isaca 2013 conference big data

GOLD SPONSORS

SILVER SPONSORS

PROGRAM 2013 NORDIC CONFERENCE

Welcome to the

ISACA 2013

NORDIC

CONFERENCE

in Stockholm from the 22nd to the 23th of April 2013.

Cloud Information mobility

Social Media

Big Data Data privacy

MEDIA SPONSOR

For the the most

up-to-date program go to

nordic.isaca.se

ISACA 2013 Nordic Conference

This is the program for the ISACA 2013 Nordic Conference. The premier conference for audit, information security and risk management in the Nordic countries. The Conference takes place the 22nd to the 23th of April 2013 in Stockholm.

Content

The conference is dedicated to presenting topics and educa-tional tracks with a unique perspective. Each track will have a blend of technical and managerial topics that will enhance the learning experience and actively motivate and challenge the way you work.

The focus areas for the 2013 conference are:

Cloud,

Information Mobility,

Social Media,

Big Data and

Data privacy.

The conference has the following tracks:

IT Governance,

IT Assurance and

IT and Information Security.

There is also a virtual track about risk built from the three par-allel tracks. There are 24 track sessions and 4 keynote/guest speaker sessions.

Target audience

The conference target audience is IT professionals, Infor-mation security professionals, IT Audit professionals, IT Gov-ernance professionals, Information security managers, Infor-mation security professionals, Assurance professionals, Sen-ior and executive managers, CIOs, CISOs and other members of the C-suite.

Background

For the last four years there has been a Scandinavian ISACA conference that has rotated between Denmark, Norway and Sweden. The 2012 Scandinavian conference took place in Denmark.

In 2013 the conference is upgraded to a Nordic Conference as Finland provides speakers and participants. All presentations are in English.

Questions

If you have any questions please contact [email protected]

Version

This is the second version of the program, released on the 20th of April 2013.

Location

Hilton Stockholm Slussen Hotel, Guldgränd 4, Stockholm,

Sweden. Map: http://goo.gl/maps/1iiRJ

If you need a hotel room during the conference reserve your room at the ISACA Hilton website http://www.hilton.com/en/hi/groups/personalized/S/STOSLHI-GISAA-20130422/index.jhtml or call +46 8 517 353 10 +46 8 517 353 10 GRATIS , mention ISACA when you talk to them.

Transport

The Hilton Stockholm Slussen Hotel, is located in the city cen-

ter of Stockholm. The closet Metro station is Slussen.

If you come to Stockholm by air you can take an airport bus, or

train if you come to Arlanda airport, to the city center of Stock-

holm. You will then arrive close to Stockholm Central Station.

From the Stockholm Central station you can take the metro to

Slussen or walk, there is just a 20 minutes walk to the hotel.

Organizing Chapters

The ISACA 2013 Nordic conference is organized by the ISACA chapters in Denmark, Finland, Norway and Sweden.


mailto:[email protected]

http://goo.gl/maps/1iiRJ

http://www.hilton.com/en/hi/groups/personalized/S/STOSLHI-GISAA-20130422/index.jhtml

http://www.hilton.com/en/hi/groups/personalized/S/STOSLHI-GISAA-20130422/index.jhtml

http://www.isaca.dk/

http://www.isaca.fi/

http://www.isaca.no/

http://www.isaca.se/


Registration

The recommended early bird fee for attending the conference is 750 Euro for ISACA members and 995 Euro for non-members if you register no later than the 22th of March 2013.

From the 23rd of March the recommended fee for attending is 850 Euro for ISACA members and 1 095 Euro for non-members.

You should register at the chapter website of your country to get the correct pr ice in local currencies; the price might vary depending on chapter sponsorship, pack-ing, taxes and similar aspects. So...

...If you live in Denmark go to www.isaca.dk.

...if you live in Finland go to www.isaca.fi.

...if you live in Norway go to www.isaca.no.

...if you live in Sweden or any other country go to www.isaca.se.

Last day for registration is April the 15th 2013.

Your registration fee includes:

Attendance at the conference for 2 days

Access to the Exhibitors hall

An opportunity to earn up to 13 continuing professional

education (CPE) credit hours

Morning and afternoon coffee/tea breaks

Complimentary lunches on Monday 22nd and Tuesday 23th

of April.

An evening event and dinner on Monday 22nd of April.

Become a member today and get the member discount for the

conference at www.isaca.org/join

Please remember to also reserve a hotel room at Hilton Stock-

holm Slussen Hotel, Guldgränd 4, Stockholm, Sweden.

CPE

Anyone that wants to maintain the ISACA certifications: Certi-

fied Information Systems Auditors (CISA), Certified Information

Security Manager (CISM), Certified in the Governance of En-

terprise IT (CGEIT), Certified in Risk and Information Systems

Control (CRISC) must attain and report an annual minimum

of twenty (20) CPE hours and Attain and report a minimum of

one hundred and twenty (120) CPE hours for a three-year re-

porting period.

Attendees earn up to 13 CPE credits by attending the ISACA

2013 Nordic Conference.

Disclaimer

The information in this brochure is correct at the time of print-

ing. ISACA reserves the right to alter or delete items from the

program in the event of unforeseen circumstances. Material

has been prepared for the professional development of ISACA

members and others in the IT audit, control, security and gov-

ernance community.

Neither the presenters nor ISACA can warrant that the use of

material presented will be adequate to discharge the legal or

professional liability of the members in the conduct of their

practices. All materials used in the preparation and delivery of

presentations on behalf of ISACA are original materials creat-

ed by the speakers, or otherwise are materials which the

speakers have all rights and authority to use and/or reproduce

in connection with such presentation and to grant the rights to

ISACA as set forth in speaker agreement.

Subject to the rights granted in the speaker agreement, all

applicable copyrights, trade secrets, and other intellectual

property rights in the materials are and remain with the speak-

ers.

Please note: unauthorized recording, in any form, of presenta-

tions and workshops is prohibited.

http://isaca.dk/activityView.asp?page=34&id=180&getString=page%3D33%26amp%3Bct%3D1

http://www.isaca.fi

http://www.isaca.no

http://www.isaca.se

http://www.isaca.org/join


Monday the 22nd of April

Time Governance Assurance Security

09.00 - 10.00 Registration is Open, Networking & Exhibition

10.00 - 10.15 Welcome and Opening Speaker: Peter Lind, President ISACA Sweden Chapter

10.15 - 11.00 Key Note Speaker: Marc Vael, ISACA International Vice-President (110)

11.00 - 11.15 Short Break, Networking & Exhibition

11.15 - 12.00 Leading the Information Security

Mind-set (121)

Markku Kaskenmaa, CISA,

CISM, Invisian Ltd (FI)

Business continuity management

at Volvo IT(122)

Stefan Karlsson, CISA, CBCP,

CRISC, Volvo IT (SE)

Big data vs. Great Data

(123)

Carsten Stenstrøm, CISA, Dan-

marks Radio (DK)

12.00 - 13.00 Lunch, Networking & Exhibition

13.00 - 13.45 Enterprise Risk Management –

Bridging the gap between IT

Risks and IT Security Technology

(131)

