IT Governance, Assurance and Security Conference

Transcription

1 IT Governance, Assurance and Security Conference ISACA Malaysia & MNCC 14th Annual 16 &17 June 2015 Register Early to Avoid Disappointment FREE Tablet for each delegate ISACA 14 CPE Points IIA Malaysia 16 CPD Points Venue Aloft Kuala Lumpur Sentral Organised by : Supported by :

2 IT Governance Conference 2015 With the evolution of technology today the way people live and connect with one another has changed.the distinction between work and personalliveshasblurredwith the proliferation of personal devices as well as the ease of connecting with anyone or anything. The flip side of this evolution there will be concerns over privacy, cyber security and other similar issues. With the velocity of these incidents of breaches, organisations need to place more emphasis on governance, security and assurance. Our 14th edition of the IT Governance Conference will feature many esteemed speakers who will share their knowledge and experiences, as wellas leadingpractices, on their own subject matter expertise. Day 1 will feature plenary sessions on key digital age topics such as cloud governance, cyber security, privacy and information risk management topics. There will also be a panel discussion Cyber Security Crisis Management, and a debate session on 2 pertinent topics Internet ofthings vs. Privacy. 16 June :00-08:50 Registration and Networking Session 08:50-09:00 Chairperson s Opening Address 09:00-09:40 KEYNOTE ADDRESS Cloud Governance: How the Best Enterprises Accelerate their Journey to the Cloud In the classic book, Crossing the Chasm, Geoffrey Moore provided advice for Product Managers looking to cross the dreaded technology Adoption Lifecycle chasm. As it turns out, the Chasm metaphor is 100% relevant to enterprises looking to accelerate internal cloud adoption. In this keynote address, we will explore how internal Cloud Enablement Teams can use the best practices of Crossing the Chasm to accelerate and more effectively deliver their cloud change programs. Chris Hampartsoumian Technology Evangelist Amazon Web Services (AWS) 09:40-10:20 PLATINUM SPONSOR ADDRESS To be confirmed. 10:20-10:50 TEA BREAK / NETWORKING SESSION 10:50-11:30 PLENARY Meeting Cyber Security Challenges of a Globalised Digital Economy The country s on-going digital transformation should be more than merely IT governance and deployment of technology, but also be about the preparation of a nation to meet the cyber security challenges of a globalised digital economy. The advanced technology deployment for convenience versus security requires an in-depth understanding of cyber threats and impacts it has in organisations, which should be a consistent top board agenda. Dr Amirudin Bin Abdul Wahab Chief Executive Officer, CyberSecurity Malaysia 11:30-12:40 PANEL DISCUSSION Cyber Security Crisis Management Cyber security threats have resulted in disruption of services and sensitive information being stolen at a rate that was unfathomable just a few years ago. We can no longer treat breaches of this nature as merely technical issues, but to view it in a holistic manner. Cyber security crisis management can be your organisation s key to data breach security and survival. This panel discussion will touch, among others, why it is important, and how it can be implemented effectively in your organisation. Panel Chairperson: Jason Yuen Partner, Ernst & Young Advisory Services Sdn Bhd Chris Hampartsoumian Technology Evangelist, Amazon Web Services Dr Amirudin Bin Abdul Wahab Chief Executive Officer, CyberSecurity Malaysia Victor Lo Independent Security Specialist 12:40-14:00 LUNCH / NETWORKING SESSION 14:00-14:40 PLENARY Reimagining the Enterprise in the Digital Age Technological forces drive the change required to enable transformation of organisations. The challenge is how to harness these forces to implement solutions that will fit an organisation. Organisations can capitalise on today s top trends mobility, social, data and the cloud to bring about solutions that balance needs of a connected world and the enterprise. Very central to unleash the potential of a reimagined enterprise is to remove the friction to seamless collaboration and sharing, while respecting the boundaries of who have access to what. Dr Dzaharudin Mansor National Technology Officer, Microsoft Malaysia 14:40-15:20 PLENARYThe Human Side of Information Risk The increasing public focus on cyber across the world appears to have a very technology bias. Most large organisations have made significant investments in technology to manage the risks to their information.that investment has shifted the vulnerabilities from major technology failure events and increasingly we are seeing that failures are being driven by people failures. Often because of failures to provide sufficient training and awareness to people they do not know what to do! Mike Usher Director of Information Risk, Prudential Corporation Asia 15:20-15:50 TEA BREAK / NETWORKING SESSION 15:50-17:00 PANEL DEBATE Internet ofthings (IoT) vs. Privacy IoT describes the scenario in which objects live or inanimate are assigned unique identifiers, be connected and provided with the ability to transfer data over a network.this means literally all things can be connected. With such unbridled connectivity, there is bound to be concerns over data privacy and security. Our esteemed host will probe both proponents and moderate this live debate with the IoT proponent describing the advantages in embracing this concept and our advocate for Privacy will provide the voice of restraint, highlighting the concerns that must be addressed before the concept becomes reality. Debate Moderator: Nickson Choo Chair Membership Growth & Retention Committee, ISACA International DrSonnyZulhuda Assistant Professor, International IslamicUniversityMalaysia (IIUM) HasannudinSaidin Director, MultimediaDevelopment Corporation (MDeC) Programs are subjected to changes if there are any unforeseen circumstances.

