EuroCACS Presentations and Descriptions 

 

**Presentations are Restricted to Conference Attendees Only**

 

Track 1—Audit and Assurance

111–The Pain with Segregation of Duties

Monday, 28 May | 10:30 – 11:30

  Download Presentation

Klaudia-Agnes Knosalla, CISA
Senior Expert - Governance, Risk and Internal Controls
Bertelsmann Accounting Services GmbH

How to develop and implement a pragmatic approach for your organisation and how to overcome the obstacles you will meet along the way.

After completing this session, you will be able to:

  • Understand the risks and challenges entities face with regard to Segregation of Duties (SoD) and make the connection to relevant elements of the COBIT 5 Framework
  • Provide examples on how to develop a risk-based and pragmatic approach to effective SoD design from an organisational and technical perspective
  • Get to know examples for communicating a coherent and comprehensible approach to your different stakeholders
  • Challenge the current paradigms about SoD controls in relation to the possibilities of continuous monitoring and data analytics

121–Automated Monitoring for IT Audits in a Data-Driven Framework

Monday, 28 May | 12:00 – 13:00

  Download Presentation

Phil Shomura
Senior Product Manager
ACL

In the course of conducting IT/IS Audits, organizations are seeking ways to work smarter to increase assurance, improve controls and achieve governance over risk & compliance. You don’t know what you don’t know hence at the end of the day, you are reliant on a number of activities and systems.

The ability to comb through your data lakes by using robotic process automation (RPA) simplifies this exponentially. RPA allows you to automate high-volume, repeatable tasks by integrating existing applications for processing of transactions or events, analyzing entire populations of data, triggering responses and communicating with other systems and stakeholders.

Aggregate your data to visualize this in a way that brings the story together in a single lens. The right technology can help you achieve this holistic view and inform you of what activities are ongoing in your organization, including whether the status of those activities (be it controls or procedures) you are monitoring leave you closer or further from compliance.

This session will demonstrate the advantage of leveraging a data-driven automated monitoring approach while integrating with key process stakeholders to create an early-warning detection framework to help identify risks in your IT/IS ecosystem.

After completing this session, you will be able to:

  • Identify key risks across your organization
  • Apply data analytics to key control areas for continuous monitoring and assessment of risks
  • Develop a standardized remediation workflow and streamline custom reporting for different audiences

131–Excel - The Dark Matter of IT

Monday, 28 May | 14:15 – 15:30

  Download Presentation

Patrick O’Beirne
Spreadsheet Mgmt Consultant
Systems Modelling, Ltd

This session outlines how to address current concerns about risks from the uncontrolled use of spreadsheet-based "Shadow IT". It covers how to assess risk in the context of spreadsheet criticality, and a process of high level and detailed reviews.

After completing this session, you will be able to:

  • Understand the real incidence of spreadsheet errors
  • Recommend good practice in spreadsheet development and control
  • Assess risk, scope a test plan, ask penetrating questions, recognise indicators of good practice
  • Be aware of software tools for spreadsheet audit efficiency

141–Key Controls for Data-Centric Security

Monday, 28 May | 16:00 – 17:00

Robin Lyons
Technical Research Manager, Research and Development
ISACA

The traditional approach starts with defending the perimeter and then going inward with layers of defense. Today organizations need security and controls that stays with the data -- no matter where it resides.

After completing this session, you will be able to:

  • Build a data-centric security and audit programs
  • Identify capabilities and tools for greater data visibility to identify where sensitive data resides, is processed, and in transit
  • Identify key data security controls i.e., detective, corrective, preventive for how data should be managed and accessed within the business context
  • Know how to continuously monitor and mature these controls such that compliance requirements are met by the organizations

211–ICT Governance - Getting It Right

Tuesday, 29 May | 8:30 – 9:30

  Download Presentation

Ian Musgrave, CISA
Head of IT Assurance
Uniac

Why do so many organisations get ICT Governance wrong? Including an overview of why ICT Governance is important, what good ICT governance looks like and the pitfalls of when it goes wrong (failure to innovate, incoherent strategies and performance).

After completing this session, you will be able to:

  • Identify what ICT governance is and its importance to the organisation
  • Understand what good ICT governance looks like and its importance in delivering ICT strategies
  • Appreciate via examples what happens when ICT governance is not delivered optimally and how this restricts the organisation in achieving its objectives
  • Learn what the priorities should be for an ICT auditor in performing a review of ICT governance

221–Data Protection–The Pragmatic Audit Approach

Tuesday, 29 May | 10:00 – 11:00

  Download Presentation

Additional ISACA Resources

2017 Top-Rated SpeakerMatthias Kraft, CISA, CISM, CGEIT, CRISC
Senior Manager Internal Audit
FIL Holdings (Luxembourg) S.A.

 

 

2017 Top-Rated SpeakerAlexander Ruehle, CISA
CEO and Co-Founder
Zapliance GmbH

The pragmatic approach to auditing data protection (DP): This session will help to understand top DP priorities, implications and characteristics of European law such as the GDPR and help the professional to avoid common pitfalls when auditing DP.

After completing this session, you will be able to:

  • Understand data protection implications and characteristics European law
  • Describe key areas of data protection risks and understand how audit functions can respond using different approaches and common regulation such as GDPR
  • Explain how to cover major aspects of data protection as part of an audit plan
  • Articulate top data protection priorities and how to avoid common pitfalls

231–A Long Journey to A New Level of Audits

Tuesday, 29 May | 11:15 – 12:15

  Download Presentation

Petra Hoffmann-Stascheck
Senior Consultant
DB Systel GmbH

 

 

Matthias Hillebrand
Process Manager Security Management and ISMS Specialist
DB Systel

DB Systel's audit experience of more than 20 years is shared. The auditing system is presented as well as the challenges and our solutions. It is discussed how we managed to create an efficient audit landscape with full coverage of our organisation.

After completing this session, you will be able to:

  • Have an insight in our audit landscape, our audit and improvement culture, understand our challenges, see how we dealt with them, and how to use our experiences in her or his own organisation
  • Understand how DB Systel manages issues from audits, how participants and stakeholders contribute to continuous improvements and how to transfer our experiences to her or his own organisation
  • See how to avoid double work for auditors as well as for auditees, but ensure full coverage, and even how to improve their own efforts to get more benefit from audit activities than before
  • Recognise the challenges you are facing when handling a large spectrum of different audits within an organisation and when transforming from a hierarchical structure to a new world's working scheme

241–Deriving Maximum Benefit from Audit

Tuesday, 29 May | 13:30 – 14:30

  Download Presentation

Allan Boardman, CISA, CISM, CGEIT, CRISC
CyberAdvisor London

This session will examine the often experienced tensions between Audit & other assurance functions sign posting the potential problem areas and pitfalls to avoid. It will also provide strategies for successfully deriving maximum benefit from audit.

After completing this session, you will be able to:

  • Understand the key reasons that often adversely impact the effectiveness of audit, risk and security groups working together.
  • Recognise the significant impact organisational structure, culture, ethics and communications can have on the effectiveness of Audit, Risk and Security working together.
  • Identify the potential problem areas, warning signs, and pitfalls to avoid.
  • Strategically integrate audit into other assurance related activities as part of an enterprise wide risk approach

251–The Evolution of IT In The External Audit

Tuesday, 29 May | 14:45 – 15:45

  Download Presentation

David Meadley, CISA, CGEIT, CRISC
Manager
 

If we have learnt anything from recent IT events, it's that the environment we and our clients operate is constantly changing and reacting to new threats and opportunities. We will examine how our external audit approach is changing.

After completing this session, you will be able to:

  • Describe what the International Standards on Auditing require when it comes to IT in external audits
  • Describe the difference between general IT controls and various types of application controls typically relied upon in an external audit and how this may impact the scope of internal audit
  • Describe some of the various options available to test general IT and application controls for external and internal audit purposes
  • Describe alternative external and internal audit approaches without relying on traditional general IT and application controls

261–Auditing the Digital Forensic Process

Tuesday, 29 May | 16:15 – 17:15

  Download Presentation

K. Rama Subramaniam, CISA, CISM
Director & CEO
Valiant Technologies Group

Robust forensic process after a cyber-attack to collect digital evidence of probative value is emerging as a key security governance requirement. Stakeholders expect the IS auditor to attest reliability of the process. How can the IS auditor do this?

