Copenhagen, Denmark - ISACA Denmark 20.-21. ... Senior Advisor Strategic Cyber ... attacker is...

PROGRAM

Copenhagen Denmark20-21 April 2015

wwwisacadk konferenceisacadk

CRISC Review Course 22th ndash 23th of April


TimeStream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

1000 ndash 1015

1015 ndash 1100

1230 ndash 1330

Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

Major General (Ret) Roar

SundsethSenior Advisor Strategic Cyber

Security Watchcom Security Group

Whatever you do ndash

it is not good enough

If we are to reduce the digital

vulnerability we need a radical shift

in relation to how we approach

Cyber- and Information Security

The old security paradigm is broken

It is of the outmost importance for

all of us to understand how the

attacker is thinking not only

recognize what kind of attack tool

he is using

Jason ClaycombCorporate Governance Officer OS33

ldquoGolf course lsquocyber securityrsquo discussions

with CEOsrdquo

Your CEO just got back from a CEO

roundtable and golf outing as is asking

about XYZ threats to our systems because

ABC company just had an incident This

session will cover several of the hot topics

in security that CEOs are hearing about

and how we can respond Examples of

topics to be covered include

Vulnerability management Irsquom afraid of

POODLE (or whatever the latest

vulnerability is written up by the Post)

Disclosure Sonyrsquos data breach is costing

them millions in lost revenue Can that

happen here

DOS attacks I heard that Yahoo suf-fered

from a denial of service attack What are

we doing to prevent that

Anti-money laundering amp know your

customer Irsquom afraid that we have

customers funneling money to terrorists

How can we made sure we arenrsquot doing

this

Jess Kjaeligr MogensenPartner PwC

Management and Boardrsquos

expectations of external auditor

regarding cybercrime

Cybercrime is on management and the

boardrsquos agenda The risk must be

handled and external auditorrsquos role must

be defined and communicated

As most companies use outsourcing in

different scale also the efficiency and

adequacy of audit reports from

outsourcing providers should be

evaluated in light of current mana-

gement and board expectations

Dr Vilius BenetisCEO NRD CS

Where and how to start practical

cybersecurity for small-medium

businesses (cost benefit risk

aware) how to think what to do

The presentation would provide

integrated view from COBIT5 (incl for

Cybersecurity and Information

Security) Critical Controls as well as

Human skills management (related to

NIST NICE) and would show what

practical things has to be done to

ensure assurance in cybersecurity vs

compliance

1415 ndash 1445 Break networking exhibition

1330 ndash 1415


1130 ndash 1230

Key note Ole Svenningsen Nordea amp Jesper B Hansen amp Camilla Bruun Siscon

Cyber Security in a GRC World ndash with a management perspectiverdquo

Sisconrsquos presentation weighs the concept of Cyber Security against well-implemented GRC

- Governance = decision-making processes

- Risk = analysis of current status

- Compliance by adherence to rdquo best practicerdquo

Siscon gives an introduction to those ldquonon-technologicalrdquo managerial measures a business should take to be proof against the Cyber threat whilst also achieving

a GRC structure within the business Siscon will provide a sketch of a managerial approach to GRC vs Cyber Security and as we have the opportunity to

introduce you to one of our Danish clients the presentation will be hands-on and case-oriented The presentation is practical preparing the ground for what

ldquoworks in the real worldrdquoThis business will recount which line of thought they have followed with respect to withstanding the Cyber threat ndash incorporating their

structuring of a strong GRC culture embedded in management functions

Lunch

Key note Robert E Stroud ISACA International President amp VP Strategy and Innovation CA Technologies

Cyber security is your head in the sand or are you ready for action

Cyber threats are targeting us all whether government enterprises and even individuals

