ISACA Kampala Chapter

Huge thank you to everyone who joined our hybrid session with Uganda Management Institute (UMI) a couple days ago—and to our amazing speakers 👇 🙌 Bernard Wanyama (Immediate Past President, ISACA Kampala Chapter) 🙌 Catherine Bwire (Head of Information Security & Data Protection Officer, Eco Bank Uganda) 🎙️ Moderator: Martin Ogola (Academic Relations Director, ISACA Kampala Chapter) 🎓 Special thanks to: Assoc. Prof. Jennifer Rose Aduwo, Dean, School of Distance Learning & Information Technology — UMI 💬 If you attended, what was your favorite moment from the session or networking?👇 #ISACAKampala #UMI #DigitalDisruption #DigitalTransformation #BusinessStrategy #Leadership #Kampala #HybridEvent #Community #ProfessionalDevelopment #ThrivingInTech

📊 Turn risk into decisions that move the needle. 📅 Tue–Fri, Nov 25–28, 2025 🕘 9:00 AM–5:00 PM EAT 📍 National ICT Innovation Hub 💵 Members: UGX 1,000,000 • Non-Members: UGX 1,200,000 👉 Book your seat today #ISACAKampala #CISM #SecurityManagement #Urgent #FinalSeats

Have you checked out the ISACA 2025 #StateofCybersecurity report yet❗❓With stress on the rise, and staffing challenges that persist alongside continued cybercrime, what should security leaders do next? View the full report: https://bit.ly/46yoadD

Lead enterprise IT—now. ⏳ CGEIT Bootcamp Nov 25–28. Register today: https://bit.ly/4nT44Rk #ISACAKampala #CGEIT #ITGovernance #DigitalLeadership #GRC #BoardGovernance #EnterpriseIT #RiskManagement #StrategyToValue

🧭 Audit that stands up in the boardroom. 📅 Mon–Fri, Nov 17–21, 2025 🕘 9:00 AM–5:00 PM EAT 📍 National ICT Innovation Hub 💵 Members: UGX 1,000,000 • Non-Members: UGX 1,200,000 👉 Enroll now #ISACAKampala #CISA #ITAudit #LimitedSpots #ActNow

“Did we pass the audit?” isn’t the finish line anymore. Modern IT General Controls must withstand disruption, not just tick boxes. Why this shift matters ⚡ Threats change weekly; control spreadsheets don’t. 🏛️ Boards want operational continuity, not only attestations. 📊 Regulators are asking for evidence-in-motion (continuous assurance), not snapshots. What resilient ITGCs look like 🔁 Continuous — controls monitored 24/7 (logs, alerts, KPIs), not annual reviews. 🧭 Risk-linked — every control maps to a live risk scenario and business service. ☁️ Cloud-aware — IaC, least privilege, key rotation, and config drift detection baked in. 🧪 Tested — chaos drills, tabletop exercises, restore tests, and failover rehearsals. 🧩 Integrated — ITGCs feed SecOps/ITSM (incidents → problems → changes). 👥 Human-proofed — SOD, JIT access, and privileged activity recording by default. Move from pass/fail to perform/withstand 🧱 Identity first: enforce MFA + PAM + JIT for admins. 📦 Infrastructure as Code: scan policies before deploy (OPA/Policy-as-Code). 🗂️ Backups you can prove: immutable + offsite + restore drills. 🔎 Continuous evidence: automate artifacts (change logs, approvals, configs). 📈 Health metrics: RTO/RPO, MTTD/MTTR, % critical controls with live telemetry. A 30-day starter sprint 🗓️ Week 1: Map top 5 business services → link to critical controls. 🗓️ Week 2: Turn on continuous monitoring for 10 highest-impact controls. 🗓️ Week 3: Run one restore test + one access review (close gaps fast). 🗓️ Week 4: Tabletop a realistic outage → document decisions & fixes. Bottom line: Compliance shows you can operate; resilience proves you will, no matter what. 💬 Question: Which single control would you instrument for live assurance this month? #InfoSec2025 #ISACAKampala #ITGC #CyberResilience #ContinuousAssurance #Audit #GRC #CloudSecurity #OperationalResilience

