the initiatives

After completing this session, you will be able to:

  • Better understand the concept of an Enterprise Architecture approach to the Governance, Management and Implementation of Information Security for their organizations.
  • Perform an Enterprise Risk Management assessment for their organizations.
  • Know the concept of defense in-depth approach to building a Cybersecurity.
  • Get better knowledge of the Information Security Frameworks.

214—Additional Information Coming Soon!

Tuesday, 20 August | 9:00 – 10:00

 


224—Digital Forensics Applications & Practices Advanced Managerial

Tuesday, 20 August | 10:30 – 11:30

Arinze Umeche
MD/CEO
Arichris Tech Limited

Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.

The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil courts.

Criminal cases involve the alleged breaking of laws that are defined by legislation and that are enforced by the police and prosecuted by the state, such as murder, theft and assault against the person.

Civil cases on the other hand deal with protecting the rights and property of individuals (often associated with family disputes) but may also be concerned with contractual disputes between commercial entities where a form of digital forensics referred to as electronic discovery (e-discovery) may be involved.

After completing this session, you will be able to:

  • Learn the application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tool.
  • Learn how tools like Wireshark collect all data on layers and allows the user to filter for different events. Like website pages, email attachments, and other network traffic can be reconstructed only if they are transmitted or received encrypted.
  • How web server logs can be used to show when (or if) a suspect accessed information related to criminal activity.

234—When Worlds Collide Intermediate

Tuesday, 20 August | 12:45 – 13:45

Top-Rated SpeakerPaul Phillips, CISA, CISM, MBA
Technical Research Manager
ISACA

While the ERM program is talking to senior leadership and the Board about Macroeconomic, Strategic, and Operational risks, the typical CISO goes to them with concerns about phishing scams, credential theft, or some Panda hacking group exploiting a Meltdown vulnerability in the AWS cloud environment. How urgent is it? Critical. How does that compare with all the business’ other risks? We can’t compare them directly. How does the business make trade-off decisions? No response.

That’s the problem in a nutshell. The information security profession struggles to quantify cyber risks and put them side by side with other enterprise risks because we’re starting with a fundamentally flawed model that starts with an asset level understanding of criticality and vulnerability without a true understanding of the business dynamics.

How does a typical security analyst assess risk? They start by asking: 1) what are we protecting, 2) who wants it, 3) how will they attack, and 4) where are we vulnerable. In order to truly integrate cyber threats into an ERM program, the risk equation needs to be flipped by starting with business outcomes, and then identifying the scenarios that might be relevant.

After completing this session, you will be able to:

  • Answer how does a typical security analyst assess risk.
  • Integrate cyber threats into an ERM program, the risk equation and business outcomes.
  • Translate cyber threats and vulnerabilities into business terms to communicate more effectively with senior leadership and the board of directors.
  • Analyze a Compliance or Service Availability risk that has a cyber threat trigger and sizing of that risk in quantifiable business terms.

244—Cyberlaw and Governance in an Age of Cyberattacks and Cybercrime Advanced Managerial

Tuesday, 20 August | 14:15 – 15:15

SheLeadsTechTrishana Ramluckan
Post Doctoral Research Fellow International Cyber Law
University of KwaZulu-Natal

 

 

Brett van Niekerk, CISM
Senior Information Security Analyst
University of KwaZulu-Natal

By its boundless nature, the Internet creates legal challenges regarding issues such as jurisdiction and state sovereignty. Normally every sovereign nation would create its own legislation, which is applied within its governing jurisdiction. However, since Cyber-space has no physical borders, therefore no jurisdictional regulation, it becomes difficult to govern, nationally and internationally. Further to this, the recent surge in privacy legislation e.g. GDPR, has created another challenge concerning the right to monitor online activity and to gather user information. Although most legislation regarding cyber-space falls within the ambit of privacy or criminal law, this still presents challenges for organisations who are victims of international or state-backed cyberattacks. These challenges require effective legal regulation to address cybersecurity, its technical and social complexities, including legislative frameworks together with collaboration with the global communities, the private sector, professional educational and capacity building. The presentation will discuss the legal challenges related to cybersecurity, provide an overview of international legal frameworks and guidelines, and the implications for organisations, as cybersecurity is becoming a major concern as new technology models, combined with a greater dependency on technology are driving changes in companies approach to security in a new way.

