|PROGRAM RISK EVENT 2020|
|9:30||OpeningRaef Meeuwisse - ISACA & Cyber Simplicity|
|9:45||Keynote: Why 3 lines of defense is not fit for digital innovationLokke Moerel - Cyber Security Raad|
|10:15||KeynoteSir Rob Wainright - Deloitte|
|ParallelSessions||IT Risk & Security||DIGITAL2TRANSFORM||CORPORATE||IN2TECHNO||Exposing Threats||ISACA Workgroups|
|11:15||From the basement to the boardroomStef Schinagl - VU||Peter Jacobs - McKinsey & Company||DiscussionLokke Moerel - Cyber Security Raad||Compliancy by DesignAstrid Karsten - Prowareness||Hacking ExposedRonald Pool - CrowdStrike||[TBA]|
|11:55||Implementing The Lessons From A Major Cyber-AttackStéfan Huyveneers - Maersk||Transformation into decision-makingPeter Kanbier & Aaldert Hofman Schiphol Group||Frans Leurink - 3D GeoSolutions en gloBld||When Cloud meets ConnectivityBart Oskam - Eurofiber||[TBA]||[TBA]|
|12:35||Prepare for the expectedRalf Willems - AON||Digital Transformation & Cyber ResilienceDeepinder Chhabra - Verizon UK Ltd; ISACA London Chapter||Wilco Lourens / Albert de Koning - KPN||Martijn Groeneweg - dmarcian Europe||True Tales of Phishing & Winning the FightIan Wallace - Cofense||[TBA]|
|14:15||Peter Kornelisse - EY||Milena Milicevic||[TBA]||Blockchain: A Tool for Risk ManagementJosina Rodrigues - Blockchain SVCS||[TBA]||Fokke Jan van der Tol - Data Governance Consult|
|14:55||Information Security Risk Management: Less Is More!Jolanta Kulicki - Royal HaskoningDHV||Gideon Haan - Hogeschool Saxion||Risk in Focus 2020Peter Hartog - IIA||Risk Management in hyperconnected value networksAndré Smulders - TNO||How do you identify your relevant vulnerabilities and how can you tackle them efficiently?Jerry Zwanenburg - Tenable||[TBA]|
|15:35||Beyond Russian hackers - Moscow's cyber landscapeAlex Bodryk - ISACA Moskow Chapter||Information Security risks and benefits when using Cloud ComputingJenny Boneva - ISACA Sofia Chapter||The digital risk does not end at the borders of your companyKoen Gijsbers - Cyber4Board; CyNation Ltd||Attention: The 'looks' of a Risky BusinessAnne-Marie Twigge - Twigge Agency||Exposing the asset and human criticalityRonald Kingma - Access42||[TBA]|
|17:45||Wrap UpJos Maas - President ISACA NL ChapterRaef Meeuwisse - Chairman of the day - ISACA & Cyber Simplicity|
|18:00||Drinks & Dinner|
ISACA NL organizes the annual Risk Event. With a wide variety / diversity of speakers and different main streams; Business risks, IT security risks and innovation and technical risks. Each stream contains different seminars, where the participant can choose the program that best suits his wishes and interests.
What issues worry the information and cybersecurity teams the most in 2020?
Raef is the author of many books on the topic of cybersecurity and social engineering, including the international best-seller Cybersecurity for Beginners. His practical experience includes managing major global security operations and security audit programmes and designing a successful commercial governance, risk management and compliance software platform.
The new digital technologies (and in particular artificial intelligence, AI) enable many new services that disrupt existing business models. The new business models in turn present new privacy issues and ethical dilemmas, and societal resistance to the excesses of the new data economy is becoming increasingly visible and urgent. It is a challenge for established companies to both drastically innovate in order to remain future-proof and at the same time take social responsibility. Research by MIT Sloan CISR (2019) reports that U.S. listed companies that have a digital savvy board show substantially better financial performance. What is a digital savvy board? What are the differences between the old and the new world? What are the new ethical dilemmas and how do you prevent making the same mistakes as Big Tech? Why does innovation fail so often within the existing structures of established companies? If innovation is better achieved in small and agile teams, how does this fit into the command and control structure of compliance-driven organizations, such as financial institutions? How do we ensure a more balanced discussion of the risks of implementing new technologies, which include risks if the company does not innovate? And why does the 3 lines of defense model for risk management insisted on by supervisory authorities has an inhibitory effect on innovation in practice? We will discuss how to navigate the new world and to ensure AI for the Good.
