EuroCACS Presentations and Descriptions 

 


**Presentation Downloads are Restricted to Conference Attendees Only**


 

Beginner
Attendee has limited or no prior knowledge or experience or are new to the subject matter. Beginner sessions are geared toward attendees who are new to the field and seeking to learn basic concepts. Beginner’s sessions are intended to help attendees who seek to build foundational knowledge in an effort to gain a working knowledge of the topic.

Intermediate
Attendee has a working knowledge of the topic covered but is not yet an advanced practitioner. Intermediate sessions are geared toward delegates who have some competence in the subject under discussion resulting from prior training, education and/or work experience. Delegates who seek to build upon foundational knowledge, refine and better hone their skills, and advance their understanding of the topic may wish to consider intermediate-level sessions.

Advanced Technical
Attendee has a high level of technical understanding of the topic under discussion. Advanced technical sessions are geared toward delegates that have already achieved a high degree of technical competence in the subject of discussion resulting from extensive training in the area and supplemental work experience. Delegates, who wish to build upon intermediate knowledge, achieve mastery in a specific technical area, or build upon existing technical skills may wish to consider advanced technical sessions.

Advanced Managerial
Attendee has a high level of understanding of managerial concepts. Advanced managerial sessions are geared toward attendees that have already achieved a high degree of leadership competence in the subject of discussion resulting from extensive training in the area and several years of work experience. Attendees, who wish to build upon intermediate knowledge, achieve mastery in a specific managerial area, or build upon existing leadership skills may wish to consider advanced managerial sessions.

 

Track 1—Audit & Assurance

111–Risk Driven Control Approach for GDPR

  Download Presentation

Petri Koivisto, CISA

 

How to make sure that your products and services comply with GDPR? This presentation demonstrates the approach where all controls identified from the regulation are handled as risks and how they are embedded by design to the development process.

After completing this session, you will know how to:

  • Understand how risk controls work in practice in development process
  • Understand how risk probabilities can be mitigated with pre-defined conditions
  • See how mitigation actions are documented and validated
  • Learn how this approach raises awareness and maturity in security and privacy area

121–The Missing Links Between GDPR and ISO27001

  Download Presentation

Kornel Toth- Csikos, CISM
Managing Director / Lead Consultant
Consecure IT Bt.

Many organizations with ISO 27001 certification believe, that they are ready and don't need to prepare for GDPR. Unfortunately this is not the case as ISO 27001 have different focus points and therefore the missing links have to be filled.

After completing this session, you will know how to:

  • Understand ISO 27001 standard and GDPR. Describe their purpose, key impacts and control points to highlight focus areas, review similarities and differences among them
  • Understand GDPR's impact on current risk management processes, personal data identification techniques and what it might mean for their technology strategy
  • Respond to CxOs on how the business needs to change their mindset and attitude, to ensure that the company remains compliant with GDPR and the risk of non-compliance remains manageable
  • Create a structured approach with necessary steps in 3, 6 and 12 month time, how to redesign the current ISO 27001 processes to ensure that your company is well prepared when GDPR comes alive

131–SCADA and IoT

  Download Presentation

Robert Findlay
Global Head of IT Audit
Glanbia

With the lines between traditional IT and industrial control systems blurring, the addition of Internet of things technology means IT auditors need to focus on SCADA and related technologies in the light of greater connectivity.

After completing this session, you will know how to:

  • Plan ICS based audits
  • Understand difference between SCADA, HMI, PLCs
  • Review controls over ICS technologies
  • Understand issues with IoT and SCADA

141–Rational Assessment of Controls' Viability

  Download Presentation

Jacques Duret, CISA
Principal - Lifesciences
Antaes SA

As auditor, viability of modern companies should be at the heart of our professional concern. We would like to explain how Ashby and Conant's theorem of the good regulator can help us generating better controls leading to more viable Firms.

After completing this session, you will know how to:

  • Understand the basis of cybernetic as it relates to the maintenance of the dynamic equilibrium between a firm and its environment
  • Understand the concept supporting variety engineering like the theorem of the good regulator and the law of the prerequisite variety
  • Start using variety engineering principles to evaluate controls contribution to firm viability

211–Cyber Security For Auditors

Paul Phillips, CISA, CISM
Technical Research Manager
ISACA

More and More IT Audit is called upon to provide assurance that the enterprise cyber security program is effective. The purpose of this session will be to provide practical guidance to audit professionals on how to audit a cyber security program.

After completing this session, you will know how to:

  • Identify cyber security frameworks that can be useful
  • How to design and identify cyber security audit objectives, scope and procedures
  • How to assess the effectiveness and efficiency of the proper cyber security internal controls
  • How to identify cyber risks

221–Start Digitizing Your Audit Now!

  Download Presentation

Alexander Ruehle, CISA
CEO and Co-founder
Zapliance GmbH

Audit professionals must keep pace with the ongoing digitization of their environment and develop their own strategies for handling this. This session will discuss the DO's and DON'Ts in going digital.

After completing this session, you will know how to:

  • Define what digitization means in context of the audit environment
  • Understand the impact of digitization in the day to day business
  • Identify the pitfalls when digitizing the audit
  • Understand why starting sooner than later will provide added value to any company

231–Governance of "E-transformation"

  Download Presentation

Cem Ergül, CISA, CRISC
CAE (Chief Audit Executive)
Isnet A.S.

"E-transformation" consists of "e-invoice", "e-tickets", "e-archive", "e-waybill" etc. Most of the big companies started to use "e-transformation" components. Governance and assurance on "e-transformation" is the main perspective.

