EURO
CACS/ISRM 2015
GROW YOUR NETWORK. ENHANCE YOUR KNOWLEDGE.Advance your expertise and enhance your skillset. Share ideas and develop mutually beneficial relationships with audit, security, cyber security, assurance and risk professionals from around the world. Secure your place at Europe’s leading information systems and business conference.
9-11 NOVEMBER 2015 | COPENHAGEN, DENMARK
Register today at www.isaca.org/Euro2015
CONNECT MORE
EMBRACE FRESH INSIGHTS AND NEW CONNECTIONS. Join leaders, experts and fellow professionals in information systems’ most demanding fields for Europe’s most prestigious audit, security, cyber security, assurance and risk management conference. Gain knowledge that can help you better develop, implement, and manage cutting-edge and time-proven practices and solutions to sustain you in your role and advance you in your career. Earn up to 39 CPE hours at innovative sessions and workshops, expand your network and return to your enterprise prepared for whatever the future holds. Attend the EuroCACS/ISRM 2015 Conference in Denmark’s beautiful and historic capital—Copenhagen.
EuroCACS/ISRM Conference
OPENING KEYNOTE SPEAKERMONDAY, 9 NOVEMBER | 8:30 – 9:45
JAKOB SCHARF FORMER DIRECTOR GENERAL OF THE DANISH SECURITY AND INTELLIGENCE SERVICE (DSIS) (2007-2014)
Fighting for National SecurityDuring his tenure at the DSIS, Former Director General of Danish Security and Intelligence Jakob Scharf successfully led his team to identify and counter an exponential rise in al-Qaeda terrorist threats resulting from the “Cartoon Crisis” stemming from the publication of illustrations depicting the prophet Muhammed in a Danish newspaper. He led efforts to take on the challenge facing his nation after Denmark became a priority target for insider cyber attacks. Jakob will share how these experiences shaped Denmark’s holistic approach to national security issues and placed the DSIS into a leading role in reducing radicalisation, countering specific terrorist activities and developing measures for effective investigation and prosecution of terrorists. He will also discuss how the government can partner with both public and private organisations in sharing information and intelligence to improve security for all.
REGISTER AND PAY BY 2 SEPTEMBER AND SAVE US $200 — www.isaca.org/Euro2015
EuroCACS/ISRM 2015KEYNOTE SPEAKERS
HEAR FROM RENOWNED GLOBAL THOUGHT LEADERS. APPLY FRESH PERSPECTIVE TO TAKING ON YOUR WORLD.
Leverage expert-led sessions and innovative, hands-on workshops. Explore topics in the business-critical fields of audit, assurance, risk, cyber security, privacy and compliance. Take away insights, tools and solutions that will enable you and your enterprise to work smarter, faster and at less risk towards greater rewards.
SPECIAL PLENARY SESSIONSTUESDAY, 10 NOVEMBER | 10:00-11:00
Gain an added edge by attending one of these special sessions: 211 Security Implications and Concerns with Emerging and New Technologies
212 The Misfit Economy
EARN UP TO 39 CPE HOURS IN FIVE CUTTING-EDGE LEARNING TRACKS: COMPLIANCE/PRIVACY
GRC
INFORMATION SYSTEMS AUDIT & ASSURANCE
|NFOSECURITY & RISKMANAGEMENT
CYBER SECURITY
REGISTER AND PAY BY 2 SEPTEMBER AND SAVE US $200 — www.isaca.org/Euro2015
CLOSING KEYNOTE SPEAKERWEDNESDAY, 11 NOVEMBER | 11:15 – 12:15
LORD JONATHAN EVANS DIRECTOR GENERAL OF MI5—THE BRITISH SECURITY SERVICE (2007-2013)
Determining Who You are Dealing with—And Other Ways to Save the World a Lot of LootAs head of MI5, Lord Jonathan Evans was one of the British government’s principal advisors on national security threats including terrorism, cyber security and espionage and was a member of the Prime Minister’s National Security Council. He also led MI5’s work to ensure the safety and security of the 2012 Olympic and Paralympic Games in London. His closing keynote addresses the critically important issue of getting threat evaluation right. Most enterprises encounter minor cyber attacks routinely. To respond guns blazing to every little threat would be draining on security and cyber security personnel and other resources of your enterprise—and as there is little reward without some element of risk, equally counter to enterprise success. Who better to help you bone up on evaluating threat severity than Lord Evans—chief threat evaluator for the nation that brought us fictional super spy James Bond?
