Virtual Conference & Workshop

Super Early Bird Fee
Register and Pay
by 28 Aug ’20
Early Bird Fee
Register and Pay
by 25 Sep ’20
Regular Fee
Register and Pay
after 25 Sep ’20
Non Singapore-registered companies $995 (SGD) $1,095 (SGD) $1,295 (SGD)
Singapore-registered companies (fees include 7% GST) $1,064.65 (SGD) $1,171.65 (SGD) $1,385.65 (SGD)

 

Virtual Conference

Super Early Bird Fee
Register and Pay
by 28 Aug ’20
Early Bird Fee
Register and Pay
by 25 Sep ’20
Regular Fee
Register and Pay
after 25 Sep ’20
Non Singapore-registered companies $695 (SGD) $795 (SGD) $895 (SGD)
Singapore-registered companies (fees include 7% GST) $743.65 (SGD) $850.65 (SGD) $957.65 (SGD)

 

Virtual Workshop

Super Early Bird Fee
Register and Pay
by 28 Aug ’20
Early Bird Fee
Register and Pay
by 25 Sep ’20
Regular Fee
Register and Pay
after 25 Sep ’20
Non Singapore-registered companies $495 (SGD) $595 (SGD) $695 (SGD)
Singapore-registered companies (fees include 7% GST) $529.65 (SGD) $636.65 (SGD) $743.65 (SGD)



Group Discount!
Enjoy 10% off when you register for 3 or more
OR
Register for 5 for the price of 4

IMPORTANT NOTES
  1. Super Early Bird & Early Bird promotion: Discount will only be valid if payment is received by the stipulated date.
  2. Group discount only applies to registrations from the same company, attending the same event in the same country location. Delegates must register at the same time and be of the same billing source. Only a single invoice will be issued.
  3. Only corporate registrations will be accepted.
  4. Bank charges & taxes are to be borne by registrants, if applicable.
  5. Full payment is mandatory upon registration for access to the virtual conference & workshop.
  6. Fee includes event documentation limited to presentation slides only.
  7. The organiser reserves the right to make any amendments that it deems to be in the interest of the event without any notice.
  8. Information provided will be used for event administration and updates on upcoming events. For more details, please visit: http://www.conferences.com.sg/personal-data-protection-statement/

CANCELLATION & REPLACEMENT

A replacement is allowed if registered participants are unable to attend. For cancellations received in writing before 25 Sep 2020, a full refund will be given with a 10% administrative charge. For cancellations received in writing before 5 Oct 2020, a 50% refund will be given together with the event documentation. There will be no refunds for cancellations received after 5 Oct 2020 or “no show” participants. However participants will receive a copy of the event documentation.

In the event of a cancellation, a refund will be made via the original mode of payment and based on the original amount we received. Refund is made based on the prevailing exchange rate and Pacific Conferences shall not be responsible for any foreign exchange currency losses.

Are you Adequately Equipped to Review your Cybersecurity Readiness? 

 “By 2021, a business will fall victim to a ransomware attack every 11 seconds* 

Companies deal with huge volumes of data as they gear towards digitalising their business. While the strategic importance and opportunities of cyber increases, sensitive data is increasingly susceptible to breaches and rapidly evolving hacking tactics. In the light of the Covid-19 pandemic, providing a business infrastructure that can support remote employees is another challenge resulting in greater risk exposure. Coupled with the need to comply with tightening regulations, cybersecurity becomes a growing concern for senior management. It is critical for internal auditors to prioritise cybersecurity preparedness given increased exposure and potential consequences. But how can IA provide assurance with limited technical expertise?  

How to ensure cybersecurity risk management scope is adequate and fit-for-purpose?
How to plan and execute a comprehensive yet detailed cybersecurity audit? 
How to assess the effectiveness of controls, policies and procedures?  

Enhance IA’s Ability to Evaluate & Strengthen Cyber Risk Management  

Join this practical 4-day virtual event to uncover key techniques required to build a complete roadmap to audit cybersecurity. Get updated on the latest developments in the cyber landscape, critical regulations to note and their implications on businesses. Find out how Prudential identifies control deficiencies by testing and how Avnet draws on NIST Cybersecurity Framework to design their audit plan. Gain insights from how HKBN, Octopus Cards, UOB and CapitaLand Group align audit plan to strategic cybersecurity goals. Understand how Bank of China (HK) manages third party risks including how Cloud auditing is conducted. Don’t miss out on the workshop led by Allan Boardman from Cyberadvisor.London to acquire key skills required in the end-to-end process of providing cybersecurity assurance. 