Leading global expert on new technologies and cyber, with proven track record on shaping frontier global AI projects, combining global data assets of multinationals in the financial services, health care, technology and recruitment sectors with the deep mind technologies of U.S. tech giants to create next generation AI solutions.
Senior of Counsel with the leading global technology law firm Morrison & Foerster (Berlin), Professor of of global technology & law at Tilburg University, member of the Dutch Cyber Security Council (the advisory body of the Dutch cabinet on cybersecurity), expert on cyber of the European Commission’s Horizon2020 Innovation Program and member of the Monitoring Committee of the Dutch Corporate Governance Code.
Lokke received the 2018 International Law Office Client Choice Award for Best Internet & Technology lawyer Germany and the 2018 Acquisition International Global Excellence Award for Most Influential Woman in Data Protection Law.
The evolution of the current threat is breaking down our trust in the integrity of IOT networks / Supply Chains / Data – How can we regain that trust through the use of technology, data and collaboration?”
Sir Rob Wainwright is a senior partner at Deloitte North South Europe, working within the firm’s global cyber security and financial crime practice. He previously served as Executive Director of Europol, the European Union law enforcement agency, for almost a decade. Here he helped established the European Counter Terrorism Centre and the European Cybercrime Centre, and led the transformation of Europol into a world-class security institution. Sir Rob has had a 25-year career in intelligence, policing, government, EU and international affairs, including at the Serious Organised Crime Agency, National Criminal Intelligence Service and the British Security Service. In June 2018 he was awarded a Knighthood by HM The Queen for his services to security and policing. He has worked across a range of pioneering security solutions in technology, data and intelligence operations, including driving new public-private initiatives on cyber security and financial crime in banking and other sectors through the World Economic Forum (WEF) and Institute of International Finance. Sir Rob is also a Board Member of the WEF Centre for Cyber Security and the Global Cyber Alliance.
Organizations are confronted with an increasingly dynamic environment in which technology plays a central role. In his research, he looks at the impact of this digital development on the way security is organized. To survive in the digital age, organizations must change. The need for change is seen but all too often denied, underestimated or forgotten. In his presentation he aims to provide a forecast to this change from a theoretical point of view; learning from “High Reliability Organizations” and he delves deeper into the obstacles that keep organizations from transforming.
Stef Schinagl combines his professional career as an information security & privacy consultant with a PhD research at the VU. He likes to share the first results of his research after interviewing 40 CISOs within large Dutch organizations. Security takes a different position within the digital world. Organizations must change to survive. But why doesn’t this happen naturally?
To guarantee an agile transformation, it is important to think about various themes such as technology, talent development and compliance. But how do you connect compliance and (working in) agile teams? What is “Compliancy by Design”, can it offer a solution and above all; how do you get started with it? Astrid takes you through these questions in an interactive session so that you can immediately take the next step in your organization.
Astrid Karsten is an experienced Agile Consultant. She supervised for example various transformations at KPN, Vitens, Rabobank and the KNVB, among others. In addition, she regularly speaks about Agile, change management and personal leadership. She recently bundled her hands-on experiences, together with three other consultants, in the book “Agile Transforming – A practical approach for structurally accelerating and making organizations agile”
Ronald is a frequent speaker at events, giving insights into the movements of attackers or a broader threat landscape. With over a decade of experience in Cyber Security, Ronald has advised customers on their Cyber Security challenges for several vendors as a trusted security advisor. He advises enterprises on a daily basis on their protection and detection strategies, forensics & security operations. In his role, he encounters the acts of organised hackers at a regular basis, adding to his ever growing cyber security context, which he shares with his audiences.
On Tuesday 27 June 2017, A.P. Moller – Maersk was one of many global companies to be hit by a malware later known as NotPetya. This presentation will discuss the event as it happened and the lessons learned. It will discuss the cyber attack, corporate communication, root cause analysis, financial impact, cyber risks and lessons and the new attack surface on digital and OT.
Stéfan Huyveneers joined Maersk in November 2014 and is in his current role he is responsible for delivering high-quality Cyber Security consultancy within Maersk Technology across all brands of AP Moller-Maersk. Prior to joining Maersk, Stefan was a Manager New Technologies & Security and before that IT-auditor at PwC. He is a tech savvy professional with broad and deep experience in security, risk, project management and audit.