After completing this session, you will know how to:

  • List and understand the critical process that need to be present in order to support a cost effective, error free "e-transformation"
  • Detail major threats and vulnerabilities to quickly and efficiently applying "e-transformation" and understand the risk of uncontrolled "e-transformation" for big companies and government
  • Describe in detail, with examples, the minimum set of controls which need to be present in order to manage "e-transformation" risks. Application of COBIT 5 on "e-transformation"
  • Application of automated solutions by using COBIT 5, hence minimise subjectivity and cost in "e-transformation"

241–Auditing the Digital Enterprise

  Download Presentation

R.V. Raghu, CISA, CRISC
Director
Versatilist Consulting India Pvt Ltd

With the increasing adoption of AI, Robotics, Chat bots & other such new technologies, auditing approaches will need to change and audit considerations will change emphasis simply because the auditee is not flesh & blood, but runs business processes.

After completing this session, you will know how to:

  • Appreciate the nuances involved in auditing the digital enterprise
  • Understand the areas of emphasis from an audit/assurance perspective in this new digital age
  • Look at alternate approaches to auditing the digital enterprise
  • Tweak the audit lifecycle to suit the digital enterprise especially the setting up of audit trails, the chain of custody of evidence, reporting of findings and audit closure follow-up

251–Auditing ITSM

  Download Presentation

Philip Green, CISA, CISM, CRISC
Director
G3 Service Solutions Limited

This presentation discusses the importance of IT services, the various approaches used in their provision and how to build a programme for audit & assurance of IT Service Integration & Management.

After completing this session, you will know how to:

  • Understand the importance of IT services as a means of delivering value to organisations
  • Understand the importance of IT Service Integration & Management as a professional practice
  • Understand the various approaches, standards and frameworks used in the development, delivery, governance, and management of IT services
  • Construct and deliver and IT audit & assurance programme for IT Service Integration & Management

261–Organizational Readiness for Large Programs

  Download Presentation

Grzegorz Szalajko, CISA
Strategic and Project Management Advisor
 

Programs impact the organization’s power structures and processes, engage substantial part of talent and consume vast amounts of resources. This presentation will show a practical approach to diagnose if organization is ready for large initiatives.

After completing this session, you will know how to:

  • Describe the key elements of the organizational environment for successful programs (e.g. compliance, transformational etc.)
  • Identify aspects of complexity that have to be taken into consideration when preparing for large programs
  • Plan audit and assurance activities that would help in diagnosing and improving the environment for large programs
  • Identify key organizational risks that have to be taken into consideration when planning large programs

311–Demystifying Cybersecurity for Auditors!

  Download Presentation

Matthias Kraft, CISA, CISM, CGEIT, CRISC
Senior Manager Internal Audit
FIL Holdings (Luxembourg) S.A.

Demystifying cyber security: This session will help to demystify cyber security by exploring the major concepts, differences and real-world application of widely-used cyber security frameworks such as ISO and NIST within audit functions.

After completing this session, you will know how to:

  • Describe key areas of cyber security risks and understand how audit functions can respond using popular cyber security frameworks such as ISO and NIST
  • Understand the major concepts and benefits of widely-used cyber security frameworks
  • Explain how to cover major aspects of cyber security as part of an audit plan
  • Design a cyber security audit universe using best practices from international standards

321–Understanding & Using SOC Reports

  Download Presentation

Jose Casinha
Chief Information Security Officer
OutSystems

Understanding and Using SOC Reports and ISO 27001

 

After completing this session, you will know how to:

  • Understand main differences between SOC 2 and ISO 27001 standards
  • Understand the audit process of both standards
  • Leverage a joint implementation of both standards
  • Understand the SOC 2 report and ISO 27001 Audit Report


Return to Event Page

 

Track 2—Security/Cyber Security

112–Sun Tzu The Art of War for IT Security

  Download Presentation

Tom Madsen, CISM
IT Specialist
United Nations Development Programme

An overview of the areas of the Art of War which are relevant for the modern defender in computer security. The areas will be on threat intelligence and deception when defending a ICT infrastructure.

After completing this session, you will know how to:

  • See the relevance of classic defence strategies as practised over millennia
  • To put into operations the recommendations in the Art of War in areas like intelligence gathering
  • Strategize over the current architecture of their it systems, and recommend changes to the current setup
  • Prepare an incident response where the response includes steps to internalize the information gathered from the after-action report

122–Top 10-Cyber Risks

  Download Presentation

Raef Meeuwisse
Director Cybersecurity & Data Privacy Governance
Cyber Simplicity Ltd.

This session will explore the top ten cyber security risks facing organizations in today's changing environment. It will share recommendations and industry best practices in managing these types of risks.

After completing this session, you will know how to:

  • Understand the cyber security landscape
  • Identify risk exposures to the organization
  • Identify control deficiencies
  • Leverage industry best practices

132–The Future of Privacy

  Download Presentation

Trevor Hughes
CEO
International Association of Privacy Professionals

After completing this session, you will know how to:

  • Understand the human history of privacy
  • Understand the current legal context of the privacy debate
  • Build awareness for the differences between privacy and security

142–Building a Sustainable Security Program

  Download Presentation

Monika Josi
Head of Group Security Consulting
AXAS AG

Many organization view themselves as a 'fortress' in the cyber world. However, this is no longer the case. We need to transform security from a protection based to a detection and response based approach. This session will cover how.

After completing this session, you will know how to:

  • Build an information security transformation model based on the NIST model to transform their information security organization
  • Name and identify required capabilities within their own organization to perform the transformation
  • Identify relevant KPI's to measure the maturity of their transformation
  • Identify possible project candidates to complete the transformation

212–ISO27001:2013: Statement Of Applicability

  Download Presentation

Daniel Gnana, CISA
Sr. IT Audit Manager
ISO27K Audit Consulting

Build up a Statement of applicability (or SoA) that reflects the reality and the perspective of an Organization.

