A World of Opportunities

Grow your expertise, skills and value! The ISACA South Africa Chapter Annual Conference takes you in-depth into emerging trends, best practices, and the tools and techniques you need to survive and thrive in the ever-more complex world of information systems audit, assurance, control and security.

Connect with experts, thought leaders and fellow information systems and business professionals.

All prices are inclusive of VAT.

Early Bird Registration Fees are valid until 30 April 2017.

Prices exclude travel and accommodation; respective bookings must be made by the individual delegate and are on their account. To book at conference rates, please click here.

Group discounts:

ISACA SA offers discounts to organisations sending 6 or more employees to a single conference. Please contact the office for more details at office.assistant@isaca.org.za.

  • 10% discount for groups of 6 to 9 registrants.
  • 15% discount for groups of 10 or more registrants.

Academic and student discounts:

We offer a R500 discount to academic institution employees and students. You must be an ISACA Student member in order to receive the student discount.  Additional student membership and qualification details can be found here: https://www.isaca.org/Membership/Student-Membership.

Conference registrations are subject to our terms and conditions.

Why Should You Attend?

Here’s what’s in it for YOU:

  • Experience customized learning: Choose the sessions that matter most to you and your enterprise.
  • Interact face-to-face: Gain insights and share ideas with colleagues at this world-class networking event.
  • Update your knowledge and skills: Earn valuable CPEs.
  • Meet leading suppliers: Visit the Expo section. Get answers directly from representatives, and discover SECURITY products/services that decrease enterprise risk and increase ROI.

Don’t miss out!

  • Join your colleagues.
  • Expand your network of member and vendor contacts.
  • Build a stronger IT community.
  • Interact with speakers who provide insight on IT audit and related topics.
Audience

Who should attend?

  • CIOs
  • Directors of Information Security
  • Directors of Risk and Audit
  • Head of Business Crime
  • Heads of Cyber Security
  • Information Security Managers
  • IT Auditors
  • IT Governance Officers
  • Privacy Officers
  • Risk Managers
  • Security Advisors
  • Security Architects

 

Return to the office motivated and contribute to your enterprise’s success and immediately apply what you learned.

Need to convince your boss?

Would you like to delve into ‘A World of Opportunities’ but require your bosses approval to register for the conference?

We would like to share some advice and tips on how to make a persuasive proposal to your boss. For your convenience, we have developed an annual conference request letter template as a starting point for your proposal. You can customise this letter as required. Click here to download the template letter.

Programme Content

Session Outline:

Organisations today are collecting more information about individuals than ever before as technology enables organisations to attract and engage consumers in increasingly intimate ways – from wearable technologies, to the internet of things, to advanced A.I. and analytics, organisations are quickly adopting and capitalising on the data economy but what is the consumer trade-off? Are our identities for sale? In a recent survey it was found that 56% of people globally are either “concerned” or “extremely concerned” about the way companies handle and use their personal data (Crossing the line: staying on the right side of consumer privacy, KPMG International, 2016); but what does this mean for organisations and how they use personal data? When do organisations cross the consumer privacy line? What is creepy and what is cool? How do organisations identify and manage privacy risk in the face of upcoming privacy legislation and regulations? In this interactive session we will navigate the boundaries of consumer privacy to identify what is creepy and what is cool and how organisations can proactively manage privacy risk while realising the benefits of emerging technologies and new models of consumer engagements.

About the Speaker:

Ashleigh van Kerckhoven is a privacy specialist in KPMG’s Information Protection and Business Resilience team. Ashleigh has information technology risk consulting experience in a range of industries, including: financial services, telecommunications and technology. Ashleigh is highly skilled in the areas of information privacy, information governance, information risk, and information technology compliance; drawing on her background in both information technology and law. Ashleigh has assisted a number of clients in assessing their privacy programmes in respect of maturity, compliance, and risk.
Ashleigh has a Bachelor of Commerce with majors in Information Systems, Law, and Psychology and a Post-Graduate Certificate in Cyber Law from the University of the Witswatersrand. She has two privacy certifications through the International Association of Privacy Professionals and is a Certified Information Systems Auditor. Ashleigh is currently a Co-Chair for the IAPP’s Johannesburg KnowledgeNet Chapter. Ashleigh has spoken on the topic of data protection and privacy at various conferences throughout South Africa, where she has provided insight and practical suggestions as to how organisations can approach information protection and privacy risks.