Why now Why has the evolution and nature of these attacks accelerated and should we simply apply more traditional security and risk approaches or is this

totally new phenomena require a dramatic change in approach

Robert will share key aspects the changing nature of advanced persistent threats and discuss innovative methods for professionals to arm themselves against the

changing threat landscape

Nordic ConferenceMonday April 20

th - 2015

930 ndash 1000 Registration amp Breakfast

Welcome and pre-speak Bent Poulsen President of ISACA Denmark Chapter


Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

Jacqueline Johnson

Head of IT Security Nordea

Using the new ISO27002 as tool

for security governance

Protection against cyber security is

much dependent on due diligence

both regarding the specific network

protection and the general

information security governance in

the organisation In this session you

will be trained in the new areas and

controls of ISO270022013 It will

also be illustrated how Nordea has

chosen to select and adopt the

new ISO 27002 and how it is being

implemented and monitored both

in the IT units and in the business

functions Key learning is guidance

on implementation of new areas

and controls in ISO27002rdquo

Claus Bartholin Senior Manager PwC

CGEIT CISM CISSP MBCI

How to operationalize Governance

structure in an outsourcing environment

A typical scenario between the customer

and the vendor is misunderstanding of the

purpose of the contract or the contract

does not clearly describe the Information

Security policy and requirements How to

build and implement an operational

Governance model in cooperation with

the outsourcing partner and how to handle

Cloud service providers

The Governance model establish Security

as a line of Business responsibility (rights

and obligations) and setup meetings and

reporting structure Practical example of

how to operationalize the security require-

ments in conjunction to the existing con-

tract or when negotiating new contracts

with sourcing provides The special chal-

lenge is how to handle Cloud service pro-

viders and to make security requirements

This presentation help you to understand

the oxymoron between vendorsrsquo standard

services regarding modern Cyber Infor-

mation Security protection environment

Erik Joslashrgen Andersen Director

Symbic

Implementing the NIST Cyber-security

Framework Using COBIT 5

While the Cybersecurity Framework (CSF)

was originally created in support of critical

infrastructure providers it is applicable to

any organization that wishes to better

manage and reduce cybersecurity risk

Nearly all organizations in some way

support critical infrastructure

ISACA has issued guidance intended to

assist organizations with understanding

steps for CSF implementation using ISACA

methods and approach specifically

COBIT 5

We will discuss processes example

templates and guidance for using CSF to

identify and achieve enterprise and

organizational objectives for the

governance and management of IT

Tore Maaoslash CISO PwC amp

Wenche Woldseth PwC

Professional Behavior and

Business Conduct

PwC Norway has conducted a

simulation based game called

ldquoProfessional Behavior and Business

Conductrdquo launched in May 2013

and 2014 This is the annual

compliance training in the company

contains important disciplines as Risk

amp Quality Security Independence

and Ethics - with focus on dilemmas

As opposed to traditional awareness

e-learning based training PwC

wanted to do present something

different innovative and absorbing

The ldquogamerdquo is mandatory to all staff

and partners in PwC Norway

The audience will be given a short

presentation of the game We will

present the background for our

decision to launch an interactive

game the working process and

achieved results

1530 ndash 1545

1630 - 1800 Networking check-in Hotel

1830 Dinner

1445 ndash 1530

Break networking exhibition

1545 ndash 1630

Key note Ramseacutes Gallego Security Strategist amp Evangelist Dell Software amp Jacob Herbst CTO Dubex

From Identity Management to Access Governance A New Dawn

Security turned into cybersecurity when we connected our systems when data started flowing around Now more than ever it is instrumental to understand who

has access to know when fromto where and why It is critical to have full control and visibility on access to sensitive information critical data from customers

and other stakeholders

In a world where everybody has become a target it is imperative that we embrace the shift in perception from technology risk to enterprise risk Itrsquos time to

adapt and adopt emerging trends and technologies and govern the access to customer data health records billing information We have to do it with the right

mindset the right attitude And thatrsquos the willingness of protecting and defending with the right technologies the right partnerhellip It is time to wake up to a new

approach that will allow us not only to manage identities but also to govern data wherever it resides This is a new era a new dawn to protect and defend


