Technology and Cybersecurity Risk Management
December 13 – 14, 2017 – Toronto
Information, technology and cybersecurity risk management are near the top of every organization’s priority list. In many cases, however, the subject remains the responsibility of compliance and IT departments despite the pervasive financial, reputational and regulatory risks they represent.
Dealing with an intangible, unpredictable risk to your business that presents tremendous financial, reputational and regulatory threats is a difficult task to grasp, to budge and to keep firmly on the agenda…until disaster strikes.
Technology and Cybersecurity Risk Management leads you through the essential elements required to manage and mitigate the operational impact of these looming, and seemingly inevitable, risks including:
- IT/Cybersecurity Risks In The Enterprise Risk Management Plan
- Identifying Sources of IT Risk and Tactics to Manage/Reduce Risk
- Cybersecurity and Risk Mitigation – Not “If” But “When” and Dealing with “Cyber-Fatigue”
- Personal Data Management and Protection
- Third Party Risk Management – IT and Cybersecurity
- Risk-Based Risk Management – Why Controls/Audit Are Not Enough
- Monitoring and Detecting Threats Including the Use of Analytics
- Quantifying Cyber Risk in Economic Terms
- Case Study: Examining a Breach and Recovery – What a Recovery Plan Looks Like
- Cybersecurity/IT Insurance Coverage – Ins and Outs of Risk Mitigation
- Current Cybersecurity Legal Risks and Requirements
- SOX, Certification, Financial Reporting and Disclosure
Technology and Cybersecurity Risk Management will provide tools to effectively identify the full scope of your risk exposure, methods to make practical assessments of these exposures and how to implement best practices to prevent attacks and respond to them when they occur.
Almost every organization has far more questions than actionable answers. Take advantage of this opportunity to obtain the most up-to-date information available from leading authorities. Technology and Cybersecurity Risk Management leads you through the essential elements required to manage and mitigate the operational impact of these looming, and seemingly inevitable, risks. As well, come with your key questions in hand to ask to the experts to advance your own agenda and gain valuable insights.
November 1, 2017
November 15, 2017
November 15, 2017
|Technology & Cybersecurity||$1,999.00 + HST||$2,099.00 + HST||$2,199.00 + HST|
Our HST Number: R862562543
Group Discount: Fourth Delegate FREE!
If three individuals from one organization register at the same time, a fourth person may also be registered to attend free of charge. The free registration must be of equal or lesser value than the paid registrations. Please contact us to arrange for attendance of larger groups.
Your Registration Includes
Registration fees include all conference materials, continental breakfast, lunch and refreshments. Parking and accommodation are not included.
FREE CONFERENCE WORKBOOK
As a registered delegate, you will receive a complete set of conference materials. These materials will serve as an invaluable guide, both during and after the event. The workbook will be distributed on the morning of the first day beginning at 8:00 a.m.
Substitutions may be made at any time. If you are unable to attend, please make cancellations in writing and fax to (416) 504-6978 prior to 5:00 p.m. on November 30, 2017. A credit voucher will be issued to you for the full amount, redeemable against any other Acumen conference. If you prefer, you may request for a refund of fees paid less $250 administration fee. Registrants who cancel after above date will not be eligible to receive any credits or refunds and are liable for the entire registration fees.
Confirmed delegates who do not cancel before November 30, 2017, and fail to attend will be liable for the entire registration fees.
Acumen Information Services reserves the right to change the date, location and content for the event(s) offered herein without further notice and assumes no liability for such changes.
Early Bird Registration Discount
Register prior to to November 15, 2017 and you will obtain the following additional savings:
|Second delegate:||$100 Discount|
|Third delegate:||$150 Discount|
Please indicate that you are eligible for this offer on the registration page or your registration form if you are mailing in your registration.
Location – Accommodation
The venue for this event is has not been finalized. Once venue details are available delegates will be notified by email.
Delegates can register at the Acumen service desk beginning at 8:00 a.m. on the morning of the first day of the conference. Registration fees do not include hotel accommodation.
Program - December 13
9:00 a.m. – 9:05 a.m.
Opening Remarks from the Chair
Eugene Atangan, A.V.P. Operational Risk Management, TD Bank Group
9:05 a.m. – 10:00 a.m.
