Venue
Four Seasons Hotel
Date
05 – 07 March 2019
Advances in information technology continue to drive business enablement and profitability across all industries. With the advances and greater reliance on information technology, there comes an ever-increasing risk to the business. In some cases, business process has become so dependent on technology that conventional business process controls can no longer offset general IT controls. This, taken with the reality of increased threat of cyber criminals and terrorists, makes it more important than ever for companies, governmental entities, and other organizations to have a solid IT Governance, Risk and Compliance (IT GRC) program. Implementing a comprehensive and innovative governance, risk, and compliance (GRC) program enables organizations to address the multiple factors that are essential in managing and controlling enterprise risk.
The 2nd Kuwait IT Governance, Risk & Compliance Forum targets specialists in auditing, insurance, compliance, risk, security, strategy and governance in government and private bodies. The program will include the following main themes:
A can’t miss event for anyone responsible for risk management, compliance, and controls, administration, or audit in their organizations. The agenda is being developed as a roadmap that will explain:
Abdulaziz Ahmed Al-Duaij, Information Technology Manager, KNPC, Kuwait
Communicating IT Risk to stakeholders
Abdulaziz Ahmed Al-Duaij is the Information Technology Manager at KNPC. He has worked for KNPC since 1989. Mr. Abdulaziz received his BS in Computer Engineering from UOP California in 1988. Currently the manager of IT Department in KNPC, he is also a member of the Kuwait Engineering Society since 1988 and an active member of the Kuwait IT Society since 1989
Blockchain and Governance, Risk, and Compliance
key factors impacting risk and compliance executives include the need and expectation of real benefits from digital technologies, such as big data, artificial intelligence (AI) and machine learning, as well as distributed ledger technology (blockchain) to bring measurable increases in efficiency to risk management operations. At the same time, many firms are facing challenges in moving toward the future. At a fundamental level, the report indicates that risk operations are having difficulty developing agile capabilities and continue to be hampered by inflexible technology.
Expert and influencer on Blockchain, Cybersecurity, Digital transformation, IoT, and Advisor and mentor to People in these Domains – Partner for each success.
Co-Founder of GloryThink Academy: The Source of Complete Blockchain Knowledge. Participated in many of ICOs either as investor or Advisory Board member.
Ramy is Blockchain Technical Advisory Board Member in Government Blockchain Association, GSDC – Global Skill Development Council, Blockchain Council, Coin Governance System, and many other Blockchain Organizations.
Delivering multiple Blockchain Training in multiple languages (English and Arabic), with different types and levels (Beginner, Medium, Advance, Fin Specialized, Gov Specialized & Trading courses )
He joined Kaspersky Lab in 2017, and been Promoted to be the Lead Solutions Architect for Enterprise & National Level Projects in the Middle East, Turkey & Africa Region, Engage with big and national organizations ( like CERTs ) to build their Cybersecurity competencies on a national and wide-scale level.
Christy Thomas has close to 35 years of experience in Industrial Cyber Security and Process control systems. His special interest area is the evolving network security management for Industrial Control Systems (ICS) networks. He is a certified ISA/IEC62443 Cyber Security Risk Assessment Specialist, Functional Safety Engineer ‘FS Eng (TÜV Rheinland, #6190/13, SIS)’ and a certified internal auditor for ISO systems. Graduated in instrumentation & control systems engineering in 1984 from Mysore university, he completed his MBA in e-commerce from Washington university in year 2003. He began his career with Bharat Heavy Electricals (BHEL) – Industrial Systems Group at Bangalore, India, before relocating to Kuwait in 1996, taking up the position with EQUATE Petrochemical Company until Jun 18. Since Jul 2018, he is serving as the Senior Cyber Security Advisor (Corporate network & Industrial Control Systems Network) of Kuwait Integrated Petrochemical Industries Company -KIPIC. (ie the 4th refinery complex).
Khalid MajedSr System Engineer RSA Archer, RSA
“Managing IT Risk in the Digital Transformation Age”
Digital transformation is no longer optional, or even a differentiator. Digital transformation has become compulsory for every organization to remain relevant and competitive in today’s digital economy. So why is managing risk – and especially digital risk – so hard? The Digital transformation, along with other factors, are continuously adding pressure to organizations. IT teams focus on infrastructure, providing services to enable users and customers, and limiting downtime. They’re also tasked with modernizing over time, and keeping pace with technology innovations. As one’s digital and business foot print expands, one’s attack surface is increasing. Hackers and threat actors can access one’s network and cause sever disruption to business. Meanwhile, risk/compliance teams focus on meeting regulatory, that our constantly changing, and audit needs and meeting the company’s legal requirements. These forces add up to increased risk in one’s business – making risk management a board level topic. A transformative and integrated approach to risk management is the answer. Aligning risk domains to provide a wider view of risk, and cut through silos and unneeded complexity.
GRC Transformation, Supporting New Age Digital Organizations
This session focuses on the demand for a change in the way emerging technology as well as regulatory landscape is driving the business needs for a robust GRC program and systems that support it. Today’s digital business needs a GRC solutions with more intelligence than just handling the rudimentary tasks. This sessions highlights the need for transforming GRC to improve business performance and support its adoption of disruptive technologies and business models.
Ahmed is an internationally recognized cybersecurity executive, Entrepreneur & prominent speaker, working in Information / Cybersecurity industry for almost 20 years as CISO (Chief Information Security Officer), Security Advisory & Strategist. Ahmed has a Master’s in Strategic Business IT (Portsmouth, UK) and has several global certifications to his credit, some of which are CRISC, CBCP, CISM, CISA, CISSP, ITIL, ISO 27001 / 20000, ISO 22301 and others. Ahmed Baig is also a Board Member at POLCYB (The Society for the Policing of Cyberspace) has previously been in security management role heading information / cyber security at various government, Semi Government and large conglomerates.
He’s also Chief Architect for CGMS (Corporate Governance Management System) and ITGMS (IT Governance Management System) frameworks covering Risk Management, IT Governance, Information / Cyber Security, and Business Continuity that has been successfully implemented in service providers and government entities in GCC also leading third party certification of international standards. He has been a key member of eSecurity domain within Interstandards (Web Security Standard) developed middle east region and also a working committee member at Online Trust Alliance (OTA).
Ahmed’s key assignments also include implementation of various cybersecurity programs, standards to help organizations comply with industry regulations and government mandates.
Marwan Zalloum – Managing Partner/Cybersecurity Practice Leader at Panorama Consulting and Business Solutions
“Enabling Governance, Risk and Compliance at the Speed of Business”
“ In the era of fast business market challenges and emerging technology change and disruptions, Sound GRC enablement is essential to sustain, comply and de-risk business operation”.
Executive Director and trusted advisor with over 25 years of international track record within consulting and direct industry. Led major business and technology transformation initiatives within Banking, Telecom, Logistics and Government sectors.
With core skills covering Strategic Planning and Execution, Cybersecurity Services. Marwan had the privilege to lead and deliver International and GCC Nation-wide and Enterprise Level Initiatives within Public and Private sectors.
Marwan is currently the Managing Partner of Panorama Consulting and Business Solutions – A leading GCC Consultancy helping enterprises define, transform, secure and deliver their services effectively and efficiently through its services and solutions.
Internal Audit role in GRC
The audit discipline provides a foundation to provide assurance to management, the board and other stakeholders that the organization is achieving objectives, addressing uncertainty and acting with integrity. Integrating audit into an overall GRC capability ensures that these activities are aligned with business objectives, strategies, risk management, compliance management, Legal, Finance, IT and culture. Mr. Fadi Bouz (Director of Internal Audit & Risk) at Sunbulah Group in Jeddah, KSA will shed more light on the above topic.
Mr Fadi Bouz has conducted several training on Internal Audit leading practices, Risk Management, AML & CFT awareness and Corporate Governance in GCC and Lebanon. He also participated in checking the Corporate Governance compliance with the Saudi Arabian Capital Market Authority (CMA) requirements and developed Corporate Governance manual for various entities in line with the CMA requirements.
GRC, A holistic Road Map for Digital transformation
GRC is an evolving set of business management processes that companies use to establish unified business management techniques. GRC technologies introduce a holistic platform for ERM, automated techniques for processes governance and enhanced standards and regulatory compliance processes. Many organisations utilise the GRC platform in the implementation of ISO 27001 in order to obtain more visibility, enable proactive decision-making and of course to increase return on investment (ROI) from compliance. The basics of GRC processes and its features, however, are still unclear for many GRC users. In addition, the integration approach of GRC with other frameworks or standards is currently immature and ineffective; top management’s needs for integration between GRC and ISO 27001 are not a high priority. Compliance with ISO 27001:2013 and its controls is complicated and is both money- and time-consuming. For this reason, the automation of ISO 27001:2013 processes through integration with GRC technology has become a new trend in the information security arena.
Mohamed Mousa is Chief Information Security Officer (CISO) with MSc. In Information security from Royal Holloway University, University of London alongside numerous technical and management professional certificates. For more than 15 years, Mr. Mousa has a wide experience in working with government and private sector, implementing and auditing different Governance, Risk and Compliance (GRC) cyber security frameworks. As CISO, Mr. Mousa has extensive exposure to different Digital Transformation programs, Governance frameworks and international standards in dealing with securing e-commerce channels. Mr. Mousa’ core competencies include Information security management, strategic business orientation, risk management, penetration tests, network security, and business continuity planning and incidents/threats management. Mr. Mousa design and conduct several information security awareness programs in different business models. The last but not least Mr. Mousa was key speaker in different information security conferences around EMEA region and is continually invited to give lectures in different academic forums.
