We have an exciting program for you this month at ISACA Ireland’s "Last Tuesday" event for September, with speakers from Australia, South Africa and Italy (Although 2 currently reside in Dublin), from SABSA, BSI and PwC they are presenting on a veriety of subjects:

The Presentations

• Using SABSA to Develop a Cyber Security Strategy by Michael Hirschfeld, David Lynas Consulting, AU
• Understanding Emerging Technology and the impacts on Organisational Risk by Rivash Ramowtar, PwC
• Third Party Management Program. An information security and privacy integrated approach by Herman Errico, BSI

Using SABSA to Develop a Cyber Security Strategy by Michael Hirschfeld, AU

The SABSA architectural methodology has a number of tools, techniques and frameworks that can help IT Security professionals understand the challenges they face and to present and discuss these with their executive and stakeholders when building and progressing a Cyber Security Program.

Fundamentally, a strategy is a document that sets out how you plan to achieve a series of long-term objectives. Within Cyber Security our objectives must be closely aligned with those of the IT group and, just as importantly, with those of the business as a whole.

If our Cyber Security Strategy isn’t helping the Business or ICT meet their objectives, then we will struggle to articulate our relevance and we will find it difficult to get budget. On the other hand, when our strategy clearly aligns and strengthens the business we are viewed more as a partner.

This presentation will cover a few of the basics of SABSA, provide you with a framework for a Cyber Security Strategy and then demonstrate how understanding and applying some key techniques from the SABSA tool kit can assist you in developing and presenting a coherent and aligned Cyber Security Strategy that the business will understand.

Third Party Management Program. An information security and privacy integrated approach by Herman Errico, BSI

Nowadays, companies are depending on a mixture of internal and external resources to achieve their objectives consistently. Therefore, it is fundamental for business resilience to identify and manage risks deriving from third parties’ relationships. Join Herman Errico in understanding how to develop and implement a Third Party Management Program. Which will focus on defining a structured approach to manage information security and privacy risks deriving from third parties’ services or products.

The presentation will highlight how to shape the management program based on business’ needs, security and compliance requirements. In particular, a third party management lifecycle (Third party relationship planning, Third party selection process, Third party agreement process, Third party termination process) will be presented and its structure analysed. A detailed analysis will be dedicated to the information security and privacy control selection for third parties, and how to difference between supplier for service and supplier for products.

A conclusion on customer success factors and use cases will be included.

This approach has been structured around the following standards:

•         BS ISO/IEC 27036 (Part 1, 2, 3, 4) (Information security for supplier relationships)

•         BS ISO/IEC 27002:2017 (Code of practice for information security controls)

•         BS ISO/IEC 29151:2017 (Code of practice for personally identifiable information protection)

Understanding Emerging Technology and the impacts on Organisational Risk by Rivash Ramowtar,

Traditional business models and thinking are continually being disrupted by technology. Exposure to, and adoption of various emerging technologies are already impacting many organisations, their competitors and the markets they operate in. Business leaders understand this: 76% of CEOs in our annual survey are worried about the speed of technological change, and 64% acknowledge that changes in the technology used to run their businesses will be disruptive over the next five years. Emerging technology should be a key part of every company’s corporate strategy.

To help companies focus their emerging tech. efforts, we analysed the business impact and commercial viability of more than 250 emerging technologies to zero in on the “Essential Eight.” These are the core technologies that matter most for business, across every industry, over the next three to five years. The Essential Eight are the technology building blocks that we believe every organization must consider. While each company’s strategy for how to best exploit — and combine them — will vary, these technologies will have a profound global impact on business, employees, and customers. 

Like all technology, our Essential Eight continue to mature and be used in new ways. And the most important trend? Combining individual technologies to yield powerful applications that are greater than the sum of their parts. For example, using IoT sensors to automatically collect data about raw materials moving through a supply chain, then recording that data in a blockchain to create a singular and unchangeable record that everyone in the supply network can see. Or using video captured from a drone flying over that same raw material and using AI to not only recognize the material, but also determine how much had been used since the last time the images were analysed 

This presentation will provide an overview of these Essential Eight technologies and their use in the global and Irish markets, simplifying some of the jargon, defining not only what these are, but also what they are not. And with all new technologies, a combination of traditional and unfamiliar risk is introduced to implemented environments. We’ll walk through an overview of these risk landscapes, together with taking a deeper dive into some of the risk mitigations and considerations that organisations should take into account.

The Presenters

Michael Hirschfeld, Executive Consultant, David Lynas Consulting

Michael is an experienced senior executive with a prominent public service career that included leadership roles in ICT and organisational security in Australia. Former roles include CIO & CISO for the Department of Finance, as well as strategic security leadership roles at the Department of Foreign Affairs & Trade and the Australian Tax Office.

He was a member of the Department of Finance Executive Board and is accustomed to engaging with senior executives to ensure the delivery of business capabilities leveraging technology and ensuring this is done securely.

Currently an Executive Consultant at David Lynas Consulting, Michael works leading Security Architecture projects with a focus on communicating the value of security architecture to client leadership.

Herman Errico, Information Security Consultant, BSI

Herman Errico is currently working in Dublin with BSI Cyber security and Information Resilience. He has a master’s degree in law and a master’s in Information Security and Strategy, both achieved in Rome Italy. Herman has both a technical and a governance background, which allows him to support client from multiple perspectives. Standard, Technical documents and service lines development are his main interests, together with a strong passion for research and client relationship management.

Rivash Ramowtar, Assistant Manager IT Risk Assurance in Emerging Technology, PwC

Rivash has previous experience in IT Risk Assurance and as a Technology Strategy & Architecture Consultant in PwC South Africa. He has advised and assessed clients on their operational and technological risk management activities, across multiple industries, including financial services, capital markets, insurance, retail, power & utilities, telecommunications, and government sectors.

Rivash’s area of expertise has, in recent years transitioned into Emerging Technologies, and the subsequent assessment and review of risk landscapes thereof. His scope has included Artificial Intelligence (AI), Robotic Process Automation (RPA), Blockchain, the Internet of Things (IoT), and Big Data, both at a local level together with cross-border efforts.

Rivash has assisted clients and internal initiatives with risk identification, assessment and remediation, process analysis, modelling and design, digital readiness assessments, internal Emerging Technology upskilling initiatives, and overall project and programme quality assurance.