https://www.herjavecgroup.com/wp-content/uploads/2018/12/CV-HG-2019-Official-Annual-Cybercrime-Report.pdf 


  • Day 1 & 2: Hear from Leading Practitioners and Consultants on Best Practices and Pitfalls to Avoid on Managing a Cyber Audit 

Conference Highlights

Trends & Updates

Evolving cybercrime tactics & evaluating emerging technologies

Cybersecurity Audit Strategy

Establish an adequate audit scope 

Implementation of Audit Plan

Draw on International Standards to identify key audit checkpoints

Auditing Controls

Match appropriate controls to identified risks & report on control performance

Third Party Risk & Audit

Monitor third-party performance and develop service-level agreements

Benefits of Attending

  • Examine the role of IA in cybersecurity and how to build cooperative relationships with auditees 
  • Improve your understanding of cybersecurity audit standards and methodology 
  • Learn to leverage international standards to build a pragmatic audit plan  
  • Measure risk levels of threats identified based on likelihood and impact 
  • Discover how to assess technical, procedural, application and general controls with different tests 
  • Evaluate deficiencies in existing controls by conducting a gap analysis 
  • Takeaway strategies to manage vendors effectively in terms of performance, controls and compliance 
  • Obtain skills in writing concise and value-adding audit reports to provide recommendations 
  • Identify key components of a good response & recovery plan in the event of a cyber incident 
  • Design a cybersecurity maturity model to effectively track efforts and improvements made 
  • Find out how industry peers build up capabilities in their audit team 
  • Understand how to assess reports when contracting the services of external auditors 

 

A Fully Immersive 2-Day Virtual Conference Experience

v-icon-01 v-icon-02 v-icon-03 v-icon-06 v-icon-05
 Hear LIVE presentations on leading case studies and common challenges   Participate in virtual networking sessions
with like-minded professionals
 
 Engage in
LIVE Q&A and chats during sessions
with speakers and peers
 
Interact with peers
in real-time
 during intimate breakout room sessions  
 Gain access to
full conference
materials
  

 

 

Speakers

Andrew Ip

Chief Auditor,

Octopus Cards Limited

Daniel Ng

Head of Group Internal Audit,

United Overseas Bank

Jenny Tan

Head of Group Internal Audit,

CapitaLand Group

Tam Man Shan

Head of Audit and Risk,

HKBN Group

Shanmuganathan Arunachalam

Global IT Audit Director,

Avnet

Gary Yiu

Head of IT Audit,

Bank of China (Hong Kong)

Siva Venkat

Senior IT Audit Manager, Group-wide Internal Audit,

Prudential Corporation Asia

Daryl Pereira

Partner, Head of Cybersecurity,

KPMG

Felix Kan

Partner, Cybersecurity & Privacy,

PwC Hong Kong

Luke Ma

Partner, Cybersecurity, Risk Advisory,

Deloitte

Michael Pang

Managing Director, Technology Consulting and Digital Transformation Practices Lead,

Protiviti Hong Kong

Hoi Wai Khin

Director, Business Consulting,

RSM Singapore

Who Should Attend

Mid to Senior level executives responsible for Internal Audit, Risk Management, Governance, Compliance, Cybersecurity Audit 

 

Agenda

  • Virtual Conference

    Day 01

    08.45 Log-in Time

    Time stated in local Singapore time (GMT+8) 

  • 09.00 Chairperson’s Welcome & Ice Breaking Session

    Get acquainted with other delegates in small breakout rooms through an interactive activity  

    Michael Pang, Managing Director, Technology Consulting and Digital Transformation Practices Lead, Protiviti Hong Kong 

  • 09.30 Trends & Updates

    Cyber Threat Landscape – What’s out there and How it is Likely to Impact your Business 

    • Threats and risks faced in current landscape of cybersecurity   
    • Evolving cybercrime tactics such as ransomware, cryptojacking and formjacking   
    • Emerging technology: Artificial Intelligence (AI), Robotic Process Automation (RPA), 5G networks & Blockchain   
    • Regulatory development and implications for organisations – general and industry-specific requirements   

    Luke Ma, Partner, Cybersecurity, Risk Advisory, Deloitte 

  • 10.30 Morning Break
  • 10.45 Cybersecurity Audit Strategy

    Key Considerations for Successful Audit Roadmap to Support Cyber Resilience 

    • Aligning audit strategy to business objectives, cybersecurity goals and evolving cyber threats   
    • Challenges in determining audit scope and how to overcome them   
    • Talent & resource allocation: increasing technical competency of your audit team   
    • Three Lines of Defense: building cooperative relationships with auditees without impairing independence   
    • Contracting services of external auditors: critical factors and how to assess reports  

