isaca 2013 conference big data
TRANSCRIPT
GOLD SPONSORS
SILVER SPONSORS
PROGRAM 2013 NORDIC CONFERENCE
Welcome to the
ISACA 2013
NORDIC
CONFERENCE
in Stockholm from the 22nd to the 23th of April 2013.
Cloud Information mobility
Social Media
Big Data Data privacy
MEDIA SPONSOR
For the the most
up-to-date program go to
nordic.isaca.se
ISACA 2013 Nordic Conference
This is the program for the ISACA 2013 Nordic Conference. The premier conference for audit, information security and risk management in the Nordic countries. The Conference takes place the 22nd to the 23th of April 2013 in Stockholm.
Content
The conference is dedicated to presenting topics and educa-tional tracks with a unique perspective. Each track will have a blend of technical and managerial topics that will enhance the learning experience and actively motivate and challenge the way you work.
The focus areas for the 2013 conference are:
Cloud,
Information Mobility,
Social Media,
Big Data and
Data privacy.
The conference has the following tracks:
IT Governance,
IT Assurance and
IT and Information Security.
There is also a virtual track about risk built from the three par-allel tracks. There are 24 track sessions and 4 keynote/guest speaker sessions.
Target audience
The conference target audience is IT professionals, Infor-mation security professionals, IT Audit professionals, IT Gov-ernance professionals, Information security managers, Infor-mation security professionals, Assurance professionals, Sen-ior and executive managers, CIOs, CISOs and other members of the C-suite.
Background
For the last four years there has been a Scandinavian ISACA conference that has rotated between Denmark, Norway and Sweden. The 2012 Scandinavian conference took place in Denmark.
In 2013 the conference is upgraded to a Nordic Conference as Finland provides speakers and participants. All presentations are in English.
Questions
If you have any questions please contact [email protected]
Version
This is the second version of the program, released on the 20th of April 2013.
Location
Hilton Stockholm Slussen Hotel, Guldgränd 4, Stockholm,
Sweden. Map: http://goo.gl/maps/1iiRJ
If you need a hotel room during the conference reserve your room at the ISACA Hilton website http://www.hilton.com/en/hi/groups/personalized/S/STOSLHI-GISAA-20130422/index.jhtml or call +46 8 517 353 10 +46 8 517 353 10 GRATIS , mention ISACA when you talk to them.
Transport
The Hilton Stockholm Slussen Hotel, is located in the city cen-
ter of Stockholm. The closet Metro station is Slussen.
If you come to Stockholm by air you can take an airport bus, or
train if you come to Arlanda airport, to the city center of Stock-
holm. You will then arrive close to Stockholm Central Station.
From the Stockholm Central station you can take the metro to
Slussen or walk, there is just a 20 minutes walk to the hotel.
Organizing Chapters
The ISACA 2013 Nordic conference is organized by the ISACA chapters in Denmark, Finland, Norway and Sweden.
PROGRAM 2013 NORDIC CONFERENCE
PROGRAM 2013 NORDIC CONFERENCE
Registration
The recommended early bird fee for attending the conference is 750 Euro for ISACA members and 995 Euro for non-members if you register no later than the 22th of March 2013.
From the 23rd of March the recommended fee for attending is 850 Euro for ISACA members and 1 095 Euro for non-members.
You should register at the chapter website of your country to get the correct pr ice in local currencies; the price might vary depending on chapter sponsorship, pack-ing, taxes and similar aspects. So...
...If you live in Denmark go to www.isaca.dk.
...if you live in Finland go to www.isaca.fi.
...if you live in Norway go to www.isaca.no.
...if you live in Sweden or any other country go to www.isaca.se.
Last day for registration is April the 15th 2013.
Your registration fee includes:
Attendance at the conference for 2 days
Access to the Exhibitors hall
An opportunity to earn up to 13 continuing professional
education (CPE) credit hours
Morning and afternoon coffee/tea breaks
Complimentary lunches on Monday 22nd and Tuesday 23th
of April.
An evening event and dinner on Monday 22nd of April.
Become a member today and get the member discount for the
conference at www.isaca.org/join
Please remember to also reserve a hotel room at Hilton Stock-
holm Slussen Hotel, Guldgränd 4, Stockholm, Sweden.
CPE
Anyone that wants to maintain the ISACA certifications: Certi-
fied Information Systems Auditors (CISA), Certified Information
Security Manager (CISM), Certified in the Governance of En-
terprise IT (CGEIT), Certified in Risk and Information Systems
Control (CRISC) must attain and report an annual minimum
of twenty (20) CPE hours and Attain and report a minimum of
one hundred and twenty (120) CPE hours for a three-year re-
porting period.
Attendees earn up to 13 CPE credits by attending the ISACA
2013 Nordic Conference.
Disclaimer
The information in this brochure is correct at the time of print-
ing. ISACA reserves the right to alter or delete items from the
program in the event of unforeseen circumstances. Material
has been prepared for the professional development of ISACA
members and others in the IT audit, control, security and gov-
ernance community.
Neither the presenters nor ISACA can warrant that the use of
material presented will be adequate to discharge the legal or
professional liability of the members in the conduct of their
practices. All materials used in the preparation and delivery of
presentations on behalf of ISACA are original materials creat-
ed by the speakers, or otherwise are materials which the
speakers have all rights and authority to use and/or reproduce
in connection with such presentation and to grant the rights to
ISACA as set forth in speaker agreement.
Subject to the rights granted in the speaker agreement, all
applicable copyrights, trade secrets, and other intellectual
property rights in the materials are and remain with the speak-
ers.
Please note: unauthorized recording, in any form, of presenta-
tions and workshops is prohibited.
PROGRAM 2013 NORDIC CONFERENCE
Monday the 22nd of April
Time Governance Assurance Security
09.00 - 10.00 Registration is Open, Networking & Exhibition
10.00 - 10.15 Welcome and Opening Speaker: Peter Lind, President ISACA Sweden Chapter
10.15 - 11.00 Key Note Speaker: Marc Vael, ISACA International Vice-President (110)
11.00 - 11.15 Short Break, Networking & Exhibition
11.15 - 12.00 Leading the Information Security
Mind-set (121)
Markku Kaskenmaa, CISA,
CISM, Invisian Ltd (FI)
Business continuity management
at Volvo IT(122)
Stefan Karlsson, CISA, CBCP,
CRISC, Volvo IT (SE)
Big data vs. Great Data
(123)
Carsten Stenstrøm, CISA, Dan-
marks Radio (DK)
12.00 - 13.00 Lunch, Networking & Exhibition
13.00 - 13.45 Enterprise Risk Management –
Bridging the gap between IT
Risks and IT Security Technology
(131)
Marc Solis, Dell (DK)
Risk with Limited Auditing of
Cloud Based Application Service
(132)
Markus Leinonen, CISA, CIA,
KPMG (FI)
Awareness of information security
– Highlights from the National
Security Month in Norway (133)
Tone Hoddø Bakås, CISA,
CRISC, Norsis (NO)
13.45 - 14.00 Short Break, Networking & Exhibition
14.00 - 14.45 Implementing a Risk Mgmt
Framework with a GRC Tool
(141)
Magnus Felde, CISSP
(Associate), GCIH, Mnemonic
(NO) and Jon Hofstad, CISSP,
EVRY (NO)
IT’s Involvement in the Merger &
Acquisition Process (142)
Fredrik Ohlsson, CISA, CISM,
CRISC och CISSP, KPMG (SE)
PCI Overview (143)
Mikko Sauranen, CGI (FI)
14.45 - 15.15 Break, Networking & Exhibition
15.15 - 16.00 Why Traditional Information Se-
curity Governance Approaches
No Longer Work… and how to
establish better mechanism (151
Bengt Berg, CISM, CISSP, QSA,
Cybercom (SE)
Cloud Computing, Privacy and
Information Security (152)
Helge Veum, Director, Datatil-
synet (NO)
Cloud Storage and Security (153)
Jacob Illeborg Pagter, CISSP,
Alexandra Institute (DK)
16.00 - 16.15 Short Break, Networking & Exhibition
16.15 - 17.00 Key Note speaker: Björn Gustafson, Manager Information Security, Stockholm Stad (160)
17.00 - 17.15 Summary Day 1 - Evening Program & Logistics
17.15 - 17.30 Short Break
Break, Hotel Registration, Networking & Exhibition 17.30 - 18.15 ISACA Sweden Chapter Annual
meeting
18.15 - 19.00 Break
19.00 - 19.15 Gather in the hotel lobby, important to be in the lobby before 19:15!
