Asia Pacific CACS Presentations and Descriptions 

 

Track 1—IS Audit & Assurance

111–Understanding Risk Based IT Auditing

Tichaona Zororo, CISA, CISM, CGEIT, CRISC
Director
EGIT I Enterprise Governance of IT (Pty), Ltd

IT Auditing is the auditing of business processes enabled by IT. Digital transformation is disrupting the traditional business models and creating new business models. The business models enabled by emerging and merging technologies shifting the risk

After completing this session, you will be able to:

  • Understand why a comprehensive understanding of the business is an imperative to performing risk based IT audits
  • Use tools such as COBIT 5 Goals cascade to plan risk based IT audits
  • Understand key business drivers and crown jewels to determine audit focus areas (Risk Based Approach)
  • Linking observed IT issues to business strategic and performance objectives
  • Communicating IT issues in business terms that matter to key decision makers - Board, Senior Executives and the Audit Committee

121–Please check back soon for updated content!

 


131–WannaCry? No Wanna Get Wiser

Sandeep Godbole, CISA, CISM, CGEIT
General Manager - Info Security
Syntel

Malware is tool of choice for hackers. Assurance functions have a responsibility in ensuring that processes and capabilities to meet the challenge are implemented. WannaCry provides a perfect backdrop for this discussion.

After completing this session, you will be able to:

  • Comprehend the role of assurance in addressing the cyber security issues including malware.
  • Understand the plot deployed by most malware to exploit the vulnerabilities.
  • Identify the components of good cyber defense assurance capabilities.
  • Define the role of assurance functions in ensuring that cyber defense capabilities are established.

141–Away from Failures of Continuous Auditing

Peter Fang, CISA, CISM
Audit Director
Hotung Group

Failures lead to success. Instead of KSFs, pitfalls found in management decisions will be discussed. How to align diverse data sources and system become new challenges for auditors. Lesson learned will be shared through 4 aspects to avoid failures.

After completing this session, you will be able to:

  • Know why data governance is important for continuous auditing and how to improve it.
  • Understand what the major factors are while choosing technology solutions for continuous auditing.
  • Clearly realize how to implement controls for continuous auditing or monitoring based on the nature of internal control.
  • Assess their risk for self-development or outsourcing based on a suggest framework.

151–Banking Fraud Detection with Data Analytics

Fandhy Siregar, CISA, CISM, CGEIT, CRISC
Head of Head Office Audit & Desk Analytics
Bank Muamalat Indonesia

Nowadays, all banking transactions are processed using complex set of applications which interfaced on another. Information analytic is necessary to ensure accuracy and must be able to track suspicious conditions as red flag of fraudulent acts.

After completing this session, you will be able to:

  • Know and understand standard of continuous auditing, the recent development of big data for auditing, information and data analytics that can ease auditor to create specific engine of continuous auditing with a simple tools and techniques.
  • Learn about how to use information analytic as a tool of detection. This is including fraudulent condition detection, sentiment analysis for performance indicator or a simple inaccuracy/inconsistency detection for accurate financial reporting.
  • See the demo of implementation and seek the opportunity to implement the same method and approach in their organization.
  • Discuss the relevant banking fraud cases and find any improvement in their organization

211–Audit and Green IT

Hussam Khattab, CISA, PMP

 

More organizations are adopting Green IT practices in their processes nowadays, and the questions that must knock our doors as internal auditors: How can we add value in this field? and are we really taking this upcoming opportunity seriously?

After completing this session, you will be able to:

  • Describe Green IT practices that organizations shall adopt and the accompanying risks
  • Describe why business executives shall consider internal audit role in Green IT
  • Describe the interactions between Green IT and other processes in organizations
  • Describe the role of internal auditors in Green IT and the upcoming opportunities

221–The Changing Focus of IT Audits

Tichaona Zororo, CISA, CISM, CGEIT, CRISC
Director
EGIT I Enterprise Governance of IT (Pty), Ltd

The impact of emerging technology (ET) is pervading almost every aspect of business forcing enterprises that want to lead in today’s business environment to adopt and adapt to new business models enabled by IT. Cloud Computing, Social Media, IoT, Devops, AI, Big Data (Strategy), Mobility, Employee Owned Devices (EOD) and Digital Vandalism are changing the way business is contacted.

