Expression of Interest – ISACA Community Day

 

  • Expression of Interest

    ISACA Community Day

    We are planning to hold ‘family and friends’ day on Sunday 19th November, approx. 11am – 2pm at an outdoor park. It will be free for ISACA members and their friends / family. A BBQ lunch will be provided as well as activities for all. Please let us know if you would be interested attending by answering 3 simple questions so that we can plan / cater adequately.
  • Add a new row

Cybersecurity Risk Management and Resilience

ISACA Melbourne Chapter
Auxiliary PD Session – Sep 2017

 

Agenda

2.30 pm – Registration open and sign-in – required to receive applicable CPE credits

3:00 pm – Welcome, agenda and introductions

3:10 pm – Panel discussion

3:50 pm – Questions from the floor to the panel

4:05 pm – The Soapbox – Chapter updates, announcements and issues of interest to members

4:15 pm – Networking opportunity

 

Topic Outline

Are you pondering how to take your cyber risk management program to the next level, or are you wondering if you have started with the right steps? Perhaps you are leading an program and along the way have lost synergies or resources, and need to refresh your plans?

Yet the risk landscape continues to change and the danger is clearer and more present than ever.

ISACA Melbourne Chapter, with sponsorship from PwC, offers a panel of seasoned professionals to share lessons learnt, risks and issues to watch out for, and provide perspectives on good Cyber Security Risk Management.

This will be followed by an opportunity to network and further connect with fellow professionals.

Key Discussion points:

  • What are the critical attributes of effective cyber security resilience?
  • What are the quick wins, if any?
  • What are the critical competencies?
  • How can CISOs measure risk and show ROI for investments?

Prospective delegates are welcome to send in their questions or discussion points in advance by Thu 21 Sep 2017, noon to be forwarded to the panel.  Please email us your questions/discussion points at this link: https://www.isaca-melbourne.org.au/contact-us/

 

CPE Hours

1.0 hours, based on the assumption you have signed the attendance sheet when attending

 

Registration and Admittance

  • Due to our sponsoring partner’s facilities access requirements and for catering purposes we request that you register for this event to ensure you are able to attend
  • Registration to this session is open and free of charge to all current ISACA members
  • A registration door price will be drawn from the list of duly registered attendees

 

Panel Members

Jo Stewart Rattray
Elected Director on ISACA’s international Board of Directors and Chair of its global women’s leadership initiative

Jo has over 25 years of experience in IT including as a CIO utilities, and 19 in information security. She underpins her information technology and security background with her qualifications in education and management.

Jo specialises in consulting in information security issues with a particular emphasis on governance in both the commercial and operational areas of businesses. Jo provides strategic advice to organisations across a number of industry sectors including banking and finance, utilities, automotive manufacturing, tertiary education, retail and government.

 

Mitra Minai
Governance, Risk and Regulatory Compliance Professional, Board Member, ISACA Melbourne Chapter

Mitra is a senior governance, risk and compliance professional with over 18 years of experience working in the Financial and Professional Services industries. She has a proven track record in assessing and solving complex risk and regulatory challenges for Organisations.

Mitra is currently leading NAB’s Cybersecurity and Data Security Risk management initiatives, formulating and prioritising the implementation of pragmatic solutions to meet Cybersecurity and Data protection and privacy requirements and uplift capabilities across the organisation. The outcome is effective oversight and governance of Cybersecurity risks and controls, leading to well informed investment, decision making and prioritisation of security solutions and services to manage the Bank’s riskiest operations.

Mitra was the Chair of the Oceania CACS 2010 and has been on the ISACA Melbourne Chapter Board since 2004, successfully leading various strategic, membership growth and retention and certifications promotion initiatives. Mitra is also a member of Standards Australia IT030 ICT Governance and Management Committee as well as a member of International Standards Organization (ISO) Joint Technical Committee 1 (JTC 1) focusing on Governance of IT, Service Management and Information Security. She is at the forefront of thought leadership and standards review and publications covering effective Enterprise Governance and Risk Management practices.

 

Jason Ha
Director at PwC Australia

Jason is a Senior Leader of PwC’s Digital Trust practice which aims to help clients maximise their growth potential, manage their risks and build confidence in their digital future. As an experienced Cyber Security and Risk professional, Jason provides the ability to develop and implement security strategies from business requirements stage all the way to ongoing operation and governance. One of Jason’s primary areas of expertise is helping organisations make sense of their Cyber Risks including understanding their impact to business and how to effectively communicate them.

 

Mike Trovato
Cyber Risk Advisor to Boards and CxOs; Board Member, ISACA Melbourne Chapter

Mike is a cyber security and technology risk advisor to boards, board risk committees, and executive management including CxOs. Helps key stakeholders understand the obligations and outcomes of effective cyber security. This includes solving an organisation’s greatest issues with respect to regulatory, industry, and company policy compliance and to protect what matters most in terms of availability, loss of value, regulatory sanctions, or brand and reputation impacts balanced with investment.

