CISO Africa Summit - MIS Training

Day One: CISO Africa Summit - Cyber Critical National Infrastructure & CyberCrime in Africa - Tuesday 20 November 201208:00 Coffee & Registration09:00 Chairman’s Introduction09:10 National Security Threats in Cyber Space:New FrameworksThe South African Cabinet recently approved a nationalcyber security policy framework for South Africa.Developing national best practices; nationalpartnership programmes; raising cyber securityawareness; encouraging the ICT security industry toincrease research & development; challenges ofimplementing cyber security measures nationallySenior Representative, South African GovernmentOpening Keynote09:30 Cyber Crime in Africa: The AfricanDevelopment Bank Approach KEYNOTELTC (R) William J. Godbout, Head, Security Unit, AfricanDevelopment Bank10:00 Cyber Security & Protecting Information atSARS KEYNOTEClifford Collings, Group Executive: Anti-corruption &Security, South African Revenue Service (SARS)10:30 Morning Coffee Break10:50 Building a Cyber Response: Law EnforcementView KEYNOTEEstablishing regional cyber crime units, national training,regional forensic capability and industry task forces.South African Police Service (prov.)11:20 Advanced Persistent Threats or AdvancedPersistent Hype? What Role will ‘Hacktivism‘Play in Shaping the Future SecurityLandscape in Africa?•How can we plan for ‘Black Swan’ catastrophic cyberevents?•What's the next big cyber issue?•How are public-private sectors collaborating in Africa& globally?• What are the key security challenges for banks in Africa?Chaired by: LTC (R) William J. Godbout, Head, SecurityUnit, African Development BankPanellists: South African Police Service (prov.);Simon Riggs, Senior Vice President, Information SecurityOfficer, Global Information Security, Bank of AmericaMerrill Lynch & other speakersPanel11:30 The Cyber Savvy CEO KEYNOTECEO12:20 Lunch13:20 Global Benchmark of IT Security Hiring TrendsSURVEY RESULTSA bi-annual benchmark of IT security hiring trends,polling (ISC)2 members in information security, collecteddata from more than 2,250 security professionals aroundthe world – including from across Africa. Results paint apicture of a skyrocketing security labour market drivenby increasing cognisance of threats to corporate data!John Colley, Managing Director, EMEA, (ISC)2 EMEA13:40 Security Professionals of Tomorrow & TheIntegration of Physical & Logical Security toProtect Technology & Information AssetsPanelVote a Vendor PanelPanel Special KeynotesWhat are the skills required for today’s security and cyber riskroles? How do we develop people to prepare them for theseroles and beyond looking at Africa & internationalapproaches? Can logical and physical security disciplines worktogether to tackle cyber crime, fraud, insider threat, identitymanagement and the protection of key assets? Where is theintelligence coming from? A panel of CIOs, CISOs and CSOsexamine strategic questions around security.Panellists: Clifford Collings, Group Executive: Anticorruption& Security, South African Revenue Service(SARS); Winston Hayden, President, ISACA SouthAfrica, Group Information Security, Zurich InsuranceCommittee Member-IT Governance Sub-Committee, KingIII Report; John Colley, Managing Director, EMEA, (ISC)2EMEA; Jenny Reid, President, Security Association ofSouth Africa (SASA)14:30 Cyber Risk at Sky CASE STUDYPhillip Davies, Head of Investigations & Cyber CrimeLead, British Sky Broadcasting Ltd15:00 Afternoon Tea Break15:20 Guide to Emerging Technologies for Protecting DataA high-impact ‘vendor shoot out’ session involving 4sound byte presentations of market solutions... Theaudience will vote the best product / service and thebest presentation! An invaluable session for heads ofinformation security and ICT directors to keep updatedon the newest solutions & services – presented in adynamic pitches.Chaired by: John Colley, Managing Director, EMEA,(ISC)2 EMEA15:40 Security Challenges Behind Africa’s KeyInnovative ICT ProjectsUshahidi Crowd Source Disaster ProjectJuliana Rotich, Executive Director, Ushahidi (invited)M-PESA : A Success Story in the WorldMr. Anthony Gacanja, Chief Information Security Officer,Safaricom16:50 Future Gazing on Security, Trust & Planning: TopSecurity Predictions for Africa1. Are we aware of what events may cause ourbusiness to lose its trusted status?2. Do we have measures in place to ensure the securityof information as it flows through our organisation?3. What do you feel the single biggest change tosecurity professionals will be in 2013?4. What is the role of strategic planning within thesecurity programme?5. What are the unique characteristics and bestpractices of security strategy?6. What are the components of a proactive, forwardfacing security strategy?Chaired by: Mr. Ray Stanton, VP Professional ServicesBTGS, BT plc.Panellists including: Mr. Anthony Gacanja, ChiefInformation Security Officer, Safaricom; Malcolm Smith,Group Head of Security & Safety Services, NedbankLimited17:30 Close of Day One & Welcome ReceptionRegister Now at www.mistieurope.com/cisoafrica Enquiries Tel: +44 (0)20 7779 8444