After completing this session, you will be able to:

  • Review and report on the process of integrating the digital forensic process with the organisation's information security strategy, as part of the information security governance requirements
  • Review and recommend the changes to be made in IT landscape in order not to miss out on evidence of probative value available in the information flowing through, stored and processed on the systems
  • Review the digital forensic process for conformity with emerging global standards in this area. Look for lessons from conventional forensics discipline to adopt in digital forensics
  • Develop and implement an audit programme that will assure stakeholders of the appropriateness of the digital forensic processes in operation; protecting chain of evidence and meeting the legal needs.

311–Auditor’s Guide to a Penetration Test

Wednesday, 30 May | 8:30 – 9:30

  Download Presentation

Herbert McMorris, CISA, CISM, CGEIT, CRISC
Information Security Analyst
KirkpatricePrice, LLC

Penetration testing identifies flaws in a security programme including technical, process, and personnel failures. But what should the auditor or risk manager do with the results? This session discusses what the auditor and risk manager need to know.

After completing this session, you will be able to:

  • Define the different types of penetration tests
  • Discuss why penetration testing is needed
  • Understand the penetration test report
  • How resolution and mitigation should be verified

321–Auditing IOT

Wednesday, 30 May | 9:45 – 10:45

  Download Presentation

Additional ISACA Resources

R.V. Raghu, CISA, CRISC
Director
Versatilist Consulting India Pvt, Ltd

The internet of everything is around us whether we like it or not. Organisations are increasingly relying on IoT for all aspects making the need for auditing IOT increasingly critical.

After completing this session, you will be able to:

  • Understand current and potential IOT usage
  • Appreciate the concerns that will need to be addressed due to the usage of IoT
  • Establish audit considerations for IOT
  • Conduct IOT audits based on a framework approach

 

Return to Event Page >>

 

Track 2—GRC/COBIT

112–Aligning Security to the New Wave

Monday, 28 May | 10:30 – 11:30

  Download Presentation

Additional ISACA Resources

Sandeep Godbole, CISA, CISM, CGEIT
General Manager - Info Security
Syntel

The tools of the trade for IT professionals have changed. Architecture (Micro Services), Development Methodology (Agile) and Deployment (DevOps) are different from the conventional methods. The session aligns security for this new normal.

After completing this session, you will be able to:

  • Gain basic understanding of Micro Services architecture, along with the Agile approach and the DevOps deployment
  • Determine the change from the conventional approaches and methods related to system architecture, development and deployment
  • Identify processes, stages, check points where security is necessary
  • Participate as a security expert in projects that deploy agile, microarchitecture and DevOps

122–Dev Ops, Agile and Compliance

Monday, 28 May | 12:00 – 13:00

  Download Presentation

Additional ISACA Resources

Guy Herbert, CISA
Head of IT Risk and Compliance
Atlassian

Dev Ops and Agile development can allow you to build a fast-paced compliance pipeline that will allow your development teams to maintain speed and keep your risk and audit teams happy.

After completing this session, you will be able to:

  • Understand DevOps and Agile risks and controls
  • Understand the DevOps and Agile process flow
  • Design controls for DevOps and Agile developments
  • Design audit plans for DevOps/Agile environments

132–Integrated Risk Management: Looking Around the Corner

Monday, 28 May | 14:15 – 15:30

Gennaro Scalo
Director
RSA Archer EMEA

An opportunity to reflect on the history of risk management while taking a look at the future. In this session we will explore the upcoming trends driving risk management and focus on answering the question; what is next? Topics will include Risk Economics, Digital Risk, and more. A closing view into how RSA is addressing these topics with its, industry leading risk platform, RSA Archer Suite, will also be covered.

After completing this session, you will be able to:

  • Understand and gain insights into the evolution of risk management
  • Learn new perspectives on the future of risk management
  • Risk Economics and the Digital Risk landscape
  • Understand RSA’s Perspective and how RSA Archer Suite can assist in these areas

142–Risk Based Approach to Security

Monday, 28 May | 16:00 – 17:00

  Download Presentation

Additional ISACA Resources

Samuel Korpi, CISA
Information Security Specialist
Neste Corporation

In this session, we explore what a risk based approach to security might look like. The aim is to bridge the gap between risk and control, so that we are better equipped in estimating and justifying the controls we put in place into our environment.

After completing this session, you will be able to:

  • Understand the need for common terminology related to security and risks and utilise sample definitions given in the presentation
  • Utilise the security feedback loop to model and link together security and risk, through assurance, control and threat assessment
  • Understand the complexity of risk mapping, considering especially the multitude of information sources
  • Make an informed decision on whether to consider risk based approach to security for their organisation

212–Using COBIT 5 to Manage Shadow IT

Tuesday, 29 May | 8:30 – 9:30

  Download Presentation

Additional ISACA Resources

Christopher Rentrop
Professor
HTWG Konstanz

Shadow IT is a widespread and growing phenomenon. Several processes within COBIT5 deal with or are affected by Shadow IT. In this presentation we will analyse these processes and thereby demonstrate how to use COBIT to manage Shadow IT.

After completing this session, you will be able to:

  • Understand the definition of Shadow IT and the phenomenon
  • See which COBIT 5 processes are (negatively) affected by Shadow IT
  • Understand which critical IT management processes are missing or on a low maturity Level in a typical Shadow IT setting
  • Use COBIT 5 to plan a Shadow IT audit project in his (or her) company

222–COBIT & SFIA as Organisational Design Tools

Tuesday, 29 May | 10:00 – 11:00

  Download Presentation

Additional ISACA Resources

Daniel Merriott, CISA, CGEIT
Principal Consultant
BSMimpact

COBIT can be leveraged to help with operating model design, acting as an integrator of other processes (ITIL, SIAM, PRINCE, etc.). Combined with SFIA we can define the both the roles and skills needed by a current or future operating model.

After completing this session, you will be able to:

  • Understand how to map between COBIT and SFIA (the Skills Framework for the Information Age) frameworks in a meaningful way
  • Use COBIT as a framework to integrate other process frameworks in operating model design
  • Validate organisation positions against the capabilities needed in an operating model
  • Build a consistent view of the skills needed to deliver an operating model, and identify any skills gaps that need managing

232–Comprehensive Approach to Design Fraud Prevention Program

Tuesday, 29 May | 11:15 – 12:15

  Download Presentation

Paul Phillips, CISA, CISM, MBA
Technical Research Manager
ISACA

 

 

Robin Lyons
Technical Research Manager, Research and Development
ISACA

Session will focus on: 1. Why knowledge of Forensic Accounting has become a necessity for a finance professional. 2. How fraudster plays with human psychology? 3. Fraud Triangle: How to use it to devise Fraud Prevention Program for ANY company?

After completing this session, you will be able to:

  • Identify Green Flags or "All is Well" syndrome at their clients
  • Use "Fraud Triangle" to develop Fraud Prevention Program
  • Use Beneish Model - only model available, as of date, to detect fraud in financial statements with more than 75% probability!
  • Identify areas where the IT & Finance auditors should invest more time and resources especially in substantive audit procedures

242–Effective Cloud Governance

Tuesday, 29 May | 13:30 – 14:30

  Download Presentation

Paolo Ottolino, CISA, CISM
Cyber Security Professional
InterSistemi

In the era of Cloud, 3 main concepts for IT Governance: - Measurement: thorough management of People|Process|Technology - Cycles: further improvements in aligning IT to Business - CSOA: readiness to services delivered on Hybrid Cloud environments. Both Cloud Acquirer and Provider should adopt agreed upon Governance models.

