Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.

Similar documents
Vice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security

Chief Compliance Officer s (CCO s) Role in Cybersecurity Thursday, February 22 10:00 a.m. 11:00 a.m.

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Investigating Insider Threats

Effective Practices for Insider Threats and Third-Party Risk Management Thursday, February 22 10:00 a.m. 11:00 a.m.

NYDFS Cybersecurity Regulations

Cyber Risks in the Boardroom Conference

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

NERC Staff Organization Chart Budget 2019

The Deloitte-NASCIO Cybersecurity Study Insights from

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

NERC Staff Organization Chart Budget 2018

SOC for cybersecurity

NERC Staff Organization Chart Budget 2019

Cyber Security Program

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Les joies et les peines de la transformation numérique

NERC Staff Organization Chart Budget

NERC Staff Organization Chart Budget 2017

Cybersecurity: Ongoing Challenges and Increasing Threats (Medium and Large Firm Focus) Wednesday, May 25 10:00 a.m. 11:00 a.m.

NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

Business continuity management and cyber resiliency

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

NERC Staff Organization Chart Budget 2017

How to Prepare a Response to Cyber Attack for a Multinational Company.

Getting Your Privacy House in Order

Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018

Cybersecurity and the Board of Directors

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

NERC Staff Organization Chart

DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Cyber Crime Seminar 8 December 2015

Anatomy of a Data Breach: A Practical Guide for Small Law Departments

The Widening Talent Gap: The greatest security challenge of our time

BHConsulting. Your trusted cybersecurity partner

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Effective Cyber Incident Response in Insurance Companies

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Global Statement of Business Continuity

New York DFS Cybersecurity Regulation:

Advising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015

Data Privacy & Protection

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Security and Privacy Governance Program Guidelines

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

THE INTERNATIONAL INSTITUTE OF CERTIFIED FORENSIC ACCOUNTANTS, INC. USA. CERTIFIED IN FRAUD & FORENSIC ACCOUNTING (Cr.

DATA BREACH NUTS AND BOLTS

Sage Data Security Services Directory

Professional Training Course - Cybercrime Investigation Body of Knowledge -

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

PCI compliance the what and the why Executing through excellence

How Secure is Blockchain? June 6 th, 2017

Hacking and Cyber Espionage

Information Security Governance and IT Governance

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

BHConsulting. Your trusted cybersecurity partner

It s Not If But When: How to Build Your Cyber Incident Response Plan

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Incident Response Services

Cyber Risks, Coverage, and the Board of Directors.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Cybersecurity. Securely enabling transformation and change

Industrial Control System Cyber Security

Measuring Cyber Risk Understanding the Right Data Sources. Sponsored By:

NYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services

Bringing Cybersecurity to the Boardroom Bret Arsenault

AUDIT REPORT. Network Assessment Audit Audit Opinion: Needs Improvement. Date: December 15, Report Number: 2014-IT-03

falanx Cyber ISO 27001: How and why your organisation should get certified

CYBERSECURITY AND THE BOARD OF DIRECTORS TIPS FOR SECURING SUPPORT FOR YOUR CYBER RISK MANAGEMENT PROGRAM

Security Takes Center Stage

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

manner. IOPA conducts its reviews in conformance with Government Auditing Standards issued by the Comptroller General of the United States.

Financial Regulations, Enforcement & Cybersecurity

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

CLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

Building and Testing an Effective Incident Response Plan

DOWNLOAD OR READ : MANAGING CYBERSECURITY RESOURCES A COST BENEFIT ANALYSIS THE MCGRAW HILL HOMELAND SECURITY SERIES PDF EBOOK EPUB MOBI

Transcription:

Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m. The cyber threats are no longer a question of if, but when, a breach will occur. It is important to have a cybersecurity plan in place so you are ready to act if your organization experiences a data breach. Join panelists as they share effective steps organizations can take to prepare for an attack. Moderator: Lloyd Glavocich Principal Examiner, IT ROOR FINRA Member Regulation, Office of Risk Oversight and Operational Regulation Panelists: Brian Donadio Principal and Head of Global Business Continuity Services Vanguard Laz Montano Chief Technology Risk and Security Officer Voya Financial 2018 Financial Industry Regulatory Authority, Inc. All rights reserved. 1