Day Two: CISO Africa Summit - Business Security Governance, Risk, Legal& Compliance - Wednesday 21 November 201208:30 Coffee08:55 Chairman’s re-Opening09:00 Putting Information Security Governance intoPractice KEYNOTEWinston Hayden, President, ISACA South Africa, GroupInformation Security, Zurich Insurance CommitteeMember-IT Governance Sub-Committee, King III Report09:30 Towards Intelligence Based Security Models;Risk Mapping & Getting the Right Mix KEYNOTEHow do we identify and measure Information Securityrelated risks and compare them with other business risks?Ray Stanton, VP Professional Services BTGS, BT plc10:00 How to Create a Security Value PropositionCASE STUDYMalcolm Smith, Group Head of Security & Safety Services,Nedbank Limited10:30 Securing the Cloud & 3rd Parties CASE STUDYSpeaker to be confirmed11:00 Morning Coffee Break11:20 Securing Critical Electronic Infrastructures &Educating the Judiciary & Law EnforcementCASE STUDYOsioke O. Ojior, Group Chief Risk Officer, InterSwitchLimited Nigeria11:40 Protection of Personal Information Bill:Information Security Implications forBusinesses in South Africa LEGAL EXPERTISE!Mark Heyink, Legal Expert on Information Security12:20 Information Protection, Privacy & Towards ITRegulatory Compliance•Data protection & privacy: what’s on the radar forAfrica?•Compliance with international standards & codes ofpractice – PCI DSS; Data Protection, Privacy•Preparing for a balkanised Internet: privacy,interception & legal challenges•How can we prepare our organisations for the newworld where free & un-intercepted movement ofinformation is a thing of the past?•Towards a standardised pan-African InformationSecurity Regulatory Compliance framework?Panellists including: Osioke O. Ojior, Group Chief RiskOfficer, InterSwitch Limited Nigeria; Mark Heyink,Legal Expert on Information Security; Jenny Reid,President, Security Association of South Africa (SASA)Panel13:00 Lunch14:00 Insider Threats CASE STUDYDr. Cheryl Hennell, Head of IT Security and InformationAssurance, Openreach14:30 WorkshopsMobile Security, BYOD (Bring Your Own1Device) & What Does Consumerization of ITReally Mean for Enterprise Security?Co-facilitated by: Michael Mbuthia, Head IT Risk &Control, Co-operative Bank of Kenya; Simon RiggsSenior Vice President, Information Security Officer, GlobalInformation Security, Bank of America Merrill LynchSecuring mobile end-user devices in the organisation;Conducting an information security risk assessment;Embedding security behaviours2Securing Cloud: The First Phase of the NewGlobally Distributed Computing Landscape –Are We Ready?Co-facilitated by: Ray Stanton, VP ProfessionalServices BTGS, BT plc & Quentyn Taylor, Director ofInformation Security EMEA, Canon EuropeWhat do we need to do to deal with the securityimplications of your data in someone else's datacentre? allow/prohibit? Are you already in the cloud?15:30 Information Ethics & Disclosure STAND UP &SHARE SESSIONHeld under Chatham House Rule, audience andspeakers are invited to share experiences and provensuccessful approaches to:•When ‘no’ means ‘no’ in a non regulated environment!•Data loss experiences & approachesLed by: Clifford Collings, Group Executive: Anti- corruption& Security, South African Revenue Service (SARS)16:00 Afternoon Tea Break16:20 ROSI & Quantifying Risk GROUP SCENARIOPLANNING EXERCISEThe group collectively collates a list of top 5 securityconcerns (logical and physical). Then the groups splitinto 5 smaller groups each taking one of the 5 concerns.Each table presents back a ‘battle’ for winning thebudget to the top table of ‘senior management’ – bearingin mind transparency on how much to invest in security;as costs get cut, how do we demonstrate that we useour security budget most effectively? Staying relevantin a double dip! How will our organisation's businessmodel evolve in the future, and what InformationSecurity opportunities and risks will this present?Facilitated by: Charles V. Pask, Managing Director,ITSEC Associates Limited16:50 CISO Rotating Think TanksAttend 2 out of 3 of these rotating open discussionssessions in 3 corners of the room with 3 facilitators (15minutes discussion per rotation, followed by 3 minutesummary of key findings presented back to the fullaudience by the facilitator). Objective: how are keyareas maturing - risks, threats, tools, solutions!1. Addressing the risks of privileged accounts2. Does Information Security presentopportunities to gain competitive advantage?3. How do you know where your data is?17:30 Close of Day Two & Group ActivityRegister Now at www.mistieurope.com/cisoafrica Enquiries Tel: +44 (0)20 7779 8444

