Ameet Jugnauth

Title of Presentation:

Resilience

Synopsis

• What is ‘Resilience’?
• Keep the lights on – If you don’t, nothing will change!
• How to measure resilience – Controls controls controls
• Digital resilience and the Cloud – Different or not different?

SHORT BIO

Ameet Jugnauth is Vice President of the ISACA London Chapter and a technology & cyber security leader within Financial Services. With nearly 20 years’ experience of leading large, complex and international transformations, Ameet manages cyber and IT risk programmes, embedding strong strategic plans and governance frameworks, from inception to completion, directing transformations., collaborating at C-suite and Board levels and influencing future plans. His experience in Financial Services covers insurance, wealth management and banking. Ameet is passionate about the role that GRC has to play in enabling business growth and strategy whilst also being an advocate for diversity of thought leadership as a key driver.

Branko Subotić

Title of Presentation:

Building digital trust in third parties through third party assurance standards

Synopsis

Digital trust is very important for the relationships among various participants in the business community. How to build this digital trust? Assessment in accordance with SOC1 / SOC2 / SOC3 standards is transparent and standardized approach to establish digital trust for service providers which offer their services to other companies or technological solutions for managing customers' data. These reports help companies to assure the existence of a reliable control environment at service providers and build trust inside business communities

SHORT BIO

Branko Subotić is consultant and leader of IT risk and transformation practice, with 16+ year experience in building the digital transformation capabilities, establishment of digital frameworks, as well as risk management frameworks, capabilities and solutions, including both the advisory and assurance perspective, working in EY practice in SEE region. More focused on financial sector, but with significant experience in public, pharmaceutical, energy and IT sector.

Daniela Andrović

SHORT BIO

Ms. Daniela Androvic is a Senior Advisor for ICT Systems Security at the National CERT in the Regulatory Authority for Electronic Communications and Postal Services - RATEL Serbia. She was engaged in the process of establishing Serbian National CERT, implementing a virtual platform for simulation of cyber-attack and contributed in preparing the Model of Act on Cyber Security for Serbian public institutions. She is responsible for incident handling, data collection and analysis, cybersecurity reports, threat intelligence and early warnings. Daniela is passionate about information technologies, its dynamic development and has more than 15 years of extensive experience in information technology. She is involved in technical training for the public sector and she is a lecturer in the master’s degree studies at the University of Belgrade – Faculty of Organizational Sciences, course Cyber security. She was a software developer with main project ISDACON, Information System for Coordination of the Development Assistance to the Republic of Serbia, developed for the purposes of Ministry of European Integration. She also has international working experience from the United Nations court of law in the Hague, the Netherlands.

Daniela is a graduated IT engineer with Master thesis in field of cybercrime. She holds cybersecurity certificates: GOSI, ECIH, SEC+. Her area of interest is focused on cyber security, legal and technical aspects of digital forensics, cybercrime, OSINT, public-private-academic partnership and enhancing cybersecurity skills through knowledge transfer.

Janko Pavlović

Title of Presentation:

Cybersecurity Paradigm in Smart Manufacturing

Synopsis

The ISACA Belgrade Chapter Annual Event presents an insightful lecture on the cutting-edge topic of "Cybersecurity Paradigm in Smart Manufacturing." As Industry 4.0 continues to revolutionize the manufacturing sector, integrating the Internet of Things (IoT) into production processes, this lecture delves into the critical realm of cybersecurity within this evolving landscape. The lecture aims to illuminate the pivotal role that cybersecurity plays in safeguarding smart manufacturing systems against the backdrop of IoT proliferation. As factories and production lines become increasingly interconnected, the vulnerability to cyber threats amplifies. The lecture underlines the need for a paradigm shift in approaching cybersecurity, moving from a reactive stance to a proactive strategy that encompasses prevention, detection, and mitigation of cyber risks. The presentation will cover fundamental cybersecurity concepts tailored to Industry 4.0, highlighting the challenges and complexities posed by IoT devices in manufacturing environments. Attendees will gain an understanding of how these interconnected devices create new avenues for potential attacks, emphasizing the urgency of secure design, network segmentation, and continuous monitoring. Moreover, the lecture will provide real-world case studies and examples to underscore the potential consequences of cyber breaches in smart manufacturing, ranging from production downtime to compromised product quality. Presenter, who is expert in IoT technologies and industry 4.0, will offer insights into best practices for implementing robust cybersecurity measures while maintaining operational efficiency.