    Moderator:
    Michael Pang, Managing Director, Technology Consulting and Digital Transformation Practices Lead, Protiviti Hong Kong 

    Panellists:
    Andrew Ip, Chief Auditor, Octopus Cards Limited
    Daniel Ng, Head of Group Internal Audit, United Overseas Bank
    Jenny Tan, Head of Group Internal Audit, CapitaLand Group
    Tam Man Shan, Head of Audit and Risk, HKBN Group
    Daryl Pereira,
    Partner, Head of Cybersecurity, KPMG

  • 11.45 Implementation of Audit Plan

    How Avnet Effectively Performs Audit of Cybersecurity Using NIST Cybersecurity Framework

    • Evaluating Standards and Guidelines of NIST CSF against organisational and audit objectives  
    • Leveraging on NIST CSF to design a pragmatic cybersecurity audit plan  
    • How does Avnet identify key audit checkpoints and evaluate control and regulatory deficiencies  
    • How to write concise and value-adding audit reports to deliver findings 

    Shanmuganathan Arunachalam, Global IT Audit Director, Avnet 

  • 12.45 Fireside Chat with Peers

    Discuss and share key learnings from the Day’s presentations in small groups  

  • Chairperson’s Insights & Analysis of the Day’s Proceedings
  • 13.15 End of Virtual Conference Day 1
  • Day 02

    08.45 Log-in Time 

    Time stated in local Singapore time (GMT+8) 

  • 09.00 Chairperson’s Welcome & Ice Breaking Session

    Get acquainted with other delegates in small breakout rooms through an interactive activity 

    Hoi Wai Khin, Director, Business Consulting,  RSM Singapore 

  • 09.30 Internal Controls (I)

    Auditing Cybersecurity Controls

    • Major differences between IT audit & cyber audit: testing approaches, metrics & KPI   
    • How to match appropriate controls to identified risks   
    • How to assess effectiveness of technical, procedural and application controls   
    • Reporting evaluation of cybersecurity controls to key stakeholders and providing recommendations   
    • Live demo: identifying control deficiencies by testing & how to improve internal controls  

    Felix Kan, Partner, Cybersecurity & Privacy, PwC Hong Kong 

  • 10.30 Morning Break
  • 10.45 Internal Controls (II)

    Auditing Cybersecurity Controls

    • Managing risks: matching appropriate controls to identified risks   
    • How to assess effectiveness of technical, procedural and application controls   
    • Identifying control deficiencies by testing & how to improve internal controls   
    • Key components of a good response & recovery plan: how to respond to incidents quickly and effectively   
    • Reporting evaluation of cybersecurity controls to key stakeholders and providing recommendations  

    Siva Venkat, Senior IT Audit Manager, Group-wide Internal Audit, Prudential Corporation Asia 

  • 11.45 Third Party Risk & Audit

    How to Manage Cybersecurity Gaps Posed by Third Parties and Cloud

    • How to identify third party risk actors and develop service-level agreements   
    • Ensuring auditing rights: monitoring third-party performance, internal controls and compliance efforts   
    • Case study: how to audit the Cloud  
      • Examining security controls   
      • Service metrics and operational resilience   
      • Effectiveness of governance on Cloud use   
      • Compliance with regional-specific regulatory and legal requirements  

    Gary Yiu, Head of IT Audit, Bank of China (Hong Kong) 

  • 12.45 Fireside Chat with Peers

    Discuss and share key learnings from the Day’s presentations in small groups 

  • Chairperson’s Insights & Analysis of the Day’s Proceedings and Conference Closing Remarks
  • 13.15 End of Virtual Conference Day 2
  • Day 3 & 4: Build upon Knowledge Gained in the Conference and Gain Confidence
    to Design your own Cyber Audit Roadmap
     
     

     

    Develop a Practical Audit Roadmap to Deliver Effective Cyber Assurance
    Our 2-day workshop is packed with practical case studies, best practices and useful exercises to help you deliver on your cybersecurity audit approach. Evaluate the best-fit framework for your organisation. Identify critical digital assets and determine risk levels based on probability and impact. Set the scope of review and learn techniques in auditing controls. Finally, build a maturity model to review your overall cybersecurity readiness. 