The indicator types to adopt:

  • Direct KPI
  • Create KGI
  • Protect KRI
  • Execute SLA
  • Monitor KMI
  • Security Indicators
  • STO:Security Testing Objectives
  • VSC:Vulnerability Scan Coverage
  • PCS:Platform Compliance Score
  • PTL:Patch Latency
  • MBI:Meantime Between Incident

Identity Indicators:

  • IMC:Identity Management Coverage
  • 2FA:Two Factor Authentication
  • MCP:Meantime to Certified Privileged Account
  • TUP:Time for User Provisioning
  • PAU:Privileged Account per User
  • Resilience Indicators
  • RTO:Recovery Time Objective
  • RPO:Recovery Point Objective
  • SRC:System Recovery Coverage
  • MTR:Meantime To Repair
  • MBF:Meantime Between Failure

252–DevSecOps – Bringing Security – The Missing Link in Delivering on the Promise of Business Velocity and Quality to DevOps

Tuesday, 29 May | 14:45 – 15:45

  Download Presentation

Robert Stroud, CGEIT, CRISC
Chief Product Officer
XebiaLabs
ISACA Board of Directors

There is one constant in all our lives – change! Change is accelerating driven by disruptive technologies which are fueling innovative business models across every vertical from Banking to public services. To succeed with Innovation at speed, IT organizations must accelerate their release velocity - and do it with greater quality, security, and availability! Enter DevOps!

For most organizations, the transition to DevOps starts small, in a single team or a new project with cobbled together open source solutions, with security often an afterthought. To scale effectively, deploying daily or hourly or even more frequently, requires organizations treat security as a first-class citizen – engaged in all aspects of the development and deployment lifecycle. Robert will share market trends, tips and techniques to incorporate security into the complete DevOps lifecycle – delivering DevSecOps. Robert will identify traps and roadblocks teams often experience, discuss approaches and actions to help you facilitate a smooth, and swift, transformation.

After completing this session, you will be able to:

  • Explain the core DevOps and DevSecOps principles
  • Identify the key components of DevSecOps in the SDLC
  • Analyze the SDLC and select the appropriate security techniques to incorporate
  • Develop techniques to transition skills to product teams

262–DevOps - The Game Changer

Tuesday, 29 May | 16:15 – 17:15

  Download Presentation

Additional ISACA Resources

Philip Green, CISA, CISM, CRISC
Director
G3 Service Solutions Limited

From Deming to DevOps. This presentation discusses DevOps as a game changer - why it cannot be ignored, the challenges it presents and the shift in thinking & approach needed to turn it from a blocker to an enabler to information risk & security.

After completing this session, you will be able to:

  • Understand that DevOps as a game changer cannot be ignored
  • Understand the basic principles of DevOps, its roots in Agile practices, it's link to continual improvement and 'The Three Ways'
  • Understand how DevOps challenges traditional risk & security controls
  • Understand the shift in thinking and approach needed to turn DevOps from a blocker to an enabler to the information risk & security professional

312–OT Operating Models Using COBIT 5

Wednesday, 30 May | 8:30 – 9:30

  Download Presentation

Additional ISACA Resources

Arno Kapteijn, CISA, CGEIT
Management Consultant IM/IT
CoCorBan

Improving alignment of the Operational Technology (OT) and Information Technology (IT) Domain by building an OT Operating Model based on COBIT 5 - A case study at Stedin (utility company in The Netherlands).

After completing this session, you will be able to:

  • Assess how COBIT 5 is useful for the governance and management of operational technology
  • Understand how the IT and OT domains can be better aligned by using COBIT 5
  • Understand how corporate governance of OT can be improved by using COBIT 5
  • Use COBIT 5 to provide a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of all enterprise Technology, not just IT

322–BIA: The Root of Security & Recovery Plans

Wednesday, 30 May | 9:45 – 10:45

  Download Presentation

Herbert McMorris, CISA, CISM, CGEIT, CRISC
Information Security Analyst
KirkpatricePrice, LLC

The Business Impact Analysis (BIA) is the root of security, risk & recovery programmes, yet it is often performed incorrectly. How does the BIA drive risk management process, security programmes, and recovery efforts, and who should perform the analysis?

After completing this session, you will be able to:

  • Explain the purpose of a Business Impact Analysis
  • Know how the BIA applies to risk and recovery programmes
  • Determine the critical outputs from the analysis
  • Know how outputs apply to risk, security, and recovery

 

Return to Event Page >>

 

Track 3—GDPR, Data Analytics & Information Management

113–Data Protection - It’s Not Just About GDPR

Monday, 28 May | 10:30 – 11:30

  Download Presentation

Tim ClementsTim Clements, CGEIT, CRISC, FBCS CITP, FIP, CIPP/E, CIPT, CIPM
Privacy Program Manager
Mitigate, Denmark

Data Protection is not just about the GDPR and 25 May 2018 should be seen as a key milestone rather than a deadline. Organisations must gear-up and ensure there is continued focus on data protection beyond May 2018. A data protection strategy aligned with business objectives, a robust operational lifecycle and governance framework coupled with an organisation with the right skills and mindset are pre-requisites for ensuring ongoing compliance with applicable legislation.

After completing this session, you will be able to:

  • Ensure their organisations' strategy for Data Protection is in place and relevant
  • Articulate the competences, responsibilities and organisational structures needed to support the governance framework
  • Describe the key elements of the Operational Lifecycle and how to establish them
  • Understand the relevance of some key international frameworks and standards to ensure their organisations’ privacy control framework is fit for purpose

123–Advanced Technical Tools for Compliance Audits Pt. 1

Monday, 28 May | 12:00 – 13:00

  Download Presentation

Additional ISACA Resources

2017 Top-Rated SpeakerAndrew Neal, CISM, CRISC
President, Forensic Technology & Consulting
TransPerfect Legal Solutions

Compliance with data privacy and information security regulations is becoming a more visible problem with higher financial penalties. Using techniques developed for other IT/IS disciplines, compliance audits can gain deep insight into data content, technical controls, and the real-world functioning of the controlled environment.

After completing this session, you will be able to:

  • Describe some of the technical challenges in auditing compliance with GDPR and other data privacy regulations
  • List the steps in an advance technical compliance audit
  • Leverage technical tools from other IT/IS disciplines to perform an audit
  • Implement technical tools in their own compliance audit programme

133–Advanced Technical Tools for Compliance Audits Pt. 2

Monday, 28 May | 14:15 – 15:30

  Download Presentation

Additional ISACA Resources

2017 Top-Rated SpeakerAndrew Neal, CISM, CRISC
President, Forensic Technology & Consulting
TransPerfect Legal Solutions

Compliance with data privacy and information security regulations is becoming a more visible problem with higher financial penalties. Using techniques developed for other IT/IS disciplines, compliance audits can gain deep insight into data content, technical controls, and the real-world functioning of the controlled environment.

After completing this session, you will be able to:

  • Describe some of the technical challenges in auditing compliance with GDPR and other data privacy regulations
  • List the steps in an advance technical compliance audit
  • Leverage technical tools from other IT/IS disciplines to perform an audit
  • Implement technical tools in their own compliance audit programme

143–3,2,1...Boom - GDPR Maturity Now

Monday, 28 May | 16:00 – 17:00

  Download Presentation

Additional ISACA Resources

Petri Koivisto, CISA
Senior Security Consultant
Tieto Finland Oy

 

 

Jani Arnell, CISM
Director, Leader of Digital Security
PwC Finland

3,2,1...boom - GDPR is live, what is the maturity of your products and services now against GDPR? This presentation demonstrates how we utilised selected framework to establish a guarantee to our customers for GDPR compliancy.

After completing this session, you will be able to:

  • Understand how to build compliance framework for GDPR
  • Understand how to establish a guarantee for customers
  • Compare selected approach to their approach
  • Learn how this approach raises awareness and maturity in security and privacy area

213–Tackling the GDPR: A Roadmap to Compliance

Tuesday, 29 May | 8:30 – 9:30

Additional ISACA Resources

Dave Horton
GDPR Solution Engineer Manager
OneTrust

Learn how to build a GDPR roadmap while integrating privacy management tools as a function of IT security, risk management, audit and compliance, as well as the importance of understanding and demonstrating on-going privacy regulation compliance.

