Risk Assessment for SaaS and Cloud Services
This session will address the general concerns shared by higher education institutions during risk assessment for SaaS and other cloud services, ie. vendor assessment, hosting environment assessment and application security & privacy assessment. There will be an initial discussion from the panel, then open up to the floor for Q&A. Each panel speaker will present on one of the topics from a general perspective along with examples taken from their own institutional settings. The topics cover a wide variety of issues from regulatory and compliance (FIPPA-PIA, PCI), policies and standards and misconceptions, data management and general obstacles. Attendees will come away from this presentation with a better appreciation for compliance requirements and best practices.
Manager, Infrastructure | Langara College
Manager, Records Management and Privacy | Langara College
Joanne has worked at Langara College since 2004 and was previously employed at ICBC. She manages Langara’s Records Management and Privacy department with responsibility for conducting privacy impact assessments, fulfilling access to information requests, providing advice on privacy issues to all levels of administration, and building employee awareness of privacy and access to information concerns. Joanne has a Master of Archival Studies degree from UBC and is a Certified Information and Privacy Professional, Canada (CIPP/C).
Senior Cyber Security Analyst | British Columbia Institute of Technology
Nthusi is a certified Cyber Threat, IT Risk Governance & Compliance professional who is experienced in Information Security (8 years), Business Analysis (7 years), Privacy Risk (1.5 years), and Assurance (2 years). She currently holds ITIL, COBIT®5, NIST Cyber Security Framework Implementation using COBIT®5 certifications and has strong cyber security standards expertise.
Prior to joining BCIT, Nthusi contributed immense value to client’s business by performing various consulting services such as Implementation of IT Strategy, IT Consulting, Business Process Reengineering\Improvement, IT Governance, IT Risk Assessments, Privacy Impact Assessments, compliance (SOC 2 Type 1\2, ISO27001\2, PCIDSS) IT Consulting Engagements.
Nthusi is a client focused professional with in-depth experience in working with various clients in different industry such as Public Sector, Financial Services, Banking, Transport & Tourism, Life Sciences & Health Care, Energy & Resources, and Technology, Education Telecommunication industry in North America, UK and Africa.
Lead Advisor, Privacy and Information Security Risks | University of British Columbia