The Codex of Business Writing Software for Real-World Solutions 2.pptx
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
1. REGIONAL CYBER
SECURITY SUMMIT 2016
11th-13th May 2016 - Weston Hotel, Nairobi - Kenya
Securing the enterprise in a connected world and ensuring business continuity
The Human, Organisational and Governance Factors.
Access Business Management Conferencing
(ABMC) International,
Head Office: Nairobi, Kenya, Westlands, Mpaka Road,
Mpaka Plaza, 2nd Floor, Right Wing, Suite No. 205
Tel No.: +254 20 4031000, +254 772 222004/5
Email: info@intl-abmc.com, Web: www.intl-abmc.com
ACCESS BUSINESS MANAGEMENT CONFERENCING INTERNATIONAL LTD
A.B.M.C INTERNATIONAL LTD
LEADERS IN BUSINESS TRAINING
About the Summit
The People Factor: The Internet of things is here but organisations are slow to address
its security risks
Organisational Factor: Cyber and Cloud talent gap and challenges thereof
Governance Factor: Big shifts in new technologies towards big data analytics, forensics
and intelligence based cyber solutions.
Cost of Compliance: Information security leaders need for compliance is now up
especially in the financial services and government sector, e.g fraud, money-laundering
Disruptive technologies: CyberSecurity has become a competitive advantage a C-level
priority
Enabling Security Technologies: Despite alarming headlines information security
investigations and forensics is improving
Cybercrime: Insider negligence risks are decreasing by effective management via
information security audits, deep understanding of network penetration testing skills
THE FIRST 5 DELEGATES
TO BOOK WILL GET A
FREE TABLET PC
BOOK & PAY NOW !
ABMC INTERNATIONAL IS
ACCREDITED BY THE NATIONAL INDUSTRIAL TRAINING
AUTHORITY IN KENYA (NITA) - NITA/TRN/870
Keynote Speakers
Mr.Tyrus Muya
Head of Information Security
and Risk Cellulant Group, founder member
TheAfricaHackon, Key Consultant National Cyber
Security MasterPlan - NCSMP
Board of Directors, Director General ,Chief Executive Officer,Managing Director, County
Executive Committee -ICT, CIOs, CTO's, CSO's and CISO’s, General Manager ICT, Information
Security Director and Managers Data Security professionals, Head of Enterprise Security,
Network Security Head,Systems Planners and Analysts, Security analysts, Database
Administrators, Heads of ICT, Chief OperatingOfficer-COO or any other person involved in
IT Security.
This is build up, as an after event follow up to maximize on your training ROI:
SIGN UP FOR OUR MENTORSHIP PROGRAM:
For ONLY USD 30 Per Session
3 sessions each one hour only within 3 months
You choose time and when
Target Market:
Sebastian Marondo
CEO, NRD East Africa Limited
Dr. Matunda Nyanchama PhD,CISSP
Managing Consultant,
Agano Consulting Inc.
Mr.Paul Roy Owino, President ISACA Kenya
Chapter, Founder & CTO ProoLabs
Mr.Yusuph Kileo
Cyber Security and Digital
Forensics Expert,Tanzania
Wycliffe Momanyi BSC, MSC Info.Sys and MBA
SMgt,CISA,CISM
Head of Information Risk KCB Bank Group
Prof. Ddembe Williams BSc, MSc, PhD, PGCHE,
FHEA
Acting Assoicate DVC Faculty of Computing
and Information Management Director Innovations
& Strategic Partnerships KCA University
Mr Silvanus Sewe MBA Corp.Mgt,Bsc BIT, HND
National Security & Risk Mgt Executive Director
Global Forensic Services Limited and Chairman
Security Sector Board - KEPSA
Dr. Katherine Getao,EBS
ICT Secretary,Ministry of Information
Communication and Technology of Kenya
Our Event Partner
Ufundi Plaza,
Moi Avenue
Nairobi, Kenya 00200
+254-20-267-0743
info@aganoconsulting.com
Vincent Ngundi Assistant Director Cyber
Security and E-Commerce
Communications Authority of Kenya
Event Sponsor
2. According to surveys, the top five technology concerns in Africa are social media
(50%), cyber attacks (39%), cloud computing (34%), mobile applications (27%) and
data mining and analytics (25%). A majority of information technology and
information security leaders believe their organizations’cybersecurity posture will
improve this year. This is, in part, because of increased senior management
awareness that would result in better funding for information security to invest in
people, processes, and technologies. In addition, the leaders see trends towards
more timely and actionable cyber intelligence.