19:15 - 19:30 We take a short walk together to The Evening Event.
19.30 - 23:00 The Evening Event and Dinner
If you want follow the virtual risk track you should go to sessions with dotted background.
PROGRAM 2013 NORDIC CONFERENCE
Tuesday the 23th of April
Time Governance Assurance Security
08.00 - 09.00 Registration is Open, Networking & Exhibition
09.00 - 09.45 Key Note Speaker: Philip Aldrich, CISSP, CISM, CRISC, CIPP, CISA (210)
09.45 - 10.15 Break, Networking and Exhibition
10.15 - 11.00 COBIT 5 for Information Security
(221)
Jacqueline Johnson, CISSP,
Nordea (DK)
SOX Today and yesterday (222)
Harald Carlsson, Carlsson Internal
Control Consulting AB (SE)
Keeping financial risks controlled
by bridging management of IT
services and data centre facilities
(223)
Lucas Cardholm, LLM, MBA ,
Coromatic AB (SE)
11.00 - 11.15 Short Break, Networking & Exhibition
11.15 - 12.00 Risk assessment - Can it be simple
and yet sufficient? (231)
Helvi Salminen, CISA, CISSP,
SABSA, Gemalto (FI)
IT Assurance (232)
Hans Henrik Berthing, Verifica
(DK)
Case Study: Security in Mobile
Banking (233)
Mari Grini, CISA, CISSP Spare-
Bank1 (NO)
12.00 - 13.00 Lunch, Networking & Exhibition
13.00 - 13.45 Cloud Security: Minding the Gap
with Socio-Technical Model of Gov-
ernance (241)
Stewart Kowalski, NISLab (NO)
Identity Audit (242)
Hannu Kasanen, Albin Finne,
Deloitte & Touche (FI)
Information mobility vs. Security.
Managing a new age of risk (243)
Jana Thorén and Michael Duva,
CISSP, Secode (SE)
13.45 - 14.00 Short Break, Networking & Exhibition
14.00 - 14.45 Governance of IT cost…It´s too
expensive - where to cut? (251)
Peter Torngren Connecta (SE)
Information Security, Reputational
risk IT & Business Continuity
(252)
Kim Aarenstrup, CISA IBM (DK)
Cowboys & Indians - How to Se-
cure the Manufacturing Fortress
(253)
Jukka Nyman, CISM, Invisian Ltd
(FI)
14.45 - 15.15 Break, Networking and Exhibition
15.15 - 16.00 Key Note Speakers: Christian Brosstad, VP and Mari Grini, CISA, CISSP, SpareBank1, Norge (260)
16.00 - 16.15 Summary Day 2 - Conference Closure: Peter Lind, President ISACA Sweden Chapter
If you want follow the virtual risk track you should go to sessions with dotted background.
PROGRAM 2013 NORDIC CONFERENCE
Keynote Key Note: Global IT trends impacting the IT audit, information
security and IT risk professional (110)
Monday
10.15-11-00
In his multimedia presentation, Marc Vael will present the results from his study on the global IT trends impacting the role of the IT
auditor, the information security professional and the IT risk professional in the coming 5 years. The presentation will leave ideas
on focus and approaches for the near future.
Marc Vael, ISACA International vice-president, President ISA-
CA Belgium Chapter, CISA, CISM, CGEIT, CRISC, CISSP, ITIL,
Prince2
Marc has three Master’s degrees (Applied Economics, Information Management and IT Man-
agement) In1995 Marc started the IT audit department at Arthur Andersen Belgium. In 2002,
Marc became director at KPMG Advisory Belgium, and was also national CISO and Data Pro-
tection Officer until 2007. Currently Marc is Chief Audit Executive at Smals, a Belgian IT com-
pany with more than 1800 emploees working primarily for Belgian Federal Social Security Insti-
tutions.
Marc has 20 years of experience in evaluating, designing, implementing and monitoring solu-
tions on risk and information security management, incident and business continuity manage-
ment, data protection/privacy, and IT audit.
An ISACA member for more than 15 years, Marc Vael is international vice-president of ISACA,
chair of ISACA’s Cloud Computing Task Force, chair of the Knowledge Board and member of
the Strategic Advisory Council of ISACA. Since 2012 .Marc is also president of the ISACA Bel-
gium Chapter. Marc Vael is a visiting lecturer at Antwerp Management School since 1997 and
at Solvay Brussels School since 2004. Marc is a deputy member of the Flemish Privacy Com-
mission since 2010. Since 2012 Marc Vael is member of the ENISA Permanent Stakeholder
Group.
ISACA Belgium Chapter
The ISACA Belgium Chapter is with more than 800 members one of the largest ISACA chap-
ters in Europe.
Key Note: Information classification, one piece of the puzzle
(160)
Monday
16.15 - 17:00
One of the most viral activities within information security is information classification. This presentation describes how the city of
Stockholm handles the issue. One of the most viral activities within information security is information classification. This presenta-
tion describes how the city of Stockholm handles the issue.
Björn Gustafson, Manager Information Security
Bjorn has worked with security issues more than fifteen year. Bjorn started out as a military
officer within the Swedish armed forces and worked 10 year as chief security officer and chief
information security officer. For the past five years he has worked as CISO at the executive
office at city of Stockholm.
Stockholm Stad
Stockholm city is one of Sweden’s largest employers with more than 40 000 employees. Day-to
-day operations are carried out by the City’s 31 administrations and 26 companies
PROGRAM 2013 NORDIC CONFERENCE
Key Note: Social Media – a Corporate Love Affair or Just a
Nightmare? (260)
Tuesday
15:15– 16:00
The presentation will give the audience insight into business possibilities in social media and examples of how social media can be
used in i.e. marketing, customer dialogue and crisis management. It will give insights into how SpareBank 1 has turned incidents in
social media into positive reactions in the public opinion. The presentation will also cover SpareBank 1s perception of threats in
social media and how we worked together to understand and address them. The presentation will give the audience insight into
business possibilities in social media and examples of how social media can be used in i.e. marketing, customer dialogue and crisis
management. It will give insights into how SpareBank 1 has turned incidents in social media into positive reactions in the public
opinion. The presentation will also cover SpareBank 1s perception of threats in social media and how we worked together to under-
stand and address them.
