Information Security in the realm of Enterprise Architecture – 25 February 2014

Information security solutions ensure the integrity, availability and confidentiality of information systems but are often designed and implemented on a tactical basis, i.e. requirements lead to a specification and a solution is procured to meet the requirements.

A business-driven enterprise architecture approach to information security means that the strategic dimension is included in the approach and the organisation is protected against a mixed bag of silo solutions and supports the long-term needs of the business.

Security architecture within the realm of enterprise architecture is to ultimately ensure that information security controls and management are appropriate to the risk and that the cost of implementation of controls is commensurate with the benefit provided.

At this breakfast session a well-known risk expert will provide information as to the current risks companies face. An experienced consultant and entertaining lecturer on Enterprise Architecture will show how these risks can be addressed through an Enterprise Architecture approach to security and then a Security Architect from SARS will provide feedback on how architecture has helped to develop security architecture.

Speakers

Craig Rosewarne (MBA, CISSP, CVE, ISO 27001 Assessor, CISM, Certified Cobit & ITIL trainer.): is the MD of Wolfpack – a South African company specialising in information risk research, threat intelligence, training, awareness and advisory. He is an EMEA director of the SANS Institute – a global leader in information security & forensics training.  He is also the founder and chairman of the Information Security Group of Africa, a section 21 company established in 2005 with over 4100 subscribers.  Craig was previously an Associate Director of Deloitte’s Risk Advisory division. He ran the Deloitte School of Risk Management and was responsible on a national level for learning and innovation for a team of over 430 professionals.  Craig has many years of management experience in the fields of IT & information security. He is often invited to speak or chair information security, risk, cybercrime and counterterrorism events as well as provide opinion pieces via TV, radio and print/online media. He is proudly South African and an even prouder husband and father to three healthy “cubs”.

Title: How prepared is Africa to deal with the cyber threat?

Description:

• Defining cyber security
• What cyber threats are facing Global & African companies
• A framework for responding to the cyber threat
• How does this fit into your bigger Governance, Risk and Compliance (GRC) framework
• How prepared is SA and what still needs to be done
• Current cyber initiatives Wolfpack is driving on the African continent

Dr Stephen Berjak: is currently Principal Architect at the South African Revenue Service (SARS) responsible for the modernisation of Information & Technology (IT) Security in the organisation. This role has primarily focussed on Tax & Customs revenue collection, with extension to projects including the enhanced Movement Control System developed for the FIFA 2010 World Cup and the National Identity & Passport solution piloted in August 2013. He has previously worked for Nedbank Group Technology – leading the security Architecture & IT Strategy discipline across the enterprise – and the National Communication Centre (within the National Intelligence Agency) as a cryptologist involved in secure communications and signal intelligence.

Dr Berjak obtained his PhD in Applied Mathematics from Stellenbosch University in 2003 for his thesis titled: “A crypt-analytic attack design against a block-oriented streamcipher with a 160-bit secret key”. His prior degrees were obtained from the University of Natal (Pietermaritzburg).

Title:  A survival guide for…SECURITY ARCHITECTS

Description:  In this presentation Dr Berjak relates, anecdotally, to his experiences in the private and public sector against a Bear Grylls-type survival guide for…security architects. Good, bad, and ugly experiences from the trenches will prepare current and potential architects for the highs and lows of EA and security.

James Thomas:  is a subject matter expert who specialises in Enterprise Architecture and Identity and Access Management (IAM). He has extensive experience in the IT environment with over 25 years in the computing field. James also has experience in business management, sales and project management and has engaged various medium to large public and private sector enterprises in South Africa and internationally.  James has been an IT Security professional since 1999 with experience in Information Security Management and IT security policies, Logical and Physical Access Control and he became a Certified Information Systems Security Professional (CISSP® – ISC2 InfoSec accreditation) in 2003. James has been a member of an international Community of Practice for IAM and on several occasions has been invited to speak at IAM industry events locally and abroad. James is also a certified TOGAF 9.1 and ArchiMate 2.0 practitioner and trainer and has been expanding his experience as an Enterprise Architect through the LEADing Practice EA frameworks and by leveraging his skill in deriving Business Value from the use of Information Technology. His business management qualifications and experience, IT Service Management (ITIL) certification and previous IT administration experience allows him to bring a real-world perspective to Enterprise Architecture. By combining his Enterprise Architecture and Security knowledge and experience, James is able to deliver a new perspective on Security Architecture that is both comprehensive and practical.

Title:  Breaking down the silos – Security Architecture in the realm of Enterprise Architecture

Description: In this session, James will provide the context, rationale and examples for an integrated and holistic approach to security, by combining Enterprise Architecture frameworks, tools and approaches with the latest in Security Architecture. Gain an insight into the traditional Enterprise Architecture and Security approaches and why they often seem to be working in opposite directions. James will then show how a risk-based approach with a shared meta-model and an integrated approach to Enterprise Architecture and Security Architecture, break down the silos. This holistic approach ensures that the focus of IT security shift  more to the Information than the Technology and ultimately address both operational risk and business strategy. The session will be concluded with examples of the foremost frameworks and approaches in this space.

Your Name * First Last Title * Designation Company * Postal Address * City * Phone (Work) * - Area Code Phone Number Phone (Mobile) * - Area Code Phone Number Your Email Vat Registration number Preferred method of payment Credit Card Bank Transfer Amount: R Date Other Attendee Names(1) Other Attendee Names(2) Other Attendee Names(3)

Our Company Details: Company Name:IITPSA NPCPostal Address:P O Box 1714, Halfway House, 1685.Phone: 0861 00 2772. Fax: +27 (11) 315 2276 / 086 600 6463.eMail: info@iitpsa.org.zaVat Registration number: 4760121113Bank account details:Standard BankAccount Name: IITPSA NPCBranch: Midrand, code – 001155Account Number: 201146304

Terms and Conditions: Payment is required within 5 days from date of invoice.If you have requested to pay by Credit Card, IITPSA will send you a request for the necessary information to complete the payment.All payments must be made before the day of the seminar.Full payment will be charged for those who register but do not subsequently attend.All payments are to be made payable to IITPSA.All cancellations must be received in writing. For cancellations made between 24 January & 31 January 2014 a 50% cancellation fee will apply. Between 01 February and 16 February 2014 inclusive, a 75 % cancellation fee will apply. From 17 February 2014 there will be no refunds and parties who have not paid will be liable for the full fee.Delegate substitutions are permitted at any time until 18 February 2014 provided that IITPSA is advised accordingly.Completed registration forms will be acknowledged within 4 business days by IITPSA.IITPSA, their partners, staff and any service providers will not be held responsible for any physical loss or damage in respect of any liability, loss, claim or proceedings whatsoever, whether these claims arise in common law or by statute, consequent on personal injuries to or the death of any person whatsoever arising out of, or in the course of, any action of the above mentioned parties or their staff members. Acceptance of Terms & Conditions * Yes

By clicking on the "Yes" button above, I indicate that I have read, understand and agree to abide by the terms and conditions of this booking. Please Copy Code: type_submit_reset_12 SubmitReset