Welcome Reception | Sunday 10 September 2017

The ISACA Canberra Chapter will be hosting welcome drinks for all delegates attending the Oceania CACS Conference. The Reception will feature a Keynote Address from Gai Brodtmann MP, Federal Member for Canberra, Shadow Assistant Minister for Cyber Security and Defence Personnel.

6:30pm – 7:30pm | QT Hotel, Canberra


Opening remarks from the Chair


Keynote | Keynote Address – Australia’s Cyber Security Strategy

Alastair MacGibbon talks about Australia’s Cyber Security Strategy and how we can connect the government and business entities that know they have cyber security problems with the Australian start-ups and small businesses that are producing innovative solutions.

Alastair MacGibbon, Special Adviser to the Prime Minister on Cyber Security, Department of The Prime Minister and Cabinet


Keynote | Keynote Address

Mike Trovato, Managing Partner, Cyber Risk Advisors, Board Member, ISACA Melbourne Chapter


Networking and refreshment break


11:00 Surviving the Rise of Cybercrime

  • What does today’s threat landscape look like?
  • Who’s behind current scams, and what are their most effective tactics?
  • What companies can do today to mitigate risk (best-practice policies, how to protect your business data given today’s increasingly mobile workforce)

Bill Rue, Chief Technology Officer, MailGuard

11:30 The impact of technology on the work of the Ombudsman

Modern governments rely on technology to serve, preserve and observe the public interest. Citizens want better services faster and outcomes that are fair and reasonable. Responsibility for providing independent oversight of government agencies is a key role for the Commonwealth Ombudsman.
Technology has had an impact on how ombudsman offices work and what they focus on. But, in doing so, the impact of technology has revealed something special about the evolving nature of what citizens value in the technology age.

Rodney Lee Walsh, First Assistant Ombudsman, Commonwealth Ombudsman Office


11:00 Audit & Social Media

  • Risks arising from social media
  • Risk Assessment framework
  • Internal & external generators of social media
  • Hybrid generators of social media

Stephen Coates, Director, Assurance Advisory Group

11:30 Business Continuity Planning: Hope for the best … Plan for the worst

  • A business continuity plan is not a one-size
    fits all document and requires consideration
    of an organisation’s risk profile. We will
    discuss key considerations in getting the
    planning right so that the plan delivers
    maximum value to the organisation
  • Embedding the business continuity plan
    within the organisation takes effort. We will
    provide some strategies that can assist and
    improve the likelihood that the plan will be
    effective when needed
  • What can go wrong when activating a plan?
    We will walk through a case study and
    discuss lessons learnt that are relevant to
    all organisations

Ian Turnbull, Executive Manager, Synergy Group


11:00 Government Address

Sandra Ragg, Assistant Secretary, Cyber Policy, Department of the Prime Minister and Cabinet

11:30 Shaping the disrupters – the role of higher education in a trusted cyberspace

  • Delivering practical skills built on embedded critical & strategic thinking
  • The role of a secure cyberspace in Australia’s economy
  • How to manage the ethics of competing technologies

Michelle Price, Chief Operating Officer,
Australian Cyber Security Growth Network


PANEL DISCUSSION | Developing Women in Technology

  • Career support, advancement and sustainment
  • Attracting more women into the technology professions
  • Enhancing leadership development, training and educational opportunities

Ms Gai Brodtmann MP, Federal Member for Canberra, Shadow Assistant Minister for Cyber Security and Defence Personnel (Tentatively Accepted)
Michelle Price, Chief Operating Officer, Cyber Security Growth Network
Lynwen Connick, Chief Information Security Officer, ANZ Bank
Anne Lyons, CIO & Assistant Director General, Information Policy & Systems, National Archives of Australia
Facilitator: Jo Stewart-Rattray, Director of Information Security & IT Assurance, BRM Holdich, Director, ISACA International Board of Directors


Lunch and networking break


14:00 Stemming the Ransomware tide

  • Ransomware are Cybercrime have overtaken illicit drugs as a contributor to the black economy, with 1 in 5 emails potentially containing Ransomware according to industry statistics
  • The ASD has released their “Malicious Email Mitigation Strategy” whitepaper, and with Australia being in the top 3 targetted countries worldwide for this type of attack, it is a key part of any organisation’s cyber defence strategy
  • In this session, we will explain the way attackers are evolving their attacks, how to prevent, not just detect these exploits, and how to address the recommendations in the ASD whitepaper

Keith D. Holtham, Emerging Technologies Lead, Check Point Software Technologies

14:30 Risk Transformation: Theory and Practice

  • Integrating Risk, Security and Compliance
  • Improving Risk Management productivity
  • Risk Management technology directions

David Vohradsky, Director, Cyberisk Australia, Director, ISACA Sydney Chapter


14:00 Auditing compliance with the Australian Privacy Principles

This presentation will help you assess whether you are taking steps that are reasonable in the circumstances to protect any personal information your organisation holds, to understand potential issues with de-identification, and to ensure your processes cover the recent changes to the Privacy Act.

