Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.
|
|
- Dorthy Nash
- 6 years ago
- Views:
Transcription
1 Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every day to protect against cyber-crime, safeguard consumer data, and maintain the integrity and resilience of their systems in face of countless cyber threats. During this session, panelists discuss defensive measures firms can take within branch locations. These measures include developing information security branch plans, training employees and other solutions. Moderator: Kevin Bogue Regulatory Principal, Sales Practice FINRA Chicago District Office Panelists: Tammy Boone Compliance Manager NEXT Financial Group, Inc. Robert Geary Director, IT Security Distribution Lincoln Financial Securities David Wimer Business Information Security Officer Transamerica 2018 Financial Industry Regulatory Authority, Inc. All rights reserved. 1
2 Branch Cybersecurity Controls Panelist Bios: Moderator: Kevin Bogue joined FINRA on January 9, 2017 as a Regulatory Principal in the Chicago District Office. Mr. Bogue is a member of the Sales Practice Cybersecurity team responsible for examining firms' controls over their protection of sensitive client and firm information. Prior to joining FINRA, Mr. Bogue has more than 17 years of information technology (IT) and security experience working as a technology consultant with Accenture, as an internal Global IT auditor, IT Compliance Manager and SOX Program Manager with Abbott Laboratories, as an IT Compliance Manager with Brunswick and as an internal IT Audit Manager with CDW. Mr. Bogue earned an MS in Information Systems from DePaul University in Chicago, IL and a BS in Psychology from Iowa State University in Ames, IA. Panelists: Tammy Boone joined NEXT in December 2010 and is currently the Compliance Manager overseeing Licensing, Registration and Branch Exams. Ms. Boone has more than 30 years of financial services experience in various capacities including support staff, branch operations, licensing, registration and compliance. Ms. Boone holds the Series 7, 9, 10, 63 and 65 licenses. Robert Geary is Director of IT Security - Distribution for Lincoln Financial Securities and has more than 23 years of Information Technology experience. Mr. Geary started with Lincoln Financial Group in 1998 and has held several technical positions throughout his career. He spent five years as a member of Lincoln s Cyber Threat Intelligence & Investigations Team, focusing on Incident Response, Endpoint Security Controls, and Vulnerability Management. He holds a Bachelor of Science degree in Mechanical Engineering from Drexel University along with several professional designations, including the Certified Information Systems Security Professional (CISSP) and GIAC Certified Incident Handler (GCIH). David Wimer has experience in information security, privacy and risk domains within telecommunications and finance industries. Mr. Wimer has more than 20 years developing, implementing and educating his business colleagues on practical security practices. Mr. Wimer is a Business Information Security Officer for Transamerica and has worked through examinations from both SEC and FINRA in the past two years on Transamerica s application of cyber security controls within their organization. Mr. Wimer s philosophy and primary focus in on continuous education of workforce at all levels and has built a respectable awareness and training program within Transamerica. Mr. Wimer had additional experience in building and implementing controls on third party risk and has past experience conducting and supervising security assessments of Transamerica external partnerships, vendors and cloud providers/solutions Financial Industry Regulatory Authority, Inc. All rights reserved. 2
3 2018 Cybersecurity Conference February 22 New York, NY Plenary Session: Branch Cybersecurity Controls
4 Panelists Moderator Kevin Bogue, Regulatory Principal, Sales Practice, FINRA Chicago District Office Panelists Tammy Boone, Compliance Manager, NEXT Financial Group, Inc. Robert Geary, Director, IT Security Distribution, Lincoln Financial Securities David Wimer, Business Information Security Officer, Transamerica 1
5 To Access Polling Under the Schedule icon on the home screen, Select the day, Choose the Plenary Session: Branch Cybersecurity Controls session, Click on the polling icon: 2
6 Polling Question 1 1. Do you have branch office locations? a. Yes b. No 3
7 Polling Question 2 2. Do you have formal branch office policies and procedures? a. Yes b. No 4
8 Polling Question 3 3. Do you provide formal guidance to branches as to what cybersecurity controls are expected to be in place? a. Yes b. No 5