Schiphol Airport is a dynamic ecosystem in which it is essential to have relevant business events available in real time for Collaborative Decision Making. A uniform image of the configuration is crucial here, supported by standardized reporting on the business events. Together this forms the Digital Twin of Schiphol Airport.
Peter Kanbier and Aaldert Hofman are both Enterprise Architects at Schiphol Group, where they represent the architecture for the Asset Management and Operations domains respectively.
In this session, Bart will share his views on how 5G, cloudification, edge computing and software defined connectivity are converging towards intelligent, application-aware, ubiquitous, (secure?), digital platforms.
Bart Oskam (1966) is a management consultant and former member of the board of directors of Eurofiber Group. Before joining Eurofiber, Bart worked as a senior manager at KPN, BaByXL and Tiscali. He is extremely optimistic about the importance of telecom and digital infrastructure for achieving technological, economic and social progress.
How can you increase the cyber resilience of your organization? And how adequately do you respond to a cyber-attack? More advanced cyber threats are testing organizations to adapt continuously.
Based on our knowledge and experience, Aon provides insight into which steps are necessary and are most effective for your organization.
Ralf Willems has been working at Aon Cyber Solutions since 2018 as Managing Consultant and is responsible for customized cyber solutions. He has a background in IT Audit and almost 20 years of experience in risk management and cyber security management. Prior to joining Aon in 2018, Ralf worked for over 7 years as Information Security Executive within KPN’s CISO Office. During his period at KPN, he worked as Chief Information Security Officer for the Social Insurance Bank during an interim period of 6 months. Before this, he worked for more than 8 years at various financial institutions in risk management and information security positions.
We are on the verge of 4th revolution. Digital transformation is disruptive. Digital Transformation is driving the explosion of applications within an enterprise. The race to digital transformation is driving the speed. New business models are being developed. At the same time the number and intensity of cyber breaches are increasing. We Cybersecurity, Governance, Risk and Compliance/audit professionals have no choice but to adapt and innovate. How can we do it? What options are available to us? Attend this session to find out more.
Deepinder (Deep) is Vice President of ISACA London Chapter and works at Verizon as the Head of Security Assurance (UK&I) with Verizon Business Group in the Security Consulting and Advisory Services. He challenges, educates and engages senior stakeholders on many key issues related to cybersecurity and the adoption of new disruptive technologies. He encourages innovative thinking to generate actionable strategies that help business thrive in a volatile, uncertain, complex and ambiguous (VUCA) world while managing their risks.
He believes that actionable intelligence, risk-based quality decision-making significantly enhance the security of systems to prevent, detect, respond and recover from security breaches and data compromises. He has worked with many of the worlds’ largest organisations across numerous industries. Over his twenty-year business career he has worked with FTSE 500 companies, including Xerox and Airbus.
He is an avid speaker and has addressed several conferences and events with wide-ranging topics on Digital Transformation, Cybersecurity, Cloud Security, DBIR, GDPR, Big Data Analytics and Artificial Intelligence.
Deep Post Graduate Diploma in Business Management. He has Executive Education at Harvard Business School Executive and Cranfield University. He holds various industry qualifications including CCISO, CISA, CISM, CRISC, CGEIT, CISSP, ISO/IEC 27001 Lead Auditor.
He is currently pursuing Professional Doctorate in Data Science.
Deep’s voluntary roles include the President/Chair of the ISACA London Chapter. Until recently he also was Country Lead of Women’s Association of Verizon Employees in the UK.
CISOs and CIOs rank phishing among their top 3 concerns for 2020. And for good reason: the #1 cause of breaches is phishing attacks. The overall threat landscape continues to evolve at a rapid pace, with new threat vectors emerging and increasing in sophistication. Listen in to this session and hear how Cofense helps global organizations with the fight and stop phishing attacks in minutes by combining collective human intelligence with powerful threat hunting and mitigation technologies to defeat the phish that are getting through and evading secure email gateways.
Since completing his PHD in AI at Kingston university, Dr Ian Wallace has worked in IT, predominantly in the areas of technical education and IT security. The combination of technical and educational skills has enabled him to successfully build several vendors sales channels from the ground up, in DACH, Eastern Europe and APAC. He is currently employed as a Senior Sales Engineer for Cofense based out of Berlin Germany.