3 Day 2 Master Classes are designed to provide delegates with practical management and technical sessions covering various key governance, security and assurance topics. Our facilitators are experienced individuals and groups who are subject matter experts in their own fields. These Master Classes will utilise mobile devices / tablets whether to view shared materials, to use for case studies, to facilitate to continue in following page 17 June Management Track Management Track 1 (MT1): Enterprise IT Governance With COBIT 5 (Part 1) 09:00-10:30 Tea Break 10:30-10:50 The COBIT 5 framework for the governance and management of enterprise IT has been developed using proven industry practices and global thought leadership from ISACA. It is thus an invaluable tool for assessing, planning and developing an optimisation and growth roadmap for an organisation's information technology strategy. COBIT 5 helps enterprises create optimal business value from IT by maintaining a balance between realising benefits while optimising risk levels and resource usage. After completing this session, you will be able to: Understand the business benefits of using COBIT 5 Understand the 5 key Principles of COBIT 5 for the governance and management of Enterprise IT Explore real-life topics related to the key principles and why they matter Dr Daniel Tan Chief Information Officer, Acer Malaysia Dr Daniel Tan is a founding member of the ISACA Malaysia Chapter s Special Interest Group (SIG 3) on IT Governance and COBIT 5 established to promote awareness and education to the IT Governance community on COBIT 5 from a practitioner s perspective. Management Track 2 (MT2): Enterprise IT Governance With COBIT 5 (Part 2) 10:50-12:20 Lunch 12:20-13:40 Effective implementation of COBIT 5 in the enterprise will result in improved business performance as well as compliance to external requirements, yet successful implementation remains elusive for many enterprises. Among the challenges of implementation include ensuring appropriate culture and behaviour, guiding principles and policies, organisational structures and well-defined governance and management processes. At the end of this session, delegates will: Discover how COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise. Explore and discuss some key implementation issues. Walkthrough a real-world case study on GEIT implementation. Dr Daniel Tan Chief Information Officer, Acer Malaysia Management Track 3 (MT3): Managing Cyber Security Winner or Loser 13:40-15:10 Tea Break 15:10-15:30 The complexity and dynamics of cyber security brings about an unprecedented opportunity to understand, realign and revamp IT security withinbusinessestocopeorovercometherapidlyevolvingglobalcyberthreat landscape. A toxic mix of nation states, hacktivists, organisations, criminals and individuals motivated to pursue relentlessly to steal intellectual property, business and trade secrets and financial wealth of people. This is a zero sum game where organisations and security professionals will either win or lose. This session will share fundamental concepts in cyber security followed by sharing governance and assurance framework in different aspects of cyber security. Delegates will be exposed to comparison on various technology solutions in the market space and provide key inputs to develop a holistic approach to cyber security that involves governance, people, policies, processes and technology. After completing this class, the delegates will be able to: Understand fundamentals of cyber security. Understand cyber security frameworks and governance. Be able to develop a holistic approach to assessing and managing cyber security initiatives within organisation. Be able to build an effective enterprise cyber security assurance and implementation program within organisations. Saurabh Sarawat Managing Director, Across Verticals Sdn Bhd Management Track 4 (MT4): Cyber Security Assurance 15:30-17:00 Like any information security processes, there should be an adequate and reasonable level of assurance for cyber security, which completes the security perspective when combined with governance and management processes. Cyber security assurance requires a comprehensive set of controls that covers risk as well as management processes. These controls are supported by appropriate metrics and indicators for security goals and factual security risk. This class will share the practical hands-on exercises in carrying out an audit or self-assessment review on cyber security controls and practices in a typical organisation. This assurance program will leverage on COBIT 5 framework and COBIT 5 for Information Security as a baseline. This master class aims to bring forth the following to the delegates: General understanding of cyber security assurance. Exposure to a cyber security assurance program, which is leveraging on COBIT 5 as a baseline. Facilitated experience in conducting an audit using this program on a simulated case study. Anthony Tai & Alan Yau ISACA Malaysia Chapter Anthony is a risk consulting partner with a big 4 firm and Alan is the Chief Technology Officer with Sysarmy Sdn Bhd. This class is prepared by these facilitators in collaboration with the ISACA Malaysia Chapter SIG 1 on Virtualisation, Mobile and Cyber Security. Lucky Draw and Closing Remark 17:00 17:20