After completing this session, you will be able to:

  • Have knowledge of local, regional and international legal frameworks and guidelines related to cybersecurity.
  • Understand the implications of international cyberattacks on legal and governance frameworks.
  • Understand the legal and governance challenges facing organisations in a world of international cyberattacks.
  • Develop an understanding of how international privacy legislation may impact cybersecurity within the organisation.


Return to Event Page >>
 

Track 5—Career and Communications Management

115—Implementing a Cybersecurity Skills Competencies Framework Advanced Managerial

Monday, 19 August | 10:45 – 11:45

Top-Rated SpeakerAllan Boardman, CISA, CISM, CGEIT, CRISC
Independent Business Advisor
CyberAdvisor.London

Organisations are faced with very real challenges in attracting and retaining talent with the appropriate skills and competencies. It is therefore very important that they have a clear understanding of their skills competencies, technical and non technical, across their teams and are able to identify any gaps so that these can be addressed. This session will provide a clear insight, based on a recent practical experience, into the tools that can be used to implement a skills competencies framework and the processes to perform self assessments for individuals and departmental level assessments. Industry wide guides and frameworks that will be referenced include those from COBIT, SFIA, NICE, BCS, CESG and ISSP.

After completing this session, you will be able to:

  • Gain a clear understanding of a practical approach to implementing a skills competencies framework across information assurance roles, including audit, security and risk management.
  • Understand how the various industry guides and frameworks can be leveraged to develop and customise a skills competencies framework.
  • Learn about practical tools that can be used by management to assess skill levels within their own teams and identify potential gaps.
  • Learn about a practical tools that can be used by individuals to self assess their own competency levels across a range of relevant skills, and identify areas they may wish to focus on in support of their career development.

125—Women's Role in Cybersecurity Innovation Advanced Technical

Monday, 19 August | 12:45 – 13:45

SheLeadsTechBrencil Kaimba, CISA
Cybersecurity Consultant
Serianu Limited

 

 

SheLeadsTechBarbara Munyendo, CISA
Information Security Consultant
Serianu Limited

Jobs in Cybersecurity are exploding, but why aren’t women in the picture? Research shows that Women make up only 20% of the cybersecurity workforce globally according to Research firm Frost and Sullivan. In Africa, this figure is much lower. With the increase in complexity of security challenges, the Ecosystem now requires a diverse workforce and teams that include people with diverse cultures, experiences, ideas and approaches that will drive greater creativity, deliberation and insights. Now more than ever, we need more women within the Cybersecurity space. To be more precise, we need more technical women to sit at the Cybersecurity table.

A review of the statistics on women in Cybersecurity reveals that over the last 5 years, there has been a slow but steady increase of women in cybersecurity, and especially notable progress in Information Security; Governance Risk and Compliance. However, it would be imprudent not to acknowledge that the numbers specifically in the technical facets of cyber security are wanting. There is a notion pushed across that women should be / are better in the Governance, Risk and Compliance facets of cyber security. Unlike previous discussions, this proposed gender gap discussion is not really one of right versus wrong or men versus women but rather one that seeks to showcase that women can be technical and that they are critical in the fight against Cybercrime.

After completing this session, you will be able to:

  • Identify the numerous opportunities for growth within the Cybersecurity space.
  • Understand the different innovative projects that young women across Africa are pursuing.
  • Explore different ways of positioning yourself within the organisation.
  • Work -life balance and what this means to a woman's career.

135—A Structured Approach for the Effective Presentation Intermediate

Monday, 19 August | 14:00 – 15:00

SheLeadsTechNeetu Choudhary, CGEIT
Project Lead-CMMI
DP World, Jabel Ali Freezone

Paper presents the well-known Deming cycle PDCA- Plan-Do-Check-Act cycle real life application to demonstrate structured approach for the presentation. The approach determines the importance of presentation skills beside technical skill, and addresses by the approach to develop it in an organized way.