 

After completing this session, you will know how to:

  • Get useful tips to apprehend the concept of ISO27001:2013 measure
  • Set up priorities in the measures along with the risks
  • Be aware of no-through road that frequently lead to a permanent stop in SoA route.
  • Make the SoA a tool for giving the top management a quick view of their Information Security

222–Establish & Sustain Security Awareness Program

  Download Presentation

R.V. Raghu, CISA, CRISC
Director
Versatilist Consulting India Pvt Ltd

Security awareness is an ongoing requirement and the needs change frequently in a dynamic business environment making an ongoing program critical for effective security awareness and a secure business environment.

After completing this session, you will know how to:

  • Understand the importance of an effective security awareness program
  • Design and establish a security awareness program aligned with enterprise needs
  • Identify and plan the components that form part of the security awareness program
  • Understand how to evaluate effectiveness and ensure the security program is up to date

232–Threat Intelligence - Exploiting Hackers

  Download Presentation

Alex Holden
President & CISO
Hold Security, LLC

Hackers are winning by exploiting our systems and stealing our data. What better way to deter the bad guys than understanding their motivations and techniques? Learn to stop the hackers by using threat intelligence to outsmart them.

After completing this session, you will know how to:

  • Gain better understanding of hackers' motivation
  • Understand mitigation techniques to latest attacks
  • Build effective defenses against real threats
  • Learn how to outsmart hackers in their own game

242–Bridging the Cyber Skills Gap From Within

  Download Presentation

Steve Mair, CISM
Senior Cyber Security Consultant
PGI Cyber

We all know there’s a cyber security skills gap, and you already employ cyber specialists: you just don’t know it yet. In this session you’ll find out how to develop existing staff into cyber experts: they know your systems and can be taught cyber.

After completing this session, you will know how to:

  • Identify staff who can be cross skilled / trained up to support cyber security challenges within their business
  • Explore where to look for information in terms of job roles / skills required for cyber capable staff
  • Develop an appropriate cyber skills framework to provide consistent measurement of progress
  • Retain staff, who might look elsewhere, by giving them a defined career path with measurable milestones and goals

252–Multi-Cloud Security

  Download Presentation

Ashwin Krishnan
SVP
HyTrust Inc

There is no question that a multi-cloud environment is fast becoming the dominant IT model of the future, and securing data in this new world is overlooked and understated.

After completing this session, you will know how to:

  • Discern data security fact from fiction
  • Able to implement concrete recommendations
  • Understand multi-cloud data security challenges
  • Understand from specific examples the problems

262–How to Develop a Cybersecurity Playbook

  Download Presentation

Tony Clarke, CISA, CISM, CGEIT, CRISC
Head of Information Security & Cybersecurity
ICON, plc

Many in the security industry feel that security breaches are not a matter of 'if' but 'when'. This session will discuss developing a cyber security playbook which can be used when dealing with cyber security incidents and is based on real experience.

After completing this session, you will know how to:

  • Appreciate the business benefits of having a cyber security playbook and how it can be used to minimize business impact
  • To look at their own organisation and begin developing a cyber security playbook
  • Have an appreciation for items which should be considered when developing a cyber security playbook
  • See how a cyber security playbook can be continuously developed and improved to ensure it is effective

312–Building "Global CyberSecurity" Framework

  Download Presentation

David Inaneishvili, CISA, CISM, CRISC
Global Director of Information Security
FINCA International

Session addresses various aspects choosing Right Information Security Framework for a Global Organization

 

After completing this session, you will know how to:

  • Learn about security framework development experience within global organizations
  • Learn about multiculturalism considerations for building security
  • Learn about necessary steps to be taken for developing an effective security framework
  • Differentiate between global and local security components

322–Deep Dark Web

  Download Presentation

Prof. Claudio Cilli
University of Rome

The dark web is a mysterious world who attracts everyone. During this session attendees will have a full immersion in this deep sea to see what is under their eyes although not seen.

 

After completing this session, you will know how to:

  • Understand the complexities of Deep, hidden, invisible and dark nets concepts and definitions
  • Identify the TOR network operation what is inside the dark net
  • Prevent internet misuse in your company


Return to Event Page

 

Track 3—Security/Cyber Security

113–Cyber Resilient Application Development

  Download Presentation

Peter Maucher, CISA, CRISC
Senior Security Consultant
Hewlett-Packard GmbH

Holistic approach for application development creating cyber resilient software using agile or traditional methodologies including integration in ISMS and ITIL processes.

After completing this session, you will know how to:

  • Identify deficiencies in current application development processes and methodologies
  • Know how to integrate applications security aspects in ISMS and ITIL processes
  • Adjust security testing methodologies to risk classification economically
  • Understand all influencing factors for building cyber resilient applications

123–Assessing CSP Security

  Download Presentation

Sean McLeod, CISM, CGEIT, CRISC
Manager Governance Risk and Compliance
Long View Systems

This session identifies the challenges and best practices associated with assessing the security of a cloud service provider and effectively sealing the terms in a binding contract from the unique inside perspective of a Cloud Service Provider.

After completing this session, you will know how to:

  • Determine CSP engagement requirements and scope
  • Assess the security and privacy capabilities of the CSP
  • Understand the limitations of various security related certifications and attestation reports
  • Identify key security related contractual terms and conditions

133–The End of Cryptography as We Know It

  Download Presentation

Mike Brown
CTO
ISARA Corporation

Cryptography as we know it today ceases to be effective when the quantum age begins. With practical examples, we explore the new solutions that will replace and update your existing systems, when you’ll need them, and how to make the transition.

After completing this session, you will know how to:

  • Understand the expected timeline for Quantum Computers
  • State how Quantum Computers will impact their systems
  • Build a plan to become quantum safe within their corporate network
  • Evaluate existing solutions in market to meet their specific needs

143–Measuring Hush-hush: Metrics for Privacy

  Download Presentation

Jurgen van der Vlugt, CISA, CRISC
Independent Advisor and Auditor
Maverisk

Privacy issues are often presented as either-or decisions, both from a personal side (Hobson's Choice) and from a business side (resell as much as you can, or chicken out). Jurgen will show the metrics in between, based on research and praxis.