IT/Cybersecurity Risks In The Enterprise Risk Management Plan
Paul Hanley, Partner, Deloitte LLP
- An overview of new & emerging cybersecurity risks
- Understanding IT risks in your organization
- identifying external threats
- internal sources of risk - personnel, contractors, third party vendors
- Implications of IT/cybersecurity risks - financial, reputational, regulatory
- Breaking down silos – integrating IT/IT risk management with broader organization
- How Boards are reacting to security breaches and IT risks – concerns and expectations
- Dealing with IT and cybersecurity risks as business risks – leveraging your ERM plan
- IT risk management’s missing link – connecting IT frameworks (COBIT, ISASCA) to the broader enterprise risk management framework to achieve corporate goals
- Developing a risk appetite statement for IT risk
- Understanding the limits of a controls-based framework to manage risk – when is there a need for a risk-based approach to ITRM
- Quantifying IT risk management expenses and the cost of losses from hacks/theft – tackling the security budgeting challenge
- Creating your IT risk dashboard including key risk indicators (KRIs) and key performance indicators (KPIs)
- Practical examples and insights from working experiences
10:00 a.m. – 11:00 a.m.
Identifying Sources of IT Risk and Tactics to Manage/Reduce Risk
Yassir Bellout, Partner, Cyber Security, KPMG LLP
- Highlighting risks from established IT/communications technology
- Considerations for risks arising from more recent and emerging technologies
- cloud computing
- payment technologies
- mobile/connnected devices
- artificial intelligence
- Ensuring your risk appetite documentation anticipates and enables new technology adoption
- Issues in developing risk management strategies for new and unfamiliar applications
- Methodologies to consider for the introduction of technology to the organization from a risk management perspective
11:00 a.m. – 11:15 a.m. – Morning Networking Break
11:15 a.m. – 12:15 p.m.
Cybersecurity and Risk Mitigation – Not “If” But “When” and Dealing with “Cyber-Fatigue”
Marcus Troiano, Principal Consultant, Strategic Cybersecurity Services, Mandiant – A FireEye Company
- Overview of today’s cybersecurity threat landscape
- who are the attackers?
- what are their objectives?
- understanding their targets and why they were chosen
- effects of attacks on business organizations
- insights on attacks the media do not cover
- Examples of attacks and what was learned from them
- What role have “insiders” played in cybersecurity attacks?
- Attacks resulting in physical damage to IT infrastructure/loss of assets
- Establishing defences and mitigation tools to counter an unseen, dynamic threat
- Examination of best practices and leading mitigation tools
12:15 p.m. – 1:15 p.m. – Luncheon
1:15 p.m. – 2:15 p.m.
Personal Data Management and Protection
Jordan Prokopy, Director and Privacy Practice Leader, PricewaterhouseCoopers LLP
- Personal data protection landscape and trends in Canada and globally
- Regulatory requirements for personal data management and protection
- breach notification
- personal data inventorying and mapping
- individual access/correction/erasure rights
- data protection impact assessments and privacy by design
- Technology’s role in data protection
2:15 p.m. – 3:15 p.m.
Third Party Risk Management – IT and Cybersecurity
Gus Leite, Director Risk Assurance, PricewaterhouseCoopers LLP
- Identifying third parties creating risk exposures
- outsourced IT management
- IT and communications service providers
- cloud computing services
- Tackling the challenge of third parties providing services to your third parties – how to control the supply chain
- Steps to take prior to entering into outsourcing agreements
- How to monitor risks associated with third parties
- How cyber attacks use third parties to gain access to primary targets
- What to do beyond contract requirements
- Can using analytics assist in managing third party risks?
- Regulatory requirements for third party risk management
- Frameworks and processes available to utilize
3:15 p.m. – 3:30 p.m. – Afternoon Networking Break
3:30 p.m. – 4:30 p.m.
Risk-Based Risk Management – Why Controls/Audit Are Not Enough
Jason Murray, Senior Manager, MNP LLP
- Clarifying the objectives and limitations of internal control
- Why internal audit cannot do it all
- How a risk-based management process moves from reaction and complacency to risk anticipation and response
- Everything starts with realistic risk assessment – what does “low tolerance” really mean to an organization?
- Evaluation of cybersecurity risks using similar methodology to other risks
- Basing decisions on knowing acceptable risks and quantifying potential loss
- ISO 27001 and NIST – best practices frameworks
End of Day 1
Program - December 14
9:00 a.m. – 9:05 a.m.
Opening Remarks from the Chair
Eugene Atangan, A.V.P. Operational Risk Management, TD Bank Group
9:05 a.m. – 9:50 a.m.
High Definition Threat Detection – How to Enhance Cyber Hunting with Analytics
Naveed Islam, Manager, KPMG LLP
- Cybersecurity landscape – evolving threat capabilities and monitoring/detection tactics
- Security relevant data sources (internal and external)
- The traditional security monitoring model and use case development
- The model that works
- What are analytics in the cybersecurity context?
- The right place for analytics in security operations
- How to assess maturity of your cybersecurity operations
9:50 a.m. – 10:45 a.m.