th - 2015


TimeStream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

900 ndash 915

915 ndash 1000

Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

Lars Neupart CEO Neupart

Recent development in cloud

security certifications and

transparency

A new compliance tool from Cloud

Security Alliance (CSA) allows cloud

customers to review and bench-

mark the security controls imple-

mented by cloud service providers

This is an important step in improv-

ing transparency Also the first CSA

STAR Certifications have been issue

Attend this presentation to learn

about the cloud control matrix the

STAR certification scheme and to

experience the new STAR compli-

ance tool developed by Neupart

Jonas Halldin

CISA CISM CRISC QSA Market Area

Manager AringF

Cyber risks goes mobile and how

do we pay for it

Jonas will talk about the risks added

when we develop mobile apps pays

for services with our mobile devices

and connects our apps to our core

business data

An introduction to what kind of

mobile solution exist and what risks

do they bring to your organization

How interaction with payment

solution or other data may multiply

your threat exposure level and what

you can do to minimize it

Jens Monrad Consulting Systems

Engineer FireEye amp

Allan Bjerre Director KPMG

The Unknown Threat in Denmark

A joint Threat study by FireEye amp KPMG

In early 2015 FireEye amp KPMG took a

deepdive into the unknown threats in

Denmark More than 20 Danish

companies volunteered time amp network

to join the study

Jens amp Allan will present the study

alongside a perspective on how to move

forward

Frode LilledahlRisk and Security Centre Lead DNB

Risk and Security Centre

In 2014 DNB established a Risk and

Security shared service centre to

better be able to serve projects in

their security work such as security

and risk assessments and help

reduce risk in solutions and services

The presentation will focus on DNBrsquos

experiences with establishing the Risk

and Security Centre and how this

centre brings value to DNB

1130 ndash 1230 Lunch

Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

Surinder Singh RaitCISA CISM ISO27001LA ITIL

Senior Corporate IT Auditor Ericsson

Security Metrics

Key to successful ISMS

In this abstract I would be talking

about why Cyber Security is

becoming a necessity importance

of ISMS implementation of ISMS

and what is the importance of

defining smart KPIrsquos for ISMS Ie

Security Metrics and how they are

going to help drive the maturity of

ISMS within the organization How

does it help communicate with the

senior management

Martin KochCGEIT EMEA Datacenter Operations

leader GE Capital

Enabling cloud delivery in a

regulated environment

The Outsourcing Services Industry is

going through dramatic changes

reducing the ability to keep direct

control At the same time the

aftermath of the Financial Crisis has

increased the demands on control

How does management balance

these forces

GE Capital has a long tradition of

Outsourcing IT This presentation will

present you with lessons learned and

challenges found from a 3rd party

governance perspective (Sverige)

Frank AlvernCIA CISA CCSA CGAP CRMA Chief

Audit Executive Norwegian Ministry of

Defence

Challenging top management to

assess IT Governance

Management throughout the defence

sector in Norway is now using one com-

mon model to self-assess its maturity of

governance risk management and con-

trols processes Internal audit is also using

the same model as the foundation of its

annual assurance statement to the

CEOs in the sector One of the subcate-

gories in the maturity model is called IT

Governance The first version of this sub-

category is very basic but the ultimate

goal is to expand into ldquoCobiT 5 thinkingrdquo

including CobiTrsquos inherent maturity model

As the modelrsquos chief architect Frank

Alvern will share his experiences with a

focus on the IT Governance part of the

model He intends to solicit opinions from

the audience on how to increase the

level of detail while at the same time

keeping top managementsrsquo interest and

commitment alive ndash even though it is IT

we are talking about

Lars GunnerholmCISA CISM Consultant LGY Konsult

BCP how to do and lessons

learned

Lars will share his broad experience

on how to develop and maintain a

Business Continuity Plan that really

works when its needed He will also

give some advice on how to test a

plan as well as common mistakes A

part of his speak will also stress the

importance of communication

1000 ndash 1030 Break networking Exhibition

Nordic ConferenceTuesday April 21

st - 2015

830 ndash 900 Registration and Breakfast

Welcome

Key Note Niels Ringling Underwriting Director at CodanFight against cybercrime is drowning in the daily challenges that Danish companies are facing Companies recognize their responsibility However in their

opinion Danish politicians do not pay sufficient attention in addressing the cybercrime challenges

1030 ndash 1130

1230 ndash 1315


1315 ndash 1345

1430 ndash 1500

Break Networking Exhibition

1345 ndash 1430

Key Note Ramseacutes Gallego International VP ISACA Board of Directors President ISACA Barcelona Chapter

CISM CGEIT CISSP SCPM CCSK ITIL COBIT(f) Six Sigma Black Belt Privacy by Design Ambassador Government of Ontario Canada