Day Three: CISO Africa Summit - Incident Response, Business Continuity,Digital Forensics, IT Audit – Thursday 22 November 201208:45 Coffee & Registration08:55 Chairman’s re-Opening09:00 Security Data Analytics CASE STUDYQuentyn Taylor, Director of Information Security EMEA,Canon Europe10:00 Electronic Evidence in Forensic Audits: ATelecoms Perspective CASE STUDYChukwunonso Okoro, Manager, Forensic Audit Services,Mobile Telephone Networks (MTN) Cameroon10:30 CISO Insights CASE STUDYSimon Riggs, Senior Vice President, Information SecurityOfficer, Global Information Security, Bank of AmericaMerrill Lynch11:00 Morning Coffee Break11:20 Post Incident Forensics & Processes KEYNOTEAdrian Culley, Global Security Engineer, AccessData11:50 Cyber Fraud, Vendors & Third PartyInfiltration into OrganisationsJenny Reid, President, Security Association of SouthAfrica (SASA)12:10 Counterintelligence – Enhancing BusinessContinuity & Supporting SecuritySteve Whitehead, Managing Executive, CorporateBusiness Insight & Awareness (CBIA)12:30 Lunch13:30 WorkshopsIT Audit Security Controls, Standards, Logs &1Procedures - Security Breaches & PatchingCo-facilitated by: Charles V. Pask, Managing Director,ITSEC Associates Limited & other speakers2Cyber Crime & Security Challenges for BanksCo-facilitated by: Simon Riggs, Senior Vice President,Information Security Officer, Global Information Security,Bank of America Merrill Lynch & other speakers14:20 WorkshopsBusiness Continuity Challenges & Setting up1an Incident Response Function (Operational &Tactical Level)Co-facilitated by: Chukwunonso Okoro, Manager,Forensic Audit Services, Mobile Telephone Networks(MTN) Cameroon; Dr. Cheryl Hennell, Head of ITSecurity and Information Assurance, Openreach2Running Successful Digital ForensicInvestigationsCo-facilitated by: Phillip Davies, Head ofInvestigations & Cyber Crime Lead, British SkyBroadcasting; Adrian Culley, Global Security Engineer,AccessData; Osioke O. Ojior, Group Chief Risk Officer,InterSwitch Limited Nigeria15:10 Key Security Polemics of the Day QUESTIONTIME TEAM DEBATE FOR PRIZESTwo teams battle it out for prizes in this traditional styledebate, focusing on 2 or 3 particular areas of controversywithin the information security space. One team will bemade up of speakers, the other team will includevolunteers taken from the audience. Subjects willdepend on key polemics of the day for example:1. Privacy & security: Is the gulf widening? Yes/no2. Flame: another example of APH (AdvancedPersistent Hype)? Yes/ no3. Social networks - allow/prohibit?Chaired by: Dr. Cheryl Hennell, Head of IT Security andInformation Assurance, Openreach; Yann A. Mouret, ChiefExecutive Officer, Africa Executive Protection Network16:00 Close of Day Three & Free EveningDay Four: CISO Africa Roundtable - Security Professionalism for Africa,Awareness & Measures – Friday 23 November 2012CISO Africa Roundtable is a discussion 'think-tank' for thought-leaders & practitioners in information security and corporate security.The roundtable provides an unrivalled benchmarking forum. The focus is on roundtable discussions & group work, with sessions facilitatedby established practitioners. You will meet & benchmark with professionals who face a similar set of challenges as you in a 'hands on',proactive & inspirational environment.Co-Facilitated by:LTC (R) William J. Godbout, Head, Security Unit, African Development BankClifford Collings, Group Executive: Anti-corruption & Security, South African Revenue Service (SARS)Malcolm Smith, Group Head of Security & Safety Services, Nedbank LimitedCharles V. Pask, Managing Director, ITSEC Associates LimitedDr. Cheryl Hennell, Head of IT Security and Information Assurance, OpenreachSimon Riggs, Senior Vice President, Information Security Officer, Global Information Security, Bank of America Merrill LynchQuentyn Taylor, Director of Information Security EMEA, Canon EuropeJohn Colley, Managing Director, EMEA, (ISC)2 EMEA✓ Timings - Coffee 08:30; Start 09:00; Coffee Break 11:00; Close & Lunch 13:00 – 14:00✓ Held under the Chatham House Rule - 'closed doors' session & strictly no press✓ Attendees determine preferred key topics in advance - input your questions for group action✓ Future gazing - benchmark & bond with peers✓ Create a ‘point for action’ plan with peers - take back for immediate implementation✓ Dress for Friday is casual✓ Optional group activity - will run following lunch (after 14:00)Register Now at www.mistieurope.com/cisoafrica Enquiries Tel: +44 (0)20 7779 8444