The surveys indicate increased organizational capabilities to handle sophisticated
technologies, enhanced information security skills, better staffing, and heightened
cybersecurity awareness among employees due to training and deliberate
management action. Others think the cybersecurity posture of organizations will
decline due to inability to hire and retain expert staff, lack of actionable and timely
intelligence, increase in employee-related risks, and lack of funding that would
prevent appropriate investments in people, processes, and technologies.
This event offers a chance for information sharing across cybersecurity concerns.
A carefully selected expert pool will lead discussions based on their experiences and
highlighting best practices in the management of cybersecurity, including case
studies to illustrate these points. The scope of topics runs from organizational to
technical and covers entire aspects of cybersecurity programmes in organizations.
Cybersecurity Management in Organizations II: Security Testing
• Vulnerability management
• Security testing and the role of pen testing
• Pen testing dimensions and process
• Ethics of pen testing
Cybersecurity and BIG Data
• Security Information and analytics and the value of cybersecurity intelligence
• The role of Security Information Event Management Systems (SIEMS)
• Data analytics, trends and risk analysis
Incident Management, Cyber Forensics, and Investigation
• Incident management – detection, response and resolution
• Cyber forensics
• Investigation: evidence securing, analysis and chain of custody
• Case studies in incident response and investigation
The Internet of Things: The security risks of an interconnected world,
and how to deal with these
• Preparing for cybersecurity risks resulting from IOT’s
• Analysing new age usability and its risk management:
o acceptance of virtual currencies
o use of mobile payments - use of big data analytics
o use of IT virtualization
o use of cloud infrastructure
o use of digital identities
o use of cloud file sharing tools
o employee’s use of social media in the workplace
o employee-owned mobile devices
o employee’s use of favourite cloud app
The Insider Threat: Managing employee-related risks, including device
use of devices and apps (BYODs and BYOCs)
• Insider cybersecurity threats and their people, process and technology dimensions
• Challenges of managing insider cybersecurity risks
• Effective governance, risk and compliance with respect to the insider
• The role of education and awareness
• Managing third party-related security threats
Why this event
REGIONAL CYBER SECURITY SUMMIT 2016
Securing the enterprise in a connected world and ensuring business continuity
The Human, Organisational and Governance Factors.
11th-13th May 2016 - Weston Hotel, Nairobi - Kenya
Cybersecurity Governance: CISO’s role and Aligning the
Cybersecurity Agenda with the Corporate Agenda
• Cybersecurity as a strategic priority and competitive advantage
• Integrating cybersecurity within corporate governance
• Effective cybersecurity organizational structures, roles and responsibilities
• Effective corporate cybersecurity governance, risk and compliance
Cybersecurity Management in Organizations I: what are the best
practices?
• Securing access to data, systems and physical spaces with the growth of
connected mobile devices
• Decreasing security risk due to complexity of IT operations and the growth of
unstructured data assets
• Integrating disparate technologies at use to decrease risks Integrating
necessary data sources for actionable cyber intelligence
• Integrating third party service providers to internal
The Cloud & Cyber Protection
• The why, what, and cybersecurity risks associated with the cloud
• Technical, business and management issues of protecting information in the
cloud
• Best practices in cyber protection in the cloud
Virtualization & Cybersecurity
Today, we witness rapid changes in the technology landscape. A key challenge
for organizations is the poor visibility associated with applications, users, and
services. This is exacerbated as more and more applications reside in virtual
environments.
• Encrypting for data at rest & data in transit
• Using automated forensic tools
• Using new generation firewalls-NGFW’s & application firewalls
• Probing threat intelligence feeds
• Sandboxing or using isolation tools
Cyber talent gap in Africa and the challenges thereof
To address challenges of cybersecurity requires across the board skills. There is
a need for leadership, management, and technical hands on capabilities.
• What is the range (board, management, technical) of skills required?
• Investment in cyber-related skills development (academic, on the job training)
• Does skill and talent availability match related demand?
• Programmes relevant to cyber talent development
• Dealing with retention of skilled person in the face of fluid staff mobility
• Keeping up with increasing organizational and technological complexity
• Challenges of compliance
Business Continuity Management to enable your organisation to
function as usual before, during and after cyber threats
• The state of business continuity in the industry and what can be done about
it?
• Instituting a business continuity culture: from planning to response
• The requisite governance approaches that would assure effective business
continuity management.