EXPERIENCE EXCEPTIONAL OPPORTUNITIES TO LEARN BEGINNING 7 NOVEMBER 2015
EuroCACS/ISRM 2015SESSIONS
KEYNOTE SPEAKERTUESDAY, 10 NOVEMBER | 8:30 – 9:30
BEN HAMMERSLEY TRENDS AND DIGITAL GURU, AUTHOR AND FUTURIST
Adapting at the Speed of ChangeAuthor of the acclaimed books 64 Things You Need To Know Now for Then, and Now for Then: How to Face the Digital Future Without Fear, and inventor of the word “Podcast,” Ben Hammersley is a journalist, futurist and technologist who specialises in the effects of the Internet on the world’s political, cultural and social spheres. Focussing on the rapidly advancing world of social media and side-channel data, Ben will discuss the everyday struggle to balance the need for security and privacy against the dire risks encapsulated in the acronym “FOMO”—fear of missing out! He will offer his unique insights into the future of technology and the collection and use of data both in the workplace and at home.
EuroCACS/ISRM 2015SESSIONS
COMPLIANCE/PRIVACY TRACK
Stay on top of increasingly complex and stringent regulations, standards and customer demands while ensuring the privacy of sensitive data against the growing threat of cyber attacks and data breaches. Gain new knowledge, tools and a proactive approach to safeguarding customer, client and employee information and avoiding the negative consequences of non-compliance and breaches of privacy. Sessions include:
111 Privacy. Technology. Disruption.
121 Unlocking the Value of Software Asset Management
131 American Privacy—Fact or Fiction?
141 28 Days to Respond upon Privacy Breach
151 We Lost Privacy in a Mobile World. So What?
221 Managing Electronic Data Destruction
231 Women in IT, Information Security and Privacy
241 Megatrend
251 Six Ways PIAs Can Improve Privacy Programs
311 ISACA Privacy Framework Overview
321 Overcoming IoT Privacy Challenges
GRC TRACK
Create greater value for your enterprise by optimising resources and improving risk management. Combining IT, opportunities and solutions, the GRC track focusses on assisting managers and professionals to tackle governance, risk and compliance challenges, and oversee and administer the effective and efficient implementation of complex technologies in order to further enterprise goals, maintain compliance and mitigate risk. Sessions include:
112 Applying the Risk Process in the Real World
122 Using Skills to Leverage your Biggest Asset—People
132 IT Outsourcing in the Era of Data Anxiety
142 What the CISO Should be Doing!
152 Megatrend
222 Responsive Risk Management for Digital
232 VAR—Value at Risk Model
242 Thin Edge of the Wedge: IS Risk Assessments
252 Security Threats, Frameworks & Mitigation
312 Using Risk Cards for Managing Risks
322 COBIT 5 for InfoSec
INFORMATION SYSTEMS AUDIT & ASSURANCE
Explore proven methodologies and techniques to enhance your knowledge and information systems audit and assurance skillset. This track is ideal for helping audit and assurance professionals identify risks and opportunities related to achieving enterprise goals and creating value through information and technology. Sessions include:
113 Cosmetic Company COBIT Makeover: 4.1 to 5.0
123 Adding Business Value through the Governance and Auditing of Social Media
133 PCI DSS in the Cloud—In Practice
143 Challenging Process Mining and Profiling—Part 1
153 Challenging Process Mining and Profiling—Part 2
223 Comply with Standards Before You Get Hurt
233 Cyber Assurance—What Should the IT Auditor Focus On
243 Deriving Maximum Benefit from Audits
253 Big Data—What’s In It For the Auditor?
313 Continuous Risk Monitoring— The Rise of the Machines
323 The Magic of Analytics
INFOSECURITY & RISK MANAGEMENT TRACK
Advance your expertise in the areas of developing, implementing, managing, and governing trustworthy information systems and keeping your enterprise secure. Gain expert insights on a wide range of issues, and current and future challenges from information security to effective risk management. Sessions include:
114 How To Build Your Security Business Case
124 User Behavior Analytics: The Brain for SIEM
134 Megatrend
144 Debunking 3 Myths of PKI
154 Women in Technology—Advancing Your Career and Personal Brand
224 InfoSec Risk Management for ICS
234 Incident Response—A Case Study
244 Risk Based Thinking for Today’s Threats
254 Time Synchronization and Information Security
314 Information Security Governance: It’s Still not on the Radar
324 A Career as a Misfit Workshop for Women in Technology
REGISTER AND PAY BY 2 SEPTEMBER AND SAVE US $200 — www.isaca.org/Euro2015
115 Data is the New Cash
125 TBD
135 Cyber Defence Critical Controls
145 A Fireside Chat: Are We in the Information Security Industry Losing the Cyber Battle?
155 Workshop on Cyber Security Incidents
225 Megatrend
235 TBD
245 Cyber Security in Industrial Control Systems
255 (not so) Advanced Persistent Threats
315 Find the Needle in Internet of Everything Haystack
325 TBD
EARN UP TO 39 CPE HOURS!CONTINUING PROFESSIONAL EDUCATION CREDITS
ISACA is registered with the US National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE sponsors through its website: www.learningmarket.org.
CYBER SECURITY TRACKEmbrace expert insights and delve into concepts and issues across the spectrum of the fast-growing and increasingly important field of cyber security. Topics are relevant for security and cyber security professionals at all levels as well as for IS professionals wanting to transfer to this in-demand field. Sessions include:
COBIT® CONFERENCE EUROPE 7 – 8 November 2015 | Copenhagen, Denmark
Embrace the Power and Value of COBIT at ISACA’s inaugural COBIT Conference EuropeAhead of the opening keynote of ISACA’s prestigious EuroCACS/ISRM 2015 Conference, you can connect with information systems and business leaders, experts and fellow professionals to explore the benefits of the globally accepted and industry-leading COBIT® 5 business framework and its enablers. Learn how you can apply COBIT 5 to make enterprise governance and processes more flexible and adaptable to the ever-changing environment of information systems and business.
Choose from two informative educational tracks:
Track 1: COBIT 5 Foundations—Obtain foundation-level knowledge of the COBIT® 5 framework and supporting materials in a logical and example-driven approach presented by COBIT expert Okanlawon Zachy Olorunojowo, CISA, CGEIT.
Earn the Certificate—Take the Foundations Exam the day after the COBIT Conference—Monday, 9 November 2015—for an additional US $150 + VAT!
Track 2: Actionable Insights, Tools and Practical Guidance—Learn how to apply COBIT 5 to create business value; how it relates to other standards and frameworks; and how it can help you defend against cyber attacks, manage and mitigate risk, and more.
Take away new knowledge and actionable insights that can be immediately leveraged to create more value for your enterprise. Receive up to 14 CPE credits!
Register for the EuroCACS/ISRM COBIT Conference combination and SAVE US $305!Register now at www.isaca.org/cobiteuro
The power of COBIT is in its tools, resources and guidance. The value is in how it applies to what you do.
AUDIT &ASSURANCE
RISKMANAGEMENT
INFORMATIONSECURITY
REGULATORY &COMPLIANCE
GOVERNANCE OFENTERPRISE IT
PRE-CONFERENCE WORKSHOPSSaturday | 7 November | 9:00 – 17:00Sunday | 8 November | 9:00 – 17:00
Get your conference off to a highly productive start. Attend your pick of two-day or one-day pre-conference workshops. Earn up to 14 additional CPEs!