After completing this session, you will be able to:

  • Understand Cloud Computing, BYOD, Big Data, Mobility, Social Media and Cybersecurity
  • Understand changing business models and risk landscape (positive and negative)
  • Understand the competitive advantages for appropriate adoption of emerging technology can built for an enterprise
  • Understand limitations of emerging technology brought about with increased legal and regulatory requirements.
  • Describe the basics of auditing Cloud Computing, BYOD, Big Data and Social Media
  • Refocus IT audit to add-value to enterprise objectives and operations

231–Please check back soon for updated content!

 


241–NIST Cybersecurity Audit/Assurance Program

Ashutosh Kapse, CISA, CISM, CGEIT, CRISC
Head of Information Security, Technology Risk & Audit
IOOF Holdings Ltd.

NIST cyber security framework is being extensively used by organisations today. ISACA has developed an audit/assurance program based on NIST framework. This session will provide overview of the program & its effective use within your organisation.

After completing this session, you will be able to:

  • Understand the NIST cyber security framework, especially the updates in version 1.1 and how it differs from the original NIST framework
  • Understand ISACA's response and creation of the IS audit/assurance program for Cybersecurity based on the NIST framework
  • Understand the materials available for download from the ISACA website. Details of the structure of the Audit program worksheet as well as the Word document and understand how these are to be used
  • Understand how to use the Audit program worksheet including discussion on how this could be customised and made "fit for purpose" such that it can be used in participants organisation

251–Auditing Against NIST Cybersecurity Standard

Vishal Govil
Head-Planning, Controls, User Mgmt-Enterprise Services
Bank Muscat

 

 

Srikanth Kota
Manager – IT Audit, Internal Audit
Bank Muscat

 

Key Challenges for auditing against NIST Standard- Practical Application view point

After completing this session, you will be able to:

  • What are key challenges for audit execution against NIST standard - Auditor Point of view
  • What are key challenges for audit execution against NIST standard - Auditee Point of view
  • How to Plan for audit
  • How to Plan for Responses


Return to Event Page >>
 

Track 2—GRC

112–WannaCry! Makes you WannaCOBIT!

Vittal Raj, CISA, CISM, CGEIT, CRISC
Partner
Kumar & Raj

WannaCry could be dismissed as just another ransomware but undoubtedly the most widespread history had seen! Not that every organisation that got hit and the ones that could have been hit did not have security controls.

After completing this session, you will be able to:

  • Can WannaCry genre of attacks be prevented? What went wrong, how and why?
  • Lessons learnt for sustainable security governance
  • Building a resilient Cybersecurity governance framework with COBIT 5

122–Measurement Metrics for IT Governance

Sunil Bakshi, CISA, CISM, CGEIT, CRISC
Consultant
NIBM

Governance is Evaluate, direct and monitor to ensure that organization realizes benefits from investments for stakeholders by optimizing risk and resources. Performance measurement is most essential for monitoring governance objectives.

After completing this session, you will be able to:

  • Learn why performance measurement is essential and how it helps in monitoring achieving objectives of the organization.
  • Learn how to define metrics for measuring service levels that help in achieving objectives. How these cascade into process level metrics and then technical metrics.
  • Learn how to select key performance measurement metrics from different metrics developed earlier.
  • Learn how to present the metrics and trends from the results of metrics that will help in monitoring governance objectives.

132–Centralized Management of Risk and Compliance

Suresh Kumar Krishnan, CISA, CRISC
Consultant

Organizations are searching for ways of reducing the ever-increasing cost of risk management and compliance. A working model of centrally monitoring the risk profile of an organization on a real-time basis and ensure compliance will be discussed.

After completing this session, you will be able to:

  • Appreciate the increasing compliance requirements and the need to integrate the compliance activities into the business processes
  • Address the need for centralizing the compliance activities thereby eliminating duplicacy of efforts and optimizing the efficiency of compliance operations
  • Convince the senior management of the efficiency the centralized management of compliance brings to the corporate reducing the efforts, cost and fatigue of compliance audits
  • Initiate a program of centralizing the compliance activities in both the IT and business domains

142–Initiating GEIT, Oman Ministry of Manpower

Rohit Banerjee, CGEIT, CRISC
Principal Consultant and Lead Trainer
MAGE IT Training and Consulting Private Limited

A knowledge & experience-sharing session about initiating GEIT at Oman Ministry of Manpower, using COBIT 5, highlighting mandates for IT Governance in Ministry, role of IT PMO, steps for initiating GEIT, roadblocks & challenges, and lessons learnt.

