Agenda
09:10
Opening Keynote Address: Cybersecurity Governance in a Digital Era
Tichaona Zororo, Digital transformation & innovation advisory director, Enterprise Governance of IT (Pty) Ltd
10:10
Exploring South Africa’s dire security posture
Dr Jabu Mtsweni, Head of Information and Cyber Security Centre and Chief Researcher, Council for Scientific and Industrial Research (CSIR)
South Africa's cybersecurity landscape faces significant challenges, as highlighted by the Council for Scientific and Industrial Research (CSIR) in its national cyber security report. This presentation will provide an in-depth analysis of the current security posture in South Africa, examining the vulnerabilities, threats, and systemic issues that contribute to the country's cyber insecurity. Attendees will gain insights into the report's findings, which reveal trends in cybercrime, the effectiveness of existing security measures, and the urgent need for a cohesive national strategy to enhance cybersecurity resilience. Dr Mtsweni will: |
|
11:00
Third-Party Risk Management: Managing risks associated with third-party vendors and suppliers, including due diligence and monitoring.
Jabulani Hugh Hlatshwayo, Deputy Director-General (DDG)/CIO, Department of Justice and Constitutional Development
In an increasingly interconnected business landscape, managing risks associated with third-party vendors and suppliers has become a critical component of effective risk management strategies. The speaker will delve deep into: |
|
11:30
Panel discussion: Clearly defining and communicating GRC roles and responsibilities within the organisation
Nathan Desfontaines, founder and MD, CyberSec
Bella Sekhwela, Internal Audit Manager – Strategic Initiatives Assurance, Discovery Bank
Adv Dirontsho Mohale, Group Data Privacy Lead, Standard Bank
James Francis, writer and ITWeb Brainstorm contributor
Makabongwe Siziba, CIO, Fasset (Finance and Accounting Services Sector Education and Training Authority)
The panel discussion explores the importance of clearly defining and communicating GRC roles and responsibilities within an organisation to ensure alignment, accountability, and effective decision-making.
Key Discussion Points:
- Clarifying GRC Roles and Structures: How to define the various roles within the GRC framework and establish clear boundaries and responsibilities to prevent overlap or confusion.
- Effective Communication Strategies: Best practices for ensuring that GRC roles and responsibilities are effectively communicated across all organizational levels to ensure understanding and buy-in.
- Accountability and Ownership: How clearly defined roles contribute to improved accountability, with each stakeholder understanding their specific responsibilities and the consequences of non-compliance.
- Integrating GRC into Organizational Culture: Ways to embed GRC responsibilities into the company’s culture, ensuring that every employee is aligned with the organization’s overall risk management and compliance goals.
13:35
Fortifying Fintech: Innovations in Establishing and Sustaining a Robust ISMS
Kurt Dodgen, Senior: Business Information Security Officer, Sanlam
Steve Jobs remarked that people who think that by simply coming up with a great idea is 90 per cent of what’s required to solve a problem. He concluded that that it is not so – the devil is in the subtle details and the success of an idea in solving a problem lies in the efficient execution of a well-thought-out process to get the idea realised. He was speaking in terms of product innovation.
These wise words resonate deeply with me and should for security professionals crafting cybersecurity strategies or implementing information security plans. At Sanlam, we recently established a FinTech business unit with the sole mandate to reach new markets and generate new revenue streams at an accelerated pace using digital distribution and data as a strategic enabler.
In an era inundated with reports of data breaches and cyberattacks, the imperative for cyber professionals is unmistakable – the rapid evolution of digital platforms brings with it significant cyber risks that demand risk response.
In this paper I answer some important questions and reflect on Sanlam’s approach in response:
By exploring these questions and sharing insights from our journey, this presentation aims to equip fellow industry professionals with actionable strategies tailored for FinTech businesses against evolving cyber threats.- What approach do we take to determine our target state of cyber security for our new Fin Tech business and why? Maturity versus Risk?
- We know that the end state is to mitigate residual cyber risk within tolerable levels, but how can we do this and what do we prioritise (a la Steve Jobs, focusing on the subtleties)?
- Without doubt, a FinTech will be well staffed with technologists, product experts and data scientists. As security professionals, how do we come to the table as respected security experts and influence them effectively?
- How will we know we are doing the right thing to control our cyber risk as we innovate, what do we measure and why? How will we foster accountability?
- Lastly, how do we pull this all off without a dedicated security budget and how do we sustain what we’ve implemented and ensure we improve?