Christian Brosstad, VP
Christian Brosstad is Director of Communications and head of Social Media in SpareBank 1,
public speaker and blogger
Mari Grini, CISA, CISSP
Mari Grini (CISA and CISSP) is Manager IT-security at SpareBank 1, one of the largest provid-
ers of financial services in the Norwegian market.
She has worked in IT and telecom since 1994 and has broad experience in security from both
SpareBank 1, since 2007, and the Norwegian Tax Administration.
She also has work experience from Telenor in service development, operations and technical
project management. She is graduated from the Norwegian University of Science and Technol-
ogy in 1994 and holds an Executive Master from the Norwegian Business School (BI).
SpareBank1
Business Context: The Key for successful Risk Management -
Cobit5 (210)
Tuesday
09.00 - 09.45
Do you feel confident you’ve identified all of your organization’s assets (processes, infrastructure, data, etc.) according to business
priority? If not, you are probably wasting valuable time and resources managing non-critical events and setting yourself up for a
potential disaster.
As risk professionals attempt to navigate their organizations safely through today’s threat landscape, they are constantly buffeted by
waves of information and new sources of potential risk. Keeping an organization away from hidden reefs and forecasted storms is
increasingly difficult and complex. As teams attempt to manage sheer volumes of data from a variety of security tools, incidents,
compliance requirements, etc. they find a majority of the gathered information is irrelevant. Teams struggle to identify true risks in a
sea of non-critical events. Business context can be the rudder to keep risk prioritization activities on course.
Philip Aldrich, CISSP, CISM, CRISC, CIPP, CISA, Program Direc-
tor, Risk Management
Currently, Phil Aldrich is responsible for the enterprise Governance, Risk and Compliance
(GRC) program development and implementation at EMC. He reports directly into EMC’s Chief
Risk Officer (CRO) and coordinates GRC activities with a variety of internal teams such as
internal audit, information security, business continuity, product security, CIRC and operational
risk management. Previously, Phil was responsible for the product strategy and development
for the RSA Archer EGRC Suite at RSA. Prior to joining EMC/RSA he managed Information
Security globally for a Fortune 500 company and implemented an enterprise wide GRC pro-
gram. Phil graduated from the United States Military Academy at West Point, commissioned as
a helicopter aviation officer and served most of his time overseas.
EMC/RSA
PROGRAM 2013 NORDIC CONFERENCE
Governance Leading the Information Security Mind-set (121)
Monday
11.15 - 12.00
In the course of leading the information security in the organizations we have to define what the word “lead” means to the organiza-
tion. We have learned that just managing the security practices, such as policy and promoting the security awareness, may not
bring the essential results. We need to stop and ask ourselves what is the security mind-set in the organization and how it is linked
to the culture and values of the organization. We need to focus more in becoming better leaders beside nurture the knowledge of
new threats and technical solutions. In this presentation Markku Kaskenmaa will challenge the security professionals to focus more
on the leadership within the information security programs.
Markku Kaskenmaa, CISA, CISM, Six Sigma Greenbelt certified
Markku Kaskenmaa is a director and a lead consultant at Invisian Ltd.’s consultancy practice.
He has more than 12 years of experience in the IT field and has been specializing in IT risk
management, IT governance and information security.
In the past he has been in positions of Security and Privacy Services leader in one of the big 4
companies, a chief technical officer for one of the leading information security companies in the
Nordics and a director of security in a challenging and fast paced global online company with
an overall responsibility of security practices globally.
Currently he is leading information security management professionals in both national and
global projects. He is also a board member in ISACA Finland chapter, acting in roles of interna-
tional coordination and research director.
Invisian Ltd (FI)
Invisian Ltd. is a private company established in 2004 focusing on high quality IT services. In-
visian operates throughout Finland and also in customer projects globally.
Enterprise Risk Management – Bridging the gap between IT
Risks and IT Security Technology (131)
Monday
13.00 - 13.45
Identity Access Management has traditionally been a simplistic approach of either allowing or declining access and entitlements.
Our customer projects are increasingly moving towards an IT-Risk approach where the context becomes more important.
A context based approach better represent the actual IT-Risk management of user access and entitlements. Typical issues around
the context would be issues around Mobility, Geo-location, Authentication strength, cumulative Risk-Scores.
This presentation is based upon the international experiences of Dell Software Group and introduces you to our best practice ap-
proach within Identity & Access Management.
Marc Solis, MSc.Econ, Security Sales Specialist Nordics
Marc Solis comes with 15 years of experience from the IT Security software industry. The main
objective has been bridging the gap between Security Technology and IT Risk Management in
the well-known triage of People-Processes-Technology.
DELL
For more than 28 years, Dell has empowered countries, communities, customers and people
everywhere to use technology to realize their dreams. Customers trust us to deliver technology
solutions that help them do and achieve more, whether they're at home, work, school or any-
where in their world.
PROGRAM 2013 NORDIC CONFERENCE
Implementing a Risk Mgmt Framework with a GRC Tool (141)
Monday
14.00 - 14.45
During the last couple of years EVRY, which is one of the largest IT services company in the Nordic region, has worked on renew-
ing their risk management framework. We will share our experience from the process, as well as giving you an insight into Norway’s
first Archer GRC tool implementation, and how the use of a tool can help your organization.
Magnus Felde, Information Security Consultant, MSc Infor-
mation Security, CISSP (Associate), GCIH
Magnus has a master degree in information security from Gjøvik University College, and has
since 2011 worked in mnemonic’s Governance, Risk & Compliance department. He is respon-
sible for the GRC tool service at mnemonic, and has been central in the implementation of Nor-
way’s first Archer implementation.
mnemonic (NO)
Mnemonic is the leading independent provider of IT security professional services and 24x7
managed security services in the Nordics. Our scale, expertise, flexibility and agility, enables
our enterprise customers to protect their businesses by deploying products and services from
our portfolio that covers the entire information security lifecycle
Jon Hofstad, Corporate Risk Manager, CISSP
Jon is Corporate Risk Manager at EVRY ASA and responsible for establishing and maintaining
EVRY`s Risk Management efforts across the group.
Jon has been with EVRY since 2005 and held the position as Chief Security Officer at Er-
goGroup.
EVRY (NO)
EVRY is the largest IT company in Norway and the second largest IT services company in the
Nordic region. With 10,000 employees, EVRY delivers daily IT services from 50 Nordic towns
and cities for more than 14,000 public and private sector customers. EVRY is the product of
the largest-ever Nordic IT merger built on the foundation of the merger in 2010 of Norway's two
largest IT companies, EDB and ErgoGroup.
Why Traditional Information Security Governance Approaches
No Longer Work… and how to establish better mechanisms
(151)
Monday
15.15 - 16.00
IT becomes more complex every day – proven by trends like cloud services, outsourcing, and information mobility. Traditional top-
down information security governance models fail to handle these challenges. Security professionals often approach this with an
audit-inspired perspective. Instead – copy the approach used by every finance department! The methods are there - only the tools
are missing.
Bengt Berg, M.Sc, CISM, CISSP, QSA
Bengt works for Cybercom (www.cybercom.com) in Sweden as Head of Compliance Manage-
ment Services. Bengt has spent almost 20 years in the IS/IT security business, and today fo-
cuses at security governance issues as well as security and risk in the payment card industry.