After completing this session, you will know how to:

  • Describe what science can bring in practical, applicable data protection metrics and requirements—both from a personal side, and from a fair re-use side
  • Distinguish between various levels of privacy, as requirements and as implemented
  • Better communicate about privacy levels achieved, to customers and regulators
  • Drive an effective program to achieve privacy requirements while minimalising impact on business objective achievement

213–Cybersecurity Exposed: The Cyber House Rules

  Download Presentation

Raef Meeuwisse
Director Cybersecurity & Data Privacy Governance
Cyber Simplicity Ltd.

A guided tour through a real world example of a CISA/CISM/CSX Fundamentals certified CISO auditing their cybersecurity environment. Essential viewing if you want to learn what symptoms indicate the potential for a megabreach and how to improve your cybersecurity audit program planning.

After completing this session, you will know how to:

  • How to audit the CISO and security function
  • How to identify significant gaps in an organizational cyber audit program approach
  • What can (and will) go wrong and how to avoid some of the pitfalls
  • How many major or critical security gaps are needed for a megabreach to occur

223–Wearable Botnets and Happy Hacked Drivers

  Download Presentation

Dr. Andrea Pompili
Security Advisory

Bill Gates prediction has been outdated: computers are spreading everywhere. But what about security? Talking about hacked ADSL modems, hijacked railways screens and car's control units, we'll review this new world, demystifying threats and actors.

After completing this session, you will know how to:

  • Understand the real meaning of IoT world, and what are the challenges on security that should be addressed due to the new networking and emedded devices characteristics
  • Understand how easy and effective could be this kind of attacks through two examples on real services
  • Understand that attackers are already active on this world reviewing a real reversed attack which targeted ADSL modems for DDoS campaigns (that have been repeated today on Mirai botnet)
  • The effect on the automotive world explaining the research performed by Miller/Valesek (with some results coming from personal experience), and the real risk related to this kind of attacks

233–IOT and AI: New Threats and Mitigations

  Download Presentation

Stephen Williamson, CISA, CRISC
Director, IT Risk Management
GlaxoSmithKline

Social, Mobile, Analytics and Cloud (SMAC) is a Technology Evolution which brings transformation benefits for consumers and business at the expense of increased risk. Security Practices need to evolve to ensure a risk and reward balance.

After completing this session, you will know how to:

  • Describe the threats that are introduced through the adoption of technologies such as Internet of Things (IoT) and Artificial Intelligence
  • Describe the factors that lead to an expanding Attack Surface, which is increasingly more difficult to defend
  • Describe why a combination of Security Controls and Quality Assurance controls, embedded in the Software Development Lifecycle is necessary for effective mitigation of risks
  • Describe how a Security Labelling system for Internet of Things (IoT) technologies will have a major positive impact on the security of smart devices

243–Cybersecurity Incident Response Practices

  Download Presentation

Manoj Patel
Risk & CyberSecurity Advisory EMEA
ServiceNow

We know SPEED is key while responding to a security incident. Why is that important? Learn in this session how to overcome response challenges in cyber security.

After completing this session, you will know how to:

  • Use a Single System for IT & Security
  • Define Your High Value Assets. Know Your Critical Business Services
  • Automate Your Security Runbook
  • Track & Optimize
  • Leverage Knowledge

253–Application Security Framework

  Download Presentation

Dan Vasile, CISM
Vimpelcom Ltd.

As software is becoming an integral part of the economy, Application Security is becoming critical to delivering trusted and reliable systems. The proposed framework is dealing with managing complexity, reducing costs and maximizing coverage.

After completing this session, you will know how to:

  • Understand the entire landscape involved in securing an application, from business idea to decommissioning
  • Know the actors, their perspectives, and responsibilities, define the processes and technologies and centralize this information for a holistic view
  • Determine the objectives of application security and achieve the optimum Return on Investment for the program
  • Configure the framework to fit particular environments of various sizes and structures

263–The Art of Cyber Risk Management

  Download Presentation

Asaf Weisberg, CISA, CISM, CGEIT, CRISC
CEO
IntroSight Ltd.

Cyber threats become a significant factor in the enterprise risk landscape. Therefore, a business oriented model, which meets the complexity of Cyber related attacks, is required. Participants of this session will be introduced to a unique risk management model that addresses today's challenges.

After completing this session, you will know how to:

  • Understand the relations between cyber security risks, business processes and IT controls
  • Map IT related controls to a business risk
  • Describe why calculating rather than estimating residual risks is crucial for linking business risks to IT related controls
  • Learn how to prioritize cyber security risk reduction activities, based on business priorities

313–Cybersecurity: Getting the Business Engaged

  Download Presentation

Paul Phillips, CISA, CISM
Technical Research Manager
ISACA

Full business engagement is essential to provide appropriate and sufficient protection to businesses most critical information assets. This will provide a practical approach to ensure that the business is fully engaged in cyber security efforts.

After completing this session, you will know how to:

  • Understand and appreciate some of the key challenges the businesses face in trying to manage cyber threats
  • Adopt a structured approach to helping the business identify cyber threats and risk scenarios applicable to their own businesses
  • Follow a risk based approach to managing cyber security from a business perspective
  • Be armed with more effective tools and best practices to engage with their businesses on cyber security.

323–5 Recipes for Cyber Security Program

Laurent Cordival, CISM
Cyber Security Senior Manager
Beijaflore

Within an increasing world of Cyber regulations (e.g. NIS Directive, GDPR), how organization could turn these constraints into opportunities? 5 recipes for building efficient Cyber Security Program will lead organizations to success.