4 from previous page demonstrations or to provide hands on experiences. The Management Tracks will concentrate more on governance and assurance aspects of key emerging risk areas, while the Technical Tracks will focus on technical and security areas. There are no pre-requisites required to join these Master Classes. 17 June Technical Track Technical Track 1 (TT1): Mobile Device Security 09:00-10:30 Tea Break 10:30-10:50 As more and more devices are having better specifications, some even capable enough to match the performances provided by some traditional desktops / workstations. it is no surprise that executives and organisations are already embracing the flexibility and innovation enabled by the mobility solution. However, there is always the element of security and risks that comes with most new technology. With that in mind, Bring Your Own Device (literally) to this session, as it aims to introduce to the audience on what are the security and potential vulnerabilities lurking around, the risks and challenges of Enterprise Mobility Management (EMM), and the trends and predictions within this area. This session will enable delegates to achieve the following understanding: Vulnerabilities and Attacks on mobile device. Challenges and Risks as well as Auditing of EMM Implementations. Trends & Predictions within the mobile industry. Eddie Hiu & Goh Ser Yoong ISACA Malaysia Chapter Special Interest Group (SIG 1) on Virtualisation, Mobile and Cyber Security Technical Track 2 (TT2): Cyber Security Issues In Core Banking Applications 10:50-12:20 Lunch 12:20-13:40 Technical Track 3 (TT3): Mobile Device Forensics (Part 1) 13:40-15:10 Tea Break 15:10-15:30 Mobile devices can be any digital device that has both internal memory and communication ability, which include mobile phones, tablets and GPS devices. By definition, Mobile Device Forensics is a branch of digital forensics relating to the recovery of digital evidence or data from a mobile device under forensically sound conditions. This is becoming more critical since the enormous use of mobile devices that may contain evidences that critical to the investigation. This session will share the fundamentals and common techniques in performing mobile device forensics. After completing this class, the delegates will be able to: Understand the fundamentals of Mobile Device Forensics. Appreciate the challenges in conducting Mobile Device Forensics. Shaharil Abdul Malek Director Risk Consulting, Deloitte Enterprise Risk Services Sdn Bhd Michelle Lee Senior Manager Risk Consulting, Deloitte Enterprise Risk Services Sdn. Bhd. Technical Track 4 (TT4): Mobile Device Forensics (Part 2) 15:30-17:00 Over the last decade cyber security has become an increasingly important issue in the banking sector. On an almost daily basis the media confronts us with stories of hacking, data breaches and new, critical security vulnerabilities found in toxic software products such as operating systems, content management systems, ERP-systems, access control systems etc). The aim of this master class is to remediate this shortage of information by providing an insight into the core banking applications and IT related issues. The key takeaways from this session are: How the asymmetry of the relationship between attackers and victimised organisations is changing and what are its implications for organisations? How the toxic software is increasing the risk of cyber-attacks? How the vulnerabilities in Application Security are putting the core banking system at risk and how to overcome it? How the lack of maturity of Application Security of Core Banking Systems increase risks and vulnerabilities for the banking systems. And finally remediation of risks in core banking applications. Florian Lukavsky Director, SEC Consult Singapore Free and open-source tools will be used to show how to perform evidence acquisition, data carving, information extraction and malware analysis. After completing this class, the delegates will be able to: Understand the functionality of tools generally used for Mobile Device Forensics. Perform basic forensic function using free and open-source tools such as Santoku-Linux. Shaharil Abdul Malek Director Risk Consulting, Deloitte Enterprise Risk Services Sdn Bhd Michelle Lee Senior Manager Risk Consulting, Deloitte Enterprise Risk Services Sdn. Bhd. Lucky Draw and Closing Remark 17:00 17:20 WHO SHOULD ATTEND? This Conference has been structured with both management and technical professionals in mind and will appeal to: Chief Executive Officers Chief Information / Technology Officers IT Governance Professionals Information Security Professionals Auditors, Compliance and Assurance Professionals IT Auditors IT Consultants and Practitioners Risk Management Professionals Business Managers