Cybercom (SE)
PROGRAM 2013 NORDIC CONFERENCE
Governance COBIT 5 for Information Security (221)
Tuesday
10.15 - 11.00
Focus of COBIT 5.0 is creation of value for business, integration of other frameworks and separation between management and
governance functions.
This new governance framework also incorporates information security. During the session each component of COBIT 5.0 is ex-
plained from a security perspective. This session will further provide security professionals guidance for using COBIT 5 for estab-
lishing, implementing and maintaining information security in the enterprise
Jacqueline Johnson, CISSP, BASELIII certified, ISO27001 Lead
auditor, COBIT certified, TOGAF, ISAE3402/SSAE16 certified,
ITILv3, Head of IT Security, Architecture Unit, Nordea
Jacqueline teaches in COBIT and IT Governance at Copenhagen Business School and has a
background in IT security advising and IT audit.
Nordea (DK)
Risk assessment - Can it be simple and yet sufficient? (231) Tuesday
11.15 - 12.00
Many risk management methods tend to produce lots of detailed information. How useful this information ever can be, major issues
may not get sufficient attention. Should risk management methodologies be revised and the mindset shifted from completeness to
usefulness?
This presentation discusses the risk management methods with a critical perspective and drafts new approaches to risk manage-
ment.
Helvi Salminen, CISA, CISSP, SABSA
Helvi Salminen has worked full-time in information security since June 1990, first as security
analyst and since April 2000 as information security manager. Before starting information secu-
rity tasks she has 12 years experience in systems development.
Cooperation with colleagues is an important asset for security professionals. Helvi is founder
member of Finnish Information Security Association which celebrated its 15th anniversary in
2012. Helvi is qualified CISA (1992), CISSP (1998), SABSA chartered security architect – foun-
dation level (2008) and was one of the first to achieve Master of Security in 2003 Aalto Pro
(Aalto University Professional Development). She has been the program manager of infor-
mation security training in Aalto Pro 2003-2008, and has given presentations in several infor-
mation security seminars.
Gemalto (FI)
PROGRAM 2013 NORDIC CONFERENCE
Cloud Security: Minding the Gap with Socio-Technical Model of
Governance (241)
Tuesday
13.00 - 13.45
Cloud computer requires that organization understand how to document, communicate and control their security requirements –
with great consistency and accuracy – both from a technical, legal and operational perspective.
This presentation will show the empirical and theoretical research results of using naive socio-technical models and how to improve
the gathering of information security requirements.
Stewart Kowalski, Professor Dr. Information Security
Stewart Kowalski is a Professor of Information Security at the Norwegian Information Security
Lab at University College Gjøvik., Norway.
He has over 25 years of industry and academic experience in information security and has
work for a number of large international companies include, Ericsson, Telia Research, Huawei,
Digital and HP and has taught and researched information security at a number of universities,
including the Swedish Royal Institute of Technology (KTH), Stockholm School of Economics,
and Stockholm University.
NISLab (NO)
NISlab is the information security group at Gjøvik University College, and is a part of the Facul-
ty for Computer Science and Media Technology. The group conducts international competitive
research in several areas of information security, supervises Ph.D. research projects in this
field and teaches courses in information security at the Ph.D., M.Sc. and B.Sc. level.
Governance of IT cost… It´s too expensive - where to cut?
(251)
Tuesday
14.00 - 14.45
If you can’t measure it, you can’t change it! This session will give a practical model and tool that describe the IT-cost in a way that
everybody can agree upon! The cost issue is often based on different opinions, where and how to find IT-cost, what is included or
not and who is paying for it. One major player in IT-cost evaluation, have the approach of measuring the “factory”, to establish IT-
costs. The Connecta way is based on the accounting, twisted, to present the IT-cost in views that business accountable managers
and IT-supplier managers can relate too. The model will show what IT-cost areas that are of large size, and as all parties have the
same view, we can decide what area to address first, to cut IT-cost. During the presentation you will see some real cases.
Peter Torngren
Mr. Torngren is specialized in putting theories into good practices in the field of IT-Governance,
CIO-Office and IT-Economics. He has mainly worked for larger organizations in both the private
and the public sector. Mr. Torngren experience spans from people management (Coaching) to
process management (Engineering) as well as from establishing bookkeeping rules
(Controlling) to IT-Value and IT-Finance (Business) analyses. Mr. Torngren has also been en-
gaged as interim manager as CIO and IT-Controller. Mr. Torngren joined Connecta in may
2010 and is based in Stockholm. Mr. Torngren have more than 15 years of experience as a
consultant in his fields
Connecta (SE)
Connecta is a consulting firm that exists to transform the points on management agendas into
reality. To help our clients make a difference in Swedish commerce and the global arena by
delivering inspiration, innovation and high energy. When you choose Connecta, you’re also
choosing a better way to take your process forward. Our combination of strategic business
thinking, technical specialist know-how and the ability to make the transition from words to ac-
tion means more competitive client operations become a reality.
PROGRAM 2013 NORDIC CONFERENCE
Assurance Business continuity management at Volvo IT (122)
Monday
11.15 - 12.00
Business continuity planning is an important part of all deliveries, not at least when it comes to information and IT. This presentation
will show how one big IT supplier, Volvo IT, has thought around BCM. The presentation covers what we work with when it comes to
e.g.: type of plans, scenarios, governing documentation, follow-up and assessments, training and support.
Stefan Karlsson, CISA, CBCP, CRISC, Security Controller
Stefan Karlsson is working as a Security Controller at the Security department at Volvo IT de-
partment at Volvo IT. Stefan has worked for Volvo IT since 2001, but has worked for Volvo Car
Corporation for 13 years before that. Between the Volvo positions, he has also worked for four
years as an IT-security consultant in Sweden.
Stefan is now primarily working with different aspects of Business Continuity Management and
Risk Management/Analyses throughout the Volvo IT organization and upon request for the
Volvo Group. He is also responsible for the security information/awareness and communication
activities within Volvo IT.
Volvo IT (SE)
Risk with Limited Auditing of Cloud Based Application Service
(132)
Monday
13.00 - 13.45
The possibilities and limitations of auditing a cloud based application. This intermediate level presentation contains the definition of
cloud computing, the models of cloud implementation, the challenges and opportunities of cloud computing to the auditor, and the
methods usable in cloud audit.
Markus Leinonen, CISA, CIA
President, ISACA Finland Chapter
KPMG (FI)
PROGRAM 2013 NORDIC CONFERENCE
Cloud Computing, Privacy and Information Security (152) Monday
15.15 - 16.00
Especially the use of independent revisions to ensure an acceptable level of security at the processor (the party offering CC-
services to the controller (the customer)).
Helge Veum, Director, Head of Audit and Security Department
Datatilsynet (NO)
IT’s involvement in the Merger & Acquisition process (142)
Monday
14.00 - 14.45
The general outline of this session will go through the needs for, and results of IT’s involvement in the M&A process. This session
will mostly focus on IT specific pre deal activities, such as IT Due Diligence and the design of the 100-day plan where KPMG will
share experience and “lessons learnt”.
The session will present:
Why is IT important in M&A today?
Risks to the M&A process from an IT perspective.
Presentation of a basic IT-Due Diligence methodology.
Results of pre deal activities and how these link into post deal activities.
The all mighty 100-day plan.
Fredrik Ohlsson, Head of IT Deal Services, CISA, CISM, CRISC,
CISSP
Fredrik has worked in the IT field for more than 15 years and held various roles such as CIO,
CSO, Business manager and consultant. For the past 6 years Fredrik has developed and ac-
tively worked in building the IT Deal Services business. Fredrik annually performs on average
15-20 M&A transactions and has worked for some of the largest transactions in Sweden.
