ISACA Ireland - Mid-West Conference - Limerick - First Party risk – OK, b...

Event Information

Share this event

Date and Time

Location

Location

South Court Hotel

Raheen Roundabout

V94 E77X Limerick

Ireland

View Map

Refund Policy

Refund Policy

Refunds up to 7 days before event

Event description

Description

ISACA Ireland Chapter is pleased to announce a full one-day Regional Conference following on from the success of previous Regional events in Letterkenny (North West Conference) and Cork (South West Conference)

The 2013 Target data breach, which began at an air conditioning subcontractor, is a well known example of a third party risk becoming reality. More third party breaches are being discovered than ever before. It's no longer enough to simply ensure that an organization's systems are secure. The now ubiquitous GDPR may allow the sharing of responsibility but not ultimate accountability.

A risk management program needs to look beyond the perimeter of an organization to properly vet the third and fourth-party vendors who will have access to data without being subject to an organisations internal risk management process. The use of third parties in a supply chain or for data handling creates potential risks that can be compounded by third-party weaknesses should they exist.

The discipline of third-party risk management (or TPRM) has evolved to help manage this new type of risk exposure. This conference will hope to raise some awareness of these risks and enlighten attendees as to how to address them.

Who should attend: IT Managers, Vendor Managers, Vendors, Risk and Compliance professionals and advisors, Procurement Managers and anyone concerned with the risks that can arise from Third Party dependencies.

All refreshments and lunch are included in the ticket price

The topics and speakers are being finalized and attendees will be updated as the day's program takes final shape.

08:00 Registration/Tea/Coffee

09:00 Open Conference Feargal O’Neill Chapter President ISACA Ireland Chapter

09:15 Tom Fitzgibbon Dell - Keynote Speaker
The keynote address will cover - Third Party GRC – third party oversight as part of your Governance, Risk & Compliance function. Others may be responsible - but you are accountable.

Tom is the Director of Compliance in the Security & Resiliency Organization at Dell Technologies. Based in the Limerick campus, he leads a team of 30 compliance professionals based in Ireland, US, India and Malaysia.
The team coordinates and supports compliance readiness and testing of Security controls for multiple programs including Sarbanes-Oxley Financial Reporting compliance, Payment Card Industry Data Security Standard (PCI-DSS) compliance, ISO 27001 certification readiness and Vendor Management. Tom has over 30 years of industry experience, 17 of those with Dell.

10:15 Tea/Coffee

10:45 Charlene Frazer Deloitte - Senior Manager | Risk Advisory | Technology Assurance
“Extended Enterprise Risk Management (EERM) – Driving Performance and Controlling Risk”

An organization does not operate in isolation because it relies on third party relationships for its success – this is known as the Extended Enterprise. Organizations are trying to improve the management of third party risk by investing in talent, cutting edge technologies and robust operating models. Dramatic shifts in the marketplace and a push for efficiencies are contributing to an ever increasing focus on EERM. With a staggering 83% of organizations experiencing a third party incident in the past three years, investment in EERM is now becoming essential for organizations.

The talk will discuss key risks in third party relationships, key challenges for management, impacts of third party incidents and the benefits of managing third party risks. This presentation will also cover the key messages coming from the 2019 Deloitte Global Extended Enterprise Risk Management Survey.

11:15 Martin Davies - Risk Mananger - Pramerica There’s a hole in my S3 bucket, dear Liza, dear Liza

This presentation will look deeper into recent cloud bucket type leaks, What was the root cause, and how can we avoid such problems in the future as more data moves to the cloud.

12:00 John Brady - Program and PMO Risk Manager 3rd party risks and project risks

This presentation looks at risk management in relation to third parties in a project environment. Unlike ongoing outsourcing, in most cases, there will be a termination of the third-party contract at the end of the project.

This guidance provides a general framework that may be used to provide appropriate oversight and risk management of project related third-party relationships based on a six-step third party risk management cycle from planning to the termination.

12:45 LUNCH

13:45 Kenneth Murphy - CISM, BEng, MSc, is currently the SOC manager in Ward Solutions, having previously worked in the Irish Defence forces CIRT.

How can the SOC be used to assist in the Management and Monitoring of third party risks.

Kenny has been involved in detecting and managing incidents for over ten years.

As industry trends move towards the outsourcing of services to third parties it is becoming increasingly common to grant these providers with access to the corporate LAN. This presentation will Examine ways to in which a SOC can assist in monitoring the risks introduced by third party access to an organisation.

14:15 Gerry Joyce - CTO CalQRisk - Vendor Due Diligence and Outsourcing Arrangements

“What is VDD and why is it important? Which vendors need to be assessed and who should do it? When and how should it be done? These are some of the questions that will be covered in this presentation.”

15:00 Tea/Coffee

15:30 Stephen Breen Information Security Consultant The reality of our Cyber Threat Surface due to 3rd party services

Engaging with 3rd parties service providers that host and secure line of business application, and collaboration and productivity ICT services, has many advantages. However, these commercial and technical arrangements incur some significant challenges from an IS governance and cyber security perspective. This presentation explores the difficulties for organisations to understand, govern and mitigate cyber threats in these environments.

Stephen has 23 years’ experience in Technology, 18 of which have been focused on Information Security from both a technical and non-technical perspective. Throughout his career Stephen has gained experience in various business verticals such as government, financial, telecommunications, gaming, retail, automobile and aircraft leasing. Over the past 10-15 years Stephen has managed and provided technical leadership to security teams with varying disciples. These teams included application and infrastructure security, data security, and security operations. Stephen also has extensive experience providing leadership and management to teams with responsibility for information security governance, specifically 3rd party assurance, regulatory engagement, and external audit and compliance engagement.

16:00 Summary of the Day - Speakers Top Tips

16:15 Wrap Up /Spot Prizes & networking - Feargal O’Neill


This event will attract 8 verified CPE's

Date and Time

Location

South Court Hotel

Raheen Roundabout

V94 E77X Limerick

Ireland

View Map

Refund Policy

Refunds up to 7 days before event

Save This Event

Event Saved