Conference – Speakers

Nader Qaimari

Chief Product Officer, ISACA

Addressing the Skills Gap (Key Note Speaker)

With millions of jobs unfilled, the skills gap continues to expand – most prominently in tech.  Currently, educational systems around the world are struggling to develop candidates with the skills needed to fill these jobs and it is up to organizations such as ISACA to step in.  With a focus on performance-based learning in areas with the greatest demonstrated need, ISACA’s new initiatives are geared toward helping bridge the gap between learning and work, with ISACA chapters playing an integral role.

Rory Ebanks

Cybersecurity Director, Symptai Consulting Limited

Transforming your Security Team!

The pace at which technology is changing has fueled an onslaught of Transformation trends across all industries. The same technological advances that make Digital Transformation possible are also creating an ever growing cyber-attack surface, ever-connected devices and the ever-growing remote team means more sophisticated ways for attackers to circumvent your IT Security Governance.

Erik van Veenendaal

CEO, TMMi Foundation

Mitigate product risks through TMMi and iSTQB.

Practical experiences from the Curacao Testing Qualifications Board

In 2016 the CTQB was founded with the objective to contribute to the quality of software products being delivered in Curaçao and its region, through better testing to be enabled by enhancing the knowledge and skills of test professionals and to support thefurther development of the testing profession. As CTQB, we soon became a member of the International Software Testing Qualifications Board (ISTQB) and a local chapter for TMMi. Both the ISTQB scheme and TMMi model have been used to improve testing of software systems, including cloud-based systems, but also specifically address security testing. In this presentation the business drivers for this initiative on Curaçao will be explained in the context of the current digital transformation, the methods used (ISTQB, TMMi) will be discussed and explained and also the approach the CTQB used to implement both methods on the island. Finally the results achieved are being presented.

Achievements - Curaçao Chapter

Cai Walters

IT, Cyber and Operational Risk Manager, Central Bank of Curacao

Pursuing Digital Transformation by establishing a strong governance of I&T

In this presentation, Mr. Cai Walters will elaborate about the five forces that are fueling digital transformation and also IT challenges companies are faced with. Companies are forced to get on the wagon or stay behind and end up like companies Blockbuster video, Kodak, Toys R Us or Borders bookstore. During the presentation, various videos will be shown to show the digital transformation at work. In order to structure all that needs to be done to pursue the strategic direction it is important to set up a strong governance structure. In this presentation Mr. Cai Walters will use the body of knowledge of COBIT2019 added by practical tips how to setup the governance of I&T to pursue digital transformation.

Colin Greenland

Executive Chairman, Kaizen Management Consulting

Enhancing effective Governance, Risk and Compliance, through “Cutting Edge” Digital Forensics

Enlightened governance in today’s high-tech world necessitates adroit risk assessments and robust monitoring to mitigate the innumerable and ever increasing vulnerabilities of cyber risks that face the IT systems and networks of organizations. In fact, the ubiquitous use of computers used whether on or off-line, inevitably manifest not only the occurrence of innocent errors, but also a plethora of malevolent schemes conjured up continuously by cyber criminals to secure ill-gotten gains.

Cyber risks can not only seriously undermine an organization’s stated objectives, but can be devastating to its continued existence unless effective management of these vulnerabilities are constantly employed to secure the entity’s assets and resources. Utilizing “Cutting Edge” Digital Forensics can greatly enhance an organization’s efforts and overall capability to conduct proficient and effective Governance, Risk, and Compliance strategies in the pursuit of satisfying stakeholders’ expectations.

Polly Pickering

Digital Cayman Executive Committee Member & Managing Director, eShore Ltd (Cayman)

A Kick in the APP.  How fraudsters are using platforms like AirBnB and Uber to Launder Cyber Criminal Funds

Cybercriminals are turning to household mainstream apps to launder their ill-gotten gains, including recruiting fake Uber drivers, shady Airbnb hosts and crypto conversion specialists via the underground dark web. Criminals are also ramping up older methods of money laundering, including buying gift cards and reselling them for a fraction of their price on the internet, and relying on bank insiders to filter their funds through legitimate accounts and credit lines. 

This July 22nd ISACA all around talk will shine a light on the layering of ill-gotten cyber crime funds and how ransom dollars filter into digital economies while also exploring the usual suspects and traits of most well-known entry point, phishing attacks.

Javed Samuel

Blockchain Technical Advisor, Pinaka Consulting Limited

How Can I Use Blockchain Securely?

Blockchain has been a topic of interest over the past few years. Blockchain technology is based on distributed and secure protocols that allow data blocks to be generated, added and validated by the network and provide security guarantees such as immutability. Many industries can potentially benefit from blockchain technology innovations related to data access, security and managing transactions within digital platforms. The amount of innovation under the blockchain umbrella is remarkable and introduces novel and exciting bug classes around a variety of areas such as consensus implementations, protocols and cryptography and must be accounted as part of a blockchain deployment. During this talk we review some of these bug classes and how they have been mitigated. We would also have some thoughts on possible areas that could be sources of blockchain related bugs in the future.

Dr. Damion McIntosh

Risk Expert, Auburn University

Digital transformation in financial services for Good Governance and Effective Regulatory and Standards Compliance

Effective risk management is a primary component of financial services firms’ comprehensive corporate governance frameworks. In addition to ensuring shareholder wealth maximization and debtholder return optimization, robust risk management facilitates sustainable compliance with financial services regulatory and other standard (internal and external) requirements.