Stephen Boyd, Senior Consultant, UXC Saltbush

14:30 Cloud Enablement and Governance

  • The role of IT leaders, business leaders in enabling risk-aware cloud usage
  • The role of governance, risk and audit functions in supporting usage of cloud services
  • How to integrate cloud governance with security governance and IT governance models

Adam Wood, Senior Manager, PwC


14:00 Right Projects. Right Way. Right Results – Building project, program and portfolio management capabilities in the Australian Taxation Office to deliver business outcomes

  • The cultural change within the ATO – moving from unco-ordinated, organisational unit focused project demand to a strategically driven portfolio prioritised to deliver business value and the Reinventing the ATO outcomes
  • How to bridge the Knowing – Doing gap – putting good practice value management disciplines in place in a real and meaningful way
  • Lessons and experiences from the journey to date

Brad Grey, Senior Director, ATO Enterprise Portfolio Office, ATO Portfolio Management (EPMO), Australian Taxation Office
Peter Harrison, Principal, Value Management Consulting

14:30 How to Get Security Ready for the IoT Tidal Wave

  • How to apply existing cloud security governance principles to IoT and SCADA in the cloud
  • Understand unique risks of IoT identified by working closely with Operational Technology specialists
  • See a practical example of balancing performance with conformance in terms of IT security and service assurance when rapidly building a smart water network

Bob Smart, IT Security Lead, SA Water Corporation


Network and refreshment break


PANEL DISCUSSION | Navigating digital disruption – An assurance perspective

The age of digital disruption is upon us and organisations are changing rapidly. This panel will explore how the assurance and audits functions can keep up.

Tracey Lawrance, Head of GRC and Resilience, Airservices Australia
Stephen Doyle, Director Internal Audit, Department of Agriculture and Water Resources
Mark Harrison, Managing Director, Protiviti
Anil Bhandari, Chief Mentor, Arcon


PANEL DISCUSSION | Trust and Governance in Digital Economies

The panel will explore the role of blockchains in trust and governance in our emerging digitised economy from the point of view of two eminent lawyers working with the technology. They will discuss the legal and assurance implications of its current and potential uses.

Facilitator: Rob Hanson, Senior Research Consultant, Data61 Insight Team, CSIRO
Scott Farrell, Partner, King and Wood Mallesons
Dr Phllipa Ryan, Founding Member of UTS Blockchain Creative Cluster, Lecturer Faculty of Law, UTS


Closing remarks from the Chair


End of Day 1


Opening remarks from the Chair


Keynote | Keynote Address

Matt Loeb, Chief Executive Officer, ISACA


Keynote | Keynote Address

Anne Lyons, CIO & Assistant Director General, Information Policy & Systems, National Archives of Australia


Sponsor Address

Mark Harrison, Managing Director, Protiviti


Networking and refreshment break


11:30 Cyber Resilience – the Auditors’ Perspective

In line with its ‘digital first’ initiatives, the government has elevated cybersecurity from a technological to a strategic issue. Through a series of audits covering eleven Commonwealth government agencies, the ANAO has identified some common practices and behaviours exhibited by entities that are successfully managing cybersecurity at that strategic level. In this presentation, Rona will share insights into what it takes to be cyber resilient.

Rona Mellor, Deputy Auditor General, Australian National Audit Office

12:00 The Dark Web, should you truly trust no-one?

The Dark Web is regularly seen as the seedy underworld of the internet. Yet despite this, has been able to operate as both an efficient marketplace and information sharing service for all kinds of people. How does this all work when many of the users are criminals? It is all based on trust.
In contrast, agencies and corporations with shared goals in tackling the Dark Web have traditionally shown little trust and co-operation.


11:30 Riding the waterfall: IT governance in public service project management

  • The pragmatic application of governance standards
  • Lessons learnt in managing major projects
  • When and how Agile project management can work

John Sheridan, First Assistant Secretary Technology & Procurement Division, Department of Finance

12:00 Compliance in a fast moving world

  • How Agile development impacts on your compliance risk
  • Why DevOps is a good thing for change management
  • What are some of the lessons learned from our 1st year of compliance

Guy Herbert, Head of IT Risk and Compliance, Atlassian


11:30 It’s not just about numbers: data analytics of structured and unstructured text

Status Quo: Many auditors use well-founded tools to conduct analyses such as the review of journal entries or search for duplicate payments. These auditors are comfortable with structured data. But what about the immense amount of data that sits within text fields, without meta data tied to those fields little effective analysis is performed.