After completing this session, you will be able to:

  • Identify the mandates driving the necessity for IT Governance in a public sector or government organization.
  • Understand and appreciate the main success factors and challenges of an IT Governance initiative.
  • Define a strategic path and tactical path to initiate GEIT programme using COBIT 5.
  • Apply the lessons learned from the presented case study, to the participant's organisation.

152–Holistic IT Governance

Yakup Çukuryurt
IT GRC Consultant
Halkbank

 

 

Zeynep Polat
IT Risk Management Team Leader
Halkbank Head Office

The Keystone for a Successful Digital Transformation
Designing IT Process Model based on and compliant with Best Practices
Automated Solutions for IT Governance, Risk, Audit and Compliance
Achieving IT Strategies based on Related Projects

After completing this session, you will be able to:

  • What are the main levels for a successful Digital Transformation on GRC.
  • How to design IT Process Model in accordance with Best Practices (COBIT, ITIL, ISO Standards etc.) and the benefits of this method.
  • What are the automated solutions for IT Governance, Risk, Audit and Compliance.
  • What is the way to achieve and measure IT strategies based on the IT Projects.

212–Roles of Audit and Risk Managers in ERM

Israel Sadu, CISA, CRISC
Regional Resident Auditor
OIOS, UNHCR

The IIA in its paper, “The Role of Internal Auditing in Enterprise-wide Risk Management” suggested ways for internal auditors could work in implementing ERM. The author proposes to highlight several other complementary roles in achieving this.

After completing this session, you will be able to:

  • Appreciate the co-operative roles and relationship between the risk managers and internal audit in the ERM process.
  • Identity the ways through which the collaboration between the risks managers and the internal auditors could be achieved.
  • Apply these concepts in their respective organisations to obtain maximum value out of the ERM process implemented
  • Ensure maximum value for implementation of the ERM in the respective organizations of the participants.

222–COSO in the 21st Century

Rami Sukkar, CISA, CRISC
Business Compliance / Risk Manager
Averda

This session is intended for professionals who want to learn about COSO Framework, and the recent changes introduced. It also discusses how COSO can be adapted for emerging technologies and cyber security challenges.

After completing this session, you will be able to:

  • Define operations and reporting Objectives using the new COSO Enterprise Risk Management Framework
  • Identify and Implement controls that address emerging technology risks
  • Conduct risk assessments for emerging technology risks
  • Communicate Internally and Externally using quality information

232–IT GRC Maturity - Balanced Score Card Way

Aadesh Gawde
Principal Consultant
ProVise Consulting

IT GRC maturity contributes to an organisation’s growth through internal outcomes (compliance, cost efficiency, business enablement) or external outcomes (brand & image protection, customer confidence). IT GRC Maturity can be measured using a BSC.

After completing this session, you will be able to:

  • Understand planning, measuring and improving IT GRC initiatives an organisation using Balanced Score Card Method
  • Understand how to baseline the current maturity of an organisation’s GRC program and establish a target state for future realisations.
  • Understand that a relatively less matured IT GRC program or in its early stage produces internal outcomes and as the IT GRC program matures; the outcomes evolve to be externally oriented, measurable and enterprise wide.
  • Relate Balanced Score Card and IT GRC maturity implementation approach

242–Data Governance Using COBIT 5

Narasimhan Elangovan, CA, CISA
Partner
KEN & Co., Bengaluru, India

With information being the currency in this the digital era, every organization collects & stores mammoth volumes of data which are increasingly exposed to large privacy & security risks. COBIT 5, provides a perfect solution for the ever-changing world of data governance
and protection.

After completing this session, you will be able to:

  • Understand the need for Safeguarding data
  • Data Governance Framework using COBIT 5
  • Using data analytics for Data

252–Mapping of COBIT 5 with PMI Standards

Sunil Bakshi, CISA, CISM, CGEIT, CRISC
Consultant
NIBM

ISACA's IT Governance framework COBIT 5 can be mapped with almost all global standards and ISACA has published mapping with most of them, however tit has yet to publish the mapping with PMI Standards. The session shall provide the mapping.

After completing this session, you will be able to:

  • Learn how COBIT 5 helps organizations in managing portfolio, Program and project management by understanding different processes from process reference model.
  • Learn how COBIT 5 can be mapped with existing practices that are based on PMI standards for portfolio, program and project management.
  • Learn how COBIT 5 processes gets mapped with PMI standards of portfolio, program and project management.
  • Learn the exact provisions of PMI standards including management practices and activities that gets mapped with COBIT 5.


