Partnerzy/Partners: ISACA Warszawa, EY Polska, AdaptiveGRC
Termin/Date: 29 października/October 2024 17:30 - 21:00
Lokalizacja/Location:
Język prezentacji/Language: angielski/English
CPE: 4
We invite you to an educational meeting taking place on October 29, 2024, from
5:30PM to 9:15 PM in a hybrid format:
- EY Office, Rondo ONZ 1, 00-124 Warsaw. Limited seating available. The in-
person event at the EY office is available to ISACA and IIA Poland members.
Attendees at the venue are invited to enjoy refreshments and networking after
the presentations. Participation is free of charge. In-Person registrations are
open until October 20, 2024. This is important for booking an appropriately
sized venue and planning the catering.
- All presentations will be live-streamed on the ISACA Warsaw YouTube
channel. The online format is available to all participants without any limit on
numbers.
Agenda:
5:30 PM Welcome and opening
5:35 PM Topic 1 & Topic 2
7:15 PM Cofee break & Networking
7:30 PM Topic 3
8:55 PM Networking
9:15 PM End of the event.
Participation in the event provides the opportunity to earn up to 4 CPE credits.
Serdecznie zapraszamy na spotkanie edukacyjne, które odbędzie się
dnia 29.10.2024 o godzinie 17:30 – 21:15 w formie hybrydowej:
- Siedziba EY, Rondo ONZ 1, 00-124 Warszawa. Liczba miejsc ograniczona.
Obecnych na miejscu, po zapraszamy na poczęstunek i networking. Udział w
spotkaniu jest bezpłatny. Możliwość spotkania w siedzibie EY jest dostępna dla
członków ISACA i IIA Polska, liczba miejsc jest ograniczona i liczy się kolejność
zgłoszeń, które zbieramy do 20.10.2024.
- Część merytoryczna będzie transmitowana na kanale ISACA Warszawa na
YouTube. Formuła online dostępna jest dla wszystkich uczestników i nie ma
ograniczenia co do liczby uczestników.
Uczestnictwo w wydarzeniu możliwość uzyskania do 4 CPE.
DETAILED AGENDA:
Topic 1: The Bright and Dark Sides of Third-Party Risk Management
Speaker: Sebastian Burgemejster, IT GRC
Linekdin: https://www.linkedin.com/in/sebastian-burgemejster-cisa-crisc-cism-ccak-soc-2-expert-7b342a127/
Description:
During my presentation, I will share my perspective as someone who:
- serves as both a CISO and DPO, advising on information security, cybersecurity, privacy protection, and compliance in startups;
- acts as an independent third-party/auditor/assessor in SOC2 audits and audits subcontractors in the supply chain on behalf of clients;
- advises large organizations on information security, cybersecurity, privacy protection, and compliance, including in the area of TPRM.
I will highlight what works and what doesn’t in the traditional approach to Third-Party Risk Management (TPRM). I will also point out the advantages and disadvantages of different tools and the reliance on common solutions.
Topic 2: How to ensure compliance and mitigate risks of 3rd parties
Speaker: Jan Anisimowicz, ISACA Warsaw, C&F SA
Linkedin: https://www.linkedin.com/in/anisimowicz/
Description:
Vendor Management encompasses all the processes necessary for managing third-party vendors that provide services and products to organizations. Both the organization and the vendor must invest significant effort to optimize the value derived from these services or products, while also addressing the associated risks. As the scale and complexity of services increase, so do the risks, making effective vendor management increasingly important. For instance, under GDPR, if a data processor fails to comply with an organization's requirements and a data breach occurs, the organization could face substantial fines, potentially up to 20 million Euros.
Additionally, research indicates that third-party vendors often represent one of the weakest links in an organization's security framework. Cyber-related incidents and data breaches involving third parties are frequent, with some having severe consequences for the impacted organizations. Despite this, vendor risk management remains largely manual in many companies, even as organizations dedicate more resources to this area. Alarmingly, most companies have limited visibility into their vendors, yet managing risks from third parties is crucial for the majority of organizations.
By the end of this session, participants will be able to:
- Develop vendor risk profiles for their organization.
- Implement recommended steps to ensure third-party compliance.
- Identify the most high-risk vendors for audit and security control verification.
- Mitigate risks posed by third parties, including data processors.
Topic 3: Assurance over external ICT services providers. How to approach in an effective way IT audits of third parties and manage respective risks.
Speakers:
Description:
In the context of new regulations, organizations are transforming their approach to ICT service providers, especially in terms of periodic assessments of third parties. Our seminar will help in understanding key problems and questions related to operating model of ICT service providers audits:
- What are challenges for ICT service assessments in the context of DORA requirements?
- How to define and implement efficient process for periodic assessment of ICT service providers?
- What reports and attestations can save time of my employees responsible for ICT service providers assessments?