 Session Outline:

Disruptive technologies are developing at an exponential scale and will have far reaching implications on the world at large as well as emerging markets. This session explores some of those Disruptive Technologies and the impact it may have on the workforce of the future. It explores potential options to prepare successfully for this technological upheaval particularly for emerging markets and opportunities that it will create for the future as well as some challenges and risks it will pose that will need to be addressed.

About the Speaker:

Ashwin Goolab is a Partner at EY in the Financial Services IT Advisory division. He established the Africa IT Advisory practice. He brings over 25 years of experience in roles ranging from Country ERP Partner at a global professional services firm to CIO for the Business Enabling Services of a leading African Bank. He has a history of success in delivering large scale IT strategies and excellent people leadership skills. His previous roles include being responsible for strategic alignment of IT to relevant group business functions and serving as the Chairperson of a Technology Architecture Council at a listed financial services group and a Group Architecture forum for a bank with operations in 33 countries. Ashwin has a particular focus on Disrutpive Technologies like Blockchain and Robotics.

Session Outline:

This lively and practical session brings the audit community up to date on the use of drones in business. How will they know if business units introduce drones? What are the key security, risk and audit considerations? Where do they fit in with the world of IoT? How safe are they? And finally, what damage can they cause?

These questions and more are the foundation for this entertaining session. Attendees will learn practical, effective ideas for ensuring that their organization is adequately prepared and follow a clearly defined path for secure, auditable use of this fascinating technology.

You will learn how the speaker foresaw this technology and what steps he believes are critical for your future piece of mind. Drones are here to stay and yet, while offering numerous benefits, they also include many risks  -from legal and regulatory to safety and security. Don’t miss this exciting session.  Questions from the audience will be encouraged and answered ensuring an active, vibrant dialogue.

About the Speaker:

Mr. Lewis had over 40 years’ experience in the world of technology, with the past 30 years dedicated to information security and governance. He has led seminars on five continents for ISACA, MIS and others for over two decades. Mr. Lewis has run his consulting company since 1993 helping organizations enhance their security posture and ensure positive audits. He is co-author of several books including Wireless Security for Dummies. He is co-developer of ISACA’s COBIT 5 PAM and Assessor Guides. Barry was winner of the John Kuyers Best Speaker/Conference Contributor Award in 2008.

Session Outline:

This lively and practical session brings the audit community up to date on the impact of the Internet of things in our business world. How will auditors know if business units unknowingly introduce connected devices? What are the key security, risk and audit considerations? Where does this fit in with the world of mainframes and servers? How safe are we? And finally, what damage can all this connectivity cause?

These questions and more are the foundation for this entertaining session. Attendees will learn practical, effective ideas for ensuring that their organization is adequately prepared and follow a clearly defined path for secure, auditable use of this future path of technology.

You will learn what steps the speaker believes are critical for your organization’s future. Connectivity is here to stay and yet, while offering numerous benefits, it includes many additional risks  – from legal and regulatory to safety and security. Don’t miss this exciting session.  Questions from the audience will be encouraged and answered ensuring an active, vibrant dialogue.

About the Speaker:

Mr. Lewis had over 40 years’ experience in the world of technology, with the past 30 years dedicated to information security and governance. He has led seminars on five continents for ISACA, MIS and others for over two decades. Mr. Lewis has run his consulting company since 1993 helping organizations enhance their security posture and ensure positive audits. He is co-author of several books including Wireless Security for Dummies. He is co-developer of ISACA’s COBIT 5 PAM and Assessor Guides. Barry was winner of the John Kuyers Best Speaker/Conference Contributor Award in 2008.

Session Outline:

The King IV™ Report has been in effect since 1 April 2017. It has brought with it a new leadership framework, integrated thinking and the quest for governance outcomes. How have organisations approached the application of Principle 12, the governance of technology and information, in this new context?

Join Carolynn in understanding how various organisations have approached this new context and discover the opportunities this has brought to IT functions and their organisations. Learn more about the impact this has had on IT auditors and the provision of IT assurance and become aware of the reasons behind the increased focus of risk governance.

Opportunities on the horizon – have you heard about the current activities surrounding the crafting of a new international corporate governance standard? Carolynn is the convenor for the South African working group and representative to the international ISO body responsible for the drafting of this standard. Hear what is going on and why this is so important for unlocking opportunities across Africa.

About the Speaker:

Carolynn Chalmers is a Corporate Governance advisor, specialising in the areas of IT and Information Governance.

Carolynn consults through Candor Governance (Pty) Ltd, which she joined in 2010.