9 Branch Cybersecurity Controls Why is it important: Many branch offices operate independently from the home office to set up computer systems and controls. Effective Practices: Policy / procedure created for branch locations Certification Cyber training not just an annual process Automated tools Branch examiners trained by IT to examine for cyber controls Data Loss Prevention (DLP) tools Recommend technology, software (e.g., antivirus) or vendors (e.g., cloud). 6
10 Branch Cybersecurity Controls continued Firms should have policies and procedures dealing with cybersecurity issues at branch locations. Topics include: Physical Security Encryption Virus and Malware Protection Reporting of Lost / Stolen Assets Patching The Use of Passwords Training and Awareness Business Continuity Planning / Testing Vendor / Cloud Usage Representative Certifications Processes in place to verify controls have been implemented and are functioning as intended. 7
11 Branch Cybersecurity Controls continued Firms with Independent Contractor model may have more risk due to the nature of the branch technology infrastructure. Reps may purchase their own assets Reps may not follow home office policies and procedures correctly Use of cloud providers not approved by the firm Physical security of assets Access to office is secure Process to report and manage lost/stolen assets Proper disposal of decommissioned assets Data protection controls (e.g., secure transmission and encryption) 8
12 Branch Cybersecurity Controls continued Typical controls would include: Proper access control including password management and multifactor logins Securely maintain branch assets including timely patching, antivirus, and updates Training and awareness of branch personnel (including contractors) Branch level Business Continuity (BC) and Disaster Recovery (DR) planning / testing Process to follow when an incident / breach has occurred 9
13 Branch Cybersecurity Controls continued All Firms with branch locations should verify and regularly audit security controls in the branch offices. Knowledge, through an inventory process, of critical software and hardware assets that exist in the branch. Physical security of assets, sensitive information and firm data: Access to branch office is secure Process to report and manage lost / stolen assets Proper disposal of decommissioned assets Data protection controls including: Secure transmission and storage of all sensitive information Encryption of all sensitive information on branch computers 10
14 Branch Cybersecurity Controls continued What are we seeing? Few firms conduct regular audits of branch office security controls Opportunity exists for firms to improve and formalize their oversight of branch offices Most firms with large numbers of branches have developed cybersecurity questionnaires that the reps attest Firms will audit branches on certain cyber related questions and controls in place; e.g., laptop encryption, endpoint protection, updated OS, password management, physical security Automated tools for monitoring branch equipment 11
15 References FINRA Cybersecurity Page: Small Firm Cybersecurity Checklist 2015 Report on Cybersecurity Practices Compliance Vendor Directory NIST Cybersecurity Framework: 12
Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.
Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m. It is crucial that small financial firms take proper cybersecurity measures to protect their customers and their firm. During
More informationVice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security
Plenary Session: Cybersecurity the Current Regulatory Environment: Insight from Regulators and Industry Experts Thursday, February 22 3:45 p.m. 4:45 p.m. With recent high-profile data breaches, cybersecurity
More informationSteps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.
Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m. The cyber threats are no longer a question of if, but when, a breach will occur. It is important
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationSALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually
SALARY $49.72 - $72.54 Hourly $3,977.88 - $5,803.27 Biweekly $8,618.75 - $12,573.75 Monthly $103,425.00 - $150,885.00 Annually ISSUE DATE: 03/21/18 THE POSITION DIRECTOR OF CYBER SECURITY OPEN TO THE PUBLIC
More informationChief Compliance Officer s (CCO s) Role in Cybersecurity Thursday, February 22 10:00 a.m. 11:00 a.m.
Chief Compliance Officer s (CCO s) Role in Cybersecurity Thursday, February 22 10:00 a.m. 11:00 a.m. Increased use of technologies such as mobile devices, social media and cloud computing has increased
More informationEffective Practices for Insider Threats and Third-Party Risk Management Thursday, February 22 10:00 a.m. 11:00 a.m.