After completing this session, you will know how to:

  • Understand main gaps between Program Management Culture and Cyber Security Practice which are the traditional reasons of failure or inefficiency of Cyber Security Projects
  • Identify key items for Cyber Security Program Roadmap based on risk approach and business decision matrix
  • Adapt Project Management knowledge areas (e.g. Scope, Stakeholders, Human Resources or budget Management) to Cyber Security Program
  • Present key success factors for Cyber Security Program


Return to Event Page

 

Track 4—GRC/COBIT

114–Changes are coming: GDPR, PCI, GLB

Brian Marshall
Vice President, Research & Development
Vanguard

Secure environments are compliant environments – learn how to focus on properly implementing your security configuration controls and end up making your compliance reporting for SOX, PCI-DSS, GLB, HIPAA, and internal audits easier and more efficient. In this session we will discuss some key compliance standards that will cause impact across the globe. Did you know that according to IBM, more than 80% of the corporate data in the world is processed on IBM mainframes!

After completing this session, you will be able to:

  • Understand compliance on the mainframe

 


124–The Enterprise Immune System: Self-learning Cyber Defence Through Machine-learning

Sam Alderman-Miller
Senior Account Manager
Darktrace

From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis.

Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.

Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense, is relied upon by organizations around the world, and can cover up to millions of devices.

In this session, learn:

  • How new machine learning and mathematics are automating advanced cyber defense
  • Why 100% network visibility allows you to detect threats as they happen, or before they happen
  • How smart prioritization and visualization of threats allows for better resource allocation and lower risk
  • Real-world examples of unknown threats detected by ‘immune system’ technology

134–Adobe’s Compliance Journey

  Download Presentation

Abhi Pandit
Sr. Director, Risk Advisory & Assurance
Adobe

Innovation is at the core of Adobe’s DNA enabling its successful transformation from a perpetual software giant to a cloud services leader within a short span of 5 years. Adobe’s Cloud Compliance strategy via the Adobe Common Controls Framework (CCF) played a critical role in this successful transformation. Organizations esp. security and compliance teams have to deal with the relentless onslaught of security attacks, complexities of protecting dynamic infrastructure, ever increasing stakeholder expectations and constantly shrinking budgets. This is further exacerbated by the countless regulatory requirements, competing priorities, and organizational silos and acquisitions resulting in compliance chaos. Compliance programs often struggle for relevance in such challenging circumstances, are routinely branded as a check-list driven function that does not add much value and find it difficult to attract, retain top talent.

The Adobe Case Study addresses the following questions faced by compliance programs:

  • How do you strategically position your program to overcome these challenges, provide career growth opportunities for your team?
  • How do you transform your function from being perceived as a cost burden into a program that drives competitive advantage?
  • How do you shift the mindset at the Board, Executive levels to gain on-going support for your program?

After completing this session you will be able to:

  • Understand how to align your compliance program to company strategy,
  • Receive practical tips on how to utilize your compliance program to improve efficiencies and help drive down operational costs
  • Learn how to change the perception of your compliance program from a Cost Center into a value adding function which helps your organization gain competitive advantage
  • Receive a free copy of the Adobe CCF that maps to SOC2 (Security, Availability)

144–Leveraging Threat Intelligence for Risk Assessments AND SecOps

Alexander Peters
Symantec

Threat Intelligence may have lost some of it’s appeal due to inflationary use of the term and ineffective use of the data. Get an overview of how Threat Intelligence can be used to improve both the quality of your risk assessments as well as improving the effectiveness of mitigating controls and everyday security operations.

After completing this session you will be able to:

  • Gain insights from our Threat Intelligence and our latest Threat Report
  • Understand how Symantec’s Global Security Organisation operationalizes Threat Intel
  • Gain ideas on how to utilize Threat Intelligence for improved risk assessments

214–Embedding Data Analytics in Fraud Auditing

  Download Presentation

Rolf von Roessing

 

 

 

After completing this session, you will know how to:

  • Understand the fraud-related data universe and data lineage
  • Get an overview of useful data analytics methods and techniques
  • Understand how to apply data analytics to fraud auditing
  • Ensure efficiency and on-target data acquisition and processing

 

Check back for updates.


224–Machine Learning for the Auditor

  Download Presentation

Thomas Baumann, CISA, CRISC
Swiss Mobiliar

Learn how to apply machine-learning techniques to classify items into different groups such as “no risk”, “limited risk”, “high risk” or “fraud highly probable”, and see what makes an application based on a machine-learning core specific to audit.

After completing this session, you will know how to:

  • Get a high-level understanding of machine learning algorithms and technologies
  • Be able to apply these technologies to improve risk analysis and fraud detection
  • Learn from examples based on Machine-learning-driven CAAT (Computer Aided Audit Tools)
  • Detect insights from large volumes of data

234–Top 10 Privacy Risks in Web Applications

  Download Presentation

Florian Johannes Stahl
 

 

The OWASP Top 10 Privacy Risks project covers technical and organizational privacy risks in web applications. Project leader Florian Stahl explains results and shows practical countermeasures.

After completing this session, you will know how to:

  • Identify common privacy issues in web applications
  • Identify best practices to improve privacy in web applications
  • Implement Privacy by Design which is a requirement of the EU General Data Protection Regulation
  • Have independent insights from an open source project based on the OECD privacy principles

244–The Treasured Value Add

  Download Presentation

Aaron Boor, CISA
IT Audit & Project Automation Specialist
Donegal Insurance Group

This presentation provides perspective on how Auditors are perfectly positioned to reveal powerful insights utilizing data analysis and visualization tools.

After completing this session, you will know how to:

  • Realize the need for data analytics from Audit
  • Realize the foundation for data analytics in Audit
  • Increase audit quality through data analytics
  • Effectively visualize data for Management

254–The Use of Data for Continuous Auditing

  Download Presentation

Jochen Gross
Manager IT Audit
Siemens AG

 

 

Yves Notten

We will demonstrate how data analytics can leverage efficiency and quality of internal audit. With different use cases from Compliance and IT we will reveal the way we are implementing continuous auditing within complex environments.