5 Speakers & Panelists Mr. Chris Hampartsoumian Technology Evangelist, Amazon Web Services (AWS) ChrisHampartsoumianispresenting theaws visionforcloud computingandthetransformationaleffect thisishavingonbusiness aswe know it. Prior to joining Amazon, Chris has been working in the technology sector of companies in his home city of London including Sun Microsystems, Barclays Capital and the publisher of The Times & The Sun Newspaper, News UK. He has spent the past six years working with broadcasters & operators in the evolving video OTT space including suppliers to BBC, ITV & Channel 4 in the UK, 2 years in Sydney Australia with FOXTEL and a further two years based in Singapore, where he had been working on the Astro-on-the-Go OTT service (via Irdeto) and also projects for Celcom also in Malaysia. Dr. Amirudin Abdul Wahab Chief Executive Officer, CyberSecurity Malaysia Dr.Amirudinhasmorethan20yearsofICTworkingexperiences inthetelecomanditsectorinthepublicandprivatesectors. Heiscurrently thechairman of World Trustmark Alliance (WTA) and also served as a member in the National Committee Member of e-sovereignty Committee chaired by the Deputy Prime Minister of Malaysia, the National Chairman of the Industry Standards Committee on Information Technology, Communications and Multimedia (ISC G), and Chairman of Impartial Committee for Malaysian Software Testing Board (MTSB). He is also an OIC Task Force Member on ICT and Cyber Security. Mr. Jason Yuen CISA, CISSP Partner, Ernst & Young Advisory Services Sdn Bhd Jason has over 17 years of experience in Information Security, Governance and Controls as well as extensive experience in leading engagements and serving clients in the area of Information Security including Security Strategy, Security Metrics and Measurement, Penetration Testing, IT Audits, ISO27001 reviews, Incident Management and Response, Managed Security Services, Business Continuity Planning and other areas Mr. Victor Lo Independent Security Specialist Victor Lo is an experienced professional with more than 15 years of information security and risk consulting experience in both enterprise security solutionsframeworkandthreatmanagementservices. Hisexperiences includesarchitecture,designandconfigurationoftechnologyenvironment using various enterprise security approaches, and is a frequent speaker on topics such as cyber-attacks and Advance Persistent Threats (APT). Dr Dzaharudin Mansor National Technology Officer, Microsoft Malaysia Dr Dzahar joined Microsoft in 2005 and has more than 27 years of professional experience in ICT and telecommunications in senior leadership, engineering as well as academic roles. In 2010, he led the Business Services Economic Transformation Program (ETP) Labs. He also holds or has held several associate positions at Universities, PIKOM, MIGHT and others. Mr. Mike Usher Director, Information Risk for Prudential Corporation Asia Mike is an Information Risk professional with over 30 years experience and has been based in Malaysia for the last 10 years. He specializes in the practical implementation of Corporate approaches to the delivery of information risk policy, practices, technology and infrastructure and delivering worldwide corporate governance practices and policies. Mr. Nickson Choo CISA, CRISC, CFE, CA Chair - Membership Growth & Retention Committee, ISACA International Nickson has over 18 years of corporate and professional experience. His other diverse professional experience includes performing operational audits, information technology (IT) audits, corporate governance advisory, operational risk and controls reviews, fraud investigations and business process improvement reviews of public-listed and multinational companies operating in various industries. Nickson is a former President of the ISACA Malaysia Chapter, a Governor in the IIA Malaysia s Board, and a member of Malaysian Institute of Accountants (MIA) and the Association of Certified Fraud Examiners. Dr. Sonny Zulhuda Asst. Professor, Civil Law Department, Faculty of Laws, International Islamic University Malaysia (IIUM) DR. Sonny specializes on information governance, IT law and personal data protection (PDP). He has more than 200 speaking hours on PDP-related events throughout the last five years. He is a Web-science Summer Doctoral scholar from the University Of Oxford, UK, and a two-time Fellow of the USbased Internet Corporation for Assigned Names and Numbers (ICANN). En. Hasannudin Saidin Director, Internet of Things, Multimedia Development Corporation He has had over 30 year s industry experience in fields of ICT and innovation. Prior to this, Hasannudin spent most of his career in a large ICT multinational company, then led a startup company specialising in innovation consulting, and most recently served in a large local ICT company. His key interest is in open innovation and collaboration. He is Vice President of MNCC (Malaysian National Computer Confederation). He holds an MBA from University of Wales.

