Africa CACS Presentations and Descriptions 

 
 

 Panel Sessions Panel Sessions

Beginner Beginner       Intermediate Intermediate       Advanced Advanced

Track 1—IT Audit and Assurance

111—What is the True Cost of Not Keeping Up with the Technology Evolution?

Monday, 19 August | 10:45 – 11:45

  Download Presentation

Dominic Nel
Chief Revenue Officer
SurTech Solutions

When you think about automation, a lot of people immediately think that it’s lowering costs and driving out elements of human effort. As technology gets more advanced, it offers ways to visualise and analyse data better. But with phrases or buzz words such as multi-use tech, cloud adoption, robotics and predefined big data analytics being thrown around, what do they mean? Are they really the game changers for auditors and GRC professionals that they claim to be?

After completing this session, you will be able to:

  • Top 4 disruptions organisations face
  • Why the move to technology needs to happen
  • How technology compliments human behaviour
  • Where can auditors contribute significant value for stakeholders
  • Can you compare apples and pears when choosing technology?

121—A Low Budget Approach to Log Analysis for Incident Response Intermediate

Monday, 19 August | 12:45 – 13:45

  Download Presentation

Bernard Wanyama, CISA, CISM, CGEIT, CRISC
Director
Syntech Associates

This session will highlight the value of cybersecurity incident response as a key capability in an organisation's cyber resilience strategy. It will provide insight on best practices for collecting and managing IT event data using open source solutions to enable higher visibility, faster threat hunting and deeper investigation.

Participants will learn about the latest threats and the various types of logs and machine-generated information that can be used to gain situational awareness about cyber risk in an enterprise IT environment. We shall demonstrate a low-budget approach based on open source technology such as Elasticsearch (ELK) and other projects that can provide a world-class logging platform for common technology infrastructure such as web services, databases and networks.

We shall also demonstrate how to perform investigations and detect both common and new attacks that target enterprises. The participants will also understand how machine learning can be applied to derive value from log data through behavioral analytics and anomaly detection.

After completing this session, you will be able to:

  • Understand the principles of incident response capability and the value it adds to the overall cybersecurity resilience of an organisation.
  • Design and develop an actionable, risk-based log management plan as part of the overall incident response plan for cybersecurity for an organisation.
  • Understand the wide range of threat activity (old and new) common to enterprise networks and how it can build up into incidents which have the potential to turn into breaches.
  • Design and implement log analysis controls using a low-budget approach by maximising the utility of common standard in-built system features (event log, netflow & syslog) and open source tools such as the Elasticearch stack.

131—Auditing IT Governance Intermediate

Monday, 19 August | 14:00 – 15:00

  Download Presentation

Osman Azab, CISA, CISM, CGEIT, CRISC
Deputy General Manager, Audit
Arab African International Bank

 

 

Mohamed Ragheb
IT Audit Deputy Manager
Arab African International Bank

Boards and executive management need to extend governance to IT and provide the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives. Given the prevalence, reliance, and ubiquity of IT in many enterprises operations and business model, IT should be considered an integral part of overall enterprise governance.

Increasingly, top management is realizing the significant impact that information technology (IT) can have on the success of the enterprise. Management hopes for heightened understanding of the way IT is operated and the likelihood of it being leveraged successfully for competitive advantage. In particular, boards and top management need to know if its IT management is:

  • Likely to achieve its objectives?
  • Resilient enough to learn and adapt?
  • Judiciously managing the risks it faces?
  • Appropriately recognizing opportunities and acting upon them?

After completing this session, you will be able to:

  • Understand basic concepts of Corporate Governance.
  • Understand what is IT Governance.
  • Understand why to audit IT Governance.
  • Understand how to prepare an IT Governance audit program.

141—Auditing Blockchain Advanced Managerial

Monday, 19 August | 15:30 – 16:30

  Download Presentation

Leighton Johnson, CISA, CISM, CRISC, COBIT 5
CTO, Senior Security Instructor
ISFMT

Bitcoin exploded on the monetary scene in 2008, and then rose dramatically in 2015-2017 to soaring heights. Today, it is relatively steady in its current values as investors, technologists and the general public began to understand its core technology, the Blockchain, and the potential uses. This presentation is designed to give an audit introduction to this core technology, the Blockchain, the fundamental concepts behind it and how to evaluate it use today.

Blockchain permits transactions to be gathered into blocks and recorded; cryptographically chains blocks in chronological order; and allows the resulting ledger to be accessed by different servers. It is used without a central authority between individuals or entities with no basis to trust each other, but choose to enter into a relationship to transfer value or the ownership of assets. Thus, the Blockchain contains a history of the transactions about an asset in an encrypted secure agreed-upon manner. Uniquely, the Blockchain is a distributed process with asset history (a block) as a core principle wherein each block of data is managed independently of any central authority, like a bank.

After completing this session, you will be able to:

  • Understand the characteristics and value proposition of Blockchain.
  • Identify the top security risks with each of the major Blockchain deployments.
  • Learn how to audit the use and advantage of the various Blockchain implementations.
  • Identify control issues with Blockchain.

211—Auditing Smart Contracts Intermediate

Tuesday, 20 August | 9:00 – 10:00

  Download Presentation

Taun Phan, CISSP
Partner
Caplock Security LLC

Smart contracts are tamper-proof computer codes on the blockchain that enable automated execution of agreements, rights, and obligations in digital form between two of more parties. Smart contracts provide standardization, speed, security, and certainty to transaction settlement. Accordingly, smart contracts are poised for rapid adoption as organizations seek to reduce transaction costs using blockchain technology.

One prevailing argument is that the combination of smart contract with blockchain technology reduce or eliminate the demand for audits as the underlying technology is both self-enforcing and verifiable to ensure data accuracy and integrity. However, the reality could not be further from the truth. In the blockchain era, auditors need additional skills beyond preparing and examining records, and attesting that internal control processes are working properly. In other words, auditors must be able to read and understand smart contract codes, and to relate the codes to the organization's internal control processes.

This session provides the attendees with key understanding of the fundamental concepts behind smart contracts, the legality, the risks relating to their use, and how that may impact audit activities. The session provides the launchpad from which auditors can better prepare to carry out audits of smart contracts as more organizations seek to adopt the use of blockchain technology to support their solutions and service offerings to their customers.

After completing this session, you will be able to:

  • Identify possible use cases of smart contracts.
  • Understand the legality of smart contracts. Are smart contracts legal mechanism in establishing agreements? What legal frameworks support or does not support the use of smart contracts? What governance consideration should be in place?
  • Learn the key concepts of smart contracts, and how the smart contracts may differ between permissioned and permissionless blockchains using actual smart contract examples from Solidity and Golang.
  • Recognize the technical, operational, and cybersecurity risks of smart contracts, and what controls can be implemented to minimize the risks from the use of smart contracts.

221—Six Control Principles for Audit of a Financial Services Blockchain Intermediate

Tuesday, 20 August | 10:30 – 11:30

Kreeban Govender
Senior Manager
Deloitte

This session, prepared by Deloitte’s Risk Advisory Blockchain practice, explores six control principles essential for blockchain adoption on a global scale:

  • Best Practice – Standard for Blockchain Development
  • Interoperability and System Integration Controls
  • Audit Rules
  • Cybersecurity Controls
  • Enhancement of Traditional ICT Controls
  • Business Continuity Planning

After completing this session, you will be able to:

  • Understand the fundamental differences between blockchain (Distributed Ledger Technology or DLT) based financial services applications and traditional financial services applications.
  • Identify differences in the application of internal audit procedures against for Distributed Ledger Technology.
  • Consider three macro factors which we consider essential to the widespread adoption of private DLTs within the financial community in the long term; Governance, Legal and Regulations, Standards.