     

    A Fully Immersive 2-Day Virtual Workshop Experience

    v-icon-01 v-icon-02 v-icon-03 v-icon-05
     Hear LIVE presentation on leading case studies and common challenges  Get real-time answers to your questions throughout the workshop  Interact with like-minded professionals for dynamic exchange of ideas  Gain access to full workshop materials
    and handout

     

    Workshop Leader

    Crisis18-Brian Allan Boardman
    Director
    CyberAdvisor.London Limited, United Kingdom
    IA35-CyberAdvisorLondon

     

    Allan Boardman CISA CISM CGEIT CRISC CISSP is an independent business advisor helping organizations manage their information, technology, cybersecurity and privacy risks. He is a regular presenter and keynote speaker at conferences around the world and regularly runs training courses and workshops on IT assurance, risk, security, and governance topics. He started his career at Deloitte in Cape Town where he qualified as a Chartered Accountant before moving to London in 1986. He has held audit, risk, security and governance leadership positions at GSK, Morgan Stanley, JPMorgan, Goldman Sachs, PwC and KPMG.

    He is a Past President of ISACA London Chapter and has served on ISACA International’s Board of Directors, Strategic Advisory Council, Leadership Development Committee and chaired its Credentialing and Career Management Board, CISM Certification Committee and Audit and Risk Committee. He currently serves on ISACA’s CGEIT Certification Working Group.

    In 2014, Allan received the ISACA Chair’s Award which recognizes an individual who has made an exceptional impact on ISACA or the business technology profession. In 2019 he received ISACA’s Eugene M. Frank Award for Meritorious Performance, which recognizes an individual whose longstanding service in multiple roles, including key volunteer leadership positions, has contributed to ISACA’s global success. He is included in ISACA’s 2018 and 2019 Top-rated Speakers list.

    He volunteered at the London 2012, Sochi 2014, Rio 2016 and PyeongChang 2018 Olympics and Paralympics, the 2019 Special Olympics World Games in Abu Dhabi, and numerous other major sporting events in 2018 and 2019 including athletics, hockey, cycling, cricket, canoeing and F1 racing, and the Glastonbury music festival.

     

    Unique Features

    Introduction to Cybersecurity Frameworks Capitalise on cybersecurity frameworks to create an audit plan
    Cybersecurity Risk Assessment Key steps to conduct a cybersecurity risk assessment
    Auditing Cybersecurity Controls Set your cybersecurity audit objectives based on cybersecurity goals
    Building a Cybersecurity Maturity Model Determine maturity scale and set your maturity level

     

    Past Delegate Testimonials

    “Course conducted in lively and interactive manner. Course material is rich and provides useful information on various frameworks and standards.”

    “Course provides a good overview of the key areas to include in cybersecurity risk management and audit, especially for those who are new to this subject.”

  • Agenda

    Virtual Workshop

    Log-in Time: 2.20 pm
    Day 3-4: 2.30 pm – 5.30 pm(There will be short breaks allocated at appropriate intervals.)
    *Time stated in local Singapore time (GMT+8) 

  • Session 1: Introduction to Cybersecurity Frameworks

    Session will review the main industry control frameworks, standards and guidelines 

    • Leveraging different cybersecurity control frameworks 
      • NIST Cybersecurity Framework 
      • ISO 27001 
      • COBIT 2019 
    • Understanding the role of risk management and internal audit in cybersecurity 
    • Fitting cybersecurity into your operations 
  • Session 2: Cybersecurity Risk Assessment

    Session will cover key steps in conducting a cybersecurity risk assessment 

    • Setting the risk assessment scope: system boundaries and data 
    • Identifying digital assets 
    • Identifying threats, threat actors and motives of the attackers 
    • Vulnerability analysis  
    • Determining risk level based on probability and impact 
    • Existing control identification and gap analysis 
    • Risk response  
    • Risk monitoring and reporting 
    • Incorporating emerging risks into the risk assessment process 
  • Session 3: Auditing Cybersecurity Controls

    Session will cover the approach and techniques to use in conducting a cybersecurity audit 

    • Planning for a cybersecurity audit: key considerations 
    • Setting the audit scope/area of review 
    • Approaches to adopt based on the area of review 
    • Aligning audit objectives with cybersecurity goals 
    • Testing your cybersecurity program based on level of maturity 
    • Contracting the services of external auditors: critical factors and pitfalls to avoid 
  • Session 4: Building a Cybersecurity Maturity Model

    Session will examine the key steps to consider when building a cybersecurity maturity model 

    • Comparison of different cybersecurity maturity models: 
      • NIST 
      • ISO 27001 
      • COBIT 2019 
      • ENISA 
    • Determining maturity scale and setting your maturity level 
    • Leveraging risk assessment and audit findings in cybersecurity maturity assessment