Beruflich Dokumente
Kultur Dokumente
Taking Action!
There is always a risk
THE EXPERT BITCOIN WOMENS THE DREAM
GDPR - GENERAL DATA A REVOLUTION OF THE PATH TO SPOT
PROTECTION REGULATION CONVENTIONAL PAYMENT SYSTEM LEADERSHIP
Why risk? Risk is the leading origin of uncertainty in every organization. As a result,
companies attention has shifted towards mitigating risks and managing them
before they have a disastrous impact on the organization. The ability to anticipate
risk will guide organizations towards acting more assertively on forthcoming
business decisions. An organizations knowledge of the risks that is facing will have
a majorly positive effect in terms of giving numerous possibilities on how to deal
with probable complications and problems.
HANDLING RISKS
COMPANIES IMPLEMENTING Enterprise Risk Management (ERM) INTERESTING FIGURES
79% 16%
12%
Have greater Implemented ERM
management
accountability
in their strategic
planning
Organizations spend of
total revenue on GRC activities
38 50
Womens path to Attending
10 18 32 Leadership Pre-Conference
Training Courses
60 68 72
Bitcoin Sun, Sea and a Trainer Interview
38 50 60 A Revolution of the Training Anders Carlstedt
Conventional Payment Miami Beach, Florida
System
68 72 76 76 78
The Dream Spot Doing Business
in Peru
78 88 90
CONTENT
INDUSTRY
In a world of constant change,
risk management is increasingly
viewed as a means of improving
the likelihood of success in the
challenging task of managing
the organizations reputation
and stakeholders interest. The
unmanaged risk is the greatest
source of waste, where as a result
thousands of jobs and expertise get
lost, and many great companies fail
to survive; consequently, standards
are considered to be very beneficial
since their implementation allows
the organizations to compare
their existing risk management
practices with internationally
The Standard:
recognized benchmarks. The ISO
31000 standard should be the first
step that shows organizations
commitment to ensuring the
evolvement of risk management.
ISO 31000
Therefore, it serves as a guide
for identifying and prioritizing
important risks. Risk management
process is applicable to
Implementation
Improvement
enhancement of the
Evaluation
organization
Monitoring
Internal context &
Review
PRINCIPLES FRAMEWORK PROCESS
Biometric data: personal in the Union, unless the in the context of the activities
data resulting from specific decisions on the purposes of an establishment of the
technical processing relating and means of the processing processor take place to the
to the physical, physiological of personal data are taken extent that the processor is
or behavioral characteristics in another establishment of subject to specific obligations
of a natural person, which the controller in the Union under this Regulation.
allow or confirm the unique and the latter establishment Representative: a natural or
identification of that natural has the power to have such legal person established in
person, such as facial images decisions implemented, in the Union who, designated
or dactyloscopic data. which case the establishment by the controller or processor
Health data: personal data having taken such in writing pursuant to Article
related to the physical or decisions is to be the main 27, represents the controller
mental health of a natural establishment. or processor regarding their
person, including the About a processor with respective obligations under
provision of health care establishments in more than this Regulation.
services, which reveal one Member State, the place Enterprise: a natural or
information about his or her of its central administration legal person engaged
health status. in the Union, or, if the in an economic activity,
Main Establishment: processor has no central irrespective of its legal form,
About a controller with administration in the Union, including partnerships
establishments in more than the establishment of the or associations regularly
one Member State, the place processor in the Union where engaged in an economic
of its central administration the main processing activities activity.
26 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 27
Group of undertakings: a Cross-border Processing: Relevant and reasoned
controlling undertaking and Processing of personal data objection: an objection to a
its controlled undertakings. which takes place in the draft decision as to whether
Binding corporate rules: context of the activities of there is an infringement
Personal data protection establishments in more of this Regulation, or
policies which are adhered to
by a controller or processor
than one Member State of a
controller or processor in the
whether envisaged action
in relation to the controller Your companys
established on the territory of Union where the controller or processor complies with
a Member State for transfers
or a set of transfers of
or processor is established in
more than one Member State
this Regulation, which
clearly demonstrates the
Data security for
personal data to a controller
or processor in one or more
Processing of personal data
which takes place in the
significance of the risks posed
by the draft decision about your company
third countries within a context of the activities of the fundamental rights and
group of undertakings, or
group of enterprises engaged
a single establishment of
a controller or processor
freedoms of data subjects
and, where applicable, the
and GDPR
in a joint economic activity. in the Union but which
substantially affects or is
free flow of personal data
within the Union. What are the
likely to substantially affect
data subjects in more than
one Member State.
solutions?