 

After completing this session, you will know how to:

  • Understand how data analytics is used to leverage efficiency and quality in internal audit based upon different use cases in Compliance and ITGC
  • Understand how continuous auditing within a complex ERP environment can be implemented
  • Understand how Siemens has translated paper frameworks into a technology-based audit environment
  • Understand how Siemens collects and integrates relevant data for a successful continuous auditing approach

264–Building Skynet for Audit & Risk Management

  Download Presentation

Anand Jangid, CISA
Managing Partner
Quadrisk Advisor Pvt, Ltd

The focus of the talk is going to be on key use case where Big Data Analytics & Machine learning can be used by the Risk management and audit Groups.The focus is to share 12 use cases of how unstructured data can be used along with Machine learning.

After completing this session, you will know how to:

  • Know Big Data analytics & Machine learning (BAM)
  • Knowledge to use (BAM) at their organization
  • Learn use case of applying BAM
  • Learn the challenges if using BAM

314–Data Analytics Pipeline for MNE’s

  Download Presentation

Gilbert Guinikoukou
Senior Auditor
Phillip Morris

How to consolidate an enhanced data analytics pipeline for MNEs based on different sources of information.

 

After completing this session, you will know how to:

  • Enhance the completeness and the relevance of overall data sources used to perform audit fieldworks
  • Implement automated warning in the information systems in use in his corporation (SAP, Oracle, ACL), etc...
  • Adapt each audit standard procedure to the relating testing / control and / or walkthrough to be performed.

324–The Dynamics of Cyber Security Eco-System

  Download Presentation

Brencil Kaimba

 

 

 

The cyber security Ecosystem requires a diverse workforce that include people with diverse cultures, experiences, ideas and approaches that will drive greater creativity, deliberation and insights.

After completing this session, you will know how to:

  • Understand the Cyber security ecosystem and the role of the Woman in the ecosystem
  • Most sought after skills women need to succeed in Cyber security
  • Perform real time analysis in a Security Operation Center
  • Bridge the communication gap between IT and Business

 


Return to Event Page

 

Track 5—Data Analytics & Information Management/Industry Trends & Insights

115–Implementing COBIT 5 in Generali

  Download Presentation

Marco Salvato, CISA, CISM, CGEIT, CRISC
GSS - Generali Shared Services, Scarl
 

The experience of Generali Shared Services in implementing COBIT 5.

 

After completing this session, you will know how to:

  • Learn about the implementation of different framework and good practices in order to define the process framework focused on the enterprise goals
  • Understand which types of COBIT 5 trainings were planned for the employees and for the management
  • Identify potential benefits of COBIT 5 Framework adoption
  • Comprehend pros and cons of the presented approach

125–The Pragmatic GDPR Project

  Download Presentation

Tim Clements, CIPP/E, CIPM, CIPT, CRISC, CGEIT, MBCS CITP
GDPR Project Manager & Advisor
 

This session will explore cases and experiences from GDPR projects Including some useful tools & techniques.

 

After completing this session, you will know how to:

  • Pinpoint GDPR impacts to your business
  • Define the deliverables in your GDPR project
  • Know how to map data flows
  • Understand key elements of the governance framework needed to ensure ongoing GDPR compliance

135–Complying with Bank Regulation Requirements Using COBIT 5, MENA, GCC

  Download Presentation

Ramzi Sunna
CTO
ScanWave Comprehensive Technical Solutions FZ

 

 

Peter Tessin
Technical Research Manager
ISACA

ScanWave C.T.S. will present a session on using COBIT 5 for compliance with new regulations in the Jordanian banking industry. They will share the process and pain of implementing governance structures to achieve compliance with the new regulation.

After completing this session, you will know how to:

  • Understand how the regulation has been interpreted and what actions banks have taken
  • Understand how the COBIT 5 PAM is used to measure process capability in the banking sector
  • Understand how a governance structure not only permits compliance but also facilitates continuous improvement

.


145–Facts & Fundamentals of Process Assessment

Tichaona Zororo, CISA, CISM, CGEIT, CRISC
Director EGIT I Enterprise Governance of IT (Pty) Ltd
EGIT | Enterprise Governance of IT (Pty) Ltd

Process assessment is not an attestation or assurance of the effectiveness of the internal controls, risk management or other aspects of enterprise performance it can be part of the initiation of a programme of process improvement or used to assess.

After completing this session, you will know how to:

  • Understand what is process assessment using COBIT 5
  • Know the differences between COBIT 4.1 & COBIT 5 Maturity Model
  • Understand key resources of process assessment model
  • Identify the 6 process capability levels & 9 process attributes

215–COBIT & Maturity Model: Practical & Real Uses

  Download Presentation

Peter Tessin
Technical Research Manager
ISACA

Maturity modeling is not just possible under COBIT but a capability to identify real risks and cut costs in ways not available. Learn practical solutions that been successfully deployed.

After completing this session, you will know how to:

  • Leverage COBIT 5 for Maturity models
  • Understand different Maturity model method
  • Talked to a specific COBIT Maturity Model use case
  • Understand how to view risk from a different view

225–Using COBIT to Build a Bridge Between Government and Internal Audit

  Download Presentation

Paul Phillips, CISA, CISM
Technical Research Manager
ISACA

 

 

Peter Tessin
Technical Research Manager
ISACA

 

 

After completing this session, you will be able to:

  • Gain an understanding of the nature of the relationship between internal audit and governance
  • Learn the importance of a common language and common understanding between internal audit and governance
  • Learn to enhance governance by fostering a stronger relationship with internal audit
  • Learn to better deliver value to stakeholders to create a strong bridge between internal audit and governance.