PLANNING phase of the presentation includes WWWHWW abbreviation- WHY, WHAT, WHOM, HOW, WHEN, WHERE. Identifying WHY presenting is the core and the most important question. WHOM to present, guides in defining detailing of the content and approach of the presentation. Presentation of WHAT to be presented depends largely on to WHOM it to be presented. HOW determines the tool and technique required for the presentation, WHERE has dependency on what needs to be communicated through the presentation. This gives holistic way for planning any presentation/facilitation.

After planning comes-DO. Execution of the presentation initiates with the bang, an attention catching action. If attention is captured in 3 seconds of the presentation, whole message can be delivered effectively. DO covers Start-Body/content and end details. BANG at the beginning is to catch attention of audience and END BANG is to leave audience with the long lasting message. Content or body of the message covers practical aspects, dos and don’ts.

CHECK phase addresses taking feedback – hard and soft ways, during and after the presentation.

ACT to complete the learning by acting on learning and action it.

After completing this session, you will be able to:

  • Understand a new approach to learn effective presentation skill.
  • Innovative approach to use PDCA cycle in enhancing presentation skills.
  • BANG concept to start and finish the presentation with long lasting message to audience.
  • International best practices for the effective presentation.

145—Additional Information Coming Soon!

Monday, 19 August | 15:30 – 16:30

 


215—A Spectrum of Professions: The ISACA Global Community, Past, Present and Future  Panel Session

Tuesday, 20 August | 9:00 – 10:00

A Panel to Mark ISACA’s 50th Anniversary 2019

The Spectrum of Professions panel will examine the pioneer professions of the association--electronic data processing control, audit and assurance employees and management. What did these individuals do; what was their skill set; where did they work (in the organizational structure and in what industries/organizations); what was their training; who was the “boss”; was it a job or a profession; and how did their careers evolve; will be among the areas of discussion.

Similar themes will be pursued by panelists whose careers have traversed governance, risk, information security and cybersecurity. Additional areas will be probed, however, including but not limited to: the past and present in compensation; training and development; credentials and certification; successes and failures; and challenges and innovations—in the professions and of the professionals of ISACA’s global professional community. Importantly, panelists will be charged with predicting the future, perhaps a 10-year view, of their professions, their roles, and their responsibilities.

After completing this session, you will be able to:

  • Identify and explore the rationale and roots of ISACA’s professions
  • Discover how and why the professions have morphed over time
  • Learn of ISACA’s importance to the individuals as professionals, and in turn, the individual professions contribution and importance to their organizations and enterprise
  • Glimpse the future of the global professional business technology community and ISACA’s opportunities to best serve individuals and our technology-driven world.

225—Additional Information Coming Soon!

Tuesday, 20 August | 10:30 – 11:30

 


235—Managing Social Media Intermediate

Tuesday, 20 August | 12:45 – 13:45

Claudio Cilli, CISA, CISM, CGEIT, CRISC
Professor
University of Rome

The risks from social media are real, for you and for your organization. Financially-motivated criminals are increasingly using social media sites to steal identities, spread malware and send spam. Social networks are getting better at protecting users against these threats – but there’s a long way to go. Company and personal reputation are crucial in a connected world. Don’t stop using social media … just make sure you use it safely!

After completing this session, you will be able to:

  • Understand how social media threats work (spam, phishing, malware).
  • Understand the "perfect storm": Facebook, Twitter and other social media. How they work and why they're dangerous.
  • Social media attack techniques: how thy work and why they are successful.
  • Understand tips and apply measures for staying secure.

245—Strategies for Dealing with an Increasingly Sophisticated Cyber Threat Landscape Intermediate

Tuesday, 20 August | 14:15 – 15:15

Top-Rated SpeakerAllan Boardman, CISA, CISM, CGEIT, CRISC
Independent Business Advisor
CyberAdvisor.London

Cyber criminals are continuing to reshape the threat landscape as they update their tactics and tools and escalate their attacks against businesses, governments, and even the infrastructure of the internet itself. Organizations must adopt approaches to cybersecurity that will require full engagement from senior executives to protect critical business information and systems without constraining innovation and growth. They need to look ahead at what new threats might be around the corner, prepare for evolving attacks, and ensure they’re equipped with layered security. This session covers strategies for ensuring that the business is fully engaged in cybersecurity and adopts a business-driven cybersecurity model for dealing with an increasingly sophisticated threat landscape.

