09 - 11 March, 2020
| Sir Stamford Circular Quay, Sydney, NSW
Conference Day Two: Wednesday, 11th March 2020
9:00 am - 9:30 am
COFFEE & REGISTRATION
9:30 am - 9:40 am
CONFERENCE OPENING
Remarks from the Conference Chairperson
9:40 am - 10:20 am
Creating an Effective Risk Governance Framework for Technology Risk Management
Shannon Jurkovic -
Head of IT and Data Risk, Group Operational Risk,
Bendigo and Adelaide Bank
There are many forms of technology threats that can cripple organisational operations, materialise into legal and regulatory risks and can have adverse affects on a company’s business portfolio. Understanding how to prioritise technology threats and implementing a robust technology risk management framework can ensure the longevity of business operations and drive new growth.
In this session:
- Understanding how to use risk management theory to build good governance and manage complexity
- Continuous monitoring to allow for organisations to rationalise controls and reduce performance costs
- Analysing the future expectations of risk culture, risk appetite and risk maturity to ensure organisations are prioritising risk management
10:20 am - 11:00 am
PANEL DISCUSSION: Improving The Effectiveness of Communication Across the Three Lines of Defence Through Various Techniques Including Being Agile, Collaboration and Team Size
Kathryn Brown -
Executive Manager, Governance and Reporting,
Westpac
Shannon Jurkovic - Head of IT and Data Risk, Group Operational Risk, Bendigo and Adelaide Bank
The success of the three lines of defense model hangs on the ability of the organization to create a central foundation: common definitions and processes, clear definition of roles and responsibilities and efficient collaboration and information sharing across all parties. This panel will talk to how leaders are taking a more agile approach in the three lines of defense model, which will allow for improved business performance and increased transparency.
- How do you proactively manage resources within the first, second and third lines of defense, which tend to be siloed, manual and reactionary?
- How do you improve collaboration, information exchange and conduct reporting to create greater efficiency within each line of defense?
- How do you operate through being agile, responsive and more forward thinking to deliver success for the business?
11:00 am - 11:20 am
MORNING TEA
11:20 am - 12:00 pm
Establishing a Fit-for-Purpose Risk Methodology at UniSuper to Uplift Technology Risk Management Capabilities and Secure Critical Data
Leigh Heyward -
Technology Analytics and Risk Manager,
UniSuper
UniSuper has recently embarked upon a business transformation, aimed at uplifting the technology risk management capabilities of the business to secure data and better understand the changing digital landscape. In this session, Leigh will discuss how he has established the technology risk function at Unisuper and has created a risk methodology to better identify and mitigate potential risks within the business.
- Redefining the accountability model and considering how changes in the external environment can be embedded within the operating framework
- Reassessing the new risk and threat landscape by identifying key assets, scaling risks, identifying soft and hard controls
- Ensuring compliance with new regulations such as CPS 234
12:00 pm - 12:40 pm
Establishing Australia Post’s Business Profile Unit Dedicated to Minimising Technology Risk in a Changing Digital Landscape
Ghouse Mohammad -
Cyber Security and Risk Compliance Manager,
Australia Post
- Developing a strategy to mitigate the risks associated with the sharing of private information online
- Supporting a risk management perspective across 1st-2nd risk management lines
- Understanding people, process and technology infrastructure to be able to undertake this activity on an ongoing basis
- Developing awareness across all levels of organisational operations and working in collaboration with the enterprise risk team to deliver the most effective results
12:40 pm - 1:40 pm
LUNCH BREAK
1:40 pm - 2:20 pm
By Employing the FAIR Methodology to Quantify Risks, Hear How HESTA Has Engaged in a Proactive and Meaningful Technology Risk Conversation
Michael Collins -
General Manager Information Security,
HESTA
The FAIR Methodology is the only international standard model for quantifying information security risk. At HESTA this framework has been applied to support improved operational and strategic decision making, cost benefit analysis for information security investments and standardising the cyber risk language. FAIR brings FACTS to the FUD (Fear, Uncertainty and Doubt) fight and facilitates well-informed decisions to enable effective risk management. Quite simply it answers the most important question most savvy business executives ask “How much risk do we have?” In this session:
- Understand why most executives business executives and Board members don’t ‘get’ cyber security or technology risk. (Spoiler alert: It’s not their fault)
- How simplifying and standardising risk language can quickly build understanding and support across the business
- See how FAIR practices complement existing risk management frameworks and produce greater value and alignment with business goals.
- How establishing information risk management best practices opens the door to communicating effectively with board members
2:20 pm - 2:40 pm
PANEL DISCUSSION: Managing the Spectrum of Cloud Based Infrastructure in Today’s Digital Landscape
Approximately 70% of business’ are using the cloud today in some capacity, with this in mind, it is critical that organisations think seriously about how their information is being stored on the cloud and mange this usage effectively. This panel will talk to the challenges of cloud management surrounding these areas:
- Establishing and maintaining proper cloud security in a crowded and competitive marketplace
- Understanding cloud vendors unique cyber security policies and ensure they are compliant with rules and regulations
- How to best understand potential cloud threats such as data breaches, human error and data loss and develop a comprehensive due diligence road map
- Identifying the sharing arrangement of customer data
2:40 pm - 3:00 pm
AFTERNOON TEA
3:00 pm - 3:40 pm
Developing a Threat Model for Organisations to Understand and Identify Potential Risks
Nalin Arachchilage -
Cyber Security Fellow,
LaTrobe University
New technologies that improve the customer experience or operational performance are a competitive differentiator in the modern marketplace but as more services go digital, it is becoming increasingly more difficult for IT to protect the business. In this session, Nalin will discuss how the threat model he has developed will enable organisations to tackle the risks associated with these new technologies
- Improving business resiliency by minimising the risks associated with disruptive innovations such as blockchain, robotics, social, mobile and cloud technologies
- Worst-case situation scenario planning to ensure the survivability of your business in a cyber threat
- Identification of potential risks an addressing how they may impact operations
- Implementation of procedures to minimise risks and keep critical functions operating in the event of a breach
3:40 pm - 4:20 pm
Leveraging Data Analytics to Improve Technology Risk Compliance and Real Time Response
Chirag Joshi -
Senior Manager, Cyber Risk Governance,
Origin Energy
Deriving insights from information to make better, smarter and fact-based decisions is of high priority for businesses and those that can successfully extract value from their data will have a considerable advantage over their competitors.
In this session:
- Deploying advanced analytics on data to detect and prevent breaches
- Leveraging real-time data analytics for risk management to gain a competitive edge and comply with regulations
- Improving the efficiency of data testing to allow for the identification of opportunities and risks to ensure business leaders can might the right decisions
Chirag Joshi
Senior Manager, Cyber Risk GovernanceOrigin Energy