Author
Be.wan invites you for a quick,
understandable and pragmatic
presentation on: General Data
Protection Regulation (GDPR) issues.
Pierre Dewez
Solutions that are field-proven
With 18 years of extensive experience in the field of information technologies, the CEO of PECB Europe to secure sensitive data within
and Altirian, Pierre is an acknowledged senior expert in Information Security, Compliance, and IT Risk companies.
Management and an active member in the JTC1/sc27 committee in Luxembourg. He is the Lead Auditor for
Management Systems about Quality, Information Security, IT Service Management, and Business Continuity,
an advisor in IT Risk Management for many Financial, Insurance and Service Delivery companies in Belgium,
June 22, 2017.
Germany, France, Luxembourg, Switzerland, The Netherlands, and Canada.
Ferme de Mont-Saint-Jean -
A trainer and author of various articles in Information Security Audits, Business Continuity Governance, Chausse de
and IT Service Management, Pierre is also an international ISMS and risk management expert extending his
contribution to the elaboration of recommendations intended to improve the contents and the relevance of
Charleroi, 591- 1410 Waterloo.
international standards in the current market.
Co-Author
Due to limited availability of places,
early registration by e-mail to
advice@bewan.be is highly
encouraged to ensure your
participation!
Kirian Bosch Moline
With a master degree in Auditing, Security, Governance and ICT Law in The Autonomous University of
Madrid and experience in the Institute of Audit & IT-Governance as a Consultant in providing assurance and
consulting services related to IT governance, risk management, compliance and information security, today he
shares his knowledge and passion as a co-author at PECB Insights.
1
This also applies to revenue and expenditure. Each team member is actively
involved in the invoicing and collections process.
You are the CEO & Owner at Caridon Business Solutions. We work from various locations so we must use collaborative tools to stay in
It must have been quite the challenge to remain there for touch and provide information access. The cloud is excellent for storing and
more than 15 years? sharing information, but we still must guard against the risks of the cloud,
such as hacking, data integrity and accessibility.
No not at all. Ive always wanted to have my own business and took the
plunge when I was faced with my 7th Merger / Acquisition in less than 10
years, I knew I had to take my own services and ideas to market and not
someone elses.
4
What is the biggest challenge facing leaders today?
Change.
2
Ive just heard a conversation about how traditional leadership is now so
How do you encourage creative thinking within your out of touch with the knowledge, opinions and interests of the next two
organization? generations, that there is a fatal communications failure between over-55
leaders and the Millennials for example.
We work on an informal structure to ensure that all members of our team are Add to this the extreme almost seismic shifts in global technology that
free to do what they really enjoy, provided of course it adds to the companys happen every couple of months, like self-flying Uber cars, AI, Blockchain,
values and goals. There are no limitations except that it must add value to Brexit, The list is growing.
the services we offer -and thats a fairly wide list. I may be the CEO and owner Keeping up with all this means having to review your paradigms almost daily.
of the company, but in truth there are no bosses. We encourage our team
members to participate fully in setting the direction of the organisation, and
share ideas as often as we can.
We expect everyone to express their opinions and ideas with everyone for two
5
reasons:
to ensure that we support one another, and What is the worst professional mistake you made and
to get opinions and suggestions from the rest of the team and that way what did you learn from it?
the idea has always been improved.
I would encourage anyone to read the books Maverick and The Seven Day No excuses -Ive made quite a few, but perhaps the biggest was introducing
Weekend, by Ricardo Semler. The methods they describe turn accepted people with the wrong set of principles. It caused reputational damage, and
corporate business models and governance upside down in favour of the hard earned cash with nothing to show for it. It set us back 18 months.
human spirit.
3 6
What is the best professional move you made and why?
How do you manage Risk in your organization?
I guess taking the plunge to start my own business. Its was the kind of
We minimize risk through our operating model -which has until now served growth step that challenges you to find out what you are truly capable of, and
us well. failure cant be blamed on anyone else but yourself. Conversely, one of the
As a small select group, we limit the risk by keeping everything as simple as most exciting events is seeing money come into your account however small
possible. As a consulting and training organisation, the main risks would be the amount, when a client agrees to pay your first invoice.
financial, reputational and contractual.
Our Personnel risks are also key, but our team members are with us mainly
because they like to work with us. As the alternative saying goes: Your
34 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 35
7
What are the three top values/characteristics for success
and why?