The Future of NOW

If there is something constant in the universe thatrsquos speed of light And change Change is a constant in todayrsquos world We are living through times where

the present is leaving us every single second These are times where present is already past and the need to adapt and adopt new and emerging

technologies have become instrumental for success Organizations are being pressed with time-to-market issues while in reality they should a have time-

to-value perspective In an epoch where technology is pervasive and you can hardly find businesses that do not depend on technology we have to face

change as one critical variable in the planning of enterprise strategy Because we have something crystal clear that the futureis going to change We

have to capture the present realizing that it has already become past and that the next business iteration has already happened whether we like it or not

By attending this session the attendee will enhance herhis perception on the importance of time when designing planning and executing a business

strategy The difference between strategy and tactics will be mentioned as well as the need of adapting to change in a world with no secrets no barriers

no frontiers The attendee will gain a deeper understanding on the issues of adaptability trustability and reliability and more important will discover that

we are living in the future The Future of NOW

Closing

Nordic ConferenceTuesday April 21st - 2015

ISACA Denmark Chapter and Verifica will hold the official ISACA CRISC review course based on ISACAs Review Manual

In these two day the following four Domains from the CRISC Exam will be presented

Domain 1 IT Risk Identification

Domain 2 IT Risk Assessment

Domain 3 Risk Response and Mitigation

Domain 4 Risk and Control Monitoring and Reporting

The Course is based on the CRISC review manual Students can get the manual at ISACA bookstore by following this link

After the course you can participate in a test exam where also good advice for the exam will be given

The Course will be led by Hans Henrik Berthing CRISC CISA CGEIT CIA Hans Henrik have performed CISA and CRISC review courses since 2009 Students on his review courses have normally good exam scores and more than 80 passes the CISA or CRISC exam

To sign up or get more information please email hhbverificadk or call +45 2220 2821

The price for the CRISC course is DKK 10000 excl VAT for member of ISACA Non-member price is DKK 12000 excl VAT Delegates from the conference receive DKK 1000 in Discount if they register for the course before March 1st 2015

CRISC Review Course22th ndash 23th of April


Who should attendIT Audit professionals IT Governance professionals Information security managers Information security professionals Assurance professionals IT professionals Senior and executive managers CIOs CISOs and other members of the C-suite

WhyThe conference will be dedicated to presenting topics and educational streams with a unique perspective Each stream will have a blend of technical and managerial topics that will enhance the learning experience and actively motivate and challenge the way you work

LanguageAll sessions are in English

When The 20th ndash 21st April 2015 (CRISC Review Course 22nd ndash 23th of April)

Location The conference will take place in Tivoli SlottetLocated inside Tivoli in the heart of Copenhagen

Accomodation Accomodation is available at Hotel Copenhagen Marriott Copenhagen DenmarkReserve hotel rooms directly with the hotel for an ISACAdiscounted rate for DKK 1600 here before March 3rd 2015

Tivoli Slottet is walking distance from Hotel Marriott

CPETo maintain Certified Information Systems Auditortrade (CISAreg) Certified Information Security Managertrade (CISMreg) Certified Risk amp Information Systems Controlstrade (CRISCreg) and Certified in the Governance ofEnterprise ITreg (CGEITreg) certifications certification holders are required to earn 120 CPE credit hoursover a three-year period in accordance with ISACArsquos continuing professional education (CPE) policy Attendees earns 15 CPE credits by attending the ISACA Nordic Conference 2015

General Information


General Information

Registration

The fee for attending the conference is DKK 6000 for ISACA members and DKK 7500 for non-members

which includes membership of ISACA rest of 2015

Your registration fee includes

Attendance at the conference for 2 days

Access to the Exhibitors hall

An opportunity to earn up to 15 continuing professional education (CPE) credit hours

Morning and afternoon coffeetea breaks

Complimentary lunches on Monday 20th and Tuesday 21st of April

An evening event and dinner on Monday 20th of April

Entrance to TIVOLI on both days

The registration must include

Name Contact information (E-mail Phone Address)

CompanyOrganization name

Billing address

Last day for registration is April 17th 2015 Register for the conference before March 10th and an discount of DKK 500 is received

All registrations can be done by sending a mail to konferenceisacadk

Delegates from Sweden please register here

Delegates from Norway please register here

Become a member today and get the member discount for the conference

Register for ISACA membership through wwwisacaorgjoin

Disclaimer

The information in this brochure is correct at the time of printing ISACA reserves the right to alter or delete items from the program in the event of unforeseen circumstances Material has been prepared

for the professional development of ISACA members and others in the IT audit control security and governance community Neither the presenters nor ISACA can warrant that the use of material

presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices All materials used in the preparation and delivery of presentations on behalf of I