After completing this session, you will be able to:

  • Understand the need for a business driven approach and ensuring that the main focus should be on the most critical and sensitive business digital assets (crown jewels).
  • Identify key capabilities in terms of systems (including tooling), people (including resource capabilities), and processes (including assessing maturity).
  • Appreciate the increasing sophistication of the threat landscape including the impact of technologies such as artificial intelligence and IoT.
  • Recognise the key elements to creating a cyber risk aware organization to cover people related threats.


Return to Event Page >>
 

Workshops

WS1–COBIT 2019 Foundation Course

Wednesday, 21 August & Thursday, 22 August | 9:00 – 17:00

Registration Fee: ZAR 10,500 plus 15% VAT
COBIT Foundations Training with Exam Voucher: ZAR 9,100 plus 15% VAT
COBIT Foundations Training without Exam Voucher: ZAR 7,000 plus 15% VAT

Top-Rated SpeakerTichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor
Director | Board of Directors
ISACA

Is your organization suffering from a lack of enterprise governance over information and technology (EGIT)? Or, is your organization lacking a holistic governance approach to information and technology (I&T)? At this workshop, you will learn the fundamentals of COBIT 2019. It is ideal for those who are new to the discipline of I&T governance—either from a business perspective or from an IT perspective. COBIT 2019 builds on 20+ years of critical thinking and practical experience of I&T governance. This workshop will prepare you to take the COBIT 2019 Foundations Certificate examination.

After completing this workshop, you will be able to:

  • Explain the key attributes of the COBIT framework.
  • Describe the components of a governance system.
  • Describe the elements of governance and management objectives.
  • Differentiate COBIT performance management using maturity and capability perspectives.
  • Describe the COBIT design factors.
  • Explain the key points of making the case for a COBIT implementation project.

Attendees will receive the following resources to support the training:

  • COBIT 2019 Laminate
  • PDF - COBIT 2019 Framework: Introduction and Methodology – an introduction to the key concepts of COBIT 2019
  • PDF - COBIT 2019 Framework: Governance and Management Objectives - comprehensively describes the 40-core governance and management objectives, the processes contained therein, and other related components. This guide also references other standards and frameworks.
  • PDF of the training materials (instructor ppt)
  • Practice exam

WS2–Cybersecurity Audit Certificate Programme

Wednesday, 21 August & Thursday, 22 August | 9:00 – 17:00

Registration Fee: ZAR 10,500 plus 15% VAT

John Tannahill
Management Consultant
J. Tannahill & Associates

It’s not just the high cost to an organisation in the event of a breach, but the inevitability of an attack that makes cybersecurity critical. With the increasing number of cyberthreats, it is becoming critical for the audit plan in every organisation to include cybersecurity. As a result, auditors are increasingly being required to audit cybersecurity processes, policies and tools to provide assurance that their enterprise has appropriate controls in place. Vulnerabilities in cybersecurity can pose serious risks to the entire organisation—making the need for IT auditors well-versed in cybersecurity audit greater than ever. ISACA’s new Cybersecurity Audit Certificate Programme provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits. It provides security professionals with an understanding of the audit process, and IT risk professionals with an understanding of cyber-related risk and mitigating controls.

After completing this workshop, you will be able to:

  • Understand security frameworks to identify best practices
  • Identify cyber and legal regulatory requirements to aid in compliance assessments
  • Perform cybersecurity and third-party risk assessments management including ISAC (Information Sharing), common cyber-attacks, penetration testing, and red team/blue team/purple team exercises
  • Enhance your asset, configuration, change and patch management practices
  • Assess network security from security architecture to traffic analysis to segmentation to data loss prevention
  • Audit application security using SDLC controls and OWASP best practices
  • Distinguish between firewall and network security technologies
  • Identify weaknesses in cloud strategies and controls
  • Identify the benefits and risks of containerization

Registration for this workshop includes:

  • Cybersecurity Audit Certificate – Onsite Training Course
  • Cybersecurity Audit Certificate Study Guide (eBook)
  • Cybersecurity Audit Certificate Exam Voucher

*These items will be accessible to registered attendees one week in advance of the conference. Please contact https://support.isaca.org with any questions.