Choose a two-day CSX Fundamentals Workshop for vital preparation for the ever-growing cyber threat or enhance your skills and marketability with the two one-day workshops available.
WS1 Cyber Security Fundamentals—Section A Dr. Vilius Benetis, CISA, CRISC Cybersecurity Professional, CEO NRDCS
WS2 Cyber Security Fundamentals—Section B Mr. Richard James Hollis, CISM, CRISC CEO Risk Factory Ltd.
Why become a cyber security professional? The protection of information is a critical function for all enterprises. Cyber security is a growing and rapidly changing field, and it is crucial that the central concepts that frame and define this increasingly pervasive field are understood by professionals who are involved and concerned with the security implications of Information Technologies (IT). The CSX Fundamentals workshop is designed for this purpose, as well as to provide insight into the importance of cyber security, and the integral role of cyber security professionals. This workshop will also prepare learners for the CSX Fundamentals Exam.
After completing this workshop, you will be able to: • Understand basic cyber security concepts and definitions • Define network security architecture concepts • Recognise malware analysis concepts and methodology • Identify computer network defense (CND) and vulnerability assessment tools, including open source tools and their capabilities • Explain network systems management principles, models, methods, and tools • Distinguish system and application security threats and vulnerabilities • Classify types of incidents (categories, responses, and timelines for responses) • Outline disaster recovery and business continuity planning • Comprehend incident response and handling methodologies • Be aware of the basic concepts, practices, tools, tactics, techniques, and procedures for processing digital forensic data
WS3 Developing a Comprehensive IT Strategic Assurance Plan Hans Henrik Berthing, CISA, CGEIT, CRISC, CIA, CPA Partner, IS Audit Director Verifica
After completing this workshop, you will be able to: • Develop a detailed IT Assurance strategy and plan • Ensure that business goals, objectives and risks are considered as part of the IT Assurance work • Perform the IT Assurance in compliance with requirements from International Standards of Audit and ISACA Standards • Communicate the results of the IT audit work to the financial auditor and Risk Management Function • Use tools as part of the planning process and communication with executive management and the Risk and Compliance function
WS4 Red Team/Pen Testing Rob Shapland, BSc (Hons), OSCP, OSWP Senior Penetration Tester & Technical Operations Manager First Base Technologies LLP
Mike McLaughlin, MBCS, GSEC, GPEN, OSCP, CRT Senior Penetration Tester & Technical Team Lead First Base Technologies LLP
After completing this workshop, you will be able to: • Understand how to determine who your assailants are, what they can exploit, and the consequences of their attacks • Appreciate the risks to your business, based on real-world threats and vulnerabilities • Identify the phases of an advanced attack and map the threats onto your security plans • Engage a red-team exercise to test your organisation’s attack surface and weaknesses
EuroCACS/ISRM 2015PRE-CONFERENCE WORKSHOPS
EARN UP TO AN ADDITIONAL 14 CPES! Register today at www.isaca.org/Euro2015
EuroCACS/ISRM 2015POST-CONFERENCE WORKSHOPS
POST-CONFERENCE WORKSHOPSWednesday | 11 November | 13:00 – 17:00 continued onThursday | 12 November | 9:00 – 12:30
Wrap up your career and skills-enhancing experience with a one-day post-conference workshop. Choose the topic most relevant to your role and your goals. Earn up to 7 additional CPEs! Don’t miss the hands-on session you have your heart set on; reserve your place by registering today.