ISACA are original materials created by the speakers or otherwise are materials which the speakers have all rights and authority to use andor reproduce in connection with such presentation and to grant

the rights to ISACA as set forth in speaker agreement Subject to the rights granted in the speaker agreement all applicable copyrights trade secrets and other intellectual property rights in the materials

are and remain with the speakers Please note unauthorized recording in any form of presentations and workshops is prohibited


Dubex

At Dubex we are focused on helping companies and public institutions manage risk and grow more flexibly We understand that managing risk is about finding the right balance translating business goals into acceptable levels of risk And we understand that investments in IT security need to result in measurable business value For example while helping our clients keep up with compliance we also work to reduce costs When making mobile workforces more secure we also increase network performance And when our clients acquire companies or open new offices we quickly bring new locations up to the same level of security so integration isnrsquot slowed down Thinking like we are part of our clientsrsquo businesses is what sets us apart Dubex - Managing risk enabling growth wwwdubexdk

Hos Dubex hjaeliglper vi baringde private og offentlige virksomheder med at styre deres risici og understoslashtte en fleksibel vaeligkst At styre risiko er for os et sposlashrgsmaringl om at finde den rette balance mellem vores kunders forretningsmaringl og et acceptabelt risikoniveau Vi har fokus paring at investeringer i it-sikkerhed altid skal tilfoslashre synlig vaeligrdi til organisationen For eksempel hjaeliglper vi vores kunder med at sikre at de hele tiden er compliant samtidig med at vi har fokus paring at reducere omkostningerne Vi sikrer mobile medarbejderes adgang til virksomhedens data samtidig med at vi optimerer adgangen til netvaeligrket Og naringr vores kunder opkoslashber virksomheder eller aringbner nye kontorer sikrer vi at disse hurtigt kommer op paring samme sikkerhedsniveau saring de hurtigt bliver integrerede og faringr adgang til virksomhedens systemer Dubex differentierer sig som samarbejdspartner ved at vi agerer som en del af vores kunders forretning

Laeligs mere paring wwwdubexdk

Information of our PLATINUM Sponsors


Siscon

Siscon deliver ISMS software ControlManagertrade based on ISO 27001 and ISO 27002

Siscon was founded in 2004 by Lars Baeligrentzen who is still in charge of the daily operations of this company where fine qualities such as superior service and long-term relations with the customer are in focus in particular as regards value in the implementation and rooting of data and information security in Scandinavian businesses We are 8 dedicated colleagues each and every day handling responsibilities such as consultancy amp advising for our clients sales and marketing plus support and development

From the beginning in 2004 and to this date the concept for Sisconrsquos operations has been based on the provision of support of the work performed by the person in charge of data and information security through the preparation of information-security policies risk assessment emergency plans and continuous follow-up ndash thus securing support of all elements for businesses with a desire to work professionally with information security

Siscon and ControlManagertrade represent ndash and have done so for a long time ndash the marketrsquos leading tool for supporting employees in charge of IT security in their work and thus securing businesses structure and control with respect to prioritised and well-documented decision-making

ControlManagertrade guarantees a structured approach within the field of information security and comprising built-in Awareness front end reporting module IT security manual and much more ControlManagertrade is an indispensable partner for everyone involved in the information-security work of the organisation





NeupartHow we helpNeupart provides SecureAware a cloud service that makes it simpler to manage risk and information security requirements in organisations

Unlike the classic consulting firms working with an office package we offer a tool to automate information security management processes allowing companies to comply with best practices and manage business risks more efficiently

We are pleased to also offer our SecureConsult services but because of SecureAware well spend less time to achieve the results you want

More than 200 organisations worldwide are Neupart customers including governments utilities finansial services and IT service providers

RSA

RSA The Security Division of EMC is the premier provider of intelligence-driven security solutions

RSA helps the worldrsquos leading organizations solve their most complex and sensitive security challenges managing organizational risk safeguarding mobile access and collaboration preventing online fraud and defending against advanced threats

RSA delivers agile controls for identity assurance fraud detection and data protection robust Security Analytics and industry-leading GRC capabilities and expert consulting and advisory services

