IT Governance, Assurance and Security Conference

Transcription

1 ISACA Malaysia & MNCC Proudly Presents the11 th Annual IT Governance, Assurance and Security Conference 10 & 11 July 2012 Organised By : Supported By : Register Early to Avoid Disappointment Venue - One World Hotel, First Avenue, Bandar Utama City Centre, Petaling Jaya, Selangor

2 IT Governance marks the 11th year of our highly successful ISACA/MNCC IT Governance Conference. For this year's conference, we continue with the 2011 Conference format, where on Day 1, our panel of speakers will deliver presentations on topics related to core issues on IT Governance, Assurance and Security and on Day 2, master classes will be conducted on practical issues with hands-on delivery sessions. As we hit the midway mark for 2012, we continue to see how major trends in technology, such as the push for cloud services, consumerisation of IT and adoption of mobile computing in our daily activities change the way we think, work and play. Organisations now not only have to battle with the ever changing internal and external IT landscape that will impact IT Governance, Assurance and Security practices in their organisation but are also challenged to comply with latest governance and security related laws. This is especially so with the Malaysian Personal Data Protection Act 2010 (PDPA), which we first presented in our 2010 conference. In January 2012, the Information, Communication and Culture Ministry has established the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi Malaysia) under the PDPA legislation and this is the strongest signal as to date for organisations who are affected by this Act to start preparing for compliance. On Day 1, our panel of speakers will deliver presentations on topics related to emerging trends such as Cloud Computing Governance issues, Security for Mobile Computing, System Forensics, Investigation and Response and Lessons to the IT Auditors from an SAP Implementation Project. Our speakers will then gather for a Panel Discussion which provides our participants with a platform to interact with the speakers on the topic presented. On Day 2, there will be 4 master classes conducted. The aim of these master classes is to provide a practical session to the participants on emerging trends in IT Governance, Assurance and Security. These 4 master classes are: 1. Auditing Security Risks in Virtual IT Systems 2. Fundamentals of Penetration Testing 3. The Essentials of COBIT Time to Act : Complying with the Malaysian Personal Data Protection Act 2010 Our distinguished panel of speakers and master class presenters are selected based on their vast experience and expertise in each topic. Be prepared to connect, discuss and challenge yourself in our conference. Most importantly, participate and take home valuable knowledge and skills that will provide: Management with up-to-date trends and issues on IT Governance, Assurance and Security An understanding that in challenging economic times, there will be increased demands on IT to deliver and support business goals Practical approaches to improve assurance practices and skills in key areas of the IT environment Insights on balancing risks and controls to maximise opportunities in line with emerging regulations Who Should Attend This Conference has been structured with both management and technical professionals in mind and will appeal to: Chief Executive Officers Chief Information/Technology Officers IT Auditors IT Governance Professionals Information Security Professionals Auditors, Compliance and Assurance Professionals IT Consultants and Practitioners Risk Management Professionals Business Managers Day One 10 July :00-08:50 Arrival and Registration Opening Remarks by the Chairperson of the Conference Organising Committee 09:00-10:00 KEYNOTE ADDRESS CyberSecurity 2012: What did the Dragon bring you and will it continue to breathe fire on your security practice? The Water Dragon has not dampened security and privacy news in As early as the first quarter of 2012, we have already seen major companies such as Verisign and Symantec disclosing security breaches to their network. From the other side of the ocean, USA have introduced the Stop Online Privacy Act (SOPA) while Google and Facebook continue to lead users into unchartered territories with their privacy guidelines. This paper examines what lies in store as we cross the half-way mark into the Year of the Dragon from the perspective of a practitioner. Speaker: Mr. Pelle Aardewerk IT Audit Manager - ITS and Asia Pacific Shell 10:00-10:45 Vendor Lock-in Issues in Cloud Computing : Strategies for Overcoming Them Speaker: Mr. Abu Mansor bin A. Manaf Principal Consultant, Government & Education Sectors Red Hat Malaysia 10:45-11:15 MORNING TEA BREAK 11:15-12:00 Cloud Computing Governance : Is your Security policy ready for the sky? Speaker: Mr. Abdul Hamid Abdullah Audit Director Singapore Auditor-General s Office 12:00-12:45 Security Issues for Mobile Computing : Making your Smart-phones safer Speaker: Mr. Jason Yuen Director, Advisory Services Ernst & Young Advisory Services Sdn Bhd 12:45-02:00 LUNCH 02:00-02:45 System Forensics, Investigation and Response : Technically Speaking Speaker: Mr. Mohd. Zabri Adil Talib Head of Digital Forensics Department CyberSecurity Malaysia 02:45-03:30 Implementing SAP : Translating Lessons learned to Audit Considerations Speaker: Mr. Lee Chin Hon Director and Secretary ISACA Malaysia Chapter 03:30-04:00 AFTERNOON TEA BREAK 04:00-05:00 PANEL OF DISCUSSION Is Technology Driving the Need for Data Privacy or Vice-versa? Chairperson: Mr. Arthur Leong Panel: Invited Speakers

3 Day Two 11 July 2012 MANAGEMENT TRACK: MASTER CLASSES (MT1) TECHNICAL TRACK: MASTER CLASSES (TT1) 09:00-10:30 The Essentials of COBIT Describe the COBIT 5 Principles 2. Understand the structure and components of the COBIT 5 Framework 3. Apply the Process Reference Guide 4. Plan for transitioning from COBIT 4.1 to COBIT 5 5. Apply ISACA COBIT 5 Resources for future activities Server Virtualization : Understanding security breaches and what auditors need to look out for 1. Understand the basics of virtualization technology 2. Describe the advantages and disadvantages of virtualization 3. Comprehend virtualization risks and issues 4. Have an overview on how to secure virtualization planning and deployment 5. Plan how to audit the virtualized environment 10:30-11:00 MORNING TEA BREAK 11:00-12:30 COBIT 5 is a major strategic improvement providing the next generation of ISACA guidance on the governance and management of enterprise information and technology (IT) assets. Building on more than 15 years of practical application, ISACA designed COBIT 5 to meet the needs of stakeholders, and to align with current thinking on enterprise governance and management techniques as they relate to IT. Speaker: Ms Foo Mei Ling Professional Services Manager APAC, Methodaware Ltd President, ISACA Malaysia Chapter Organizations have widely adopted virtualization products and services driven primarily by operational efficiency. With efficiency comes serious security considerations. Virtualization technology is the focus of many new potential threats and exploits that must be managed. Virtualization adds layers of technology, which can increase the need to understand new security protocols and security controls. While IT Security manages these, IT Auditors must understand the impact of new potential risks and provide assurance that these risks are managed properly. Speakers: Mr. Arthur Leong, Business Development Manager CCH TeamMate Mr. S. Retnendran, Associate Audit Director AmBank Group Mr. Adrian Foo, Senior IT Auditor Maybank Members of ISACA Malaysia Chapter Special Interest Group on Virtualisaion 12:30-01:30 LUNCH MANAGEMENT TRACK: MASTER CLASSES (MT2) TECHNICAL TRACK: MASTER CLASSES (TT2) 01:30-03:00 Time to Act : Complying with the Malaysian Personal Data Protection Act (PDPA) Have a general overview of the PDP Act Understanding the function of the Personal Data Protection Department of Malaysia 3. Appreciate Organisational Issues in relation to the Act 4. Understand specific IT Issues in relation to the Act 5. Outline a Roadmap for Compliance Fundamentals of Penetration Testing 1. Understand network and system vulnerabilities and threats and general IT Security fundamentals 2. Plan the activities required to conduct a Penetration Testing 3. Appreciate the legal and reporting issues 4. Describe how to perform a penetration testing based on best practices 5. Understand what to look out for from a completed test 03:00-03:30 AFTERNOON TEA BREAK 03:30-05:00 This master class is designed to take you through the initial stages of implementing a programme to comply with the PDP Act It is based on applying tools and techniques that will take the participant from knowing 'what-to-do', to 'how-to-do' stage. Best practices from various sources will be used and discussed. This workshop will benefit anyone who is tasked to start or strengthen Data Loss Prevention/Privacy in his/her organisation. Speaker: Professor Abu Bakar Munir Law Faculty University of Malaya A penetration test, sometimes called a pen test, is a method of evaluating the security of a computer system or network by simulating an attack from an unauthorised user. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. Speaker: Mr. Meiling Mudin Independent Security Consultant 05:00-05:30 LUCKY DRAW / CLOSING CEREMONY

