GUIDELINES ON MANAGEMENT OF IT ENVIRONMENT (GPIS 1) Monday –Tuesday 13 – 14 April 2009 Kuala Lumpur 14 CPE credit hours for CRP holders INSTITUT BANK-BANK MALAYSIA participants will be able to: • • • • describe the fundamentals of BNM GPIS 1 apply security and control measures that are aligned to BNM GPIS 1 evaluate an effective and/or efficient implementation of the guideline consider possible security implementation concerns • Introduction ° ° ° Purpose and scope of guidelines Structure of the document Comparisons with other sources of infosecurity guidelines • Board and Management Oversight ° Board of directors Senior management IT steering committee IT strategic planning Organisation structure Internal controls Policies and procedures Documentation Information confidentiality and ownership Manpower and training Code of ethics System availability Business resumption and contingency plan Project management IT sourcing management Internal audit and audit committee K E Y T O P I C S ° ° ° ° ° ° ° ° ° ° ° ° ° ° ° • System Security ° ° ° ° ° ° ° ° Policy procedures and awareness Authentication management Log-in control Logical access Activity monitoring Data and database controls Application controls Encryption .O B J E C T I V E S Upon completion of the programme. • System Development ° ° ° ° ° ° ° ° Project management Standards and procedures Program change management Testing Program migration Source codes conversion and maintenance Post implementation review Data integrity K E Y T O P I C S • Operations ° ° ° ° Standards and procedures Maintenance of computer centre Monitoring of operational activities Emergency procedures • Communication Network ° ° ° ° ° Standards and procedures Network design Network operations Access controls Activity monitoring • Business Resumption and Contingency Plan ° ° ° ° Organisational planning Business impact analysis Contingency planning Testing. case study and group discussions. information systems security. officers and personnel of financial institutions responsible for IT governance. compliance and audit. Managers. A P P R O A C H . validation and continuous improvement T A R G E T A U D I E N C E Lectures. 00 am – 5. Malaysia. He is currently an independent systems security advisor and Director of Ixaris Sdn Bhd.250 Non-Member : RM1. Participants should be free of their professional obligations for the duration of the programme. BSc (Hons) Computerised Accountancy. Ronald has over 13 years of experience in Europe and Asia in the review. PricewaterhouseCoopers. without the obligation of providing any reason. A D M I N I S T R A T I V E D E T A I L S Attire Fee Closing date Enquiries Nominations Monday.my The intensive nature of IBBM programmes requires the participants’ full undivided attention and attendance at all sessions. 5 Jalan Semantan Damansara Heights 50490 Kuala Lumpur Fax : 03-2095 7822 Email : lead@ibbm. 5 Jalan Semantan Damansara Heights 50490 Kuala Lumpur Office attire STF Member : RM750 IBBM Member : RM1. design and implementation of trusted security systems with specialisation in trusted systems. Date Time Venue Monday – Tuesday. Payment of fees must be made BEFORE commencement of the programme. Ronald has worked on security and control assignments using a number of leading-edge technologies in a variety of industries and environments. 13 – 14 April 2009 9. The Executive (Learning Solution 3) Institut Bank-Bank Malaysia Wisma IBI. networking and telecommunications. He was formerly a Managing Consultant heading the Technology Risk Services team. IBBM reserves the right to decline any nomination.500 The above fee includes programme materials. Certified Information Systems Security Practitioner (CISSP – ISC2 United States of America).00 pm Institut Bank-Bank Malaysia Wisma IBI. He is also a regular trainer for Institut Bank-Bank Malaysia and has spoken at other conferences for the Information Systems Audit and Control Association (ISACA) and the Asia Business Forum. Kindly address nomination form(s) to Commitment to programme . He was involved in numerous IT security reviews within the resource protection services industry and e-business systems implementations for various commercial and government organisations. 30 March 2009 Kindly contact Suhaifie / Rahmat at 03-2095 8922 (ext 166 / 142).org. Certified Information Systems S P E A K E R Auditor (CISA United States of America). lunch and refreshments. Participation is limited to 16 pax on a first-come-first-served basis.Mr Ronald Yap. Confirmation of participation is by way of official notification from the Institute. (Mandatory) Individual Membership No. Payment of fees must be made BEFORE commencement of the programme Chinese Indian Others Bank Draft/Cheque No RM Tel Fax Please photocopy for additional participants. no substitution of participant(s) will be allowed for the duration of the programme. which must be in writing. prior to the programme’s commencement date.Notice of withdrawal: Unless written notice of withdrawal is received before the closing date of the programme. (Mandatory) Individual Membership No. REGISTRATION FORM G UIDELINES ON M ANAGEMENT OF IT E NVIRONMENT (GPIS 1) 13 – 14 April 2009 Please register the following participant(s) for the above programme.50/0. The Institute reserves the right to make changes to the schedules. (if any) Ethnic Group Please tick (√) where appropriate Designation and Department Email Name of Organisation Address of Organisation Bumiputra Malay Bumiputra Others - - FEE Please make bank draft/cheque payable to INSTITUT BANK-BANK MALAYSIA. Please complete and return this form to the Institute before 30 March 2009 . However. Please include additional RM0. the full fee is still due in the event of non-attendance. venue or cancel the event altogether. whichever is higher. (if any) Eithnic Group Please tick (√) where appropriate Designation and Department Email Name of Organisation Address of Organisation Tel Bumiputra Malay Bumiputra Others - - Chinese Indian Others Name & Signature of Nominating Officer (Please stamp) Name & Address of Nominating Organisation (Please stamp) Fax Participant 2 Name New NRIC No. Participant 1 Name New NRIC No.03% of the amount. for outstation draft/cheque. The Institute accepts replacement(s).