Marc Solis, Dell (DK)

Risk with Limited Auditing of

Cloud Based Application Service

(132)

Markus Leinonen, CISA, CIA,

KPMG (FI)

Awareness of information security

– Highlights from the National

Security Month in Norway (133)

Tone Hoddø Bakås, CISA,

CRISC, Norsis (NO)


14.00 - 14.45 Implementing a Risk Mgmt

Framework with a GRC Tool

(141)

Magnus Felde, CISSP

(Associate), GCIH, Mnemonic

(NO) and Jon Hofstad, CISSP,

EVRY (NO)

IT’s Involvement in the Merger &

Acquisition Process (142)

Fredrik Ohlsson, CISA, CISM,

CRISC och CISSP, KPMG (SE)

PCI Overview (143)

Mikko Sauranen, CGI (FI)

14.45 - 15.15 Break, Networking & Exhibition

15.15 - 16.00 Why Traditional Information Se-

curity Governance Approaches

No Longer Work… and how to

establish better mechanism (151

Bengt Berg, CISM, CISSP, QSA,

Cybercom (SE)

Cloud Computing, Privacy and

Information Security (152)

Helge Veum, Director, Datatil-

synet (NO)

Cloud Storage and Security (153)

Jacob Illeborg Pagter, CISSP,

Alexandra Institute (DK)


16.15 - 17.00 Key Note speaker: Björn Gustafson, Manager Information Security, Stockholm Stad (160)

17.00 - 17.15 Summary Day 1 - Evening Program & Logistics

17.15 - 17.30 Short Break

Break, Hotel Registration, Networking & Exhibition 17.30 - 18.15 ISACA Sweden Chapter Annual

meeting

18.15 - 19.00 Break

19.00 - 19.15 Gather in the hotel lobby, important to be in the lobby before 19:15!

19:15 - 19:30 We take a short walk together to The Evening Event.

19.30 - 23:00 The Evening Event and Dinner

If you want follow the virtual risk track you should go to sessions with dotted background.


Tuesday the 23th of April

Time Governance Assurance Security

08.00 - 09.00 Registration is Open, Networking & Exhibition

09.00 - 09.45 Key Note Speaker: Philip Aldrich, CISSP, CISM, CRISC, CIPP, CISA (210)

09.45 - 10.15 Break, Networking and Exhibition

10.15 - 11.00 COBIT 5 for Information Security

(221)

Jacqueline Johnson, CISSP,

Nordea (DK)

SOX Today and yesterday (222)

Harald Carlsson, Carlsson Internal

Control Consulting AB (SE)

Keeping financial risks controlled

by bridging management of IT

services and data centre facilities

(223)

Lucas Cardholm, LLM, MBA ,

Coromatic AB (SE)


11.15 - 12.00 Risk assessment - Can it be simple

and yet sufficient? (231)

Helvi Salminen, CISA, CISSP,

SABSA, Gemalto (FI)

IT Assurance (232)

Hans Henrik Berthing, Verifica

(DK)

Case Study: Security in Mobile

Banking (233)

Mari Grini, CISA, CISSP Spare-

Bank1 (NO)

12.00 - 13.00 Lunch, Networking & Exhibition

13.00 - 13.45 Cloud Security: Minding the Gap

with Socio-Technical Model of Gov-

ernance (241)

Stewart Kowalski, NISLab (NO)

Identity Audit (242)

Hannu Kasanen, Albin Finne,

Deloitte & Touche (FI)

Information mobility vs. Security.

Managing a new age of risk (243)

Jana Thorén and Michael Duva,

CISSP, Secode (SE)


14.00 - 14.45 Governance of IT cost…It´s too

expensive - where to cut? (251)

Peter Torngren Connecta (SE)

Information Security, Reputational

risk IT & Business Continuity

(252)

Kim Aarenstrup, CISA IBM (DK)

Cowboys & Indians - How to Se-

cure the Manufacturing Fortress

(253)

Jukka Nyman, CISM, Invisian Ltd

(FI)

14.45 - 15.15 Break, Networking and Exhibition

15.15 - 16.00 Key Note Speakers: Christian Brosstad, VP and Mari Grini, CISA, CISSP, SpareBank1, Norge (260)

16.00 - 16.15 Summary Day 2 - Conference Closure: Peter Lind, President ISACA Sweden Chapter

If you want follow the virtual risk track you should go to sessions with dotted background.


Keynote Key Note: Global IT trends impacting the IT audit, information

security and IT risk professional (110)

Monday

10.15-11-00

In his multimedia presentation, Marc Vael will present the results from his study on the global IT trends impacting the role of the IT

auditor, the information security professional and the IT risk professional in the coming 5 years. The presentation will leave ideas

on focus and approaches for the near future.

Marc Vael, ISACA International vice-president, President ISA-

CA Belgium Chapter, CISA, CISM, CGEIT, CRISC, CISSP, ITIL,

Prince2

Marc has three Master’s degrees (Applied Economics, Information Management and IT Man-

agement) In1995 Marc started the IT audit department at Arthur Andersen Belgium. In 2002,

Marc became director at KPMG Advisory Belgium, and was also national CISO and Data Pro-

tection Officer until 2007. Currently Marc is Chief Audit Executive at Smals, a Belgian IT com-

pany with more than 1800 emploees working primarily for Belgian Federal Social Security Insti-

tutions.

Marc has 20 years of experience in evaluating, designing, implementing and monitoring solu-

tions on risk and information security management, incident and business continuity manage-

ment, data protection/privacy, and IT audit.

An ISACA member for more than 15 years, Marc Vael is international vice-president of ISACA,

chair of ISACA’s Cloud Computing Task Force, chair of the Knowledge Board and member of

the Strategic Advisory Council of ISACA. Since 2012 .Marc is also president of the ISACA Bel-

gium Chapter. Marc Vael is a visiting lecturer at Antwerp Management School since 1997 and

at Solvay Brussels School since 2004. Marc is a deputy member of the Flemish Privacy Com-

mission since 2010. Since 2012 Marc Vael is member of the ENISA Permanent Stakeholder

Group.

ISACA Belgium Chapter

The ISACA Belgium Chapter is with more than 800 members one of the largest ISACA chap-

ters in Europe.

Key Note: Information classification, one piece of the puzzle

(160)

Monday

16.15 - 17:00

One of the most viral activities within information security is information classification. This presentation describes how the city of

Stockholm handles the issue. One of the most viral activities within information security is information classification. This presenta-

tion describes how the city of Stockholm handles the issue.

Björn Gustafson, Manager Information Security

Bjorn has worked with security issues more than fifteen year. Bjorn started out as a military

officer within the Swedish armed forces and worked 10 year as chief security officer and chief

information security officer. For the past five years he has worked as CISO at the executive

office at city of Stockholm.