Effective Practices for Insider Threats and Third-Party Risk Management Thursday, February 22 10:00 a.m. 11:00 a.m. Financial institutions are subject to threats on multiple fronts. Two threats of significant
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationDefensible Security DefSec 101
Defensible Security DefSec 101 Security Day November 2017 Information Security Branch Paul Falohun Senior Security Analyst Dan Lathigee Senior Project Manager Content 1 Introduction 2 DefSec for PSO 3
More informationNYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services
NYS DFS Cybersecurity Requirements Stephen Head Senior Manager Risk Advisory Services December 5, 2017 About Me Stephen W. Head Mr. Head is a Senior Manager with Experis Finance, and has over thirty-five
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationMust Have Items for Your Cybersecurity or IT Budget in 2018
Must Have Items for Your Cybersecurity or IT Budget in 2018 CBAO Regional Meeting Dan Desko (Senior Manager, IT Risk Advisory) Matt Dunn (Senior Security Analyst, IT Risk Advisory) Who is Schneider Downs?
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More information2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along
2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management Today s Speakers Olivia Munro Senior Marketing Specialist Eze Castle Integration Bob Shaw Director, Technical Architecture Eze Castle
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationRAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures
RAPID7 INFORMATION SECURITY An Overview of Rapid7 s Internal Security Practices and Procedures 060418 TABLE OF CONTENTS Overview...3 Compliance...4 Organizational...6 Infrastructure & Endpoint Security...8
More informationSOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2
Requirement Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationCybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security
Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the
More informationSecurity Program Design:
Security Program Design: A Critical Infrastructure Protection Model Experience, Dedication, and Leadership July 17-18, 2013 Toronto, Ontario CAN in Security EDUCATION Earn up to 16 CPEs Are you confident
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationEU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationCybersecurity: Ongoing Challenges and Increasing Threats (Medium and Large Firm Focus) Wednesday, May 25 10:00 a.m. 11:00 a.m.
Cybersecurity: Ongoing Challenges and Increasing Threats (Medium and Large Firm Focus) Wednesday, May 25 10:00 a.m. 11:00 a.m. Hear about the latest IT security threats to your clients and to your practice.
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationNYDFS Cybersecurity Regulations
SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationArt of Performing Risk Assessments
Clinical Practice Compliance Conference Art of Performing Risk Assessments October 2016 Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Member FBI InfraGard AGENDA Cyber Risk = Disruptive Business Risk Breaches:
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
8:30 10:30 May 6, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Kevin Wachtel Finance Director/Treasurer, Villa Park, IL Alex Brown Senior Manager,
More informationInformation Security Controls Policy
Information Security Controls Policy Version 1 Version: 1 Dated: 21 May 2018 Document Owner: Head of IT Security and Compliance Document History and Reviews Version Date Revision Author Summary of Changes
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationDUNS CAGE 5T5C3
Response to Department of Management Services Cyber Security Assessment, Remediation, and Identity Protection, Monitoring and Restoration Services Request For Information 131 Guilford Road, Bloomfield
More informationWelcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time
TM Plan. Protect. Respond. Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time Registration is open for the April webinar:
More informationCybersecurity Session IIA Conference 2018
www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationCOMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards
November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance
More informationTraining and Certifying Security Testers Beyond Penetration Testing
Training and Certifying Security Testers Beyond Penetration Testing Randall W. Rice, CTAL (Full), CTAL-SEC Director, ASTQB Board of Directors www.astqb.org Most organizations do not know the true status
More informationNot Just Another Day of HIPAA
Not Just Another Day of HIPAA Presented by: Patti Klingel, PhD, CPHQ, CRM, CHC Director of Corporate Compliance & Organizational Ethics United Church Homes, Inc. Disclosure I have no vested interest in
More informationMark Your Calendars: NY Cybersecurity Regulations to Go into Effect
Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect CLIENT ALERT January 25, 2017 Angelo A. Stio III stioa@pepperlaw.com Sharon R. Klein kleins@pepperlaw.com Christopher P. Soper soperc@pepperlaw.com
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationHow To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation
How To Establish A Compliance Program Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda High level requirements A written program A sample structure Elements of the program Create
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationOperations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ
Operations & Technology Seminar Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Roundtable Crowne Plaza Monroe, Monroe Township, NJ Tuesday, November 8, 2016
More informationRansomware. How to protect yourself?
