EAST AFRICAN INFORMATION SECURITY CONFERENCE13TH - 14TH AUGUST 2013

Theme: ”Information Security And Risk Management Strategies For Enhanced Business Resilience”

Message from Chapter President Ambrose Ruyooka PMP, CGEIT, CRISC

On behalf of the ISACA Kampala Chapter, I am honoured to welcome you to the first ever East African Information Security Conference. Over the last four years, we have organised Annual National Information Security Conferences. Aware that Information Security Challenges are not restricted to borders and boundaries, and in the spirit of widening and deepening the East African Integration, we thought it wise to organise this as a regional event. I have the pleasure to thank ISACA members for giving me the opportunity to serve the ISACA Kampala Chapter. It has been a privilege for me to serve in the past two years and nurture the growth of the Chapter in membership and the number of activities we run. With close to 200 members, our Chapter is one of the fastest growing Chapters in the region.Uganda today and the world all over are experiencing great advancements in the field of Information Security. “The future of our ability to maintain our identity -- at the same time preserving individual rights and freedoms -- will be shaped by how effectively we can deal with limitless virtual entities and methods of attack that are being created by technological change”. Information today has continued to be an important business asset of significant value

and needs to be protected from threats that could potentially disrupt business continuity. This calls for continuous learning and professional development, one of the intrinsic worth that our Chapter stands for. It is against this milieu that the theme for this Conference was developed, thus: “Information Security and Risk Management Strategies for Enhanced Business Resilience”:As a professional organization, the Chapter has always worked toward bringing the members together to generate new ideas in anticipation of current challenges and to support the growth of the profession. We foster the sharing of best practices through our monthly education seminars and networking events. The Chapter has also initiated partnerships with Institutions of higher learning to attract new graduates to join and sustain the growth of our profession. This conference presents a unique opportunity in the endeavour to promote the culture of Information Security both with the Public and Private sectors. We have been joined by the National Information Technology Authority Uganda (NITA-U) as a key strategic partner in organising this event. The resources committed by NITA-U including involvement of their top Executives in the planning for this conference deserves applause beyond measure. We are also indebted and appreciative to our sponsors, Huawei Technologies(Platinum), Africa Symantec Corporation(Silver) and HP (Silver) for their contribution towards the success of the event.

Message From the Conference Chair Hussein K. Isingoma CISA, CISM, CRISCDear 2013 East African Information Security Conference Participants, after all the planning and other logistical arrangements the day is finally here. I welcome you to the 2013 Inaugural East African Information Security Conference and hope you will actively participate to gain and share knowledge on the most critical IT issues of our time that affect our business. Indeed, consistent with the conference theme; “Information Security and Risk Management Strategies for Enhanced Business Resilience”, the challenge we have today is not only the need to improve business resilience to cyber incidents but also to increase the capacity of organizations to reduce on exposure to cyber threats. The survival of nations and indeed of businesses will so much depend on the effectiveness of cyber threat countermeasures undertaken. Indeed as President Barack Obama of the United States remarked, “Cyber threat is one of the most serious economic and national security challenges and that his country’s economic prosperity in the 21st century depended on cyber security”. Today, ICT touches nearly every part of our daily lives; Mobile Money, Banking, Aero industry, networks, wireless signals, hospital diagnosis, military hardware and intelligence and the World Wide Web(www) are part of the wider cyberspace that need to be secured. You and I have stories to tell about our own share of experiences ranging from fraud, web defacement, systems availability, theft of intellectual property and social media related issues among others. By attending this conference, you have an opportunity to have one of a kind learning, sharing and networking experience with

practitioners, experts and professionals who see information security from your and their own lenses. Our special appreciation goes to all the speakers, panelists, volunteers, sponsors, NITA-U our Conference Partner and the Conference Organizing Committee for their tireless efforts and contribution towards making this event a success. By attending this conference, we hope you take this opportunity to fully participate, network and learn. The East African Information Security Conference is an event to be and we are glad you are attending.

East African Information Security ConferenceProgramTuesday 13th August 2013

Time Activity Responsible Person(s)

8:00am - 8:45am Arrival and Registration ISACA - Secretariat

8:45am - 8:55am ISACA-President’s Opening Remarks ISACA - Chapter President

9:00am - 9:30am Chief Guest: Hon. John Nasasira - Minister of Information and Communications Technology

9:30am - 10:15am Key Note Speaker: IT Security & Risk management in Public sector

Dr Frederick Wamala PHD (LSE), CISSPChief Cybersecurity Advisor - Cyberplc Limited London, UK.

