ISACA Norway Chapter - Sommermøte 2019

Velkommen til ISACA Norway Chapters årsmøte 2019:

Som i fjor er tanken å dekke over flere av ISACAs interesseområder, med innslag både fra nasjonale og internasjonale foredragsholdere. Først ut blir en sesjon hvor vi tar for oss utfordringer rundt cyberkriminalitet. Visma starter ballet med å fortelle fra innsiden hvordan de håndterte datainnbruddet fra kinesiske myndigheter som de ble utsatt for rundt årsskiftet. Kripos følger rett etterpå med en orientering om det nye nasjonale senteret for bekjempelse av cyberkriminalitet, og hvordan vi best kan samarbeide fremover.

Etter pausen får vi en sesjon på engelsk, med besøk av ledere fra ISACA i Portugal og Serbia. Bruno Soares vil ha et innlegg omhandlende det helt nye COBIT 2019 -rammeverket, og Sanja Kekic vil fortelle om SheLeadsTech - initiativet fra ISACA, som jobber for å få flere kvinner til teknologibransjen. Det er også mulig det vil komme noe spennende informasjon om aktiviteter i Norge utover høsten i denne sesjonen..

Avslutningsvis kommer tidligere president hos ISACA Norge og nåværende revisjonsdirektør hos Gjensidige, Gaute Brynildsen, og deler av sine erfaringer rundt IT-revisjon generelt og Cybersecurity spesielt fra flere år i finansbransjen.

Ellers oppfordrer vi alle til å fortsette diskusjonene over en trivelig middag etter møtet! 


Dagens meny:

Mellom årsmøtet og medlemsmøtet byr vi på et assortert utvalg blingser (halv grovbrødskive) fra Åpent Bakeri. Her vil man finne ingredienser som økologiske egg, egenprodusert salami, prosciutto cotto, bestemor- og jarlsbergost, avokado, hummus, cashewsmør, ristede mandler og røros-smør.

Etter den faglige delen av møtet er over vil vi gjøre et dypdykk ned i Youngs' Sciciliansk-inspirerte pizzaer. Vegetar og sjømat-varianter vil være tilgjengelig, i tillegg til klassikere med pepperoni og bacon. - Alle pizzaer kommer med husets egen osteblanding bestående av mozzarella og vellagret hollandsk gouda. Aromatisk tomatsaus på solmodne plommetomater, karamellisert løk, hvitløk, krydder og kjærlighet - skal vi ta kokkene på ordet!

Vel møtt, og vel bekomme.


Program:

12:00 – 12:30Registration
12:30 – 13:30ISACA Norway Chapter annual meeting 2019
13:30 – 14:00Food and beverages. Registration for members meeting.
14:00 – 14:15Opening note from the board
14:15 – 15:00The attack on Visma. Criminal minds, and how they operate.
Espen Agnalt Johansen, Operations & Security Manager, VISMA
15:00 – 15:45KRIPOS National CyberCrimeCenter (NC3) - Past, Present, Future.
Thomas Stærk, Ass. Direktør, KRIPOS NC3
15:45 – 16:15Break
16:15 – 17:00
Using COBIT 2019 Design Factors to tailor Enterprise Governance of IT
Bruno Horta Soares, President, ISACA Lisbon Chapter
17:00 – 17:45Women in Cybersecurity - the ISACA She Leads Tech initative.
Sanja Kekic, President, ISACA Belgrade Chapter
17:45 – 18:15Break with a twist 
18:15 – 19:00Auditing Cybersecurity - No silver bullet
Gaute Brynildsen, CAE - Revisjonsdirektør, Gjensidige ASA
19:00 –Drinks reception and dinner.


Talks:

14:15 – 15:00The attack on Visma. Criminal minds, and how they operate.
In February 2019, all major newschannels in Norway reported international software giant Visma had been under attack by operatives working for Chinese intelligence.*

Operations & Security Manager Espen Johansen will take us through this incident and the aftermath, as well as lessons learned and good advice to everyone going forward.

* https://www.tv2.no/a/10396361/  
15:00 – 15:45KRIPOS National CyberCrimeCenter (NC3) - Past, Present, Future.
Assistant Director Thomas Stærk, will tell us a bit about the events leading up to the establishment of the National Cybercrime Center; the role and the mandate they are given, and current goals for the near and more distant future.

A close cooperation with professionals (like the ISACA Norway Chapter membership) is important for the success of the work done by the police. The NC3 is in such regard an important hub for communication and exchange of information. Ass. Director Stærk will in his talk also present a few initial expectations from their side, towards us professionals in private and public sector outside the police. 
16:15 – 17:00
Using COBIT 2019 Design Factors to tailor Enterprise Governance of IT
For more than two decades, the COBIT governance framework for enterprise information and technology (I&T) has been helping enterprises derive more value from I&T assets. COBIT 2019, the latest iteration of this world-renowned framework, builds on this legacy. COBIT 2019 not only updates and adds new information, but also offers more practical guidance for tailoring and implementing a right-sized governance program suited to the unique needs of your enterprise.

