Trends and best practices to sustainability in today’s high velocity digital environment.
Today’s rapidly changing and high velocity digital environment has introduced risks and vulnerabilities never seen in our industry. Leveraging technology can be a significant enabler when considering your organizational sustainability. Key to doing this is an organization’s evolution of their agility, resilience and the ability to predict and manage risks. In this information packed opening keynote, we will explore the current landscape of our environment and learn top tricks and tips to addressing these to enhance your sustainability posture.
How Security has evolved due to the changing technology landscape
Synopsis:As technology has evolved, so too are the tools, techniques and governance around it. We shall go over some of what I believe are the more salient points of this journey in the last 5 years or so, and what this means for us professionals in the field.
Mr. Ross is Executive Principal of Risk Masters International and holds certification as a Certified Information Systems Security Professional (CISSP) as well as a Master Business Continuity Professional (MBCP), a Certified Information Systems Auditor (CISA) and a Certified Data Privacy Solutions Engineer (CDPSE). Mr. Ross is a specialist in the field of information systems security and control, specializing in Information Security, Business Continuity Management, Data Privacy and IT Disaster Recovery Planning services. He has implemented Information Security programs for numerous banks, government agencies and industrial corporations. Prior to founding Risk Masters, Mr. Ross was a Director and global practice leader with Deloitte & Touche.
In consulting engagements, he specializes in planning, policy development, implementation, and standardization of Information Security processes. In recent years, his focus has been on reliability, prevention, detection and recovery from the technical and business impact of cyberattacks. He has published a book, Creating a Culture of Security. He was editor of the multi-volume series, e-Commerce Security, and author of several of the books in the series, including e-Commerce Security: Public Key Infrastructure. Since 1998, Mr. Ross has regularly published the column, “IS Security Matters”, in the ISACA Journal. In 2022, he has been inducted into the ISACA Hall of Fame. In 2022, he was inducted into the ISACA Hall of Fame.Topic Title:
Topic Title:Leading the way: Empowering innovative technologies through risk-based and continuous audit
Synopsis:Experience how audit can lead the way through digital transformation by improving work planning, staffing, and budgeting while also empowering business operations.
Unlocking the Power of Data through Strategic Privacy by Design
Synopsis:The rapid growth and flow of data has become one of the most important building blocks of our increasingly digital society. The processing of data, and specifically, personal data, is inevitable as organizations shift to a more data-driven approach in making business decisions. This is where conversations and strategies on privacy and ethics should come in.
Privacy and ethics should be at the forefront of every data-centric business initiative and should be recognized as integral components of an organization’s strategy. Adopting a Privacy by Design approach would not only promote digital resilience and ensure compliance but would enable organizations to leverage the power of data to draw valuable, actionable insights and drive business growth.
Mr. Chan is a Partner leading the Digital Trust & Cybersecurity practice within PwC Malaysia. In the last 14 years, he led multiple projects advising clients in the area of Cybersecurity, Data Privacy and Technology Risks, including Cloud Security, Risk and Compliance, and provided strategic advices to executives on how to embed digital trust as a value creation to businesses. Clarence is also a Board member of ISACA Malaysia Chapter. Mr. Chan holds a Bachelor’s degree in Information Technology and Commerce (Accounting) from the Monash University, Australia. He was appointed as member of Digital Technology Implementation Committee (DTIC) Working Group by the Malaysia Institute of Accountant.
Topic Title: “Adopting an Offensive Security approach in testing your security defenses”
Whilst penetration testing is an essential component of the security assessment program, organisations should start employing more adversarial or offensive approach i.e. Red Team exercise, in testing their security defenses. In recent years, various regulators amongst APAC countries have started to introduce guidelines and requirements expecting organisations to embed offensive security approach in their overall cyber risk management program to 'stress-test' their cyber defenses.
In this session, the speaker will share with you:
- Red Team Exercise vs Penetration Testing: the key differences
- How do you plan for a Red Team exercise
- Our war stories and 'successful attacks' and its root causes
- How to incorporate Red Team Exercise into your Three Lines of Defenses (3LoD)
Reggie is Senior Vice President - Chief Audit Executive of Bank of Commerce. He has been in external & internal audit, IT security, control & audit, governance, risk management, compliance management, related party transaction (RPT) management, project management, IT management & quality assurance for more than 35 years. As such, Reggie is thoroughly exposed in all the technical and administrative aspects of audit, information systems audit, and system development project. He is a CPA, CIA, CISA, CISSP, CFSA, CISM, CCSA, CRMA, COBIT (F), COBIT (I), an accredited QA Validator of IIA & COBIT 5 Implementation and Foundation speaker of ISACA. He is one of the founding incorporator of ISACA Manila and a past president of the Chapter.
Topic Title: ”Transforming IT Audit Function"