10:15am - 10:30am Discussions Plenary discussion Key Note Address

10:30am - 11:00am Health Break Sponsored by Huawei Technologies

11:00am -11:45am IT Fraud. Crime with no scene of crime Yiga Adel MuhammadDirector Assurance & Managed Services (AMS)Huawei Technologies-Uganda

11:45am - 12:30pm Cybercrime – Security Risks and Challenges Facing Business’.

Sven HansenTechnical Sales and Services Manager Africa Symantec Corporation

12:30p.m - 12:59pm Discussion Plenary discussion on P2 and P3

1:00pm - 2:00pm Lunch Break ISACA

2:00pm - 2:45pm Banks: Top IT Security risks and challenges Gideon Twesigye Timarwa, CISA Internal Audit Manager - Kenya Commercial Bank Uganda Limited

2:50pm - 3:35pm Security and Privacy. Can we trust the Cloud? Dr. Turahi David Director Information Technology & Information Management Services Ministry of ICT

3:35 - 3:50pm Discussion P4 and P5 discussion

3:50pm - 4:10pm Health Break ISACA

4:10pm - 4:55pm Hard & Soft Skills for the next generation of IS Professionals

Godfrey Ssemugooma - FCCA,CPA(U)Commissioner, Treasury and Advisory Services (TAS)Ministry of Finance, Planning and Economic Development.

Wednesday 14th August 2013Time Activity Responsible Person(s)

8:00am - 8:45am Arrival and Registration ISACA - Secretariat

8:45am - 9:00am Sponsors Message ISACA - Secretariat

9:00am - 9:45am Social Networking. How secure are you and your organization?

Prof. V. BaryamureebaVice ChancellorUniversity of Technology and Management Uganda (UTAMU)

9:45am - 10:30am Today’s Threat Landscape – Cloud / Big data / Mobile Jonathan MartinArcSight Specialists HP Enterprise Security ProductsLondon-UK

10:30am - 10:45am Discussion

10:45am - 11:15am Health Break

11:15am - 12:00pm Security and Risk considerations for out sourced IT Services

Irene Kabega - CISA, IT Security Audit Consultant- Byvec Ltd- London UK

12:00am - 12:45pm Information Security Governance and Business Continuity.

Peter Kahiigi - CISSP, CISM - Director Information Security- NITA-U

12:45pm - 1:00pm Discussion

1:00pm - 2:00pm Lunch Break ISACA

2:00pm - 2:45pmProviding a secure environment for Mobile Money transaction.

Ntege A. Nasser- Msc. IT, FCCA, ITIL ver.3, Oracle EBS-S, Bcom ERP Security Consultant

2:45pm - 3:00pm Discussion

3:00pm - 4:00pmPanel Discussion:Information Security in a borderless World. What should be on the Agenda for IS Professionals, can these be dealt with?

Ronald Azairwe• BSc (MUK), MSc (London), PhD Candidate (Mal) - Ag. Senior Manager, NWSC Mustapha Mugisa• CFE, CEH, CHFI, CISA - CEO Summit Consulting Limited Noah Baalessanvu• Director, Computer Forensics Consult Herculs Bizure • (CISA, CISM, CRISC, CGEIT) - Associate Director (IT Risk and Assurance) - Ernst & Young

4:00pm - 4:15pm Closing Key Note: The Future of IT. A New World Order, a New Edge?

James SaakaExecutive Director NITA-U

4:15pm - 4:20pm Message from Conference Chair Hussein K. Isingoma-CISA,CISM, CRISC, CIA, CPAConference Chair

3:45pm - 4:00pm Health Break ISACA

About ISACA Kampala ChapterISACA Kampala Chapter was given a chapter status on 28th May, 2008 and it was officially launched on 28th July, 2010. The Chapter operations are guided by a Charter which was approved by ISACA International. The aim of the Chapter is to sponsor local educational seminars and workshops, conduct regular Chapter meetings, and to help further promote and elevate the visibility of the IS audit, control and security profession throughout Kampala. With information and its related systems more critical than ever, the role of individuals able to capitalize and leverage on new technological advances to ensure the generation of secure, reliable data becomes even more important.

