PIA: A Privacy Impact Assessment (PIA) is a key assessment process that defines the requirements as it helps organizations evaluate the impact a business may have on the privacy of the individuals involved and ensures compliance with various Privacy benchmarks.

Organizations are required to perform a PIA where the processing of personal data involves a high risk to the rights and freedoms of individuals. The need for PIA has also been defined as required when there is a “Systematic and extensive evaluation” of personal assets, or “large scale” processing involved. A PIA will be required for automated data processing activities, including:

• Profiling leads to decisions that produce legal effects for the individual.
• Large-scale processing of certain types of data.
• Systematic monitoring of a publicly accessible area on a large scale.

Takeaways

• The background to PIAs
• Types of data processing operations that require a data protection impact assessment
• Legal provisions
• Assessing risk
• Hands-on PIA on case studies pertaining to business domains like manufacturing, Airlines, Healthcare, Ed Tech, and Pharma
• Template PIA for you to use for future projects

Target Audience

• Privacy Professionals
• Security Professionals
• Information Managers
• Data Protection Officers
• Auditors

Duration: 8 Hours

Pre-requisites

• Basic understanding of Privacy
• Exposure to Risk management
• Knowledge of information security management

Requirements

• Laptop with MS Office tools
• USB port enabled for copy files or internet dongle to download files from shared drives

Facilitators:

Mahesh Balakrishnan. CGEIT | CRISC | CISM | CISA | CDPSE |CIPM | COBIT 5 FIA | ISO 27001 LA

Mahesh Balakrishnan is a senior professional with over 2 decades of experience encompassing IT Governance, Risk Management,Compliance, Data Privacy, Cyber Law, and Cyber Forensics.

Key responsibilities include supporting Customers in GDPR, CCPA, HIPAA, ISAE 3402/SSAE18 Compliance, TPRM, Privacy Risk Assessments, and Information Systems Security Audit

Vaidyanathan Chandramouli. CISA | MBCI | TOGAF | ISMA LA | BCMS LA | PIMS LI | DCPP

Vaidyanathan is a techno-management leader with over twenty-five years of rich and extensive experience in the information technology industry. His area of expertise, Governance Risk & Compliance; Business Continuity Management; Internal Controls, and operational excellence Vaidyanathan is currently a Cybersecurity Architect providing strategic advisory on Cyber Security, Resilience, and Risk Management to global customers. Prior to this role,he was leading the business Continuity program for the enterprise. He was responsible for ensuring the resilience of operations during a disruption in terms of people, technology, and facilities

The FAIR Model workshop is designed to help participants to gain a good understanding of

• FAIR Model, Terminology, and ontology
• Understand Cyber Risk in different scenarios
• Quantifying Cyber Risk using FAIR model in different scenarios

The workshop involves leveraging the practical experience of participants in analyzing the day-to-day

scenarios and applying the FAIR Model to quantify Cyber Risk compared to using only qualitative approaches.

Takeaways

The following are the key takeaways for the workshop participants:

• Significance and superiority of the FAIR Model over other quantitative risk management techniques
• Challenges involved when applying the FAIR Model
• Experiential learning on Cyber Risk quantification in different scenarios

Target Audience

• Participants with experience in the following areas
  • Risk Management
  • Cybersecurity
  • Compliance with various standards
  • Threat intelligence

Duration: 8 Hours

Benefits

• Gain awareness and understanding of the FAIR Model and its different components Understand, how to apply the FAIR model for quantifying risk in different scenarios
• Gain valuable insights into different perspectives of peers / workshop participants on Cyber Risk and different relevant contexts

Pre-requisites (recommended)

• Experience of working in Risk Management / Cybersecurity areas
• Good understanding of
  • Incident Response process / activities
  • Cybersecurity Ecosystem
  • Cyber Liability Insurance
• Exposure to Cyber Threat Intelligence
• Basic understanding of FAIR Model and its components

Requirements:

• Laptop with MS Teams
• Internet connectivity
• Flip Charts, Markers
• Beamer

Michael Kullmann

• Co-Founder – Next Edge Technologies GmbH, a consulting services company based in Frankfurt, Germany
• A long-time consultant, certified trainer and coach with 25+ years of experience who knows how to inspire his customers and training participants for new topics and approaches.
• He worked for global Consultancies in helping Finance & Banking, Automotive, Software, Pharma and other industries and branches to improve their processes, efficiency and resilience as well as to apply modern work culture.
• His main areas of expertise are ITIL incl. IT Security and IT Service Continuity /Business Continuity, Risk Management, Agile, and DevOps.