Information of our GOLD Sponsors


The Professional Evaluation and Certification Board (PECB) is a personal certification body for persons on a wide range of international standards including ISOIEC 20000 ISOIEC 27001 and ISOIEC 27005

PECB has earned a reputation for integrity value and best practice by providing assurance through the evaluation and certification of professionals against rigorous internationally recognized competence requirements

PECB provides comprehensive personnel examination and certification services Certification represents the crossover of protection of the public fairness to candidates and often various interests of the profession Although these mayappear to be competing interests a well-designed certification program will be most effective in meeting these interests when its resources are deployed to enhancevalidity and reliability

Credibility on the market and recognition by peers is the true value of PECB certification

Carlstedt Inc is the local agent and representative for PECB in Sweden Denmark Finland and other regions

Information of our SILVER Sponsors


TivolirdquoAlways like never beforerdquo


The conference is held in Tivolislottet in Tivoli Tivoli was founded in 1843 by

Georg Carstensen and have many traditions - but innovation is also a key priority at

the gardens According to founder Georg Carstensen Tivoli will never be finished

Tivolis wooden roller coaster dates from 1914 and is one of the oldest wooden roller

coasters still operating in the world The Glass Hall burned down completely during

the schalburgtage (pro-German sabotage) in 1944 - before the current Glass Hall

was constructed It was originally a concert hall from 1863 From 1902 it was used as

a theatre revue etc under the name The Glass Hall

Tivolis Aquarium is northern Europes longest saltwater aquarium with more than 1600

tropical fish and was inaugurated in 2005

Tivoli Garden has existed since 1844 and is one of Denmarks best musical education

programs for boys Delegates on the conference have free entrance to Tivoli during

the conference


TimeStream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

1000 ndash 1015

1015 ndash 1100

1230 ndash 1330

Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

Major General (Ret) Roar

SundsethSenior Advisor Strategic Cyber

Security Watchcom Security Group

Whatever you do ndash

it is not good enough

If we are to reduce the digital

vulnerability we need a radical shift

in relation to how we approach

Cyber- and Information Security

The old security paradigm is broken

It is of the outmost importance for

all of us to understand how the

attacker is thinking not only

recognize what kind of attack tool

he is using

Jason ClaycombCorporate Governance Officer OS33

ldquoGolf course lsquocyber securityrsquo discussions

with CEOsrdquo

Your CEO just got back from a CEO

roundtable and golf outing as is asking

about XYZ threats to our systems because

ABC company just had an incident This

session will cover several of the hot topics

in security that CEOs are hearing about

and how we can respond Examples of

topics to be covered include

Vulnerability management Irsquom afraid of

POODLE (or whatever the latest

vulnerability is written up by the Post)

Disclosure Sonyrsquos data breach is costing

them millions in lost revenue Can that

happen here

DOS attacks I heard that Yahoo suf-fered

from a denial of service attack What are

we doing to prevent that

Anti-money laundering amp know your

customer Irsquom afraid that we have

customers funneling money to terrorists

How can we made sure we arenrsquot doing

this

Jess Kjaeligr MogensenPartner PwC

Management and Boardrsquos

expectations of external auditor

regarding cybercrime

Cybercrime is on management and the

boardrsquos agenda The risk must be

handled and external auditorrsquos role must

be defined and communicated

As most companies use outsourcing in

different scale also the efficiency and

adequacy of audit reports from

outsourcing providers should be

evaluated in light of current mana-

gement and board expectations

Dr Vilius BenetisCEO NRD CS

Where and how to start practical

cybersecurity for small-medium

businesses (cost benefit risk

aware) how to think what to do

The presentation would provide

integrated view from COBIT5 (incl for

Cybersecurity and Information

Security) Critical Controls as well as

Human skills management (related to

NIST NICE) and would show what

practical things has to be done to

ensure assurance in cybersecurity vs

compliance


1330 ndash 1415


1130 ndash 1230

Key note Ole Svenningsen Nordea amp Jesper B Hansen amp Camilla Bruun Siscon

Cyber Security in a GRC World ndash with a management perspectiverdquo

Sisconrsquos presentation weighs the concept of Cyber Security against well-implemented GRC