After completing this session, you will be able to:

  • Understand the requirements, importance, and implications of the GDPR for an organisation’s privacy and security teams
  • Build a compliance roadmap with both privacy and security in mind
  • Understand how privacy management tools fit into an overall security ecosystem
  • Demonstrate ongoing compliance with the GDPR and other privacy regulations

223–GDPR Panel: Week 1 - What We Know Now

Tuesday, 29 May | 10:00 – 11:00

Additional ISACA Resources

Moderator:

Theresa GrafenstineTheresa Grafenstine
Chair, ISACA Board of Directors

 

 

Panelists:

Mike Hughes, CISA, CRISC, CGEIT
Partner
Haines Watts

 

 

Ken Macdonald, PhD
Head of ICO Regions
Information Commissioner’s Office

 

 

2017 Top-Rated SpeakerAndrew Neal, CISM, CRISC
President, Forensic Technology & Consulting
TransPerfect Legal Solutions

 

 

R.V. Raghu, CISA, CRISC
Director
Versatilist Consulting India Pvt, Ltd

 

 

Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CP
Director of Information Security and IT Assurance
BRM Holdich

 

 

After completing this session, you will be able to:

  • Discuss the current status and developments relative to the GDPR
  • Understand the challenges faced by various stakeholders in the GDPR compliance process
  • Bring suggestions for best practices back to their organisations
  • Contribute to and engage with their organisation’s GDPR programme

233–GDPR Pain Points

Tuesday, 29 May | 11:15 – 12:15

  Download Presentation

Additional ISACA Resources

Paolo Ottolino, CISA, CISM
Cyber Security Professional
InterSistemi

GDPR harmonises Privacy Regulation throughout the EU, establishing: - to defend data of EU citizens - by Data Controller/Processor - controlled by SA, EDPB - heavy sanctions - to issue by May 25th, 2018.

Top 5 Development Impacts

  • Treat Register
  • Privacy by Design/Default
  • Pseudonymization
  • Profiling
  • Third Party

Top 5 Suggested Tools

  • GRC
  • SIEM
  • IAG/IAM
  • PAM
  • DLP

Top 5 Operational Impacts

  • Data Breach
  • DPO
  • Consent
  • Right to Erasure
  • Code of Conduct

Top 5 Suggested Company Functions

  • Internal Audit
  • SOC
  • IRT
  • Internal Risk
  • Security Assurance

243–A Roadmap to Compliance

Tuesday, 29 May | 13:30 – 14:30

Brian Marshall
Vice President, Research and Development
Vanguard

The key principle of Compliance is accountability through a relevant demonstrable compliance program.

A relevant demonstrable compliance program includes keeping relevant compliance information and associated supporting reports and documents in an organized, easily maintained, readily accessible audit and compliance program with SME's that understand each platform and the specific regulations that apply to the organization.

It should include Risk Assessments and Gap Analysis of pertinent systems and platform in order to satisfy both specific internal requirements and external industry and governmental regulations.


253–Protect Your Data Against Insider Threats

Tuesday, 29 May | 14:45 – 15:45

  Download Presentation

Thomas Baumann, CISA, CRISC
Head of Data Engineering
Swiss Mobiliar

This presentation discusses how database activity monitoring and encryption help to safeguard your data against intentional and unintentional threats, and how Machine Learning algorithms might help to uncover anomalous user activities.

After completing this session, you will be able to:

  • Describe the countermeasures against intentional insider threats
  • Mitigate risks of unintentional insider threats
  • Identify the role of databases as targets of attacks
  • Understand how machine learning algorithms might help to identify threats

263–Privacy in a Contextual World

Tuesday, 29 May | 16:15 – 17:15

  Download Presentation

Additional ISACA Resources

R.V. Raghu, CISA, CRISC
Director
Versatilist Consulting India Pvt, Ltd

Technologies are increasingly becoming contextual and organisations are rushing to leverage this to better serve customers without understanding the implications on privacy- the session provides insights to navigate this mine field.

After completing this session, you will be able to:

  • Overview of various contextual technologies
  • Privacy implications- what you should know
  • Establishing a risk based approach to managing privacy
  • What can you do to manage privacy implications of contextual technologies

313–After the Enforcement - Journey to GDPR

Wednesday, 30 May | 8:30 – 9:30

  Download Presentation

Additional ISACA Resources

Manoj Patel
CyberSecurity & Risk Global Practice EMEA
ServiceNow

Your Compliance Journey to GDPR - After the Enforcement GDPR journey milestones Requirements & challenges & applicabilities of the regulation GDPR & organisational objectives GDPR - Best practices approach.

After completing this session, you will be able to:

  • Understand the enforcement impact
  • Learn the requirements and challenges
  • Align GDPR & organisational objectives
  • Fulfill requirements and how to be compliant

323–So the GDPR is Here, Now What?

Wednesday, 30 May | 9:45 – 10:45

  Download Presentation

Additional ISACA Resources

Ralph O'Brien
Principal Consultant - Europe, Compliance Solutions
TrustArc

This session will focus on the status of GDPR compliance, regulatory guidance on enforcement, the impact of Brexit and the U.K. Data Protection Bill, and best practices for GDPR internal audits, liaison with audit committees and support of DPO’s.

After completing this session, you will be able to:

  • Compare their organisation’s GDPR status with peers in their industry
  • Assess the likelihood of enforcement action against their organisation and the likely penalty in the event of a GDPR compliance failure
  • Explain the impact of Brexit and the U.K. Data Protection Bill (or Act, if enacted) on their organisation’s GDPR programme
  • Map industry best practices against their organisation’s approach to GDPR internal audit and liaison with audit committees and DPO’s

 

Return to Event Page >>

 

Track 4—Security/Cyber Security

114–Hollywood's Cybersecurity Lessons

Monday, 28 May | 10:30 – 11:30

  Download Presentation

William Macleod
Senior Cyber Security Specialist
University of Strathclyde

A tongue in cheek look at movies as diverse as Despicable Me and Batman vs Superman, reveals some truths about cybersecurity and some not-so-truths.

After completing this session, you will be able to:

  • Identify 4 threat actors
  • Identify 4 threat vectors
  • Identify 4 threat targets
  • Identify 4 mitigation methods

124–Encryption: Increase Compliance!

Monday, 28 May | 12:00 – 13:00

Additional ISACA Resources

2017 Top-Rated SpeakerUday Ali Pabrai
CEO
Ecfirst

Encryption protocols, encryption key strengths, encryption choices across mobile devices, e-mail and more may all seem confusing and overwhelming. Understand how to simplify the use of encryption in your organization, and do so consistently.

After completing this session, you will be able to:

  • Examine encryption mandates defined in HIPAA Security, HITECH Act, PCI DSS, State regulations and more.
  • Review specific areas that encryption can have a significant impact in lowering enterprise risk, while improving compliance posture.
  • Step through core elements of an encryption policy to address both at rest and in motion requirements.
  • Understand how to simplify the use of encryption in your organization, and do so consistently.

134–A Security View of Future of Payments in EU

Monday, 28 May | 14:15 – 15:30

  Download Presentation

Alen Beganovic, CISM, CGEIT
Security Consultant
Ethernaut Information Technologies D.o.o.

PSD2 has introduced new players in payment arena (AISP & PISP) and brings new strategies and requirements in payments and digital banking “Open Banking” begins - banks are forced to make strategic decision: become compliance provider or key player.

After completing this session, you will be able to:

  • Understand key business and technology risks and opportunities for existing players (primary banks) in payment ecosystem
  • Describe role of the new players in payments (AISP and PISP) and new transaction flows
  • Understand key requirements from PSD2 and relevant standards and guidelines, strong customer authentication and dynamic linking, from security point of view
  • Describe main requirements for mandatory APIs for account information and payment initiation

144–Threat Intelligence Sharing: Trusted Circles

Monday, 28 May | 16:00 – 17:00

  Download Presentation

Additional ISACA Resources

Manoj Patel
CyberSecurity & Risk Global Practice EMEA
ServiceNow

Sighting Search and Trusted Security Circles Importance of Threat Sharing - Why share threat intelligence? Current Global ISACs (Information Sharing & Analysis Centers) Identify & assess the impact of a cyber-attack Immunity by Community.

