GUIDELINES ON MANAGEMENT OF IT ENVIRONMENT (GPIS 1)

Monday Tuesday 13 14 April 2009 Kuala Lumpur

14 CPE credit hours for CRP holders

INSTITUT BANK-BANK MALAYSIA

O B J E C T I V E S

Upon completion of the programme, participants will be able to:

describe the fundamentals of BNM GPIS 1 apply security and control measures that are aligned to BNM GPIS 1 evaluate an effective and/or efficient implementation of the guideline consider possible security implementation concerns

Introduction

Purpose and scope of guidelines Structure of the document Comparisons with other sources of infosecurity guidelines

Board and Management Oversight

Board of directors Senior management IT steering committee IT strategic planning Organisation structure Internal controls Policies and procedures Documentation Information confidentiality and ownership Manpower and training Code of ethics System availability Business resumption and contingency plan Project management IT sourcing management Internal audit and audit committee

K E Y T O P I C S

System Security

Policy procedures and awareness Authentication management Log-in control Logical access Activity monitoring Data and database controls Application controls Encryption

System Development

Project management Standards and procedures Program change management Testing Program migration Source codes conversion and maintenance Post implementation review Data integrity

K E Y T O P I C S

Operations

Standards and procedures Maintenance of computer centre Monitoring of operational activities Emergency procedures

Communication Network

Standards and procedures Network design Network operations Access controls Activity monitoring

Business Resumption and Contingency Plan

Organisational planning Business impact analysis Contingency planning Testing, validation and continuous improvement

T A R G E T

A U D I E N C E

Lectures, case study and group discussions.

Managers, officers and personnel of financial institutions responsible for IT governance, information systems security, compliance and audit.

A P P R O A C H

Mr Ronald Yap, BSc (Hons) Computerised Accountancy, Certified Information Systems

S P E A K E R

Auditor (CISA United States of America), Certified Information Systems Security Practitioner (CISSP ISC2 United States of America). He was formerly a Managing Consultant heading the Technology Risk Services team, PricewaterhouseCoopers, Malaysia. He is currently an independent systems security advisor and Director of Ixaris Sdn Bhd. Ronald has over 13 years of experience in Europe and Asia in the review, design and implementation of trusted security systems with specialisation in trusted systems, networking and telecommunications. He was involved in numerous IT security reviews within the resource protection services industry and e-business systems implementations for various commercial and government organisations. Ronald has worked on security and control assignments using a number of leading-edge technologies in a variety of industries and environments. He is also a regular trainer for Institut Bank-Bank Malaysia and has spoken at other conferences for the Information Systems Audit and Control Association (ISACA) and the Asia Business Forum.

Date Time Venue

Monday Tuesday, 13 14 April 2009 9.00 am 5.00 pm Institut Bank-Bank Malaysia Wisma IBI, 5 Jalan Semantan Damansara Heights 50490 Kuala Lumpur Office attire STF Member : RM750 IBBM Member : RM1,250 Non-Member : RM1,500 The above fee includes programme materials, lunch and refreshments. Payment of fees must be made BEFORE commencement of the programme.

A D M I N I S T R A T I V E D E T A I L S

Attire Fee

Closing date Enquiries Nominations

Monday, 30 March 2009 Kindly contact Suhaifie / Rahmat at 03-2095 8922 (ext 166 / 142). Participation is limited to 16 pax on a first-come-first-served basis. IBBM reserves the right to decline any nomination, without the obligation of providing any reason. Confirmation of participation is by way of official notification from the Institute. The Executive (Learning Solution 3) Institut Bank-Bank Malaysia Wisma IBI, 5 Jalan Semantan Damansara Heights 50490 Kuala Lumpur Fax : 03-2095 7822 Email : lead@ibbm.org.my The intensive nature of IBBM programmes requires the participants full undivided attention and attendance at all sessions. Participants should be free of their professional obligations for the duration of the programme.

Kindly address nomination form(s) to

Commitment to programme

Notice of withdrawal: Unless written notice of withdrawal is received before the closing date of the programme, the full fee is still due in the event of non-attendance. The Institute accepts replacement(s), which must be in writing, prior to the programmes commencement date. However, no substitution of participant(s) will be allowed for the duration of the programme. The Institute reserves the right to make changes to the schedules, venue or cancel the event altogether.

REGISTRATION FORM

G UIDELINES ON M ANAGEMENT OF IT E NVIRONMENT (GPIS 1)

13 14 April 2009
Please register the following participant(s) for the above programme. Participant 1
Name New NRIC No. (Mandatory) Individual Membership No. (if any) Eithnic Group Please tick () where appropriate Designation and Department Email Name of Organisation Address of Organisation Tel Bumiputra Malay Bumiputra Others

Chinese

Indian

Others

Name & Signature of Nominating Officer (Please stamp)

Name & Address of Nominating Organisation (Please stamp)

Fax

Participant 2
Name New NRIC No. (Mandatory) Individual Membership No. (if any) Ethnic Group Please tick () where appropriate Designation and Department Email Name of Organisation Address of Organisation Bumiputra Malay Bumiputra Others

FEE Please make bank draft/cheque payable to INSTITUT BANK-BANK MALAYSIA. Please include additional RM0.50/0.03% of the amount, whichever is higher, for outstation draft/cheque. Payment of fees must be made BEFORE commencement of the programme

Chinese

Indian

Others

Bank Draft/Cheque No

RM

Tel Fax

Please photocopy for additional participants.

Please complete and return this form to the Institute before 30 March 2009