Jean-Baptiste Bres

Chief Information Security Officer

Cyber Attack Conference Sydney 2019

I am very honoured to be one of the speakers at the upcoming Cyber Attack 2019 Conference in Sydney on October 17th. I will be facilitating a round table discussion on how to implement a security Bring Your Own Device (BYOD) policy.

Super Risk Symposium - Melbourne 14/08

I was honoured to be one of the speakers at the Super Risk Symposium organised by the AIST in Melbourne on 14/08.

It was a great session, on the impact of the new CPS 234 regulation, thanks to Rob Pickering who facilitated the debate and to Joss Howard and Matt O'Keefe for their great insights.

UNADJUSTEDNONRAW_thumb_126

Super Risk Symposium - Melbourne 14/08

I am very honoured to be one of the speakers at the next Super Risk Symposium organised by the AIST in Melbourne on 14/08. I will be discussing being CPS compliant with 2 great experts: Joss Howard (Head of Risk Management and Governance Consulting, APAC, NCC Group) and Matt O'Keefe (Partner, KPMG).

Information security is all about risk management. With APRA’s CPS 234 framework now live, how do funds need to be secured and why? What is an acceptable risk? And what is the lasting impact if valuable data is compromised, exposed or unavailable?
This session will explore how funds are demonstrating compliance with the new prudential standard and the strategies being used in safeguarding systems against information security threats.

[Update] Info and tickets at https://bit.ly/2GGHp8v

💡 Conference Transcript: Building an Information Security Policy Framework

Article

Following my presentation on Building an Information Security Policy Framework at the "Implementing CPS 234" conference held in Sydney in May 2019, I received many requests to publish a transcript. Thank you all for your interest and for the large amount of feedback you shared with me. As promised, here is an augmented transcript of my presentation.

It covers an overview of what a Policy Framework is, and why it is an essential part of any Information Security program; the various existing frameworks used across the industry, their strengths and limitations; a methodology to create a flexible framework, supported by a risk assessment and a strong understanding of the assets owned by the institution and the threats they are exposed to; and an approach to define an adequate control set and how to prioritise its implementation.

Read More…

"Implementing CPS 234" conference

I am very proud and excited to be one of the key speakers at the "Implementing CPS 234" conference on 3rd May in Sydney.

I will be talking on how to build an information security policy framework that is agile to changing threats.