4 Speakers Profile KEYNOTE SPEAKER Pelle Aardewerk, CISA, CISM IT Audit Manager ITS and Asia Pacific, Shell International BV Pelle manages Shell s global IT audits that include managing international teams on audits, perform Independent Reviews of other audits, being responsible for the Annual Audit plan and stakeholder management within ITS, IT Asia-Pacific, PCD Security and Corporate Security. He is a Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM); and possesses certifications on PMP, ITIL and Business Continuity. Professor Abu Bakar Munir Professor of Law and former Dean at the Faculty of Law, University of Malaya He served as the Advisor to the Government of Malaysia on Data Protection and was instrumental in the development of the Personal Data Protection Act He is also the recipient of the prestigious Minister s Award 2010 at the National Cyber Security Awards, and speaks extensively around the world including at Oxford, Cambridge and MIT. His research interests are Air and Space Law, Information and Communications Technology (ICT) Law and Nanotechnology Law and Policy. Ms Foo Mei Ling, CGEIT Professional Services Manager, APAC, Methodware Ltd. President, ISACA Malaysia Chapter Mei Ling has over 11 years of Enterprise Risk Management and IT Governance implementation experience, including implementing Methodware's premier risk management and internal audit systems for clients in the APAC region. Retnendran Sivasupramaniam, CISA Associate Audit Director of the AmBank Group Retnendran has more than 16 years working experience in IT Audit, Controls and Security. His work includes performing and managing teams in performing IT audit and security. Arthur Leong, CISA Business Development Manager, CCH TeamMate A Certified Information Systems Auditor (CISA) and a Microsoft Certified Professional, Arthur has extensive experience in IT auditing, consulting and implementation of audit management systems. Abdul Hamid Bin Abdullah, CISA, CPA, FIIA Singapore Audit Director, Singapore Auditor-General s Office Abdul Hamid has 32 years of public sector auditing experiences. His work includes information security audits of government agencies. He was Director of IT Audit in the Auditor-General s Office, Singapore and is now Audit Director in charge of audit of four ministries and related statutory boards. Mohd Zabri Adil Talib, GCFA, EnCE Specialist/Head of Digital Forensics Department of Cyber Security Malaysia He has vast experiences in handling computer crimes and computer-related crimes forensics examination for various law enforcement agencies in Malaysia. He has testified in the Intellectual Property Court, Magistrate Court, Session Court, High Court and Royal Commission of Inquiry including in the high-profile Altantuya murder case, the Lingam Tape case and the Anwar s Sodomy 2 trial. Jason Yuen Chee Mun, CISA, CISSP Director, Advisory Services, Ernst & Young Advisory Services Sdn. Bhd. Jason has over 15 years of IT Security, Audit and Assurance experiences. He has performed and led many IT audit and security assignments. Adrian Foo, CISA Senior IT Auditor, Malayan Banking Berhad He performs IT assurance activities across all the business entities within the Maybank Group, which include the insurance, investment banking arm. He has over 15 years of IT auditing experience in the financial services industry covering areas such as IT Governance, IT General Controls, Post Implementation Review, Network and Infrastructure Security, Application Controls, Disaster Recovery and Business Continuity. Adrian is currently a Certified Information Systems Auditor (CISA). Lee Chin Hon, CPA (Malaysia, N. Zealand), CISA Chin Hon was the Data Management Lead for an SAP Implementation project for a major airline company based in Malaysia. In addition to his experiences in IT and Financial Operations, he has over 10 years working experiences as an IT Auditor in both professional services and corporate organisations. Chin Hon is an ISACA Malaysia Chapter trainer for the CISA Certification Review classes. Meling Mudin Independent Security Consultant Meling has over 10 years of