WS3–Cybersecurity Risk Management: A Practical Approach Intermediate

Wednesday, 21 August | 9:00 – 17:00

Registration Fee: ZAR 4,900 plus 15% VAT

Allan Boardman, CISA, CISM, CGEIT, CRISC
Independent Business Advisor
CyberAdvisor.London

Nature & Objectives

Enterprise risk management defines the framework and the processes used by organizations to identify, analyse, and address risks that can interrupt or disrupt the organization’s ability to carry out its core functions and meet its mission. Cybersecurity should be an integral part of an organization’s enterprise risk management program. This workshop will explore the key components needed for a successful cybersecurity risk management program.

Course Outline

With cyber threats looming larger than ever before, executive leadership need to be kept informed about the current level and business impact of cybersecurity risks to their organizations. By following a practical approach to managing cybersecurity risks, this workshop will include tools and techniques for developing, implementing and operating strategies to manage cyber risks.  The workshop will include learnings and practice in:

  • Identifying critical assets and associated impacts from cyber threats
  • Using scenarios to evaluate specific cyber risks
  • Understanding an organization’s risk exposure
  • Identifying and prioritizing specific protective measure

Who Should Attend

Cybersecurity, Risk Management, Audit and Compliance Professionals. Anyone involved in helping their organization manage cyber risks.


Return to Event Page >>
 

Keynotes

From Disruptive to Daily Dependence: 50 Years and Future Tech  Panel Session

A Plenary Panel Discussion to Mark ISACA’s 50th Anniversary 2019

Monday, 19 August | 9:00 – 10:15

ISACA professionals in the last 50 years have had to quickly assess new technologies, implementing support, control, audit, governance, risk assessment, and so much more, for their organizations, business enterprise and operations. As we look to the future – assessing and implementing technologies that are disrupting industries, and the tech that has yet to come – we can also learn from the past.

This expert panel, featuring CISOs, CIOs, CEOs, and other leaders, will review the disruptive technologies that have changed how we live and work, and discuss “what’s next, now” – the current state of disruptive technologies and what we can look forward to with the ever-accelerating technology change machine.

Some disruptive technologies, by decade:

  • 1960s: mainframe, Internet, first learning robot, laser beam, man’s moon landing
  • 1970s: personal computer, laser printer, LCD panel, compact disc, 1G mobile network
  • 1980s: laptop computer, IBM PC, Internet protocol standard, cell phones, the Walkman
  • 1990s: World Wide Web, e-commerce, Hubble Telescope, DVD, USB flash drive, MP3 players
  • 2000s: WiFi, smart phones, Google, social media, GPS for civilian use
  • 2010s: tablets, 8-terabyte hard drive, 5-atom quantum computer, IoT

Closing Keynote Speaker

Stafford MasieStafford Masie
CEO of Google Africa (2006–09) and Non Executive Board Member at ADvTECH

Stafford has been in the IT industry for more than 15 years and has assumed several roles throughout his career. He worked for numerous companies before starting his own consulting and engineering services company. After this was acquired he joined a multinational enterprise software company called Novell, moving to the USA where he spent 6 and a half years working at their head office. He played a significant role in the open source software arena in the USA and later returned to South Africa to assume the role of country manager for Novell South Africa. He went on to become the CEO for Google Africa and Sub Sahara. He focuses on the impact that technology is having in societies and different cultures. He has a thorough understanding of what exactly is happening "out there" and how to take advantage of it. Versus sticking to particular topics or categories of subject matter, Stafford prefers to tailor his content per client and per vertical business sector; this simply to ensure greater relevance and value to the audience, with the most impact.


Return to Event Page >>