She:

  • Is Certified in the Governance of Enterprise IT (CGEIT);
  • Holds an MSc from the University of Cape Town; and
  • Facilitates strategic IT Governance interventions.

Carolynn has extensive management and governance experience. She holds and has held various Board, Board Committee and Executive roles for international, listed and unlisted organisations.  Roles include those of:

  • Group CIO for Thebe Investment Corporation;
  • Vice President Business Architecture for Discovery Health;
  • Acting CTO for Old Mutual South Africa;
  • CIO for Woolworths Financial Services; and
  • CIO for Liberty Health.

Her experience spans many industries, including financial services, energy, construction, education, tourism, media and renewable resource management.

Carolynn is best known for her successes in leading large, complex strategy implementations – she attributes this success to the application of good governance principles.

Session Outline:

We will cover our approach to application system auditing.

This will focus on how we do end to end integrated audits with our business teams.  Also how we integrated data analytics into our audits.  How we identify potential “stand alone” application audits (when required).  We will take the attendee on a high level how we plan, execute and report on these audits.  We will take the attendees through success we have had in this space.

About the Speakers:

Craig Summers is an experienced practitioner in IT auditing and risk management.  His specialities include   IT audit management; IT auditing in general; and IT risk management. Craig is currently the Head of Technology Audit for Barclays Africa.  Previously he worked as Head of Technology Risk for the FirstRand Group and has also been Head of IT Audit for the same company.

Evaashan Naidoo is the Head of Audit for IT Applications in Barclays Africa Group Limited (BAGL). He has an Honours Degree in Informatics from the University of Pretoria and is a Certified Information Systems Auditor (CISA). He has over 12 years of IT audit and banking experience where he has worked in various roles at KPMG and BAGL. He provided IT audit coverage to 12 countries across the African continent and specialises in the Retail, Business Banking and Insurance businesses. He is currently part of the team responsible for embedding he Agile principles within Barclays Internal Audit.

Session Outline:

Check back for details!

About the Speakers:

As Chief Innovation Officer at ISACA, Frank Schettini is responsible for spearheading innovation across the organization through thought and product leadership, proposing innovative solutions, and implementing those solutions to the benefit of the entire organization and the mission of the Association.

He is responsible for both the organic development of innovation strategies and implementation approaches as well as taking a lead role in the identification, consideration, and due diligence of potential strategic partners. He is responsible for cybersecurity, IT Audit, IT Governance, and Risk Management thought leadership, publications/periodicals, certifications (CISA, CISM, CSX, CRISC, CGEIT) and Information Technology.

With 30 years of experience in various industries Schettini brings significant experience to ISACA in the areas of strategic planning; project, program and portfolio management; process improvement; enterprise architecture; and change management.

He joined ISACA after working for Project Management Institute as their Vice President of Information Technology for 8 years.  While at PMI, Schettini led the transformation of IT to provide solutions such as Volunteer Relationship Management solution, mobile applications, ERP, Cloud based infrastructure, Data Warehousing/Business Intelligence, chapter solutions.  He also led the creation of the Agile Certification, the acquisition of Project Management.com, the PMI Knowledge Strategy, and spoke about the profession around the world.

Schettini is a native of Havana, Cuba, and grew up in Baltimore, Maryland, USA. He graduated with a Bachelor of Science in electrical engineering with a computer science minor from Washington University in St. Louis, Missouri, USA. He earned a Master of Business Administration in Finance and International Business from the University of Maryland. Schettini is fluent in Spanish.

Session Outline:

Check back for details!

About the Speakers:

As Chief Innovation Officer at ISACA, Frank Schettini is responsible for spearheading innovation across the organization through thought and product leadership, proposing innovative solutions, and implementing those solutions to the benefit of the entire organization and the mission of the Association.

He is responsible for both the organic development of innovation strategies and implementation approaches as well as taking a lead role in the identification, consideration, and due diligence of potential strategic partners. He is responsible for cybersecurity, IT Audit, IT Governance, and Risk Management thought leadership, publications/periodicals, certifications (CISA, CISM, CSX, CRISC, CGEIT) and Information Technology.

With 30 years of experience in various industries Schettini brings significant experience to ISACA in the areas of strategic planning; project, program and portfolio management; process improvement; enterprise architecture; and change management.

He joined ISACA after working for Project Management Institute as their Vice President of Information Technology for 8 years.  While at PMI, Schettini led the transformation of IT to provide solutions such as Volunteer Relationship Management solution, mobile applications, ERP, Cloud based infrastructure, Data Warehousing/Business Intelligence, chapter solutions.  He also led the creation of the Agile Certification, the acquisition of Project Management.com, the PMI Knowledge Strategy, and spoke about the profession around the world.