WS5 Dealing with Privacy in a Worldwide Environment Using the ISACA Privacy Principles M. Yves Le Roux, CISM Technology Strategist CA Technologies
After completing this workshop, you will be able to: • Understand the privacy issue, the principles of data protection and the various implementations of them across the world • Consider in more details some specific situations (e.g., privacy in the workplace, medical data, financial data) • Clarify the Privacy and Law Enforcement issue • Comprehend the new privacy issues arising with Mobility, BYOD, Big Data and the Internet of Things • Discuss trends for future legislation and technological solutions • Understand the ISACA privacy principles and how to incorporate the new ISACA privacy principles into each COBIT 5 enabler. • Tailor the ISACA framework to your enterprise environment
WS6 Responding to Targeted Attacks Rolf M. von Roessing, CISA, CISM, CGEIT President ORFA AG
After completing this workshop, you will be able to: • Understand what the cyber security threat landscape currently looks like • Learn about the differences in traditional threats versus APT • Identify how to recognise a cyber security attack • Learn best practices to contain a cyber attack and mitigate impact • Apply the concepts of Complicate, Detect, and Respond • Understand the importance of real Threat Intelligence • Address questions related to the responsibilities of security, monitoring and incident response • Gain insight on how Red Teaming adds context to vulnerability identification • Appreciate the value of maturing and integrating components of your security operation
WS7 IT Service Provider & Vendor, Audit, Risk & Compliance Cedric Lempereur, CISA, CISM Director Internal Audit Operations ATOS
Dan Cimpean, CISA, CISM, CGEIT Partner Deloitte Enterprise Risk Services
In performing their activity, risk managers, IT auditors or security managers face challenges in defining a framework that covers the main security and IT assurance needs implied by using an IT service provider. A number of frameworks have been developed and can serve as a basis for further risk identification and assessment. A good preparation and understanding of challenges ahead will allow professionals to provide value-added, concrete and actionable recommendations to be applied. This workshop is aimed at providing good practices to develop this and apply it in practice through voting games during the session.
After completing this workshop, you will be able to: • Identify key trends in IT service provider and vendor management from an assurance and audit perspective • Identify service provider risks and define mitigation strategies to obtain the necessary assurance (internal vs external assurance ISAE3402, ISO27000, etc.) • Discuss current and emerging risks related to the use of IT service providers (e.g., Cloud specific risks) • Tailor an IT service provider Assurance Framework to be used within your organisation (Internal Audit, Security, etc.)
Join us for this exciting program, focused on the unique challengesand opportunities women face in the technology field.The demand for qualified technology professionals continues to grow yet women remain woefully under-represented in the field. In an effort to help advance the role of women in technology, ISACA is hosting a special Women in Technology platform during EuroCACS/ISRM 2015. Join us for impactful discussions and guidance on navigating the unique needs, opportunities and challenges faced by women in the field. Connect with peers, collaborate on both business and personal development issues, and share strategies and success stories. From networking events to educational sessions specifically designed around topics impacting the gender gap, Women in Technology offers an innovative, inspirational forum to help you excel in the technology field.
For more information visit www.isaca.org/womentechnologyeuroLook for this symbol to find “Women in Technology” sessions and events.
CONFERENCE PRICING
Register and pay BY 2 September 2015* Member ........................US $1,550 + VAT Non-member .................US $1,750 + VAT
Register and pay BY 2 November 2015 Member ........................US $1,750 + VAT Non-member .................US $1,950 + VAT
WORKSHOP PRICING
One-Day WorkshopMember ........................US $550 + VAT Non-member .................US $750 + VAT
Two-Day Workshop Member ........................US $750 + VAT Non-member .................US $950 + VAT
COBIT CONFERENCE PRICING
7 – 8 November 2015 | 9:00 – 17:00Track 1 - COBIT 5 FoundationsTrack 2 - Actionable Insights, Tools & Practical Guidance
Register and pay BY 2 September 2015*Member ............................... US $750 + VAT Non-member ........................ US $950 + VAT
9 November 2015 | 7:30 – 9:00COBIT 5 Foundations Onsite Exam: $150 + VAT(COBIT 5 Foundations Track must be purchased)
Register and pay BY 2 November 2015*Member ............................... US $950 + VAT Non-member ........................ US $1,150 + VAT
Tivoli Hotel and Congress Center Arni Magnussons Gade 2 - 4DK-1577 København VPhone: +45.4487.0000www.tivolihotel.com
Conference-Only DiscountDKK 1,175 single/double (this rate includes the DKK 35/night environmental fee, VAT and service charges)Special hotel rates available for the conference including pre and post nights, are subject to availability.
