Mid Conference Workshop A:21 September 2010

5.10 - 8:10 Workshop A: Keeping on Top of Governance, Risk and Compliance

Rationale:

Your IT team must meet not only your organisational compliance requirements, but also industry and governmental regulatory requirements. This workshop will cover:

Agenda:

• 4.40 Defining and implementing policy frameworks and processes to efficiently meet your compliance needs
• 5.10 Proactive compliance reporting: defining, measuring, and reporting on the compliance of information systems based on industry, corporate and regulatory security policies, as well as standards and frameworks
• 5.40 Conducting self-assessments and audits
• 6.10 Break
• 6.40 Conducting awareness to improve compliance
• 7.10 Managing ICT risk management as an element for ensuring benefits realisation from regulatory compliance

About your expert tutor:

Maria Corpuz
Manager Information Security
DEPARTMENT OF EDUCATION AND TRAINING QLD

Maria Corpuz is currently the Manager Information Security of the Queensland Department of Education and Training. She is in charge of the implementation of the enterprise security for the Department. Accomplishments include the development and implementation an agency-wide information security management framework, implementation of a comprehensive anti-spamming solution, and development and deployment of an interactive online security awareness program. Maria is a PhD student at the Information Security Institute, Queensland University of Technology. She has a Masters in Computer Science degree and has a Manager’s certificate in ITIL.

Post Conference Workshop B:22 September 2010

5.15 - 8:15 Workshop B: Ensuring Website Resilience to Attack

Rationale: As reliance on online communications and commerce grows, government departments and agencies are increasingly exposed to loss through unplanned outages. Security compromises represent a major cause of such outages. Challenges to contend with include the risk of exposure being discovered by a malicious party or an increased window of opportunity for attackers where exposure is already being exploited.

Agenda:

• Understanding the different threats on the horizon
• Mitigating or containing the risk of a security compromise
• Discussing the appropriate organisational processes, staffing and training
• Implementing a comprehensive investigation of the issues behind a compromise
• Protecting an application where the business impact of downtime is deemed critical
• Putting a disaster recovery plan in place

About your expert tutor:

Peter Fowler
Director Security and Risk Assurance
OFFICE OF THE CHIEF INFORMATION OFFICER SA

Peter is a Senior Member of the Australian Computer Society and Certified Information Security Manager (ISACA) and has worked in the ICT industry for over 40 years. He currently responsible for the information security across the South Australia government sector and Deputy State Controller (ICT) under the South Australia Emergency Management Act

Post Conference Workshop C:23 September 2010

9.00 - 12:00 Workshop C: Strategies for Effective Data Validation and User Verification

Rationale:

One of the biggest problems right now is the sheer amount of data to manage. To manage data, good correlation and reporting mechanisms are essential. Effective data validation and user verification means having solid processes and methodologies in place to maintain data integrity.

Incorrect data validation can lead to data corruption or security vulnerability. This workshop will cover the implementation of data validation checks to ensure data is valid, sensible, reasonable, and secure before they are processed.

Agenda:

• 9.00 Addressing changing network security needs
• 9.30 Ensuring procedures, including frequency of back up system use, are documented and followed
• 10.00 Establishing data security protocols are in place and effective
• 10.30 Break
• 11.00 Reviewing firewalls/password protection and access levels
• 11.30 Delivering on accountability for data integrity
• 12.00 Assuring a software system meets a user’s needs

About your expert tutor:

Peter Major
Senior Manager Security
(ITSA) INTACT ACT

Peter Major is the Manager, IT Security and the ITSA for the ACT Government. He provides a solid knowledge base across the entire range of IT Security activities plus advice and consultancy services to the whole of ACT Government. Before joining InTACT in mid 2003, Pete has had a wide and varied career. After many years in the Department of Defence, Pete moved to the private sector heading up the Engineering Service delivery teams of several multinational IT companies. Pete returned to the public sector in 1995 working for a number of Commonwealth departments. His most recent position was heading up the Security Section within the Commonwealth Department of Health.