Advertise on ITWeb         Tue, 26 Jan, 04:43:01 AM
WORKSHOPS New strategies and tactics: Lessons from the battlefield

Agenda: Day 1 - 7 May Agenda: Day 2 - 8 May Workshops: Day 3 - 9 May SANS Training: 9 & 10  May
Date: 9 May 2013
Time: 08h00 - 17h00
Venue: Sandton Sun Hotel

Be sure to diarise the date for our must-attend Security Summit workshops. As usual, our expert facilitators will guide delegates in practical, hands-on sessions on key areas of interest.

There are three workshops that will be offered, but please note that
seats are limited to 40 participants per workshop:
Workshop 1: Governance of information security
Workshop 2: Digital forensics
Workshop 3: Information Security incident response

Workshop 1: Governance of information security – COBIT5 for Security
Gary Hardy, leader IT governance centre of excellence, risk advisory: Deloitte South Africa


COBIT 5 for Information Security offers guidance to help IT and security professionals like yourself to understand, utilise, implement and direct important information security-related activities.

Attend this workshop and you will be equipped to make more informed decisions while maintaining awareness about emerging technologies and the accompanying threats. Using COBIT 5 for Information Security can help enterprises of all sizes.

Learning objectives

Governance and management challenges of information security
Overview of governance concepts and King III

Gary Hardy has 30 years’ experience in the IT industry and is recognised globally as a thought leader and expert in business and IT performance improvement.

Gary is a longstanding and past member of ISACA. He is one of the originators of the COBIT initiative in 1992, and a key member of ISACA’s COBIT development team for the past 19 years. He is a lead developer of COBIT5 and advisor to ISACA, and author of many of the ISACA products.

For the past 30 years, Gary has helped many private and public sector enterprises around the world implement improved IT governance and business performance. Together, they champion IT governance nationally, along with a team of highly skilled IT governance professionals across SA.

COBIT5 concepts, objectives and business benefits – a value-driven approach to information security
The COBIT5 Process Model and focus on security guidance
Aligning and prioritising a process improvement strategy based on enterprise objectives and inherent risks
Other enablers – organisation structures, culture, skills, policies, services and information
Decision-making – roles and responsibilities
Initiating and implementing an improvement programme
The importance of organisational change
Monitoring security performance and driving business value
Recommended action steps

Workshop 2: Digital forensics
Danny Myburgh, managing director, Cyanre


It is essential for organisations to be able to manage their business environment to ensure a more secure workplace. It is necessary to consider factors related to both physical security and digital security. This workshop will equip you to improve on your policies and procedures, identify possible weaknesses, and steps to improve the security and to have a solid understanding of digital forensics.

Learning objectives

Overview of cyber crime threats
Practical knowledge of specific offences i.e. fraud and corruption
Fraud prevention and fraud risk management
Regulatory frameworks (including duties to report and pro-active prevention)
Danny Myburgh founded Cyanre in 2002, with the aim of establishing the company as a recognised and respected role-player in the IT forensic market.

Danny has successfully managed various investigations on organised crime syndicates involved in computer-related crimes, such as 419 scams, fraud syndicates, paedophiles, political activists, procurement fraud, corruption and money-laundering, among others. He also has experience in the investigation of transgressions of legislation and IT policies by employees, malicious code/program attacks on computer networks and hacking incidents.

Danny was trained in computer crime, Internet and hacking investigations by the FBI and the French Police.
Specific investigative tools
Criminal law and the application of the Criminal Procedure Act
The law of evidence, recovery of the proceeds of crime
The latest tools and techniques for both mobile and static
Practical steps to take to be prepared for an incident
The appropriate response to a security breach

Workshop 3: Information Security Incident Response - A Survival Workshop
Speakers: Dan Crisp, Acting Chief Information Security Officer: Information Risk Management, BNY Mellon
Lynn Terwoerds, founding member, Cloud Security Alliance


This workshop will include a planned interactive exercise where you will respond to a major security incident and mobilise your organisation to respond. In a second exercise, you will detect an attack in progress and different groups will have slightly different controls in their environment. In all scenarios, the focus will not only be on incident response, but on the importance of defining an incident response lifecycle which incorporates PDCA (plan, do, check, act). Participants are expected to present their results at the end of the day.

Learning objectives

Learn how attackers and attack vectors have changed
Understand the anatomy of an attack
Find out what do to lessen an attackers free time by focusing on coordinating detective, preventative and reactive security controls
Dan Crisp has been the managing director of EMEA Information Risk Management at Bank of New York Mellon for two years. Prior to joining BNY Mellon, Crisp was chief operations officer for Information Security at Barclays in London. As a practitioner and in consultative roles, his risk management experience has spanned the retail financial services, custody banking and investment banking industry for over 20 years.