The increasing digitization and the increase in cyber security incidents demand an increase in cyber security resilience. However, are organizations going fast enough to strengthen their cyber security resilience?
In the first place, the question is whether organizations measure and evaluate their current quality of cyber security in relation to their sensitivity to cyber threats.
Secondly, the question is how this representation is received by those ultimately responsible within the organization, how cyber risks are translated into business risks, and how the necessary growth of cyber security measures, in people, processes and technology, is paid for.
Peter Kornelisse has been active for 30 years in the field of Security & Technology. From 1990 to 2014 as IT audit director at KPMG, from 2014 to 2018 as Risk & Compliance director at Booking.com, and since 2018 as Associate Partner Technology Risk at EY.
Peter has also been a senior lecturer in IT auditing for 20 years, now for Auditing Cyber Security. He is also active in NOREA working groups Cyber Security and DIGID.
Blockchain applied to risk management will promote scalability and synergies.
Blockchain is a versatile and programmable platform, that is collaborative, transparent, and unchangeable and allows, through a verification system, the proof of the authenticity of each transaction. This tool presents itself as a platform for the resolution of conflicts, as well as reducing costs and increasing speed.
During the seminar at the Risk Event, we will look at several practical applications of blockchain as a tool for risk management, by presenting an integrated model between different activity sectors. With this facilitator, we can successfully build solutions.
Josina is a blockchain advisor and the first holder of a blockchain Ph.D. in Portugal (according to Renates [National Registry of Theses and Dissertations]). Before starting as an investigator in 2016, she worked for over 20 years in the corporate world as a Marketing & Finance Director and as a Consultant & Advisor for several enterprises.
Organizations want to work and provide (digital) services in a world of open communication via the Internet, cloud, mobile working and mobile devices which means we take the issue of protecting our data and privacy very seriously. If we can reduce security risk we will reduce business risk! This means understanding and managing security risk is a core element of sustaining a secure business environment in digital business transformation, that requires businesses to not only think of security as a business risk, but to act on this too. However, managing risk can create an administrative and bureaucratic nightmare as no one within an organization understands it. Therefore, her motto today is: ‘Less Is More’. During the presentation, Jolanta will provide you some practical tips for business oriented and pragmatic security risk management.
Jolanta Kulicki is Royal HaskoningDHV’s Corporate Information Security Officer. Jolanta is allocated in the office at Amersfoort and has responsibility for the company’s information security, including cyber security. Jolanta provides management direction for information security in accordance with the business requirements, as well as keeping up to data with the relevant laws and regulation. Jolanta also has previous experience in Civill Engineering, Consulting services, Health insurance and Information (Security) Management.
This session will give a clear outline of what ethics are, what risks are (from a philosophical and ethical standpoint), and what Artificial Intelligence is (in broad strokes).
You will get insight on how to ethically implement risky AI in an organisation and how difficult it is for machines to understand humans correctly.
He gained a tremendous amount of experience with the impact on the actual users of the software that he and his team produced. Through Change Management techniques he also helped numerous technical oriented teams to effectively reposition themselves in the organisation around them. And he managed the implementation of risk based information-security policies in quirky organisations.
Courses he teaches are, amongst others, Business ethics, IT-management and Management of organisations.
Together with 7 other European Institutes for Internal Auditors, IIA Netherlands has identified the 10 most impactful risks of 2020. These are based on a survey and interviews of more than 500 Chief Audit Executives.
The report provides you a guide for analyzing the risks in your organization and is therefore a practical tool to focus your activities on the most important risks for your organization.
The presentation will explicitly address the questions that the risk manager and internal auditor should ask themselves and the organization. And thus offers you targeted tools for evaluating the specific risks in your own organization.
Peter Hartog works on developing and sharing knowledge and good practices in the broad field of internal auditing. Before that, he worked for 25 years as an external consultant in the areas of management control, risk management and internal audit, at KPMG and ACS. He is the author of many publications and an experienced teacher (including at the Erasmus School of Accounting & Assurance). He also has experience as a Compliance Manager and Risk Manager.
Networked Risk Management (NRM) is a concept and method aimed at dealing with risk in environments where more and more cooperation is taking place in increasingly chains / networks within the various stakeholders with different interests work together.
The result of applying NRM is an explainable prioritization of risk and helps in communicating risks with different stakeholders. For this we use a model in which we show how risks are related.
At the end of the presentation you will have insight into why, from the networked perspective, joint risks take on a different meaning and which paradigm for risk management is needed to be successful, in a hyperconnected world.
