11th Security Management Audit Forum SEMAFOR

Information Security Management:
• Leadership and interpersonal aspects in information security,
• Privacy issues and solutions
• Standards - PCI DSS, ISO 27000 / 22301 / 19770 / 31000, COBIT,
• IT Governance challenges,
• Business continuity,
• SOC building challenges,
• New challenges of computer forensics (cloud, mobile, anonymity, digital proof).

IT Audit:
• Audit in a changing world (globalization, offshoring, outsourcing, Cloud),
• Risk based audit and value added audit,
• Practical use of COBIT,
• Interpersonal aspects – how to solve difficult problems during an IT audit,
• Cooperation between the auditor and the audited entity,
• Practical elements of audit – e.g. auditing ERP, DBMS and OS, auditing privacy-by-design and privacy-by-default,
• Software Asset Management auditing and project auditing.

Cybersecurity:
• Incident management and incident response,
• Threat Intelligence and Threat Hunting,
• Automation in cybersecurity processes,
• Internet of Things challenges,
• Mobile networks security,
• Hacking, web-based attacks.

The KPMG expert, Marcin Strzałek (Cyber Security Department) will conduct a lecture in part of conference about technical aspects of safety with the topic: Risk versus Marketing – technical evaluation of vulnerability. During presentation will be shown technical aspects of vulnerability, especially from last year, the real risk of it and how we can protect from making the same mistakes in the future. At the end of the lecture everyone will try to define if each vulnerability has to have domain, logo or catchy name and if this marketing can have the positive impact on our safety.