After completing this session, you will be able to:

  • Learn about what Sighting Search and Trusted Security Circles are
  • Understand Importance of Threat Sharing - Why share threat intelligence?
  • Use of Threat intelligence to identify, remediate and/or assess the impact of a cyber attack
  • Know Current Global ISACs (Information Sharing & Analysis Centers)
  • How to approach on Threat Intelligence sharing
  • Drive Immunity by community

214–3rd Party Security in the Era of Cyber

Tuesday, 29 May | 8:30 – 9:30

  Download Presentation

Michael van Dinter, CISA, CISM, CRISC
Chief Information Security Officer
Targo Commercial Finance

In a world of interconnection all companies use 3rd parties for services and outsourcing of various functions of the own organisation. But how does one secure those 3rd parties? Learn how in this session.

After completing this session, you will be able to:

  • Identify how to integrate 3rd party cyber security assessments into internal processes like the purchasing processes
  • Review all 3rd party engagements and identify those requiring an in-depth cyber security assessment
  • Ask the right questions to assess the 3rd parties’ cyber security practices and get the needed answers
  • How to work successfully with the 3rd party towards assessing cyber security practices

224–Cybersecurity: Engaging the Business

Tuesday, 29 May | 10:00 – 11:00

  Download Presentation

Paul Phillips, CISA, CISM, MBA
Technical Research Manager
ISACA

Businesses are grappling with cybercrime. Attacks are on the rise and becoming more and more sophisticated and resulting substantial financial losses as well as damaged reputations. Therefore, organizations need to realize this is not an IT issue, but rather an enterprise-wide issue. This presentation will cover the essentials of a fully-functional information security program and where cybersecurity fits in and how the security team must connect with the business units, senior management, and the board of directors.


234–Proactive Cybersecurity Response Case Study

Tuesday, 29 May | 11:15 – 12:15

  Download Presentation

Additional ISACA Resources

Robert StroudRobert Stroud, CGEIT, CRISC
Chief Product Officer
XebiaLabs
ISACA Board of Directors

This session will use real examples to outline how to adapt their incident response plans & playbooks, embrace new technologies & automation and proactively assess their security controls in order to successfully defend modern cybersecurity attacks.

After completing this session, you will be able to:

  • Leverage experiences of a multinational organisation to improve your incident response processes. These will include several attack examples, how they were defended, and outline lessons learnt
  • Use the information shown improve your incident response plan, we will show through technical attacks experienced how we improved our incident response plans and playbooks
  • Demonstrate through examples how to proactively assess your security controls through the use of automated cyber simulation platforms and security models (mitre att&ck)
  • Use practical experiences of emerging technologies such as robotic process automation, cyber simulation and machine learning to see how these can be incorporated into your security architecture.

244–Understanding Deep & Dark Web

Tuesday, 29 May | 13:30 – 14:30

  Download Presentation

Claudio Cilli, CISA, CISM, CGEIT, CRISC
University of Rome
 

Dark web is a mysterious world who attracts everyone. The presentation if focused to show the dangers coming from the dark web and how to prevent users from accessing it without affecting normal operations, with techniques and practical examples.

After completing this session, you will be able to:

  • Understand what is behind the normal web navigation
  • Understand the TOR network operation, anonymity and hidden services
  • Have a knowledge of deep & dark web, difference and content
  • Prevent internet misuse and avoid employee surfing dark web using company assets

254–Cybersecurity & Payments in The Netherlands

Tuesday, 29 May | 14:45 – 15:45

  Download Presentation

Marco Doeland, CISM
Manager Risk Management
Betaalvereniging

Learn how the Dutch successfully decreased electronic fraud on payments from 80 Million to 10 Million in the last five years. Combining technical measures, collaboration and creating awareness for the Dutch consumers.

After completing this session, you will be able to:

  • Understand why information sharing and collaboration is a prerequisite in order to fight cybercrime
  • Understand which technical measures are successful in fighting fraud
  • Recognise the importance of creating security awareness for consumers
  • Have more knowledge about cybersecurity and payments, in particular related to the game changer PSD2

264–Advanced Vulnerability Remediation

Tuesday, 29 May | 16:15 – 17:15

  Download Presentation

Additional ISACA Resources

Andrew Scott, CISM
Assurance Lead - Scotland
Context IS

When the number of systems and vulnerabilities on an estate start mounting up counting the vulnerabilities and tracking them in a governance forum is no longer enough, you need advanced remediation strategies to deal with the volumes.

After completing this session, you will be able to:

  • Work out key vulnerabilities on their estate to prioritise volume and risk basis
  • Understand how to turn remediation from a per system problem to an organisational opportunity
  • Design organisation wide remediation tactics, processes and technology
  • Apply these to make step changes in the security posture of their organisations

314–Cyber-Surveillance: Defending Our Privacy

Wednesday, 30 May | 8:30 – 9:30

  Download Presentation

Additional ISACA Resources

Claudio Cilli, CISA, CISM, CGEIT, CRISC
University of Rome
 

We live in the new information warfare era, and personal privacy and data are hard to protect, keeping a proper behavior not only when on-line, but mainly in the day-by-day life, with best practices, tools and techniques.

After completing this session, you will be able to:

  • Develop Skills for Cyber Safety and How to keep a low-profile in every circumstance
  • Ensuring on-line anonymity and Navigate Social Networking Sites
  • Understand Instant Messaging Code and how to use a virtual private network
  • How to care your passwords techniques for improving login security (e.g. two-factors authentication, etc.)

324–The Path to Self Securing Software

Wednesday, 30 May | 9:45 – 10:45

  Download Presentation

Gary Robinson
Founder, Uleska
Uleska

This talk covers exciting new research, moving application security from a reactionary to a proactive discipline. We present a methodology whereby teams can automatically secure their software, and monitor its security compliance on a daily basis.

After completing this session, you will be able to:

  • Understand the nature of the research conducted on the delays and costs of application security. We will show insights into the industry research we have conducted across the UK & Ireland
  • Learn of existing technologies that facilitate proactive application security. Dr. Yan Haung from the UK Center for Information Security Technologies will discuss open-source tools in this area
  • Walk through new methodologies to conduct automated computer audits via source code analysis, directly comparing the source code against industry standards (e.g. PCI DSS, ISO 27001, etc.)
  • Look to the future. Based on research and development so far, the audience will walk through potential for future advancements, providing near real-time audit information on developing software

 

Return to Event Page >>

 

Track 5—Security/Cyber Security - Advanced

115–Payment Security (PSD2)

Monday, 28 May | 10:30 – 11:30

  Download Presentation

Jorke Kamstra, CISA
Inspector
National Bank of Belgium

Bank heists used to be cowboys using guns until 25 years ago when electronic payments were invented. In 2017 the modern bank heist consists of a hacker remotely taking over a PC. What can we do to protect people's money today?

After completing this session, you will be able to:

  • Explain the major risks of electronic banking
  • Explain the reason why we should care about public trust in electronic money
  • Make the link between cyber security frameworks (NIST), assurance frameworks (COBIT) and prudential banking regulation
  • Explain why we need innovation in payment security

125–Security Governance Framework

Monday, 28 May | 12:00 – 13:00

  Download Presentation

Additional ISACA Resources

Andrej Volchkov
Consultant
Stramizos

Security controls can be modeled as a Three Layer Control Framework: Strategic, Tactical and Operational. Presentation of the framework and building blocks with associated method for self-assessment and toolset for CISOs and decision makers.

