Technology is creating fundamental changes in the role that IS Auditors play within the organization. Beyond the technical skills, IS Audit professionals are expected to understand and demonstrate skills they will need over the next decade in a technologically advanced and changing world.
The ability to determine the deeper meaning of what is being expressed, the ability to connect with others directly and solve complex problems, the ability to form good judgment and make informed decisions are some of the key skills that are required of the IS Auditor in a world of digital disruption.
This presentation focuses on the soft skills that IS Auditors must possess if they are to create, preserve and anticipate value and sustain superior performance.
We live in an age where the news of cyber-attacks and data breaches is no longer news. Institutions of all types and sizes (small, medium, large) are all targets of cyber-attacks.
One of several options institutions have in assessing their cyber-attack resiliency is conducting periodic security assessments to assess their cybersecurity maturity capabilities. One of these assessments takes the form of penetration tests, where testers simulate attacks against an organization, in attempts to compromise their network.
This presentation focuses on methods used in conducting external penetration tests to assess an organization’s external threat exposure. While the presentation is not exhaustive on how to conduct a penetration test, it touches on some key steps a penetration tester may consider during a test.
International standards such as ISO 27001, PCI DSS, NIST among others, consist of common security best practices, which when properly applied can improve the level of security within an organisation. Achieving certification is a big step in the war against malicious actors.
However, these security standards provide a baseline for security. There have been several high profile cases of companies such as Heartland and RBS WorldPay who were certified yet suffered major breaches. Such incidents have stirred up global debates about the effectiveness of various international standards and certifications. Organisations must realise that certification is just the beginning of having a robust security model, not the end.
The objective of this presentation is to provide insight into practices that can be adopted to ensure that compliance becomes part and parcel of any organisation’s culture.
Traditionally, maintaining a hardened perimeter security was enough to protect data centres. Implementing layered security to detect and prevent breaches coming into or out of data centres implied that we could ward off attacks on our infrastructure. The new breed of attacks are more advanced and sophisticated, affecting all layers and segments of the network.
Considering that hackers do not rest in their search of new attack vectors, it is necessary to constantly review and update our lines of defence to prevent their intrusion into our digital environments.
This presentation aims to explore the evolution of attack vectors and threats and how organizations can prepare themselves to deal with them accordingly.
Bank of Ghana launched the Cyber Security Directive for financial institutions in October 2018 to provide a framework for establishing Cyber and Information Security protocols and procedures for Financial Institutions to help them protect themselves against ever increasing cyber-attacks and InfoSec breaches targeting the financial industry in Ghana.
This unofficial Quick Reference Guide is the collective work of a group of cyber security researchers in Ghana that have been assisting banks with complying and adhering to this Act.
The main aim is to inform and educate FIs on some of the key implementations and requirements.
Please note that the intention of this presentation is to provide supplemental information which does not replace or supersede BoG’s directive.
There are different kinds of attacks that organizations face today. These attacks could be external or internal, the latter facilitated through insiders.
Inside threats could emanate from internal staff of the organization like the System & Network Admins, Board members, CEO, CIO, CTO, Senior Managers, External Consultants, Drivers, Cleaners and Auditors amongst others.
Such attacks pose risks that have serious ramifications for the organization including data loss, leakage of confidential data and financial losses.
Organizations can protect against insider threats using different cyber security mechanisms including a proper Policy and governance structure, Network enhancements, Privileged Account and Identity Management systems, SIEM/SOC solutions, Data-Loss Prevention solutions, Encryptions and by creating User awareness.
In this presentation, we shall discuss how organizations can protect against insider threats.
As the role of technology in the financial services sector continues to become even more pervasive and cutting edge, the role of the CISO takes added dimensions. New perspectives of business enablement has become fused into the traditional risk manager jacket.
As information security steadily climbs the corporate conversation ladder and is now part of the board narrative, the role of the CISO has added complexity. The existing demands of being a program/project management, technology expert, relationship counselor, risk manager, executive communicator and business manager has not diminished but rather been accentuated.
This presentation will delve into the current diverse role of the CISO in the financial services sector.
Traditionally, Internal Audit provides assurance to management and the board on the adequacy of internal controls and the operational efficiency of the controls.
This assurance is provided on financial and non-financial operations of the business. With the increasing threat of cyber security, questions are being asked of the role of IA in cyber security.
The proposed topic seeks to highlight the role of internal audit in cyber security.
How can IT security professionals take advantage of Security-as-a-Service to supplement their existing security programs? While cyber-attacks are increasing, your IT budgets and available security staff probably aren’t. You have too little time and too many alerts; and security tools are becoming more expensive and time consuming.
In this presentation, we will explore ways that IT security professionals can leverage Security-as-a-Service options, including: Managed Detection and Response, Vulnerability Management, Patch Management, Managed SIEM, SOC-as-a-Service among others. We will also consider how Security-as-a-Service can add 24×7 coverage and help improve the security posture of your organization.
Risk Management continues to be a value driver for business success. The need for a re-alignment in the thought process around managing risks since the dawn of digital age, cannot be over emphasized.
It is therefore becoming almost impossible to continue to view risk management and compliance in the “old way”, as companies are looking to innovate at the speed of light. Startups have emerged on the backdrop of technology into global companies, disrupting many existing companies and many more conventional companies are being and “will be” disrupted due to the sophistications of technology.
The digital age is becoming a significant value driver in today’s world in terms of cost, platform and experience.
In this presentation, we will briefly highlight the effects of Cybercrime and then establish the use of insurance as a risk management tool.
We will look at which companies need to be covered and outline the features insurance people look out for to pass a company as an appropriate risk.
We will then describe the main areas of coverage that most cyber insurances offer to enable participants appreciate the elements that are typically covered under a policy.
After the session, participants should be able to highlight the key benefits of a cyber liability policy and gauge its relevance to their organizations and clients.