231—Enterprise Resource Planning (ERP) System Audit Risk and Assurance Intermediate

Tuesday, 20 August | 12:45 – 13:45

  Download Presentation

Moonga Mumba
Director, Corporate Strategy
Zambia Revenue Authority

Organisations are designed to deliver specific objectives be it profit or not profit. They need processes that are supported effective and efficient systems. ERPs have become commonplace in business management by integrating key business activities end-to-end. Modern ERPs are now naturally having web interfaces to provide services seamlessly across oceans. However, this integration of business processes pose risks that organisations need to be aware of. This presentation highlights the key features of ERPs as well as provides practical insights into audit and assurance of integrated systems.

After completing this session, you will be able to:

  • Appreciate how an Enterprise Resource Planning (ERP) systems are structured.
  • Understand how User Administration is done in an ERP system with practical illustrations.
  • Have an appreciation of transaction codes and their respective security.
  • Appreciate risks in ERP implementations and the importance of the Information Systems Auditor Involvement in system security management during implementation, deployment, operation and maintenance of an ERP.

241—Is the Adoption of IT Strategic Alignment a Panacea for Success? - From an Audit Perspective Advanced Managerial

Tuesday, 20 August | 14:15 – 15:15

  Download Presentation

Abraham Nyirongo, CISA, CISM, CGEIT
Managing Consultant
Cyberskills Consulting

The presentation will seek to establish whether implementing IT strategic alignment does ensure success for an organisation. Many reports and papers have been written on the merits and demerits of IT strategic alignment. The alignment of the business and IT functions has been subject to a lot of debate in the IT management domain. It is well established that an organisation can deliver appropriate IT services if its business and information technology strategies and goals are aligned. Business-IT alignment can be defined as the extent to which business activities are enabled and supported by information technology. This alignment is often referred to as IT strategic Alignment.

It is the view of many researchers and practitioners that IT strategic alignment is an important contributor to the success of an enterprise. It was also established that implementing IT strategic alignment does ensure success if properly implemented and based on a sound business strategy. A weak business strategy would have a negative effect on the organisations IT strategic alignment. The basis of an IT strategic plan is to support the business organisation. The presentation will explore the possible audit objectives of auditing IT strategic alignment, present key areas of audit and key contributing factors for successful implementation of IT strategic alignment.

After completing this session, you will be able to:

  • Understand the role IT strategic alignment contributes to the achievement of strategic objectives in an organisation.
  • Understand the pros and cons of IT strategic alignment in an organisation.
  • Understand key objectives of auditing IT strategic alignment in an organisation.
  • Understand the key areas which require auditing in order to assess the effectiveness of IT strategic alignment in an organisation.


Return to Event Page >>
 

Track 2—IT Governance

112—COBIT and Governance in the World of Artificial Intelligence Intermediate

Monday, 19 August | 10:45 – 11:45

  Download Presentation

Etienne Shardlow
CEO
Symphonise Consulting

For the foreseeable future, humans will remain our primary decision-makers in business and elsewhere. Already, many decisions are being made with the guidance of artificial intelligence, systems that are learning from decisions previously made by humans. Many ethical concerns are already being raised as AI systems are learning and enhancing human bias, with "bias in - bias out" fast becoming a catchphrase.

This session will raise and attempt to answer a number of pertinent questions:

  • How do we as business and IT professionals use best practice in good corporate governance in guiding our use of artificial intelligence?
  • Are we using these cutting edge technologies for the right reasons and in the right way?

As a member of the South African sub-committee contributing to the new International Standard ISO/IEC 38507 for the Governance of the Use of Artificial Intelligence by Organisations, the speaker will give insights into global concerns around the use of AI.

As a regular trainer of COBIT training courses, the speaker will discuss the use of COBIT 2019 as a framework to support the good corporate governance of the use of I&T including AI, as well as the use of AI to support governance decision making.

After completing this session, you will be able to:

  • Describe some of the many concerns organisations have around artificial intelligence, machine learning as an emerging technology, particularly in the areas of ethics and corporate governance.
  • Understand the role that good corporate governance plays in the use of Artificial Intelligence in a way that supports an organisation's strategic goals and objectives.
  • Understand the role that artificial intelligence can play in cultivating stronger corporate governance.
  • Describe how the COBIT 2019 Framework supports the governance of emerging technologies including machine learning and artificial intelligence.

122—IT Governance in the Internet of Things (IoT) Age Advanced Managerial

Monday, 19 August | 12:45 – 13:45

Leon Lukas
Change and Release Specialist
Airports Company South Africa (ACSA)

What does the emerging Internet of Things technologies mean for IT governance? How can we apply COBIT 2019 to the IoT to enable and ensure better IT Governance. What skills and leadership qualities are required for implementing IT governance for IoT?

After completing this session, you will be able to:

  • Understand IoT technology as an emerging technology that needs to managed from an IT governance and risk point of view.
  • Be aware of the risks and security challenges of IoT technology and be able to articulate these risks and challenges at an executive level.
  • Apply COBIT 2019 governance domains and management objectives to IoT technology implementation in an organization setting.
  • Apply data analytics and use the artificial intelligence of things to enable a competitive advantage for his or her organization.

132—Your Third Parties Know Who You Are, BUT…Do You Know Who They Are? Intermediate

Monday, 19 August | 14:00 – 15:00

  Download Presentation

SheLeadsTechSandhya Mohan-Pillai
Director
Mobius Consulting

Third parties support core functions on an increasing basis, especially to promote efficient and effective business operations within organisations. In this talk, Sandhya Mohan-Pillai will provide the following: - Key issues/challenges faced by organisations as a result of an increased reliance on third parties. A view of Global incidents and breaches related to Third Parties. - How to identify third parties and determine your exposure them based on Strategic risk as your sensitive information they may have access to. -Practical guidance on how organisations can holistically approach Third Party risk management including streamlining and automation of key processes. This approach is based on leading industry codes of practice as well as our knowledge in managing the information risks that third parties pose to organisations. - Link Third party risk management to Information Security and privacy and how this is a fundamental component in these disciplines

After completing this session, you will be able to:

  • Understand of the Third party landscape and the various challenges and issues facing organisations when trying to govern and manage Third parties
  • Provided with the importance of Third Party management and why it is so relevant now
  • Know practical guidance on how organisations can holistically approach Third Party risk management
  • Understanding of how Third Party Risk management can integrated with you broader Risk, Compliance, Information Security and Privacy initiatives

142—Challenges to Effective Data Management – Solutions from a Governance Perspective Advanced Managerial

Monday, 19 August | 15:30 – 16:30

  Download Presentation

SheLeadsTechThembekile Mayayise, CISA
Chief Advisor
Eskom

Data is an important asset in many organizations. There are many threats which face organizations regarding the management and protection of classified data. Taking into account the various types of data in an organization, it is paramount that adequate protection measures are put in place to protect data in motion/ in use, at rest and at creation.

Poor data management practices could result in data loss, theft or data deletion which could have financial and reputational consequences. The management of data to ensure maximum protection can be cumbersome when data is not classified. Data classification is a fundamental step in ensuring protection of data in every organization. This presentation will unpack various approaches to data classification and effective strategies to data management in an organization. The presentation ultimately aims to unpack the following regarding data management i.e. What data needs to be managed and protected?, Why? Who needs it to be protected? and How should data be managed in a corporate environment?

In a nutshell, the aim of this presentation is to:

  • Share the latest trends in data management
  • Unpack what data management entails in a corporate environment
  • Discuss the numerous challenges to implementing effective data management practices (this will be demonstrated through a case study)
  • Share common mistakes which organizations make when implementing data management strategies.

After completing this session, you will be able to:

  • Understand the difference between data and information and to understand key stakeholders in data governance and their roles and responsibilities.
  • Understand various challenges and risks which impact the effectiveness of data management in various organizations and how to address them.
  • Identify the current trends and practices in data management and understand the governance approaches which can be adopted for proper data governance.
  • Implement effective data management practices and necessary controls to ensure a well governed data.