Current ISACA Kampala Chapter Board Members are: President:• Mr. Ambrose Ruyooka, CGEIT, CRISC Vice-President:• Mr. Ronald Mugisha Bakakimpa, CISA Secretary:• Mr. Samuel M. Kabayo, Jr. CISA, CISM, CGEIT, CRISC Treasurer:• Mr. Johnson Akanyijuka CISA Membership Director:• Ms. Sheila Matovu CISA Education Chair:• Mr. Hussein K. Isingoma. CISA, CISM, CRISC CISA & CISM Coordinator:• Mr. John Patrick Okiring CISA, CISM CRISC & CGEIT Coordinator:• Ms. Justine Kasigwa Agaba CISM, CISA, CRISC Academic Relations Liaison:• Mr. Bernard Wanyama CISA, CRISC, CGEIT Board Member:• Mr. Immy Byaruhanga. CISM, CRISC Board Member:• Ms. Linda Barbra Mukholi, CISA Board Member:• Ms. Winifred Gafabusa, CISA Board Member:• Mr. Andrew Bradford Kawere, CISA Immediate Past President:• Mrs. Kayemba Keto M.N.G, CISAImmediate Past Administrator:• Mr. Amos Ayebazibwe Current Administrator:• Ms. Margaret Nambuusi

Membership In order to become a member, one is expected to apply online as detailed at www.isaca.org/kampala. Upon attaining membership, one can consider certification in any of the disciplines offered by ISACA International. Membership opens doors to a number of opportunities especially the wide knowledge base available online and tools that can be used by a professional, with discounts to ISACA leading–edge products and services needed to be successful and maintain ones competitive advantage.

CERTIFY FOR CISA, CGEIT, CISM AND CRISC WITH ISACA

The CISA designation is a globally recognized certification for Information systems audit control, assurance and security professionals. Being CISA‐certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise

CGEIT recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices. As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization—that you grasp the complex subject holistically, and therefore, enhance value to the enterprise.

Demonstrate your information security management expertise. The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security.

CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

UPCOMING 2013-2014 EXAM DATES

7th September 2013

CISA and CISM only

Registration opens 24th April 2013

EARLY REGISTRATION

12th June 2013

FINAL REGISTRATION

22nd July 201314th December 2013Registration opens 17th June 2013

EARLY REGISTRATION

21st August 2013

FINAL REGISTRATION25th October 2013

2013 Exam Registration Fees Member Non-Member Online* early registration deadline fee US $410 US $585Mailed/faxed early registration deadline fee US $485 US $660Online* final registration deadline fee US $460 US $635Mailed/faxed final registration deadline fee US $535 US $710

CISA Classes at 400, 000/= to start in September 2013

ChapterContactsThe Chapter is located on: Post Office Building, Kampala Road, Level 6 Room 512, P.O. Box 33361, Kampala, Office: 0392 893 965, Cell: +256 (0) 787-467646 or +256 (0) 701-989799Website: www.isaca.org/Kampala

The National Information Technology Authority Uganda (NITA-U) was established by an Act of Parliament (National Information Technology Authority, Uganda Act of 2009). The statutory mandate of NITA-U is to coordinate, promote and monitor Information Technology (IT) developments in Uganda within the context of National Social and Economic Development.The MoICT is the line ministry responsible for Information and Communication Technology and has the overall National responsibility for the sector and supervision of all agencies under it including NITA-U. NITA-U Board of Directors is the governing body of the Authority.

Core Values: ·Integrity ·Innovation ·Team Work ·Customer Centricity Quality ·Overall Strategic Goal

PLATINUM SPONSOR

ProfileFounded in 1987, Huawei is an entirely employee-owned private company and a leading global information and communications technology (ICT) solutions provider with a vision to enrich life through communication. Through the company’s 150,000 employees and dedication to customer-centric innovation and strong partnerships, Huawei has established end-to-end capabilities across the carrier networks, enterprise and consumer markets by providing competitive solutions and services, which have been deployed in over 140 countries, serving more than one-third of the world’s population. In 2012, Huawei recorded revenues of USD 35.4 billion, an 8% year-on-year increase, with a net profit of USD 2.47 billion, a 32% increase from the previous year. Since 1997, Huawei has worked with world-leading consultancies, such as IBM, Hay Group, PricewaterhouseCoopers, Fraunhofer-Gesellschaft and Accenture to enhance its management capabilities and establish processes