technical experience in computer security. He currently works for a MNC, where he performs technical security assessments including web application reviews, network and hosts assessments for the company's global IT infrastructure. He is also a respected member of the local security community, and has designed and organized hacking competitions. He is the founder of Hackerspace Kuala Lumpur. Abu Mansur bin A Manaf Principal Consultant, Government & Education Sectors, Red Hat Malaysia Abu Mansur was formerly the CTO at Sun Microsystems Malaysia. He has almost 28 years experience in technology sales and marketing beginning with Rank Xerox Malaysia in Currently, one of his responsibilities is to create the awareness on the strategic value of Open Standards and Open Source Software as a means of achieving competitive edge for Malaysia. About Us ISACA has become a pace-setting global organization for information governance, control, security and audit professionals. Today, ISACA s membership-more than 95,000 strong worldwide-is characterized by its diversity. Members live and work in more than 160 countries and cover a variety of professional IT-related positions. Through its comprehensive guidance and services, ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide. ISACA Certifications i.e. the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations defines the roles of information systems governance, security, audit and assurance professionals worldwide. ISACA Malaysia Chapter is the local chapter affiliate of ISACA. ISACA Malaysia was established in 1984, with current membership exceeding over 600 members and more than 350 professionals holding various ISACA certifications. Malaysian National Computer Confederation (MNCC) MNCC is a confederation dedicated to the development of IT Professionals and the creation of an Information Rich Society. First established in 1967, MNCC is recognized as the IT professional body in Malaysia and its mission is to achieve global competitive advantage through IT Professional excellence. MNCC is a member of the International Federation of Information Processing and the South East Asia Regional Computer Confederation (SEARCC).

5 IT Governance, Assurance and Security Conference 2012 Organisation Name : Address : Registration Form / Details Contact Name : Designation : Tel : Fax : No. Delegate Name Delegate ISACA/MNCC Supporting Master Classes Designation Membership No. Organisation Selection** 1 (am) MT1 or TT1 2 (am) MT1 or TT1 3 (am) MT1 or TT1 ** Please circle ONE MASTER CLASS each for the (am) and (pm) session respectively. This selection is MANDATORY for each participant to enable the organisers to prepare the required training materials. Payment / Details Please cross Cheque or Bank Draft and make payable to ISACA Conference Account Cheque / Draft Number Bank Amount Confirmation of Booking Send / Fax this entire form (or photocopy) to : IT Governance 2012 Conference Secretariat c/o Malaysian National Computer Confederation, Unit 916, 9th Floor, Block A, Damansara Intan, No 1 Jalan SS 20/27, Petaling Jaya TELEPHONE : (603) FAX : (603) [email protected] Conference Fee (Per Person) Your investment for attending this Conference is: Vital Information 1 Delegate RM1, Government Officials RM1, Delegates (same organisation) RM1, Delegates from supporting organisations RM1, Delegates (same organisation) RM1, ISACA & MNCC member RM1, * Special Package for 5 or more participants from the same organisation. Please contact the organiser at: Substitution / Cancellation A refund minus a service charge of 10% will be levied for cancellations received in WRITING by 03 July No refund can be made for cancellations received after 03 July Substitutions are allowed for a registered delegate. All payments must be made prior to event proper. The organisers reserves the right to make any amendments and/or changes to the programme if warranted by circumstances beyond its control. Conference Venue & Accommodation Info One World Hotel, First Avenue, Bandar Utama City Centre, Petaling Jaya, Selangor Tel : (603) For reservations, please make your bookings directly with the hotel. To enjoy the special room rates, please quote IT Governance Hotel bills are to be settled by delegates directly with the hotel. Hotel reservations and travel arrangements are the responsibility of the delegate. IMPORTANT NOTICE: Payment must be paid in advance of the event to guarantee your place. Walk-in delegates, with payment will be admitted based on space availability basis.