212—Governance, Risk and Compliance (GRC) Digital Transformation Advanced Managerial

Tuesday, 20 August | 9:00 – 10:00

  Download Presentation

Mahmoud Abouelhassan
Senior Manager
E-Finance

In these days we are focusing on topics related to enterprise risk and compliance, I’ve noticed the strong intention for companies and governments to step toward digital transformation on governance, risk, controls, and compliance (GRC). The process of digitalizing the GRC will focus on a series of doubts, misunderstandings, judgments, or obstacles—and all can be defined as myths. I will identify a list of these myths. If we held some of these, we’ll get rid of them. Make a move and support a powerful enterprise risk and compliance strategy. There are many solutions claim that it can manage GRC. We all know the purpose of GRC: To meet business objectives, safeguard the company, and provide business continuity.

We’ll focus on some areas:

  • Continuous controls monitoring
  • Loss and fraud prevention
  • Enterprise risk and audit management
  • Cybersecurity

Can we have a GRC solution without technology? In the digital era, with the intelligent enterprise era now in front of us, we can’t survive without technology. I can’t imagine a risk, control, and compliance team mitigating enterprise risk without automated tools to help safeguard the company. All companies now from different sizes around the world automating core functions like finance, human resources, procurement, supply management, and others. Companies will not suffer from incidents and its relevant damages if they operated rhythm as the business processes.

After completing this session, you will be able to:

  • Realize the critical need for GRC Digital Transformation.
  • Understand the Digital Transformation Journey and its business benefits.
  • Know the roadmap to GRC Digital Transformation.
  • Plan for GRC Digital Transformation

222—Satellite Systems for Navigating Governance of Enterprise IT Intermediate

Tuesday, 20 August | 10:30 – 11:30

  Download Presentation

SheLeadsTechEunice Peter
Office of the Auditor General - Kenya

In IT Governance requires more than one satellite systems to assist in navigation. At the same time, we need to create a formal enterprise and IT governance structure without losing focus on creating value for our stakeholders. For us to achieve this, we need to ensure proper balance of performance and conformance and leverage industry available best practices.

Before we begin navigating, we need knowledge and tools. Knowledge of a start point, expected end point, planned route, time to be taken and the capabilities. Likewise, we need tools of a clear map, compass and GPS.

Satellite systems need to be pinpointed and prioritized. Firstly, cascading goals which are the most important enabler goals to be achieved. The expected result of goals cascading is to understand what areas of the business have the most valuable impact to creating value.
Secondly, pain points which are challenge areas which cause pain. The expected result of analyzing pain points is to respond to issues that are clearly causing concern but have not been acted upon.

Thirdly, risk scenarios, looking at business goals affected and the most appropriate responses. The expected result of analyzing risk scenarios is to support informed decision making based on likelihood and impact.

Fourthly, all regulatory and legal compliance requirements. The expected result of analyzing compliance requirements is to ensure proper responses are in place. In conclusion, the ultimate goal is to create stakeholders value.

After completing this session, you will be able to:

  • Understand Governance Risk Compliance (GRC).
  • Understand multiple satellite systems in navigating Governance of Enterprise IT.
  • Navigate Governance Risk Compliance (GRC) efforts in a holistic manner.
  • Leverage multiple satellite systems and techniques in balancing performance and conformance when determining GRC priorities.

232—The Cathedral and The Bazaar - Does Governance Still Play a Role in an Agile World? Intermediate

Tuesday, 20 August | 12:45 – 13:45

Christian F. Nissen, CISM, CGEIT
Senior Consultant
CFN Consult

Most organisations leverage more than one delivery model in their provision of digital products and services. The delivery models span from the traditional predictive plan-driven approaches, over adaptive agile approaches to integration of existing services from multiple sources.

But how does this diversity affect the way we govern and control the provision of digital products and services?

In this presentation, the speaker will briefly introduce his views on agility and governance as concepts and then turn to giving practical examples of the challenges we face in governance of agile delivery models as well as providing solutions for using more traditional means of governance of agile and continuous delivery of digital services. Then he will share some ideas for agile approaches to governance itself.

However, the biggest challenge many organisations face is not how to govern different delivery models, but how to govern the mesh of delivery models that in reality cannot be kept separate, but in many projects and product development initiatives are tangled together. The last part of this presentation will therefore give practical examples and ideas on how to govern the balance between performance and conformance (compliance and stability) in environments that draws on all three approaches at the same time.

After completing this session, you will be able to:

  • Distinguish between different delivery models and their respective needs for governance and control
  • Use different means to govern and control agile delivery.
  • Adopt an agile approach to governance.
  • Govern a mesh of diverse delivery models.

242—The Development of a COBIT 5 / COBIT 2019 Web-based Software Toolkit Advanced Technical

Tuesday, 20 August | 14:15 – 15:15

  Download Presentation

Neels Kruger
Professor
North-West University/University of Pretoria

 

 

Ryno Van der Walt
Mezure Software

This will be a practical demonstration of a Web-based Software toolkit developed in support of COBIT 5 and COBIT 2019 assessment and implementation.

It will be practically demonstrated how web-based software can enable IT Auditors and/or IT Consultants to prioritize and cascade Business and IT Goals to IT Objectives and how IT Component's maturity can be determined. Furthermore, It will be demonstrated how COBIT 19 Component Maturity Assessments link to Enterprise Architecture, and "other" frameworks such as ITIL and TOGAF. The session will end with demonstrating how COBIT 19 based software can be used as a starting point in building a road map to COBIT 5 or COBIT 19 implementation.

After completing this session, you will be able to:

  • Understand the methodology behind the development of a Web-based Software Toolkit in support of COBIT 5 / 2019 Assessments and Implementation (as applicable to Private and Public entities).
  • Understand how software tools can be used to prioritize and cascade Business Needs to Business Objectives (or Governance requirement), to ICT Objectives (i.e., ICT Processes and Components/Enablers as per the COBIT 5 or COBIT 2019 Frameworks).
  • Understand how web-based software tools can be used to assess the capability or maturity level of ICT Objectives (processes) and Components (enablers) as per the COBIT 5 or COBIT 2019 Frameworks.
  • Understand how web-based software tools can be used to priorities which IT Components/Enablers (inclusive of Processes, Structures, Principles, Information, Culture, People, Services, infrastructure and applications, etc., (need intervention).


Return to Event Page >>
 

Track 3—Risk and Compliance

113—Innovative Risk Identification Approach Advanced Managerial

Monday, 19 August | 10:45 – 11:45

  Download Presentation

SheLeadsTechNeetu Choudhary, CGEIT
Project Lead-CMMI
DP World, Jabel Ali Freezone

5 step innovative approach to identify risk. Approach is innovated by me based on my experience in risk and quality management. Step 1 is Customer requirements – Customer requirements, operational capabilities and operational constraints are the primary source of requirement related risks. Decision matrix used for analysing the requirement related risks. All requirements on column, capabilities and constraints on top row.

2. Project Objective and scope

3. CTQ - Critical to quality identified from customer requirements. Determine what is most important to your customer. Develop an understanding of what is critical to quality (CTQ) from the voice of the customer (VOC). These parameters will be how the customer measures the project’s performance after completion.

4. CFS (Critical Success Factors) To fulfil the customer’s expectations, these factors must meet requirements. If CSFs are absent or do not meet the customer’s standards, it may cause a project failure; thus, risk identification is crucial in this step.

5. Imperfections - Assumptions, constraints and dependencies are the key factors every operation have and which lead to risk identification.
Assumption: This may be a risk that’s represented as a what-if question such as, “What if this assumption does not come true?”
Dependencies and constraints: When factors are dependent on one another, they cause risk. If there is a dependency of factor X on factor Y, some of the risk associated with Y is inherited by.