and systems driven by customer demand. Huawei annually invests an average of more than 10% of total annual sales revenues into R&D and 46%, or 70,000 employees are currently engaged in R&D. In 2012, Huawei increased its R&D investment to USD 4.8 billion, representing 13% of total annual sales revenues. The company also operates a global network of 16 R&D centers and 28 innovation centers jointly operated with customers, and 45 training centers. Huawei started operations in Uganda in 2001, and currently Huawei has more than 70 formal employees of which nearly half are local recruited and more than 500 indirect ones. Huawei customers include all the main telecom carriers in Uganda, like MTN, Uganda Telecom Ltd, Airtel/ Warid, Orange, as well as telecom regulators. Huawei is continuously fulfilling its CSR commitment of bridging the digital divide, in areas of education, environmental conservation, social contributions, disaster relief, among other initiatives. Huawei signed a Memorandum of Understanding (MoU) with Makerere University in 2012 for knowledge transfer initiatives and innovations based on research and development, which consisted of specialized ICT training, knowledge transfer and internship training for students of Makerere. Huawei in partnership with UCC this year for its ACIA Award which is to promote ICT innovation for Uganda’s national development is one of the best examples of that commitment.

SILVER SPONSORS

Symantec™ protects the world’s information, and is a global leader in providing security, storage and systems management solutions to help our customers –from consumers and small businesses to the largest global organizations – secure and manage their information and identities independent of device. Symantec does this by bringing together leading software and cloud solutions that work seamlessly across multiple platforms, giving customers the freedom to use the devices of their choice and to access, store and transmit information anytime, anywhere. Symantec is committed to delivering global solutions that meet local needs. To do that, we have operations in more than 48 countries, including research and development fa cilities and 24x7 Security Operations Centres and Security Response Labs located around the world. Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network. This network captures worldwide security intelligence data that gives Symantec analysts unparalleled sources of data to identify and analyze, to deliver protection and provide informed com mentary on emerging trends in attacks, malicious code activity, phishing and spam. Our world-renowned expertise in protecting data, identities and interactions gives our customer’s confidence in a

connected world.

Hewlett Packard (HP)Grown from a two-man operation in 1939, to the present IT powerhouse, HP has experienced a remarkable journey. HP delivers vital technology to the world which assists in enhancing the quality of business practice and life experiences. The company’s solutions span from IT infrastructure, personal computing, access devices, global services to images and printing for consumers, enterprises and small, medium businesses. HP has a large footprint in Africa through offices which are spread throughout the continent as well as a large number of certified partners that are closely managed by HP. Please refer to map below stipulating HP’s presence in Africa. HP has four major lines of business and more than 330,000 people who work in 170 countries. Our portfolio spans servers, storage, networking, personal computing, imaging and printing, software, services, and solutions. The Printing and Personal Systems (PPS) Group brings to market leading its expertise in inkjet, LaserJet and commercial printing as well as business and consumer PCs, mobile computing devices and workstations. The HP Enterprise Group draws from a world-class portfolio of business products including servers, storage, and networking products and solutions that fulfill a wide range of customer needs and market requirements. Our Converged Infrastructure portfolio combined with our Cloud Service Automation software suite creates the HP Cloud System. HP Software provides enterprise information management solutions for both structured and unstructured data, IT management software, and security intelligence/risk management solutions. Solutions are delivered in the form of traditional software licenses, software- as-a-service, hybrid or appliance deployment models. HP Enterprise Services provides consulting, outsourcing and technology services across infrastructure, applications and business process domains. Services delivers to its clients by leveraging investments in consulting and support professionals, infrastructure technology, applications, standardized methodologies and global supply and delivery. HP has packaged its capabilities into five key solutions areas. Converged infrastructure: Transforming rigid and solid technology environments into an agile infrastructure that can easily scale up or down to meet challenging demands Application transformation: Modernizing applications that were designed and implemented for an old model of technology to meet the needs of today-and tomorrow Enterprise security: Making data and systems impenetrable Information optimization: Harnessing the power of information in all its forms to drive better insight, foresight, and decision making. Hybrid delivery: Delivering the solution customers need in the way that is best for them including a blend of traditional data centers, private and public clouds. HP has launched the 2009 HP Innovation in Education Grant Initiative for secondary schools.

KEY NOTE SPEAKER DR FREDERICK WAMALA P.hd (LSE), CISSP Chief Cybersecurity Advisor - Cyberplc Limited, London UK Topic: IT Security and Risk Management in Public SectorDr Frederick Wamala serves as a cybersecurity advisor to a host of national governments, regulatory authorities, large global private enterprises and United Nations (UN) agencies. He has worked on various national security/intelligence IT projects in roles such as Head of Information Security, Principal Security Engineer, IT Health Check Manager, security framework designer, assurance and compliance advisor. Dr Wamala is an expert at engineering technical security solutions that use Public Key Infrastructure (PKI), smartcards and directories to enable network access, non-repudiation, digital signing and encryption of data. He is also adept at designing Target Operating Models that help improve cybersecurity performance by clarifying accountability for Governance, Delivery and Assurance activities. The International Telecommunication Union (ITU) tasked Dr Wamala to lead a cybersecurity Expert Assistance Mission to Georgia after Distributed Denial-of-Service (DDoS) attacks and the defacement of government and commercial websites in the Georgia-Russia war of 2008. He drafted a cybersecurity strategy aligned with the National Security Concept, a document that

describes threats, risks and challenges to Georgia’s national security. He also authored the ITU National Cybersecurity Strategy Guide and the ITU National Child Online Protection Strategy Guide. He has worked in the Technology and Security Risk Services group at Ernst & Young LLP’s headquarters in London. He currently serves on the Advisory Board of the Washington, D.C-based Centre for Strategic Cyberspace + Security Science (CSCSS). Dr. Wamala is a regular keynote speaker at cybersecurity conferences organised by the UN, the European Network and Information Security Agency (ENISA) and national governments. He also speaks to media organisations such as the BBC. Dr Wamala obtained his PhD at the London School of Economics and Political Science (LSE).

CONFERENCE SPEAKERSYiga Adel Muhammad

Director Assurance & Managed Services (AMS) Huawei Technologies - Uganda Topic: IT Fraud. Crime With no scene of crimeYiga graduated from University of Boumerdes in Algeria; majored in Telecommunications Engineering. He has been with Huawei Uganda for more than 7 years and is known for his high professional ability. Currently, Yiga holds the position of Assurance & Managed Services (AMS) Director of Huawei Uganda, responsible mainly for the Operations and Maintenance of customer networks, and in addition works as the Spokesman for Huawei Uganda. As a senior local expert, Yiga has very good knowledge of the Ugandan Telecom Market.

He also has profound understanding of the whole ICT industry, as well as Cyber Security.

Sven Hansen - Technical Sales and Services Manager, Africa Symantec CorporationTopic: Cyber crime- security risks and challenges facing BusinessSven has 18 years international experience in the IT industry, covering a broad variety of roles from field engineering through to pre-sales management. With vendor experience at both Ericsson and Cisco prior to joining Symantec, Sven has gained valuable knowledge across various market verticals, which are specifically relevant to the African continent.Sven holds various IT certifications for major vendors including CISSP and MCSE, and is currently completing his degree in Psychology through the University of South Africa.”

Gideon Twesigye CISAInternal Audit Manager, KCB Bank Uganda LimitedTopic: Banks: Top IT Security Risks and challengesA Certified Information Systems Auditor with slightly over 7 years’ experience in planning and execution of both Internal and Information Systems Audits. He Manages the design and implementation monitoring of the KCB Bank Internal Audit plan and budget as well as the IS audit: He is in charge of the department’s fraud investigations and fraud awareness programs for KCB Previously served as a key member of Ernst & Young’s IT Risk and Assurance Services (ITRA) department in East Africa.He was actively involved in Information Systems Reviews, Business Continuity Planning, Post Implementation Reviews and Information Security Framework Advisory. He has a strong combination of accounting and information technology background, which makes him a dependable and suitable resource in review of all financial systems and enables him to successfully complete engagements in a diverse range of industries. His professional experience portfolio comprises of work performed for both attest audit clients and non-attest clients. For non-attest clients I have been involved in engagement teams in the delivery of the following services: Information systems & technology audits; Application security reviews; Data cleansing

and quality analysis; Data analytics solutions; Revenue Assurance; Business continuity planning; Business control process; IT due diligence reviews; and Financial audit. He facilitates client training in the use of Audit Command Language (ACL), a data analysis tool and is very much involved in the development of Business Continuity Plan simulation test programs for clients and facilitation of BCP awareness programs as well as instruction on the implementation of Information Security Management Systems according to ISO 27001 specifics. He was recently nominated as a member to serve on the IIA Uganda Training and Certification committee.