After completing this session, you will be able to:

  • Better understand and visually represent the main security governance and management activities. Be able to "ask right questions" about security
  • Use a simple model to do a review or a self-assessment of the security governance and management
  • Use the appropriate tool in each of the building blocks of security governance and management. Initiate discussion on the adequacy of the security in the company
  • Better evaluate and communicate on the security posture in the company at all levels

135–Red Teaming – Common Findings and Solutions

Monday, 28 May | 14:15 – 15:30

  Download Presentation

Andrew Scott, CISM
Assurance Lead - Scotland
Context IS

Hear from one of the organisations who helped define red team testing in the UK what Red Teaming is, why it is valuable to an organisation, how to do it well and some of our most common findings from these engagements.

After completing this session, you will be able to:

  • Articulate what a red team exercise is and what it should involve
  • Maximise the value of running a red team exercise for their organisation
  • Describe why it gives more value to an organisation than just penetration testing
  • Describe common findings identified during Red Team Engagements based on a review of over 100 engagements. Understand ways to address these findings in their organisation

145–5 Elements To Secure Machine Learning Within Audit

Monday, 28 May | 16:00 – 17:00

  Download Presentation

2017 Top-Rated SpeakerAlexander Ruehle, CISA
CEO and Co-Founder
Zapliance GmbH

Digital transformation disrupts the Audit function dramatically. The future of audit will be determined by collecting and transferring audit intelligence into automated audit procedures. This session introduces the machine learning use case of the “collective audit intelligence” and discusses 5 elements on how to secure data and knowledge in this scenario.

After completing this session, you will be able to:

  • Identify the potential of a collective audit intelligence and understand why machine learning will transform the audit function
  • Evaluate general risks of machine learning
  • Evaluate security aspects in the data setup behind machine learning in audit
  • Transform security aspects of the discussed use case to their own machine learning scenario

215–How to Optimise Your Security Penetration Testing

Tuesday, 29 May | 8:30 – 9:30

  Download Presentation

Richard HollisRichard Hollis, CISM, CRISC
CEO
Risk Factory Ltd.

A detailed session with step by step recommendations for maximising the return on your organisation’s security penetration testing investment.

After completing this session, you will be able to:

  • Select the right testing approach
  • Determine the correct scope
  • Agree the appropriate methodology
  • Identify the required metrics
  • Get a report that provides meaning to the business

225–Stop Cyber-Attacks in Your SAP Landscape

Tuesday, 29 May | 10:00 – 11:00

  Download Presentation

Mohammed Sharfuddin
Security / GRC Consultant
King Abdullah University of Science & Technology

 

 

Mohammed Mubashiruddin Quraish
Senior Application Analyst (SAP Basic)
Qatargas Operating Company Limited

 

 

Know what is Cyber Security and how different it is from Information Security. Learn the architecture of SAP & understand the difficulties in securing SAP applications, and also learn how weakness can be exploited by APT for a complete system loss.

After completing this session, you will be able to:

  • Defining Cyber security & learn the various cyber-attacks & their evolution
  • Learning the architecture and the different platforms of SAP and the difficulty in securing from Cyber attacks
  • Establishing a successful Cyber security programme for an enterprise
  • Technology solutions to secure various SAP platforms & an example of a Cyber Incident

235–Secure Application Development & Deployment

Tuesday, 29 May | 11:15 – 12:15

  Download Presentation

Additional ISACA Resources

Luc Pelfini, CISA, CISM, CRISC
Vice Director
BDO AG

In this session we go through the Software Development Lifecycle to explore key controls for secure application development and deployment. Additionally we discuss the foundation for secure application development, independent from one specific project/application.

After completing this session, you will be able to:

  • Know sources to find frequent vulnerabilities in applications and common threats
  • Understand the challenge to develop/deploy secure applications
  • Explain the influence from the (IT) environment to application security
  • Understand how to assess (CISA) respectively foster (CISM) security in business application development
  • List a number of valuable approaches (and sources) supporting secure application development

245–Auditing Machine Identity Protection

Tuesday, 29 May | 13:30 – 14:30

  Download Presentation

Kevin Bocek
Vice President, Security Strategy & Threat Intelligence
Venafi

We spend billions each year on securing human identities (usernames/passwords/etc.), but almost nothing on securing machine identities. With a 5-stage maturity roadmap for machine identity protection, auditors can highlight risks of staying unsecure.

After completing this session, you will be able to:

  • Understand machine identity protection and how it compares to human identity protection on the internet and networks
  • Use a 5-stage assessment to establish the maturity of each organisation on machine identity protection
  • Deliver audit findings for each of the 5 stages to provide a concrete path for audited organisations to improve their security and progress on the machine identity protection maturity roadmap
  • Know the risks of misuse of machine identities and the specific risks that are still prevalent at each machine identity protection stage (as well as the risks that are mitigated at each stage)

255–See What a Hacker Sees. Translate Cybersecurity Findings into Compliance Risks

Tuesday, 29 May | 14:45 – 15:45

  Download Presentation

Fouad Khalil
Head of Compliance
SecurityScorecard

This session will focus on cybersecurity threats that organizations across all industries face every day. Cyber-risks lead to compliance risks, and organizations must be able to address these risks to meet regulatory and compliance requirements.

State legislations, federal mandates, and globally-impacting regulations require us to remain diligent in the fight against cyber-crime and to protect our critical assets and information.

There are varying approaches to ensure we address these compliance risks. During this session we will cover high cyber-risks can impact multiple regulations and standards, and we will identify best practice remediation steps and control implementations to make our environments more secure.

After completing this session, you will be able to:

  • Identify top priority cyber-risks and how they result in compliance risks
  • Map compliance risks to key controls across multiple frameworks
  • Walk through best practice compliance risk remediation steps

265–Data Lives 24 Hours A Day.... Do You?

Tuesday, 29 May | 16:15 – 17:15

  Download Presentation

Additional ISACA Resources

Asim Fareeduddin, CISA, CISM
VP, Regulatory Controls & IT Security Assurance
RELX Group

Data cannot be protected if the one does not know which information is critical or where it resides. This case study will share real life strategies and advice on how to gain visibility, identify & manage critical data assets in your organisation.

After completing this session, you will be able to:

  • Create a comprehensive data inventory and appropriately classify the data based on risk
  • Apply specific controls to the classified data based on conducting a risk assessment
  • "Sell" the concept of data classification and prioritization to various stakeholders including the c-suite, board & senior management
  • Select a control framework that fits their organisation in order to appropriately safeguard their data

315–SSH Keys—Lowest Cost, Highest Risk Tool

Wednesday, 30 May | 8:30 – 9:30

  Download Presentation

Additional ISACA Resources

2017 Top-Rated SpeakerMike Dodson
VP WW Customer Security Strategy & Solutions
Venafi

All enterprises rely on SSH to authenticate privileged users and establish trusted access to critical systems. But, the SSH keys are often left unprotected and inadequately audited. Hear common mistakes on security, policy, and auditing practices.

After completing this session, you will be able to:

  • Learn how SSH keys provide the ideal mechanism for cyber criminals to gain unauthorised privileged access and pivot through a network environment, and how to control it
  • See why PAM solutions don’t protect against all SSH key risks
  • Learn the common pitfalls in SSH key management made by nearly every organisation
  • Develop a plan to audit for best practices in SSH key management

325–A Framework for Choosing An ISMS

Wednesday, 30 May | 9:45 – 10:45

  Download Presentation

2017 Top-Rated SpeakerSteve Mair, CISM
Sr Cyber Security Consultant
PGI Cyber

There are several different security management systems in use, but how do you know which is the right one for your business? Here we’ll look at practical guidance on how to choose the most appropriate models and systems for your organisation.

After completing this session, you will be able to:

  • Identify some of the more common security models and understand how they should change in the future
  • Identify some of the common security management systems in use today, and the key differences between them
  • Determine business requirements and map those on to security management systems
  • Decide which security management systems are most appropriate for their organisation

 

Return to Event Page >>

 

Spotlight Educational Sessions

SES1–How to Protect Your Crown Jewels (And Your Intellectual Property)

Monday, 28 May | 17:15 – 17:45

Harry Zorn
VP Sales
Accellion

Harry Zorn, VP Sales at Accellion, will talk about how the Accellion platform enables organizations to securely share sensitive information beyond enterprise borders while maintaining the controls and visibility needed to demonstrate compliance.