After completing this session, you will be able to:

  • Innovative and simple 5 steps approach for the risk identification, which is applicable for all domain and industry.
  • Describe detailed fish-bone for the 5 step risk identification approach with detailed example of each step.
  • Risk management complete cycle right form the risk identification to feeding back to risk learning.
  • Understanding of various parameters to qualify risk impact and how these parameter can be used for the risk identification.

123—Agile, DevOps and Compliance Advanced Managerial

Monday, 19 August | 12:45 – 13:45

  Download Presentation

Top-Rated SpeakerGuy Herbert
Head of IT Risk and Compliance
Atlassian

The session will lead participants through the agile development process and how this works with DevOps. They will be shown the interactions with compliance during that process and how they can use technology and process to improve their organisations development speed as well as hitting their compliance objectives. Specific audit controls and tests will be discussed so that participants will have concrete examples that they can take away and use in their organisations.

After completing this session, you will be able to:

  • Understand DevOps and Agile risks and controls.
  • Understand the DevOps and Agile process flow.
  • Design controls for DevOps and Agile developments.
  • Design audit plans for DevOps/Agile environments.

133—Additional Information Coming Soon!

Monday, 19 August | 14:00 – 15:00

 


143—Risk Maturity Models: Assessing ERM Effectiveness Intermediate

Monday, 19 August | 15:30 – 16:30

  Download Presentation

Daniel Udochi, CISA, CISM
General Manager Risk & Compliance Management
MTN

The proposed session will commence with a brief introduction to frameworks and standards for implementing enterprise-wide risk management; and would highlight the need for assessment of the ERM implementation in order to demonstrate it effectiveness to key stakeholders. Having established this need, the session will proceed to introduce the maturity model concept - providing detailed guidance on the underlying principles, construction and application to risk management. Leading Risk Maturity Models will also be discussed.

Following from the discussion, practical guidance will be provided on how to create and implement a best-fit risk maturity model unique to the organization. This guidance would be demonstrated using as case study the best-fit model developed for a telecoms operator.

The session would wrap up with some caveats for, and benefits of implementing a risk maturity model. Finally, questions from participants would be solicited and addressed as appropriate.

After completing this session, you will be able to:

  • Gain appreciation of various standards, frameworks, and guides for implementing enterprise-wide risk management programmes.
  • Understand the need for assessing the effectiveness of an organization's risk management programme.
  • Understand the concept of Risk Maturity Models, the principles behind its construction and use. Gain appreciate of leading RM models.
  • Understand how to create and implement "best-fit" Risk Maturity Models for your organization.

213—Blockchain and Other Emerging Payment Systems Risk, Disruption and Opportunities Advanced Managerial

Tuesday, 20 August | 9:00 – 10:00

  Download Presentation

Kaya Kazmirci
GM
Kazmirci Associates

Two fundamental changes in traditional payment methods are changing the landscape of spending: Emerging blockchain based currencies and alternative payment channels are disrupting time honored cash and credit card based transaction service providers. Enabling cheap transactions where traditional banking services are expensive is critical for supporting business growth (especially in the developing world where banking services are not always cheap or available). At the same time, ensuring appropriate privacy, security as well as the disclosure level that customers are demanding mandates innovation in a very conservative industry. The session's goal is to both describe emerging payment methods as well as their strengths and weaknesses related to traditional payment means. These new currencies enable new payment channels and require a new set of controls to ensure that they are both secure and convenient to use.

After completing this session, you will be able to:

  • Understand the operational details of several emerging technologies including Quantum computing, AI/ML, IoT and Image Processing that could significantly disrupt present operational norms as well as introduce improved ways of working.
  • Describe the ways that these Emerging Technologies might interact with each other and how these interactions impact us e.g. IoT and Image Processing will enable enterprises to visually monitor us 24/7 and thus enable a 1984esque police state.
  • Review vulnerable industries including financial services, health care and telecommunications as well as opportunities to avoid disruption prone technologies like present encryption method enabled blockchain applications.
  • Assess governance initiatives that could impact emerging payment technology risk (both disrupting and enhancing).

223—Outsourcing: Risks, Challenges and Controls Banking Sector Intermediate

Tuesday, 20 August | 10:30 – 11:30

  Download Presentation

Osman Azab, CISA, CISM, CGEIT, CRISC
Deputy General Manager, Audit
Arab African International Bank

Outsourcing, is a business strategy that is being considered more frequently by financial institutions as they respond to an increasingly competitive marketplace. While not new, many of the banking activities currently being outsourced. Given the scale and popularity of these types of arrangements, outsourcing raises potential supervisory concerns.

After completing this session, you will be able to:

  • Why do banks outsource
  • Outsourcing Risks
  • Managing the Risks of Outsourcing
  • Understand legal consideration within outsourcing contracts.

 

SheLeadsTechCandice Jackson
Managing Consultant
Mobius Consulting

In the presentation, the speakers will discuss the changing privacy landscape; and how it practically affects organisations at a local and multi-national level. They will provide an outline of the success factors to establish, implement and maintain a Privacy compliance programme. They will refer to case studies, practical learnings and successes to leave you with valuable insight for driving a successful Privacy programme.

This talk will also offer insight into common pitfalls around privacy implementation and practical approaches to avoid costly mistakes and oversight.

After completing this session, you will be able to:

  • Understand common privacy implementation pitfalls and remedial actions - especially for long term strategies.
  • Gain a practical view of the leverage points that other functions in your organisation can offer for success.
  • Understand the crucial links between effective Privacy management and the emerging world of information security as well as related practices.
  • Setting up your control monitoring strategy with the help of Internal Audit.

233—Leveraging on Data Analytics as an Organisational Core Competence Advanced Managerial

Rex Eholor, CISA
Senior Internal Auditor
Etinoch Global Concepts Nigeria, Ltd

Organisations should leverage on data analytical competences to gain superior advantage over it's peers. Hence, the ability to transform, organize, model data, identify patterns, draw conclusion and make decision faster than others, will set it apart. The next dimension of quality is speed. Therefore, organisations that are able to gain and master data analytical skills and knowledge as a core competence will have competitive advantage in a dynamic business environment. With the advent of big data as the new gold mine, the ability to transform, organize, model, identify patterns, draw conclusions and make decisions in an efficient and effective manner will distinguish the company of the future. Apart from Large and medium organisations in Africa, the continent as an emerging economic block is still grappling with the ability to efficiently and effectively harness and manage its pool of data. Given that Africa, has one of the largest markets next to China and India, it is high time we leverage on the potentials inherent in data analytics to deliver enhanced value to both businesses and citizens. However, one of the biggest challenges in Africa is data gathering. So, we must as a continent be deliberate in ensuring that we have the requisite framework in place as an enabler to achieving the desired benefits of data analytics.

After completing this session, you will be able to:

  • Have a clear understanding of what data analytics is all about
  • Know how to use data analytics
  • Know the benefits data analytics
  • Leverage on data analytics in their chosen fields

243—Mobile Payments Rising Risks Intermediate

Tuesday, 20 August | 14:15 – 15:15

  Download Presentation

Salah Eddine Mahrach
Risk Manager & Compliance Director
Moroccan Agency for Sustainable Energy

 

 

SheLeadsTechAsmae El Morabit
Regional Head for ICT and Cyber Risks
International Banking Group

As relatively new financial service, mobile payment (m-payment) is gradually growing in popularity and significantly changing consumers’ experience. Though, as any new technology, m-Payment comes with its fair amount of risks. Financial services, Fintech firms and payment institutions have to be increasingly warry of related ICT and Cyber risks, as vulnerabilities lurking in payment systems.

The purpose of the session is to understand the mobile payment ecosystem, discuss ICT and cyber risks and control m-payment operations and related supporting systems, and walk through the most relevant control objectives when auditing mobile payment.

