Advertise on ITWeb         Sun, 11 Apr, 17:01:03 PM
AGENDA DAY 2 Register your seat now!
Conference Day 1 -
4 March
Conference Day 2 -
5 March
6 March
Wednesday, 5 March: Conference - Day 2
07h30 Arrival & Registration
Welcome & housekeeping
Paul Booth, an independent IT commentator
Paul Booth
Paul Booth
Developing a 360 degree view of risk and compliance
Michael Aminzade's presentation will give a comprehensive view of the risks companies face every day and provide relevant advice on how to minimise intrusions. He will cover:
Understanding your company's threat level
Identifying your weakest links
Managing the risk within your organisation
Assessing various solutions
Michael Aminzade, director: delivery - EMEA and APAC, TrustWave
Michael Aminzade
Michael Aminzade
Legal risks in relation to social media
With the ongoing increase in the use of social media platforms, the associated legal risks are also on the rise. This presentation will examine possible pitfalls and the relevant legal risks, as well as provide solutions and practical advice relating to:
Facebook defamation cases in SA
The risks of using Twitter
Employees bringing their employer into disrepute through online posts
Reputational harm
Dario Milo, Partner, Webber Wentzel
Dario Milo
Dario Milo
10h10 Tea Break
Practical privacy lessons from the USA
Using his more than a decade of experience in the USA as a chief privacy and information security officer for very large organisations, Russell Opland will present specific and practical recommendations for the implementation of a privacy programme from a governance, risk, and compliance perspective, including sources of strategic, operational, financial, regulatory, and reputational risk, and practical considerations for the governance of privacy.
Russell Opland, associate director: advisory, Ernst&Young
Russell Opland
Russell Opland
GRC fails if you forget your people - how to get your people to buy into your GRC initiative
How can an enterprise be risk-intelligent? Processes and systems are the fundamentals, but how well do these work if employees are not fully committed to governance and compliance? If governance and compliance are perceived as 'policing', people will always find a way to get around rules and regulations. And this makes it a daunting race between the GRC 'troops' and 'the rest'.
But, what happens when everyone in the organisation understands the real value of GRC initiatives? How can you make everyone in an enterprise work for GRC, because they truly understand the real benefits for the business? How can you create personal responsibility at every level to make the implementation of a GRC initiative a success story?
The talk will focus on how people behave in general and how they react when GRC is perceived as a regulation. It will use examples from companies and sports teams, highlighting success factors and 'not-to-do's'.
Axel Rittershaus, executive coach, The Executive Coach
Axel Rittershaus
Axel Rittershaus
Threats posed by hard copy data
In this session Duncan Waugh will address the following, unpacking the issues, sizing the problem and outlining solutions:
Is there a difference between digital data and hard copy data?
Which of the two are the easiest to access and why?
Who is affected?
What are organisations doing about protecting your personal information, their intellectual property rights and their reputations?
Duncan Waugh, founder and CEO of Document Security Solution Specialists and Trash Trackers
Duncan Waugh
Duncan Waugh
12h40 Lunch
Measuring the maturity of IT Governance using maturity assessments
IT governance assessments are often based on gap analysis principles and provide 'As Is' and 'To Be' views. Maturity assessments are more valuable than gap analysis based assessments as they provide greater insight into the actual status and capabilities of IT governance in an organisation. They are highly valuable in ensuring the performance, sustainability and continuous improvement of IT governance programmes if used over a period of time. This session will provide an overview of maturity models and approaches that can be followed to drive IT governance programmes and attain higher maturity levels.
John Cato and Dr Peter Tobin, partners, IACT Africa
John Cato
John Cato
Peter Tobin
Dr Peter Tobin
Cyber insurance – new fad or real business value?
Cyber-attacks coupled with regulatory changes are placing organisations under increased pressure. Cyber insurance is a weapon that can be used in an organisation's risk management armoury, but what is cyber insurance and how is it applicable in real world scenarios? Natalie van de Coolwijk will:
Define what cyber insurance is and the cover that such policies provide
Explain how compensation is structured and highlight the additional value the claims process adds to policyholders in terms of dealing with cyber incidents and breaches
Give an overview of the US market, where the cyber insurance offering is already mature
Provide real world case studies detailing claims and the reasons behind them
Natalie van de Coolwijk, managing director, CyGeist
Natalie van de Coolwijk
Natalie van de Coolwijk
15h00 Tea Break
The future of IT GRC
Technology is intertwined in nearly every aspect of business today, with IT fast becoming a primary driver of market differentiation, business growth, and profitability. Intelligent companies see digital as a strategic imperative—a tool of competitive intent. IT is becoming the business, and IT GRC is becoming GRC. Key questions the presentation will address include:
What technology trends will drive the digital business of the future?
How will these technology trends impact on IT GRC?
What is the future of IT GRC in a digital business?
Lee Naik, managing director, Accenture Technology Consulting
Lee Naik
Lee Naik
Case study: Adopting an integrated approach to Governance, Risk and Compliance (GRC) in a centralised, State Owned Company (SOC)
The centralisation of IT in a large, autonomous organisation, presents many challenges. While the key focus tends to be on addressing critical issues, the focus on GRC is often secondary. However, an integrated approach to GRC can be used to build a solid platform for moving forward with a centralised IT model and ensuring its sustainability.

Khathu Sibanda discusses the critical role that GRC played in IT centralisation and transformation. In her presentation, she explores:
Challenges experienced when a centralised IT operating model was adopted
How the GRC function assisted with managing these challenges (audit findings, priority 1 incidents, risk management, etc.)
How GRC assisted in taking the centralised model forward (structures, processes, quality management, self-assessments, continual improvement, etc.)
Khathu Sibanda, senior manager for information risk and compliance: Group IT, Eskom
Khathu Sibanda
Khathu Sibanda
16h50 Closing remarks
Conference Day 1 -
4 March
Conference Day 2 -
5 March
6 March


About our speakers
About our sponsors
View picture gallery
View the post-event video


Hard copy data poses serious security risk
13 Feb 2014
Max BlecherHard copy data can present a significant security threat, says Duncan Waugh, founder and CEO of Document Security Solution Specialists.

Cloud demands risk mindset change
5 Feb 2014
Max BlecherIntellectual property ownership, contractual divorce clauses and root password control are critical risk factors to consider as enterprises move into the cloud.

GRC buy-in needs right mindset
30 Jan 2014
Axel RittershausIf governance, risk and compliance (GRC) initiatives are perceived as 'policing', people will always find a way to get around rules and regulations.

Getting proactive with GRC
24 Jan 2014
Paul BoothTightening legislation and regulations, as well as an increase in security threats and the volume of data moving through and within the enterprise, are driving the need for a more proactive approach to governance, risk and compliance (GRC).

GRC event assists practitioners to deliver value
14 Jan 2014
Mike JarvisIT governance can bring real value to local organisations, if it is approached as a business driver rather than an exercise in 'ticking the boxes' when it comes to compliance.

Call for papers issued for GRC event
29 Nov 2013
Governance, risk and compliance (GRC) experts, industry analysts and practitioners have until 10 December to respond to the call for papers to present at the third annual ITWeb Governance, Risk and Compliance Conference.


Follow us on twitter and join the discussion at #ITWebGRC2014