Schettini is a native of Havana, Cuba, and grew up in Baltimore, Maryland, USA. He graduated with a Bachelor of Science in electrical engineering with a computer science minor from Washington University in St. Louis, Missouri, USA. He earned a Master of Business Administration in Finance and International Business from the University of Maryland. Schettini is fluent in Spanish.

Session Outline:

The BRM Body of Knowledge and associated training and certification portfolio was launched in South Africa in 2016.  Formed in 2013, the BRM Institute mission is “To inspire, promote, and develop excellence in Business Relationship Management across the globe, leading to outstanding business value for organizations and professional fulfillment of every individual member of the BRM community”.

This session explores the continuing challenge of business and IT alignment and explains the power of this new guidance with examples of how BRM enables value to be created between IT as a service provider and business as a partner.  BRM is a role as well as a way of working that emphasizes a change in culture, attitude and communication.  The BOK finally provides the missing pieces of the business and IT jig-saw puzzle we have been searching for!

About the Speaker:

Gary Hardy is the owner of IT Winners, an independent IT best practices consultancy and training company focused on increasing enterprise business value, based in Cape Town.  Gary has over 40 years experience in the IT industry, and is recognised globally as an expert and thought leader in IT governance, business and IT alignment and IT performance improvement.

Gary has a vast amount of real world implementation experience which he is able to share, enabling stakeholders and role players in both the business and IT to collaborate to increase business value from IT.

Gary is the Regional Ambassador for the BRM Instutute, and is a long standing member of ISACA, a past board member, UK chapter President, and Regional Vice-President.  Gary was one of the originators of the COBIT initiative in 1992 and has been a key member of ISACA’s COBIT development team for the past 20 years. He was a lead developer of all the COBIT versions including COBIT5 and advisor to ISACA, and author of many of the ISACA products.  Gary has also authored the ITIL and COBIT interface guide for Axelos.

Gary has a BSc. (Hons) in Computer Science, is a Business Relationship Management Professional BRMP, and is certified in the Governance of Enterprise IT (CGEIT).

Session Outline:

As information systems auditors as well as regularity auditors, we have a responsibility to our clients to add value to their business while we are providing assurance on the agreed upon areas of the business under review.

Part of assurance inherently includes the verification of compliance to major laws and regulations applicable to the taxpayer’s business when we review the software configuration in operation at the taxpayer. Tax is an integral part of any business and should therefore be a major risk to be mitigated by IT as well as regularity audit procedures.

E-commerce has specific tax requirements that are applicable and due to its global nature, the audit risk increase drastically due to global tax laws and regulations.

Are you taking this into consideration when you execute your responsibilities as IT and regularity audit?

About the Speaker:

Helena Strauss completed a degree in Accounting and Auditing in 1998 after which she completed her honours degree in Accounting and auditing. She passed her qualifying exam as Chartered Accountant in 2000 and was submitted as qualified member of SAICA in 2001.

Helena was a senior lecturer at the University of the Free State after which she joined the Auditor General in order to focus her career on audit. She obtained her qualification as Certified Information Systems auditor in 2005 after which she took responsibility for the Information System related audits of the Auditor General in the Free State.

She pursued her career in audit further by obtaining a diploma at the University of Johannesburg in criminal law and forensic investigations.

Helena joined KPMG in 2011 as Senior Manager responsible for public sector audits. She obtained her master’s degree in international and South African tax in 2015 and are currently employed as an audit specialist at a major public institution where she integrate all audit disciplines and tax matters.

Session Outline:

This session will focus on the audit, control and security issues related to Agile Development and DevOps.

1. Introduction to Agile

  • Agile  Manifesto / Principles
  • Agile Roles
  • Agile Planning
  • Agile Approaches and Methodologies / Agile Tools

2. Introduction to DevOps 

  • DevOps Principles
  • Automation
  • Configuration Management
  • Continuous Integration/Delivery/ Deployment/ Monitoring
  • SecDevOps

3. Agile Security & Control 

  • Agile Risk Management
  • Threat Modelling
  • Agile Life Cycle Controls
  • Building Security into Agile
  • Microsoft Security Development Lifecycle (SDL)
  • Security Stories / Security Verification
  • Key Control Practices

4. DevOps Security & Control 

  • Key Control Practices
  • DevOps Tools
  • Cloud and Virtualization

About the Speaker:

John Tannahill, CA, CISM, CGEIT, CRISC, CSX-P is a management consultant specializing in information security and audit services. His current focus is on cybersecurity and control in large information systems environments and networks.

