Workshop 1: Governance of information security – COBIT5 for Security
Speaker: Gary Hardy, leader IT governance centre of excellence, risk advisory: Deloitte South Africa
Overview
COBIT 5 for Information Security offers guidance to help IT and security professionals like yourself to understand, utilise, implement and direct important information security-related activities.
Attend this workshop and you will be equipped to make more informed decisions while maintaining awareness about emerging technologies and the accompanying threats. Using COBIT 5 for Information Security can help enterprises of all sizes.
Learning objectives
 |
Governance and management challenges of information security |
|
Overview of governance concepts and King III |
|
Gary Hardy has 30 years’ experience in the IT industry and is recognised globally as a thought leader and expert in business and IT performance improvement.
Gary is a longstanding and past member of ISACA. He is one of the originators of the COBIT initiative in 1992, and a key member of ISACA’s COBIT development team for the past 19 years. He is a lead developer of COBIT5 and advisor to ISACA, and author of many of the ISACA products.
For the past 30 years, Gary has helped many private and public sector enterprises around the world implement improved IT governance and business performance. Together, they champion IT governance nationally, along with a team of highly skilled IT governance professionals across SA.
|
|
|
|
COBIT5 concepts, objectives and business benefits – a value-driven approach to information security |
|
The COBIT5 Process Model and focus on security guidance |
|
Aligning and prioritising a process improvement strategy based on enterprise objectives and inherent risks |
|
Other enablers – organisation structures, culture, skills, policies, services and information |
|
Decision-making – roles and responsibilities |
|
Initiating and implementing an improvement programme |
|
The importance of organisational change |
|
Monitoring security performance and driving business value |
|
Recommended action steps |
|
|
Workshop 2: Digital forensics
Speaker: Danny Myburgh, managing director, Cyanre
Overview
It is essential for organisations to be able to manage their business environment to ensure a more secure workplace. It is necessary to consider factors related to both physical security and digital security. This workshop will equip you to improve on your policies and procedures, identify possible weaknesses, and steps to improve the security and to have a solid understanding of digital forensics.
Learning objectives
|
Overview of cyber crime threats |
|
Practical knowledge of specific offences i.e. fraud and corruption |
|
Fraud prevention and fraud risk management |
|
Regulatory frameworks (including duties to report and pro-active prevention) |
|
 Danny Myburgh founded Cyanre in 2002, with the aim of establishing the company as a recognised and respected role-player in the IT forensic market.
Danny has successfully managed various investigations on organised crime syndicates involved in computer-related crimes, such as 419 scams, fraud syndicates, paedophiles, political activists, procurement fraud, corruption and money-laundering, among others. He also has experience in the investigation of transgressions of legislation and IT policies by employees, malicious code/program attacks on computer networks and hacking incidents.
Danny was trained in computer crime, Internet and hacking investigations by the FBI and the French Police. |
|
|
Specific investigative tools |
|
Criminal law and the application of the Criminal Procedure Act |
|
The law of evidence, recovery of the proceeds of crime |
|
The latest tools and techniques for both mobile and static |
|
Practical steps to take to be prepared for an incident |
|
The appropriate response to a security breach |
|
|
Workshop 3: Information Security Incident Response - A Survival Workshop
Speakers: Dan Crisp, Acting Chief Information Security Officer: Information Risk Management, BNY Mellon
Lynn Terwoerds, founding member, Cloud Security Alliance
Overview
This workshop will include a planned interactive exercise where you will respond to a major security incident and mobilise your organisation to respond. In a second exercise, you will detect an attack in progress and different groups will have slightly different controls in their environment. In all scenarios, the focus will not only be on incident response, but on the importance of defining an incident response lifecycle which incorporates PDCA (plan, do, check, act). Participants are expected to present their results at the end of the day.
Learning objectives
|
Learn how attackers and attack vectors have changed |
|
Understand the anatomy of an attack |
|
Find out what do to lessen an attackers free time by focusing on coordinating detective, preventative and reactive security controls |
|
 Dan Crisp has been the managing director of EMEA Information Risk Management at Bank of New York Mellon for two years. Prior to joining BNY Mellon, Crisp was chief operations officer for Information Security at Barclays in London. As a practitioner and in consultative roles, his risk management experience has spanned the retail financial services, custody banking and investment banking industry for over 20 years.
He has managed risk management teams supporting client relationship, transactional systems, process engineering, mergers and acquisitions, and strategic planning for financial institutions in Europe, Asia, Africa and North America. Crisp is a charter member of the Cloud Security Alliance metrics group, and has been recognised for his focus on developing predictive quantitative risk models that drive information security investment decisions.
|
|
 Lynn Terwoerds has more than 20 years’ experience in information systems, over half of which has been in information security. She has worked both as a practitioner and a vendor. She is head of risk and information security for Oracle’s Health Sciences Global Business Unit, and was formerly at Microsoft corporate headquarters, for 10 years, in security response, then critical infrastructure protection as a security strategist, and a director of software compliance.
Lynn was also was head of Security Architecture, Standards and Infrastructure Engineering for Barclays Bank. Her previous experience includes working as a solution integrator and consultant to large corporations. She is a founding member of the Cloud Security Alliance and chairs the cloud metrics working group. She holds a CISSP and MA from the University of Missouri-Columbia.
|
|