KPMG (SE)
PROGRAM 2013 NORDIC CONFERENCE
Assurance SOX Today and yesterday (222)
Tuesday
10.15 - 11.00
Compliance with Sarbanes Oxley Act (SOX) was a major challenge for some Swedish organizations 2004-2007. Today SOX is not
discussed much and is not seen as a major obstacle. The presentation briefly describes SOX and shows some of the differences in
the approach to implement SOX before and today. We also discuss the benefits of the control framework organizations see that do
not have SOX requirements anymore.
Harald Carlsson, CISA
Harald is an independent internal control consultant currently engaged in project management,
risk management and internal control assignments.
Harald has previously worked for 7 years at Ernst & Young with IT Audit, Service Organization
Control Reports (SAS 70, ISAE 3402) and IT Internal Control.
Carlsson Internal Control Consulting AB (SE)
IT Assurance (232) Tuesday
11.15 - 12.00
Hans Henrik Berthing, CISA, CRISC, CGEIT, CIA, Statsauto-
riseret revisor, IT revisionschef Verifica og membership direc-
tor ISACA, Denmark Chapter, Medlem af FSR’s informat-
ikudvalg
Hans Henrik har mange års erfaring med revision, intern revision, it-revision, it sikkerhed og
tilknyttet rådgivning og assistance. Hans Henrik har stor erfaring med revision af såvel gene-
relle it kontroller som applikations-kontroller. Han formår at tilpasse it og procesrevisionen så
kvaliteten og effektiviteten i den finansielle revision forbedres.
Medlem af FSR’s Informatikudvalg fra 2009. Medlem af bestyrelsen af ISACA 2005-2012, for-
mand 2007-2009 og næstformand fra 2009-2012. Involveret i opdateringen af God IT skik.
Medlem af FSR’s følgegruppe for XBRL rapportering.
I kraft af dette arbejde ajourfører han sin viden om internationale tendenser, standarder og krav
indenfor it-revision, -sikkerhed og –ledelse.
Hans Henrik underviser i revision og valgfag om IT Governance på cand.merc.aud. studiet på
Aalborg Universitet. Han er også brugt som foredragsholder for it risikostyring, -revision og IT
Governance i Danmark og i udlandet, blandt andet på NA CACS og EURO CACS/ISRM. Han
er også instruktør på CISA forberedelseskursus og har udarbejdet internationalt un-
dervisningsmateriale indenfor it-revision.
Verifica (DK)
PROGRAM 2013 NORDIC CONFERENCE
Identity Audit (242)
Tuesday
13.00 - 13.45
As we all know, organizations no longer operate in isolation. Their success depends on a network of partner relationships. Thus,
organizations are often compelled to expose their applications and data to a wider audience, which potentially results to an identity
and access management (IAM) issue. Potential risks include data leaks and privacy law violations.
An identity and access management audit can be the first step to understanding and addressing the aforementioned risk. By meas-
uring and reporting the risk within key applications, it provides a basis from which you can take informed actions to develop identity
and access management in your organization. This presentation further elaborates the goals, methods, and real-life experiences of
identity and access management audits.
Hannu Kasanen, Senior Manager, Enterprise Risk services
Hannu Kasanen is leading the Identity and Access Management (IAM) consultancy within
Deloitte Finland. He has participated in numerous IAM audits and development initiatives over
the years.
Albin Finne Manager, Enterprise Risk Services, CISM, CISA
Albin Finne is responsible for the IAM service line within Deloitte Sweden. He has led several
IAM audits in Sweden during the past year. Albin has previously worked with advisory and im-
plementation services at Deloitte’s IAM centre of excellence in London.
Deloitte (SE & FI)
Deloitte is one of the leading professional services organizations in Finland and Sweden. We
offer our clients a broad range of audit, consulting, financial advisory, risk, and tax services. We
employ over 400 professionals in Finland and 1150 professionals in Sweden.
We are a member of the global Deloitte Touche Tohmatsu Limited (DTTL) group of companies
with approximately 200,000 professionals. With a globally connected network of member firms
in more than 150 countries, Deloitte brings world-class capabilities, our worldwide network of
experts, and deep local expertise to help clients succeed wherever they operate.
Information Security, Reputational risk IT & Business Continui-
ty (252)
Tuesday
14.00 - 14.45
Learn how IBM handles the Big Data from an information security perspective – and how they help their customers find the needle
in the hay-stack, and respond to it.
Kim Aarenstrup, CRISC
Security Industry Leader & Cyber Security Ambassador, IBM Security
Council & Executive Chairman of ISF
Kim Aarenstrup is the former Group CISO of the A.P. Moller – Maersk Group, and has a wealth
of experience in all aspects of information security.
He is also the chairman of the board in The Information Security Forum
(www.securityforum.org)
IBM (DK)
PROGRAM 2013 NORDIC CONFERENCE
Security Big data vs. Great Data (123)
Monday
11.15 - 12.00
80% of the data we have stored today has been produced in the last 18 month from text, video, social media, fridge, your cell
phone…… It will never stop.
How do we cope with all that information in the future? And why should we? Do we need “brakes” or functionality? Do we under-
stand why “Meta-data” is essential in working with Big Data?
The amount of data is not interesting today. It is the structure of the data which are necessary for the use of big data.
Carsten Stenstrøm, CISA, Master in Auditing from Copenhagen
Business School, Copenhagen
27 years in Banking Sector
6 years in Danish Broadcasting
(13 years in System Auditing)
(20 years Information Security)
Radio (DK)
Awareness of information security – High Lights from the Na-
tional Security Month in Norway (133)
Monday
13.00 - 13.45
The presentation will cover the content of National Security Month in 2012, and some plans for the Security Month 2013 in Norway.
NorSIS has during the last two years arranged National Security Month in Norway. In USA, the National Cyber Security Awareness
Month has been arranged since 2003. EU has decided that all EU countries will have National Security Month from 2014.
Tone Hoddø Bakås, CISA, CRISC
Tone Hoddø Bakås, senior adviser at Norwegian Centre for Information Security (NorSIS).
Tone has more than 25 years experience within IT as a system analyst, system developer
and project manager. Since 1999 she has focused om information security. Tone has a master
in information Security from Gjøvik University College, She is Lead Auditor ISO/IEC 27001 from
BSI, and certified CISA and CRISC from ISACA
NorSIS (NO)
NorSIS (Norsk senter for informasjonssikring) is part of Norway’s focus on information security.
Our aim is to make information security a natural part of everyone’s daily life.
Our primary target group is the small and medium sized enterprises as well as the public au-
thorities. We also try to accommodate requests from the public. Our ambition is to provide ser-
vices for every part of the society.
NorSIS will try to reach its objectives through:
Raising awareness about information security through training and information
Compilation and creation of guidelines and tutorials concerning information security topics
Establish an overall awareness towards information security
PROGRAM 2013 NORDIC CONFERENCE
Cloud Storage and Security (153)
Monday
15.15 - 16.00
Cloud storage services like Dropbox are gaining wide spread adoption for file sharing.The reason for this is simple: they provide a
very streamlined user experience for accessing files across multiple devices such as laptops and smart phones and make it very
easy for ordinary users to share files across organisational boundaries.
