Technology and Cybersecurity Risk Management 

December 13 – 14, 2017 – Toronto

Information, technology and cybersecurity risk management are near the top of every organization’s priority list. In many cases, however, the subject remains the responsibility of compliance and IT departments despite the pervasive financial, reputational and regulatory risks they represent.

Dealing with an intangible, unpredictable risk to your business that presents tremendous financial, reputational and regulatory threats is a difficult task to grasp, to budge and to keep firmly on the agenda…until disaster strikes.

        Technology and Cybersecurity Risk Management leads you through the essential elements required to manage and mitigate the operational impact of these looming, and seemingly inevitable, risks including:

  • IT/Cybersecurity Risks In The Enterprise Risk Management Plan
  • Identifying Sources of IT Risk and Tactics to Manage/Reduce Risk
  • Cybersecurity and Risk Mitigation – Not “If” But “When” and Dealing with “Cyber-Fatigue”
  • Personal Data Management and Protection
  • Third Party Risk Management – IT and Cybersecurity
  • Risk-Based Risk Management – Why Controls/Audit Are Not Enough
  • Monitoring and Detecting Threats Including the Use of Analytics
  • Quantifying Cyber Risk in Economic Terms
  • Case Study: Examining a Breach and Recovery – What a Recovery Plan Looks Like
  • Cybersecurity/IT Insurance Coverage – Ins and Outs of Risk Mitigation
  • Current Cybersecurity Legal Risks and Requirements
  • SOX, Certification, Financial Reporting and Disclosure

        Technology and Cybersecurity Risk Management will provide tools to effectively identify the full scope of your risk exposure, methods to make practical assessments of these exposures and how to implement best practices to prevent attacks and respond to them when they occur.

Almost every organization has far more questions than actionable answers.  Take advantage of this opportunity to obtain the most up-to-date information available from leading authorities.  Technology and Cybersecurity Risk Management leads you through the essential elements required to manage and mitigate the operational impact of these looming, and seemingly inevitable, risks. As well, come with your key questions in hand to ask to the experts to advance your own agenda and gain valuable insights.

Registration Fees

November 1, 2017  
November 15, 2017  
November 15, 2017  
 Technology & Cybersecurity    $1,999.00 + HST $2,099.00 + HST $2,199.00 + HST

Our HST Number: R862562543

Group Discount: Fourth Delegate FREE!

If three individuals from one organization register at the same time, a fourth person may also be registered to attend free of charge. The free registration must be of equal or lesser value than the paid registrations. Please contact us to arrange for attendance of larger groups.

Your Registration Includes

Registration fees include all conference materials, continental breakfast, lunch and refreshments. Parking and accommodation are not included.


As a registered delegate, you will receive a complete set of conference materials. These materials will serve as an invaluable guide, both during and after the event. The workbook will be distributed on the morning of the first day beginning at 8:00 a.m.

Cancellation Policy

Substitutions may be made at any time. If you are unable to attend, please make cancellations in writing and fax to (416) 504-6978 prior to 5:00 p.m. on November 30, 2017. A credit voucher will be issued to you for the full amount, redeemable against any other Acumen conference. If you prefer, you may request for a refund of fees paid less $250 administration fee. Registrants who cancel after above date will not be eligible to receive any credits or refunds and are liable for the entire registration fees.

Confirmed delegates who do not cancel before November 30, 2017, and fail to attend will be liable for the entire registration fees.

Acumen Information Services reserves the right to change the date, location and content for the event(s) offered herein without further notice and assumes no liability for such changes.

Early Bird Registration Discount

Register prior to to November 15, 2017 and you will obtain the following additional savings:

Second delegate: $100  Discount
Third delegate: $150  Discount
Fourth delegate: FREE

Please indicate that you are eligible for this offer on the registration page or your registration form if you are mailing in your registration.

Location – Accommodation

The venue for this event is :

Novotel Toronto Center
45 The Esplanade
Toronto, Ontario
M5E 1W2

Toll free  - 1-800-668-6835

Delegates can register at the Acumen service desk beginning at 8:00 a.m. on the morning of the first day of the conference. Registration fees do not include hotel accommodation.

Program - December 13

9:00 a.m. –  9:05 a.m.
Opening Remarks from the Chair

Eugene Atangan, A.V.P. Operational Risk Management, TD Bank Group

9:05 a.m. – 10:00 a.m.
IT/Cybersecurity Risks In The Enterprise Risk Management Plan