He has managed risk management teams supporting client relationship, transactional systems, process engineering, mergers and acquisitions, and strategic planning for financial institutions in Europe, Asia, Africa and North America. Crisp is a charter member of the Cloud Security Alliance metrics group, and has been recognised for his focus on developing predictive quantitative risk models that drive information security investment decisions.

Lynn Terwoerds has more than 20 years’ experience in information systems, over half of which has been in information security. She has worked both as a practitioner and a vendor. She is head of risk and information security for Oracle’s Health Sciences Global Business Unit, and was formerly at Microsoft corporate headquarters, for 10 years, in security response, then critical infrastructure protection as a security strategist, and a director of software compliance.

Lynn was also was head of Security Architecture, Standards and Infrastructure Engineering for Barclays Bank. Her previous experience includes working as a solution integrator and consultant to large corporations. She is a founding member of the Cloud Security Alliance and chairs the cloud metrics working group. She holds a CISSP and MA from the University of Missouri-Columbia.


Operators monitor for attacks
17 Apr 2013 – Distributed denial of service strikes can cause major traffic headaches for cellphone companies.
Desperately seeking cyber security skills
17 Apr 2013 – Skills training in SA is on par with international standards, but the country does not have enough experts to prevent cyber attacks, says UJ’s Basie von Solms.
Spending needed to thwart attacks
11 Apr 2013 – Most security issues can be contained to some extent, if companies are prepared to invest.
SA fails on forensic readiness
4 Apr 2013 – Forensic readiness is crucial to successful investigations and prosecutions, yet few South African firms are prepared, says Cyanre.
Cyber security risk cannot be eliminated
25 March 2013 – In the past two years, there has been remarkable development and spread in organised hacking of corporates, says expert.
IT-based fraud on the increase
25 March 2013 – The ease with which fraudsters can acquire tools needed to commit fraud and the explosion in data are contributing to the growth, says Paladion.
BYOD - no turning back
20 March 2013 – For most organisations, it's too late to stop BYOD, but it's not too late to manage it, says a security expert.
Formulating an attack-focused security plan
26 Feb 2013 – To successfully formulate an attack-focused plan, start with an assessment to find live attackers on the network, says MANDIANT.
Info security needs new focus
12 Feb 2013 – Information security has to shift beyond perimeter protection to understanding the attacker, says De Beers.
SA progresses in cyber crime fight
8 Feb 2013 – Moves are afoot to get SA’s cyber crime policing up to speed with the rest of the world, says ISG.
Understanding "bad guys" key in cyber warfare
6 Jan 2013 – Offence-oriented defence has become key in the battle against cyber crime, according to a security expert.
For the latest headlines visit our Security Summit news portal
in partnership with

in partnership with

in partnership with
in partnership with
in partnership with
in partnership with             
in partnership with



About our speakers
About our sponsors
View the post-event video
View picture gallery
Cyber Readiness Challenge


in partnership with
Established in 2009, Performanta specializes only in the discipline of Information Security. The company provides technology, services and consulting solutions allowing them to give customers an end to end information security service. Their focus on pragmatic solutions is reflected in their motto: Practical Trust Performanta.

Symantec protects the world’s information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world.

Unified security management key to rapid response
24 Apr 2013 - Visibility of the entire ecosystem, and immediate access to necessary information, is key to effectively managing information security, says McAfee.
Consolidation: a new infosec imperative
17 Apr 2013 – Addressing multiple security areas with a variety of solutions can result in weak points and areas being overlooked, says McAfee.
Security certificates 'an infosec weak spot'
12 Apr 2013 – Malware with embedded digital security certificates can easily penetrate enterprise systems, says Venafi.
For the latest headlines visit our Security Summit news portal
Workshop 9 May 2013
Workshop 1: Governance of information security
Workshop 2: Digital forensics
Workshop 3: BYOD security risks
Standard delegate fee R 2,720.00
Delegates who attended a previous ITWeb's Security Summit qualify for VIP status. Should you qualify please contact Maggie Pienaar on (011) 807-3294 for more details .
Workshop registration details
Workshop online registration

Follow us on twitter and tweet about your thoughts around this event, #itwebsec

Do you want to join other leading security vendors and firmly position your company, brand, products and services to a high-level business decision maker audience at southern Africa’s only business focused information security event?
Don’t miss out on the opportunity to capitalise on the valuable marketing opportunities ITWeb’s annual Security Summit offers and 
click here to learn about available sponsorship options or contact Debbie Visser, for a customised proposal designed to meet your objectives and budget.

Sensepost is an independent company that provides services in the Information Security Services area. Combining experience and knowledge, SensePost specialises in Information Security Consulting, Training, Security Assessment Services and IT Vulnerability Management.


Tweet about the ITWeb Security Summit