However, from a security point of view this implies a big challenge, because companies will loose control over their data.
In this talk we will discuss cloud storage, the associated security challenges, and survey different solutions for securing files stored
in the cloud.
Jacob Illeborg Pagter, Head of Research and Innovation,
Security Lab, PhD, CISSP
Jakob's work is focused on creating innovative security solutions which can foster new ideas &
business rather than consolidating old ones. One example of such a solution is the security
architecture behind the GoalRef intelligent football. Another solution is the secure auction sys-
tem of Partisia ApS. He is involved in numerous projects applying novel cryptographic tech-
niques to solve real-world problems (e.g www.abc4trust.eu and www.cfem.dk).
Alexandra Institute (NO)
The Alexandra Institute is a non-profit company that works with application-oriented IT re-
search. The company is located in Aarhus, Denmark, and is recognized by the Danish govern-
ment as an advanced technology provider.
We focus on applied research in computer science and have a proven track record in bridging
the gap between research and industry. We have (among other areas) a focus on IT security
with a particular focus on applied cryptography, and also have strong competencies in cloud
security, where we were the first non-US provider of training for the Cloud Security Alliance’s
certification CCSK.
PCI Overview (143)
Monday
14.00 - 14.45
The presentation includes a short Case Study on how to apply PCI DSS requirements in a shared service provider environment.
What are the biggest challenges? What are the key points that need extra attention?
Mikko Sauranen, Compliance Manager
Mikko Sauranen has over 13 years of experience in IT industry – Compliance management and
Fraud management in particular.
At the moment he is responsible for CGI Finland High IT Security Service concept which is PCI
DSS certified shared IT infrastructure service environment.
CGI (FI)
CGI is a global IT service management company with over 70,000 employees.
PROGRAM 2013 NORDIC CONFERENCE
Security Keeping financial risks controlled by bridging management of
IT services and data center facilities (223)
Tuesday
10.15 - 11.00
Cloud computing with its possibilities of cost efficiencies due to economies of scale is deployed in many organizations today. Risks
still being dealt with are often centered on regulatory compliance, privacy issues and concerns with regards to confidentiality and
access to data. Many security aware organizations focus on private clouds in their own data centers, run by internal staff or out-
sourced under controlled SLAs, rather than going to public cloud operators.
The purpose is to provoke a dialogue around how potential financial benefits of private clouds can be quickly lost if the organization
does not solve the conflict between operating models based on pay-as-you-go for data use, while at the same time keeping costs
for fixed assets and maintenance due to the need for ownership of the physical infrastructure where the private cloud is being run.
The aim is also to demystify the principles of investment processes and criteria for calculating the benefits and costs in order to
align proposed IT investments to the overall imperatives of the organization.
Lucas Cardholm, LLM, MBA, vice president at Coromatic Group
Mr Cardholm, LL.M. and MBA, is a renowned speaker and an international expert in the field of
information security and economics of security investments.
He is appointed as independent expert to the European Commission FP6 and FP7. His works
are published.
Coromatic Group AB (SE)
Case Study: Security in Mobile Banking (233)
Tuesday
11.15 - 12.00
SpareBank 1 Case Study: Security in Mobile Banking: The presentation will give the audience insight into how SpareBank 1 IT-
security contributed to the development of mobile banking services for our customers and our general approach to security in mo-
bile banking. We will tell how our organization learned both from a real security incident and risk assessment and how our involve-
ment improved the relationship to business stakeholders and contributed to their increased knowledge of security issues and securi-
ty risk. The presentation also includes information on how we have addressed mobile banking security in our dialogue with the cus-
tomers.
Mari Grini, CISA, CISSP
Mari Grini (CISA and CISSP) is Manager IT-security at SpareBank 1, one of the largest provid-
ers of financial services in the Norwegian market.
She has worked in IT and telecom since 1994 and has broad experience in security from both
SpareBank 1, since 2007, and the Norwegian Tax Administration.
She also has work experience from Telenor in service development, operations and technical
project management. She is graduated from the Norwegian University of Science and Technol-
ogy in 1994 and holds an Executive Master from the Norwegian Business School (BI).
SpareBank1 (NO)
PROGRAM 2013 NORDIC CONFERENCE
Information mobility vs. Security. Managing a new age of risk
(243)
Tuesday
13.00 - 13.45
A look at the impact of information mobility regarding security risks and issues around data privacy. We will also discuss the chal-
lenges of balancing security requirements for both organizations and customers.
Jana Thorén, CISM
Jana is a security management consultant with a long experience within the security field work-
ing with governance, risk management and internal control around ISO 27001 and other stand-
ards. She has had a wide range of assignments within telecom, financial, public and industry
sector, in several European countries. She is also an experienced lecturer and educator with
high energy and integrity.
Michael Dufva, CISSP
Jon is Corporate Risk Manager at EVRY ASA and responsible for establishing and maintaining
EVRY`s Risk Management efforts across the group.
Jon has been with EVRY since 2005 and held the position as Chief Security Officer at Er-
goGroup.
Secode (SE)
Secode is the leading independent IT security provider in the Nordic region, offering flexible
and cost effective 24/7 managed and security consultant service and technology. With Secode,
you can secure your business and reduce the costs and complexity of achieving the highest
levels of security, efficiency and with policies, regulations and laws.
Cowboys & Indians - How to Secure the Manufacturing For-
tress (253)
Tuesday
14.00 - 14.45
In past years there have been a lot of incidents impacting manufacturing information security followed by a discussion and debate
about related threats.
Even though discussion is highly focused on SCADA and technical simple solutions – there still seems to be a misunderstanding
about how it is done holistically and failure to protect the image of the manufacturing companies.
We have seen that the mobile industry is increasingly one of the most interesting fields for the “bad guys”. So how is IT security
handled efficiently in manufacturing industry?
In this talk Jukka Nyman will give an insight for this topic by using real life examples how one of the major mobile device manufac-
turers has been able to avoid the pitfalls of cost-effective production requirements and downsized security requirements.
Jukka Nyman, Director, CISM
Jukka Nyman is a director and a partner at Invisian Ltd. He has more than 15 years of experi-
ence in IT field and has been specializing in IT risk management, IT governance and infor-
mation security.
In the past he has been an Information security auditor, Technical lead, Managing a global
information security project for manufacturing environments and developing new products for
Invisian as a Director.
Currently he is leading information security management professionals in both national and
global projects.
Invisian Ltd (FI)
PROGRAM 2013 NORDIC CONFERENCE
Risk Big data vs. Great Data (123)
Monday
11.15 - 12.00
80% of the data we have stored today has been produced in the last 18 month from text, video, social media, fridge, your cell
phone…… It will never stop.
How do we cope with all that information in the future? And why should we? Do we need “brakes” or functionality? Do we under-
stand why “Meta-data” is essential in working with Big Data?
The amount of data is not interesting today. It is the structure of the data which are necessary for the use of big data.
Carsten Stenstrøm, CISA, Master in Auditing from Copenhagen
Business School, Copenhagen
27 years in Banking Sector
6 years in Danish Broadcasting
(13 years in System Auditing)
(20 years Information Security)
Radio (DK)
Risk with Limited Auditing of Cloud Based Application Service
(132)
Monday
13.00 - 13.45
The possibilities and limitations of auditing a cloud based application. This intermediate level presentation contains the definition of
cloud computing, the models of cloud implementation, the challenges and opportunities of cloud computing to the auditor, and the
methods usable in cloud audit.