Stockholm Stad

Stockholm city is one of Sweden’s largest employers with more than 40 000 employees. Day-to

-day operations are carried out by the City’s 31 administrations and 26 companies


Key Note: Social Media – a Corporate Love Affair or Just a

Nightmare? (260)

Tuesday

15:15– 16:00

The presentation will give the audience insight into business possibilities in social media and examples of how social media can be

used in i.e. marketing, customer dialogue and crisis management. It will give insights into how SpareBank 1 has turned incidents in

social media into positive reactions in the public opinion. The presentation will also cover SpareBank 1s perception of threats in

social media and how we worked together to understand and address them. The presentation will give the audience insight into

business possibilities in social media and examples of how social media can be used in i.e. marketing, customer dialogue and crisis

management. It will give insights into how SpareBank 1 has turned incidents in social media into positive reactions in the public

opinion. The presentation will also cover SpareBank 1s perception of threats in social media and how we worked together to under-

stand and address them.

Christian Brosstad, VP

Christian Brosstad is Director of Communications and head of Social Media in SpareBank 1,

public speaker and blogger

Mari Grini, CISA, CISSP

Mari Grini (CISA and CISSP) is Manager IT-security at SpareBank 1, one of the largest provid-

ers of financial services in the Norwegian market.

She has worked in IT and telecom since 1994 and has broad experience in security from both

SpareBank 1, since 2007, and the Norwegian Tax Administration.

She also has work experience from Telenor in service development, operations and technical

project management. She is graduated from the Norwegian University of Science and Technol-

ogy in 1994 and holds an Executive Master from the Norwegian Business School (BI).

SpareBank1

Business Context: The Key for successful Risk Management -

Cobit5 (210)

Tuesday

09.00 - 09.45

Do you feel confident you’ve identified all of your organization’s assets (processes, infrastructure, data, etc.) according to business

priority? If not, you are probably wasting valuable time and resources managing non-critical events and setting yourself up for a

potential disaster.

As risk professionals attempt to navigate their organizations safely through today’s threat landscape, they are constantly buffeted by

waves of information and new sources of potential risk. Keeping an organization away from hidden reefs and forecasted storms is

increasingly difficult and complex. As teams attempt to manage sheer volumes of data from a variety of security tools, incidents,

compliance requirements, etc. they find a majority of the gathered information is irrelevant. Teams struggle to identify true risks in a

sea of non-critical events. Business context can be the rudder to keep risk prioritization activities on course.

Philip Aldrich, CISSP, CISM, CRISC, CIPP, CISA, Program Direc-

tor, Risk Management

Currently, Phil Aldrich is responsible for the enterprise Governance, Risk and Compliance

(GRC) program development and implementation at EMC. He reports directly into EMC’s Chief

Risk Officer (CRO) and coordinates GRC activities with a variety of internal teams such as

internal audit, information security, business continuity, product security, CIRC and operational

risk management. Previously, Phil was responsible for the product strategy and development

for the RSA Archer EGRC Suite at RSA. Prior to joining EMC/RSA he managed Information

Security globally for a Fortune 500 company and implemented an enterprise wide GRC pro-

gram. Phil graduated from the United States Military Academy at West Point, commissioned as

a helicopter aviation officer and served most of his time overseas.

EMC/RSA


Governance Leading the Information Security Mind-set (121)

Monday

11.15 - 12.00

In the course of leading the information security in the organizations we have to define what the word “lead” means to the organiza-

tion. We have learned that just managing the security practices, such as policy and promoting the security awareness, may not

bring the essential results. We need to stop and ask ourselves what is the security mind-set in the organization and how it is linked

to the culture and values of the organization. We need to focus more in becoming better leaders beside nurture the knowledge of

new threats and technical solutions. In this presentation Markku Kaskenmaa will challenge the security professionals to focus more

on the leadership within the information security programs.

Markku Kaskenmaa, CISA, CISM, Six Sigma Greenbelt certified

Markku Kaskenmaa is a director and a lead consultant at Invisian Ltd.’s consultancy practice.

He has more than 12 years of experience in the IT field and has been specializing in IT risk

management, IT governance and information security.

In the past he has been in positions of Security and Privacy Services leader in one of the big 4

companies, a chief technical officer for one of the leading information security companies in the

Nordics and a director of security in a challenging and fast paced global online company with

an overall responsibility of security practices globally.

Currently he is leading information security management professionals in both national and

global projects. He is also a board member in ISACA Finland chapter, acting in roles of interna-

tional coordination and research director.

Invisian Ltd (FI)

Invisian Ltd. is a private company established in 2004 focusing on high quality IT services. In-

visian operates throughout Finland and also in customer projects globally.

Enterprise Risk Management – Bridging the gap between IT

Risks and IT Security Technology (131)

Monday

13.00 - 13.45

Identity Access Management has traditionally been a simplistic approach of either allowing or declining access and entitlements.

Our customer projects are increasingly moving towards an IT-Risk approach where the context becomes more important.

A context based approach better represent the actual IT-Risk management of user access and entitlements. Typical issues around

the context would be issues around Mobility, Geo-location, Authentication strength, cumulative Risk-Scores.

This presentation is based upon the international experiences of Dell Software Group and introduces you to our best practice ap-

proach within Identity & Access Management.

Marc Solis, MSc.Econ, Security Sales Specialist Nordics

Marc Solis comes with 15 years of experience from the IT Security software industry. The main

objective has been bridging the gap between Security Technology and IT Risk Management in

the well-known triage of People-Processes-Technology.

DELL

For more than 28 years, Dell has empowered countries, communities, customers and people

everywhere to use technology to realize their dreams. Customers trust us to deliver technology

solutions that help them do and achieve more, whether they're at home, work, school or any-

where in their world.


Implementing a Risk Mgmt Framework with a GRC Tool (141)

Monday

14.00 - 14.45

During the last couple of years EVRY, which is one of the largest IT services company in the Nordic region, has worked on renew-

ing their risk management framework. We will share our experience from the process, as well as giving you an insight into Norway’s

first Archer GRC tool implementation, and how the use of a tool can help your organization.

Magnus Felde, Information Security Consultant, MSc Infor-

mation Security, CISSP (Associate), GCIH

Magnus has a master degree in information security from Gjøvik University College, and has

since 2011 worked in mnemonic’s Governance, Risk & Compliance department. He is respon-

sible for the GRC tool service at mnemonic, and has been central in the implementation of Nor-

way’s first Archer implementation.

mnemonic (NO)

Mnemonic is the leading independent provider of IT security professional services and 24x7

managed security services in the Nordics. Our scale, expertise, flexibility and agility, enables

our enterprise customers to protect their businesses by deploying products and services from

our portfolio that covers the entire information security lifecycle

Jon Hofstad, Corporate Risk Manager, CISSP

Jon is Corporate Risk Manager at EVRY ASA and responsible for establishing and maintaining

EVRY`s Risk Management efforts across the group.

Jon has been with EVRY since 2005 and held the position as Chief Security Officer at Er-

goGroup.

EVRY (NO)

EVRY is the largest IT company in Norway and the second largest IT services company in the

Nordic region. With 10,000 employees, EVRY delivers daily IT services from 50 Nordic towns

and cities for more than 14,000 public and private sector customers. EVRY is the product of

the largest-ever Nordic IT merger built on the foundation of the merger in 2010 of Norway's two

largest IT companies, EDB and ErgoGroup.