Return to Event Page >>
 

Track 3—Security/Cybersecurity

113–Defining an Information Security Incident Response Procedure

Ravi Jayasundera, CISA, CGEIT
CEO
SysProve Consulting, ISACA Bahrain Chapter

Presentation provides step by step guide on how to compile a practical Security Incident response procedure. The approach is aligned with ISO 27035 and aligned with other frameworks such as NIST.

After completing this session, you will be able to:

  • Understand the step by step activities necessary to compile a security incident response procedure
  • Create a suitable security incident response template to suite your organisation
  • Basis to utilise the security incident response procedure to bring together all parties associated with security incidents (enable reading from the same book and pages!)
  • Conduct periodic incident scenario testing with the incident handling team to ensure that they understand threats and responsibilities.

123–Cyber Warfare & the New Threats to Security

Claudio Cilli, CISA, CISM, CGEIT, CRISC
University of Rome

Cyber-warfare is the last frontier of human insanity. Rules of cyber-war and how dangerous an information warfare can be, and why it can be used against a nation or a big company. How to protect critical infrastructure from information flooding.

After completing this session, you will be able to:

  • Know critical infrastructures: what they are and why they need to be protected
  • Comprehend cyber-warfare definition and techniques
  • Understand the rules of cyber-warfare
  • Protect their companies against cyber-attacks

133–Data Protection in High Risk Markets

Mohammed J. Khan, CISA, CRISC, CIPM
Global Audit Manager
Baxter

The risk of data loss has increased significantly and internal as well as external threat requires attention due to intellectual property and confidential data loss. How you manage this risk, and assess action through audits is critical.

After completing this session, you will be able to:

  • Plan for an audit in order to assess data protection risk within an organization
  • Utilize a questionnaire to understand key data risks within the organization
  • Utilize advanced tools to assess data exfiltration within the organization
  • Key principles to keep in mind as you roll forward the data protection awareness and training program within the organization

143–Cloud Security: Oil and Gas

Harshul Joshi
Senior VP of Cyber Advisory Services
Dark Matter

 

 

Please check back soon for updated content!

 


153–Please check back soon for updated content!

 


213–Harmonizing Cloud Security in Multi-Cloud Environments

Madhav Chablani
Consulting CIO
TippingEdge Consulting

Multi-vendor cloud environment will emerge soon ,there is anxiety due to risks & curiosity on measures. Orchestration and automation platforms-Properly implemented, can improve effectiveness & efficiency, need of Harmonizing Cloud Security Standards

After completing this session, you will be able to:

  • Put into Context - What’s driving the push towards the Multi vendor cloud environment? Risks, Issues, challenges. And are most IT organizations considering them fully before taking this best-of-breed approach? How will this approach be managed?
  • What Principles & Behavior needed to support a cloud-first enterprise

223–SSH Keys—Lowest Cost, Highest Risk Tool

Mike Dodson
Sr. Director of Global Sales Engineering
Venafi

All enterprises rely on SSH to authenticate privileged users and establish trusted access to critical systems. But, the SSH keys are often left unprotected and inadequately audited. Hear common mistakes on security, policy, and auditing practices.

After completing this session, you will be able to:

  • Learn how SSH keys provide the ideal mechanism for cyber criminals to gain unauthorized privileged access and pivot through a network environment, and how to control it.
  • See why PAM solutions don’t protect against all SSH key risks.
  • Learn the common pitfalls in SSH key management made by nearly every organization.
  • Develop a plan to audit for best practices in SSH key management.

233–Monstrous Threat for IoT - Ransomware

Sana Khan
Director
Sana Geek Studio Pvt. Ltd.

Attackers & Cyber Security Experts are the two sides of the same coin. Both knew about the computing technology world but one use their skill to make a world safe & secure & other one i.e. attacker used their skill just for fun, revenge & earn money.

After completing this session, you will be able to:

  • How IoT Emerge, Needs, Use & its future.
  • Learn about the security issues of IOT & how to overcome .
  • Learn about the bitcoin mechanics.
  • Where are we & what mistakes should be avoided when use IoT.

