Chapter Croatia Virtual Meetup - Risk Management and Log4j / Log4Shell

Hello everyone, it’s time for our Q4 OWASP Croatia meetup. The topics will be delivered virtually, over Google Meet.

We have two topics this week:

• Slaven Smojver - IT Risk Management: What a (Competent) Corporation Wants?
• Round table discussion - Log4J / Log4Shell

See you!
Talk abstracts and bios follow:

Talk 1:

Slaven Smojver: IT Risk Management: What a (Competent) Corporation Wants?

Short description:
Risk management is the backbone of prudent business decision-making. So what do corporations expect from IT risk management? This presentation gives a very brief historical overview of the topic, presents what ISACA considers to be the best practice and focuses on the role of the “2nd line of defence” in IT risk management and on the process of risk scenario development.

Bio:
Slaven Smojver is director of the Information Systems Supervision Department in the Croatian National Bank (HNB). The department’s primary responsibility is supervision and assessment of IT risk in credit institutions, e-money institutions, payment institutions, payment systems and FinTech companies. Slaven obtained his Ph.D., M.Sc. and M.Eng.EE degrees from the University of Zagreb, Croatia. He authored several scientific papers and has presented extensively on various topics related to financial services supervision, control and management of information systems and information security in financial institutions. He is CRISC, CISA and CISM in good standing.

Talk 2:

Round table discussion - Log4J

Let’s talk and share information about the latest Log4J vulnerability. Bojan Ždrnja will give an intro of what we know so far, Vlatko Košturjak will show his NSE scanning script, and we will talk about experiences and issues regarding the latest firefighting efforts. Of course, you are invited to share your experiences, findings or concerns.