Why Traditional Information Security Governance Approaches

No Longer Work… and how to establish better mechanisms

(151)

Monday

15.15 - 16.00

IT becomes more complex every day – proven by trends like cloud services, outsourcing, and information mobility. Traditional top-

down information security governance models fail to handle these challenges. Security professionals often approach this with an

audit-inspired perspective. Instead – copy the approach used by every finance department! The methods are there - only the tools

are missing.

Bengt Berg, M.Sc, CISM, CISSP, QSA

Bengt works for Cybercom (www.cybercom.com) in Sweden as Head of Compliance Manage-

ment Services. Bengt has spent almost 20 years in the IS/IT security business, and today fo-

cuses at security governance issues as well as security and risk in the payment card industry.

Cybercom (SE)


Governance COBIT 5 for Information Security (221)

Tuesday

10.15 - 11.00

Focus of COBIT 5.0 is creation of value for business, integration of other frameworks and separation between management and

governance functions.

This new governance framework also incorporates information security. During the session each component of COBIT 5.0 is ex-

plained from a security perspective. This session will further provide security professionals guidance for using COBIT 5 for estab-

lishing, implementing and maintaining information security in the enterprise

Jacqueline Johnson, CISSP, BASELIII certified, ISO27001 Lead

auditor, COBIT certified, TOGAF, ISAE3402/SSAE16 certified,

ITILv3, Head of IT Security, Architecture Unit, Nordea

Jacqueline teaches in COBIT and IT Governance at Copenhagen Business School and has a

background in IT security advising and IT audit.

Nordea (DK)

Risk assessment - Can it be simple and yet sufficient? (231) Tuesday

11.15 - 12.00

Many risk management methods tend to produce lots of detailed information. How useful this information ever can be, major issues

may not get sufficient attention. Should risk management methodologies be revised and the mindset shifted from completeness to

usefulness?

This presentation discusses the risk management methods with a critical perspective and drafts new approaches to risk manage-

ment.

Helvi Salminen, CISA, CISSP, SABSA

Helvi Salminen has worked full-time in information security since June 1990, first as security

analyst and since April 2000 as information security manager. Before starting information secu-

rity tasks she has 12 years experience in systems development.

Cooperation with colleagues is an important asset for security professionals. Helvi is founder

member of Finnish Information Security Association which celebrated its 15th anniversary in

2012. Helvi is qualified CISA (1992), CISSP (1998), SABSA chartered security architect – foun-

dation level (2008) and was one of the first to achieve Master of Security in 2003 Aalto Pro

(Aalto University Professional Development). She has been the program manager of infor-

mation security training in Aalto Pro 2003-2008, and has given presentations in several infor-

mation security seminars.

Gemalto (FI)


Cloud Security: Minding the Gap with Socio-Technical Model of

Governance (241)

Tuesday

13.00 - 13.45

Cloud computer requires that organization understand how to document, communicate and control their security requirements –

with great consistency and accuracy – both from a technical, legal and operational perspective.

This presentation will show the empirical and theoretical research results of using naive socio-technical models and how to improve

the gathering of information security requirements.

Stewart Kowalski, Professor Dr. Information Security

Stewart Kowalski is a Professor of Information Security at the Norwegian Information Security

Lab at University College Gjøvik., Norway.

He has over 25 years of industry and academic experience in information security and has

work for a number of large international companies include, Ericsson, Telia Research, Huawei,

Digital and HP and has taught and researched information security at a number of universities,

including the Swedish Royal Institute of Technology (KTH), Stockholm School of Economics,

and Stockholm University.

NISLab (NO)

NISlab is the information security group at Gjøvik University College, and is a part of the Facul-

ty for Computer Science and Media Technology. The group conducts international competitive

research in several areas of information security, supervises Ph.D. research projects in this

field and teaches courses in information security at the Ph.D., M.Sc. and B.Sc. level.

Governance of IT cost… It´s too expensive - where to cut?

(251)

Tuesday

14.00 - 14.45

If you can’t measure it, you can’t change it! This session will give a practical model and tool that describe the IT-cost in a way that

everybody can agree upon! The cost issue is often based on different opinions, where and how to find IT-cost, what is included or

not and who is paying for it. One major player in IT-cost evaluation, have the approach of measuring the “factory”, to establish IT-

costs. The Connecta way is based on the accounting, twisted, to present the IT-cost in views that business accountable managers

and IT-supplier managers can relate too. The model will show what IT-cost areas that are of large size, and as all parties have the

same view, we can decide what area to address first, to cut IT-cost. During the presentation you will see some real cases.

Peter Torngren

Mr. Torngren is specialized in putting theories into good practices in the field of IT-Governance,

CIO-Office and IT-Economics. He has mainly worked for larger organizations in both the private

and the public sector. Mr. Torngren experience spans from people management (Coaching) to

process management (Engineering) as well as from establishing bookkeeping rules

(Controlling) to IT-Value and IT-Finance (Business) analyses. Mr. Torngren has also been en-

gaged as interim manager as CIO and IT-Controller. Mr. Torngren joined Connecta in may

2010 and is based in Stockholm. Mr. Torngren have more than 15 years of experience as a

consultant in his fields

Connecta (SE)

Connecta is a consulting firm that exists to transform the points on management agendas into

reality. To help our clients make a difference in Swedish commerce and the global arena by

delivering inspiration, innovation and high energy. When you choose Connecta, you’re also

choosing a better way to take your process forward. Our combination of strategic business

thinking, technical specialist know-how and the ability to make the transition from words to ac-

tion means more competitive client operations become a reality.


Assurance Business continuity management at Volvo IT (122)

Monday

11.15 - 12.00

Business continuity planning is an important part of all deliveries, not at least when it comes to information and IT. This presentation

will show how one big IT supplier, Volvo IT, has thought around BCM. The presentation covers what we work with when it comes to

e.g.: type of plans, scenarios, governing documentation, follow-up and assessments, training and support.

Stefan Karlsson, CISA, CBCP, CRISC, Security Controller

Stefan Karlsson is working as a Security Controller at the Security department at Volvo IT de-

partment at Volvo IT. Stefan has worked for Volvo IT since 2001, but has worked for Volvo Car

Corporation for 13 years before that. Between the Volvo positions, he has also worked for four

years as an IT-security consultant in Sweden.

Stefan is now primarily working with different aspects of Business Continuity Management and

Risk Management/Analyses throughout the Volvo IT organization and upon request for the

Volvo Group. He is also responsible for the security information/awareness and communication

activities within Volvo IT.

Volvo IT (SE)

Risk with Limited Auditing of Cloud Based Application Service

(132)

Monday

13.00 - 13.45

The possibilities and limitations of auditing a cloud based application. This intermediate level presentation contains the definition of

cloud computing, the models of cloud implementation, the challenges and opportunities of cloud computing to the auditor, and the

methods usable in cloud audit.

Markus Leinonen, CISA, CIA

President, ISACA Finland Chapter

KPMG (FI)


Cloud Computing, Privacy and Information Security (152) Monday

15.15 - 16.00

Especially the use of independent revisions to ensure an acceptable level of security at the processor (the party offering CC-

services to the controller (the customer)).