After completing this session, you will be able to:

  • Privacy, Protection and Peace of Mind for Sharing Enterprise Information
  • How Accellion Helps You Secure and Govern File Sharing
  • Accellion CISO Dashboard: External File Sharing Compliance
  • One-Click Compliance Reports Help CISOs Quickly Prove Full Visibility and Control of Sensitive Information for Compliance with GDPR, HIPAA, GLBA, ITAR and other Regulations

SES2–GDPR: How to Establish a Strong Defensible Position

Monday, 28 May | 17:15 – 17:45

  Download Presentation

Phil Shomura
Senior Product Manager
ACL

With the May deadline fast approaching the debate around GDPR has changed from one of understanding the new regulatory obligations towards creating a program that will first achieve and then maintain compliance. A defensible GDPR position requires proving to regulators that the material policies, controls and systems are in place and continually evaluated; a sustainable program should achieve this with the minimum disruption to business activities. Explore how the adoption of a data-driven compliance approach can help support complex organisations with the assessment and implementation of the framework and provide vital ongoing operational assurance over the myriad in-scope processes and obligations.

Learn how to create a defensible position by:

  • Leveraging technology solutions that will allow you to automate herculean tasks
  • Establishing a solid strategy, strong controls, and effective procedures
  • Creating continuous-improvement loops to regularly update the organization’s compliance efforts and help develop industry gold standards
  • Securing executive endorsements and engaging cross-functional teams, including IT, legal, operations, and business lines

SES7–Security Ratings: A Mission Critical Tool for Vendor Risk Management

Tuesday, 29 May | 17:30 – 18:00

  Download Presentation

Fouad Khalil
Head of Compliance
SecurityScorecard

Third parties are proliferating and becoming more critical to how we conduct business today. It is reported that the majority of security compromises involved a third party that introduced the security deficiencies that were exploited. There is also a growing risk of non-compliance with privacy laws and regulations given the need to share protected information with our partners and vendors. Gartner has reported that security ratings are becoming as critical as credit ratings as we evaluate the risks associated with our third parties and have become a critical component of vendor risk management processes.

After completing this session, you will be able to:

  • Learn more about why vendor risk monitoring and scoring is critical
  • Identify steps necessary to bring vendor risk scores to an acceptable level
  • Walk through vendor scoring examples and industry use cases

SES8–Risk Management in Practice: RSA Archer Customer Case Study

Tuesday, 29 May | 17:30 – 18:00

Gennaro Scalo
Director
RSA Archer EMEA

During this session you will hear how customers are leveraging the RSA Archer Suite platform to address risk management challenges. The discussions will focus on how combining the depth and breadth of the RSA Archer Suite platform with its unique adaptability, have led to successful deployments and created a long term strategic vision for the program. This real world case study will include special content and insights from a key RSA Archer Suite customer along with examples of this deployment.

After completing this session, you will be able to:

  • Understand real life examples of successful risk management programs can be implemented.
  • Hear about pitfalls to avoid and how to ensure your organization can deliver excellent results in its own approach.
  • Learn ways to maximize success and optimize your programs.

Return to Event Page >>

 

Workshops

WS1–COBIT 5 Foundation

Saturday, 26 May | 9:00 – 17:00
Sunday, 27 May | 9:00 – 17:00

Bruno Horta SoaresBruno Horta Soares, CISA, CGEIT, CRISC
Founder & Senior Advisor
GOVaaS - Governance Advisors, as-a-Service

Learn the importance of an effective framework to enable business value. Delve into the elements of ISACA’s evolutionary framework to understand how COBIT 5 covers the business end-to-end and helps you effectively govern and manage enterprise IT. Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach.

  • Earn the COBIT 5 Foundation Certificate! Attendees can take the Foundation Exam Monday, 28 May 2018 for an additional US $150!

WS2–Cybersecurity Fundamentals

Saturday, 26 May | 9:00 – 17:00
Sunday, 27 May | 9:00 – 17:00

Richard HollisRichard Hollis, CISM, CRISC
CEO
Risk Factory Ltd.

Why become a cyber security professional? The protection of information is a critical function for all enterprises. Cyber security is a growing and rapidly changing field, and it is crucial that the central concepts that frame and define this increasingly pervasive field are understood by professionals who are involved and concerned with the security implications of Information Technologies (IT). The CSX Fundamentals workshop is designed for this purpose, as well as to provide insight into the importance of cyber security, and the integral role of cyber security professionals. This workshop will also prepare learners for the CSX Fundamentals Exam.


WS3–Cybersecurity for Auditors

Sunday, 27 May | 9:00 – 17:00

Vilius BenetisVilius Benetis, CISA, CRISC
Cybersecurity Professional, CEO
NRD CS

Cyber security focus is a requirement for any organization today, but how can a company know and understand what their cyber security posture is? A strong cyber security audit program with qualified, capable auditors and a robust work program or standard is a must. During this workshop, we will dig into the details of cyber security audit. We will evaluate the ISACA NIST Cybersecurity Framework Audit Work Program as well as various cyber security frameworks and tools including the NIST Cybersecurity Framework and the FFIEC Cybersecurity Assessment Tool.


WS4–GDPR: Maintaining Focus on Data Protection & Privacy Beyond May 2018

Sunday, 27 May | 9:00 – 17:00

Tim ClementsTim Clements, CGEIT, CRISC, FBCS CITP, FIP, CIPP/E, CIPT, CIPM
Privacy Program Manager
Mitigate, Denmark

GDPR becomes enforceable on 25 May 2018. Organisations must ensure there is continued focus on data protection beyond May 2018 and not just from a GDPR perspective. A robust operational lifecycle and governance framework is a pre-requisite for ensuring ongoing compliance with applicable legislation.

This interactive workshop will use a case study and involve working in groups to generate specific products/deliverables. Participants will benefit from sharing experiences and learning points not just from the instructor but also from each other.

After completing this workshop, participants will be able:

  • Articulate the competences, responsibilities and organisational structures needed to support the governance framework
  • Ensure their organisations' strategy for Data Protection is in place and relevant
  • Describe the key elements of the Operational Lifecycle and how to establish them
  • Know how to integrate ISO 27001 with other relevant standards and ensure their organisations’ privacy control framework is fit for purpose

 

Return to Event Page >>

 

Innovation Sessions

IN1–Is the GDPR a Bitter Pill, or an Opportunity for Remedy?

Sponsored by Redgate Software

Monday, 28 May | 11:35 – 11:55

James Murtagh
Product Marketing Manager
Redgate Software

The General Data Protection Regulation (GDPR) is the latest law to put a spotlight on personal information. Driven by the impending May 25 enforcement day, the whole subject of how data is collected, stored and processed has moved from the backroom to the boardroom. But here’s a thought: could it be good for organizations and companies rather than an unwelcome diversion? In this session you’ll learn about the requirements the GDPR places on database teams, and why the regulation should be embraced by all, not just those aiming to avoid a fine.

After completing this session, you will be able to:

  • The requirements of the GDPR on SQL Server database teams
  • Best practices for database development that align to the GDPR
  • Suggestions for creating a defensible position for your database team

IN2–Achievable Cross-Platform SOD Analysis for Financial Systems

Sponsored by Fastpath

Monday, 28 May | 13:15 – 13:35

Mark Polino
Director of Client Services
Fastpath

When you have multiple systems in scope for your audit, you run the risk of creating false positives for separation of duties (SOD) violations, or worse, not knowing of potential fraud issues because you don’t have visibility across your systems. Luckily, it doesn’t have to be that hard.

Attend this session to learn:

  • Best practices for cross-platform SOD analysis
  • How to minimize audit prep time
  • Ways to simplify your SOD audits
  • Tips for eliminating false posit

IN3–Manage Your Compliancy with a Complete and Integrated Solution

Sponsored by Voquals N.V.

Monday, 28 May | 13:45 – 14:05

Greet Volders
Managing Consultant & C.E.O.
Voquals N.V.

