13:05-13:20 CONFERENCE OPENING Hon. Dr José A. Herrera Parliamentary Secretary for Competitiveness and Economic Growth

Transcription

1 Date Friday 8 th May 2015, 12:30-17:30 Followed by a Networking Reception to celebrate the ISACA Malta Chapter s Tenth Anniversary Venue Parking Le Méridien St. Julians Hotel & Spa Main Street, St. Julians, Malta Complimentary outdoor parking opposite to Main Entrance ISACA Members EUR Non-Members EUR Organised by Supported by

2 Programme 12:30-13:00 Registration and Welcome Coffee 13:00-13:05 WELCOME ADDRESS Mr Gian Carlo Millo ISACA Malta Chapter President 13:05-13:20 CONFERENCE OPENING Hon. Dr José A. Herrera Parliamentary Secretary for Competitiveness and Economic Growth 13:20-13:45 KEYNOTE ADDRESS CYBERSECURITY NEXUS CSX Mr Steven Babb ISACA International Vice President; Technology Risk, Compliance & Assurance Leader at Vodafone UK & Ireland 13:45-14:45 SESSION 1 A FIRESIDE CHAT: ARE WE IN THE INFORMATION SECURITY INDUSTRY LOSING THE CYBERWAR? Mr Neil Barlow Director of Information Security & Technology Risk at Capital One UK; Member of ISACA International Knowledge Board and ISACA International Cyber-Security Task Force; Board Member of ISACA Ireland Chapter 14:45-15:15 Coffee Break 15:15-16:25 SESSION 2 THE NEW MALTA FORTIFICATIONS A CRITICAL REVIEW OF GOVERNMENT OF MALTA S STRATEGY FOR PROTECTING ITS DIGITAL ASSETS AND ON-LINE PRESENCE Mr Rodney Naudi Head Governance, Risk & Compliance Department at MITA Mr Mark Bartolo Enterprise Architect Governance, Risk & Compliance Department at MITA Dr Keith Cilia-Debono Consultant Governance, Risk & Compliance Department at MITA 16:25-17:25 SESSION 3 THE WALLS THAT PUT YOU OUT OF BUSINESS Mr Johann Botha CEO at getitright; IT Management Best-Practice Coach, Trainer & Consultant 17:25-17:30 CONCLUDING REMARKS Mr Gian Carlo Millo ISACA Malta Chapter President 17:30-19:30 NETWORKING RECEPTION ISACA MALTA CHAPTER S TENTH ANNIVERSARY

3 Speaker Profiles & Session Abstracts CONFERENCE OPENING Hon. Dr José A. Herrera Parliamentary Secretary for Competitiveness and Economic Growth KEYNOTE ADDRESS CYBERSECURITY NEXUS CSX Mr Steven Babb ISACA International Vice President; Technology Risk, Compliance & Assurance Leader at Vodafone UK & Ireland Introducing ISACA s Cybersecurity Nexus CSX. Come and hear about CSX, the new security knowledge platform and professional program from ISACA. CSX is helping shape the future of cybersecurity through cutting-edge thought leadership, as well as training and certification programs for the professionals who are leading it there. Building on the strength of ISACA s globally-recognized expertise, it gives cybersecurity professionals a smarter way to keep organizations and their information more secure. With CSX, business leaders and cyber professionals can obtain the knowledge, tools, guidance and connections to be at the forefront of a vital and rapidly changing industry. Because Cybersecurity Nexus is at the centre of everything that s coming next... SPEAKER PROFILE Steven Babb, CGEIT, CRISC, ITIL is International Vice President of ISACA and Technology Risk, Compliance and Assurance Leader at Vodafone across the UK and Ireland. He has recently led Vodafone through the Cyber Essentials Plus certification, being the first telecoms company and the first multi-national to achieve this UK Government-driven certification. He is chair of ISACA s Knowledge Board and a member of the Strategic Advisory Council. He is a past chair of the Framework Committee and the COBIT 5 for Risk Task Force and a past member of ISACA s Risk IT and COBIT 5 Task Forces. Prior to his current role, he was Head of Governance, Risk and Assurance at Betfair between 2012 and Between 1996 and 2012 he worked for KPMG, where his final role was IT Risk Management Service Line Leader for the UK practice. Babb has over 15 years of consulting and assurance experience covering areas such as IT governance, IT risk management, technical compliance, service management programme & project management and information security management. This experience has been gained across the public and private sectors.

4 SESSION 1 A FIRESIDE CHAT: ARE WE IN THE INFORMATION SECURITY INDUSTRY LOSING THE CYBERWAR? Mr Neil Barlow Director of Information Security & Technology Risk at Capital One UK; Member of ISACA International Knowledge Board and ISACA International Cyber-Security Task Force; Board Member of ISACA Ireland Chapter Are we in the Information Security industry losing the cyberwar? We operate in a world now where multiple and varied threat actors attack computer systems and critical infrastructure on multiple fronts across the globe. Backed by alarmingly sophisticated skills and deep resources, these threat actors frequently succeed in reaching their objectives. However, it is not only the sophisticated threat actors that succeed. Enterprises unwittingly provide broad attack surfaces with inadequately secure or completely vulnerable points of entry. Are we setting ourselves up for failure? Can we stem the tide of the unseemly relentless onslaught? What can we do SPEAKER PROFILE Neil Barlow, CISA, CISM, CRISC, CISSP is the Director of Information Security & Technology Risk at Capital One UK. He is currently serving on the ISACA International Knowledge Board and the ISACA International Cyber-Security Task Force; as well as being on the board of the ISACA Ireland Chapter. Neil also is active with Irish Universities helping to improve their curriculums; as well as writing exam questions regularly for ISACA and ISC2. Prior to his current role, he was Head of Information Security Governance, Risk and Compliance for NYSE Euronext managing a global team creating and driving the global security agenda. He has also held information security leadership roles in global locations such as Ireland, UK, USA and Australia/New Zealand. Neil is an accomplished information security and risk leader of over fourteen years. He is an experienced information risk professional with specialized expertise in cyber/information security governance, strategy, policy and standards, critical infrastructure protection, and security laws and regulations. This experience has been utilised in highly visible roles reporting to various executive boards helping companies to meet business objectives while maintaining strong internal controls.