Helge Veum, Director, Head of Audit and Security Department

Datatilsynet (NO)

IT’s involvement in the Merger & Acquisition process (142)

Monday

14.00 - 14.45

The general outline of this session will go through the needs for, and results of IT’s involvement in the M&A process. This session

will mostly focus on IT specific pre deal activities, such as IT Due Diligence and the design of the 100-day plan where KPMG will

share experience and “lessons learnt”.

The session will present:

Why is IT important in M&A today?

Risks to the M&A process from an IT perspective.

Presentation of a basic IT-Due Diligence methodology.

Results of pre deal activities and how these link into post deal activities.

The all mighty 100-day plan.

Fredrik Ohlsson, Head of IT Deal Services, CISA, CISM, CRISC,

CISSP

Fredrik has worked in the IT field for more than 15 years and held various roles such as CIO,

CSO, Business manager and consultant. For the past 6 years Fredrik has developed and ac-

tively worked in building the IT Deal Services business. Fredrik annually performs on average

15-20 M&A transactions and has worked for some of the largest transactions in Sweden.

KPMG (SE)


Assurance SOX Today and yesterday (222)

Tuesday

10.15 - 11.00

Compliance with Sarbanes Oxley Act (SOX) was a major challenge for some Swedish organizations 2004-2007. Today SOX is not

discussed much and is not seen as a major obstacle. The presentation briefly describes SOX and shows some of the differences in

the approach to implement SOX before and today. We also discuss the benefits of the control framework organizations see that do

not have SOX requirements anymore.

Harald Carlsson, CISA

Harald is an independent internal control consultant currently engaged in project management,

risk management and internal control assignments.

Harald has previously worked for 7 years at Ernst & Young with IT Audit, Service Organization

Control Reports (SAS 70, ISAE 3402) and IT Internal Control.

Carlsson Internal Control Consulting AB (SE)

IT Assurance (232) Tuesday

11.15 - 12.00

Hans Henrik Berthing, CISA, CRISC, CGEIT, CIA, Statsauto-

riseret revisor, IT revisionschef Verifica og membership direc-

tor ISACA, Denmark Chapter, Medlem af FSR’s informat-

ikudvalg

Hans Henrik har mange års erfaring med revision, intern revision, it-revision, it sikkerhed og

tilknyttet rådgivning og assistance. Hans Henrik har stor erfaring med revision af såvel gene-

relle it kontroller som applikations-kontroller. Han formår at tilpasse it og procesrevisionen så

kvaliteten og effektiviteten i den finansielle revision forbedres.

Medlem af FSR’s Informatikudvalg fra 2009. Medlem af bestyrelsen af ISACA 2005-2012, for-

mand 2007-2009 og næstformand fra 2009-2012. Involveret i opdateringen af God IT skik.

Medlem af FSR’s følgegruppe for XBRL rapportering.

I kraft af dette arbejde ajourfører han sin viden om internationale tendenser, standarder og krav

indenfor it-revision, -sikkerhed og –ledelse.

Hans Henrik underviser i revision og valgfag om IT Governance på cand.merc.aud. studiet på

Aalborg Universitet. Han er også brugt som foredragsholder for it risikostyring, -revision og IT

Governance i Danmark og i udlandet, blandt andet på NA CACS og EURO CACS/ISRM. Han

er også instruktør på CISA forberedelseskursus og har udarbejdet internationalt un-

dervisningsmateriale indenfor it-revision.

Verifica (DK)


Identity Audit (242)

Tuesday

13.00 - 13.45

As we all know, organizations no longer operate in isolation. Their success depends on a network of partner relationships. Thus,

organizations are often compelled to expose their applications and data to a wider audience, which potentially results to an identity

and access management (IAM) issue. Potential risks include data leaks and privacy law violations.

An identity and access management audit can be the first step to understanding and addressing the aforementioned risk. By meas-

uring and reporting the risk within key applications, it provides a basis from which you can take informed actions to develop identity

and access management in your organization. This presentation further elaborates the goals, methods, and real-life experiences of

identity and access management audits.

Hannu Kasanen, Senior Manager, Enterprise Risk services

Hannu Kasanen is leading the Identity and Access Management (IAM) consultancy within

Deloitte Finland. He has participated in numerous IAM audits and development initiatives over

the years.

Albin Finne Manager, Enterprise Risk Services, CISM, CISA

Albin Finne is responsible for the IAM service line within Deloitte Sweden. He has led several

IAM audits in Sweden during the past year. Albin has previously worked with advisory and im-

plementation services at Deloitte’s IAM centre of excellence in London.

Deloitte (SE & FI)

Deloitte is one of the leading professional services organizations in Finland and Sweden. We

offer our clients a broad range of audit, consulting, financial advisory, risk, and tax services. We

employ over 400 professionals in Finland and 1150 professionals in Sweden.

We are a member of the global Deloitte Touche Tohmatsu Limited (DTTL) group of companies

with approximately 200,000 professionals. With a globally connected network of member firms

in more than 150 countries, Deloitte brings world-class capabilities, our worldwide network of

experts, and deep local expertise to help clients succeed wherever they operate.

Information Security, Reputational risk IT & Business Continui-

ty (252)

Tuesday

14.00 - 14.45

Learn how IBM handles the Big Data from an information security perspective – and how they help their customers find the needle

in the hay-stack, and respond to it.

Kim Aarenstrup, CRISC

Security Industry Leader & Cyber Security Ambassador, IBM Security

Council & Executive Chairman of ISF

Kim Aarenstrup is the former Group CISO of the A.P. Moller – Maersk Group, and has a wealth

of experience in all aspects of information security.

He is also the chairman of the board in The Information Security Forum

(www.securityforum.org)

IBM (DK)


Security Big data vs. Great Data (123)

Monday

11.15 - 12.00

80% of the data we have stored today has been produced in the last 18 month from text, video, social media, fridge, your cell

phone…… It will never stop.

How do we cope with all that information in the future? And why should we? Do we need “brakes” or functionality? Do we under-

stand why “Meta-data” is essential in working with Big Data?

The amount of data is not interesting today. It is the structure of the data which are necessary for the use of big data.

Carsten Stenstrøm, CISA, Master in Auditing from Copenhagen

Business School, Copenhagen

27 years in Banking Sector

6 years in Danish Broadcasting

(13 years in System Auditing)

(20 years Information Security)

Radio (DK)

Awareness of information security – High Lights from the Na-

tional Security Month in Norway (133)

Monday

13.00 - 13.45

The presentation will cover the content of National Security Month in 2012, and some plans for the Security Month 2013 in Norway.

NorSIS has during the last two years arranged National Security Month in Norway. In USA, the National Cyber Security Awareness

Month has been arranged since 2003. EU has decided that all EU countries will have National Security Month from 2014.

Tone Hoddø Bakås, CISA, CRISC

Tone Hoddø Bakås, senior adviser at Norwegian Centre for Information Security (NorSIS).

Tone has more than 25 years experience within IT as a system analyst, system developer

and project manager. Since 1999 she has focused om information security. Tone has a master

in information Security from Gjøvik University College, She is Lead Auditor ISO/IEC 27001 from

BSI, and certified CISA and CRISC from ISACA

NorSIS (NO)

NorSIS (Norsk senter for informasjonssikring) is part of Norway’s focus on information security.