Paul Hanley, Partner, Deloitte LLP

  • An overview of new & emerging cybersecurity risks
  • Understanding IT risks in your organization
    • identifying external threats
    • internal sources of risk - personnel, contractors, third party vendors
  • Implications of IT/cybersecurity risks - financial, reputational, regulatory
  • Breaking down silos – integrating IT/IT risk management with broader organization
  • How Boards are reacting to security breaches and IT risks – concerns and expectations
  • Dealing with IT and cybersecurity risks as business risks – leveraging your ERM plan
  • IT risk management’s missing link – connecting IT frameworks (COBIT, ISASCA) to the broader enterprise risk management framework to achieve corporate goals
  • Developing a risk appetite statement for IT risk
  • Understanding the limits of a controls-based framework to manage risk – when is there a need for a risk-based approach to ITRM
  • Quantifying IT risk management expenses and the cost of losses from hacks/theft – tackling the security budgeting challenge
  • Creating your IT risk dashboard including key risk indicators (KRIs) and key performance indicators (KPIs)
  • Practical examples and insights from working experiences

10:00 a.m. – 11:00 a.m.
Identifying Sources of IT Risk and Tactics to Manage/Reduce Risk

Yassir Bellout, Partner, Cyber Security, KPMG LLP

  • Highlighting risks from established IT/communications technology
  • Considerations for risks arising from more recent and emerging technologies
    • cloud computing
    • payment technologies
    • mobile/connnected devices
    • blockchain
    • artificial intelligence
  • Ensuring your risk appetite documentation anticipates and enables new technology adoption
  • Issues in developing risk management strategies for new and unfamiliar applications
  • Methodologies to consider for the introduction of technology to the organization from a risk management perspective

11:00 a.m. – 11:15 a.m. – Morning Networking Break

11:15 a.m. – 12:15 p.m.
Cybersecurity and Risk Mitigation – Not “If” But “When” and Dealing with “Cyber-Fatigue”

Marcus Troiano, Principal Consultant, Strategic Cybersecurity Services, Mandiant – A FireEye Company

  • Overview of today’s cybersecurity threat landscape
    • who are the attackers?
    • what are their objectives?
    • understanding their targets and why they were chosen
    • effects of attacks on business organizations
    • insights on attacks the media do not cover
  • Examples of attacks and what was learned from them
  • What role have “insiders” played in cybersecurity attacks?
  • Attacks resulting in physical damage to IT infrastructure/loss of assets
  • Establishing defences and mitigation tools to counter an unseen, dynamic threat
  • Examination of best practices and leading mitigation tools

12:15 p.m. – 1:15 p.m.  –  Luncheon

1:15 p.m. – 2:15 p.m.
Personal Data Management and Protection

Jordan Prokopy, Director and Privacy Practice Leader, PricewaterhouseCoopers LLP

  • Personal data protection landscape and trends in Canada and globally
  • Regulatory requirements for personal data management and protection
    • breach notification
    • retention/destruction
    • personal data inventorying and mapping
    • individual access/correction/erasure rights
    • data protection impact assessments and privacy by design
  • Technology’s role in data protection

2:15 p.m. – 3:15 p.m.
Third Party Risk Management – IT and Cybersecurity

Gus Leite, Director Risk Assurance, PricewaterhouseCoopers LLP

  • Identifying third parties creating risk exposures
    • contractors
    • vendors
    • outsourced IT management
    • IT and communications service providers
    • cloud computing services
  • Tackling the challenge of third parties providing services to your third parties – how to control the supply chain
  • Steps to take prior to entering into outsourcing agreements
  • How to monitor risks associated with third parties
  • How cyber attacks use third parties to gain access to primary targets
  • What to do beyond contract requirements
  • Can using analytics assist in managing third party risks?
  • Regulatory requirements for third party risk management
  • Frameworks and processes available to utilize

3:15 p.m. – 3:30 p.m. – Afternoon Networking Break

3:30 p.m. – 4:30 p.m.
Risk-Based Risk Management – Why Controls/Audit Are Not Enough

Jason Murray, Senior Manager, MNP LLP

  • Clarifying the objectives and limitations of internal control
  • Why internal audit cannot do it all
  • How a risk-based management process moves from reaction and complacency to risk anticipation and response
  • Everything starts with realistic risk assessment – what does “low tolerance” really mean to an organization?
  • Evaluation of cybersecurity risks using similar methodology to other risks
  • Basing decisions on knowing acceptable risks and quantifying potential loss
  • ISO 27001 and NIST – best practices frameworks


End of Day 1

Program - December 14

9:00 a.m. – 9:05 a.m.
Opening Remarks from the Chair

Eugene Atangan, A.V.P. Operational Risk Management, TD Bank Group

9:05 a.m. – 9:50 a.m.
High Definition Threat Detection – How to Enhance Cyber Hunting with Analytics

Naveed Islam, Manager, KPMG LLP

  • Cybersecurity landscape – evolving threat capabilities and monitoring/detection tactics
  • Security relevant data sources (internal and external)
  • The traditional security monitoring model and use case development
  • The model that works
  • What are analytics in the cybersecurity context?
  • The right place for analytics in security operations
  • How to assess maturity of your cybersecurity operations