After completing this session, you will be able to:

  • Discover the mobile payment and how it is positioned in the payment industry and advantages it brings to the payment ecosystem. Related key figures will be presented.
  • Understand Mobile Payment systems functioning, its key components and involved parties.
  • Enumerate known IT and Security risks related to Mobile Payment activity Systems with a focus on fraud risks, and understand common prevention and detection associated controls.
  • Walk through the most relevant controls objective for auditing mobile payment systems.


Return to Event Page >>
 

Track 4—Security/Cybersecurity

114—The Art of Active Cyber Defense Intermediate

Monday, 19 August | 10:45 – 11:45

  Download Presentation

Top-Rated SpeakerAli Pabrai
CEO
ecfirst

The FBI reports that over two million IoT devices may have been compromised by malware. Attack speeds exceeding 1 Tbps! Who can forget the massive cyber-attack of October 21, 2016? IoT + DDoS = Botnet army. Our past is a mirror to the future. The journey of the past had Mirai associated with it. Kaizen implies continuous improvement. The future is about a kaizen cyber defense program. And this is where organizations must implement a credible cybersecurity framework. Businesses must establish the foundation for an active cyber defense. Mirai to kaizen! The threats are “mirai”, and the cybersecurity framework, the foundation of your cyber defense, is the “kaizen!”

We can learn so much from the human defense mechanisms, including our immune system. From cradle to grave, the human body is vulnerable, and this is no different from PII that flows through your organization. This PII is under attack, constantly. The PII, such as ePHI, or European Union Personal data, or cardholder data, volume will only increase, and so will attack surfaces. The challenge to defend assets of value that extend across mobile platforms, IoT devices, and a diverse cloud eco-system is not insignificant.

The threat is asymmetric. The enterprise cyber defense must be symmetric and systematic. Businesses must implement a disciplined approach to address the multitude of compliance mandates continually. Cyber defense must be established firmly on a credible cybersecurity framework.

After completing this session, you will be able to:

  • Examine core elements of your digital business cyber immune system.
  • Assess enterprise readiness for attacks such as IoT + DDoS, botnets, ransomware and more.
  • Review options for and how to implement a credible cybersecurity framework
  • Step thru how a single cyber standard addresses GDPR, NIST CsF, 23 NYCRR 500, and more.

124—Cyber Warfare & the New Threats to Security Intermediate

Monday, 19 August | 12:45 – 13:45

  Download Presentation

Claudio Cilli, CISA, CISM, CGEIT, CRISC
Professor
University of Rome

Cyber-warfare is the last frontier of human insanity. Rules of cyber-war and how dangerous an information warfare can be, and why it can be used against a nation or a big company. How to protect critical infrastructure from information flooding.

After completing this session, you will be able to:

  • Know critical infrastructures: what they are and why they need to be protected.
  • Comprehend cyber-warfare definition and techniques.
  • Understand the rules of cyber-warfare.
  • Protect their companies against cyber-attacks.

134—Auditing with SOC-CMM: Cybersecurity Detection and Incident Response Advanced Managerial

Monday, 19 August | 14:00 – 15:00

  Download Presentation

Vilius Benetis, CISA, CRISC
Cybersecurity Professional, CEO
NRD Cyber Security

SOC-CMM is maturity and capability model for evaluation of Security Operation Centers. Speaker will share field experiences how to apply the model for auditing and developing SOC or CSIRT organisations.

After completing this session, you will be able to:

  • Understand SOC-CMM model to choose it when needed.
  • Apply the SOC-CMM model for their audits or consultancies.
  • Understand SOC-CMM model limitations.
  • Assist SOC/CSIRT organisations to measure themselves and become more effective.

144—Developing a Cybersecurity Strategy to Contain Cyber Threats Advanced Managerial

Monday, 19 August | 15:30 – 16:30

  Download Presentation

Glory Idehen, MBT, SCF, CGEIT, CISM, CISA
Assistant Director- Capacity Development
Central Bank of Nigeria

Most times security initiatives or projects are commenced to address particular threats or response to particular attack. This ad-hoc approach results in the organization having array of disjointed systems costing the organization huge financial and human resources that could have been put to better use.

This presentation would walk the audience through the steps to developing an Enterprise Cybersecurity Strategy. It starts with identifying the key drivers for change necessitating the need to have Cybersecurity strategy by the Chief Information Security Officer (CISO). The CISO or delegate would follow the steps below:

  1. Gather business stakeholders to solicit support for the initiative
  2. Identity the key assets of the organization and classify them according to their level of importance or criticality.
  3. Perform a thorough analysis to determine current and future threat or risk faced by the assets.
  4. Determine control gaps
  5. Propose cybersecurity initiatives to close the cybersecurity gaps identified above
  6. Seek and get Management approval of the strategy and funding for the initiatives

After completing this session, you will be able to:

  • Better understand the concept of an Enterprise Architecture approach to the Governance, Management and Implementation of Information Security for their organizations.
  • Perform an Enterprise Risk Management assessment for their organizations.
  • Know the concept of defense in-depth approach to building a Cybersecurity.
  • Get better knowledge of the Information Security Frameworks.

214—Digital Forensics Applications & Practices, Part 1 Advanced Managerial

Tuesday, 20 August | 9:00 – 10:00

Arinze Umeche
MD/CEO
Arichris Tech Limited

Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.

The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil courts.

Criminal cases involve the alleged breaking of laws that are defined by legislation and that are enforced by the police and prosecuted by the state, such as murder, theft and assault against the person.

Civil cases on the other hand deal with protecting the rights and property of individuals (often associated with family disputes) but may also be concerned with contractual disputes between commercial entities where a form of digital forensics referred to as electronic discovery (e-discovery) may be involved.

After completing this session, you will be able to:

  • Learn the application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tool.
  • Learn how tools like Wireshark collect all data on layers and allows the user to filter for different events. Like website pages, email attachments, and other network traffic can be reconstructed only if they are transmitted or received encrypted.
  • How web server logs can be used to show when (or if) a suspect accessed information related to criminal activity.

224—Digital Forensics Applications & Practices, Part 2 Advanced Managerial

Tuesday, 20 August | 10:30 – 11:30

Arinze Umeche
MD/CEO
Arichris Tech Limited

Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.

The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil courts.

Criminal cases involve the alleged breaking of laws that are defined by legislation and that are enforced by the police and prosecuted by the state, such as murder, theft and assault against the person.

Civil cases on the other hand deal with protecting the rights and property of individuals (often associated with family disputes) but may also be concerned with contractual disputes between commercial entities where a form of digital forensics referred to as electronic discovery (e-discovery) may be involved.

After completing this session, you will be able to:

  • Learn the application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tool.
  • Learn how tools like Wireshark collect all data on layers and allows the user to filter for different events. Like website pages, email attachments, and other network traffic can be reconstructed only if they are transmitted or received encrypted.
  • How web server logs can be used to show when (or if) a suspect accessed information related to criminal activity.

234—When Worlds Collide Intermediate

Tuesday, 20 August | 12:45 – 13:45

Top-Rated SpeakerPaul Phillips, CISA, CISM, MBA
Technical Research Manager
ISACA

While the ERM program is talking to senior leadership and the Board about Macroeconomic, Strategic, and Operational risks, the typical CISO goes to them with concerns about phishing scams, credential theft, or some Panda hacking group exploiting a Meltdown vulnerability in the AWS cloud environment. How urgent is it? Critical. How does that compare with all the business’ other risks? We can’t compare them directly. How does the business make trade-off decisions? No response.

That’s the problem in a nutshell. The information security profession struggles to quantify cyber risks and put them side by side with other enterprise risks because we’re starting with a fundamentally flawed model that starts with an asset level understanding of criticality and vulnerability without a true understanding of the business dynamics.

How does a typical security analyst assess risk? They start by asking: 1) what are we protecting, 2) who wants it, 3) how will they attack, and 4) where are we vulnerable. In order to truly integrate cyber threats into an ERM program, the risk equation needs to be flipped by starting with business outcomes, and then identifying the scenarios that might be relevant.