Our aim is to make information security a natural part of everyone’s daily life.

Our primary target group is the small and medium sized enterprises as well as the public au-

thorities. We also try to accommodate requests from the public. Our ambition is to provide ser-

vices for every part of the society.

NorSIS will try to reach its objectives through:

Raising awareness about information security through training and information

Compilation and creation of guidelines and tutorials concerning information security topics

Establish an overall awareness towards information security


Cloud Storage and Security (153)

Monday

15.15 - 16.00

Cloud storage services like Dropbox are gaining wide spread adoption for file sharing.The reason for this is simple: they provide a

very streamlined user experience for accessing files across multiple devices such as laptops and smart phones and make it very

easy for ordinary users to share files across organisational boundaries.

However, from a security point of view this implies a big challenge, because companies will loose control over their data.

In this talk we will discuss cloud storage, the associated security challenges, and survey different solutions for securing files stored

in the cloud.

Jacob Illeborg Pagter, Head of Research and Innovation,

Security Lab, PhD, CISSP

Jakob's work is focused on creating innovative security solutions which can foster new ideas &

business rather than consolidating old ones. One example of such a solution is the security

architecture behind the GoalRef intelligent football. Another solution is the secure auction sys-

tem of Partisia ApS. He is involved in numerous projects applying novel cryptographic tech-

niques to solve real-world problems (e.g www.abc4trust.eu and www.cfem.dk).

Alexandra Institute (NO)

The Alexandra Institute is a non-profit company that works with application-oriented IT re-

search. The company is located in Aarhus, Denmark, and is recognized by the Danish govern-

ment as an advanced technology provider.

We focus on applied research in computer science and have a proven track record in bridging

the gap between research and industry. We have (among other areas) a focus on IT security

with a particular focus on applied cryptography, and also have strong competencies in cloud

security, where we were the first non-US provider of training for the Cloud Security Alliance’s

certification CCSK.

PCI Overview (143)

Monday

14.00 - 14.45

The presentation includes a short Case Study on how to apply PCI DSS requirements in a shared service provider environment.

What are the biggest challenges? What are the key points that need extra attention?

Mikko Sauranen, Compliance Manager

Mikko Sauranen has over 13 years of experience in IT industry – Compliance management and

Fraud management in particular.

At the moment he is responsible for CGI Finland High IT Security Service concept which is PCI

DSS certified shared IT infrastructure service environment.

CGI (FI)

CGI is a global IT service management company with over 70,000 employees.


Security Keeping financial risks controlled by bridging management of

IT services and data center facilities (223)

Tuesday

10.15 - 11.00

Cloud computing with its possibilities of cost efficiencies due to economies of scale is deployed in many organizations today. Risks

still being dealt with are often centered on regulatory compliance, privacy issues and concerns with regards to confidentiality and

access to data. Many security aware organizations focus on private clouds in their own data centers, run by internal staff or out-

sourced under controlled SLAs, rather than going to public cloud operators.

The purpose is to provoke a dialogue around how potential financial benefits of private clouds can be quickly lost if the organization

does not solve the conflict between operating models based on pay-as-you-go for data use, while at the same time keeping costs

for fixed assets and maintenance due to the need for ownership of the physical infrastructure where the private cloud is being run.

The aim is also to demystify the principles of investment processes and criteria for calculating the benefits and costs in order to

align proposed IT investments to the overall imperatives of the organization.

Lucas Cardholm, LLM, MBA, vice president at Coromatic Group

Mr Cardholm, LL.M. and MBA, is a renowned speaker and an international expert in the field of

information security and economics of security investments.

He is appointed as independent expert to the European Commission FP6 and FP7. His works

are published.

Coromatic Group AB (SE)

Case Study: Security in Mobile Banking (233)

Tuesday

11.15 - 12.00

SpareBank 1 Case Study: Security in Mobile Banking: The presentation will give the audience insight into how SpareBank 1 IT-

security contributed to the development of mobile banking services for our customers and our general approach to security in mo-

bile banking. We will tell how our organization learned both from a real security incident and risk assessment and how our involve-

ment improved the relationship to business stakeholders and contributed to their increased knowledge of security issues and securi-

ty risk. The presentation also includes information on how we have addressed mobile banking security in our dialogue with the cus-

tomers.

Mari Grini, CISA, CISSP

Mari Grini (CISA and CISSP) is Manager IT-security at SpareBank 1, one of the largest provid-

ers of financial services in the Norwegian market.

She has worked in IT and telecom since 1994 and has broad experience in security from both

SpareBank 1, since 2007, and the Norwegian Tax Administration.

She also has work experience from Telenor in service development, operations and technical

project management. She is graduated from the Norwegian University of Science and Technol-

ogy in 1994 and holds an Executive Master from the Norwegian Business School (BI).

SpareBank1 (NO)


Information mobility vs. Security. Managing a new age of risk

(243)

Tuesday

13.00 - 13.45

A look at the impact of information mobility regarding security risks and issues around data privacy. We will also discuss the chal-

lenges of balancing security requirements for both organizations and customers.

Jana Thorén, CISM

Jana is a security management consultant with a long experience within the security field work-

ing with governance, risk management and internal control around ISO 27001 and other stand-

ards. She has had a wide range of assignments within telecom, financial, public and industry

sector, in several European countries. She is also an experienced lecturer and educator with

high energy and integrity.

Michael Dufva, CISSP




goGroup.

Secode (SE)

Secode is the leading independent IT security provider in the Nordic region, offering flexible

and cost effective 24/7 managed and security consultant service and technology. With Secode,

you can secure your business and reduce the costs and complexity of achieving the highest

levels of security, efficiency and with policies, regulations and laws.

Cowboys & Indians - How to Secure the Manufacturing For-

tress (253)

Tuesday

14.00 - 14.45

In past years there have been a lot of incidents impacting manufacturing information security followed by a discussion and debate

about related threats.

Even though discussion is highly focused on SCADA and technical simple solutions – there still seems to be a misunderstanding

about how it is done holistically and failure to protect the image of the manufacturing companies.

We have seen that the mobile industry is increasingly one of the most interesting fields for the “bad guys”. So how is IT security

handled efficiently in manufacturing industry?

In this talk Jukka Nyman will give an insight for this topic by using real life examples how one of the major mobile device manufac-

turers has been able to avoid the pitfalls of cost-effective production requirements and downsized security requirements.

Jukka Nyman, Director, CISM

Jukka Nyman is a director and a partner at Invisian Ltd. He has more than 15 years of experi-

ence in IT field and has been specializing in IT risk management, IT governance and infor-

mation security.

In the past he has been an Information security auditor, Technical lead, Managing a global

information security project for manufacturing environments and developing new products for

Invisian as a Director.

Currently he is leading information security management professionals in both national and

global projects.

Invisian Ltd (FI)


Risk Big data vs. Great Data (123)

Monday

11.15 - 12.00

80% of the data we have stored today has been produced in the last 18 month from text, video, social media, fridge, your cell

phone…… It will never stop.

