Technology Risk Partner
BioSteve leads the Technology Risk Assurance practice in the UK, with specific focus on the data analytics and IT audit controls environment for large corporates and multi-nationals. Prior to joining BDO, Steve spent 16 years with PwC with Technology Assurance practice.
Steve has been involved in leading and delivering large high-profile technology assurance and data analytics engagements, including across complex data environment in the gaming and retail sector, transformation of IT audit and risk management at a high profile global bank, leading the technology and remediation workstreams for the SOX integration of the Lloyds Bank and HBOS businesses.
Steve has a deep insight over key data analytics and technology threats, including:
• Advanced Data Analytics
• SAP, Oracle
• Cyber & Data Security
• Vulnerability Management
• IT Project Assurance
• IT Resilience
• Data Management
• IT Outsourcing
• IT Risk Governance & Risk Management
• IT Audit Support
Steve has worked with many high-profile clients including Deloitte, Bwin Party, Monsoon,
Specsavers, Lloyds Bank, RBS, EMI Music Publishing, Honda Motor Europe ltd., Playtech, L&Q Housing Whitbreeed PLC.
11:15 - 12:05 (05/10/2018)
In the presentation we will explain that traditional intrusion tests are not enough to face new trends of cybersecurity attack, both personalized and directed (Advanced Persistent Threat - APT). Simulations of real and controlled intrusions, of Red Team exercises; are necessary to put yourself in the skin of the attacker, reproducing all his steps before reaching the goal.
The session will develop the Red Team methodology in conducting audits on cybersecurity risks, from the preparation of the attack, the exploitation of vulnerabilities, the execution of malicious actions and the elimination of traces, as well as how these tests complete the traditional audits of Ethical Hacking. For this, we will have the case study of the implementation of a Red Team and the applicability of this new approach to audit cybersecurity controls in the internal audit plans of the Organization.