Key Thematic Areas
3. REGIONAL CYBER SECURITY SUMMIT 2016
Securing the enterprise in a connected world and ensuring business continuity
The Human, Organisational and Governance Factors.
11th-13th May 2016 - Weston Hotel, Nairobi - Kenya
Expert Panel
Mr.Yusuph Kileo
Cyber Security and Digital Forensics
Expert,Tanzania
Yusuph Kileo is an expert in the fields of cyber
security and digital forensics. Yusuph started
developing his IT skills while working with Brand
East Africa in 2006. In 2008 he joined the MIS
department at the Tanzania Telecommunication Company where he developed
his interest in the security field. In 2012, Yusuph joined the Tanzanian
Government's Criminal Investigation Department (CID) as a cyber security and
digital forensics investigations expert. The CID falls under the Forensics Bureau
section He is currently an adviser for cyber-security matters in Tanzania.
Mr Silvanus Sewe
MBA Corporate Management, Bsc BIT,
Higher National Diploma National Security
& Risk Management, Diploma Investigations,
International Advanced Certificate Computer Forensic
& Information Security Management
System (ISMS) Executive Director Global Forensic Services Limited and Chairman
Security Sector Board KEPSA
Vincent Ngundi
Dr. Matunda Nyanchama PhD,CISSP
Managing Consultant
Agano Consulting Inc
- Previous experience in BIG Four Advisory Services
with focus in ICT security consulting and security
product development;
- Published in major journals and publication on information security
management.
- Experienced speaker on technology matters and international development
issues; commentator in ICT-related issues and their impact on development.
Mr. James Saaka,
Executive Director, NITA-Uganda
Mr. James Saaka holds a BSc and an MSc. in Computer Science from University
of Vladimir Polytechnic Institute, (Soviet Union). He became Certified
Information Security Manager (CISM) in 2004.
Mr Saaka has attended numerous training and workshops in IT Management
and Strategy, Leadership, Information Security, IT Technology etc.
Prof. Ddembe Williams BSc,
MSc, PhD,PGCHE, FHEA
Acting Assoicate DVC Faculty of
Computing and Information
Management Director Innovations &
Strategic Partnerships, KCA University
Prof. Ddembe Williams is the Dean of the Faculty of Computing and Information
Management and the Director of Data Analytics and Visualisation Research Lab
(D-Lab) at KCA University in Nairobi, Kenya.
Prof. Williams has published over 30 internationally referred conference papers,
book chapters and journal articles and chaired several research conferences and
workshops. He holds a M.Sc. in Advanced Information Technology and a Ph.D. in
Computer Science/System Dynamics from London South Bank University.KCA
University · Information Systems · Centre for Systems Modelling and Visual
Analytics
Mr.Wycliffe Momanyi BSC, MSC
(Information Systems) and MBA
(Strategic Management) UON,
Certified Information Systems Auditor (CISA),
Certified Information Security Manager (CISM)
Member ISACA and ACFE
Wycliffe joined the banking industry 21 years ago as a management trainee and
set up the Credit Card Information System which he subsequently led, he has
been in Systems development and set up the KCB’s first Information Security
Policy
Director and Founder Euclid
Consultancy Ltd, founder
member TheAfricaHackon, Key Consultant National Cyber
Security MasterPlan - NCSMP
Mr.Tyrus Muya
* Cyber Security proponent & industry leader, * Vulnerability Assessment,
Penetration Testing through Red Teaming, * Information security research &
development, * Capacity building through boot camps, specialized training &
industry linkages, * Risk assessment framework development and policy
development & implementation.(ISO 27001/2, Octave Allegro, Octave-S,
PCI/DSS, NIST) for both Govt & private sector.* GSM, SIGINT( SIgnaling
Intelligence), RF aficionado
Areas of expertise include:
Dr. Katherine Getao, EBS
ICT Secretary,Ministry of Information
Communication and Technology of
Kenya
Dr. Katherine W. Getao serves the Government of Kenya as
the ICT Secretary, the strategic head of ICT in Kenya.
She holds a B.Sc. (Hons) in Combined Sciences (Chemistry and Computer
Studies) from Brighton Polytechnic, U.K., an M.Sc. in Intelligent Knowledge-
based Systems from the University of Essex, U.K. and a Ph.D. in Computing from
Lancaster University, U.K. She is a Commonwealth Research Fellow (2005).
