Audits strengthen business operations, yet many organizations are fearful of the process, rather than seeing the benefits of audits. In this webinar, you get better insights in the auditing process and how you can use audits to strenghten and mature your overall risk programme.
GRC: Be Connected! Cybersecurity Activities & Knowledge
26 januari 2021 – Cyber Security Coalition
GRC: Be Connected! – about skills, frameworks and knowledge
A new year, and a new collaborative initiative by the Coalition, ISACA Belgium and the Solvay Brussels School of Economics & Management. In a series of six webinars, several hot topics in the field of cyber security are discussed from a very practical ‘point of view’. In a first webinar, some very basic aspects of cyber security are treated: how to manage necessary skills, what about frameworks, where to find knowledge.
Karel De Kneef, CSO of Swift, points out that ‘people make the difference’, with a consequent need to optimize the talent challenge. He presents his organization’s split between ‘protect’ and ‘transform’ activities, the latter targeting improved security, with a list of specific action points. Most of his efforts are spent on ‘security assurance’ (“policies are fine, but check whether they are correctly implemented”), ‘business support’ (“risk based approach and cooperation with the business”), ‘tools’ (“60+ tools and platforms”) and ‘cyber incident detection and response’. Every single point of attention requires people with appropriate skills, with growing needs of business insight and leadership qualities. It pays not only to broaden the horizons of security experts, but also to recruit people from the business side, with attention to diversity!
As frameworks go, the NIST cyber security framework is the leading standard. Umut Inetas, Manager Security Architecture at Ahold Delhaize, offers specific pointers how to apply NIST to organizations. In particular, NIST is a ‘framework of frameworks’ supported by a multitude of ‘special publications’ (SP’s) and FIPS (US Federal guidelines) covering specific sectors and needs. He discusses the three main components of NIST, in casu ‘tiers’ (implementation), ‘profile’ (from ‘as is’ to ‘to be’) and ‘core’ (strategy and roadmap). And of course how to tackle the five pillars: identify, protect, detect, response, recover. Along with these practical aspects, Umut Inetas also provides an insight as to ‘why NIST’ and its future.
The third presentation, by Vilius Benetis, director of NRD Cyber Security, underlines the usefulness of organizations as ISACA and First.org as sources of knowledge, certifications/certificates and trust. He points out why starting a CSIRT (Cyber Incident and Response Team) is important, and how to be about it.
This webinar focuses on the context of information security through governance, more particularly on the key role of the CISO and the value of COBIT as a digital governance framework for information security activities supported by the presentation of a best practice.
This webinar presents the building blocks of an effective organization-wide risk management and explains the requirements for IT risk management certification.
In this Cyber Talk you gain insights in advanced threats outside your organisation and what you could potentially do to protect you from them.
In the Lustrum Cyber Talk with our Chairman Jan De Blauwe, Marc Goodman looked back on the past five years' technology evolution through a unique wide-angle lens of cybercrime.