In This Section

TEC_graphic

Agenda

Date: August 22, 2019

8:30-9:45 A.M. General Session

The Odd Couple: IT Security & Audit

Brian O’Hara, CCSP, CISA, CISM, CISSP, CRISC, National Conference of Guaranty Funds

As part of the risk management universe, you might think these two groups would be in lockstep march, but in more cases than not, just the opposite has been found to be true. Typically, IT security sees the office of the chief auditor as a nemesis to be feared and fought with because “they don’t understand security.” And the financial or audit side of the house sees IT security as a sink hole for money and never-ending demands. Both lead to an atmosphere of non-trust and the development of silos.

In this session, O'Hara will examine the nature of these two often conflicting and convergent areas contained within risk management universe. He will explore the specific nature of and motivation behind each, such as regulatory compliance, data privacy, and defenses against mounting criminal forces from local and national state players.

He will also look at several examples of how these seemingly opposing forces can work together for the betterment of both sides and ultimately the organization for which they are both trying to manage risk in a sensible and effective manner.

9:45-9:55 A.M. Networking Break

It's time to network with colleagues and visit sponsor tables.

9:55-10:55 A.M. Breakout Sessions
  1. A Healthcare Ransomware Event: Case Study

    Brian O’Hara, CCSP, CISA, CISM, CISSP, CRISC, National Conference of Guaranty Funds

    In this breakout session, O'Hara will discuss issues surrounding a recent ransomware case that involved a local health care organization and review the procedures they used, and the lessons learned. He will discuss questions including:

    • Does your organization have a policy in place to handle such an event?
    • Do the people necessary in your organization know who to contact, and in what order, and the timeline for doing so should you encounter such a situation?
    • Does your organization have a prepared statement for the press that will adequately meet their immediate needs?
    • Do your staff know to NOT speak to anyone under any circumstances with clear NDA statement they sign at hire and annually?
    • Do you know who in law enforcement to contact and why?
    • Do you have and established relationship with counsel?
    • Do you have a contract in place for a specialty company to come in and assist at a moment’s notice?
    • Do you or your staff understand the flow of information?

     

  2. Demystifying SOC Reports

    Sean Katzenberger, CISA, Crowe, LLP

    This session dives deeper into SOC reports, their purpose and what you need to know when reviewing them. Questions are welcome through the session. Topics will include:

    • SOC 1, SOC 2, SOC 3 defined
    • SOC 2 Overview
      • Benefits
      • Key parties
      • Structure of the report
      • Changes from last year
      • Timelines
      • Best practices
      • SOC 2 Types – Readiness Assessment, Type 1, Type 2
      • End User Responsibilities
    • SOC 3 Overview
    • SOC for Cybersecurity Introduction


10:55-11:05 A.M. Networking Break

It's time to network with colleagues and visit sponsor tables.



11:05 A.M.-12:05 P.M. Breakout Sessions
  1. Cybersecurity Policies & Procedures: Why Every Organization Must Have Them

    Doriann Cain, Faegre Baker Daniels

    Policies and procedures are the foundation of any cybersecurity program. They help to minimize security incidents, set guidelines and ensure proper compliance with cybersecurity statutes. This session will provide a description of the types of policies and procedures you should have implemented and how to best combat security incidents through such documentation.

  2. Social Engineering: What Is It, If Not a Degree from Purdue?

    Chris Werling, Cornerstone Information Security

    Topics will include:

    • Clever examples
    • Phishing, vishing and smishing
    • Why does it work
    • Best practices and policies to secure your and your clients' information in today's insecure world
12:05-12:45 P.M. Lunch
It's time to have lunch with colleagues and visit sponsor tables.



12:45-2 P.M. General Session

Cyber Threat Landscape

Chris Knight and Jonny Sweeny, FBI

Topics will include:

  • Introductions and overview
  • Sources of cyber attacks
    • State sponsored versus financially motivated
  • Current trends and risks to each area
    • Phishing
    • Ransomware
    • BEC
    • IOT and SCADA
    • Cryptocurrency
  • Local case examples
    • Realtor fraud
    • Fake invoice/complaint
    • Ransomware
  • Future cyber risks
  • How to protect and prevent
    • Fraud kill chain
    • Two-factor authentication
      • Pivoting from one compromised account to another
    • Encryption
    • Be careful about attachments
    • Infraguard
2-2:10 P.M. Networking Break

It's time to network with colleagues and visit sponsor tables.



2:10-3:10 P.M. Breakout Sessions
  1. The Wild, Wi-Ld West … of Wi-Fi?

    Chris Werling, Cornerstone Information Security

    Topics will include:

    • When is Wi-Fi insecure and how insecure is it really?
    • What can hackers do to your devices when you are connected to Wi-Fi?
    • What is "Hotspot 2.0?"
    • Best practices and policies to secure your and your clients' information in today's insecure Wi-Fi world.

    

  2. GDPR at One Year Old: Has It Been a Success?

    Teresa Snedigar, CPA, CIA, CISA, MBA, Indiana Public Retirement System

    Many companies have been struggling with understanding GDPR and making sure it has been implemented correctly in their organization. This session will talk about the impact of GDPR, what results regulators are finding about the implementation of the law, and finally, what companies expect in the next couple of years in the world of data privacy.

3:10-3:20 P.M. Networking Break

It's time to network with colleagues and visit sponsor tables.

3:25-4:35 P.M. Closing General Session

Ethics in Cybersecurity

Teresa Snedigar, CPA, CIA, CISA, MBA, Indiana Public Retirement System

Ethics are important in all areas of business. When it comes to cybersecurity, there can be many ethical challenges. This session will explore some of the most common ones, including:

  • Challenges for cybersecurity professionals
  • Data collection and data mining
  • Internet of Things
  • Breach responses and notification



4:35 P.M. Adjourn

Don't forget to turn in your CPE form at the registration desk. Look for an event survey; please give us your feedback so we can create another great conference next year!