ISACA Arctic Conference

Longyearbyen, Svalbard (Spitzbergen), Norvegia
Manifesto Arctic Conference
Mercoledì, 27 Aprile, 2022
Giovedì, 28 Aprile, 2022
Venerdì, 29 Aprile, 2022

A meno di 1400 km dal Polo Nord, in una terra dove gli orsi polari sono molti di più degli esseri umani e le motoslitte più delle auto, dove il buon senso non è più tanto buono, dove lasciare la rete idrica fuori terra è più sensato che interrarla, i Chapter ISACA di Norvegia, Svezia e Finlandia, con il supporto degli altri Chapter europei ci invitano alla prima


Funken Lodge

Longyearbyen, Isole Svalbard (Norvegia)

27-29 Aprile 2022

L'aeroporto di Longyearbyen (LYR) è collegato con voli giornalieri con l'aeroporto di Oslo Gardemoen (OSL) da SAS e da Norwegian. Durante il periodo della Conferenza, alle Isole Svalbard sarà perennemente giorno


Per maggiori informazioni puoi contattare:
 Luca Pertile
 Vicepresidente AIEA
 luca.pertile @
oppure direttamente (in inglese, norvegese e svedese)
Magnus Solberg
 ISACA Norway Vice President
 +47 932 87 525


Dove sono le Svalbard


* program might be subject to change up until the start of the conference, due to unforeseen events.

Conference Agenda

Wednesday, April 15th

Conference introduction by the arrangement committee.
Living in the Digital Ecosystem - How to Survive and Prosper
Much has been said and written about the global digital transformation. In Europe in particular, some scepticism exists, and there is concern about what the digital ecosystem will bring. This keynote session will highlight new developments and the way forward in the global digital age. It will further outline how professional organizations - like ISACA - can and must move forward to meet the challenges of the new ecosystem.
Rolf von Rössing, Vice President of ISACA International Board of Directors
Quantum Computing: A Re-Evolution
Quantum Computing modifies many of things we take for granted in businesses today. The way we create and keep secret is challenged and quantum technologies disrupt different vertical, many sectors. Built on the theory of quantum physics, if quantum computers would exist they would represent a gigantic leap in computing power and the way we use technology.

But do they exist and what can we do with them? There are massive investments around the world in this discipline and, in the very same way that the space race and the fight for nuclear power have been instrumental in recent decades, we are experiencing now not an era of changes but the change of an era.

By attending this session attendees will understand the actual situation of quantum technologies and what they mean for organizations, the challenges we will encounter and, most importantly, the impact it has on the way we govern the Enterprise IT. Since quantum computing is not an evolution. It’s a Re-Evolution.

Ramses Gallego, Security, Risk & Governance Intl. Director with MicroFocus and former ISACA Board of Directors

When Russian Trolls and Fake News become Security Threats - How to Counter Them
 Jessikka Aro is a Finnish journalist working for Finland's public service broadcaster Yle. In September 2014, she began to investigate pro-Russian Internet trolls, but became a victim of their activities herself.
This harassment led to three people being convicted in October 2018. In 2019 she was notified that she was to receive an International Women of Courage Award but this was rescinded just before the ceremony.
Jessikka Aro, awarded reporter and public speaker
Break - make sure you change into (warm) and comfortable clothing in preparation for..
Wilderness Evening - the Arctic Experience
Camp Barentz boasts an amazing location right below Mine 7, at the foot of the mountain Breinosa. One of the buildings at the camp, Barentz Hus, is a copy of the cabin that the discoverer of Svalbard, Willem Barentz, overwintered in on Novaya Zemlya in 1596. At Camp Barentz, one often see Svalbard reindeer, and even grouse and foxes if you are lucky, and the hosts are prepared in the unlikely event a polar bear should get close.
As we arrive at the cosy wooden cabins we will be met by the evening’s host. Good drinks and a delicious homemade reindeer stew will be served, together with campfire coffee and dessert. Welcome to a real Svalbard meal!
After a tasty dinner, it is time to learn more about the King of the Arctic. Whilst sitting around the bonfire, the host will share information and photos about our most famous residents. Here you’ll learn lots of new fun facts about polar bears.
We recommend wearing comfortable, warm outdoor clothing and warm shoes, since there can be a cold draught from the floor. Remember that we will spend some time outdoors also. Clothes may smell of smoke after the tour.
Thursday, April 16th
Human Intellingence and AI - What does this mean for security?
Artificial intelligence (AI) systems take inspiration from human intelligence, whose definition changes or fluctuates. While AI capabilities continue to improve, much remains unknown about human intelligence. Cybersecurity professionals are encouraged to “think like attackers,” yet much remains unknown about the cognitive processes that influence and impact decision-making. 
This suggests rather than “thinking like attackers” the real goal is to think holistically, encompassing strategic and tactical knowledge, knowing when to apply each type when. While AI continues to improve in many areas, many gaps still remain and that is where security exploitations occur. 
The purpose of this talk is to map out the various aspects of human intelligence and AI, applying to cybersecurity examples, to illustrate gap areas and the potential impact of overlooking the gaps.
Dr. Char Sample, Chief Research Scientist - Cybercore Division at Idaho National Laboratory 
Audit Committee - How to critically assess your current and future GRC strategic investment.
In the last century most of the boards could rely solely on management to oversee and manage risk, not directly dealing with risks involving social media, cyber security and other technology related matters, or risk management beyond financial risk. The nature of risk enterprises are facing today in everyday business means that boards must factor risk as an integral part of organizational strategy incorporating technology as well as other environmental factors.

