Tuesday 8 May 2018, 5:30pm to 8pm

Session Abstract

The NIST framework is widely used by enterprises as their cyber governance model. ISACA has developed an Audit/Assurance programme based on the NIST framework. ISACA’s program is aligned with the COBIT 5 framework & is designed to provide management with an assessment of the effectiveness of its organization’s cyber security identify, protect, detect, respond, and recover processes and activities. The program also covers asset management, awareness training, data security, resource planning, recovery planning and communications. This audit program provides enterprise leaders confidence in the effectiveness of their organization’s cyber security governance, processes and controls.

The presentation will cover the following:

  • Provide a brief background of the NIST framework so that all attendees to ensure all attendees are on a common understanding 2. Briefly discuss the updated version 1.1 of NIST and differences from original version focusing on the changes
  • Discuss ISACA’s audit/assurance programme including materials available & how they can be used not only to audit but also as guides to implement NIST
  • Explain in detail the layout of the Excel spreadsheet and how it is can be used
  • Provide case study – our experience in using this programme for readiness assessment. What worked and how we used it.
  • Show participants how we modified the spread sheet to tailor an approach specific to us and how modifications helped us measure “maturity” and create a cyber strategy.

After completing this session, the participant will be able to …

  • Understand the NIST cybersecurity framework, especially the updates in version 1.1 and how it differs from the original NIST framework
  • Understand ISACA’s response and creation of the IS audit/assurance program for Cybersecurity based on the NIST framework
  • Understand the materials available for download from the ISACA website. Details of the structure of the Audit program worksheet as well as the Word document and understand how these are to be used.
  • Understand how to use the Audit program worksheet including discussion on how this could be customised and made “fit for purpose” such that it can be used in participant’s organisation


  • 5.30pm – Registration and session sign-in – required to receive applicable CPE credits
  • 6:00pm – START – Welcome, Introductions, Agenda
  • 6:05pm – Monthly PD Session, Questions & Answers
  • 6:50pm – The Soapbox – Chapter Updates, Announcements and Issues of interest to members
  • 7.00pm – Networking opportunity – drinks and finger food to be served
  • 8.00pm – Event Ends

CPE Hours

1.0 hours, based on the assumption you have signed the attendance sheet when attending.

Registration and Admittance

  • Due to our sponsoring partner’s facilities, access requirements and for catering purposes, we request that you register for this event to ensure you are able to attend.
  • Registration to this session is open and free of charge to all.   Current ISACA members are welcome to bring guests interested in the topic being presented.
  • A registration door prize will be drawn from the list of duly registered attendees.


About the Speaker

Ashutosh Kapsé


Professional background

Ashutosh is currently the Head Cybersecurity and technology risk at IOOF Holdings Ltd.   Ashutosh is a senior executive with a career spanning over 25 years (22+ years in Australia).  Ashutosh is known for his integrity, leadership, subject matter expertise and ability to achieve business unit results. He has demonstrated subject matter expertise in IT Governance, Information & Cyber- security, Technology risk, audit & compliance and has extensive experience in representing GRC, security & audit matters at Board level and providing cyber security advisory to business leaders.

Ashutosh has led several advisory teams, in industrial verticals such as financial services, health, federal & state government departments, Manufacturing, Retail and Pharmaceuticals.

Ashutosh volunteers as a board member and chairman of the Risk & Compliance committee at SCCV, the largest not for profit aged care provider in Victoria and is also a director of ISACA Melbourne chapter.


Loading Map....

Date(s) - 08/05/2018
5:30 pm - 8:00 pm

EY Melbourne Office



Bookings are closed for this event.