Steps to Take Now to be Ready if Your Organization is Breached Panelist Bios: Moderator: Lloyd Glavocich has been an IT professional since 1982, with many years spent in the development, management and support of both the Examination Systems and Surveillance Systems Programs in his 20- year tenure with the New York Stock Exchange s Regulatory Technology division. He is currently a FINRA Principal IT Examiner with a concentration on Cybersecurity, Data Governance and IT Governance. Mr. Glavocich advises the FINRA examination staff in conducting technology related reviews, in addition to performing reviews for his own examinations. Mr. Glavocich has had professional experience in key areas of IT, including application development, systems administration, database administration, project management and technology controls. Mr. Glavocich was responsible for shepherding the NYSE examination process to the laptop platform for distributed scope execution at member firms in 1995. Mr. Glavocich has also worked for Siemens and Cap Gemini as a developer in an early portion of his career. Panelists: Brian Donadio is Principal and head of Business Continuity Services at Vanguard, where he leads the team of business continuity professionals who have enterprise-wide responsibility for ensuring that Vanguard is prepared, around the globe, to face a wide range of business disruptions. Mr. Donadio previously was Principal and Senior Counsel in the Legal & Compliance Division, where he led the team responsible for litigation and dispute resolution, global privacy and data protection regulation, and various legal risk management matters. In addition to working with Vanguard's U.S. and international retail, institutional, and financial advisor businesses, Mr. Donadio and his team partnered closely with other areas across Vanguard, including information technology, information security, fraud prevention, business continuity, enterprise risk, and enterprise data governance. Mr. Donadio joined Vanguard after serving as a law clerk in the U.S. District Court for the Eastern District of Pennsylvania and working as a litigation associate at Dechert LLP. Mr. Donadio graduated cum laude from the University of Michigan Law School and received his B.A., with honors, from the University of Pennsylvania. Laz Montano serves as the chief technology risk and security officer for Voya Financial, responsible for providing leadership, management and strategy for all aspects of technology risk and information security. His first and second lines of defense teams manage and align the company to industry best practices. They take a broad, risk-based approach in effectively safeguarding company, employee and customer information across Voya products, channels and lines of business. Mr. Montano joined Voya in June 2014, bringing more than 25 years of information technology and security experience to his role. Before joining Voya, Mr. Montano was the chief information security officer at MetLife, a Fortune 50 financial services company spanning 46 countries with 70,000 employees, serving 90 million customers. He was accountable for the creation and maintenance of security infrastructure, information security policy, risk assessments, incident response, security awareness and training programs. He also serves on the National Technology Security Coalition s (NTSC) Board of Directors, representing the financial services industry. In this role, he helps influence the strategic direction of the NTSC and joins chief information security officers (CISOs) who represent a broad cross-section of enterprise companies. These CISOs have a vested interest in protecting the security of their customers and employees through policies that improve national cybersecurity standards and awareness. Mr. Montano completed his undergraduate studies at Charter Oak College and the University of Connecticut, and received a Master of Business Administration (MBA) degree from Rensselaer Polytechnic Institute. He is a Certified Information Security Manager (CISM) and holds Certified in the Governance of Enterprise IT (CGEIT) accreditation. 2018 Financial Industry Regulatory Authority, Inc. All rights reserved. 2

2018 Cybersecurity Conference February 22 New York, NY Steps to Take Now to be Ready if Your Organization is Breached

Panelists Moderator Lloyd Glavocich, Principal Examiner, IT ROOR, FINRA Member Regulation, Office of Risk Oversight and Operational Regulation Panelists Brian Donadio, Principal and Head of Global Business Continuity Services, Vanguard Laz Montano, Chief Technology Risk and Security Officer, Voya Financial 1

Discussion Agenda Firm s Response Team Assembling Crisis Task Force Exercising of Playbook Scenarios Involvement of External Resources Assessment of Losses Communications Plan 2

Firm s Response Team Response Team Structure Incident Response Playbook Functional Involvement Business Response Communications / Media Relations Technology Tooling and Capabilities Assigned Personnel 3

Assembling Crisis Task Force Clearly identified lines of communication Clearly identified gold copy of information Identification of Command Centers (in person / remote) Technology-to-Business communication Establishing a Senior Crisis Leader Crisis Management Coordinator Knows all actors and responsibilities / keep actors focused 4

Exercising of Playbook Scenarios Red Team / Blue Team Exercises All inclusive to ensure lockstep understanding. Clarity of responsibilities. Announced and Unannounced Exercises Importance of Reports and Post Mortems Learning and Fortifying Playbook 5

Involvement of External Resources External Resources may include: Legal Counsel with Crisis Experience Consultants and Advisors Service Providers Should be included in exercises Essential that employees know external contributors Must be able to be mobilized at a moment s notice 6

Assessment of Losses Ascertain a picture of impact, to the extent possible Include known data and monetary losses Prepare to communicate all that is known Issue caveat that the situation in still developing Establish methods to receive updates: Hot lines, Websites, Media Contacts 7

Communications Plan Create and socialize crisis communication plan Establish restrictions for engaging the Media Communicate to regulators, customers & employees Avoid the negative interpretation of no comment If caused by criminal act, coordinate with: FBI and Law Enforcement to stand shoulder-to-shoulder Frame the situation to instill confidence in resolution 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback