Strengthening information security in banking, superannuation & financial services
Conference Date
Friday 3rd May 2019
Location
Novotel Sydney Central
Early Bird - Save $100
Book by 12/04/19
Add to calendar

Agenda

Print

Day 1 - Friday 3rd May, 2019

8:30
Registration, coffee & networking
9:00
Welcome remarks from the Chair
9:10
KEYNOTE: APRA’s Information Security standard: the regulatory perspective
Andre Kreicers
Head of IT Risk
Australian Prudential Regulation Authority (APRA)
9:50
ROUNDTABLE DISCUSSION: CPS 234 compliance & beyond

Discuss in groups of peers:

  • Current approaches to CPS 234 compliance
  • What are the biggest challenges in building an effective information security framework?
  • What can be done to stay agile to the constantly shifting threat landscape?
10:30
Morning tea & networking
11:00
PANEL DISCUSSION: Responding to the first cross-industry information security standard – where are we up to?
  • Implementing the standard with confidence
  • How can we guarantee certainty of outcomes across all levels of maturity in the industry?
  • Addressing the lack of materiality threshold
Tommy Kiang
Senior Policy Manager
Customer Owned Banking Association
Damien Jeffree
Director of Policy
The Australian Financial Markets Association
11:40
PANEL DISCUSSION: CPS 234 in practice: What next for information security?
  • What is different in the standard and how has it impacted the three lines of defence?
  • How much investment is enough?
  • Sharing examples of defining information security-related roles and responsibilities of the board, senior management, governing bodies and individuals
  • How do we embed information security functions into systems and processes to give the board confidence
  • How can we effectively communicate the risk to the board – translating the technical
  • Where are we at now and how can we benchmark going forward?
Wilson Chiu
Head of Security
Police Bank
Greg Booker
Chief Information Officer
RACQ
Jean-Baptiste Bres
Chief Information Security Officer
State Plus
12:20
Building an information security policy framework that is agile to changing threats
  • Conducting a gap analysis in current processes & reprioritising information security strategy
  • Asset classification strategies
  • Developing robust procedures for information security incidents
  • The journey to information security maturity – lessons learnt
Jean-Baptiste Bres
Chief Information Security Officer
State Plus
1:00
Networking lunch
2:00
Maintaining compliance with standard CPS 234: Approaches to control testing & assurance

Speakers to be confirmed

2:40
Building an information security framework
  • Creating a data matrix for criticality and classification
  • Monitoring the effectiveness of controls
  • Working with third parties to ensure compliance
Grant Slender
Head of Security, Cloud and Support & Chief Information Security Officer
Queensland Investment Corporation (QIC)
3:20
Afternoon tea & networking
3:40
PANEL DISCUSSION: Approachess to third party testing & assurance
  • Determining materiality – what is going to be acceptable to APRA?
  • What are the interpretations of the requirements
  • Understanding the sensitivity and criticality of assets
  • Current approaches to third party assessment
  • Giving clear guidance to third parties on what evidence will be required and how to demonstrate capability
Grant Slender
Head of Security, Cloud and Support & Chief Information Security Officer
Queensland Investment Corporation (QIC)
Matt Duus
Cyber Security Assurance Manager
Bank of Queensland
Shaun Martin
Senior Manager - IT Security
First State Super
4:20
PANEL DISCUSSION: CPS 234: what has changed for audit, risk & compliance
  • What are the skills and capabilities required to effectively audit CPS 234 information security
  • Internal vs external audit – comparing approaches
  • What are the expectations of audit?
  • Understanding what is required by the regulator, senior management and the board
Basil Foulkes
Chief Risk Officer
Sydney Credit Union
Malcolm Webster
Chief Risk Officer
Endeavour Mutual Bank
5:00
Closing remarks from the Chair and close of conference
Back to Top

Key Speakers

Andre Kreicers
Head of IT Risk
Australian Prudential Regulation Authority (APRA)
Jean-Baptiste Bres
Chief Information Security Officer
State Plus
Greg Booker
Chief Information Officer
RACQ
Wilson Chiu
Head of Security
Police Bank