235–The Nature and Management of Shadow IT

  Download Presentation

Christopher Rentrop
Professor
HTWG Konstanz

In many companies users in the Business Departments implement systems which are not part of the ITSM. This so called Shadow IT is delivering advantages but also many risks. As shadow IT cannot be eliminated there is an urgent need for management.

After completing this session, you will know how to:

  • Understand the definition of Shadow IT
  • Search for the typical usage patterns of Shadow IT in their companies
  • Recognise advantages and risks related to Shadow IT and its relevance for Digitization initiatives
  • Estimate the management need and get to know a feasible management method to control shadow IT

245–Simple ERM Framework with ISO31000 & COBIT 5

  Download Presentation

Rami Sukkar, CISA, CRISC
Business Compliance / Risk Manager

This session is intended for professionals tasked with the implementation of Enterprise Risk Management. It details the main components in a risk framework through the pairing of ISO31000:2009 and COBIT 5 using a simple and step-by-step approach.

After completing this session, you will know how to:

  • Plan and design the implementation of enterprise risk management
  • Discuss the benefits of risk management with top management to get their buy-in and commitment
  • This governance objective deals with approaching the board and the executive office members
  • Implement the risk management framework
  • Measure and monitor the adoption of Enterprise Risk Management

255–Embedding a Digital Risk Management Culture within an Organisation

  Download Presentation
  Download Handout

Gary Bannister, CGEIT
Private Consultant

Embedding a Digital Risk Management Culture within an Organisation. Based on a Case Study that covered Themes such as Defining the Risk universe, Messaging & Communications, Sustaining through changing behaviours, risk & control integration

After completing this session, you will know how to:

  • Influence behaviours via enforcing rules and performance and most of all how to sustain awareness, messaging and the challenges faced both cultural and the skills gap encountered
  • Align a Digital Risk framework with the Enterprise Risk Management process & requirements; and How to integrate this with the Internal Control requirements for financial reporting
  • Formulate communication messaging and the reporting process and How to go about defining the Risk universe specifically the creation of risk scenarios and Risk factors
  • Set up the Digital Risk Model and integrate with the Audit Internal Control framework and how to align and integrate with COSO ERM, COBIT Risk and ISO 27005

265–Organisational Resilience for the Changing World

  Download Presentation

Leonard Ong, CISA, CISM, CGEIT, CRISC
Associate Director
Merck & Co, Inc

 

 

Werner Preining
Responsible for European Operations
Interpool Security Ltd

With the rapidly changing threat landscape, organisations are subjected to ever-increasing pressure to be resilient towards existing, new and unknown threats. This presentation discusses the proposed perspectives & approach to achieve resilience.

After completing this session, you will know how to:

  • Understand the current concept of organisation resilience and how to see them holistically
  • Identify current and in-development framework, standards and strategies related to organisational resilience
  • Identify an example where an effective approach to organisational resilience will help the organisation to survive significant crisis
  • Connect the concept with existing ISACA framework, publications and other assets related to the topic

315–Cyber Risks in PCI

  Download Presentation

Ivanka Tiric Podoreski, CISM, CRISC
Senior Risk Specialist
Erste Group Card Processor D.o.o.

Managing of security risk in payment card industry requires even more attention and high degree of cyber resilience in daily business. The challenge is the higher the more participating parties are involved and the newer technologies are deployed.

After completing this session, you will know how to:

  • Understand impact of payment card industry requirements, both PCI DSS and regulatory, on organisation's risk management profile
  • Share views and experiences in managing cyber risk in payment processing, considering also emerging technologies, mobile payments and dependency on multiple and/or chained third party providers
  • Optimise management of cyber risk in the payment industry and how to address risks with low degree of probability and critical impact on the organisation
  • Understand the risk impact on payment processors / payment service providers in case of major cyber attack and account data compromise

325–Toolkit for Safeguarding Internet Integrity

  Download Presentation

Boban Krsic
CISO
DENIC eG

Development and controlling of key performance indicators derived from DENIC’s vision and strategy, using COBIT 5 for Information Security.

After completing this session, you will be able to:

  • Derive KPI's from a strategic view
  • Design a controlling framework based on COBIT 5
  • Provide a guidance to measure an ISMS
  • Learn from a case study an approach that works


Return to Event Page

 

Spotlight Sessions

SS1—Compliance on Z/OS using Multifactor Authentication

Brian Marshall
Vice President, Research & Development
Vanguard

How Vanguard Multifactor can help you meet Compliance standards such as PCI.

 

After completing this session, you will be able to:

  • Understand how to meet MFA requirements for the mainframe
  • Learn about the numerous different choices available including; RSA, Yubikey, OATH tokens, Ping, Duo, PIV and Tokenless authentication
  • Technical/Product Detail

 

Workshops

WS1—Cybersecurity Fundamentals

Rolf von Roessing, CISA, CISM, CGEIT
President
Forfa AG

Cyber security is rapidly evolving and spreading to impact every sector of global commerce and technology. As a result, it is more and more crucial that professionals involved in almost all areas of information systems understand the central concepts that frame and define this increasingly pervasive field. The Cybersecurity Fundamentals Workshop is ideal for information systems professionals wishing to advance their knowledge in or transfer to cyber security, and for recent college/university graduates looking to start a career in this in-demand, fiercely competitive field.

The Cybersecurity Fundamentals Workshop is designed to enhance the knowledge of beginning learners and prepare those who wish to obtain a globally recognized credential for the Cybersecurity Fundamentals Certificate Exam which can be taken online at a later date.

This workshop will cover four key areas of cyber security:

  1. Cyber security architecture principles
  2. Security of networks, systems, applications and data
  3. Incident response
  4. The security implications of the adoption of emerging technologies.