After completing this session, you will be able to:

  • Answer how does a typical security analyst assess risk.
  • Integrate cyber threats into an ERM program, the risk equation and business outcomes.
  • Translate cyber threats and vulnerabilities into business terms to communicate more effectively with senior leadership and the board of directors.
  • Analyze a Compliance or Service Availability risk that has a cyber threat trigger and sizing of that risk in quantifiable business terms.

244—Cyberlaw and Governance in an Age of Cyberattacks and Cybercrime Advanced Managerial

Tuesday, 20 August | 14:15 – 15:15

  Download Presentation

SheLeadsTechTrishana Ramluckan
Post Doctoral Research Fellow International Cyber Law
University of KwaZulu-Natal

 

 

Brett van Niekerk, CISM
Senior Information Security Analyst
University of KwaZulu-Natal

By its boundless nature, the Internet creates legal challenges regarding issues such as jurisdiction and state sovereignty. Normally every sovereign nation would create its own legislation, which is applied within its governing jurisdiction. However, since Cyber-space has no physical borders, therefore no jurisdictional regulation, it becomes difficult to govern, nationally and internationally. Further to this, the recent surge in privacy legislation e.g. GDPR, has created another challenge concerning the right to monitor online activity and to gather user information. Although most legislation regarding cyber-space falls within the ambit of privacy or criminal law, this still presents challenges for organisations who are victims of international or state-backed cyberattacks. These challenges require effective legal regulation to address cybersecurity, its technical and social complexities, including legislative frameworks together with collaboration with the global communities, the private sector, professional educational and capacity building. The presentation will discuss the legal challenges related to cybersecurity, provide an overview of international legal frameworks and guidelines, and the implications for organisations, as cybersecurity is becoming a major concern as new technology models, combined with a greater dependency on technology are driving changes in companies approach to security in a new way.

After completing this session, you will be able to:

  • Have knowledge of local, regional and international legal frameworks and guidelines related to cybersecurity.
  • Understand the implications of international cyberattacks on legal and governance frameworks.
  • Understand the legal and governance challenges facing organisations in a world of international cyberattacks.
  • Develop an understanding of how international privacy legislation may impact cybersecurity within the organisation.


Return to Event Page >>
 

Track 5—Career and Communications Management

115—Implementing a Cybersecurity Skills Competencies Framework Advanced Managerial

Monday, 19 August | 10:45 – 11:45

  Download Presentation

Top-Rated SpeakerAllan Boardman, CISA, CISM, CGEIT, CRISC
Independent Business Advisor
CyberAdvisor.London

Organisations are faced with very real challenges in attracting and retaining talent with the appropriate skills and competencies. It is therefore very important that they have a clear understanding of their skills competencies, technical and non technical, across their teams and are able to identify any gaps so that these can be addressed. This session will provide a clear insight, based on a recent practical experience, into the tools that can be used to implement a skills competencies framework and the processes to perform self assessments for individuals and departmental level assessments. Industry wide guides and frameworks that will be referenced include those from COBIT, SFIA, NICE, BCS, CESG and ISSP.

After completing this session, you will be able to:

  • Gain a clear understanding of a practical approach to implementing a skills competencies framework across information assurance roles, including audit, security and risk management.
  • Understand how the various industry guides and frameworks can be leveraged to develop and customise a skills competencies framework.
  • Learn about practical tools that can be used by management to assess skill levels within their own teams and identify potential gaps.
  • Learn about a practical tools that can be used by individuals to self assess their own competency levels across a range of relevant skills, and identify areas they may wish to focus on in support of their career development.

125—Women's Role in Cybersecurity Innovation Advanced Technical

Monday, 19 August | 12:45 – 13:45

  Download Presentation

SheLeadsTechBrencil Kaimba, CISA
Cybersecurity Consultant
Serianu Limited

 

 

SheLeadsTechBarbara Munyendo, CISA
Information Security Consultant
Serianu Limited

Jobs in Cybersecurity are exploding, but why aren’t women in the picture? Research shows that Women make up only 20% of the cybersecurity workforce globally according to Research firm Frost and Sullivan. In Africa, this figure is much lower. With the increase in complexity of security challenges, the Ecosystem now requires a diverse workforce and teams that include people with diverse cultures, experiences, ideas and approaches that will drive greater creativity, deliberation and insights. Now more than ever, we need more women within the Cybersecurity space. To be more precise, we need more technical women to sit at the Cybersecurity table.

A review of the statistics on women in Cybersecurity reveals that over the last 5 years, there has been a slow but steady increase of women in cybersecurity, and especially notable progress in Information Security; Governance Risk and Compliance. However, it would be imprudent not to acknowledge that the numbers specifically in the technical facets of cyber security are wanting. There is a notion pushed across that women should be / are better in the Governance, Risk and Compliance facets of cyber security. Unlike previous discussions, this proposed gender gap discussion is not really one of right versus wrong or men versus women but rather one that seeks to showcase that women can be technical and that they are critical in the fight against Cybercrime.

After completing this session, you will be able to:

  • Identify the numerous opportunities for growth within the Cybersecurity space.
  • Understand the different innovative projects that young women across Africa are pursuing.
  • Explore different ways of positioning yourself within the organisation.
  • Work -life balance and what this means to a woman's career.

135—A Structured Approach for the Effective Presentation Intermediate

Monday, 19 August | 14:00 – 15:00

SheLeadsTechNeetu Choudhary, CGEIT
Project Lead-CMMI
DP World, Jabel Ali Freezone

Paper presents the well-known Deming cycle PDCA- Plan-Do-Check-Act cycle real life application to demonstrate structured approach for the presentation. The approach determines the importance of presentation skills beside technical skill, and addresses by the approach to develop it in an organized way.

PLANNING phase of the presentation includes WWWHWW abbreviation- WHY, WHAT, WHOM, HOW, WHEN, WHERE. Identifying WHY presenting is the core and the most important question. WHOM to present, guides in defining detailing of the content and approach of the presentation. Presentation of WHAT to be presented depends largely on to WHOM it to be presented. HOW determines the tool and technique required for the presentation, WHERE has dependency on what needs to be communicated through the presentation. This gives holistic way for planning any presentation/facilitation.

After planning comes-DO. Execution of the presentation initiates with the bang, an attention catching action. If attention is captured in 3 seconds of the presentation, whole message can be delivered effectively. DO covers Start-Body/content and end details. BANG at the beginning is to catch attention of audience and END BANG is to leave audience with the long lasting message. Content or body of the message covers practical aspects, dos and don’ts.

CHECK phase addresses taking feedback – hard and soft ways, during and after the presentation.

ACT to complete the learning by acting on learning and action it.

After completing this session, you will be able to:

  • Understand a new approach to learn effective presentation skill.
  • Innovative approach to use PDCA cycle in enhancing presentation skills.
  • BANG concept to start and finish the presentation with long lasting message to audience.
  • International best practices for the effective presentation.

145—Auditors Adding Value, Technology Evolving Panel Intermediate

Monday, 19 August | 15:30 – 16:30

Implementing and utilizing cutting edge technology can be a game changer for an organization, but it does not come without risks. While technology can help organization automate time consuming manual tasks and increase accuracy of error prone processing it can also introduce risks that an organization may not be prepared to address. Auditors are tasked with reviewing and assessing the efficiencies and effectiveness of controls that have been put in place by management. These controls are safeguards established to respond to risks. Many of these safeguards are technology based. As such technology can serve as controls as well as increase risk. While the auditor assesses existing technology, he/she is also a consultant that can add value to small and enterprise-wide technology projects by advising management and project leaders on the potential threats and vulnerabilities that are inherent to specific technology and make recommendations on countermeasure to address them.