Assistant Director, E-Commerce at
Communications Authority of Kenya
Sebastian Marondo,MBA,
CISA,CISM
Chief Executive Officer at Norway
Registers Development East Africa
Limited ( NRD E. Africa)
Marondo Sebastian is an information security expert and auditor with more
than 6 years experience and achievement across the whole spectrum of
technical aspects of Information Technology, Information Security, Business
Continuity, Networking and Systems Integration and physical security in
Information and Communications Technology (ICT).
Sebastian is member of ISACA and Association of Fraud Examiner (ACFE) both
of United State of America which provide world standard frameworks for
Auditing, security and Fraud investigation
PMP, CISSP, CEH, ECSA
Previously Manager, E-Security,Manager, KE-CIRT,Manager, IT (Industry)
Communications Commission of Kenya (CCK),Council Member ICANN ASO/
AC,Chair, AfriNIC PDP
MGAfriNIC,Director,CapacityBuildingAfTLD,Administrative Manager,Technical
Manager,Systems Enginner-KENIC,University of Nairobi,MSc, Computer
Science,2007 – 2008,University of Nairobi,BSc, Computer Science,2000 – 2004
4. REGIONAL CYBER SECURITY SUMMIT 2016
Securing the enterprise in a connected world and ensuring business continuity
The Human, Organisational and Governance Factors.
11th-13th May 2016 - Weston Hotel Nairobi Kenya
Agenda
DAY ONE
8.30am-9.00am:
Welcome Note
Event ChairPerson - Dr. Matunda Nyanchama PhD, CISSP, Agano Consulting
Opening Remarks Paul Roy Owino, President ISACA Kenya Chapter/Founder &
CTO, Proolabs
9.00am-10.15am
Tyrus Muya, Director & Founder, Euclid Consultancy, TheAfricaHackon
Topic: Cyber Security Management in Organizations II: Security Testing
10.15am-10.30am: Pause/Tea Break
10.30am-11.45am:
James Saaka, Executive Director, NITA Uganda
Topic: Virtualization & Cyber Security
11:45am-1.00pm:
Sebastian Marondo, CEO, NRD East Africa Limited
Topic: Cybersecurity Governance: CISO’s role and Aligning the Cybersecurity
Agenda with the Corporate Agenda
1.00pm-2.00pm: Lunch Break
2.00pm-3.15pm:
Mr Silvanus Sewe, MBA Corp. Mgt, Bsc BIT, HND National Security & Risk Mgt
Executive Director, Global Forensic Services Limited
Topic: The Insider Threat: Managing employee-related risks, including device
use of devices and apps (BYODs and BYOCs)
3.15pm-4.45pm:
Rashpal Bhamra, RSB Infosec
Topic: Vulnerability Management
Close with Coffee Break and ChairPerson Summary for the day
DAY TWO
8.30am-9.00am:
Welcome Note
Event ChairPerson - Dr. Matunda Nyanchama PhD, CISSP, Agano Consulting
9.00am-10.15am:
Paul Roy Owino, President ISACA Kenya Chapter/Founder &
CTO, Proolabs
Topic: How to assess effective threat intelligence-Why the source matters
10.15am-10.30am: Pause/Tea Break
10.30am-11.45am:
Mr.Michael Mbuthia, CIO, Intergrated Payments Services Limited - IPSL
Kenya
Topic: The Internet of Things: The security risks of an interconnected world,
and how to deal with these
11:45am-1.00pm:
Prof. Ddembe Williams BSc, MSc, PhD, PGCHE, FHEA
Topic: Cybersecurity and BIG Data
1.00pm-2.00pm: Lunch Break
2.00pm-3.15pm:
Rashpal Bhamra, RSB Infosec
Topic: Identity Access Management
3.15pm-5.00pm:
Yusuph Kileo, Cyber Security and Digital Forensics Expert,Tanzania
Topic: Incident Management, Cyber Forensics, and Investigation
8.30am-9.00am: Welcome Note-Event ChairPerson-Dr. Matunda Nyanchama PhD, CISSP, Agano Consulting
9.00am-10.15am:
Wycliffe Momanyi, BSC, MSC Info.Sys and MBA SMgt,CISA,CISM, Head of Information Risk, KCB Bank
10.15am-10.30am: Pause/Tea Break
10.30am-11.45am:Vincent Ngundi, Assistant Director Information Technology, Communications Authority of Kenya
Topic: The Cloud & Cyber Protection
11:45am-1.00pm: Dr.Katherine Getao, EBS, ICT Secretary, Ministry of ICT
Topic: CyberSecurity Management in Organisations I: what are the best practices?