Reservation Deadline: 9 September 2015Limited number of rooms available at Conference-only Discounted Rate and reservations will be handled on a first-come, first-served basis. All reservations made after the deadline or after the room block fills, are subject to space and rate availability.
Special Events
Sunday, 8 November • Welcome Reception | 17:30 – 19:30
Monday, 9 November • Expo Hall | 7:00 – 19:30 • Spotlight Educational Sessions | 17:45 – 19:00 • Networking Reception in the Expo Hall | 17:30 – 19:30
Tuesday, 10 November • Women in Technology Breakfast | 7:30 – 8:30 • Expo Hall | 7:30 – 16:15 • Spotlight Educational Sessions | 17:30 – 18:00 • The Special Event | 18:30 – 21:00
Register and pay by 2 September 2015 and save US $200! www.isaca.org/Euro2015
Stay in the heart of the conference action at a hotel specially discounted for ISACA attendees. Secure your reservation as soon as possible to take advantage of our special group rate.
Please contact the hotel directly and be sure to mention “ISACA’s EuroCACS/ISRM Conference.”
*All registration fees must be paid in full by 12pm CT on 2 September 2015 or regular registration rates will apply. Registration fees not paid in full by Monday, 2 November 2015 are subject to the onsite registration rate (see web site for pricing details).
The Danish VAT rate of 25% will be charged on all registration fees, cf. Section 21(1) of the Danish VAT Act. VAT charges may not be deducted from the registration fees to be remitted. For your registration to be considered paid in full, the entire registration fee including VAT must be received by ISACA. ISACA is registered for Danish VAT and will provide a VAT invoice to registrants for VAT reclaim.
All fees are quoted in US dollars. The entire registration fee must be received by ISACA before your registration will be considered paid in full. Cancellation Deadline: 9 October 2015. Cancellation policy and other details can be found at www.isaca.org/Euro2015.
Your EuroCACS/ISRM 2015 conference and workshop fees include: • Complimentary continental breakfast and lunch • Complimentary refreshment breaks • Complimentary wireless Internet access • Complimentary access to networking events • Complimentary access to the Expo Hall • Complimentary access to Spotlight Education Sessions
COBIT Conference Europe registration includes: breakfast and lunch, refreshment breaks, wireless internet access AND access to the EuroCACS/ISRM 2015 pre-conference networking event, welcome reception and opening keynote.
Group DiscountsISACA offers discounts to organisations sending 4 or more employees to a single conference. Contact the ISACA Conference department for more details at +1.847.660.5622 or [email protected].
Become a Member and Save!Non-members, start enjoying the benefits of ISACA membership today. The difference between member and non-member conference fees can be applied towards your ISACA membership, potentially enabling you to become a member at the international and chapter level for no additional cost. This offer expires 30 days after completion of the conference. Don’t miss this opportunity—apply today!
EuroCACS/ISRM 2015ACCOMMODATIONS, VENUE AND REGISTRATION
Euro
CACS
/ISRM
Con
fere
nce
9 –
11 N
OVE
MBE
R 20
15
| CO
PENH
AGEN
, DEN
MAR
K
3701
Alg
onqu
in R
oad,
Sui
te 1
010
Rollin
g M
eado
ws,
IL 6
0008
USA
GRO
W Y
OUR
NETW
ORK.
EN
HANC
E YO
UR
KNOW
LEDG
E.
Regi
ster
by
2 Se
ptem
ber 2
015
and
save
US
$200
!Vi
sit w
ww
.isac
a.or
g/Eu
ro20
15