Markus Leinonen, CISA, CIA
President, ISACA Finland Chapter
KPMG (FI)
PROGRAM 2013 NORDIC CONFERENCE
Implementing a Risk Mgmt Framework with a GRC Tool (141)
Monday
14.00 - 14.45
During the last couple of years EVRY, which is one of the largest IT services company in the Nordic region, has worked on renew-
ing their risk management framework. We will share our experience from the process, as well as giving you an insight into Norway’s
first Archer GRC tool implementation, and how the use of a tool can help your organization.
Magnus Felde, Information Security Consultant, MSc Infor-
mation Security, CISSP (Associate), GCIH
Magnus has a master degree in information security from Gjøvik University College, and has
since 2011 worked in mnemonic’s Governance, Risk & Compliance department. He is respon-
sible for the GRC tool service at mnemonic, and has been central in the implementation of Nor-
way’s first Archer implementation.
mnemonic (NO)
Mnemonic is the leading independent provider of IT security professional services and 24x7
managed security services in the Nordics. Our scale, expertise, flexibility and agility, enables
our enterprise customers to protect their businesses by deploying products and services from
our portfolio that covers the entire information security lifecycle
Jon Hofstad, Corporate Risk Manager, CISSP
Jon is Corporate Risk Manager at EVRY ASA and responsible for establishing and maintaining
EVRY`s Risk Management efforts across the group.
Jon has been with EVRY since 2005 and held the position as Chief Security Officer at Er-
goGroup.
EVRY (NO)
EVRY is the largest IT company in Norway and the second largest IT services company in the
Nordic region. With 10,000 employees, EVRY delivers daily IT services from 50 Nordic towns
and cities for more than 14,000 public and private sector customers. EVRY is the product of
the largest-ever Nordic IT merger built on the foundation of the merger in 2010 of Norway's two
largest IT companies, EDB and ErgoGroup.
Why Traditional Information Security Governance Approaches
No Longer Work… and how to establish better mechanisms
(151)
Monday
15.15 - 16.00
IT becomes more complex every day – proven by trends like cloud services, outsourcing, and information mobility. Traditional top-
down information security governance models fail to handle these challenges. Security professionals often approach this with an
audit-inspired perspective. Instead – copy the approach used by every finance department! The methods are there - only the tools
are missing.
Bengt Berg, M.Sc, CISM, CISSP, QSA
Bengt works for Cybercom (www.cybercom.com) in Sweden as Head of Compliance Manage-
ment Services. Bengt has spent almost 20 years in the IS/IT security business, and today fo-
cuses at security governance issues as well as security and risk in the payment card industry.
Cybercom (SE)
PROGRAM 2013 NORDIC CONFERENCE
Risk Keeping financial risks controlled by bridging management of
IT services and data center facilities (223)
Tuesday
10.15 - 11.00
Cloud computing with its possibilities of cost efficiencies due to economies of scale is deployed in many organizations today. Risks
still being dealt with are often centered on regulatory compliance, privacy issues and concerns with regards to confidentiality and
access to data. Many security aware organizations focus on private clouds in their own data centers, run by internal staff or out-
sourced under controlled SLAs, rather than going to public cloud operators.
The purpose is to provoke a dialogue around how potential financial benefits of private clouds can be quickly lost if the organization
does not solve the conflict between operating models based on pay-as-you-go for data use, while at the same time keeping costs
for fixed assets and maintenance due to the need for ownership of the physical infrastructure where the private cloud is being run.
The aim is also to demystify the principles of investment processes and criteria for calculating the benefits and costs in order to
align proposed IT investments to the overall imperatives of the organization.
Lucas Cardholm, LLM, MBA, vice president at Coromatic Group
Mr Cardholm, LL.M. and MBA, is a renowned speaker and an international expert in the field of
information security and economics of security investments.
He is appointed as independent expert to the European Commission FP6 and FP7. His works
are published.
Coromatic Group AB (SE)
Risk assessment - Can it be simple and yet sufficient? (231) Tuesday
11.15 - 12.00
Many risk management methods tend to produce lots of detailed information. How useful this information ever can be, major issues
may not get sufficient attention. Should risk management methodologies be revised and the mindset shifted from completeness to
usefulness?
This presentation discusses the risk management methods with a critical perspective and drafts new approaches to risk manage-
ment.
Helvi Salminen, CISA, CISSP, SABSA
Helvi Salminen has worked full-time in information security since June 1990, first as security
analyst and since April 2000 as information security manager. Before starting information secu-
rity tasks she has 12 years experience in systems development.
Cooperation with colleagues is an important asset for security professionals. Helvi is founder
member of Finnish Information Security Association which celebrated its 15th anniversary in
2012. Helvi is qualified CISA (1992), CISSP (1998), SABSA chartered security architect – foun-
dation level (2008) and was one of the first to achieve Master of Security in 2003 Aalto Pro
(Aalto University Professional Development). She has been the program manager of infor-
mation security training in Aalto Pro 2003-2008, and has given presentations in several infor-
mation security seminars.
Gemalto (FI)
PROGRAM 2013 NORDIC CONFERENCE
Information mobility vs. Security. Managing a new age of risk
(243)
Tuesday
13.00 - 13.45
A look at the impact of information mobility regarding security risks and issues around data privacy. We will also discuss the chal-
lenges of balancing security requirements for both organizations and customers.
Jana Thorén, CISM
Jana is a security management consultant with a long experience within the security field work-
ing with governance, risk management and internal control around ISO 27001 and other stand-
ards. She has had a wide range of assignments within telecom, financial, public and industry
sector, in several European countries. She is also an experienced lecturer and educator with
high energy and integrity.
Michael Dufva, CISSP
Jon is Corporate Risk Manager at EVRY ASA and responsible for establishing and maintaining
EVRY`s Risk Management efforts across the group.
Jon has been with EVRY since 2005 and held the position as Chief Security Officer at Er-
goGroup.
Secode (SE)
Secode is the leading independent IT security provider in the Nordic region, offering flexible
and cost effective 24/7 managed and security consultant service and technology. With Secode,
you can secure your business and reduce the costs and complexity of achieving the highest
levels of security, efficiency and with policies, regulations and laws.
Governance of IT cost… It´s too expensive - where to cut?
(251)
Tuesday
14.00 - 14.45
If you can’t measure it, you can’t change it! This session will give a practical model and tool that describe the IT-cost in a way that
everybody can agree upon! The cost issue is often based on different opinions, where and how to find IT-cost, what is included or
not and who is paying for it. One major player in IT-cost evaluation, have the approach of measuring the “factory”, to establish IT-
costs. The Connecta way is based on the accounting, twisted, to present the IT-cost in views that business accountable managers
and IT-supplier managers can relate too. The model will show what IT-cost areas that are of large size, and as all parties have the
same view, we can decide what area to address first, to cut IT-cost. During the presentation you will see some real cases.