243–Cyber Resilience for the Changing World

Leonard Ong, CISA, CISM, CGEIT, CRISC
Associate Director
Merck & Co, Inc

With rapidly changing threat landscape, organisations are subjected to ever-increasing pressure to be resilient towards existing, new and unknown threats. This presentation discusses the proposed perspectives & approach to achieve cyber resilience.

After completing this session, you will be able to:

  • Understand the current concept of organisation resilience and how to see them holistically.
  • Hear about new and trending cyber threats that may render existing resiliency capability to be ineffective
  • Hear recommendation to prepare against the new and trending cyber threats to increase their organizational cyber resiliency.
  • Hear key takeaways to implement suggestions offered in their organization.

253–Culture & Leadership - Key to Cybersecurity

Ashutosh Kapse, CISA, CISM, CGEIT, CRISC
Head of Information Security, Technology Risk & Audit
IOOF Holdings Ltd.

Why culture and leadership are key drivers for success of any cyber security program and keeping your organisation safe from cyber attackers.

After completing this session, you will be able to:

  • Learn how culture & leadership impact cyberprotection and discuss what could have prevented all these incidents
  • Understand what is Cyber aware culture and why it is an important part of cyberprotection
  • What are the key leadership principles of cyber leadership?
  • Create a programme to enhance your own leadership style


Return to Event Page >>
 

Track 4—Compliance/Privacy

114–IoT-Privacy Maturity Framework & Solutions

Vinayak Sastri
IBM India

The talk aims to present the challenges of privacy in the Internet of Things world and potential solutions to tackle the same. This would be presented through a comprehensive maturity framework to understand privacy in the IoT landscape.

After completing this session, you will be able to:

  • Understand the areas and industries that IoT will impact the world and specific industries
  • Understand the privacy challenges that would be pervasive across industries and enable participants to categorise them basis the IoT / privacy matrix
  • Identify potential solutions to tackle privacy challenges using the matrix and look at ways to implement the same basis the maturity matrix. The participants will be able to decide the approach they would like to use for their units or organisations
  • Assess the financial implications for tackling privacy challenges, risks to revenue and profitability and identify potential cost drivers

124–Encryption: Lower Risk, Increase Compliance

Ali Pabrai
CEO
Ecfirst

Encryption protocols, encryption key strengths, encryption choices across mobile devices, e-media, e-mail and more may all seem confusing and overwhelming. Understand how to simplify the use of encryption in your organization and do so consistently.

After completing this session, you will be able to:

  • Examine encryption mandates defined in HIPAA Security, HITECH Act, PCI DSS, State regulations and more.
  • Review specific areas that encryption can have a significant impact in lowering enterprise risk, while improving compliance posture.
  • Step through core elements of an encryption policy to address both at rest and in motion requirements.
  • Understand how to simplify the use of encryption in your organization, and do so consistently.

134–Complying with Bank Regulation Requirements Using MENA

Ramzi Sunna
CTO
ScanWave Comprehensive Technical Solutions FZ

ScanWave C.T.S. will present a session on using COBIT 5 for compliance with new regulations in the Jordanian banking industry. They will share the process and pain of implementing governance structures to achieve compliance with the new regulation.

After completing this session, you will be able to:

  • Understand how the regulation has been interpreted and what actions banks have taken
  • Understand how the COBIT 5 PAM is used to measure process capability in the banking sector
  • Understand how a governance structure not only permits compliance but also facilitates continuous improvement

144–Data Transfer Between EU and ROW after GDPR

Jakub Bryl, CISA, CISM
GlaxoSmithKline

The General Data Protection Regulation (GDPR) will come into force in the whole European Union in just under a year's time - on 25 May 2018. If you exchange personal data with your EU-based partners, are you ready for the changes?

After completing this session, you will be able to:

  • Understand what new is being introduced in EU vs ROW data transfer requirements.
  • Recognise what your EU based partners will require from you.
  • Know what has to be done in order to meet these requirements.
  • Prepare an action plan to be executed before 25 May 2018.

154–Please check back soon for updated content!

 


214–Privacy By Design

R.V. Raghu, CISA, CRISC
Director
Versatilist Consulting India Pvt, Ltd

Enterprises are increasingly under pressure to protect the privacy of customer data. A common sense approach applying design thinking to privacy can go a long way in ensuring that enterprises can sustainably meet privacy requirements.