John has taught the ISACA CSX Cybersecurity Fundamentals Course for many ISACA Chapters and in-house organizations. He also teaches the Cybersecurity Fundamentals Training Week course.

Specific areas of technical expertise include UNIX and Windows operating system security, network security, and database security. John is a frequent speaker in USA, Canada, Europe and Africa on the subject of cybersecurity and audit.

John is a member of the Toronto ISACA Chapter and has spoken at many ISACA Conferences and Chapter Events including ISACA Training Weeks.

2008 Recipient of the ISACA John Kuyer Best Speaker/Best Conference Contributor Award.

Session Outline:

This seminar will focus on the security and control issues related to Windows 10 Operating Systems and related technology and infrastructure components

1.     Windows 10 Operating System Concepts

  • Operating System Overview
  • Key Differences from Windows 8; Windows 7; Windows XP
  • Versions
  • Windows Update

2.   Windows10 Security Overview

  • VBS Security
  • Secure Boot
  • Local Security Policy
  • User Accounts and Passwords
  • Windows Hello
  • Passport
  • Credential Guard
  • Device Guard
  • Windows Defender
  • User Access Control
  • Security Event Logs
  • Encryption
  • Bitlocker
  • Applocker
  • Microsoft Edge Security
  • Windows Firewall

3.   Enterprise Components

  • Understanding Enterprise Components and Infrastructure
  • Windows 2012 /2016 Server security
  • Key Active Directory security areas for Member Workstations
  • Client Security Baselines
  • Network Access Protection
  • Remote Desktop

About the Speaker:

John Tannahill, CA, CISM, CGEIT, CRISC, CSX-P is a management consultant specializing in information security and audit services. His current focus is on cybersecurity and control in large information systems environments and networks.

John has taught the ISACA CSX Cybersecurity Fundamentals Course for many ISACA Chapters and in-house organizations. He also teaches the Cybersecurity Fundamentals Training Week course.

Specific areas of technical expertise include UNIX and Windows operating system security, network security, and database security. John is a frequent speaker in USA, Canada, Europe and Africa on the subject of cybersecurity and audit.

John is a member of the Toronto ISACA Chapter and has spoken at many ISACA Conferences and Chapter Events including ISACA Training Weeks.

2008 Recipient of the ISACA John Kuyer Best Speaker/Best Conference Contributor Award.

Session Outline:

This talk provides insights on how to motivate others. Delegates will discover that the art of leadership is not getting people to do what we want done. This is the Jack-ass practice of leadership that requires the constant presence of carrot and stick. The art of leadership is getting people to want to do what we want done. When they want to do it for themselves they become self-motivated. As a leader we can inspire that desire through the kind of relationship we build with them. People will be lead by people who they know, like and trust. This session will help anyone to build that connection.

Delegates will learn ten key leadership-building skills:

  • The Zulu principle of Ubuntu or connection
  • Express appreciation
  • Power listening
  • Open, honest communication
  • Business at the speed of trust
  • Resolve conflict by responding instead of reacting
  • Respect the other person’s free will
  • Express positive expectations
  • Focus on making it right rather than being right
  • Do what they say

About the Speaker:

Justin Cohen is the author of four books and seven audiobooks. He hosted a television talk show in which he interviewed some of the world’s top experts on success. As a leading authority on human potential, with an honours degree in Psychology, Justin speaks and trains in the fields of motivation, sales, service and leadership. Having spoken professionally for twelve years, he has presented in thirteen different countries, and in virtually every industry, to an average of eight thousand people annually. Justin is a Certified Speaker Professional and Southern African Speaker Hall of Fame inductee.

Session Outline:

Digital innovation hubs are ecosystems of researchers, software developers, digital makers, business tech startups, SME’s, as well as corporate clients and investors in innovation, collaborating to produce new forms of value. These collaborative working spaces may include incubator and accelerator facilities. They focus on the ICT production and service sectors, as well as on digital technologies as enablers in all industries and sectors, creating digital applications (apps), software platforms, 3D-printed manufactures, data analytics and solutions, ranging from e-health to smart homes and smart cities, as well as applications for the aviation, education, energy, retail and other sectors. In 2017, most of the 50 or more tech hubs in South Africa have a digital presence, either as a dominant or as a supporting characteristic. The partnership arrangements that evolve in this environment create risk for partner firms engaged in external forms of value creation and their financial and in-kind investments require effective governance arrangements for mutual benefit, with respect to (i) financial governance and (ii) the governance of intellectual property rights. These issues are briefly examined in this session, as a basis for discussion. Participants will receive a folder with an overview paper, a bibliography and a few relevant articles.