Personal and corporate Integrity, because your integrity is all you have.
Compromise that and you lose everything.
Mutually beneficial relationships with interested parties -customers and
suppliers included. People dont like to do business with people they dont
trust and if they do then it becomes a win-lose relationship.
Team mutual respect and collaboration between team members. This must
be in the DNA of the organisation. There is no room for destructive politics,
gossip or brinkmanship. Its costly, slows down projects and damages, scars or
even disables relationships for a very long time afterwards.
8
What advice would you give someone going into a
leadership position for the first time?
Leave your EGO at home.
Have the humility to respect that your team trusts you to lead them, and you
are a leader because they chose you, not because you're superior in any way.
Your job is to encourage and enable your team to enjoy what they do and feel
that they have contributed something meaningful to their world.
9
What does matter the most to you?
People, enthusiasm and courage, because these will always get you out of bed
in the morning to go out and achieve great things.
38% to 32%
also focus on fair appraisals
as well as base promotions
in productivity rather than
hard work. When evaluating
leaders, organizations often
take into account leadership
Leading positions held by women
characteristics rather than
effectivity. CANADA UNITED STATES
26% 35%
and narrative abilities.
42 | PECB Insights / June, 2017 Source: Grant Thornton 2015 PECB Insights / June, 2017 | 43
have started working towards
eliminating this problem.
ROBERT MAZUR
THE INFILTRATOR
B E H I N D T H E D R U G C A R T E L O F M E D E L LI N
PECB
INSIGHTS
CONFERENCE 2017 KEVIN MITNICK
STANDA RD S, S ECU R IT Y & A U D IT I N G THE WORLDS MOST FAMOUS HACKER
GEORGE KOHLRIESER
FORMER HOSTAGE NEGOTIATOR
IMD BUSINESS SCHOOL PROFESSOR OF
LEADERSHIP AND ORGANIZ ATION AL BEH AVIOR
FATON ALIU MILLER A. ROMERO C HENRI HAENNI CARLOS ALFONSO
General Manager Management
Co-Founder, President and Consultants & Auditors S.A.S
Founder and Senior Consultant RESTREPO ORAMAS
COO at PECB at Abilene Advisors CEO of Restrepo Oramas SAS
Bogota
Canada Switzerland Colombia
Colombia
SBASTIEN GAMBS
JURIS PUCE MIKE GRAY MATHIEU LACHANE Security of Computer Systems
CEO at analytica.lv CEO at PIRII Australia Pty Ltd. Founder and CEO at Ubios Professor at Universit du
Latvia Australia Canada Qubec Montral (UQAM)
Canada
GENEVIVE
JACQUES BERGERON GUSTAF STAWSEN MRIO LAVADO
Former Auditor General of BROUILLETTE
The City of Montreal Training Development ofcer CISO at CENTIRO Solutions AB Partner at INOSERV
Canada at TS Formation Sweden Portugal
Canada
Speakers
GODIN Information Security Ofcer
Techno- Pedagogue at at Bombardier Aerospace
Pardeux Co-Founder and CEO at VoD2
Canada Canada
PROCESS BLOCK
STARTS OVER PUZZLE
HOW THE BITCOIN
BLOCKCHAIN WORKS Miner Solves Puzzle And
Creates A Proof of Work
VERIFICATION PROOF
OF WORK
Miners Verify The Miner Solves Puzzle And Gets A
Proof Of Work Proof Of Work in which miners use
their computing power to validate
and record transactions into a
PROOF OF WORK MINERS
public ledger
Bitcoin Governing
USD
financial system with the currency that undermines is an independent system
purpose of increasing efficiency, the consolidated behavior of communication, where
1,000
without direct state control and of government and central the rules and incentives are 500
governance consistency with governmental banks. Further, bitcoin provides established on the general
planning. However, the an antagonist standpoint of agreements among users in Jul 15 Sep 15 Nov 15 Jan 16 Mar 16 May 16 Jul 16 Sep 16 Nov 16 Jan 17 Mar 17 May 17
Ever since the payment system appearance of a digital currency, the centralized system, in the bitcoin network. There is
has taken the lead in the world particularly bitcoins in 2009, has terms of governing without no intermediary in the chain Seeing its growth potential, numerous magazines wrote about this
financial system as a medium revolutionized the traditional governments, indicating a network of communication new cryptocurrency causing its price to rise up to $9 per bitcoin. In
of exchange, it has undergone economic philosophy of shift of political resources between bitcoin users. 2011, the market value for all bitcoins in circulation was around $130
major challenges in regards centralized financial systems, while relying heavily on In November 2016, the Bank of million. However, as bitcoins price was constantly rising, disturbing
to the government economic whereby the central bank i.e., technology. Indeed, bitcoins are International Settlements (BIS) events began to bedevil its popularity. Some users started claiming
policies and other financial the US Federal Reserve Bank, not controlled by any central has questioned the ability of that substantial amounts of bitcoins had been stolen from their
institutions requirements. has direct control over other authority institution; they are banks to exert control over the computers stimulating a massive sell-off, thus lowering the price of
Generally speaking, the financial institutions. Thus, the rather defined by the bitcoin world economy, considering that bitcoin. Provided this massive fall, the market forces conspired to
payment system has taken bitcoin falls under the right wing protocol, implying the fixed this may put the power of central prevent the scheme. The speculators flocked to take advantage of
different forms from large of libertarianism values, which rate of money supply in the bank institutions at risk. such low prices causing an immediate increase in the price of bitcoin.