Highly Effective Risk Management in Decision-Making Process
Abstract: Risk Management is a tool that facilitates the accomplishments the goals and objectives of organizations. Risk Management is not an Objective by itself. This fact should be highly considered while taking strategic or day-to day Business Decisions. In short, Risk Management is the process that support taking the right decisions with Risks-in-Minds
Hassan Al Bakri is highly experienced in the field of Risk Management, Compliance and Corporate Governance. He derives his knowledge from practical experience in Financial Investment Companies and Banks in addition to advisory-based companies.
Beside his Bachelor Degree in Business Administration from Damascus University, Hassan has Completed Post-graduate Diploma in Islamic Finance from Kuwait University. He obtained International Advance Certificate in Compliance form International Compliance Association in England as well as Certified Management Accountant (CMA) and Project Management Professional (PMP).
Protecting Against Common Web Application Vulnerabilities
The web application environment is where applications are hosted on web servers to be accessed by users over the web. This architecture is favored across many organizations these days as it has many technological advantages and introduces ease of use and convenience to the users. In today’s environments, statistics are showing that the majority of attacks are happening on the top layers, specifically on web applications, and in order to address security needs properly we need to understand the vulnerabilities and threats associated with web applications and protect against them.
In this webinar we will showcase some of the common web application vulnerabilities and explain how these attacks serve successful against them, we will also have a look at how to countermeasure these attacks with effective controls. Some of the common vulnerabilities that we will talk about are SQL injections attacks, parameter tampering attacks, file injection attacks, and cross-site scripting (XSS).
Alaa Bahrani is a Regional Cyber Security Leader at GE with 14 years of experience in the Information Technology industry. Over the years, he has garnered expertise across the entire software development life cycle, gained in-depth exposure across information security, infrastructure, project management, networks and network security. He has been recognized as an accomplished Information Security professional, having extensive experience with web application security, network security, database security and using secure programming methodologies to clear out vulnerabilities in
Autonomous Threat Detection and Response Orchestration
Deploys cognitive framework, orchestration framework coupled with semantics, machine learning, NLP and neural network technologies to detect known and unknown threats and respond proactively while also reducing false positives significantly. Following are some of the Cyber Security use cases:
User & Entity Behavior
Data Exfiltration Models
Polymorphic Attack Analysis
Reconnaissance, Botnet and C&C analysis
Mr. Aadesh Gawde who is the Co-founder & Principal Engineering & R&D @ ProViseConsulting. Today in ProVise Aadesh, oversees development of ProVise IP platforms in the area of cognitive GRC and Cybersecurity.
Prior to that in his career of about 2 decades Mr. Aadesh had been carrying different roles including those of Innovation, Leadership, Executive Management, Engineering & Consulting in KSA, ME and India as well.
Aadesh has worked in the past with Ernst & Young, Abu Dhabi Police in areas of Governance, Information Security, Computer Forensics and IT Audit services.
He comes with 25+ years of rich experience which he has gained over years having consulted with banks, Telecom companies, energy, government and real estate sector. He has under his belt 500+ IT advisory, risk and compliance, Cybersecurity projects as Project Manager, Subject Matter Expert and Technical lead.
His certifications included CISA, CISM, COBIT, ISO27001LI, ITIL v3 & Prince2 Practitioner.
Tamer El-HossaryConsultant at National Council for Culture, Arts & Literature , Kuwait
Digital Transformation of Corporate (Lean IT governance)
One of the most significant aspects for many organizations elaborate in digital transformation is the creation of shared units to support the entire company. This is mainly to change digital services across organizations. With these units’ organizations will reduce costs associated with digital transformation thanks to the decreased numbers of redundant initiatives, being created in a unique manner and consolidated through only one catalogue.Lean IT Governance is the leadership, organizational structures and streamlined processes to enable IT to work as a partner in sustaining and extending the organization’s ability to produce meaningful value for its customers.
7th of March
Training Workshop: “Use of AI and Machinelearning in GRC”
Instructor: Aadesh Gawde, Co-founder, Evangelist & Principal – R&D and Innovation, Provise, UAE
Workshop Hours: 9:00 am to 1:00 pm (One day, 4 Hours)
Use of AI and Machine learning in GRC:
Governance, Risk and Compliance is eventually all about controls compliance and metrics. The controls could be automated/manual or operating to prevent, detect or deter an underlying threat/risk. Likewise, the metrics can be automated or manually reported can suggest lead or lag indicators. Using modern day cognitive technologies – the GRC capabilities of an organization such Risk Management, Threat Management, Compliance etc. can be automated, orchestrated and eventually and lead to an autonomous state.
Key technologies Data Science, AI, Machine Learning, RPA, NLP will be shown in action in the GRC domain. Similar successful case studies and use cases will be presented and demonstrated during the workshop. The attendees can take away – an high level understanding and direction for applying cognitive technologies in the GRC domain.
250
KWD
350
KWD
150
KWD
If you have any questions, please contact us directly. We will respond for sure.