Key Australian and US roles: ICG, Global Cyber Practice Leader; Cyber Risk Advisors, Managing Partner; EY Cyber Security, Asia Pacific, Oceania and FSO Lead Partner; NAB Group, GM Technology Risk and Security; KPMG, Partner Information Risk Management; Salomon Brothers, Internal Audit; MasterCard International, Principal.

Graduate Australian Institute of Company Directors (GAICD); ISACA Melbourne Chapter Board Member. Certified Information Systems Manager (CISM); Certified Information Systems Auditor (CISA); and has been a PCI DSS Qualified Security Assessor (QSA). MBA Accounting and Finance and BS Management Science, Computer Science, and Psychology.

 

Biographies listed in no particular order.

 

Deriving value from … Diversity, Technology Governance and Risk

ISACA Melbourne Chapter – Auxiliary Professional Development Session – Sep 2017

The ISACA Melbourne Chapter, with sponsorship by PwC Melbourne, invites members and general practitioners, to a half day event, packed with four Professional Development sessions, networking and refreshments.

 

Agenda

·         7:00am – Registration and session sign-in – required to receive applicable CPE credits·         7:30am – Breakfast Open

·         7:50am – START – Welcome, Introductions, Agenda

·         8:00am – Sponsor Message – Technology Governance and Risk

·         8:15am – Speaker Talks, Questions & Answers

·         9:55am – Break

·         10:15am – Speaker Talks, Questions & Answers

·         12:00am – Lunch & Networking

·         01:30pm – Event End

 

CPE Hours

4.0 hours, based on the assumption you have signed the attendance sheet when attending.

 

Registration and Admittance

•           Due to our sponsoring partner’s facilities, access requirements and for catering purposes, we request that you register for this event to ensure you are able to attend.

•           Registration to this session is open and free of charge to all current full paid ISACA members.

•           A door fee of $50 will be charged for non ISACA members, paid in cash at the registrations desk on the day.

•           A registration door prize will be drawn from the list of duly registered attendees.

 

About the event sponsor

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality assurance, advisory and tax services.  Find out more and tell us what matters to you by visiting us at www.pwc.com.

 

Location

PwC, 2 Riverside Quay, Southbank VIC 3006

Further directions in regards to this location will be posted closer to the event.

 

About the sessions and speakers.(listed in no particular order)

 

The Potential and Promise of Female Leadership

By, Jo Stewart Rattray, Elected Director on ISACA’s international Board of Directors and Chair of its global women’s leadership initiative.

ISACA has recognised that the empowerment of women within the global technology workforce is critical given the gender gap that exists in our fields of practice is one of the largest across all professions. It is estimated that less than 30% of the technology workforce is made up of women and it drops to 10% within information security. The development of ISACA’s Connecting Women Leaders in Technology initiative is aimed at assisting women to elevate into positions of leadership by providing a program that will support them through their careers with educational opportunities, support tools, networking opportunities and advocacy to name a few. Jo is the inaugural chair of the Women’s Leadership Council at ISACA and is Board sponsor of the initiative.

Jo has over 25 years of experience in IT including as a CIO utilities, and 19 in information security. She underpins her information technology and security background with her qualifications in education and management.

Jo specialises in consulting in information security issues with a particular emphasis on governance in both the commercial and operational areas of businesses. Jo provides strategic advice to organisations across a number of industry sectors including banking and finance, utilities, automotive manufacturing, tertiary education, retail and government.

Jo has chaired a number of ISACA’s international committees including Audit, Leadership Development, and Professional Influence & Advocacy. She is past president of ISACA’s Adelaide Chapter and she is currently serving as an Elected Director on ISACA’s international Board of Directors.

 

Agile Project Delivery Confidence: Mitigate project risks and deliver value to your business

By Melina Sehr and Andrew Sandford, PWC Assurance and Transformation Practices

When Agile becomes an organisation’s standard project delivery methodology, it changes the way projects are managed and controlled. In this talk, Melina and Andrew will explore how to create value for your organisation by building the right capabilities, unleashing your potential and gaining confidence to deliver the best product to market, while minimising delivery risks.

Melina Sehr is a Partner within PwC’s Assurance practice specialising in Transformation Confidence. Melina has over 25 years of experience working on large transformational programs within Australia’s major companies across banking and financial services, telecommunications, energy and utilities, health and public sectors. She has extensive business and technical skills which enable her to identify areas of risk and propose solutions that are effective and practical.

Andrew is a Senior Manager within PwC Transformation Confidence practice in Melbourne. Andrew partners with clients to provide an independent perspective on the risks to their strategic business change and transformation programs.