6 Management Track Dr. Daniel Tan Chief Information Officer, Acer Malaysia Speakers In a career spanning more than two decades, Dr. Daniel Tan has been involved in and led various enterprise I.S. initiatives in the domains of infrastructure, enterprise resource planning, business intelligence, electronic commerce and information security management. As a scholar-practitioner, his scholarly research interests include information systems management, IT outsourcing, employee motivation, organization behavior and topics in I.S. project management and information security management. Mr. Saurabh Sarawat Managing Director, Across Verticals Sdn. Bhd. Saurabh leads the Cyber consultingpractice of the company in the Asia-Pacific region and hasover 18 years experience working with Big-4 consulting firms and various multinationals in Banking, Insurance, Financial Services, Telecommunications, Critical National Infrastructure, Government, Oil and Gas and Pharmaceuticals sectors in Australasia region. Mr. Anthony Tai CISA, CISSA, CPA Director, ISACA Malaysia Anthony is an enterprise risk services partner with a big 4 professional services firm with more than 15 years of experiences in providing assurance services in financial, technology, security and operational areas. He manages and leads teams in providing technology risk consulting services including security assessment, penetration testing and vulnerability assessment, IT audit, IT risk assessment, and risks and controls reviews for clients in all types of industries. Mr. Alan Yau CISM, CGEIT, CRISC, CISSP, MCSA, ENSA Chief Technical Officer, Sysarmy Sdn. Bhd. Alan has over 15 years of experience in Information Security, Governance and Controls. His experiences include managing Security Operation Centres and performing reviews such as cyber security infrastructure review, penetration testing, IT audits, ISO27001 reviews and PCI DSS audit, as well as provided security incident and management response services. Technical Track En. Shaharil Abdul Malek Director, Risk Consulting, Deloitte Enterprise Risk Services Sdn. Bhd. Shaharil has been involved in the computer security field for over 17 years. His area of focus and interest is network security assessment and digital forensics. He was previously the co-founder and Chief Technology Officer (CTO) of SCAN Associates Berhad. He s also one of the founding members of Malaysia Computer Emergency and Response Team (MyCERT). In 2012, he received the award for The Most Innovative Information Security Professional from Government of Malaysia. Ms. Michelle Lee Senior Manager, Risk Consulting, Deloitte Enterprise Risk Services Sdn. Bhd. Michelle has over 10 years of professional and commercial experience in a number of areas that includes internal audit, IT audit and business advisory. She has served a wide range of multinational, public-listed companies and private companies operating in varied industries. Her area of expertise is the use of data interrogation software in auditing. Mr. Eddie Hiu Senior Risk Manager with a large financial institution Eddie holds a degree from University of Nottingham in Computer & Information Systems and has conducted numerous trainings for his clients on the development of EMM policies, BYOD programs and user awareness programs. Formerly, the Head of IT Audit in Kenanga Investment Bank and a manager in PwC. Mr. Goh Ser Yoong CISA, CISM, CISSP, ITIL Senior Risk Manager with a large financial institution Ser Yoong is an experienced security professional having to work in various industries such as consultancy, manufacturing and financial services and holds a degree from University of London. Having a vast experience in the area of IT security risk and compliance, Ser Yoong would be able to relate the experience and lessons learnt from BYOD initiatives within enterprises. Mr. Florian Lukavsky Director, SEC Consult Singapore Mr. Lukavsky has a MSc in Information Software Eng and has participated in over 200 projects during his SEC Consult career, including penetration tests, software testing, threat modelling, process assessments, source code reviews, conduction of developer trainings, and audits of internal IT infrastructure including Software testing and source code review. He also has extensive experience in the design and the completion of various source code analyses.