circle stones, cattle, metal aim at downsizing the control market. In addition, bitcoins
coins, and leather money of governments on the state do not serve as the lender of In addition, the decentralized Bitcoins in circulation
to modern coins, paper economy. last resort or pose any future system of bitcoins has source: blockchain.info
16,500,000
currency, credit cards and risk of hyperinflation in the transformed the conventional
digital currency. Considering In other words, Bitcoin represents market; however, there is a risk structure of centralized
16,000,000
the latest financial crises, it a modern decentralized digital of hyper deflation at the later systems regarding the lack of 15,500,000
BTC
is not unusual to witness the restrictions in international 15,000,000
More than ever, leading need to be certified against measured independently using
organizations are constantly internationally recognized capable auditors with experience
improving their business standards and comply with and knowledge regarding the
ADVANCED AUDITING TECHNIQUES processes and operations
through the implementation
its requirements. Not only to
distinguish themselves from
benefits and advantages that
business can achieve through
TRAINING COURSE EVENT NORTH AMERICA of internationally recognized competitors, improve their proper implementation of
standards to achieve their operational performance standards.
objectives and enhance or to assure clients of their
customer satisfaction. Businesses credibility; but in many highly Auditing ensures that businesses
today need comprehensive regulated sectors Management manage their key processes
controls in order to accomplish Systems Certification are not in a comprehensive and
their legal responsibilities, meet optional anymore but extremely effective way through analysis,
In the last years, our world has developing world, organizations their ambitions for growth in demanding. However, gaining a evaluation and review. As
profitability and quality, or certification alone is not enough. a fast growing field, thanks
changed a lot. Somehow, this are facing significant difficulties demonstrate discipline across An essential part of the to rigorous governance and
strongly globalized modern in managing efficiently their an organization. Being that our management system is the audit, regulatory requirements,
society is moving towards a which enables the company or auditing offers a surprising
world with rapid economic and businesses and the struggle zero risk tolerance, benefits of organization to demonstrate its variety of job opportunities.
social changes is creating new to become more successful is international standards extend achievements, the competence Working independently and
from organizations internal of management and how they traveling around the world
challenges in our lives. In this increasing every day. benefits to the socio-economic meet their objectives while while conducting audits against
global development. showing conformity to the nationally and internationally
standards. To ensure that a recognized standards is just one
Regardless the size or company is operating correctly, of many extraordinary benefits
complexity, organizations today Management Systems are best of being an auditor.
As the demands for Management This remarkable event experience and programs for conducting MS
Systems Certification are in empowers professionals and audits based on with best-known
place, PECB has established an leaders from around the world practices including ISO 19011, ISO
excellent detailed Management to unfold their full professional 17021-1 as well as the Generally
Systems Certification program potential and achieve worldwide Accepted Audit Standards (GAAS).
so companies can reach the recognized certification. Likewise, Not only did attendees learn how
highest level of performance, the event allowed participates to enhance, plan and execute
meet customer expectations to gain the confidence to start audits across organizations, they
and emphasize continual or advance a career in auditing also had the chance to share their
improvement. Following the management systems, develop knowledge, ideas and experience Lagos, Nigeria Dubai, United Arab Emirates
September 18 to 20, 2017 October 30 to November 1, 2017
necessary changes in improving risk-based thinking and create with one another while relaxing in events@pecb.com events@pecb.com
the certification process, PECB network opportunities with a beautiful environment.