 

Shiny Toys’ vs Tools – Getting better value out of your detection tool suite

By, Petrina Olds, Telstra Security Detection Technology Lead

Petrina will discuss how to get better value out of your security detection tools including how to identify whether your tool is actually just a “shiny toy”. This talk will lay out a practical approach to evaluating your existing security detection tool suite which will in turn enable you to lay out a plan to improve their value.

Petrina Olds is the Security Detection Technology Lead at Telstra and leads the strategic direction of their Security Detection tools. During her 4.5 years at Telstra she has worked with the Security Operations teams hunting for new malware infections and improving detection capability. She has also worked on the various Security Incident Event Management (SIEM) systems in Telstra to make them alert correctly using the incoming raw events. Prior to Telstra she spent 16 years with the Commonwealth Public Service working as a software engineer where she held a number of technical positions designing and developing new platforms and applications from standalone to enterprise using a variety of software languages and platforms.

 

IT Risk Management – Improving Benefit Realization

By, Carl Michael, CTO LUCRF Super

The management of technology risk must steer away from IT optimized decisions which might inadvertently create business risks. Inadequate dependency analysis for IT risk management can cause risks to compound over time and give way to uncontrolled complexity. As part of the evolution of IT risk management, summarizing IT risks using Westerman’s 4A framework, which defines risks in terms of four key business objectives: availability, accessibility, accuracy, and agility provides an improved approach to presenting IT risks to the business in a non-technologically focussed manner. This approach also provides the IT department with a mirror with which to view risks with an integrated structure that allows for making informed decisions about IT risk in business terms of costs, benefits, prioritization and trade-offs. This approach helps to make the business consequences of IT risk clearer through augmenting dependency-analysis and decision-making which in turn improves benefits realization.

Carl Michael is the CTO at a LUCRF Super where his role covers operational responsibilities. He previously worked as a strategy consultant and headed enterprise architecture and development teams. His roles cut through the complexities of technologies and operations to enable business opportunities through practical solutions in sectors such as superannuation, banking, technology and government. Carl has an MBA in Technology Management, a Master of Strategic Foresight and is a senior member of the ACS. He has presented on strategy, architecture and foresight at conferences such as CeBIT.

 

 

Competition for Technically Minded Professionals

Attention – Engineers, ICT, Scientists and Technically Minded Professionals who apply a logical and rational decision making process to influence others.

NegotiationWise® are offering you the opportunity to win one of four (4) complimentary places to NegotiationWise® Decrypting Influencing for Engineers training program on 26 Oct 2017 in Melbourne, each valued at $1,595

Your entry must be received by Friday 6 October 2017.

For more information click here:

https://www.surveymonkey.com/r/DIFE

 

AISA National Conference 2017

The Australian Information Security Association’s annual conference in Sydney is coming up and details can be found here.

As a member of ISACA you might be asking yourself why we are advertising the Australian Information Security Associations’s conference? The answer is simple: cybersecurity is something that can only be addressed in collaboration. The ISACA Melbourne chapter believes that there is value in working with organisations like AISA and others.

ISACA Member discount for 1st COSAC Australia Conference

ISACA Melbourne has been working with the organisers of COSAC Melbourne (5-7 December 2017), the 1st SABSA Asia-Pacific Congress, to secure a discount for its members. This event builds on the success of COSAC Europe, which has been held in Europe for over 20 years.

Conference details can be found on the COSAC website. For bookings and discount details please contact Dennis.Pigram [AT] davidlynas.com.

RMIT Information Security Collective pre-Spring Networking Event

 

An evening of Information Security Professionals and Students addressing issues around establishing a career path.

The talks from 5:30 to 7:30 then networking with pizza.

Speakers:
Piotr Janczewski: Pentester at EY
Stanislav Filshtinskiy: Threat Intelligence Director at Cyber Security Hub
Claire Fulford: Director of 27 Lanterns
Michael van Coppenhagen: Master of Ceremonies

We will have sign-in sheets for ISC^2 and ISACA members who would like to clam CPEs for attending.

Organiser:RMIT Information Security Collective

Organiser of RMIT Information Security Collective pre-Spring Networking Event

RISC was established to provide a bridge between academia and industry in the area of information security and to provide opportunities for RISC members to share and extend their knowledge and interest.

RISC is an official ISACA Student Group

 

Professional Development Session | 12th Sept 2017

 

Measuring Security Strategy Success

Sinking money into security initiatives is fun, but how effective are they contributing to the overall security posture? The Board or C-Suites executives would need accountability on security practitioners spending their budgets, are they able to gain comfort from visibility on how well their investments are performing? Security metrics provides a framework for measurement and more importantly presenting data in a meaningful way that resonates with top level executives. Areas of improvement are also magnified and therefore prioritises spending on where its most required.

