Presentazione standard di PowerPoint


Presentazione standard di PowerPoint
An ISACA VENICE Chapter conference in collaboration with
20 May 2016 Trieste
From 9:00 to 13:30
Welcome speech
Threat Landscape
Perspectives and Predictions
for 2016
Cyber Risk Management,
from the CSIRT to the Board,
and Back
Vladimir Nanut
Marco Salvato
MIB School of
Mo Cashman
Director, Enterprise Architecture
Intel Security
Andrea Zapparoli Manzoni
Head of Cyber Security
KPMG Advisory
Coffee break
Surviving as a security leader
in the cyberspace era
Responsive Risk
Management, a new
Supporting Cybersecurity
with ISACA
Closing speech
Andreas Gaetje
Head of Group IT Risk & Security
Assicurazioni Generali
Francesca Gomez
Senior Manager Digital Risk
Deloitte LLP
Mauro Bregolin
CSX Trainer, Board of Directors
Marco Salvato
Threat Landscape
The intervention will review a number of industry security trends, including McAfee Labs
Perspectives and
Q1 Threat Report information, and provide some insight into the necessary security
Predictions for
outcomes for building a resilient enterprise in the face of the threat landscape.
Since the rising frequency and complexity of cyber-attacks now represents a real threat
Cyber Risk
to an enterprise profitable existence, effectively managing cyber risks has now become a
strong competitive advantage.
from the CSIRT to Firms should adopt a company-wide boardroom-backed cyber readiness program, aided
the Board, and
by robust cyber governance and incident management structures and reinforced by
training and testing from the bottom-up, in order to develop an effective cyber risk
management process.
Surviving as a
This session shows how to develop and direct information security programs and
security leader in
activities and how to bridge the gap between business needs and risks.
the cyberspace era
Digital has changed how organisations do business and the risk landscape that they now
operate in. The fast pace and high interconnectivity of digital is characterising the
likelihood and impact of risks facing the business and controls to manage these need new
characteristics if they are to operate effectively. Integrated controls design, business
Responsive Risk
enablement and continuous risk management are becoming key to managing risk in a
Management, a
way that supports an organisation’s execution of its digital strategy. By looking at a series
new approach
of practical examples at digital product development we will explore how different
organisations are adapting their risk management approach for digital. We will define
principles for an approach to control design to manage risk in digital and look at practical
ways of embedding these in an organization.
Cyber security threats are on the rise - be they related to services on the web, mobile
apps, wearables, the Internet of Things, data delocalization (the cloud), blurred
perimeters (corporate life vs. personal life). Think of big data, geolocation tracking,
Cybersecurity with
pervasive surveillance / espionage, rampant malware, privacy issues. A seemingly
endless proliferation of technologies, an ever-increasing number of vulnerabilities and
the commoditization of the exploitation process further complicate the picture. How do
we cope with such a shifting landscape threat?
Mo Cashman is the Director of the Enterprise Architecture team at Intel Security.
He has over 15 years’ experience designing, implementing and managing cyber
security solutions for large government and enterprise customers globally. In his
Mo Cashman
current role, Mo advises large customers in Government, Finance, Service
Director, Enterprise
Providers and Critical Infrastructure on security transformation and business
resilience. In previous roles, Mo was the Chief Security Officer for the Global
Public Sector team at McAfee and just prior to joining McAfee, lead the
Computer Security Incident Response Team for the US Defense Department in
Andrea Zapparoli Manzoni has 16 years of professional experience in ICT Security
Member of the Board (since 2012) for CLUSIT (Italian Association for Information
Security). Member of the Board (since 2011) for Assintel (Italian Association of
ICT Companies) and chairman of the ICT Security WG. Board Advisor for CSCSS
(Centre for Strategic Cyberspace + Security Science – London). Lecturer for CLUSIT
on topics like Social Media and Mobile Security, Cybercrime, Cyber Intelligence,
Andrea Zapparoli
Incident Handling. Lecturer at the Italian "Master in Homeland Security" (for
civilian and military officers). Lecturer at the NATO RSSCD (Regional Summer
Head of Cyber Security School on Cyber Defense). In the last 15 years, lecturer and speaker at hundreds
of conferences both in Italy and abroad on Cyber Security topics. Co-author of
several white papers, i.e. Italian National Health Records, Return on Security
Investment, Social Business Security, Online Cyber Frauds. Co-author of CLUSIT's
yearly "Rapporto sulla Sicurezza ICT in Italia" (since 2011). Co-author of the
Italian "Framework Nazionale di Cyber Security" - 2015. Since 2014 he is Head of
Cyber Security Services for KPMG Advisory in Italy.
Andreas Gaetje, CISA, CGEIT is Head of Group IT Risk and Security in Generali. He
manages global security standards and coordinates security activities. As from
Andreas Gaetje
April 1st, he is additionally responsible for Security and Identity Management in
Head of Group IT Risk &
Generali Infrastructure Services. Andreas has more 14 years of experience in
Insurance business and held several positions mainly focused on Governance,
Auditing and Security. He is member of ISACA Germany Chapter
Francesca Gomez is a digital risk specialist who brings together a background in
innovative technology and risk management to find practical solutions to
risk in the digital era. From designing controls for fast moving key
Francesca Gomez
strategic digital partnerships to managing large scale remediation plans,
Senior Manager Digital
Francesca has seen how control design can make or break a business. Now
helping clients manage their digital risk at Deloitte, she will be sharing her
experience and first-hand knowledge on how to build a risk management
framework that supports a digital business.