Quantifying Cyber Risk in Economic Terms
Jack Jones, Co-Founder and E.V.P. Research and Development, Risk Lens
- How and why current risk measurement methods fail
- Common misperceptions regarding cyber risk quantification and why they’re wrong
- The two models required for solid cyber risk quantification
- Distinguishing direct losses from broader and sometimes more subtle fallout
- The hard part of risk quantification (and it isn’t data)
- The real differences between qualitative and quantitative risk measurement
- How to lay the foundation for effective risk measurement in your organization
10:45 a.m. – 11:00 a.m. – Morning Networking Break
11:00 a.m. – 12:00 p.m.
Case Study: Examining a Breach and Recovery – What a Recovery Plan Looks Like
Seyed Hejazi, Manager, Ernst & Young LLP
- Dissecting a cyber attack – planning a response
- Identifying the essential matters to address and considering priority
- Key communications issues
- Do regulators need to be notified? External stakeholders?
- Examples of incidents and how the fallout was handled – what has been learned?
- What should be built into a recovery plan and allocating responsibilities
- Getting the recovery plan off paper – how to ensure timely, effective response
- Post-recovery considerations and modifying a pre-attack recovery plan
12:00 p.m. – 1:00 p.m. – Luncheon
1:00 p.m. – 2:00 p.m.
Cybersecurity/IT Insurance Coverage – Ins and Outs of Risk Mitigation
Catherine Evans, Vice President, Marsh McLennan
- How to think about and quantify cyber risk
- Traditional insurance coverages and cyber risk
- What do cyber policies cover and what's not covered?
- Key coverage considerations
- Underwriting process and the information required
- Sample loss scenarios and claims concerns
- Market trends
2:00 p.m. – 3:00 p.m.
Current Cybersecurity Legal Risks and Requirements
Alex Cameron, Partner, Fasken Martineau DuMoulin LLP
- PIPEDA (Personal Information and Protection and Electronic Documents Act) and Digital Privacy Act
- when to notify individuals and report to the Commissioner
- requirement to notify related third party organizations to mitigate risk
- mandatory record-keeping for breaches
- enforcement and penalties
- provincial regulations mirroring PIPEDA
- Canadian Security Administrators - CSA Staff Notice 11-332
- OSFI and cybersecurity
- Litigation and class action risks arising from cybersecurity breaches
- summary and update of the latest cases and trends
- potential liability for privacy breaches
- lessons learned from how plaintiffs frame their claims
- the importance of effective incident response
- effective legal risk management
This event has been developed with the professional responsibilities of our audience as our focus. As well, auditors, financial advisors, analysts, lawyers and other advisory professionals would benefit from staying current on the information provided at this timely event. In particular, our experience indicates that individuals in the following positions would mostly likely be in attendance:
- Chief Financial Officers
- Chief Risk Officers
- Chief Accountants
- Chief Compliance Officers
- VPs, Directors and Managers
- Risk Management/Reporting
- Technology and Data Security
- Financial Reporting
- Regulatory Accounting
- Internal Auditors
- Audit Committee Members
- Corporate Counsel
- Audit and Assurance Professionals
- Industry Regulators and Standard Setters
- Financial Analysts
To obtain a copy of the brochure, please send a request to the email below or click on the image of the brochure on this page.
e-mail at email@example.com
Comments From Participants Attending Acumen Conferences –Information You Can Work With
“Top class expertise on the issues from a good variety of backgrounds. They are excelent speakers and made a difficult subject understandable. Very well organized and the topic was well covered”
“Best conference I’ve ever attended.”
Senior Manager, Enterprise Hedge Accounting and Derivative Reporting
Royal Bank of Canada
“Suffice it to say that the conference delivered on my expectations…A lot has been taken away from this conference…$ well spent…”
V.P. Risk Management Advisory
New Brunswick Credit Union Stabilization Board
“This seminar was fantastic - very informative and has some extremely interesting and knowledgeable speakers”
Manager, Corporate Accounting
“The (2) days were eye opening. It definitely gives me a better idea of the areas to focus more of my time”
Supervisor Finance & IS
Highland Valley Copper
“Excellent presentation of new standards and how the various concepts relate/come together”
Manager, External Reporting
Potash Corporation of Saskatchewan Inc.
“Speakers were very knowledgeable, materials were current…examples and materials were relevant and well presented.”
“Well rounded. Good flow.”
Manager, Capital Risk
To submit questions to be answered at the conference, please send us an email at this address at firstname.lastname@example.org
Limited sponsorship and exhibition options are available for this event, including
• Cocktail reception
• Luncheon sponsorship
• Breakfast sponsorship
• Booth/exhibit space
For more information, or to check availability,
please contact us by phone at (416) 504-6952
or by e-mail at email@example.com