5 SESSION 2 THE NEW MALTA FORTIFICATIONS A CRITICAL REVIEW OF GOVERNMENT OF MALTA S STRATEGY FOR PROTECTING ITS DIGITAL ASSETS AND ON-LINE PRESENCE Mr Rodney Naudi Head Governance, Risk & Compliance Department at MITA Mr Mark Bartolo Enterprise Architect Governance, Risk & Compliance Department at MITA Dr Keith Cilia-Debono Consultant Governance, Risk & Compliance Department at MITA History has shown over and over again how mankind strived to protect its prized assets from intruders. Whereas the assets may have changed, and the means of attack evolved, the variables are remarkably similar in nature. The presentation will outline how the Government of Malta has built its cyber resilience based on established foundations of protection, detection and remediation. In particular, the emphasis on business continuity will be discussed and how the human element is key to ensuring that the different protection facets mesh into one unified shield. A number of typical case studies will be reviewed with particular emphasis on the lessons learnt. The presentation will also look at how agility will be key to react to the ever changing threat vector, potentially requiring going back to basics on certain premises that may have been taken for granted till now. SPEAKERS PROFILE Rodney Naudi, BSc, MSc (Eng)(Sheff) joined MITA (then MSU) in 1999 as a pupil worker and throughout the subsequent years worked in different fields within the organisation, including those of project management, ICT consultancy, quality assurance and compliance. He was appointed as Department Manager for Information Security in 2008, responsible for the agency s ISO27001 accreditation process and information security strategy. In June 2014 his responsibility was extended to cover Governance, Risk and Compliance. Rodney is a visiting lecturer at the University of Malta s Faculty of ICT. Mark Bartolo, BSc (Hons) Computing (Greenwich) started his career in ICT in 1990 with the private sector. He soon joined MITA (then MSU) where he held various roles in software development, consultancy, and architecture. Between 2000 and 2002, Mark served as MITA's Project Manager for the initial e-government programme, managing the delivery of the first e-government implementations. Since October 2005, Mark has undertaken a role in ICT governance, managing the delivery of Government ICT policies that regulate the adoption and use of technology in the public sector. During 2014, Mark also briefly managed the local implementation of the INSPIRE Directive. Keith Cilia-Debono, B.Sc., M.B.A. (Henley), M.Phil. (Maastricht), D.B.A. (Maastricht) joined MITA (then MSU) in the early 1990s, and has worked in various fields including project management, contractor management, consultancy and strategic planning, mainly involving Geographic Information Systems (GIS) technology within Government. In 2005, Keith formed part of the National Euro Changeover Committee (NECC), working on strategic planning and leading various national business preparations aimed at Malta s successful transition to the euro currency in In recent years, Keith has played a consultancy role in ICT governance, focussing mainly on policy management within the Public Sector.

6 SESSION 3 THE WALLS THAT PUT YOU OUT OF BUSINESS Mr Johann Botha CEO at getitright; IT Management Best-Practice Coach, Trainer & Consultant With the risk of cyberattacks and security breaches, together with worldwide legislation on privacy and protection of information, more and more companies spend lots of effort managing security. The risk most organisations don t see is if we build walls around us to protect us from every possible harmful event, we isolate ourselves and this in itself is a risk with lots of implications and complications. You can NOT turn to a framework or standard to determine what is enough and what is too much when it gets to security. The Board and CEO need to determine their appetite for risk always bearing in mind that there is a business, financial and social price the organisation pays for the cyber fortifications it builds. SPEAKER PROFILE Johann Botha, MBA, MBCS-CITP, CGEIT, FSM has more than 30 years IT experience as an executive manager and IT management best-practice coach, trainer and consultant. Consulting and training engagements have taken him all over the world with work experience in 18 countries and mostly for government, financial services and IT companies. Johann is actively involved in the development of best-practice and is the author or coauthor of a number of books on service management and the governance of enterprise IT (including ISACA s top seller COBIT for Service Managers). He was part of the development of COBIT 5 as one of the subject matter experts who workshopped and authored C5 content. Johann is currently a member of the ISO/SABS JTC 1/SC40 and the local convener for WG2 (ISO/IEC20000) and a member of the governance board of TSF. Johann is an accredited trainer for ITIL, COBIT 5 and ISO/IEC20000 and he is an ITIL Expert, CGEIT, Chartered IT Professional, and a Fellow of the prism Institute. In 2014 Johann was a recipient of the itsmf Lifetime Achievement Award for a significant contribution to the service management profession and body of knowledge. Further information on the ISACA Malta Chapter and ISACA s CSX available at