Mauro Bregolin, CISA, CRISC, CSX Trainer, QSA, PA-QSA, serves in the Board of
Mauro Bregolin
Directors of ISACA VENICE Chapter where he coordinates CSX training, and has 25
CSX Trainer, Board of
years of industry experience, 15 in information security. His primary focus of
interest is application security. He is primarily involved with application auditing
and PCI DSS auditing services.
Who Should Attend?
IT audit, assurance, security, cyber security, control and governance
professionals, consultants, IT Risk Manager, Operational Risk Manager,
students and new graduates.
Manager, Responsabili organizzazione, Professionisti nel settore IT, Auditor, IS
Auditor, Addetti ai Sistemi Informativi, Addetti alla Sicurezza delle
informazioni, Responsabile della sicurezza delle informazioni, Consulenti, IT
Risk Manager, Responsabile Qualità dei Dati, Responsabile Rischi Operativi,
Studenti universitari o Neolaureati.
L’evento sarà in lingua inglese - The event will be held in English language
Sede: Palazzo Ferdinandeo - MIB School of Management - L.go Caduti di
Nasiriya 1 - 34142 Trieste.
Data: venerdì 20 Maggio 2016
Orario: 09:00 – 13.30
Partecipazione gratuita previa iscrizione soggetta a conferma. Inviare la
scheda di adesione a [email protected] entro il 15 Maggio 2016.
L’evento permette di acquisire 5 ore CPE per le certificazioni CISA, CISM,
Evento in collaborazione con:
Realizzato grazie a:
Con il patrocinio di:
LA PARTECIPAZIONE È GRATUITA per l’iscrizione compilare la scheda e inviarla a
[email protected]. Per motivi organizzativi i partecipanti saranno avvisati con mail di
conferma. ISACA VENICE Chapter si riserva la facoltà di apportare qualsiasi modifica al
programma dell’evento.
ISACA – Information Systems Audit & Control Association
As a nonprofit, global membership association for IT and information systems professionals, ISACA is
committed to providing its diverse constituency of more than 140,000 professionals worldwide with the
tools they need to achieve individual and organizational success. The benefits offered through our
globally accepted research, certifications and community collaboration result in greater trust in, and
value from, information systems. Through more than 200 chapters established in more than 80
countries, ISACA provides its members with education, resource sharing, advocacy, professional
networking, and a host of other benefits on a local level.
ISACA’s constituency is characterized by its diversity. The global community of ISACA members and
certified cover a variety of professional IT-related positions—some of which include IS auditor,
consultant, educator, IS security professional, risk professional, chief information officer and internal
auditor. Some are new to the field, others are at middle management levels and still others are in the
most senior ranks. ISACA constituents work in nearly all industry categories, including financial and
banking, public accounting, government and the public sector, utilities and manufacturing.
Members rely on ISACA for resources that enhance their skills, expand their professional knowledge and
connect them with a vibrant community of peers.
ISACA VENICE Chapter è un'associazione non profit costituita in Venezia nel novembre 2011 da un
gruppo di professionisti del Triveneto che operano nel settore della Gestione e del Controllo dei Sistemi
Riunisce coloro che nell'Italia del Nord Est svolgono attività di Governance, Auditing, Controllo e Security
dei Sistemi Informativi promuovendo le competenze e le certificazioni professionali sviluppate da ISACA.
L'associazione favorisce lo scambio di esperienze, promuove un processo di sensibilizzazione di tutti i
livelli organizzativi aziendali alla necessità di stabilire adeguati criteri di controllo sia di affidabilità
dell'organizzazione sia di sicurezza dei sistemi.
Maggiori informazioni su
• Honorable mention per il K. Wayne Snipes Best Chapter Award 2015
• Communications Commendation 2015.
Scheda di Iscrizione da inviare a [email protected] entro 15.05.2016
Enabling Business Security
20 May 2016 Trieste
Per motivi organizzativi i partecipanti saranno avvisati con mail di conferma.
MIB School of Management
Largo Caduti di Nasiriya 1 - 34142 Trieste [email protected] tel. +39 040 9188111 - fax +39 040 9188112
Coordinate GPS: 45.645391,13.810564
In automobile:
Trieste è raggiungibile in automobile, utilizzando l'autostrada A4 da Venezia-Mestre o l'autostrada A23
da Tarvisio-Austria, con uscita obbligata al casello del Lisert.
Dopo il casello:
- Proseguire per l'autostrada attraverso l'altipiano carsico fino all’uscita Trieste Centro (circa 25 km).
- oppure prendere l'uscita di Sistiana-Strada Costiera, strada panoramica ma più trafficata che conduce
in centro città (km 18).
Dopo il casello di Lisert:
Continuare lungo l’autostrada fino all’uscita "Cattinara" e proseguire tenendo la destra in direzione
"Cattinara - Centro Città". Passata la rampa e lasciato sulla sinistra il bivio per l'ospedale di Cattinara, si
prosegua diritti per circa un chilometro fino a raggiungere sulla destra il parco e il palazzo del
Ferdinandeo, complesso ottocentesco color ocra, sede della Scuola.