Challenge: The challenge is to bring structure to unstructured data, and analyse the unstructured data which lies buried within.

Opportunity: There are ways to tackle this data challenge. Using the right tools we can now extract insights form service desk tickets, twitter feeds, reports and more.

David White, Director, Survey Design and Analysis Services

12:00 COBIT 5 in Risk Management

Paras Shah, Practice Lead, Strategic Advisory, Vital Interacts


Lunch and networking break


Keynote | Keynote Address – The National Cyber Security Strategy, how it works on the other side. A tale from government to private sector

  • Challenges and opportunities facing industry
  • The criticality of a holistic approach to cyber security
  • What is required and possible in a challenging and evolving ecosystem

Lynwen Connick, Chief Information Security Officer, ANZ Bank


14:10 Trust is the only true protection in cyber defence

  • Who do we trust the most or the least, insourced or outsourced?
  • Trusted Partners?
  • Trusted technology?

Scott Ainslie, Regional Director, ANZ, Financial Services ISAC (Information Sharing and Analysis Centre)

14:40  40 Sometimes, Assurance is no Comfort!

With increasing emphasis on the management of risk within available resource constraints, senior executives and boards are seeking assurance that controls are implemented and working as designed. This presentation will discuss the use of the word ‘assurance’ in organisations and how assurance outcomes are provided.

Stephen Doyle, Director Internal Audit, Department of Agriculture and Water Resources


14:10 Maximising value and building trust in your digital supply chain

  • Strategies in mitigating risk in a multivendor supplier network
  • Integrating capability panels using skills management
  • Latest trends in supplier management and service integration

Simon Roller, Director and Principal Consultant, BSMimpact

14:40 Either you are looking to Automate or you are getting Automated

  • Robotic Process Automation (RPA) is the
  • next biggest technology to impact business
  • Help automate manual processes with RPA
  • How RPA translates into efficiency

Gavin Steinberg, Managing Director, Satori Group


14:10 What do we mean by next generation security operations?

As cyber threats continue to evolve, traditional cyber defences that may have worked in the past become much less effective. At the same time we are also seeing increased variety of connected devices, volumes of data and velocity of change. As a result many organisations are looking at establishing “Advanced security operations”, or “next generation security operations” but what does this mean? This talk will examine the challenges for next generation security operations, and some proposed solutions – using an intelligence-led approach as part of a risk management framework.

Rajiv Shah, Director – Cyber, Intelligence and Security, BAE Systems Applied Intelligence

14:40 Constant Innovation without Constant Capital Expenditure

  • Shedding light on how companies can get the best solution through choice, and less vendor lock in
  • Demonstrating how cloud security services are able to adopt new technologies, such as improved threat protection, without waiting for an upgrade cycle
  • Exploring a case study of success with cloud security adoption by the New Zealand Government

Richard Brown, Managing Director, Cogito Group


Network and refreshment break


PANEL DISCUSSION | How do we handle the next big data breach

The next major data breach is a matter of when not if. With the recent introduction of mandatory data breach legislation, the question of how an organisation responds will be discussed in this panel.

Facilitator: Jo Stewart-Rattray, Director of Information Security & IT Assurance, BRM Holdich, Director, ISACA International Board of Directors
Bill Rue, Chief Technology Officer, MailGuard
Lynwen Connick, Chief Information Security Officer, ANZ Bank
Anne Lyons, CIO & Assistant Director General, Information Policy & Systems, National Archives of Australia


PANEL DISCUSSION | Digital Transformation, the impact on managing risk

  • What are the risks in digital transformation?
  • How do we ensure these risks are being managed?
  • How do we prevent risk management stifling innovation?

Facilitator: Ewen Ferguson, Managing Director, Protiviti
Kevin Tham, Information Security Manager, Tyro
Guy Herbert, Head of IT Risk and Compliance, Atlassian
Stewart Mantell, Head of Audit, Consumer, Business and Operations, Westpac


Closing remarks from the Chair


End of Conference

Gala Dinner | Monday 11th September 2017

One of the main highlights of ISACA CACS, the Gala Dinner is a sumptuous sit-down event attended by delegates, sponsors, exhibitors, speakers and other attendees; offering a chance to truly solidify business relationships in an informal and enjoyable environment.

6:30pm – 10:30pm | Peninsula Room, National Museum of Australia