Date: 22 October 2009, Thursday Venue: Ballroom 1 Amara Hotel 165 Tanjong Pagar Road Singapore 088539 Time: 8.00am to 11.45am   Exclusively for Insurers and Capital market services companies MAS has sent out strong advisory for the adoption of sound control processes in managing technology risks and the implementation of security practices since 2001. Recently, guidelines have also been issued to review security practices in technology areas such as network and systems security, password protection, two factor authentication and data loss prevention <Circular No. SRD TR 02/2009: Technology Risk Management Circular for Insurance and Capital market industries> Any security breach today must now be disclosed. It can result in financial loss, massive loss of customer confidence and even imposition of punitive regulatory strictures by the authorities. Can we choose to ignore it?

8.00 am   Registration and breakfast     8.30 am   Keynote address: What does Technology Risk Management mean to you? (Don't ask, don't tell?) The financial crisis has driven financial institutions to be more creative in reaching out to their customers, offering more products and services over e-channels. The introduction of new technologies presents more opportunities of fraud—within or outside the organisation. Some regulators may not take the lead and prefer to watch and wait, to avoid incurring costs and causing inconvenience to the markets. With MAS spearheading regulatory initiatives, Singapore offers a unique landscape, building its reputation as one of the most trusted financial nation in Asia. Is our system fair? Learn more about the potential implications of overlooking regulatory recommendations. Ho Wah Lee, Executive Director, Risk Advisory Services KPMG Singapore     9.00 am   Question and answers     9.15 am   Refreshment break     9.30 am   Managing Network and Systems Security Risk Hacking, network and systems security incidents and offences must now be "promptly reported to MAS as well as the police". Establishing a trusted and hardened infrastructure that is secure, reliable, available and recoverable will be your immediate challenge. Learn how you can secure your existing environment, automate monitoring and system reporting for security validation. Alok Panda, Director, Infrastructure Solution Practice, HP Enterprise Business     10.00 am   Effective Password Protection and Two Factor Authentication Deploying strong cryptography and authentication mechanisms to protect customer and employee passwords, data and transactions are not good enough. Privileged users such as back office staff also need strong authentication and access control measures. A centralised security infrastructure integrating strong authentication, authorisation, identity, access management and audit can help mitigate such technology risks. Mah Kah Hoe, Director, i-Sprint Innovations     10.30 am   Refreshment break     10.45 am   Data Loss Prevention: Endpoint Security Sensitive customer data stored in endpoint devices needs to be protected by strong encryption and not just conventional logical access controls. A multi-layered endpoint data security using encryption and data leakage prevention technology is necessary to protect confidential customer data in notebooks, PCs and portable storage devices. David Chow, Country Manager, Singapore, Sophos     11.15 am   Data Loss Prevention: Protecting Data at Rest Data security classification policies need to be in place for data in network and files stored in servers, databases, backup media and storage area networks. Understand how system-based data encryption can protect confidential data at rest. Hendra Sulaeman, Consultant, HP StorageWorks, Hewlett-Packard Asia Pacific & Japan     11.45 am   End of seminar

Ho Wah Lee heads the IT Advisory group responsible for delivering IT advisory, information risk management, IT security and project risk management services. He is a member of the KPMG Global IT Advisory Executive Council, a governance group responsible for setting up strategic plans and policies on IT advisory services for KPMG globally. Wah Lee has more than twenty five years of experience in the IT industry, covering information systems planning, system design, programming, system management, business software implementation, project management, IT auditing and IT security. He has worked with clients in various industries including government, financial institutions, real estate companies, distribution and manufacturing companies.

Hewlett-Packard website As always, please let me know if you prefer not to receive these emails from me. If you received this e-mail from a friend and/or would like to subscribe to our e-mail list to receive future updates or offers, please click here. For more information regarding HP's privacy policy or to obtain contact information please visit our privacy statement or write to us at: Privacy Mailbox, 20555 SH 249, Houston, Texas 77070, ATTN: HP Privacy Mailbox. © 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.