SIGS Roundtable
GRC –
Best Practices & Lessons Learned
Join us on July 12th, 2023 and earn 3.0 CPEs
(registration will be closed July 11th, 2023 and is limited to 20 participants)
'Member' requested roundtable Discussion
Hannes Lubich invites: let's redifine GRC
- The professor emeritus, born in 1961, is an expert in cyber security and has more than 30 years of experience in the areas of IT service management, IT security and risk management. Hannes P. Lubich worked as a researcher and lecturer at the ETH in Zurich and was instrumental in setting up the Internet and the CERT in Switzerland. He later served at Bank Julius Baer as Chief Information Security Officer and as a strategy consultant at Computer Associates and British Telecom. From 2009 to 2019 he held a professorship for ICT System & Service Management at the University of Applied Sciences Northwestern Switzerland and taught at the ETH Zurich until 2014 and at the Norwegian Technical and Natural Science University (NTNU) until 2018.
As always: sales peoples (incl. CEO's and Founders), vendors, consulting companies like the big4 and all peoples who just like to sell their products or services are not allowed to take part at SIGS events. In addition - at this special platform - only participants from end customers are admitted.
Location Sponsor
LOCATION
BearingPoint
Pfingstweidstrasse 60
8005 Zürich
Pfingstweidstrasse 60
8005 Zürich
Date & Time
July 12th, 2023
2:00 pm - 5:00 pm
2:00 pm - 5:00 pm
Participation Fee
We request EUR 55.-- during the registration. You will get your money back if you where there.
Schedule
2:00 pm
Short introduction from Hannes Lubich
In many organizations, the systematic handling of operational and conceptual risks within the framework of corporate governance and compliance on the basis of corresponding legal and regulatory requirements is more of an art than a well-established practice – there are often large gaps between requirements, supposed “best practices” and corresponding checklists on the one hand, and the lived reality with its practical constraints, relevant conditions and conflicts of interest on the other hand. It is less a question of whether anything should be done in the GRC area at all, but rather how the respective "good enough" status is defined, how it can be achieved and how it can be maintained in the face of ever-changing requirements. There are enough theories, methods and tools for this, but the implementation in practice shows that there is a broad gray area between the maximum demand and "sitting out" the status quo, in which personal experience of proven and less suitable approaches plays a greater role than following a "textbook approach".
Within this context, it makes sense to invite practitioners from various affected areas (governance, risk management, compliance, audit, service management, project management, information security, data protection, etc.) to an informal exchange of experiences, opinions and open questions, to learn from each other and, if necessary, to identify ideas for new or changed solutions in your own company. The focus should not be on products, new control tools or checklists, but on approaches, procedures and measures that have proven to be particularly effective (or not) compared to other methods and tools.
Roundtable Discussion moderated by Hannes Lubich and Jürgen Stückle, Cyber Security Advisor at BearingPoint
In many organizations, the systematic handling of operational and conceptual risks within the framework of corporate governance and compliance on the basis of corresponding legal and regulatory requirements is more of an art than a well-established practice – there are often large gaps between requirements, supposed “best practices” and corresponding checklists on the one hand, and the lived reality with its practical constraints, relevant conditions and conflicts of interest on the other hand. It is less a question of whether anything should be done in the GRC area at all, but rather how the respective "good enough" status is defined, how it can be achieved and how it can be maintained in the face of ever-changing requirements. There are enough theories, methods and tools for this, but the implementation in practice shows that there is a broad gray area between the maximum demand and "sitting out" the status quo, in which personal experience of proven and less suitable approaches plays a greater role than following a "textbook approach".
Within this context, it makes sense to invite practitioners from various affected areas (governance, risk management, compliance, audit, service management, project management, information security, data protection, etc.) to an informal exchange of experiences, opinions and open questions, to learn from each other and, if necessary, to identify ideas for new or changed solutions in your own company. The focus should not be on products, new control tools or checklists, but on approaches, procedures and measures that have proven to be particularly effective (or not) compared to other methods and tools.
Roundtable Discussion moderated by Hannes Lubich and Jürgen Stückle, Cyber Security Advisor at BearingPoint
3:30 PM
Coffee break
5:00 PM
End of Roundtalbe Discussion and Apéro
Contributors & Moderators
Below you will find our contributors and moderators to whom we say a big thank you !
Hannes Lubich
.
.
Jürgen Stückle
Cyber Security Advisor at BearingPoint
Further information at Jürgen Stückle | LinkedIn
Contact Us
If you have any questions or you like to get information about further SIGS Events, please do not hesitate to contact us!