Uma Mudigonda

• Founder: RHYM Technologies LLP – a cyber security platform and services company based in Hyderabad, India
• Co-Founder – Next Edge Technologies GmbH, a consulting services company based in Frankfurt, Germany
• ISACA Member holding CGEIT Certification and held CISA Certification in the past
• An entrepreneur and business leader with more than three decades of experience in Information Technology industry. Having worked in multi-cultural environments across the globe.
• His expertise is helping customer build resilient business with cybersecurity solutions and using artificial intelligence for business problem solving, as well as delivering large consulting and transformation programmes.

Note: This workshop registration is currently closed.

 

Workshop Description Several organizations have implemented Cloud in the last couple of years and are still groping in the dark as to the responsibilities of Information Security in the cloud. Cloud computing security, i.e., Cloud Security refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security. Cloud computing and storage provide users with capabilities to store and process their data in third-party data centers. Organizations use the cloud in a variety of different service models (with acronyms such as SaaS, PaaS, and IaaS) and deployment models (private, public, hybrid, and community). Security concerns associated with cloud computing fall into two broad categories: security issues faced by cloud providers (organizations providing software, platform, or infrastructure-as-a-service via the cloud) and security issues faced by their customers (companies or organizations who host applications or store data on the cloud). Security is a shared responsibility between the Cloud Service Provider and the Customer. The provider must ensure that their infrastructure is secure and that their client’s data and applications are protected, while the user must take measures to fortify their application and use strong passwords and authentication measures. Takeaways At the conclusion of this course, attendees will be able to understand:

• Overall high-level understanding of the Cloud
• Regulatory Guidelines on Cloud Implementation
• Cloud Control Matrix latest version: High-level overview
• Key Controls on AWS - 50 CIS controls checklist implementation
• Security ‘in’ the cloud and ‘of’ the cloud

Duration: 8 Hours Course Content(4 sessions of 90 minutes each) Module Topics & Contents Details M1 Demystifying the Cloud The following subtopics will be covered in this module o Background o Deployment & Service models o Advantages of the cloud o Governments/RBI and the Cloud M2 Cloud Security & Audit The shared responsibility model, security of the cloud and in the cloud as well as various certifications, etc will be covered. The overview of containerization, Kubernetes etc at a high level will be introduced for the same o ISACA Audit program, the various tools used, o ISO Controls specific to Cloud o Overview of CCM, CAIQ of CSA will be discussed @ intermediary level o CSA STAR assessment M3 AWS Audit Hands-on Part-1 · Understanding the various services of AWS o Overview o Compute o Storage o Database Services o Security, Network & Content delivery o Management and Governance o CIS benchmarks etc controls Ver 1.4.0 key controls 59 total controls o Identity and Access Management o Other services under Security Identity & Compliance M4 AWS Audit Hands-on Part-2 · Understand Storage & related security o Management & Governance Module o Networking Security o Disaster Recovery as a Service o Self-Assessment     Pre-requisites None. Requirements: Participants will have to carry their laptops. It’s advisable to get personal laptops and not corporate laptops. The AWS link should not be blocked on the corporate laptops Facilitator: Nanda Mohan Shenoy Education

• CDPSE & CISA, ISACA
• Possess the Banking qualification CAIIB from India
• Holds a Post Graduate Diploma in Industrial Relations and Personnel Management
• A Lead Auditor for ISO 27001:2013.
• Seasoned Banking & Information Security Professional

Experience

• More than 30 Years of experience in the entire Banking and Financial Services and Insurance (BFSI) segment with a deep understanding of Business, Operations, Technology, and Information Security.
• Held Leadership positions in BNP Paribas India, Global Trust Bank, and Bharat Overseas Bank
• Worked across multiple verticals, like Operations, Information Technology & Business, and Products like Private Banking, Mutual Funds, Insurance, etc.
• Has a hands-on experience in Audit of AWS, Azure & Google Cloud with organizations in the BFSI Sector

Specialization

• Data Privacy and Cyber security
• Supported Bureau Veritas India, the certification body as a Subject Matter expert for the ISO 27701:2019 (the Privacy Management Information Systems (PIMS) certification) for Infosys.
• Addressed the Board and the Senior Management of the various Banks/ NBFC /Other Financial Institutions on the Information and Cyber Security Risk (IndusInd Bank, Tata Capital, SVC Bank, SBI Life Insurance, etc) as well as Privacy Issues.

Deliverables

• He has trained more than 400 senior management personnel in Aadhaar Compliance
• He was the keynote speaker on Asian Privacy Laws in Da Nang
• He was invited by the Securities Board of Vietnam to deliver a keynote on India Aadhaar adoption of Capital markets in 2019
• He also is one of the popular Quiz masters at the ISACA Conferences