1.00pm-2.00pm: Lunch Break
2.00pm-3.15pm: Dr.Katherine Getao, EBS, ICT Secretary, Ministry of ICT
Topic: Cyber Talent Gap in Africa and the challenges thereof
3.15pm-3.45pm: Rashpal Bhamra, RSB Infosec
Topic: Brief Over Q&A
3.45pm-4.00pm: Closing Summit - ChairPerson Dr.Matunda Nyanchama PhD & ABMC International
DAY THREE
5. REGIONAL CYBER SECURITY SUMMIT 2016
Securing the enterprise in a connected world and ensuring business continuity
The Human, Organisational and Governance Factors.
11th-13th May 2016 - Weston Hotel, Nairobi,Kenya
About the Event Sponsor
RSB Infosec is a dynamic and responsive online security provider. Through
securitymapping and threat assessment we build water-tight data networks
and shield your datafrom external online attacks. Swift, reliable and agile;
we keep up with the world of onlinesecurity to provide continuous
protection for your business.
Our business is focused on innovation in the domain of Identity Access
Management. Dynamic problem solver and decisive team leader with full
spectrum of skills ranging from project management, to business analysis or
delivering end-to-end technical implementations with 20 years' experience
building strong international working relationships. We have provided the
above services to many Top tier investment Banks, UK government, Legal
firms and the NHS (Health Care).
We also have proven track record directly with major software vendors.
Always looking for new challenges, we are now bringing Identity access to
the next level in Kenya, developing a pragmatic and structured methodology
for Identity Access Management.
Manage and deliver strategic direction and initiatives including
organisation-wide conformance programs, industry changes, and
businessdriven change
Work with senior managers and Executives to identify and set risk
appetite and gain sponsorship to governance approaches including
preparing reports on risks and controls for communications to this
audience.
Define, implement and support wide governance and testing strategy
for compliance with Corporate level standards and policies
Able to balance risk and reward in regards to the protection of data
Business Analysis
Gathering requirements from and negotiating them with business stakeholders
Modelling and documenting requirements and business processes and
conducting gap analyses
Evaluating existing processes and optimizing them in terms of efficiency and risk
mitigation
Finding solutions to business problems as part of overall strategic roadmap
Functional & Technical Architecture
Implementing and Improving Logical Access Management controls is the
business core of Identity access management.
General Skills
We have detailed knowledge of security tools, technologies and best practices in the
creation and deployment of security solutions protecting networks, systems and
information assets for a diverse range of companies and organisations especially in
Legal, Financial and healthcare Sector.
Developing and implementing information security strategy providing the most
appropriate security to address the risks faced by an organisation.
Good interpersonal and presentation skills to highlight and improve awareness
of security and privacy concerns within organisations.
The ability to communicate effectively across differing levels of technical
knowledge.
Provide advice to senior and executive management including key stakeholders
on all areas relating to corporate information security.
Lead consultant on large upgrade /migration projects
A wide exposure to legislative and regulatory environments such as the Data
Protection Act, FCA and SRA guidance the NHS's Information Governance and
PCI DSS.
Proven technical background and hands-on expertise
Excellent communication and leadership skills with heaps of common sense
Involved in Cyber Security, Investigations and Threats since 2005
Experience in the implementation of the ISO 27000 family of standards and
PCI DSS.
Why us?
The world of computer systems is moving faster than ever before. What once
felt secure is now under threat by structural system vulnerabilities, the
constant stream of new patchesreleased and the ever evolving creativity and
skills of would-beattackers.
Exposure points increase the more accessible your business becomes to
consumers and to business partners. An attackerneeds to find only one
weakness in your system security andthey’re in. It’s a tough world to stay
protected.
But we provide the defence that businesses need.
Strong knowledge and understanding of policies and standards to
enable best practice and consistency
Identify and assess key information risks and issues across organisations
and establish measures and metrics, such as the lack of adequate
protection (encryption, authorization, authentication)
Develop, publish, and socialized specific positions around existing and
emerging Information Risk topics to colleagues and senior management
Be able to defend these positions to the targeted audience.
Provide subject matter advice and guidance into all areas of risk and
control across information risk management
Provide support and guidance for the consolidation, monitoring and
challenge of risks and controls.
Work with various levels of management to develop solutions that are
acceptable to balance risk and reward in regards to the protection of data
Project Management:
By frequent assessments of system vulnerabilities, which identify, quantify
and rank your system’s vulnerabilities.
By simulating malicious attacks and evaluating system security.
By developing a secure architecture design review; optimising your system
and minimising exposure points.