🏛️ Govern IT at enterprise altitude. 📅 Tue–Fri, Nov 25–28, 2025 🕘 9:00 AM–4:00 PM EAT 📍 National ICT Innovation Hub 💵 Members: UGX 1,000,000 • Non-Members: UGX 1,200,000 👉 Register now: https://bit.ly/4nT44Rk #ISACAKampala #CGEIT #ITGovernance #Hurry #LastSeats

📌📌

Join us tomorrow! 📌 How can businesses strategically navigate the next era of growth amidst constant digital disruption? The ISACA Kampala Chapter, in partnership with the Uganda Management Institute (UMI), invites you to a timely discussion on our theme: "Thriving In The Era Of Disruptive Technology." Our session will focus on the topic: "DIGITAL DISRUPTION: Strategically Navigating The Next Era Of Business Growth." Gain insights from our distinguished panel: ▪️ Speaker: Bernard Wanyama (Immediate Past President, ISACA Kampala Chapter) ▪️ Speaker: Catherine Bwire (Head of Information Security and Data Protection Officer, Eco Bank Uganda) ▪️ Moderator: OGOLA Martin (Academic Relations Director, ISACA Kampala Chapter) Event Details: 📅 Date: TOMORROW, 4th November 2025 ⏰ Time: 6:00 PM - 7:00 PM EAT This is a hybrid event. You can join us: 📍 In-Person: Video Conference (VC) Room, UMI 💻 Virtually via Zoom: Meeting ID: 954 6674 3020 Passcode: 735063 Don't miss this opportunity to explore the future of business and technology. #ISACAKampala #DigitalDisruption #DigitalTransformation #BusinessStrategy #ThrivingInTech #Technology #Leadership #ISACA #UMI #EcoBank #HybridEvent #Kampala

Traditional GRC asks, “Are controls in place?” GRC 2.0 asks, “Are decisions informed, fast, and defensible?” Why this shift ⚡ Threats evolve faster than annual assessments 🏛️ Boards want outcomes (resilience, ROI), not just attestations 🤖 AI + cloud amplify both risk and velocity—decisions must keep up Pillars of Decision-Intelligent GRC 🧠 Context-aware risk → link risks to business services, customers, revenue 📚 Evidence on tap → live telemetry, audit trails, decision logs 🤝 Human-in-the-loop → clear owners, escalation paths, approval checkpoints 🔐 By-design controls → policy-as-code, guardrails in CI/CD & cloud 📈 Continuous assurance → control health, drift, and exceptions monitored 24/7  What it looks like in practice 🗺️ Risk-to-service maps → “If Service X fails, impact = Y” 🧾 Decision records → who/what/why/when for major risk calls 🔁 Closed-loop fixes → issue → change → validation → learnings captured 🧪 Adversarial tests → red/purple teaming, chaos drills tied to risk scenarios 🔗 Vendor intelligence → third-party risk tied to real usage & data flows Metrics that matter (beyond pass/fail) ⏱️ MTTD/MTTR for decisions (time to decide/respond) 🧮 Control reliability (% controls with real-time evidence) 🧭 Risk posture change (before/after a decision) 📦 Exception half-life (how fast policy exceptions close) 💬 Board clarity score (are risk decisions explainable in business terms?) 30-Day Starter Sprint 🗂️ Week 1: pick 3 critical services; map top risks + owners 🧰 Week 2: turn on live evidence for 10 key controls (dashboards > spreadsheets) 📝 Week 3: start a decision log for high-stakes changes/incidents 🧪 Week 4: run a 60-min tabletop; capture decisions, gaps, next actions Where AI helps (safely) 🔎 Summarize evidence & policies for decision briefs 🧩 Suggest control gaps from incidents & telemetry 📌 Draft board memos; humans validate, approve, and own Bottom line: GRC 1.0 proved you had controls. GRC 2.0 proves your decisions create resilience. 💬 Question: Which decision this quarter deserves a decision log + live evidence to make it faster and more defensible? #InfoSec2025 #ISACAKampala #GRC #DecisionIntelligence #RiskManagement #ContinuousAssurance #CyberResilience #CloudSecurity #AIGovernance