After completing this session, you will be able to:

  • Identify Privacy requirements based on a privacy impact assessment
  • Apply design thinking to ensuring privacy requirements are met
  • Establish a privacy management program based on design principles.
  • Use a life cycle approach to continuously meet privacy requirements

224–Art of Performing Risk Assessments

Ali Pabrai
CEO
Ecfirst

The risk assessment exercise must be comprehensive and thorough. The results from a risk assessment exercise establishes the foundation for a credible cyber security program.

After completing this session, you will be able to:

  • Step through compliance mandates & standards for risk assessment.
  • Examine core components for a comprehensive and thorough risk assessment exercise while walking thru a sample risk assessment report to understand key sections such as a Corrective Action Plan (CAP).
  • Understand how to integrate a technical vulnerability assessment & penetration test within the scope of a risk assessment.
  • Walk thru a sample risk assessment report to understand key sections such as a Corrective Action Plan (CAP)

234–Adopting GDPR Using COBIT 5 pt 1

Mark Thomas, CGEIT, CRISC
President
Escoute

May, 2018 is fast approaching, yet many multi-national companies are still behind in preparing for their General Data Protection Regulation (GDPR) compliance. Adopted by the European Parliament and the European Council in April, 2016, this regulation requires organizations to meet very stringent requirements regarding data protection over the personal data of EU citizens. This session will provide practical guidance and advice on using the COBIT framework to help you ensure a more efficient transition.

After completing this session, you will be able to:

  • Understand the key elements of the GDPR
  • Recognize the value of leveraging existing frameworks for the governance and management of enterprise IT
  • Understand the connection between the COBIT5 framework and a successful GDPR compliance program
  • Gain solid tips on how to avoid common pitfalls

244–Adopting GDPR Using COBIT 5 pt 2

Mark Thomas, CGEIT, CRISC
President
Escoute

May, 2018 is fast approaching, yet many multi-national companies are still behind in preparing for their General Data Protection Regulation (GDPR) compliance. Adopted by the European Parliament and the European Council in April, 2016, this regulation requires organizations to meet very stringent requirements regarding data protection over the personal data of EU citizens. This session will provide practical guidance and advice on using the COBIT framework to help you ensure a more efficient transition.

After completing this session, you will be able to:

  • Understand the key elements of the GDPR
  • Recognize the value of leveraging existing frameworks for the governance and management of enterprise IT
  • Understand the connection between the COBIT 5 framework and a successful GDPR compliance program
  • Gain solid tips on how to avoid common pitfalls

254–Complying with UAE Regulations Using an Integrated Framework

Sreechith Radhakrishnan
Trainer & Principal Consultant
Global success Systems FZ, LLC.

Government and Semi-Government organizations operating within Dubai must meet regulatory compliance requirements mandated by Federal Government and Dubai government. Few compliance requirements include Cyber security (NESA), Natural Emergency Crisis (NCEMA), Information Security Regulation (ISR), Dubai Data law. This presentation explains how an integrated framework based on COBIT and COSO helps organizations to achieve these compliance requirements.

After completing this session, you will be able to:

  • Identify the regulatory and compliance requirements within UAE
  • Understand How the integrated COBIT and COSO model and its mapping to the compliance requirements
  • Take the recommended approach towards the compliance journey & common pitfalls to avoid while initiating the journey


Return to Event Page >>
 

Workshops

WS1–COBIT 5 for Risk

Mark Thomas, CGEIT, CRISC
President
Escoute

Effectively managing IT risk helps drive better business performance by linking information and technology risk to the achievement of strategic enterprise objectives. This one day, instructor-led workshop will address COBIT 5 for Risk which defines IT risk as ‘’business risk, specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.’’ Attendees will learn how to adopt COBIT 5 for Risk to ensure a broader coverage of business risk to the benefit their enterprise’s risk profile.

After completing this workshop, you will be able to:

  • Assist stakeholders with a better understanding of the current state and risk impact throughout the enterprise
  • Provide guidance on how to manage the risk to levels, including an extensive set of measures
  • Assist the setup of the appropriate risk culture for the enterprise
  • Provide guidance on risk assessments that enable stakeholders to consider the cost of mitigation and the required resources against the loss exposure
  • Offer opportunities to integrate IT risk management with enterprise risk
  • Develop improved communication and understanding amongst all internal and external stakeholders


 