How do we cope with all that information in the future? And why should we? Do we need “brakes” or functionality? Do we under-

stand why “Meta-data” is essential in working with Big Data?

The amount of data is not interesting today. It is the structure of the data which are necessary for the use of big data.

Carsten Stenstrøm, CISA, Master in Auditing from Copenhagen

Business School, Copenhagen

27 years in Banking Sector

6 years in Danish Broadcasting

(13 years in System Auditing)

(20 years Information Security)

Radio (DK)

Risk with Limited Auditing of Cloud Based Application Service

(132)

Monday

13.00 - 13.45

The possibilities and limitations of auditing a cloud based application. This intermediate level presentation contains the definition of

cloud computing, the models of cloud implementation, the challenges and opportunities of cloud computing to the auditor, and the

methods usable in cloud audit.

Markus Leinonen, CISA, CIA

President, ISACA Finland Chapter

KPMG (FI)


Implementing a Risk Mgmt Framework with a GRC Tool (141)

Monday

14.00 - 14.45

During the last couple of years EVRY, which is one of the largest IT services company in the Nordic region, has worked on renew-

ing their risk management framework. We will share our experience from the process, as well as giving you an insight into Norway’s

first Archer GRC tool implementation, and how the use of a tool can help your organization.

Magnus Felde, Information Security Consultant, MSc Infor-

mation Security, CISSP (Associate), GCIH

Magnus has a master degree in information security from Gjøvik University College, and has

since 2011 worked in mnemonic’s Governance, Risk & Compliance department. He is respon-

sible for the GRC tool service at mnemonic, and has been central in the implementation of Nor-

way’s first Archer implementation.

mnemonic (NO)

Mnemonic is the leading independent provider of IT security professional services and 24x7

managed security services in the Nordics. Our scale, expertise, flexibility and agility, enables

our enterprise customers to protect their businesses by deploying products and services from

our portfolio that covers the entire information security lifecycle

Jon Hofstad, Corporate Risk Manager, CISSP




goGroup.

EVRY (NO)

EVRY is the largest IT company in Norway and the second largest IT services company in the

Nordic region. With 10,000 employees, EVRY delivers daily IT services from 50 Nordic towns

and cities for more than 14,000 public and private sector customers. EVRY is the product of

the largest-ever Nordic IT merger built on the foundation of the merger in 2010 of Norway's two

largest IT companies, EDB and ErgoGroup.

Why Traditional Information Security Governance Approaches

No Longer Work… and how to establish better mechanisms

(151)

Monday

15.15 - 16.00

IT becomes more complex every day – proven by trends like cloud services, outsourcing, and information mobility. Traditional top-

down information security governance models fail to handle these challenges. Security professionals often approach this with an

audit-inspired perspective. Instead – copy the approach used by every finance department! The methods are there - only the tools

are missing.

Bengt Berg, M.Sc, CISM, CISSP, QSA

Bengt works for Cybercom (www.cybercom.com) in Sweden as Head of Compliance Manage-

ment Services. Bengt has spent almost 20 years in the IS/IT security business, and today fo-

cuses at security governance issues as well as security and risk in the payment card industry.

Cybercom (SE)


Risk Keeping financial risks controlled by bridging management of

IT services and data center facilities (223)

Tuesday

10.15 - 11.00

Cloud computing with its possibilities of cost efficiencies due to economies of scale is deployed in many organizations today. Risks

still being dealt with are often centered on regulatory compliance, privacy issues and concerns with regards to confidentiality and

access to data. Many security aware organizations focus on private clouds in their own data centers, run by internal staff or out-

sourced under controlled SLAs, rather than going to public cloud operators.

The purpose is to provoke a dialogue around how potential financial benefits of private clouds can be quickly lost if the organization

does not solve the conflict between operating models based on pay-as-you-go for data use, while at the same time keeping costs

for fixed assets and maintenance due to the need for ownership of the physical infrastructure where the private cloud is being run.

The aim is also to demystify the principles of investment processes and criteria for calculating the benefits and costs in order to

align proposed IT investments to the overall imperatives of the organization.

Lucas Cardholm, LLM, MBA, vice president at Coromatic Group

Mr Cardholm, LL.M. and MBA, is a renowned speaker and an international expert in the field of

information security and economics of security investments.

He is appointed as independent expert to the European Commission FP6 and FP7. His works

are published.

Coromatic Group AB (SE)

Risk assessment - Can it be simple and yet sufficient? (231) Tuesday

11.15 - 12.00

Many risk management methods tend to produce lots of detailed information. How useful this information ever can be, major issues

may not get sufficient attention. Should risk management methodologies be revised and the mindset shifted from completeness to

usefulness?

This presentation discusses the risk management methods with a critical perspective and drafts new approaches to risk manage-

ment.

Helvi Salminen, CISA, CISSP, SABSA

Helvi Salminen has worked full-time in information security since June 1990, first as security

analyst and since April 2000 as information security manager. Before starting information secu-

rity tasks she has 12 years experience in systems development.

Cooperation with colleagues is an important asset for security professionals. Helvi is founder

member of Finnish Information Security Association which celebrated its 15th anniversary in

2012. Helvi is qualified CISA (1992), CISSP (1998), SABSA chartered security architect – foun-

dation level (2008) and was one of the first to achieve Master of Security in 2003 Aalto Pro

(Aalto University Professional Development). She has been the program manager of infor-

mation security training in Aalto Pro 2003-2008, and has given presentations in several infor-

mation security seminars.

Gemalto (FI)


Information mobility vs. Security. Managing a new age of risk

(243)

Tuesday

13.00 - 13.45

A look at the impact of information mobility regarding security risks and issues around data privacy. We will also discuss the chal-

lenges of balancing security requirements for both organizations and customers.

Jana Thorén, CISM

Jana is a security management consultant with a long experience within the security field work-

ing with governance, risk management and internal control around ISO 27001 and other stand-

ards. She has had a wide range of assignments within telecom, financial, public and industry

sector, in several European countries. She is also an experienced lecturer and educator with

high energy and integrity.

Michael Dufva, CISSP




goGroup.

Secode (SE)

Secode is the leading independent IT security provider in the Nordic region, offering flexible

and cost effective 24/7 managed and security consultant service and technology. With Secode,

you can secure your business and reduce the costs and complexity of achieving the highest

levels of security, efficiency and with policies, regulations and laws.

Governance of IT cost… It´s too expensive - where to cut?

(251)

Tuesday

14.00 - 14.45

If you can’t measure it, you can’t change it! This session will give a practical model and tool that describe the IT-cost in a way that

everybody can agree upon! The cost issue is often based on different opinions, where and how to find IT-cost, what is included or

not and who is paying for it. One major player in IT-cost evaluation, have the approach of measuring the “factory”, to establish IT-

costs. The Connecta way is based on the accounting, twisted, to present the IT-cost in views that business accountable managers

and IT-supplier managers can relate too. The model will show what IT-cost areas that are of large size, and as all parties have the

same view, we can decide what area to address first, to cut IT-cost. During the presentation you will see some real cases.