Predavanje ima za cilj da osvetli ključnu ulogu koju sajber bezbednost igra u zaštiti pametnih proizvodnih sistema u svetlu naglog porasta zastupljenosti interneta stvari. Kako fabrike i proizvodne linije postaju sve više međusobno povezane, ranjivost na sajber pretnje se povećava. Predavanje podvlači potrebu za promenom paradigme u pristupu sajber bezbednosti, prelazeći sa reaktivnog stava na proaktivnu strategiju koja obuhvata prevenciju, otkrivanje i ublažavanje sajber rizika.

Predavanje će pokriti osnovne koncepte sajber bezbednosti prilagođene Industriji 4.0, naglašavajući izazove i složenost koje postavljaju IoT uređaji u proizvodnim okruženjima. Učesnici će steći razumevanje o tome kako ovi međusobno povezani uređaji stvaraju nove puteve za potencijalne napade, naglašavajući važnost bezbednog dizajna, segmentacije mreže i kontinuiranog nadgledanja.

Štaviše, predavanje će pružiti studije slučaja iz stvarnog sveta i primere koji će naglasiti potencijalne posledice sajber incidenata u pametnoj proizvodnji, u rasponu od zastoja u proizvodnji do ugroženog kvaliteta proizvoda. Govornik koji je stučnjak za IoT tehnologije i industriju 4.0, ponudiće uvid u najbolje prakse za primenu robusnih mera sajber bezbednosti uz održavanje operativne efikasnosti.

SHORT BIO

Janko is a tech entrepreneur with the background in Electrical Engineering and Computer Science. During the studies he invented a smart stove which saves around 50% of energy during the boiling process and completely new type of hybrid vehicle, an electrical hybrid without any batteries.

Trenutno se bavi preduzetništvom kao suosnivač i izvršni direktor startapa Digital Worx koji pomaže fabrikama da organizuju svoje operacije i optimizuju produktivnost. Digital Worx je fokusiran na koncepte IIoT i industrije 4.0.

Joris Vredeling

SHORT BIO

Joris is a Regional Chapter Advocate for ISACA in Europe. He is an experienced international project manager who has been working in different non-profit IT & Cybersecurity-associations for 15 years, including the ISACA Madrid Chapter, where he was the general coordinator for 10 years.
Joris holds a master’s degree in European Policy (University of Amsterdam) and speaks Dutch, English and Spanish fluently. Among his key responsibilities at the aforementioned associations, he has managed strategy design and implementation in marketing; communications; public, academic, and international relations; conferences; training programs and translations. In his current role at ISACA, he supports the European Chapters of ISACA in their operations, aligned with ISACA’s global and European strategies.

Maurice Engelhardt

SHORT BIO

Maurice Engelhardt, Director of Data Science & Process Mining at STADA, has a decade of experience in Data Analytics & Data Science.

In his 6 years with STADA, Maurice has excelled in applying analytics to reveal additional value and amplify the understanding of advanced analytics throughout the organization.

His educational journey began with a degree in physics from the University of Frankfurt. Following his involvement with multiple startups, Maurice transitioned into the consultancy world, honing his skills in business valuation and business modelling.

Pablo Ballarin Usieto

Title of Presentation:

What Can Ethics Teach Us About Emerging Technologies?

Synopsis

What can ethics teach us about emerging technologies? Is it possible to address ethical issues in the same way we handle cybersecurity matters?

Ethical systems delineate the moral values and codes of conduct within societies and social groups, and they can be applied to various human domains, such as politics or business. In the 1970s, ethics began to be applied to healthcare, medicine, biological research, biotechnology, and environmental issues. Consequently, bioethics emerged, addressing concerns related to organ donation and transplantation, genetic research, assisted dying, and environmental matters amidst a global social crisis and the revelation of various malpractices in medical policies (eugenics, animal testing). There arose a need to contemplate the right course of action for biological research, public health, social work, and environmental issues. Bioethics not only introduced new ethical theories but also established ethics committees and bioethicists in hospitals to help navigate dilemmas and contradictions.

Presently, emerging technologies are also introducing new risks associated with various forms of bias, lack of transparency, addiction, information bubbles, social manipulation, and threats to democracies, as witnessed in elections worldwide. As a result, ethical frameworks tailored to AI and other emerging technologies have been developed in recent years: these frameworks transform ethical theories into actionable steps that can be employed in the creation of responsible technologies.

What are the key principles of these frameworks? How can we implement them? What types of competencies are required?

SHORT BIO

Pablo Ballarin is an independent cybersecurity consultant who assists companies across various industries in defining and implementing their cybersecurity strategies to establish trust. Frequently, trust also necessitates managing risks associated with emerging technologies, such as lack of transparency, loss of human autonomy, bias, and safety. Therefore, his advisory services encompass responsible AI as well.