Therefore, the influence of risk management is critical in its far-and wide-reaching effects. Yet, effective risk management demands it to be proactive, real time, comprehensive and accompanied by requisite technical capacities. These are characteristics that have evolved over time in financial services firms but have been verifiably driven through digital transformation of risk management infrastructures.

The transformation has been hastened by current trends in financial services such as climate risk, blockchain and crypto assets, and cybersecurity, but also more immediate issues such as sustainability and resiliency during economic shocks suchas COVID-19 pandemic. As a result, the pace of digital transformation in financial services will not reduce but will intensify as technology continues to innovate.

Chukwuemeka Cameron

Attorney and Founder, Design Privacy

Data Privacy Assessment of the NIDS Bill – how it will affect businesses and individuals

This paper analyses the extent to which the current NIDs bill protects the right to informational privacy of Jamaican citizens by assessing the extent to which the bill has conformed with or implemented the data processing standards prescribed by the Data Protection Act. In assessing the NIDs bill we also reference the ISO 27701 standard that captures the data privacy principles prescribed in the GDPR. In conducting this assessment we found that the legislature went to great extents in observing the data processing standards prescribed by the Data Protection Act and enabled data subject rights provided by the legislation. The bill however, chose to mandate some of the data processing standards while remaining silent on others. One such issue that the legislation remained silent on or did not go far enough with is the second data processing standard. On the flip side, a significant amount of time was spent on ensuring the fourth data processing standard was observed.

Having completed the assessment we briefly look at how the NIDS bill will affect businesses and individuals. We conclude that, when one looks at the NIDs bill as part of the legislative framework that the government is building out, the opportunities for companies to create internal efficiencies in their business has now become much easier.

Samantha Simms Digital Compliance Attorney & CEO, The Informative Collective

Deriving Commercial Benefit from Investment in Data Privacy Compliance.

The global COVID-19 pandemic has accelerated digitization and heralded a new digital era where personal data is core to business activities. In the Jamaican post COVID economy, personal data is not just a business risk that needs to be protected in line with data privacy and security rules. Globally, forward-thinking companies embrace personal data as a business asset. Data privacy and security compliance is the foundation for Jamaican businesses to navigate this global digital terrain successfully.

Simply put: Jamaican businesses that fail to invest in data privacy compliance will not succeed in the 2020s digital economy. The majority of Jamaican companies are now unprepared for this expansion into a data-driven economy, known as the 4th industrial revolution.

During this 25-minute presentation, Samantha Simms, global data privacy attorney and strategist, will guide Jamaican company executives through the risks and opportunities of personal data, drawing upon her experience of positioning world-leading companies in the UK and US to use data privacy compliance as a commercial and ethical differentiator. Join this session to hear best practices on:

• Data privacy compliance as a competitive advantage;

• The investment required to comply with the Data ProtectionAct 2020; and

• How companies globally are deriving a return on their investment in data privacy compliance.

Andrea Swaby Deputy Director of Public Prosecutions, Office of the Director of Public Prosecutions

Data Protection Law – Information Security in the 21st Century

The Data Protection Act 2020 introduces statutory obligations which have implications for persons who manage the processing of the personal data of individuals. This legislation is far reaching in so far as there are now statutory obligations in respect of implementing appropriate organizational and technical measures where the personal data of individuals is being processed. Such statutory obligations extend to utilizing measures such as encryption, pseudonymization of personal data; implementing measures which guarantees the recovery of such data in a timely manner in the event of an incident which results in the loss or destruction of data. IT professionals will play a key role in the processing of data on behalf of data controllers as well as managing the security of their information systems. In this presentation, we will explore the implications of the Data Protection Act 2020 in terms of the rights given to data subjects and the responsibilities of data controllers.

David Hall Managing Director, DC Consultants & Associates

Information and Technology Risks within the context of the company’s ERM Framework and Digital Transformation Programme

Enterprise Risk Management (ERM) is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives” (COSO, 2004).

ERM is characterized by systematic management practices to assess, monitor and respond to risks eg. Information, technology, financial, operational, compliance and strategic, using an appropriate risk management framework. Both the public and provide sectors have drafted Corporate Governance codes which guide companies in implementing sound Corporate Governance frameworks, which include Enterprise Risk Management and Internal Controls.

The Chief Information Officer should identify, assess, respond, monitor and report on the Information and Technology risks within the context of the company’s Risk Appetite and  Enterprise Risk Management Framework.

Ronald McLean Group IT Internal Audit Manager, Guardian Group T&T

Are we adequately measuring IT Risk to meet the Business Needs?

Many times, it is expected that IT Risk management quantifies IT risks in terms of dollars and cents so that the Board / Shareholder Management can properly ascertain how best to mitigate. But are we really measuring the risks correctly? Is our estimate of time-cost potential losses the best guess in these changing times or do we include a practical (or qualitative) estimate as well? Do we properly evaluate compensatory controls with all the changes in emerging technologies?

Join me in a discussion to hear some of the finer points to consider in Risk Management of IT as well as what experts are saying to help support Information and Technology Risk professionals.