RSS I  I  I  I  E-Newsletter                             

 - Please note that CIPS is currently receiving a high volume of inquiries and applications. We thank you for your patience - 

CIPS ON London Feb 5th Luncheon: "Why are Organizations that are compliant experiencing data breaches?"
Date: 
Thu, 02/05/2015
Event Location: 
(London)

As part of CIPS IT Professionalism week, we would like to invite you to join our new CIPS Ontario Vice President, Bashir Fancy, I.S.P., ITCP, Managing Director at Corporate Solutions for a luncheon and discussion on how you can avoid data breaches effectively.

Why are Organizations that are compliant experiencing data breaches?

At this presentation you will hear from Bashir Fancy, former EVP of Visa, who was directly involved with the development of the AIS-DSS (now PCI-DSS) standards, as to what challenges were intended to be addressed by it.  You will hear how Organizations and QSA are eager to either receive ROC or issue the same, whilst the Enterprise may not have enhanced its security posture.  All major compromises involved Organizations that were supposedly PCI compliant (at least they were in possession of compliance paper -ROC).  The question we will address is how this can happen and what should the Organizations do to protect themselves.

You will hear about the key changes in PCI-DSS 3.0 that appear to be minor on surface but are going to be difficult to meet.  Bashir will share with you the best way to approach these challenges as part of your enterprise security.

It is not the PCI-DSS standard that is the problem, but how Organizations are approaching it.  PCI-DSS is being approached as a onetime compliance matter rather than a risk based security journey.  Organizations are happy to get a piece of paper declaring that they are “PCI compliant” rather than becoming secure. Corporate pressures, cost reduction, organization structure and also the culture play a significant role in declaring that “PCI compliance” is preferable, less costly in the short term and comparatively easier to achieve.

PCI-DSS needs to be fully interwoven into Enterprise security and culture.  Developments in technology, operations, company’s new products, new employees, acquisitions continue to create new exposures and Organization culture must reflect that if they are going to be successful.  The checklist/compliance approach used by many Organizations requires them to be lucky every time to be safe, but the criminals have to be lucky only once in order to cause major financial and brand damage.  Whilst there is a lot of discussion about the external threat, similar emphasis and oversight is not in place on the internal side.  It is a well-known fact that there is a significant internal component involved in a lot of these compromises and therefore criminals may not have too much luck as they may already know the weaknesses.

You will hear how CIPS can help you better understand these challenges from a professional and ethical approach that has integrity inherently built in as well as how members can take advantage of extremely knowledgeable and experienced people on the Board and part of the membership that are sought after in the Industry.

Security never was and will never be a onetime effort.  There are no silver bullets for security but incremental layering of those safeguards combined with education and culture can play a key role in enhancing security.

Event details – February 5, 2015

11:30 am   –      Registration, Networking and lunch

12:00 pm -1:30 pm – Introductions and Speaker Presentation

 

Location:  

533 Clarence Street, Main Boardroom, 2nd Floor, London, Ontario

Park in the south end parking lot

  

Event Cost:

$20 for CIPS, PMI, TechAlliance members and all friends

 

About Bashir Fancy:

Bashir has a very broad and extensive global experience that spans Finance, technology, Operations, Security, Audit, Governance and Marketing & Sales at executive levels that include Air Canada, the Supermarket Group, Citibank, SNS (Emergis – acquired by BCE and later absorbed into TELUS, Visa Canada, Visa International, Deloitte & Touche, Grant Thornton and Corporate Solutions & Services Inc.

After taking early retirement from Visa International, Bashir formed his own consulting firm to assist some of his former employers, and also assisted Organizations including the World Bank, Visa, Deloitte & Touche, Grant Thornton, Halifax Airport Authority, Rogers, Bell Aliant, the Federal Government and major retail Organizations. He also spent a lot of time helping non-profit charities such as “Friends of the Mississauga Library System “where he is the Treasurer on the Board (volunteer position) and their mission is to promote literacy.

Bashir joined CIPS in the mid-1980s attaining his I.S.P. certification in 1989.  According to Bashir, CIPS had a very good value proposition and an excellent reputation.  The I.S.P. designation enabled him to be recognized by employers, potential employers or Organizations he worked with, giving them a reasonable comfort level that he had met a high standard of IT profession that could be relied on.

Please join us for what promises to be a very engaging event.  Click here to reserve your spot or
to help with our planning and early registrations, please Buy now.

 

On behalf of CIPS we thank you for your ongoing support and look forward to seeing you soon!

  

CIPS Corporate Partners

The following organizations support CIPS' commitment to professionalism, ethics, and high standards for the I.T. profession. CIPS thanks all its partners for their contribution. Become a CIPS Corporate Partner Today! - Send an email to info@cips.ca.


RocketTheme Drupal Themes