 

About the Speaker

E-Yang Tang

Director of Advisory Cybersecurity at EY, Melbourne Professional background

► E-Yang is passionate about providing strategic cybersecurity advisory and thought leadership to chief executives and board members.

► Aligning and prioritising cybersecurity strategies with business objectives.

► Creating “go to market” strategies and cybersecurity sales initiatives to build cybersecurity business pipeline.

► Based in Melbourne, E-Yang has experience in the local market and is also across the Asia Pacific theatre.

► E-Yang is an experience leader in driving “go to market” initiatives and business pursuits from a cybersecurity transformation perspective.

► Competent in delivering complex cybersecurity architecture designs and enterprise managed security solutions.

► E-Yang’s 18 year career (with organisations such as Adobe, Hewlett Packard Enterprise, Verizon Enterprise Services, Cybertrust, RSA Security Division of EMC) spans across all industry verticals.

► He is also an ardent advocate for cybersecurity awareness.

 

Agenda

• 5.30pm – Registration and session sign-in – required to receive applicable CPE credits
• 6:00pm – START – Welcome, Introductions, Agenda
• 6:05pm – Monthly PD Session, Questions & Answers
• 6:50pm – The Soapbox – Chapter Updates, Announcements and Issues of interest to members
• 7.00pm – Networking opportunity – drinks and finger food to be served
• 8.00pm – Event Ends

 

CPE Hours
1.0 hours, based on the assumption you have signed the attendance sheet when attending

 

Registration and Admittance
• Due to our sponsoring partner’s facilities, access requirements and for catering purposes, we request that you register for this event to ensure you are able to attend.
• Registration to this session is open and free of charge to all current ISACA members.
• A registration door prize will be drawn from the list of duly registered attendees.
• Please be advised this PD Session will be A/V recorded, with the intention to share on the ISACA Melbourne Digital channels for the benefit of the members.

 

Date/Time
Date(s) – 12/09/2017
5:30 pm – 8:00 pm

Location
EY Melbourne Office

 

Register here.

Delivering Security Architecture in DevOps Environments

DevOps, the tighter coupling of software development (dev) and IT operations (ops) capabilities in an organisation, is getting more traction these days. DevOps is driven by cloud infrastructures that can be stood up within minutes rather than month and the desire of organisations to react faster to changing market conditions often accompanied by the introduction of Agile Software delivery processes. While this allows organisations to also grow more rapidly it can create new operational security risks that need to be addressed.

The ISACA Melbourne Chapter July Security Architecture Working Group Meeting will focus on developing security architecture solutions in a DevOps environment. We hope you can bring along and share your experiences of how DevOps has impacted the way you define and deliver security architecture solutions.

Special Lunch Event – Commissioner Data Privacy and Data Protection Briefing

Privacy and cyber security are a key issue in Parliament…

Cyber attacks across the globe are increasing at an alarming rate and no organisation is immune. Since 2013, over 7 billion data records have been lost or stolen and only 4% were encrypted. In Australia, on average, a cyber attack costs an organisation $5.4 million1 per incident. However this cost increases significantly when factoring in flow-on effects such as business disruption, information loss or theft, revenue loss, or the impact on brand and reputation or regulatory sanction.

According to the recent ASX 100 Cyber Health Check Report, while only 8% of directors say they have a clear understanding of the key controls in the company’s cyber resilience framework, a further 64% have a reasonable understanding. There are opportunities for further improvement. Is Victorian government similar?

1 – 2016 Cost of Cyber Crime Study & the Risk of Business Innovation

 

In this event, the Victorian Commissioner of Data Privacy and Data Protection David Watts will provide insights around the role of the board in protecting and strengthening their business. David is also Adjunct Professor of Law at LaTrobe University, Task Force leader on Big Data and Open Data for the UN Special Rapporteur on the Right to Privacy, a member of the Privacy Advisory Group to UN Global Pulse and a Key Researcher at the Data to Decisions Cooperative Research Centre.  His background is as a private and public sector lawyer.

The Office of the Commissioner for Privacy and Data Protection was established by the Privacy and Data Protection Act 2014 (Vic) in September 2014. The Act is designed to protect all information held by the Victorian public sector, including the personal information of individuals. The Office of the Commissioner for Privacy and Data Protection’s mission is to safeguard Victorians’ information and support information innovation.

Key areas to be addressed:

  • The rising threat landscape and what it means for Victoria
  • The ASX Cyber Health Check Report – implications and actions in Victorian government
  • The Australian Privacy Act of 1988 and Notifiable Data Breaches scheme, understanding obligations and compliance
  • The role of Victorian governing boards in addressing cyber security and privacy
  • Integrating appropriate governance and risk measures into the public sector organisation for resilience
  • Amendment of Victorian Privacy and Data Protection Act 2014 – what does it mean?
  • And your questions!

Event Sponsor