In many of my assignments, executives and boards were facing challenges of “doing more with less”. Whilst managing complex business transactions, managers struggle to strike a balance between adding value while managing risks. The most common methodologies they wanted to see in the recommendations relate to productivity improvement, capacity building or employee engagement. However, these methodologies are not always an appropriate response.

If so, how do you critically assess your current and future GRC strategic investment? How can you develop your own insights and create pragmatic guidance for when to stop and when to accelerate in your digitalisation journey?

Today’s businesses operate with business complexities we have never managed before—facing operational risks that hold the potential to destroy them overnight. In this session we will cover one approach to developing the GRC strategy by strategic sorting of priorities.

Lilliana Grbic, VP Cloud Engagement & Communications at SAP

How to break into any company: Tales from a (professional) hacker
Rob Shapland is an ethical hacker with 11 years of experience of planning and executing full-scale criminal attack simulations against all types of companies.

Rob specialises in dressing up as various different characters in order to break into buildings, and in this session will tell stories of how the attacks unfolded and teach valuable lessons on how you can protect your company.

Rob Shapland, Head of Cyber Services at Falanx Cyber 
Cybercrime - a real threat to society
Are we prepared for the escalating cyber threat?
Do we protect ourselves well enough, what are the costs of the cyberattacks for society and companies, what will be the social consequences of this evolution, is it possible to protect ourselves-in such cases how? 
Adressing these issues, there will also be presented some possible solutions.

Jan Olsson, Swedish Police Authority

What does Project Managers need to know about Cybersecurity?
An organization can either incorporate security guidance into its general project management processes, or react to security failures. Whether implementing new ERP or moving your infrastructure to the cloud, effective project management is essential. But without cybersecurity knowledge, any project could open an organisation to exploitation. 
With the threat of cybercrime continue to boom and with GDPR introducing data privacy reform in 2018, the security of your projects is more important than ever. It’s crucial that project managers educate themselves on cybersecurity principles, so the organisation does not need to react to security failures, but rather avoid them altogether.

This talk will guide us through must-know cybersecurity essentials for project managers and go over practical protection measures that can be applied immediately by any organisations project management team.

Ausra Gustainiene, Head of PMO at McKesson Europe AG
Quantum Safe: Is your crypto prepared for quantum computing?
Large scale quantum computing is seen to pose a great threat to many important cryptographic schemes used today. Protecting against this is seen to require additional, or even replace controls. 
While there has been quite many tech forecasts on when each type of QC technology will be ripe enough to crack something worthwhile (the “quantum event”), the practical information security domain is less studied. The most hyped scenarios for the “quantum event” are not even clear what exactly the event is, and are based on the most pessimistic assumption. 
We will in this talk take a look at the more common use cases for cryptography (such as integrity-related services, like bitcoin; data-at-rest, etc.), and lay out the practical reasons why, when, and what to do when  the quantum threat seems ever more imminent.
Dr. Mikko Kiviharju, Research Manager at Finnish Defence Research Agency
Protecting your enterprise with Human Risk Intelligence
With over 90% of information security incidents caused by human errors or behaviour, the effectiveness of cybersecurity culture program becomes paramount for a successful cybersecurity program. 
Improving cybersecurity culture is always challenging, as it is a long-term project that has to go beyond the classical Security Awareness. This session focuses on importance of using objective data to measure human risk and on how it can be used to unleash the power of your security culture program. It also covers available methods of measuring human security risk and most effective security culture program enablers.
Vadim Gordas, Head of IT & Cyber Risk at Zopa
H@cking for Everybody
Tobias Schrödel introduces his audience to the world of hackers and gives them a sneak peak into the dirty secrets of IT. In that, he uncovers various security gaps of personal computers and mobile phones that concern all of us – all while being entertaining. Not only are there many “aha“-moments, but at least equally as many “ahahaha“-moments.