David Turahi Director Information Technology & Information Management Services Ministry of ICTTopic: Security and Privacy. Can we trust the Cloud?Dr. David Turahi, has a doctoral degree in Telecommunications Engineering from the University of Rome Italy. He was a lecturer at Makerere University, Kampala, Uganda for 10 years, before joining government in 2001. He has moved from rank of Assistant Commissioner to that of Director for Information Technology and Information Management Services in the Ministry of ICT. His duties are to evolve and oversee implementation of policies, laws and regulations regarding Information Technology, as well as Information Management Services in Uganda. He was chaired many National Task Forces, including one that developed the National Information Security Strategy, which is now being implemented under the National Information Technology Authority – Uganda (NITA-U). He is very conversant with the salient issues relating to information security/cyber security. He is a Board member of NITA-U and of the Makerere University Council.

Godfrey B. SsemugoomaMSc-Accounting, BCom (Hons), FCCA, CPA (U), Dip. Value for Money AuditingTOPIC: Hard & Soft skills for the next generation of IS professionalsPossess 17 years of experience in public sector auditing and financial management; project design and management; deep understanding of Integrated Financial Management Systems and expertise in diagnostic reviews and business process re-engineering as well as Capacity building, Public policy formulation and legislative drafting. Godfrey is currently working as Commissioner/ Technical and Advisory Services a post he has held for the last 5 years and he is responsible for; Policy formulation, Procurement, Capacity Building and Project Management for a number of System implementations. He has successfully overseen the implementation of the Electronic Funds Transfer (EFT) in Government. Has been an Application implementation team lead for the Government of Uganda Oracle based Integrated

Financial Management System (IFMS). Godfrey is leading a new project for the implementation of the Computerization of the Education Management and Accounting Systems in Public Universities (CEMAS). He has in the Office of the Auditor General where he introduced, trained and supported staff in the use of the Interactive Data Extraction and Analysis (IDEA) computer aided software. Attended a number of courses at various prestigious institutions including Harvard Business School, Common Wealth Secretariat, and SETYM international-Canada among others. Godfrey is Board Member of the PPDA, Council Member of the ICPAU and Member of the Institute of Corporate Governance-Uganda. Godfrey is Paul Harris Fellow and Past President of the Rotary Club of Kiwatule.

Prof. Venansius BaryamureebaVice Chancellor University of Technology and Management Uganda (UTAMU)Topic: Social Networking. How secure are you and your Organization?A Professor of Computer Science and holds a B.Sc., M.Sc. and Ph.D. in Computer Science among other qualifications. He began his working career at Makerere University where he served as Director, Dean and finally Vice Chancellor before moving on to start Uganda Technology & Management University (www.utamu.ac.ug) where he is the Vice Chancellor. Professor Baryamureeba is the founding Chairman of COMESA Innovation Council & University Council of East Africa, a body that brings together all universities in the East African Community. He also serves as the Chairman of Makerere University Business Technology and School Council, a member of Senate for both Mbarara University of Science and Busitema University and a member of the Presidential Investors Round Table –a business advisory council to the President of the Republic of Uganda. He has served and still serves on several councils and boards both nationally and internationally. For details: http://www.utamu.ac.ug/barya

Irene Kabega CISA IT Security Audit Consultant-Byevec Ltd-London UKTopic: Security And Risk Considerations For outsourced IT ServicesIrene is a Certified Information Systems Auditor (CISA) with over 5 years experience in delivering information system reviews, compliance and IT assurance within large project based and outsourced environments. Her work experience is spread over both IT Audit and IT Security Implementer roles.In her current role as an Auditor with one of Europe’s largest IT infrastructure services provider Byvec Ltd. Irene has the responsibility to ensure that the services provided by Byvec Ltd comply with customers’ operational security and contractual service agreements as well as industry best practice. Irene has delivered risk based assessments for outsourced services in both private and government sectors within the UK.Irene has led several department level compliance audits in line with the annual audit schedule aiding the

successful recertification of ISO 27001 Information Security management systems for all lines of business within scope. In her previous role as an IT Security Implementer, Irene was responsible for the management of all aspects of physical and logical information security in systems

integration and technology consulting environment. She worked across the business from project managing ISO27001 alignment, writing and implementing company security policies, providing collaborative advice to consultants to advising the Board on risk.Irene has also provided leadership and guidance in Business Continuity, Crisis Management, and IT Disaster Recovery. She has facilitated Crisis Management and Business Continuity workshops, scenario-based exercises and presentations for senior executives and employees at all levels, including auditing of BCP readiness, ensuring that business and IT teams are all fully aware of and understand their roles and responsibilities. Irene is a Certified Information Systems Auditor (CISA), a Microsoft Certified Technology Specialist (MCTS), Microsoft certified Systems Administrator (MCSA)-Security, an ISO 27000 and holds a Diploma in Electrical & Electronic Engineering

Jonathan Martin- Bachelor of Science (Mathematics) University of Bradford-UK - ArcSight SpecialistsHP Enterprise Security ProductsLondon-UKJonathan Martin is currently a senior member of the ArcSight Specialists Team, based in London. He was one of three people who originally set up ArcSight in EMEA in 2004, helping to grow the company from a start-up right the way through to the acquisition and successful integration into HP’s Enterprise Security Products division. During this time he has held a number of positions including Director of PreSales, EMEA. Prior to ArcSight he worked for British Airways as well as a number of Security companies including CyberGuard & Critical Path. Jonathan holds a Bachelor of Science degree in Mathematics from the University of Bradford, UK

Peter Kahiigi CISM, CISSP®, MCDBA, MCSE, PRINCE2®Director Information Security,National Information Technology Authority, Uganda (NITA-U).Topic: Information Security Governance and Business Continuity.He is responsible for nationwide planning, development, coordination, management, continuous monitoring and assurance of National Information Security. Peter Kahiigi is the Director for Information Security; he holds both BSc and MSc degrees in Computer Science, is a Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP®), Microsoft Certified Database Administrator (MCDBA), Microsoft Certified Systems Engineer (MCSE), & Projects IN Controlled Environments (PRINCE2) Certified Practitioner. He has over 15 years’ experience in the delivery of complex, secure and successful IT projects and enterprise risk management. Previously, he served as Director Technical Services at NITA-U, Chief Information Officer at the National Social Security Fund and Head of Information Technology at the Ministry of Finance, Planning and Economic Development as a consultant for the World Bank. He is a member of ISACA and the International Information Systems Security Certification Consortium ((ISC)²). In light of his achievements, Peter was recognized as the top Chief Information Officer (CIO)in Africa for the year 2008 at the prestigious

African Achievers Awards.

Ntege A. Nasser, MSc. IT, FCCA, ITIL ver.3, Oracle EBS-S, BComERP Security ConsultantTopic: Providing a secure environment for Mobile money Transactions

A highly experienced, Multi-skilled and technically exposed ERP techno-functional Consultant with over 15 years of ERP systems hands on experience mainly focusing on security controls within the ERP environment and functional aspects of the financial and supply chain components/ modules. His experience spans various industry domains ranging from banking, telecommunications, energy and recently the public sector. Mr.Ntege has participated in several ERP implementations, process enhancement projects, ICT reviews/audits, systems performance and usage and quality assurance assessments. Mr. Ntege has been at the forefront of spearheading Public Financial Management Reforms at the Ministry of Finance through the implementation, rollout and deepening of an Oracle EBS based Integrated Financial Management System (IFMS) across government ministries, departments and agencies. Mr. Ntege was among the core team that set up ERP systems and security

control procedures for Warid Telecom (now Warid-airtel) and was key in the implementation of several innovative end- user teleco solutions including Warid Pesa and PakaLast. As an independent ERP Security Consultant, Mr. Ntege’s work now focuses on helping corporate institutions and governments around the world to harden security controls within their core ERP systems and proactively detect and prevent fraud arising from loopholes inherent in systems setups, configurations, and functionality. Mr. Ntege is a software engineer of the university of Newcastle, Australia, a fellow of the Association of Chartered Certified Accountants (FCCA),an oracle certified functional specialist- financials, a graduate of commerce(Accounting) of Makerere University, and a member of ISACA Australian chapter.