Our solution is a platform and reference model, which combines the rich content of COBIT 5 with different compliancy standard and frameworks. With this “quickstart” we offer each organization a starting point to develop your IT-related processes:

  • With all 37 COBIT 5 processes embedded
  • RACI tables, and integrating IT and process related goals
  • References to several ISO-standards, and other control frameworks, with an easy-to-explore reporting facility.

Come and find out how this solution can help your organization to achieve a higher level of IT maturity, and how this can be used to become compliant with your external requirements (e.g. GDPR, ISAE, SOX, ISO, … ).

After completing this session, you will be able to:

  • Map different ISO-standards to your (COBIT 5) processes
  • Develop a system for managing all your compliancy needs, in an easy to use tool
  • Develop your own IT-related processes, based on a complete, pragmatic and practical set of pre-defined processes
  • Prepare your organization for any type of audit or assessment, without a lot of preparation for each audit.


Return to Event Page >>

 

Keynotes

2018 Opening Keynote Address

Risk & Decision Making

Monday, 28 May | 8:30 – 10:00

Caspar BerryCaspar Berry
Motivational business speaker specialising in risk, decision making, innovation and leadership.

While the subject of decision making is unimaginably vast and profound, the key message of this keynote is that all decisions are essentially investment decisions and that all of us as decision makers are essentially investors every moment of every day. Caspar will show attendees how the process of decision making is essentially the process of trying to maximise the returns they make on their investments. In life these might be better relationships and quality of life. In business it is all about efficiency, productivity, doing more with less and, in a literal sense, return on investment. In order to be great decision makers – or investors – we need to understand the brilliance, but also the limitations and flaws, of our innate judgement and decision-making mechanism. Most notable among these is our emotional fear of failure. It is this which very often stops us from taking opportunities with high overall returns and which must therefore be conquered.

Among his other claims to fame, opening keynote speaker Caspar Berry was one of the two poker advisors on the 2006 James Bond Movie, Casino Royale. Co-founder of Twenty First Century Media, former screenwriter and professional poker player, Caspar has become a renowned speaker to global corporations and a catalyst for embracing uncertainty and taking calculated risks in making game-winning decisions.


Leadership Brief

Living in a GDPR World

  Download Presentation

Theresa GrafenstineTheresa Grafenstine
Chair, ISACA Board of Directors

ISACA Chair Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CISSP, CPA, discusses the days-old General Data Protection Regulation and its global impact upon the digital marketplace and the international public policy community. The data-driven future has already arrived; the possibilities of what this data can do to improve our lives is unfolding across all industries. Learn the needs privacy and security by design through the lifecycles of the products, services and solutions that interact with data.

 


2018 Closing Keynote Address

The Big Data Revolution

Wednesday, 30 May | 11:15 – 12:30

View Mike's slides from his keynote presentation >>

Mike WalshMike Walsh
Futurist, Innovation and Technology Speaker and Authority on Emerging Markets. Iot Expert

There is a new war coming – over the future’s most valuable asset. Big Data, once just the domain of technology professionals, will soon be the number one issue for all business leaders. Consumers are producing more of it, marketers are starting to leverage it, and governments are seeking to control it – and most importantly, business leaders will be asked to make decisions based on it. The real Big Data revolution is not just about the amount of data that has to be processed, but a mindset change about how data gets used in the enterprise. With original research, practical evaluations of disruptive strategies and case studies from some of the world’s most innovative firms, Mike Walsh will give you the roadmap you need to set your Big Data strategy in place for the future.

For IT Leaders:

  • The new mindset required to integrate third party Cloud platforms and experiment with exotic Big Data technology platforms
  • Meeting the challenge of engaging business decision makers to commit to Big Data investments

For Senior Decision Makers:

  • Incorporating data into strategic decision making
  • Innovative approaches to data visualization as a tool for communicating trends and patterns
  • Relevant case studies of the ‘winners circle’ of companies who, today, are making the big bets on tomorrow’s Big Data platforms

Mike is the CEO of Tomorrow, a global consultancy on designing companies for the 21st century. He advises leaders on how to thrive in the current era of disruptive technological change. Mike’s clients include many of the global Fortune 500, and as a sought-after keynote speaker he regularly shares the stage with world leaders and business icons alike. Mike previously founded Jupiter Research in Australia, and has also held senior strategy roles at News Corporation in the Asia Pacific Region. Mike’s best-selling book ‘Futuretainment’, published by Phaidon was the winner of the design award by the Art Director’s Club in New York. Mike’s latest book is The Dictionary Of Dangerous Ideas. Each week he interviews provocative thinkers, innovators and troublemakers on his weekly podcast, ‘Between Worlds’. A true nomad, Mike travels over 300 days a year worldwide, researching trends, collecting innovation case studies and presenting on the future of business.


Leadership Brief

What Do You Call a City That’s Not Planning on a ‘Smart’ Future?

  Download Presentation

Robert StroudRobert Stroud
Past Chair of ISACA Board of Directors

ISACA Past Chair Robert Stroud, CGEIT, CRISC, explores what we know about the future of urban municipalities and the necessities for governments to embrace technology. As populations grow, how will we secure all this data, and how will we audit the cybersecurity efforts that keep this data secure? Sharing previews from ISACA’s 2018 Smart Cities survey results, learn strategies to ensure data is safe, secure, and aiding city leaders in improving the lives of their citizens.

 

Return to Event Page >>

 

Events

ISACA Awards and Networking Reception in the Innovation Exchange

Monday, 28 May | 17:00 – 18:30

Join us for this exciting opportunity to network with other IS/IT professionals and learn more about current and emerging solutions within the industry. Celebrate the incredible achievements of ISACA leaders and industry experts during the presentation of the 2018 ISACA Global Achievement Awards and Certification Top Scores. Enjoy complimentary hors d’oeuvres and beverages provided by ISACA as you network throughout this engaging event. Don’t miss this special attendee benefit!


SheLeadsTechSheLeadsTech Networking Breakfast

Tuesday, 29 May | 7:30 – 8:30

Join us at the SheLeadsTech Networking Breakfast. This is a great opportunity to meet other attendees at the conference and learn more about the SheLeadsTech program. Space is limited and badges will be required for admittance.

 

 



Pictured above is the Dundas House, located at 36 St Andrew Square, Edinburgh, Scotland. It is the Registered Office of the Royal Bank of Scotland

Experience the Nightlife in St. Andrew’s Square

Tuesday, 29 May | 18:00 – 21:00

Enjoy an opportunity to connect with conference attendees, explore Edinburgh and experience one of the nightlife hotspots, St. Andrew’s Square. Grab a bag of goodies as you depart the Convention Centre for the evening that will include an Edinburgh Rewards Passport, which includes a map of the city, contains discounts and offers with over 100 bars, cafes, and shops in the city and a specialty Scottish dessert. Shuttle buses will be running between the Leonardo and Mecure and the DoubleTree and Novotel hotels to/from St. Andrew’s Square between the time frame of 18:00 – 21:00.

Complimentary to all registered attendees and we ask that you register for the event online or in person upon picking up your badge on Sunday or Monday. Guests are welcome at a cost of US $25.

 

 


SheLeadsTechSheLeadsTech Half Day Seminar

Wednesday, 30 May | 12:30 – 17:30

Join us for the SheLeadsTech half day seminar following the EuroCACS conference. The seminar will focus on the three pillars of the SheLeadsTech program, Raising Awareness, Preparing to Lead, and Building a Global Alliance.

Melinda Matthews Clarkson
CEO
CodeClan

 

 

Gail Coury
CISO
Oracle Cloud

 

 

Anne Moises
CIO
Scottish Government

 

 

12:30 – 13:00   Registration and Lunch with Roundtable Discussions
13:00 – 14:00   Session 1: Melinda Matthews Clarkson: CEO, CodeClan
14:15 – 15:15   Session 2: Gail Coury: CISO, Oracle Cloud
15:30 – 16:30   Session 3: Anne Moises: CIO, Scottish Government
16:30 – 17:30   Reception with Networking


This event is complimentary. Registration is required.

Return to Event Page >>