Passwords are being cracked within seconds, discrediting information from the "darknet" is made public, information gathering is explained and a smartphone gets hacked aside all that.  All examples shown on stage are real and live, but anonymized. For information on risks and side-effects ask your data security officer - or Tobias Schrödel.

Tobias Schrödel, IT Comedian and professional speaker

Break - have a drink at the bar, and get your groove on in preparation for..
Gala Dinner
A full, five course dinner, carefully paired with wine from the well renowned wine cellars of Svalbard will be served as we go into our last evening of the official program. Following the dinner, we might get lucky to see the sponsors have something planned at one of the few hot-spots of Longyearbyen..
During dinner, we'll be subject to these two interesting performances from the stage:
Robot Drone Hacking 
Old vulnerabilities have new consequences when code and hardware meet the physical world. In this session, Carsten from Transcendent Group, will demonstrate how wireless network vulnerabilities make a robotic drone vulnerable to hijacking while operating in the air. In addition, he will talk about how both toy drones and semi-professional robots can be vulnerable to manipulation and hacking.

Finally, the audience will have the opportunity to hack a robot drone live on stage. If you want to hack, you need a mobile phone with the following app installed (the winner gets the drone!):
Android: (and optionally a mac with macOS or PC with Linux.)

Friday, April 17th

Can’t change the Cyber-security Game? Change Its Structure.

Within companies, cybersecurity has a finite setup; with procedures, protocols, plans and structures all taking up capacity and time. When created, these setups align with available cycles. Today, however, with agile development cycles, we must adjust and align the update cycles with testing cycles. No longer does “one-size-fit-all” work. Recognizing this requirement is the first step - and not being aware is a recipe for disaster.


In this session you will learn:

- How an elite army of global ethical hackers with infinite creativity and tools can help you overcome these challenges.

- How these vetted hackers can support you in your fight against hackers with malicious intentions.

- And how to let them help you win the infinite game you are up against.

Rijk Vonk, Sales Director, SynAck

Out of Control – how the adtech industry is systematically exploiting users mnemonic


As we move around on the internet and in the real world, we are continually tracked and profiled for the purpose of showing targeted advertising. But what kind of information is actually being collected about us? Who is it being shared with? What are they using my consumer profile for? Are app developers truthful in how they are handling personal data? And perhaps most importantly – are app users even aware this data is being collected in the first place? 
Together with the Norwegian Consumer Council, mnemonic investigated 10 popular Android apps to answer these exact questions. We dove into the dark ecosystem of digital advertising and emerged with staggering results - app developers and third party advertisers are systematically violating GDPR and sharing personal information with hundreds of shadowy companies in the adtech industry about our interests, habits and behaviours.

The findings from the report spread globally and were reported on by over 750 news agencies, including the New York Times, BBC, NRK, Forbes, TechCrunch, amongst others, have resulted in GDPR violation complaints being filed against national data protection authorities and Grindr being suspended from Twitter’s MoPub advertising platform.

Andreas led the security assessment of the apps in question, and in this session he will run through how the apps were tested, what he found, and the fallout from the report.

Read the report here: 

Andreas Claesson - Senior Security Consultant, mnemonic

Workshop: COBIT - Transition into 2019.
Released way back in 2012, COBIT 5  was finally uptdated again to it latest version - COBIT 2019. The 2018 winner of John Kuyers award for best speaker, Bruno Horta Soares, will through this workshop take us through the major changes coming with this latest version, and how to best adapt the new framework to governance of IT in todays digital businesses.
Bruno Horta Soares, President ISACA Lisbon Chapter
DevSecOps: So what else is new?

This presentation will give an alternative view on how continuous development, operation and security works hand in hand, and show that the DevSecOps we in the IT industry have “invented” actually have been best practice in other industries for ages.

Esten Hoel, SVP Quality & Security, Basefarm

Sponsor talk: Watchcom
Sponsor talk: TBA
Sponsor talk: TBA
Conference ends.