Pablo is the founder of Balusian, a professor, speaker, member of the scientific council of the IAEAI (Israel Association of Ethics in Artificial Intelligence), board member of ISACA Valencia, member of the ISACA Emerging Trends Working Group, and coordinator of the Centre for Industrial Cybersecurity (CCI) in Spain.

Pablo holds a Telecommunications Engineering degree, a MsC in Artificial Intelligence and he is currently finishing a MsC in Philosophy for Contemporary Challenges. He is holds the following professional certifications: CISM, CISA, CRISC, CDPSE, CSX-F, CISSP, CEET, CEHv9, ISO 27001 LA, OGAF, TISO 20000-1, ITILv3.

Per Thorsheim

Title of Presentation:

Fighting Phone & SMS Spoofing: From Users to Governments

Synopsis

Fraud involving fraudulent phone calls and text messages are on the rise, and victims come forward with sad stories & ugly consequences.

In this presentation I will explain some of the technical shortcomings that allow such fraud to take place. Furthermore I will talk about what telecom providers can and SHOULD do in order to reduce risk of successful spoofing. I will also talk about what you and your organization can do to reduce risk of yourselves being abused for committing fraud against others, as well as reducing risk of you becoming the victim.

SHORT BIO

Per Thorsheim has gone full circle security since 1994, from sales and operations to pentesting, auditing, consulting & CISO/CSO roles. With passwords & digital authentication as an obsession for more than 20 years, he says there are no other security issues affecting more users more frequently on a global basis - and we need to make it easier on people. He has a bunch of certifications, co-authored some research papers and is the founder of PasswordsCon.

Ramón Serres

Title of Presentation:

Levers to Digital Trust

Synopsis

Digital Trust is a sine qua non condition to Digital Transformation. Businesses that aim to evolve must invest in the concept of Digital Trust. In this session we will comment on the key levers to building Digital Trust and the role that Information Security relates to all of them.

SHORT BIO

Ramón Serres is the CISO for ALMIRALL, a Spanish pharmaceutical company, leader in medical dermatology, listed in the Stock Exchange.
Ramón is an Industrial Engineer who has a long background in IT and has led the transformation of the Information Security function in ALMIRALL, from Strategy to Operations, over the past 8 years. He’s a regular contributor to ISACA Journal and other specialized organizations. He holds several certifications in Enterprise Governance, Risk Management, Information Security and Data Privacy

 

Srđan Mraović

Title of Presentation:

PAM - Avoiding chaos in privileged access management

Synopsis

In the complex environments of modern IT infrastructures, managing privileged access with an organized and dedicated system is defined as a crucial anchor point, ensuring structured and secure access to critical resources for all internal and external users with appropriate rights. Through meticulous management of privileged user rights, PAM effectively avoids the chaos that unchecked access can cause, promoting a harmonious and robust digital environment.

SHORT BIO

Srdjan Mraovic began his career in the banking sector, moving up from technical to managerial positions. His further expanded expertise by taking on a crucial role as an IT manager in the private sector. Now, in the realm of business development, he adeptly combine his technical knowledge with strategic growth initiatives as a business development manager. Srdjan has in charged for security, backup, and monitoring solutions, ensuring the protection and resilience of key business assets.

 

Sue Milton

Title of Presentation:

In search of software resilience

Synopsis

Part A: the criteria for trust

• What makes us trust the software we use?
• Limitations of trust.
• Earning trust.

Part B: software everywhere, resilience nowhere?

• Cloud, opensource software, SaaS – who develops, who tests, who is responsible, who is accountable?
• Does procurement include software resilience?
• The E and the S of ESG.

Part C: the impact of the newer kids on the block

• AI – our saviour or our slayer?
• Quantum computing – powerful ally or powerful antagonist?
• Smart devices and smart homes – is ‘sell’ or ‘safety’ the top priority?

Part D: some solutions

• The G of ESG - legislation and governance.
• Focus on the S - ethics, integrity and quality.
• Redress – we are able to obtain help and compensation when things go wrong.

SHORT BIO

SUE MILTON is a governance specialist, covering both corporate and IT aspects, to support organizations achieve strategic and operational effectiveness. She works with both the public and commercial sectors globally.

Her key message for 2023 is that we totally rely on software, so let’s understand how best to benefit from its opportunities without causing harm. Society and our economies are dependent on software that works.

Sue is a past president of the ISACA London Chapter. She is now a SheLeadsTech ambassador and part of OneInTech promoting diversity and inclusion. Sue is also a member of the UK’s 2023 UK Advocacy Task Force, engaging with the UK Government on developing policies for making digital services inclusive, safe, secure, easy to use and resilient.