Cyber Risk Management

Cyber Risk Management

Cyber Risk Management - Virtual Workshop

Day 1 – Tuesday October 20, 2020

08:3009:00

Registration

08:30 - 09:00

09:0010:00

The connections between cyber risk, risk management and governance

09:00 - 10:30

  • How does cyber risk fit into risk management?
  • Is cyber an inherent risk or vector for other risks?
  • Connectivity with conduct risk, RRP, ERM
  • Establishing a leading cyber risk management capability
  • Financial stability board’s lexicon for cyber risk
  • Stricture EBA guidelines
  • How do you develop risk appetite limits for cyber security risk?
Greg Adamson

Principal

Digital Risk Innovation

Dr Greg Adamson is Principal at Digital Risk Innovation, specialising in the management of risk in the digital environment. He has worked in cyber security for more than 25 years and in 2009 established the first-line operational risk practice in ANZ’s Transaction Banking. His current focus includes cyber risk in health, critical infrastructure, and financial services. He is an honorary Associate Professor at the University of Melbourne, Graduate member of AICD, and has just completed a Master of Commercial Law at Melbourne Law School including research into an insured’s duty of care in cyber liability insurance.

10:0010:15

Morning Break

10:30 - 11:00

10:1523:15

Relationship between cyber risk and human behaviour

13:30 - 15:00

  • Effectiveness of cyber security capabilities (people, process, technology)
  • Why the majority of data breaches are a result of human behaviour
  • How to invest in people controls to deliver the best ROI and most effective risk mitigation
  • Exploring people controls – UBA, human sensors, human risk profiling
  • Practical steps / techniques for affecting behavioural change and building a risk aware cyber security culture
Prof. Helge Janicke

Research Director

Edith Cowan University

23:1523:30

Morning break

23:15 - 23:30

23:3012:30

Integrating cyber risk and IT

11:00 - 12:30

  • Setting up risk subcommittees; addressing technology, IT, cyber risk & data governance
  • How to identify the latest threats and vulnerabilities
  • Working with technologists
  • Accommodating new technologies into your cyber risk strategy
  • Integrating IT risk as part of the GRC strategy
  • How do IT risks fit in the context of the business?
  • Data aggregation and intelligence gathering tools to address cyber security risks
Daryl Pereira

Partner – Head of Cyber Consulting

KPMG Advisory LLP

12:3012:30

End of Day One

17:00 - 17:01

Day 2 – Wednesday October 21, 2020

08:3009:00

Registration

08:30 - 09:00

09:0010:00

Cybercrime – lessons to be learned

15:30 - 17:00

  • AML and KYC
  • Creating a compliant culture
  • Notable attacks – case studies
  • The role technology plays
  • Areas for overlap and significant differences
Monica Whitty

Chair in Human Factors in Cyber Security Director of Research (Cyber)

UNSW, Canberra

Monica Whitty is the Director of Research (Cyber) at the UNSW (Canberra), where she also holds a Chair in Human Factors in Cyber Security. She is a member of the Global Futures Communities for Cyber Security for the World Economic Forum and the World Economic Forum Cyber Security Centre. She is also a visiting Professor in Cyber Security at Royal Holloway, University of London. Her work, in particular, examines identities created in cyberspace, online security risks, behaviour in cyberspace, insider threat, as well as detecting and preventing deception, such as cyber scams and mis/disinformation (drawing from psychological and linguistic tools). Monica is the author of over 100 articles and 5 books, the latest being: ‘Cyberpsychology: The study of individuals, society and digital technologies’ (Wiley, 2017, with Garry Young).

10:0010:15

Morning Break

10:30 - 11:00

10:1511:15

Creating an efficient and usable cyber risk programme

11:00 - 12:30

  • Best place to start
  • Instilling security of culture and building cyber into core management processes
  • Creating a system that maintains daily usability
  • Dealing with the increasing price of cyber security
  • Potential for automation
  • Establishing a business continuity and recovery plan as part of the cyber risk programme 
David Jorm

Senior Manager, Penetration Testing, Cyber Security, Enterprise Services

Commonwealth Bank

11:1511:15

End of Risk Australia virtual conference Day 2

11:30 - 11:31

Day 3 – Thursday October 22, 2020

08:3009:00

Registration

08:30 - 08:50

09:0010:00

Third party vendor risk

15:30 - 17:00

  • Overview of vendor partnerships and associated risks
  • Selecting a vendor partner
  • Designing business process interface with the vendor
  • Assimilating vendor’s risk management procedures
  • Benefits of joint incident response exercises
  • Maintenance and the continual management of the risk profile
  • Vendor sub-contracting (fourth party risk)
  • Accommodating disruptive technologies into your cyber risk strategy
Sam O’Brien

Director - RSA Archer GRC, Asia Pacific & Japan

RSA

Over the last 18 years, Sam has been helping organisations meet and exceed their Risk & Compliance goals. Sam began his career as a practitioner, before moving into consulting and then to risk technology.

For the last 10 years, Sam has worked with RSA Archer, supporting its customers and partners around Asia Pacific and Japan, working across industries including FSI, Government, Manufacturing, Information Technology/ Information Security and Telco.

 

Sam now leads the RSA Archer Integrated Risk business in Asia Pacific and Japan and takes pride in the role that RSA’s solutions, teams and partners play in solving some of today’s biggest risk challenges. 

10:0010:15

Morning Break

10:50 - 11:20

10:1511:15

Group activity: Incident management

13:30 - 15:00

  • Group interactive activity based around a cyber incident
  • Industry expert devised examples  
  • Great networking opportunity
Chris Thomas

Advisory Consultant – Incident Response Advanced Cyber Defence Services Singapore

RSA

Chris Thomas is an Advisory Practice Consultant for the NetWitness Incident Response Practice at RSA, with over 20 years of experience in the IT Security industry. In this capacity, Chris is responsible for delivering holistic incident response services using state of the art host and network-based tools. Using these tools, combined with advanced methodologies, Chris can assist clients to obtain situational awareness and rapidly identify threats as part of the tactical response to intrusions involving sophisticated adversaries that target intellectual property and other critically sensitive data.

Prior to joining the Incident Response Practice, Chris was an Advisory Systems Engineer for the RSA NetWitness Platform for users across APJ. This role’s responsibilities included Leadership and drive of RSA’s Threat Detection and Response solutions from a technical perspective by working across sales and professional services teams to ensure customer success, collaborate with the global Advisory team and product management to drive RSA product and solution direction, mentor junior presales consultants and take a leadership role within the global Presales team.

Prior to joining RSA in 2011, Chris was a Principal Consultant for CA Technologies (Computer Associates) with experience across many areas of IT Security including Network Forensics, Audit Log Analysis, Identity Management, Antivirus, Intrusion Detection, and Gateway Security. His 12 years at CA included roles covering presales, solution architecture, and implementation work.

Chris has been part of the analyst team for the Black Hat Asia Network Operations Centre (NOC) supporting the Black Hat Asia conference in Singapore, and has also set-up and managed the Security Operations Centre (SOC) for RSA Conference APJ in Singapore for 2017 – 2019.
Chris has presented at several industry conferences including Black Hat Asia and RSA Conference APJ, as well as developing and running “Capture the Packet” training exercises for internal and customer training purposes.

Chris attended the University of Sydney where he obtained a Bachelor of Science degree in Computer Science, and is a Certified Information Systems Security Professional (CISSP).

11:1511:15

End of Training Course

17:00 - 17:02