Ransomware How to protect yourself? ED DUGUID, CISSP, VCP CONSULTANT, WEST CHESTER CONSULTANTS Ransomware Ransomware is a type of malware that restricts access to the infected computer system in some way,
More informationCybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank
Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank NJ Bankers Association Annual Convention May 19, 2017 Presented by: Jeremy Burris, Principal, S.R. Snodgrass,
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More informationCYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD
CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationFundamentals of Cybersecurity Controls Thursday, February 11 10:00 a.m. 11:00 a.m.
Fundamentals of Cybersecurity Controls Thursday, February 11 10:00 a.m. 11:00 a.m. The frequency and sophistication of cyber-attacks are increasing, and it is imperative to have fundamental controls in
More informationGEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards
GEORGIA CYBERSECURITY WORKFORCE ACADEMY NASCIO 2018 State IT Recognition Awards Title: Georgia Cybersecurity Workforce Academy Category: Cybersecurity State: Georgia Contact: Stanton Gatewood Stan.Gatewood@gta.ga.gov
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationHIPAA RISK ADVISOR SAMPLE REPORT
HIPAA RISK ADVISOR SAMPLE REPORT HIPAA Security Analysis Report The most tangible part of any annual security risk assessment is the final report of findings and recommendations. It s important to have
More informationHow Secure is Blockchain? June 6 th, 2017
How Secure is Blockchain? June 6 th, 2017 Before we get started... This is a 60 minute webcast For better viewing experience, close all other applications For better sound quality, please use headphones
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationSneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationNEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE
COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More informationE-guide CISSP Prep: 4 Steps to Achieve Your Certification
CISSP Prep: 4 Steps to Achieve Your Certification Practice for the exam and keep your skills sharp : Thank you for downloading our CISSP certification guide. Aside from this handy PDF, you can also access
More informationGoing Paperless & Remote File Sharing
Going Paperless & Remote File Sharing Mary Twitty Family Services Director Earnest L. Hunt-Director of Sub-recipient Monitoring Tammy Smith Program Director Introduction Define the subject matter Move
More informationt a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.
e info@ Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 19 August 2015 Microsoft CRM Online IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationBuilding the Cybersecurity Workforce. November 2017
Building the Cybersecurity Workforce November 2017 Our Global Footprint Measuring Kaplan University s Educational Impact For every career path +1MM students annually served Facilities in 30+ countries
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston
CYBERSECURITY Recent OCR Actions & Cyber Awareness Newsletters Claire C. Rosston DISCLAIMER This presentation is similar to any other legal education materials designed to provide general information on
More informationISE North America Leadership Summit and Awards
ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information
More informationISACA MOSCOW CHAPTER Chapter meeting 22 September 2016
ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016 Introduction Special guest speaker ISACA Audit committee member, Rosemary Amato Open dialog Wrap-up and close Special guest speaker CISA, CMA, CPA,
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationHealthcare Security Professional Roundtable. The Eighth National HIPAA Summit Monday, March 8, 2004
1 Healthcare Security Professional Roundtable The Eighth National HIPAA Summit Monday, March 8, 2004 Panelists John Parmigiani, Sr.VP for Consulting Services, QuickCompliance, Inc.; President, John C.
More informationCareer Paths In Cybersecurity
Career Paths In Cybersecurity Introductions Rob Ashcraft Sr. Technical Advisor 26-yrs in Information Technology 14-yrs in Information Security Held positions as Technician, IT Management, IT Sales Double
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationSOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE
SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SECURE AIRBORNE CONNECTIVITY: OVERVIEW Gogo Business Aviation realizes the ever-pressing need to be vigilant in staying ahead of potential
More informationSirius Security Overview
Sirius Security Overview Rob Hoisington IT Security Consultant www.siriuscom.com 8/18/2017 1 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Robert.Hoisington@siriuscom.com - 757.675.0101 Rob
More information