Peter Torngren
Mr. Torngren is specialized in putting theories into good practices in the field of IT-Governance,
CIO-Office and IT-Economics. He has mainly worked for larger organizations in both the private
and the public sector. Mr. Torngren experience spans from people management (Coaching) to
process management (Engineering) as well as from establishing bookkeeping rules
(Controlling) to IT-Value and IT-Finance (Business) analyses. Mr. Torngren has also been en-
gaged as interim manager as CIO and IT-Controller. Mr. Torngren joined Connecta in may
2010 and is based in Stockholm. Mr. Torngren have more than 15 years of experience as a
consultant in his fields
Connecta (SE)
Connecta is a consulting firm that exists to transform the points on management agendas into
reality. To help our clients make a difference in Swedish commerce and the global arena by
delivering inspiration, innovation and high energy. When you choose Connecta, you’re also
choosing a better way to take your process forward. Our combination of strategic business
thinking, technical specialist know-how and the ability to make the transition from words to ac-
tion means more competitive client operations become a reality.
PROGRAM 2013 NORDIC CONFERENCE
Sponsors DELL GOLD
Dell Inc. (NASDAQ: DELL) listens to customers and delivers innovative technology and ser-
vices that give them the power to do more. Quest, now a part of Dell’s Software Group, pro-
vides simple and innovative IT management solutions that enable more than 100,000 global
customers to save time and money across physical and virtual environments. Quest products
solve complex IT challenges -- from database management, data protection, and identity and
access management, to monitoring, user workspace management and Windows Server man-
agement. For more information, visit http://www.quest.com or http://www.dell.com.
Quest One Identity Solutions: A real-world approach to IAM
Quest One Identity Solutions offer a real-world approach to IAM – business focused, integrated
with current investments, deployed quickly for fast ROI and flexible enough to meet future secu-
rity and compliance needs. Unlike traditional framework solutions, our modular, integrated ap-
proach is perfectly optimized to meet today’s access governance, privileged account manage-
ment, user activity monitoring and identity administration needs.
With Quest One Identity Solutions from Dell you will be able to reduce the complexity, cost and
risk of managing identities and controlling access to increase compliance, security and efficien-
cy.
Connecta GOLD
Connecta is a consulting firm that exists to transform the points on management agendas into
reality. To help our clients make a difference in Swedish commerce and the global arena by
delivering inspiration, innovation and high energy. When you choose Connecta, you’re also
choosing a better way to take your process forward. Our combination of strategic business
thinking, technical specialist know-how and the ability to make the transition from words to ac-
EMC/RSA SILVER
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance
management solutions for business acceleration. We help the world’s leading organizations
(including 90 percent of the Fortune 500) succeed by solving their most complex and sensitive
security challenges. These challenges include managing organizational risk, safeguarding mo-
bile access and collaboration, providing compliance and securing virtual and cloud environ-
RSA Archer eGRC modules allow you to build an efficient, collaborative enterprise governance,
risk, and compliance (eGRC) program across IT, finance, operations, and legal domains. With
RSA Archer, you can manage risks, demonstrate compliance, and automate business process-
PROGRAM 2013 NORDIC CONFERENCE
Sigma SILVER
IT Governance is one of the main service areas within Sigma IT & management, where we have consultants certified by CGEIT. During a long time we have delivered services in the area of governance and management of IT to several companies and organizations. We are convinced that top management in an organization must be engaged in and take responsi-bility for these questions. People and systems are getting more and more mobile and the demand for working IT-solutions is increasing. At the same time this also creates an extend-ed vulnerability.
We join ISACA’s conferences to learn and take part of others thoughts and knowledge and
of course to share our experiences. We believe that we will become an even better vendor
and partner for our customers by being a part of ISACA.
Amentor SILVER
Amentor is one of the leading professional services suppliers in Sweden within the areas of information
security, IT audit, IT risk management and IT advisory. Within our organisation you’ll find all the
knowledge and experience necessary to eliminate the IT risks and maximize the business value
of your IT investments and thereby secure the growth and future development of the organisation.
Most of our consultants hold at least one security certification (CISA, CISM, CISSP, CGEIT, QSA) and
all have deep knowledge about the internationally accepted security standards and IT frameworks such
as PCI-DSS, ISO27000, ISO38500, ITIL, COSO, Common Criteria and CobiT. Our consultants also
have extensive experience from managing large regulatory compliance projects (Sox, PCI etc.)
CIO Sweden MEDIA
Reach the IT strategists in Sweden in their own forum
CIO Sweden is a completely unique marketing channel if you want to get in touch with the hottest tar-
get group in Swedish IT.
In all the channels: in the exclusive monthly magazine, at our focused web site and at our popular sem-
inars and in-depth round table discussions - we offer a tailored meeting with Swedish CIOs.
Our target group isn't the largest, but many times around the most important. You will definitely meet
them here.
The annual CIO sourcing event
Global Sourcing 2013: How should you outsource, to whom and what.
What sourcing experiences do other companies have? What are the future sourcing models?
What should you consider before signing a sourcing contract? What are the consequences if some-
thing goes wrong?
And how do you get global teams with different cultures to work together?
We answer theese question at CIO Global Sourcing, May 15th - A conference on how to contract,
manage and organize sourcing.
There are constantly new challenges and we highlight them - and the solutions. Our goal is that you
leave the event with new knowledge and lessons learned,
to help you make better decisions in your professional role.
Go to the registration page and read more. (in swedish) www.cio.se/globalsourcing2013
PROGRAM 2013 NORDIC CONFERENCE
Pre-conference sessions
On Sunday the 21st of April there will be pre-conference ses-sions held by Cloud Security Alliance Sweden (CSA Sweden). The recommended price for the pre-conference sessions is 150 Euro. The price might vary depending on chapter sponsor-ship, packing, taxes and similar aspects.
14.30-14:50 Pre Conference Session registration and coffee
14.50-15:00 Introduction by by CSA Sweden President
15.00-15.45 Aspects to consider within information securi-ty during procurement and use of cloud services
16.00-16.45 Federation and Cloud in practice (Demonstration)
17.00-17.45 Company talks about their reasoning concern-ing security and cloud services
Post-conference CISA and CISM review
seminars
Directly after the conference, on the 24th of April, there will start a two-day CISM review seminar and a three-day CISA review seminar. As in recent years, the seminars will be led by local experienced CISA's and CISM’s and will mainly focus on the aspects of the exam that have been most challenging in the past. To enable non-Swedish speakers to attend the seminar-is, the language will be English unless all attendees speak Swedish. The location is Ernst & Young's facilities in central Stockholm. Information regarding registration etc. will be avail-able at nordic.isaca.se.
CISA and CISM exams For information on how to register for the exam go to www.isaca.org/cisa or www.isaca.org/cism. Final Registration Deadline for the exam is the 12th of April 2013.
Review seminars contents
The following areas are included in the CISA seminar:
The IS Audit Process
IT Governance
Systems and Infrastructure Lifecycle Management
IT Service Delivery and Support
Protection of Information Assets
Business Continuity and Disaster Recovery
The CISA Review Manual and the CISA Practice Question Database (cd-rom) are included in the seminar fee. Handed out on the first day of the seminar.
The following areas are included in the CISM seminar:
Information Security Governance
Information Risk Management
Information Security Program Development
Information Security Program Management
Incident Management and Response
The CISM Review Manual and the CISM Practice Question Database (cd-rom) are included in the seminar fee. Handed out on the first day of the seminar.
CISA and CISM review seminars fees
The fee for attending the CISA review seminar is 12 000 SEK + VAT for ISACA members and 15 000 SEK +VAT for non-members.
The fee for attending the CISM review seminar is 8 000 SEK + VAT for ISACA members and 10 000 SEK + VAT for non-members.
Become a member today and get the member discount for the
seminar at www.isaca.org/join
You can find the most up-to-date program and more information at
nordic.isaca.se