- Governance = decision-making processes

- Risk = analysis of current status

- Compliance by adherence to rdquo best practicerdquo

Siscon gives an introduction to those ldquonon-technologicalrdquo managerial measures a business should take to be proof against the Cyber threat whilst also achieving

a GRC structure within the business Siscon will provide a sketch of a managerial approach to GRC vs Cyber Security and as we have the opportunity to

introduce you to one of our Danish clients the presentation will be hands-on and case-oriented The presentation is practical preparing the ground for what

ldquoworks in the real worldrdquoThis business will recount which line of thought they have followed with respect to withstanding the Cyber threat ndash incorporating their

structuring of a strong GRC culture embedded in management functions

Lunch

Key note Robert E Stroud ISACA International President amp VP Strategy and Innovation CA Technologies

Cyber security is your head in the sand or are you ready for action

Cyber threats are targeting us all whether government enterprises and even individuals

Why now Why has the evolution and nature of these attacks accelerated and should we simply apply more traditional security and risk approaches or is this

totally new phenomena require a dramatic change in approach

Robert will share key aspects the changing nature of advanced persistent threats and discuss innovative methods for professionals to arm themselves against the

changing threat landscape


th - 2015

930 ndash 1000 Registration amp Breakfast

Welcome and pre-speak Bent Poulsen President of ISACA Denmark Chapter


Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

Jacqueline Johnson
















































Symbic














COBIT 5







Wenche Woldseth PwC


Business Conduct





















achieved results

1530 ndash 1545


1830 Dinner

1445 ndash 1530


1545 ndash 1630











th - 2015


TimeStream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

900 ndash 915

915 ndash 1000

Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk




transparency














Jonas Halldin


Manager AringF


do we pay for it





business data

















to join the study



forward














Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk



Security Metrics












senior management


leader GE Capital










these forces








Defence



























learned











st - 2015


Welcome



1030 ndash 1130

1230 ndash 1315


1315 ndash 1345

1430 ndash 1500


1345 ndash 1430



The Future of NOW











Closing























General Information


General Information

Registration














Billing address







Disclaimer








Dubex






Siscon














RSA



























the conference


Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

Jacqueline Johnson
















































Symbic














COBIT 5







Wenche Woldseth PwC


Business Conduct





















achieved results

1530 ndash 1545


1830 Dinner

1445 ndash 1530


1545 ndash 1630











th - 2015


TimeStream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

900 ndash 915

915 ndash 1000

Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk




transparency














Jonas Halldin


Manager AringF


do we pay for it





business data

















to join the study



forward














Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk



Security Metrics












senior management


leader GE Capital










these forces








Defence



























learned











st - 2015


Welcome



1030 ndash 1130

1230 ndash 1315


1315 ndash 1345

1430 ndash 1500


1345 ndash 1430



The Future of NOW











Closing























General Information


General Information

Registration














Billing address







Disclaimer








Dubex






Siscon














RSA



























the conference


TimeStream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk

900 ndash 915

915 ndash 1000

Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk




transparency














Jonas Halldin


Manager AringF


do we pay for it





business data

















to join the study



forward














Stream A

Security

Stream B

Governance

Stream C

Assurance

Stream D

Compliance amp Risk



Security Metrics












senior management


leader GE Capital










these forces








Defence



























learned











st - 2015


Welcome



1030 ndash 1130

1230 ndash 1315


1315 ndash 1345

1430 ndash 1500


1345 ndash 1430



The Future of NOW











Closing























General Information


General Information

Registration














Billing address







Disclaimer








Dubex






Siscon














RSA



























the conference


1315 ndash 1345

1430 ndash 1500


1345 ndash 1430



The Future of NOW











Closing























General Information


General Information

Registration














Billing address







Disclaimer








Dubex






Siscon














RSA



























the conference






















General Information


General Information

Registration














Billing address







Disclaimer








Dubex






Siscon














RSA



























the conference









General Information


General Information

Registration














Billing address







Disclaimer








Dubex






Siscon














RSA



























the conference

General Information

Registration














Billing address







Disclaimer








Dubex






Siscon














RSA



























the conference

Dubex






Siscon














RSA



























the conference

Siscon














RSA



























the conference







RSA



























the conference

RSA



























the conference






















the conference















the conference

Date post:	07-Apr-2018
Category:	Documents
Upload:	trinhnguyet
View:	219 times
Download:	4 times

Copenhagen, Denmark - ISACA Denmark 20.-21. ... Senior Advisor Strategic Cyber ... attacker is...

Documents