After completing this session, you will be able to:

  • Understand the inherent risks associated with implementing new and emerging technology.
  • Understand the process and procedure the enterprise should take when implementing a technology and the role the auditor should play.
  • Understand the how to interact and advise senior management and project leaders on the threats and vulnerabilities linked to certain technology and appropriate risk response that would be most effective.
  • Understand how the IT General Controls can improve the success of an IT project and mitigate the risks a security breach and system failure.

215—A Spectrum of Professions: The ISACA Global Community, Past, Present and Future  Panel Session

Tuesday, 20 August | 9:00 – 10:00

A Panel to Mark ISACA’s 50th Anniversary 2019

The Spectrum of Professions panel will examine the pioneer professions of the association--electronic data processing control, audit and assurance employees and management. What did these individuals do; what was their skill set; where did they work (in the organizational structure and in what industries/organizations); what was their training; who was the “boss”; was it a job or a profession; and how did their careers evolve; will be among the areas of discussion.

Similar themes will be pursued by panelists whose careers have traversed governance, risk, information security and cybersecurity. Additional areas will be probed, however, including but not limited to: the past and present in compensation; training and development; credentials and certification; successes and failures; and challenges and innovations—in the professions and of the professionals of ISACA’s global professional community. Importantly, panelists will be charged with predicting the future, perhaps a 10-year view, of their professions, their roles, and their responsibilities.

After completing this session, you will be able to:

  • Identify and explore the rationale and roots of ISACA’s professions
  • Discover how and why the professions have morphed over time
  • Learn of ISACA’s importance to the individuals as professionals, and in turn, the individual professions contribution and importance to their organizations and enterprise
  • Glimpse the future of the global professional business technology community and ISACA’s opportunities to best serve individuals and our technology-driven world.

225—Risk Management and Audit in a High Change Environment Intermediate

Tuesday, 20 August | 10:30 – 11:30

Top-Rated SpeakerGuy Herbert
Head of IT Risk and Compliance
Atlassian

The world is changing at a faster rate and we need to keep up. We are told that we need to get involved earlier but how does this work when there is so much change happening everywhere? Guy will talk about his experience transitioning from a more traditional regulated environment to a tech startup and then transitioning that startup to a regulated organisation. He will share his lessons from the journey as well as the work that the organisation has done to foster teamwork across all organisations - something that is crucial for auditors and risk professionals everywhere.

After completing this session, you will be able to:

  • Understand the role of agility in improving our ability to change and deal with change.
  • Understand the role of values in building a team culture.
  • Understand the benefits of open culture and open work in responding to a changing environment.
  • Understand the time to use efficiency or effectiveness in the change management process.
  • Know How to run a team health check to build a better outcome for your organisation.

235—Social Media: Manage the Security Intermediate

Tuesday, 20 August | 12:45 – 13:45

  Download Presentation

Claudio Cilli, CISA, CISM, CGEIT, CRISC
Professor
University of Rome

The risks from social media are real, for you and for your organization. Financially-motivated criminals are increasingly using social media sites to steal identities, spread malware and send spam. Social networks are getting better at protecting users against these threats – but there’s a long way to go. Company and personal reputation are crucial in a connected world. Don’t stop using social media … just make sure you use it safely!

After completing this session, you will be able to:

  • Understand how social media threats work (spam, phishing, malware).
  • Understand the "perfect storm": Facebook, Twitter and other social media. How they work and why they're dangerous.
  • Social media attack techniques: how thy work and why they are successful.
  • Understand tips and apply measures for staying secure.

245—Strategies for Dealing with an Increasingly Sophisticated Cyber Threat Landscape Intermediate

Tuesday, 20 August | 14:15 – 15:15

  Download Presentation

Top-Rated SpeakerAllan Boardman, CISA, CISM, CGEIT, CRISC
Independent Business Advisor
CyberAdvisor.London

Cyber criminals are continuing to reshape the threat landscape as they update their tactics and tools and escalate their attacks against businesses, governments, and even the infrastructure of the internet itself. Organizations must adopt approaches to cybersecurity that will require full engagement from senior executives to protect critical business information and systems without constraining innovation and growth. They need to look ahead at what new threats might be around the corner, prepare for evolving attacks, and ensure they’re equipped with layered security. This session covers strategies for ensuring that the business is fully engaged in cybersecurity and adopts a business-driven cybersecurity model for dealing with an increasingly sophisticated threat landscape.

After completing this session, you will be able to:

  • Understand the need for a business driven approach and ensuring that the main focus should be on the most critical and sensitive business digital assets (crown jewels).
  • Identify key capabilities in terms of systems (including tooling), people (including resource capabilities), and processes (including assessing maturity).
  • Appreciate the increasing sophistication of the threat landscape including the impact of technologies such as artificial intelligence and IoT.
  • Recognise the key elements to creating a cyber risk aware organization to cover people related threats.


Return to Event Page >>
 

Innovation Sessions

IN5–Futureproof Assurance – Staying Relevant Amongst Robots

Tuesday, 20 August 10:05 – 10:25

  Download Presentation

Barnabas Chirombo
Head of African Sales
Revival Holdings

The reality is that business will continue to explore means to make operations more efficient, effective and profitable by adopting technology. Technology is bringing previously inaccessible advances in human cognitive sciences and scalable computing power to the doorstep of business. With artificial intelligence and machine learning, amongst others, enabling the replacement of humans, and advancement into new arenas of application, machines perform better than humans when used to continuously monitor operating controls or to detect fraud.

  1. Do auditors understand the fundamental technology and its capabilities to appropriately guide and advise on the risks and opportunities?
  2. How do auditors leverage the available technology to deliver value to their stakeholders?

After completing this session, you will be able to:

  • Navigating the technology maze
  • Partnering with capable solution providers
  • Adopt and adapt IT – get the basics right


Return to Event Page >>
 

Workshops

WS1–COBIT 2019 Foundation Course

Wednesday, 21 August & Thursday, 22 August | 9:00 – 17:00

Registration Fee: ZAR 10,500 plus 15% VAT
COBIT Foundations Training with Exam Voucher: ZAR 9,100 plus 15% VAT
COBIT Foundations Training without Exam Voucher: ZAR 7,000 plus 15% VAT

Top-Rated SpeakerTichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor
Director | Board of Directors
ISACA

Is your organization suffering from a lack of enterprise governance over information and technology (EGIT)? Or, is your organization lacking a holistic governance approach to information and technology (I&T)? At this workshop, you will learn the fundamentals of COBIT 2019. It is ideal for those who are new to the discipline of I&T governance—either from a business perspective or from an IT perspective. COBIT 2019 builds on 20+ years of critical thinking and practical experience of I&T governance. This workshop will prepare you to take the COBIT 2019 Foundations Certificate examination.

After completing this workshop, you will be able to:

  • Explain the key attributes of the COBIT framework.
  • Describe the components of a governance system.
  • Describe the elements of governance and management objectives.
  • Differentiate COBIT performance management using maturity and capability perspectives.
  • Describe the COBIT design factors.
  • Explain the key points of making the case for a COBIT implementation project.

Attendees will receive the following resources to support the training:

  • COBIT 2019 Laminate
  • PDF - COBIT 2019 Framework: Introduction and Methodology – an introduction to the key concepts of COBIT 2019
  • PDF - COBIT 2019 Framework: Governance and Management Objectives - comprehensively describes the 40-core governance and management objectives, the processes contained therein, and other related components. This guide also references other standards and frameworks.
  • PDF of the training materials (instructor ppt)
  • Practice exam

WS2–Cybersecurity Audit Certificate Programme

Wednesday, 21 August & Thursday, 22 August | 9:00 – 17:00

Registration Fee: ZAR 10,500 plus 15% VAT

John Tannahill
Management Consultant
J. Tannahill & Associates

It’s not just the high cost to an organisation in the event of a breach, but the inevitability of an attack that makes cybersecurity critical. With the increasing number of cyberthreats, it is becoming critical for the audit plan in every organisation to include cybersecurity. As a result, auditors are increasingly being required to audit cybersecurity processes, policies and tools to provide assurance that their enterprise has appropriate controls in place. Vulnerabilities in cybersecurity can pose serious risks to the entire organisation—making the need for IT auditors well-versed in cybersecurity audit greater than ever. ISACA’s new Cybersecurity Audit Certificate Programme provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits. It provides security professionals with an understanding of the audit process, and IT risk professionals with an understanding of cyber-related risk and mitigating controls.

