We have an exciting program for you this month at ISACA Ireland’s "Last Tuesday" event for September, with speakers from Australia, South Africa and Italy (Although 2 currently reside in Dublin), from SABSA, BSI and PwCthey are presenting on a veriety of subjects:
Using SABSA to Develop a Cyber Security Strategy by Michael Hirschfeld, AU
The SABSA architectural methodology has a number of tools, techniques and frameworks that can help IT Security professionals understand the challenges they face and to present and discuss these with their executive and stakeholders when building and progressing a Cyber Security Program.
Fundamentally, a strategy is a document that sets out how you plan to achieve a series of long-term objectives. Within Cyber Security our objectives must be closely aligned with those of the IT group and, just as importantly, with those of the business as a whole.
If our Cyber Security Strategy isn’t helping the Business or ICT meet their objectives, then we will struggle to articulate our relevance and we will find it difficult to get budget. On the other hand, when our strategy clearly aligns and strengthens the business we are viewed more as a partner.
This presentation will cover a few of the basics of SABSA, provide you with a framework for a Cyber Security Strategy and then demonstrate how understanding and applying some key techniques from the SABSA tool kit can assist you in developing and presenting a coherent and aligned Cyber Security Strategy that the business will understand.
Third Party Management Program. An information security and privacy integrated approach by Herman Errico, BSI
Nowadays, companies are depending on a mixture of internal and external resources to achieve their objectives consistently. Therefore, it is fundamental for business resilience to identify and manage risks deriving from third parties’ relationships. Join Herman Errico in understanding how to develop and implement a Third Party Management Program. Which will focus on defining a structured approach to manage information security and privacy risks deriving from third parties’ services or products.
The presentation will highlight how to shape the management program based on business’ needs, security and compliance requirements. In particular, a third party management lifecycle (Third party relationship planning, Third party selection process, Third party agreement process, Third party termination process) will be presented and its structure analysed. A detailed analysis will be dedicated to the information security and privacy control selection for third parties, and how to difference between supplier for service and supplier for products.
A conclusion on customer success factors and use cases will be included.
This approach has been structured around the following standards:
•BS ISO/IEC 27036 (Part 1, 2, 3, 4) (Information security for supplier relationships)
•BS ISO/IEC 27002:2017 (Code of practice for information security controls)
•BS ISO/IEC 29151:2017 (Code of practice for personally identifiable information protection)
Emerging technology risk by Rivash Ramowtar,
To be updated…
Michael Hirschfeld, Executive Consultant, David Lynas Consulting
Michael is an experienced senior executive with a prominent public service career that included leadership roles in ICT and organisational security in Australia. Former roles include CIO & CISO for the Department of Finance, as well as strategic security leadership roles at the Department of Foreign Affairs & Trade and the Australian Tax Office.
He was a member of the Department of Finance Executive Board and is accustomed to engaging with senior executives to ensure the delivery of business capabilities leveraging technology and ensuring this is done securely.
Currently an Executive Consultant at David Lynas Consulting, Michael works leading Security Architecture projects with a focus on communicating the value of security architecture to client leadership.
Rivash Ramowtar, Assistant Manager IT Risk Assurance in Emerging Technology, PwC
Rivash has previous experience in IT Risk Assurance and as a Technology Strategy & Architecture Consultant in PwC South Africa. He has advised and assessed clients on their operational and technological risk management activities, across multiple industries, including financial services, capital markets, insurance, retail, power & utilities, telecommunications, and government sectors.
Rivash’s area of expertise has, in recent years transitioned into Emerging Technologies, and the subsequent assessment and review of risk landscapes thereof. His scope has included Artificial Intelligence (AI), Robotic Process Automation (RPA), Blockchain, the Internet of Things (IoT), and Big Data, both at a local level together with cross-border efforts.
Rivash has assisted clients and internal initiatives with risk identification, assessment and remediation, process analysis, modelling and design, digital readiness assessments, internal Emerging Technology upskilling initiatives, and overall project and programme quality assurance.
Herman Errico, Information Security Consultant, BSI
Herman Errico is currently working in Dublin with BSI Cyber security and Information Resilience. He has a master’s degree in law and a master’s in Information Security and Strategy, both achieved in Rome Italy. Herman has both a technical and a governance background, which allows him to support client from multiple perspectives. Standard, Technical documents and service lines development are his main interests, together with a strong passion for research and client relationship management.