About the Speaker:

Luci Abrahams (PhD) is Director of the LINK Centre, Wits University, which researches social and economic change in digital knowledge-based economies. She has led or participated in studies and strategy design projects, including knowledge governance in digital tech hubs in South Africa; an approach to health e-services design in Egypt and South Africa; the history of the Internet in South Africa; and the electronic communications environment in the countries of the SADC region. She is Corresponding Editor of the DHET-accredited publication The African Journal of Information and Communication since 2008.  In addition to her university-based work, Luci has served as Council Member of the National Advisory Council on Innovation and Chairperson of its Science, Engineering and Technology for Women Committee; as Board Member of the National Research Foundation; as Board Member of the State Information Technology Agency; and as Board Member of the Development Bank of Southern Africa and Chairperson of its Knowledge Strategy Committee.

Session Outline:

The Digital era is enabling closer alignment between IT and the wider organisation. IT professionals and business leaders need to work together for the benefit of the wider organisation. There is a transition from IT (Information Technology) to BT (Business Technology). In this transition IT leaders are expected to act more as coachers and advisors to business leaders, business leaders are expected to become more technology savvy and take more accountability for technology decision-making, implementation and adoption. In this transition IT leadership is no longer accountable for technology decision-making, this becomes a business leader responsibility. Will this transition lead to the demise of IT or will this transition secure the future role of IT in organisations and IT becomes a true strategic partner? The transition from IT to BT, also raises questions around governance and risk. Some of these questions include what is effective governance and risk in the digital era and how to effectively govern and manage risk in the digital era, especially in the transition from IT to BT. These questions also have implications in terms of the leadership requirements for both IT and the business leadership. It is how organisations make this transition and deal with the requirements for leadership, governance and risk that will separate them from their competitors.

About the Speaker:

Professor Raj Siriram is Convenor at Wits LlNK centre, responsible for Digital and Innovation and Leadership. He is also Chief executive of Alpha concepts Pty (Ltd) a professional management and engineering consulting company, previously Operations executive at Plessey a Dimension Data company, Chief Information Officer at Dimension Data Middle East and Africa.  He was also Divisional managing director at Siemens Ltd, Manufacturing systems manager at GE, and Manufacturing manager at Alstom. Raj was also a board member of Siemens Botswana, board member of SAPICS SA and is also currently advisory board member of Global Actionable Innovation (GAI) a Global venture capitalist company. Raj also served on the executive management at Siemens, Dimension data and Plessey.

He has a wide range of industrial experience from business development, project management, Information technology, supply chain management, performance management, business engineering and manufacturing.  Raj has more than 15 years’ experience at an executive level. He is also a visiting adjunct professor at the University of the Witwatersrand in the School of Mechanical, Industrial and Aeronautical engineering. His research interests are in technology management, enterprise engineering, project management and systems engineering. Raj is registered with the engineering council of South Africa.  He holds a Ph.D. in Industrial Engineering from the University of Witwatersrand, School of Mechanical, Industrial and Aeronautical Engineering. He is also a fellow member of the Institute of Directors, member of the South African Institute of Industrial Engineers, member of the Engineering council of South Africa, and many other professional bodies.

Session Outline:

Check back for details!

About the Speaker:

With many strings to her bow, Rapelang has served on the board  of pan-African asset management, private equity and advisory firm Nisela Capital for many years and, as of October 2016, was appointed executive director of this burgeoning enterprise that is geared to building more black industrialists. Amongst other board roles, Rapelang also serves as a Member of the Advisory Board of Project Literacy – a campaign founded and convened by Pearson to address global illiteracy levels.

It is through technology that Rapelang’s childhood curiosity in the workings of the world and sheer belief in finding more effective ways of doing things has come full circle. As a speaker, she passionately spreads this message of improvement through innovation and her visionary insights continue to change the mind-sets of organisations for increased adaptability and productivity in the working world of today.