After completing this workshop, you will be able to:

  • Understand basic cyber security concepts and definitions
  • Define network security architecture concepts
  • Recognise malware analysis concepts and methodology
  • Identify computer network defense (CND) and vulnerability assessment tools, including open source tools and their capabilities
  • Explain network systems management principles, models, methods, and tools
  • Distinguish system and application security threats and vulnerabilities
  • Classify types of incidents (categories, responses, and timelines for responses)
  • Outline disaster recovery and business continuity planning
  • Comprehend incident response and handling methodologies
  • Understand security event correlation tools, and how different file types can be used for atypical behavior
  • Be aware of the basic concepts, practices, tools, tactics, techniques, and procedures for processing digital forensic data
  • Recognise new and emerging information technology and information security technologies

WS2—COBIT 5 Foundation

Dr. Bruno Horta Soares, CISA, CGEIT, CRISC
Founder & Senior Advisor
GOVaaS - Governance Advisors, as-a-Service

Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach.

Delve into the essential components of COBIT 5 to learn how it covers the business end-to-end and helps you effectively govern and manage enterprise IT. Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach. *CPE Credits are calculated based on the number of active hours of participation.

After completing this workshop, you will be able to:

  • Understand the COBIT 5 Framework and all the components of COBIT
  • Discuss the functions that COBIT 5 provides and the benefits of using COBIT
  • Know how COBIT 5 meets the requirement for an IT governance framework and is used with other standards and best practices
  • Understand how IT management issues are affecting organisations and the need for an effective framework to govern and manage enterprise IT
  • Apply COBIT 5 in a practical situation and the COBIT 5 principles and enablers in detail
  • Earn the COBIT 5 Foundation Certificate! Attendees can take the Foundation Exam Monday, 29 May 2017 for an additional US $150!

COBIT 5 Foundation Exam

Monday, 29 May 2017 | 7:30 – 9:00AM
Earn the COBIT 5 Foundation Certificate! Attendees can take the COBIT 5 Foundation Exam for an additional US $150! For those who have registered to take the COBIT 5 Foundation Exam onsite, please note that this exam will begin promptly at 8:00AM. Please allow yourself extra time to get breakfast and check in for the exam before the start time.

Exam information:

  • Bring a picture ID to the exam
  • This is an unassisted (closed book) paper based exam
  • Exams, answer sheets, and pencils will be provided
  • Computers, tablets, and phones are not needed
  • Drinks are allowed; however, food is prohibited
  • Your exam proctor will provide any additional instructions the day of the exam

WS3—The Impact of GDPR on Corporate Governance

Tim Clements, CIPP/E, CIPM, CIPT, CRISC, CGEIT, MBCS CITP
GDPR Project Manager & Advisor

 

 
 

After completing this workshop, you will be able to:

  • Develop a data protection strategy based on the GDPR
  • Ensure your enterprise is compliant with current regulations and coming GDPR. Understand the impacts to your enterprise and identify the key deliverables including policies & procedures that your enterprise needs to comply with the GDPR.
  • Identify the personal data in your enterprise. Map data flows using a structured and visual approach that your stakeholders will understand
  • Appreciate how important ISO 27001 is to the GDPR. Highlight focus areas, review similarities, and identify key controls within the standard and from other sources.
  • Understand GDPR's impact on current risk management policies and procedures and review available privacy risk models
  • Don’t forget the human factor - using pragmatic approaches to change mindsets, embed responsibilities and overall data protection awareness

WS4—Cybersecurity for Auditors

Steven Andrew Babb, CGEIT, CRISC
Director of Information Security
Clutch Group

Cyber security focus is a requirement for any organisation today, but how can a company know and understand what their cyber security posture is? A strong cyber security audit programme with qualified, capable auditors and a robust work programme or standard is a must. During this workshop, we will dig into the details of cyber security audit. We will evaluate the ISACA NIST Cybersecurity Framework Audit Work Programme as well as various cyber security frameworks and tools including the NIST Cybersecurity Framework and the FFIEC Cybersecurity Assessment Tool.

Please note: this workshop will provide an overview of cyber security and spend the majority of time focusing on the auditing of cyber security concepts. Therefore, an understanding of the fundamental concepts of cyber security is required. ISACA strongly encourages attending the CSX Fundamentals 2-Day workshop prior to attending this Cybersecurity for Auditors workshop in order to gain a full base understanding for cyber security. Cybersecurity Fundamentals is being offered as a pre-workshop (see WS2 above).

After completing this workshop, you will be able to:

  • Audit an organisation’s cyber security posture
  • Evaluate cyber security inherent risk
  • Define audit evidence requests needed to evaluate an institution’s cyber security controls
  • Be aware of basic policies, practices, technologies, tools and controls used to enhance cyber security
  • Examine ways to assess an organisation’s cyber security maturity
  • Recognise new and emerging cyber-attacks, threats, and vulnerabilities
  • Discuss cyber security frameworks and assessment tools currently available
  • Understand and use the ISACA NIST Cybersecurity Framework Audit Work Programme

 

Innovation Stage

IN6—Top 10 Steps to Ensure your Organization is Compliant

Brian Marshall
Vice President, Research & Development
Vanguard

Ten Steps to ensure you’re compliant from novices through CISO's with the most current information and instruction about cybersecurity threats, protection, configuration, and compliance.

 

 

Special Events

Bavarian Fest

Tuesday, 2 April 2017; Grand Hall at Löwenbräukeller
18:30 – 21:00

Enjoy a festival for your senses at our evening celebration of everything Bavarian. From a variety of Bavarian breads to appetizing sausage snacks—and don't forget the region’s famous beers and wines—meeting new professional friends will be as rewarding to your palate as it is to your work role and future. Feast it all in at an authentic Bavarian-style lodge full of cozy appointments, music and southern German hospitality.

We look forward to offering you a uniquely Bavarian welcome.

Tickets will be required for admittance to this event. Tickets are complimentary for conference registrants. However, if you'd like to attend, you must select the event when you register in order to receive a ticket onsite. Guest tickets are available for purchase when you register for an additional $150.

 

 

Return to Event Page