Keynotes

2017 Opening Keynote Address

The Future of Cyber Security in the Fifth Wave of Technology Innovation

Eddie SchwartzEddie Schwartz
Executive Vice President, Dark Matter

We are well into the fifth wave of technology innovation. Just as the PC, the Internet, smartphones, and social media all fundamentally changed every aspect of our day-to-day personal and professional lives, the fifth wave introduces a range of exciting advances, any of which represent absolute game changers. Blockchain, machine learning and artificial intelligence, the Internet of Things and a Smart World – all will impact our lives and the livelihood of our family in less than a decade. And yet, in our profession, we continue to struggle with securing the first through fourth waves, with the same broken controls, the same failed audits and unpatched systems, the same feeling that the bad guys always are a step ahead. This presentation examines the upcoming tsunami of technology innovation, key unaddressed cyber risks, and how our profession must begin thinking about the future of cyber security and information resilience in the fifth wave.

Eddie Schwartz is EVP of Cyber Services for Dark Matter and has worked in the cyber security field for more than 25 years. Schwartz has led large enterprise and start-up security companies across a broad range of product and service categories. Previously, he helped pioneer advertising fraud detection at security start-up White Ops as President and COO. He also worked as Global Leader for Cyber Security Solutions at Verizon, Chief Security Officer for RSA, Co-Founder and CSO of NetWitness (acquired by EMC) where he led the groundbreaking creation of technology to detect advanced persistent threats, EVP/CTO of ManTech, GM of Global Integrity (acquired by INS), SVP of Operations of Guardent (acquired by VeriSign) where he pioneered managed security services, VP/CISO of Nationwide Insurance, and was a member of the U.S. Foreign Service. Schwartz serves on the board of advisors for start-ups Observable Networks (recently acquired by Cisco) and My Digital Shield, and is the Chairman for ISACA’s Global Cybersecurity Taskforce. He has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the GMU School of Management.


Opening Mini Keynote Address

Christos DimitriadisChristos Dimitriadis
Past Chair for ISACA Board of Directors

 

 

 


2017 Closing Keynote Address

Passionate Leadership

Moustafa HamwiMoustafa Hamwi
Award Winning Author & Speaker, Passionpreneur and Chief Energy Officer

This talk is based on the works of work of Dr. Marshall Goldsmith in the area of leadership and Moustafa’s research on passion. The passionate leader will be required to give people a sense of being connected and aligned to a bigger mission to have the mindset that it is a privilege to have an impact on people’s lives, and do work that will move the needle in the world.

Moustafa Hamwi is an award-winning author and speaker, and the world’s leading expert on the topic of passionate leadership—how it can be and needs to be achieved in the business world. He is known as “The Passionpreneur,” due to his success in empowering leaders to work and live passionately. His book, Masters of Success, is an Amazon bestseller and winner of the Quilly® Award 2016 by The National Academy of Best-Selling Authors®.

Hamwi has been selected by Dr. Marshall Goldsmith, the world’s “#1 Executive Coach,” as one of top 100 coaches globally. Hamwi has been featured on the blog of Thinkers50, which is the world's most prestigious ranking of the top 50 management thinkers in the world.


Closing Mini Keynote Address

Matt LoebMatt Loeb
ISACA Chief Executive Officer

 

 

 

 

Spotlight Education Sessions

SS1–The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defense

Mike Darcy
Commerical Director
Darktrace

From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis.

Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.

Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense, is relied upon by organizations around the world, and can cover up to millions of devices.

After completing this session, you will be able to:

  • How new machine learning and mathematics are automating advanced cyber defense
  • Why 100% network visibility allows you to detect threats as they happen, or before they happen
  • How smart prioritization and visualization of threats allows for better resource allocation and lower risk
  • Real-world examples of unknown threats detected by ‘immune system’ technology

 

Events

Discover Arabian Desert: Sahara ExperienceThursday Night Social Event

Thursday, 30 November | 18:30 – 21:30

Busses to depart the hotel at 18:30. Returning busses will begin departing the event at 21:30.

A unique desert venue located in Dubai Heritage Vision, just a short drive from the JW Marriott Marquis Hotel and set in 37 million square feet of undulating sand dunes surrounded by indigenous regional flora and fauna in a typical desert oasis landscape. It encompasses a Traditional souk, a Bedouin style seating, 5-star dining experience with spectacular live Arabian Entertainments and much more. We will offer guests an experience of true Arabian hospitality, heritage and culture, in calm environment set in natural Reserve. The event is complimentary with your registration, be sure to check off the box for this event when you register. Guest tickets are available at $150.00 US each.

 



Return to Event Page >>