She has wide exposure to tech and business, from telecoms through her first startup, Yeigo; to fintech as a board member for Moro Group, an ICT and payment services group headquartered in Botswana; to social innovation as a Global Shaper of the World Economic Forum; to green tech as a board member for Meniko Records Management Services, a digital records & document management company; to financial advisory and private equity as a director of Nisela Capital; to trend analysis as part of World Economic Forum Global Agenda Council for Software and Society.

Rapelang regularly speaks at local and international conferences and events and has shared a stage with the likes of President Paul Kagame of Rwanda and Prof Mohammed Yunus of Grameen Bank.

Session Outline:

The South African as well as international governance, compliance and information security landscape is evolving at a rapid pace. If misinterpreted and misunderstood within the context of an organisation’s strategic objectives, the various governance models and enforcement approaches may lead to uncertainty of control prioritisation, impact to the business and ultimately, inconsistent management and implementation of relevant controls.

Considering this and the increase of organisations’ global business operations, there are heightened expectations from senior stakeholders. For these stakeholders it is critical to bridge the governance and information security landscape to ensure:

  • An understanding of the various governance requirements (regulation, codes and frameworks)
  • The ability to articulate the competitive advantage and value creation from good governance practices
  • A strategy to prioritise alignment efforts with the business growth strategy; and
  • Appropriate and effective control implementation
  • Evidencing accountability for good governance practices

We will explore the local and international impacts of regulation and related corporate governance requirements in line with information security efforts in organisations to identify leverage points and practical solutions.

About the Speaker:

Sandhya Mohan-Pillai (CISA, CGEIT, CISM) has over 17 years of IT Consulting experience with a specific focus on IT and Information Security Governance, IT strategy and Risk management. Sandhya is currently a Principle Consultant in Mobius Consulting and leads the Mobius practice in Johannesburg. Sandhya’s experience in IT and Information security governance and consulting extends to KPMG, as an Associate Director, as well as Investec’s internal audit and Operational risk management where she was responsible for setting up the people, process and capability aligned to best practices. During her most recent involvement at Mobius specifically, she has assisted organisations in remediation efforts to help clients with the design, development` and implementation of their Third Party Risk management frameworks, IT and Information governance frameworks, and key risk initiatives.

Session Outline:

This presentation takes an alternative look at identifying vulnerabilities at a root cause level by determining the actual threats and rectifying the issue at the source. The presentation delves into practical methods detailed through case studies of what makes up effective vulnerability governance. This process identifies critical assets and details real-world effective methods to reduce risk in your business environment while looking at performing a holistic information security through a “defence-in-depth” approach.

The presentation answers the following questions:

  1. Why is vulnerability management so important for my organisation?
  2. What constitutes as effective vulnerability management?
  3. What are the ramifications of not having effective vulnerability governance?
  4. Why vulnerability governance is more holistic than just management of vulnerabilities?
  5. What are best approaches to defence against vulnerabilities being exploited?

The presentation will run through a pragmatic approach to the following:

  1. Determining which are the critical assets to protect.
  2. Determining the organisational threats and analysing the effects of that these vulnerabilities on those assets.
  3. Prioritisation of vulnerabilities and what are quick wins or require a longer-term strategy to remediation the issues.
  4. Identification of false positives and what can be done about them.
  5. Making use of misconfiguration/non-compliance reports to improve the security posture.
  6. Reporting and management of these vulnerabilities and non-compliance and how this can lead to better information security management.

This approach will be detailed from client case-studies where these techniques have been used to address vulnerability management as a holistic information security process and embed these security best practices in organisations.

About the Speaker:

Terence is Managing Consultant at Mobius Consulting, specialising in Information Security and is active in the vulnerability governance field, managing projects and performing consulting services for clients in various industries. Terence is also currently the President for (ISC)² Gauteng for the past 2 years and was previously on the ISACA SA Board for 4 years in the role of the KZN Chapter Coordinator. Terence currents hold the CISA, CRISC and CISM certifications from ISACA with CISSP certification from (ISC)2.

Terence has 10 years of Information Security experience from a consulting and IT audit perspective, with experience in financial, retail, insurance, mining, energy and academic institutions. Terence’s experience has also covered governance of information security including PCI DSS by assisting companies with their compliance in the cardholder data domain, as well as information security gap assessments involving ISO 27001/2, COBIT and NIST frameworks.

Terence has focused efforts around assisting clients with vulnerabilities with identification, monitoring and remediation of the vulnerabilities, by consulting from a holistic viewpoint of vulnerability management.