Peter Torngren

Mr. Torngren is specialized in putting theories into good practices in the field of IT-Governance,

CIO-Office and IT-Economics. He has mainly worked for larger organizations in both the private

and the public sector. Mr. Torngren experience spans from people management (Coaching) to

process management (Engineering) as well as from establishing bookkeeping rules

(Controlling) to IT-Value and IT-Finance (Business) analyses. Mr. Torngren has also been en-

gaged as interim manager as CIO and IT-Controller. Mr. Torngren joined Connecta in may

2010 and is based in Stockholm. Mr. Torngren have more than 15 years of experience as a

consultant in his fields

Connecta (SE)






tion means more competitive client operations become a reality.


Sponsors DELL GOLD

Dell Inc. (NASDAQ: DELL) listens to customers and delivers innovative technology and ser-

vices that give them the power to do more. Quest, now a part of Dell’s Software Group, pro-

vides simple and innovative IT management solutions that enable more than 100,000 global

customers to save time and money across physical and virtual environments. Quest products

solve complex IT challenges -- from database management, data protection, and identity and

access management, to monitoring, user workspace management and Windows Server man-

agement. For more information, visit http://www.quest.com or http://www.dell.com.

Quest One Identity Solutions: A real-world approach to IAM

Quest One Identity Solutions offer a real-world approach to IAM – business focused, integrated

with current investments, deployed quickly for fast ROI and flexible enough to meet future secu-

rity and compliance needs. Unlike traditional framework solutions, our modular, integrated ap-

proach is perfectly optimized to meet today’s access governance, privileged account manage-

ment, user activity monitoring and identity administration needs.

With Quest One Identity Solutions from Dell you will be able to reduce the complexity, cost and

risk of managing identities and controlling access to increase compliance, security and efficien-

cy.

Connecta GOLD






EMC/RSA SILVER

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance

management solutions for business acceleration. We help the world’s leading organizations

(including 90 percent of the Fortune 500) succeed by solving their most complex and sensitive

security challenges. These challenges include managing organizational risk, safeguarding mo-

bile access and collaboration, providing compliance and securing virtual and cloud environ-

RSA Archer eGRC modules allow you to build an efficient, collaborative enterprise governance,

risk, and compliance (eGRC) program across IT, finance, operations, and legal domains. With

RSA Archer, you can manage risks, demonstrate compliance, and automate business process-


Sigma SILVER

IT Governance is one of the main service areas within Sigma IT & management, where we have consultants certified by CGEIT. During a long time we have delivered services in the area of governance and management of IT to several companies and organizations. We are convinced that top management in an organization must be engaged in and take responsi-bility for these questions. People and systems are getting more and more mobile and the demand for working IT-solutions is increasing. At the same time this also creates an extend-ed vulnerability.

We join ISACA’s conferences to learn and take part of others thoughts and knowledge and

of course to share our experiences. We believe that we will become an even better vendor

and partner for our customers by being a part of ISACA.

Amentor SILVER

Amentor is one of the leading professional services suppliers in Sweden within the areas of information

security, IT audit, IT risk management and IT advisory. Within our organisation you’ll find all the

knowledge and experience necessary to eliminate the IT risks and maximize the business value

of your IT investments and thereby secure the growth and future development of the organisation.

Most of our consultants hold at least one security certification (CISA, CISM, CISSP, CGEIT, QSA) and

all have deep knowledge about the internationally accepted security standards and IT frameworks such

as PCI-DSS, ISO27000, ISO38500, ITIL, COSO, Common Criteria and CobiT. Our consultants also

have extensive experience from managing large regulatory compliance projects (Sox, PCI etc.)

CIO Sweden MEDIA

Reach the IT strategists in Sweden in their own forum

CIO Sweden is a completely unique marketing channel if you want to get in touch with the hottest tar-

get group in Swedish IT.

In all the channels: in the exclusive monthly magazine, at our focused web site and at our popular sem-

inars and in-depth round table discussions - we offer a tailored meeting with Swedish CIOs.

Our target group isn't the largest, but many times around the most important. You will definitely meet

them here.

The annual CIO sourcing event

Global Sourcing 2013: How should you outsource, to whom and what.

What sourcing experiences do other companies have? What are the future sourcing models?

What should you consider before signing a sourcing contract? What are the consequences if some-

thing goes wrong?

And how do you get global teams with different cultures to work together?

We answer theese question at CIO Global Sourcing, May 15th - A conference on how to contract,

manage and organize sourcing.

There are constantly new challenges and we highlight them - and the solutions. Our goal is that you

leave the event with new knowledge and lessons learned,

to help you make better decisions in your professional role.

Go to the registration page and read more. (in swedish) www.cio.se/globalsourcing2013


Pre-conference sessions

On Sunday the 21st of April there will be pre-conference ses-sions held by Cloud Security Alliance Sweden (CSA Sweden). The recommended price for the pre-conference sessions is 150 Euro. The price might vary depending on chapter sponsor-ship, packing, taxes and similar aspects.

14.30-14:50 Pre Conference Session registration and coffee

14.50-15:00 Introduction by by CSA Sweden President

15.00-15.45 Aspects to consider within information securi-ty during procurement and use of cloud services

16.00-16.45 Federation and Cloud in practice (Demonstration)

17.00-17.45 Company talks about their reasoning concern-ing security and cloud services

Post-conference CISA and CISM review

seminars

Directly after the conference, on the 24th of April, there will start a two-day CISM review seminar and a three-day CISA review seminar. As in recent years, the seminars will be led by local experienced CISA's and CISM’s and will mainly focus on the aspects of the exam that have been most challenging in the past. To enable non-Swedish speakers to attend the seminar-is, the language will be English unless all attendees speak Swedish. The location is Ernst & Young's facilities in central Stockholm. Information regarding registration etc. will be avail-able at nordic.isaca.se.

CISA and CISM exams For information on how to register for the exam go to www.isaca.org/cisa or www.isaca.org/cism. Final Registration Deadline for the exam is the 12th of April 2013.

Review seminars contents

The following areas are included in the CISA seminar:

The IS Audit Process

IT Governance

Systems and Infrastructure Lifecycle Management

IT Service Delivery and Support

Protection of Information Assets

Business Continuity and Disaster Recovery

The CISA Review Manual and the CISA Practice Question Database (cd-rom) are included in the seminar fee. Handed out on the first day of the seminar.

The following areas are included in the CISM seminar:

Information Security Governance

Information Risk Management

Information Security Program Development

Information Security Program Management

Incident Management and Response

The CISM Review Manual and the CISM Practice Question Database (cd-rom) are included in the seminar fee. Handed out on the first day of the seminar.

CISA and CISM review seminars fees

The fee for attending the CISA review seminar is 12 000 SEK + VAT for ISACA members and 15 000 SEK +VAT for non-members.

The fee for attending the CISM review seminar is 8 000 SEK + VAT for ISACA members and 10 000 SEK + VAT for non-members.

Become a member today and get the member discount for the

seminar at www.isaca.org/join

You can find the most up-to-date program and more information at

nordic.isaca.se

www.isaca.se

http://www.isaca.org/cisa

http://www.isaca.org/cism

http://www.isaca.org/join

isaca 2013 conference big data

Documents