Andre is an expert in the field of cyber security with over 19 years of experience.
He works on issues in the triangle; technology, policy and organization. He’s working on this for Smart Mobility, IoT and Digital security applications.
He is co-author of the TNO publication “Networked Risk Management” and has already worked for the Dutch delegate on the current version of the ISO 31000.
Research shows that most of you scan less than 80% of your entire environment including mapping your attack surface. And in a typical 30-day period, most of you also detect more critical vulnerabilities than you can mitigate. As your attack becomes “surface complex”, how can you effectively tackle the problem of blind spots and the many vulnerabilities?
Topics that will be discussed briefly:
Jerry Zwanenburg is an energetic and creative mind who has been active – with courage and common sense – in the IT sector for 25 years. As a security consultant, he always thinks outside the box and looks for solutions that help customers move forward. After various studies and roles for multiple security suppliers, he has specialized in information security and advises companies involved in digital transformation in the field of security. ‘I see it as my mission not only to advise clients on solutions but also on risks and the relevant context around them.’
Alex Bodryk, CISA, ITIL Expert is a cybersecurity specialist with 10 years experience serving major corporations in cybersecurity sphere (up to 180 000 seats). During his career he took part in projects within SOC, threat intelligence, DevSecOps, identity management and security awareness domains as a client, vendor, VAR, TI and MSS provider.
One of the goals of digital transformation is to use new and fast-changing digital technologies to solve business problems. To gain competitive advantage, optimize resources or increase efficiency via automation are just few examples of why the business focuses and puts priorities on the digitalization.
IT modernization such as using Cloud Computing supports innovation and creativity by enabling flexibility when business and technical operational models are changed, but at the same time exposes the business to a new variety of Information Security (IS) challenges. Our session will be focused on IS risks and benefits when cloud solutions are used.
Jenny Boneva is an Information Security (IS) consultant and also working as Vice President of ISACA Sofia Chapter.
In 2019 Jenny was awarded as one of Europe’s 50 most influential women in Cybersecurity by SC Media UK.
She has more than 14 years of IT and IS experience.
Many successful hacks enter companies through third parties or suppliers. Known examples are Uber, Marriot-Starwood, Maersk, mainly because they have cost hundreds of millions; however, smaller companies also have a complex ecosystem of suppliers that are often digitally linked. Do we have sufficient attention to limit this risk? Is it enough to arrange this contractually? To what extent are we a threat to other companies and does that entail financial risk? The presentation shines a different light on an often underestimated aspect of digital risk for a company.
Koen Gijsbers is former CIO of Defense and General Manager of the IT and Cyber agency of NATO. He is currently supporting start-ups and scale-ups in the cyber domain to grow. Koen Gijsbers is, among others, Board Director of CyNation, a British tech company for limiting risk in the supply chain.
When we over occupy ourselves with the technology itself – the code, the encryptions, the connections – we tend to forget that fraud can rapidly occur by the simple act of “peeling off the face” of a product or service and copying that frontend to another backend.
Designing in environments aimed to mitigate risk, like in this simple example, begs the questions:
Anne-Marie utilises creativity in proposition development for growth as Creative Lead in global projects. Pushing boundaries beyond the common and a keen professional who involves disassociated disciplines like conceptual arts, behavioural psychology (certified behavioural designer), economics, tech (certified growth hacker) and brand communications as interconnected knowledge hubs. Anne-Marie graduated with BA in Business Administration and an MA in Artistic Research in The Netherlands. She has called Shanghai, Mumbai, New York, and Amsterdam home launching numerous successful companies and projects as a founder as well as a freelancing independent for corporates, (social) enterprises and non-profits. She is also Advisory Board Member of UN Women Netherlands.
We spend a lot of money on (network) security, but 94% of breaches starts with attacking people. Are we investing in the wrong components? Where do we start and how do we create visibility and awareness. Where do we start to define our cyber exposure?
Ronald Kingma, founder of Access42, started his career at ING. First as a network engineer and later as a security architect for the online banking platforms. In 2007 he founded ISSX (later Securelabs, part of the Securelink group). ISSX is specialised in ethical hacking and vulnerability management. In July 2016 Ronald departed from Securelabs and founded, together with business partner Jeffrey Jansen, Access42. Access42 puts the emphasis on cybersecurity as the independent interface between people, organisation and technology.