9:50 a.m. – 10:45 a.m.
Quantifying Cyber Risk in Economic Terms

Jack Jones, Co-Founder and E.V.P. Research and Development, RiskLens

  • How and why current risk measurement methods fail
  • Common misperceptions regarding cyber risk quantification and why they’re wrong
  • The two models required for solid cyber risk quantification
  • Distinguishing direct losses from broader and sometimes more subtle fallout
  • The hard part of risk quantification (and it isn’t data)
  • The real differences between qualitative and quantitative risk measurement
  • How to lay the foundation for effective risk measurement in your organization

10:45 a.m. – 11:00 a.m. – Morning Networking Break

11:00 a.m. – 12:00 p.m.
Case Study: Examining a Breach and Recovery – What a Recovery Plan Looks Like

Seyed Hejazi, Manager, Ernst & Young LLP

  • Dissecting a cyber attack – planning a response
  • Identifying the essential matters to address and considering priority
  • Key communications issues
  • Do regulators need to be notified? External stakeholders?
  • Examples of incidents and how the fallout was handled – what has been learned?
  • What should be built into a recovery plan and allocating responsibilities
  • Getting the recovery plan off paper – how to ensure timely, effective response
  • Post-recovery considerations and modifying a pre-attack recovery plan

12:00 p.m. – 1:00 p.m. – Luncheon

1:00 p.m. – 2:00 p.m.
Cybersecurity/IT Insurance Coverage – Ins and Outs of Risk Mitigation

Catherine Evans, Vice President, Marsh McLennan

  • How to think about and quantify cyber risk
  • Traditional insurance coverages and cyber risk
  • What do cyber policies cover and what's not covered?
  • Key coverage considerations
  • Underwriting process and the information required
  • Sample loss scenarios and claims concerns
  • Market trends

2:00 p.m. – 3:00 p.m.
Current Cybersecurity Legal Risks and Requirements

Alex Cameron, Partner, Fasken Martineau DuMoulin LLP

  • PIPEDA (Personal Information and Protection and Electronic Documents Act) and Digital Privacy Act
    • when to notify individuals and report to the Commissioner
    • requirement to notify related third party organizations to mitigate risk
    • mandatory record-keeping for breaches
    • enforcement and penalties
    • provincial regulations mirroring PIPEDA
  • Canadian Security Administrators - CSA Staff Notice 11-332
  • OSFI and cybersecurity
  • Litigation and class action risks arising from cybersecurity breaches
    • summary and update of the latest cases and trends
    • potential liability for privacy breaches
    • lessons learned from how plaintiffs frame their claims
    • the importance of effective incident response
    • effective legal risk management




This event has been developed with the professional responsibilities of our audience as our focus.  As well, auditors, financial advisors, analysts, lawyers and other advisory professionals would benefit from staying current on the information provided at this timely event.  In particular, our experience indicates that individuals in the following positions would mostly likely be in attendance:

  • Chief Financial Officers
  • Chief Risk Officers
  • Chief Accountants
  • Chief Compliance Officers
  • VPs, Directors and Managers
    • Risk Management/Reporting
    • Finance
    • Technology and Data Security
    • Compliance
    • Accounting
    • Financial Reporting
    • Regulatory Accounting
  • Controllers
  • Internal Auditors
  • Audit Committee Members
  • Corporate Counsel
  • Audit and Assurance Professionals
  • Industry Regulators and Standard Setters
  • Financial Analysts

To obtain a copy of the brochure, please send a request to the email below or click on the image of the brochure on this page.

e-mail at

Comments From Participants  Attending Acumen Conferences –Information You Can Work With

“Top class expertise on the issues from a good variety of backgrounds. They are excelent speakers and made a difficult subject understandable. Very well organized and the topic was well covered”

Assistant Treasurer

“Best conference I’ve ever attended.”

Senior Manager, Enterprise Hedge Accounting and Derivative Reporting
Royal Bank of Canada

“Suffice it to say that the conference delivered on my expectations…A lot has been taken away from this conference…$ well spent…”

V.P. Risk Management Advisory
New Brunswick Credit Union Stabilization Board

“This seminar was fantastic - very informative and has some extremely interesting and knowledgeable speakers”

Manager, Corporate Accounting
Brascan Power

“The (2) days were eye opening. It definitely gives me a better idea of the areas to focus more of my time”

Supervisor Finance & IS
Highland Valley Copper

“Excellent presentation of new standards and how the various concepts relate/come together”

Manager, External Reporting
Potash Corporation of Saskatchewan Inc.

“Speakers were very knowledgeable, materials were current…examples and materials were relevant and well presented.”

Derivatives Accountant
Agrium Inc.

“Well rounded. Good flow.”

Manager, Capital Risk

To submit questions to be answered at the conference, please send us an email at this address at

Limited sponsorship and exhibition options are available for this event, including

• Cocktail reception
• Luncheon sponsorship
• Breakfast sponsorship
• Booth/exhibit space

For more information, or to check availability,
please contact us by phone at (416) 504-6952
or by e-mail at