7 IT Governance, Assurance and Security Conference & 17 June 2015 ORGANISERS WHO SHOULD ATTEND? This Conference has been structured with both management and technical professionals in mind and will appeal to: Chief Executive Officers Chief Information / Technology Officers IT Governance Professionals Information Security Professionals Auditors, Compliance and Assurance Professionals IT Auditors IT Consultants and Practitioners Risk Management Professionals Business Managers Organisation Name : Address : Registration Form / Details Contact Name : Designation : Tel : Fax : No. Delegate Name Delegate ISACA/MNCC Supporting Master Classes Designation Membership No. Organisation Selection** (am) MT1,MT2, TT1,TT2 1 (pm) MT3,MT4, TT3,TT4 (am) MT1,MT2, TT1,TT2 2 (pm) MT3,MT4, TT3,TT4 (am) MT1,MT2, TT1,TT2 3 (pm) MT3,MT4, TT3,TT4 ** Please circle TWO MASTER CLASSES each for the (am) and (pm) session respectively. This selection is MANDATORY for each participant to enable the organisers to prepare the required training materials. Payment / Details Please cross Cheque or Bank Draft and make payable to ISACA Conference Account Cheque / Draft Number Bank Amount Confirmation of Booking Send / Fax or this entire form (or photocopy) to : IT Governance 2015 Conference Secretariat c/o Malaysian National Computer Confederation, Unit 916, 9th Floor, Block A, Damansara Intan, No 1 Jalan SS 20/27, Petaling Jaya TELEPHONE : (603) FAX : (603) itgov@mncc.com.my Vital Information As good practice, the Organisers are informing you that your personal data will be processed, retained and used by the Organisers in relation to this event. Your personal data may also be retained and used by the Organisers to market and promote training events conducted by the Organisers. Conference Fee (Per Person) Your investment for attending this Conference is: 1 Delegate RM1, Government Officials RM1, Delegates (same organisation) RM1, Delegates from supporting organisations RM1, Delegates (same organisation) RM1, ISACA & MNCC member RM1, * Special Package for 5 or more participants from the same organisation. Please contact the organiser at: or Tn. Syed: or Mr. Seelan: Substitution / Cancellation A refund minus a service charge of 10% will be levied for cancellations received in WRITING by 9 June No refund can be made for cancellations received after 9 June Substitutions are allowed for a registered delegate. All payments must be made prior to event proper. The organisers reserve the right to make any amendments and/or changes to the programme if warranted by circumstances beyond its control. IMPORTANT NOTICE: Payment must be paid in advance of the event to guarantee your place. Walk-in delegates, with payment will be admitted based on space availability basis. Conference Venue & Accommodation No 5, Jalan Stesen Sentral, Kuala Lumpur Tel : (603) To reserve accommodation, please contact: Aloft Hotel (Toll free) * Please note guests will be able to make their bookings directly with the hotel * Delegates are responsible for the arrangement and payment of their own accommodation in Malaysia. ISACA Malaysia Chapter and MNCC cannot guarantee availability or specific rates.