This presentation will give a quick introduction of the breakthrough publication for the COBIT framework (COBIT 2019 Design Guide), allowing delegates to understand how to explore the implications of various design factors and their impacts on the design of a governance solution, and how to ensure that enterprises create a customized governance system that fits their unique needs.
17:00 – 17:45ISACA SLT - She Leads Tech, initiative
With ubiquitous digital transformation and web applications, as well as cloud services and other IT services currently offered, businesses are facing problems in completing a large number of essential IT positions, let alone those requiring expertise in the field of cybersecurity. This workforce shortage in cybersecurity environment has left CISOs and cybersecurity teams shorthanded while the cyber-attacks are intensifying.

Following this, it makes sense for us to work to reduce the gap and women cannot be left behind. We need women to be a part of our industry if we are going to meet demand. The ISACA's SheLeadsTech program is established with mission to increase the representation of women in technology as well as in cybersecurity leadership roles and the tech and the cybersecurity workforce.
18:15 – 19:00Auditing Cybersecurity - No silver bullet
Auditing information security and third party vendors for more than 12 years, I've also been responsible for managing an IT department myself.

The actual operational experience and keen interest in technology, is something I believe has helped me do good audits in the area. I hope to share some practical hands on experience that can help both auditors who want to start looking into the cybersecurity area as well as those who are seasoned IT auditors.

But keep in mind, there are no silver bullets to auditing this area - but we do have a lot of good material to choose from.


Speakers:

Espen Agnalt Johansen, is the Ops&Sec Manager + Board Member in Visma Software International, and leads the AppSec work for large parts of the Visma Group. His background is both from the military sector in Norway and several positions in the Norwegian and international security industry.

In the information Security domain he is especially passionate about practical implementation of advanced security features to assist agile teams in their efforts to be innovative.  He loves to combine intelligence from multiple sources with analytics to predict and prevent security issues and thrives in scenarios that exposes vulnerabilities.

Visma has published Responsible Disclosure Policies, use Bug Bounties and have several full time Hackers employed as part of the Security Program and encourages their developers to " Be curious, challenge the existing and hack your own systems" since "A known vulnerability is at least possible to fix, while an unknown vulnerability is, well unknown and therefore rather tricky to fix" :-)
 Thomas Stærk, is the Assistant Director with KRIPOS' National Center for Combating Cybercrime (NC3).
Bruno Horta Soares, CISA, CGEIT, CRISC, PMP, COBIT 5/2019 is the founder and President of ISACA's Lisbon Chapter. He started his career at Deloitte Consulting, worked for Information Risk Management area at KPMG and for Enterprise Risk Services area at Deloitte. In 2012 he founded GOVaaS - Governance Advisors as-a-service, where he is currently Senior Advisor, and since then he actively collaborates with an ecosystem of local and international partners, particularly IDC Portugal where since 2015 he is Leading Executive Senior Advisor for Digital Transformation, Governance, Strategy and Security related areas.

He has a 5 years degree in Management and Computer Science, from ISCTE and an Executive Program in Project Management, from ISLA. He teaches in different Executive Programs in several universities at Portugal and Angola, he’s a LEGO® SERIOUS PLAY® Facilitator, member of several professional associations, and keynote speaker at various local and international conferences and seminars. In 2019 he was selected as the recipient of the ISACA Global Achievment - John Kuyers Award for Best Speaker.
Sanja Kekic, CRISC, is the president of ISACA’s Belgrade Chapter and she is one of its founders, devoted to promote the visibility of ISACA and its core values among the Serbian market. Sanja is also a very active International volunteer in raising awareness about the ISACA's SheLeadsTech program. She is a professional focused on  risk and control management.

In her long career path, she has lead and executed various types of complex projects related to risk management, internal control management, business processes and IT Audit across Serbia and SEE region. Sanja gained her experience by working for Big 4, several largest banks and financial institutions in Serbia and for the largest mobile operator in the Balkans region. Currently she work for Crowe as IT Advisory and Risk Director.
Gaute Brynildsen, CISA, CRISC, CIA, CCSK, GSNA is the Chief Audit Executive for Gjensidige, a leading Nordic insurance group listed on the Oslo Stock Exchange.

He previously worked as a chief auditor in DNB Group Audit and was responsible for the IT and operations audit department. In total he's been working over 12 years in internal audit in the financial sector.

Gaute also has long experience with various disciplines in IT. He's worked on different levels from ISV to distribution to reseller to end user. From pure technical positions to management and project management. With a strong interest in technology, he loves learning more every day.



Beklager, påmeldingsfristen er utløpt. Ta kontakt med arrangøren for mer informasjon