Session Outline:

With much fanfare, the US House of Representatives established an Office of Inspector General as part of its governance and oversight reforms in its Contract with America.  Fast forward ten years to 2004: the office suffered from low employee morale, was disconnected from key stakeholders, and was not prepared for the challenges of the 21st Century.  Join the Honorable Theresa Grafenstine as she discusses the key ingredients for (re)building and maintaining a highly effective audit organization.  She will provide a proven strategy for developing high-performing audit teams, providing value-added products, expanding internal audit’s influence, strengthening relationships with key stakeholders, and developing the next generation of audit leaders.

About the Speaker:

In 2010, the Honorable Theresa M. Grafenstine was named the Inspector General of the U.S. House of Representatives (House). She has served for twenty-five years in the Inspector General community in both the legislative and executive branches of the US Government.  As the Inspector General, she is responsible for planning and leading independent, non-partisan audits, advisories, and investigations of the financial and administrative functions of the House.

She is also an active volunteer in support of the information technology, governance, internal auditing, and accounting professions. Ms. Grafenstine currently serves on the board of directors of the Association of International Certified Professional Accountants (AICPA).

She is also the Chairman of the international board of directors of ISACA and provides financial oversight as the audit committee chairman of the Pentagon Federal Credit Union.

She has received numerous awards and accolades, including the Golden Gov Federal Executive of the Year and, most recently, the Greater Washington Society of CPAs “2016 Women to Watch” and “2016 Outstanding CPA in Government” awards.

Ms. Grafenstine holds a bachelor’s degree in Accounting. She is also a Certified Public Accountant (CPA), a Certified Internal Auditor (CIA), Certified Government Auditing Professional (CGAP), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise Information Technology (CGEIT), Certified in Risk and Information Systems Control (CRISC), and a Chartered Global Management Accountant (CGMA).

Session Outline:

Data and Analytics (D&A) increasingly shapes our world. Complex analytics are delivering better, faster decisions and this is driving rapid investment across all business sectors. The impact of analytics goes far beyond organisational boundaries and underpins many of the most important decisions that we make as individuals and societies.
D&A holds the power to unlock untold value but first you need to trust what it is telling you. In 2016 KPMG International commissioned Forrester Consulting to examine the power of trust in D&A by exploring organisations’ capabilities across four anchors of trust; Quality, Effectiveness, Integrity and Resilience. The survey highlighted that 60% of organisations are not confident in their D&A insights and only 42% of the organisation are using D&A effectively. This creates a huge opportunity for institutions to step up their game and begin leveraging more sophisticated D&A techniques.
Trust in analytics, like trust in products or people, is often driven by a combination of two things: its perceived trustworthiness and evidence of its actual trustworthiness.
During the session we will unpack what trusted analytics means for your organisation and how strengthening the four anchors will assist in unlocking value.

About the Speaker:

Vaughan Mason is a Senior Manager leading the Technology Advisory Data & Analytics service offering within KPMG South Africa. He is a Data Architect with a strong technical focus in data analytic and over ten years of experience leading data related projects. Is currently furthering his knowledge in Data Science whilst looking at being able to deliver more data related solution using cloud technologies. He is a leading Subject Matter Expert in Advance Analytics solutions and uses Data & Analytics to unlock hidden value for organisations.

CISA Class

Intensive CISA exam preparation training! Click here for the full workshop outline.

CRISC Class

Intensive CRISC exam preparation training! Click here for the full workshop outline.

Cybersecurity Class

Cybersecurity Risk, Control & Audit training! Click here for the full outline.

Sponsorship Opportunities

Partnering with ISACA means more than making the right contacts; it means being an insider. It means being connected to the right people with the right level of influence, and it means you are allied with a globally respected organisation and leader in the IS & IT industry. Experience the power of partnership with ISACA. Sponsorship packages are designed to provide a solid platform to help you stand out and make an impact. Our programmes allow you to achieve your marketing goals and deliver a maximum return on your investment. We have developed sponsorship packages to help your organisation meet its objectives and reach your target market in the IS & IT professions.

Interested? Please download the Sponsorship Agreement and submit the completed from by no later than Friday, 30 June 2017.

We look forward to partnering with you!

The Venue
  • Sandton Convention Centre 161 Maude St, Sandton, Johannesburg, 2196
  • To book accommodation at special ISACA SA conference rates, please click here.
Sponsors

Diamond

Wolters-Kluwer-TeamMate-Logo

Platinum

Darktrace

Silver

 

ey-png1-200x197

SNG-LOGO

 

Display

Mobius-Group-logo-CMYK-colour

Mobile App & WiFi Sponsor

BST_LOGO