14:05
Governance for a cyber secure world: A perspective of cybersecurity awareness
Pranisha Rama, Auditing, Governance and Ethics Lecturer| Cyber Security Awareness Researcher|Cyber Security Education, University of Johannesburg
- Practical cybersecurity awareness tools that can be used in an organisation;
- Steps to aid in policy development around cybersecurity awareness; and
- Integration with Organizational Culture through effective governance.
15:00
Integration of AI in internal audit and its impact in organisational performance
Muvhango Livhusha, Vice President, ISACA South Africa
Organisations need to harness the power of advanced technologies such as Artificial Intelligence (AI), Generative AI (GenAI), and automation to strengthen their risk management practices. This presentation will delve into how these technologies can transform traditional risk management approaches, enabling organisations to identify, assess, and mitigate risks more effectively and efficiently.
Attendees will learn about the practical applications of AI and automation in risk management, the benefits of leveraging GenAI for predictive analytics, and the importance of integrating these technologies into existing frameworks to drive better outcomes. By adopting a forward-thinking approach, business entities can enhance their resilience, improve decision-making, and gain a competitive edge in the market. Among other issues, the speaker will:- Explore how AI and automation can streamline the process of identifying and assessing risks by analysing vast amounts of data in real-time.
- Examine the role of GenAI in creating predictive models that simulate various risk scenarios, allowing organisations to forecast potential outcomes, enabling proactive risk management and better resource allocation.
- Delve into how automation can improve efficiency in risk mitigation strategies by automating routine tasks, such as compliance checks and reporting.
- Highlight the importance of a structured approach to integrating AI and automation into existing risk management frameworks.
15:30
The future of cybersecurity: building a unified human risk management strategy for CISOs and security leaders.
Brian Pinnock, Vice President, Sales Engineering, EMEA, Mimecast
Join Brian Pinnock, Mimecast Vice President, Sales Engineering, EMEA, for a deep dive into advancing your organisation’s security strategy with a unified human risk management (HRM) strategy. As attackers are increasingly targeting humans as the weakest link in the security chain, learn how integrating email security and insider risk management protects users and sensitive company data, bridging the gap between external threats and internal vulnerabilities addresses.
13:35
Strengthening cybersecurity through effective IT audits
Letlhogonolo Moroeng, Divisional Head - Internal Audit: Business Solutions, Technology & Projects, South African Reserve Bank
14:05
Navigating data residency and sovereignty compliance in South Africa
Kenneth Palliam, President, ISACA South Africa
15:00
Threat Exposure Management | What? Why? How?
Stephan Krynauw, CTO, Snode
Managing risk by managing exposure. At Snode we've been going back and forth looking for a solution to the Cyber problem we face, in this talk we'll dive deeper into an often overlooked layer of defence, threat exposure management.
In this talk we will cover:
- What is CTEM (Continuous Threat Exposure Management)
- Why is it a key component in a risk management strategy?
- How can you start?
15:30
Information integrity in the era of mis- and disinformation: Lessons from South African media
Dimitri Martinis, Lead Author | Senior Media Consultant, South African country report:Artificial Intelligence in the Information and Communications Space | MCM Media
Developing guardrails and policy for Artificial Intelligence (AI) for the media sector in South Africa poses unique regulatory and technical challenges. AI has so far proved to be a tool that enhances media and journalism. AI also poses significant challenges as mis- and dis-information proliferates with the use of AI.
- What kind of policy and regulation do we need for the governance of AI systems in the information space?
- How do we define information integrity to develop a secure environment for media and journalism to thrive in the Information Age?
- Is policy and regulation sufficient to protect consumers and developers from the risks posed by of AI systems?
- How do we find a balance between protecting users of AI without stifling innovation?
16:10
Closing Keynote Address: Strategies for success in managing emerging regulatory landscapes
John Giles, Managing Director, Michalsons
- The importance of establishing robust systems for tracking regulatory changes and emerging trends including leveraging technology and analytics to stay informed about new regulations, compliance requirements, and industry standards, allowing businesses to adapt quickly and effectively.
- Strategies for conducting thorough risk assessments to evaluate the potential impact of regulatory changes on the organisation.
- The necessity of fostering collaboration among various departments—such as legal, compliance, finance, and operations—to create a unified approach to managing regulatory challenges.
- The importance of implementing regular training programs to help build a compliance-oriented culture and equips staff with the knowledge to navigate evolving regulatory landscapes successfully.