has decided that the minimal successful experts. During this
requirement for someone to event, the participants had the It is the overall objective of PECB
perform Accredited Management chance to explore the beauty of an to help professionals expand their
Systems Audits for PECB is to amazing tropical city like Miami, educational capacity in various
successfully pass the Advanced its exclusive beaches, amazing fields and provide them with the
Audit Techniques exam, which cuisine options, classy culture, and knowledge to build an outstanding
is a requirement to obtain the fascinating sunset which happens career while having fun traveling
formal certification. The aim to be one of the most magical to different places. The ticket to a
of requiring this additional experiences, known as the golden successful career is being part of
certification is to make sure that hour. the PECB Certified MS auditors
PECB MS Auditors sharpen their network as it will open a world
auditing techniques to effectively Spread over several days, this of opportunity for individuals San Francisco, California Petaling Jaya, Malaysia
October, 2017 November 13 to 16, 2017
perform audits and not only to intensive training course event and allow them to demonstrate support@pecbnorthamerica.com southeast-asia@pecb.com
meet minimal requirements, but improves the auditors knowledge credibility and professionalism
exceed them. on how to manage audit teams within the business world.
70 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 71
TRAINER INTERVIEW WITH
ANDERS CARLSTEDT
Managing Director at PECB Nordics
To prepare I try to look at the material and ask myself is this something that can be
applied or of use if I was a student participating in this course? I then address this by
making sure I can explain in detail any area from a practitioners perspective.
Which subject do you teach more often? What are the advantages of the
mentioned training course?
I teach primarily risk, information and IT-security courses as well as MS Audit courses.
It provides the participant with a solution Platform and help students both get the
whole picture as well as detailed info on activities paired with the input on hands-on
experience from an internationally recognized expert in these areas.
Can you tell us about a time your training didnt have the good results you
expected. What happened and what did you learn?
This was a long time ago, about twenty years or so. A consulting company hired me to do a
course on a specific subject and then sold it as a different product to their clients. Needless
to say not all students were entirely happy... To make it work with the right partners.
If your students were asking you irrelevant questions, what would you do to
keep the training course on topic?
I simply tell them that it's unfortunately off topic but that I am happy to discuss it in the
next break.
People learn in different ways and with varying speeds. How would you ensure
everyone in your program develops their skills?
By always asking for feedback on speed, tone, focus, technique etc. and also using
various approaches to addressing the topic. Some people learn well by simply attending
lectures, other by participating in group exercises or by asking questions.
For example by trying to relate to the real world by relating to examples and war stories
and asking them about their experiences.
What advice would you give to new trainers in enhancing their training
dynamics?
Prepare before and make time to have students have their say on relevant topics.
72 | PECB Insights / June, 2017 PECB Insights / June, 2017 | 73
LOCATIONS
LIFESTYLE
was for an Archaeological dig
The
in Trujillo, in the North of Peru.
I spent one month digging a
Dream
buried city located in the desert
between two pyramids. The
second time was to discover
the archaeological wonders of
the South of Peru. This is when
I discovered Machu Pichu, one
of the most photogenic sites
Time Zone
Currency*
GMT-5 (five hours behind Greenwich Mean Time).
Nueco Sol (S/.)
There is no daylight saving time, and there is only
S/.1 = US$ 0.357 one time zone throughout the entire country.
US$1 = S/. 2.80
Natural Resources
Principal Languages Gold, copper, silver, zinc, lead, hydrocarbons,
Spanish / Quechua / Aymara fishing, phosphates, and agricultural products
Check out our new and improved www.pecb.com to find the information you Available in: Faster
are looking for.
We have created a modern new-look design with new functionalities, technical English User-Friendly Navigation
improvements to provide our visitors an easier way to find useful information
about our services. French Aesthetically Pleasing
SPECIAL THANKS TO OUR PLATINUM PARTNERS
A S I A
L A T A M
PECB AUTHORIZED
PARTNER
GOING ON IN
respect, we assure the continuity of
efforts to developing new courses and
maintain a continuous improvement
MAY
numerous changes and will continue on
our personalization voyage.
APRIL MAY
New Courses Updated Courses
ISO 31000 Lead Risk Manager
New Courses ISO 22222 Lead Manager
Be a PECB Certified
Data Protection Officer
Contact us at
customer@pecb.com
Connect the dots, capture
the bigger picture!
insights.pecb.com
When Standards Matter...