After completing this workshop, you will be able to:

  • Understand security frameworks to identify best practices
  • Identify cyber and legal regulatory requirements to aid in compliance assessments
  • Perform cybersecurity and third-party risk assessments management including ISAC (Information Sharing), common cyber-attacks, penetration testing, and red team/blue team/purple team exercises
  • Enhance your asset, configuration, change and patch management practices
  • Assess network security from security architecture to traffic analysis to segmentation to data loss prevention
  • Audit application security using SDLC controls and OWASP best practices
  • Distinguish between firewall and network security technologies
  • Identify weaknesses in cloud strategies and controls
  • Identify the benefits and risks of containerization

Registration for this workshop includes:

  • Cybersecurity Audit Certificate – Onsite Training Course
  • Cybersecurity Audit Certificate Study Guide (eBook)
  • Cybersecurity Audit Certificate Exam Voucher

*These items will be accessible to registered attendees one week in advance of the conference. Please contact https://support.isaca.org with any questions.


WS3–Cybersecurity Risk Management: A Practical Approach Intermediate

Wednesday, 21 August | 9:00 – 17:00

Registration Fee: ZAR 4,900 plus 15% VAT

Allan Boardman, CISA, CISM, CGEIT, CRISC
Independent Business Advisor
CyberAdvisor.London

Nature & Objectives

Enterprise risk management defines the framework and the processes used by organizations to identify, analyse, and address risks that can interrupt or disrupt the organization’s ability to carry out its core functions and meet its mission. Cybersecurity should be an integral part of an organization’s enterprise risk management program. This workshop will explore the key components needed for a successful cybersecurity risk management program.

Course Outline

With cyber threats looming larger than ever before, executive leadership need to be kept informed about the current level and business impact of cybersecurity risks to their organizations. By following a practical approach to managing cybersecurity risks, this workshop will include tools and techniques for developing, implementing and operating strategies to manage cyber risks.  The workshop will include learnings and practice in:

  • Identifying critical assets and associated impacts from cyber threats
  • Using scenarios to evaluate specific cyber risks
  • Understanding an organization’s risk exposure
  • Identifying and prioritizing specific protective measure

Who Should Attend

Cybersecurity, Risk Management, Audit and Compliance Professionals. Anyone involved in helping their organization manage cyber risks.


Return to Event Page >>
 

Keynotes

50th Anniversary Opening Platform

Monday, 19 August | 9:00 – 10:15

Featured at ISACA’s CACS conferences and other major events in 2019, ISACA marks its 50th Anniversary with a high-impact multimedia experience. Aligned to ISACA’s anniversary theme, “Honoring Our Past. Innovating Our Future, the live presentations include videos, interactive experiences and inspiring leadership remarks and reflections. ISACA recaps its history, putting the spotlight on founding member interviews, historical artifacts, as well as prompting discussions on progress, challenges and visions of the future.


From Disruptive to Daily Dependence: 50 Years and Future Tech  Panel Session

A Plenary Panel Discussion to Mark ISACA’s 50th Anniversary 2019

Monday, 19 August | 9:00 – 10:15

ISACA professionals in the last 50 years have had to quickly assess new technologies, implementing support, control, audit, governance, risk assessment, and so much more, for their organizations, business enterprise and operations. As we look to the future – assessing and implementing technologies that are disrupting industries, and the tech that has yet to come – we can also learn from the past.

This expert panel, featuring CISOs, CIOs, CEOs, and other leaders, will review the disruptive technologies that have changed how we live and work, and discuss “what’s next, now” – the current state of disruptive technologies and what we can look forward to with the ever-accelerating technology change machine.

Some disruptive technologies, by decade:

  • 1960s: mainframe, Internet, first learning robot, laser beam, man’s moon landing
  • 1970s: personal computer, laser printer, LCD panel, compact disc, 1G mobile network
  • 1980s: laptop computer, IBM PC, Internet protocol standard, cell phones, the Walkman
  • 1990s: World Wide Web, e-commerce, Hubble Telescope, DVD, USB flash drive, MP3 players
  • 2000s: WiFi, smart phones, Google, social media, GPS for civilian use
  • 2010s: tablets, 8-terabyte hard drive, 5-atom quantum computer, IoT

Closing Keynote Speaker

A Call to Reimagine

Stafford MasieStafford Masie
CEO of Google Africa (2006–09) and Non Executive Board Member at ADvTECH

Stafford Masie is a computer scientist who thrives in the world of disruption. He has been involved in the IT industry for more than 25 years. He has been closely involved in such pre-eminent ICT companies as Telkom, Dimension Data, Novell and Google. His passion for technology led to him being appointed to senior executive positions at Novell USA (based in Utah for 7 years) and thereafter at Novell South Africa.

Stafford’s keynote presentations are applicable to any audience because technology is a transversal matter irrespective of industry or theme. He morphs his content and approach depending on the audience and clients’ expectations. From deeply insightful and technical presentations to academics requiring intellectual pro

vocation, to an international telecommunications enterprise seeking to "wake up" their organisation to the present day realities of change and innovation and a large national HR firm wanting to inspire their staff with the possibilities that are our new today. Whatever the topic, theme or objective, Stafford’s ability to take his technology subject matter – and humanise it – wows every audience.

He was responsible for establishing Google’s presence in South Africa and orchestrating their initial broader Africa strategy. Stafford led the Google team in launching the African versions of: Google search, Adwords, Google Maps and Streetview as well as the local version of YouTube – in other words the Southern African Google business ecosystem and strategy.

After leaving Google in 2010, he founded several fintech businesses and has since established several technology startups which have expanded globally. Two of these were the ‘Payment Pebble®’ and ‘Payment Blade®’ which he invented and which were launched via ABSA in South Africa and ANZ Bank in Australia and New Zealand. They are presently being launched throughout the Asia Pacific region.

One of his recently-founded companies raised capital via an international venture capital firm and also the USA based Visa Inc (who also acquired an equity stake). This project is one of the largest technology startup capital-raises in the SA technology sector.

Stafford continues his entrepreneurial journey today as an inventor and mentor within early-stage technology start-ups – presently the three most notable of which are GATTACA – an artificial intelligence platform - SNAPTUTOR a platform for social education interaction and another which focuses on bitcoin crypto innovations.

He also guest lectures at several business schools (Wits,GIBS, Henley), participates in television and radio broadcasts and is an international guest keynote speaker on the influence of technology on modern life, society and education.

Stafford also engages in highly specialised and selective strategy consulting for larger organizations wrestling with aspects of digitalization. He serves as a non-executive director, of the board of ADvTECH (the largest private school education body in Africa) and, after being approached by the Minister of Science and Technology, accepted an invitation to join the board of the CSIR (Council for Scientific and Industrial Research).


Leadership Brief

Brick by Brick: Future-Proofing your Career

Brennan P. BaybeckBrennan P. Baybeck
ISACA Board Chair

As ISACA celebrates its 50th anniversary, we are honoring our past and innovating our future. ISACA Board Chair Brennan P. Baybeck will discuss how Industry 4.0 is about exponential change and will impact every industry, even ones you wouldn’t expect. The ISACA community of professionals must be at the forefront of new processes and technologies to provide more value to the enterprises we serve as well as future-proofing our careers.


Return to Event Page >>