1 / 22

6th Annual Cybersecurity Event

Join us for the 6th Annual Cybersecurity Event presented by ISACA Charlotte Chapter and Co-Sponsored by Dixon Hughes Goodman and SailPoint, Inc. Learn from industry experts on topics such as the state of cybersecurity, validation of cybersecurity resources, public-private partnerships, securing data files, and performing a cyber risk assessment. Network with professionals in the field and have a chance to win door prizes.

millers
Download Presentation

6th Annual Cybersecurity Event

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 6th Annual Cybersecurity EventDecember 4, 2018Presented ISACA Charlotte Chapter& Co-Sponsored by Dixon Hughes Goodman & SailPoint, Inc.

  2. Agenda • 7:30 Registration / Breakfast / Networking • 8:00 Welcome & Announcements – Deborah Troxell, ISACA - Charlotte Chapter President • 8:05 State of the Union for Cybersecurity – Brian N. Cyprian, FBI - Charlotte Cyber Task Force • 9:05 Validation of Cybersecurity Resources - Bryan Warren, MBA, Atrium Health - Carolinas • HealthCare System is Atrium Health • 10:35 Break / Networking / Door Prizes • 10:55 – Discussion Panel – The Value in Public Private Partnerships in Cybersecurity • Moderator: Bryan Warren • Speakers: Brian Cyprian, FBI Joseph Szczerba, FBI James Kidwell, Infraguard Tom Tollerton, Dixon Hughes Goodman Jeff Spivey, Security Risk Management Inc

  3. Agenda (continued) • 12:30 Buffet Lunch / Lunch Keynote: SheLeadsTech – InTech for Girls TarlonKhoubyari, Intech • 1:30 A Step-by-Step Approach to Securing Data Files - Mike Sheeran, SailPoint • 2:30 Break / Networking / Door Prizes • 2:50 Performing a Cyber Risk Assessment – Stephen Head, Experis • 3:50 TBD • 4:50 Training Event Wrap Up • 5:00 Event Adjourns

  4. 8:05 – State of the Union for Cybersecurity The interconnected nature of our digital society provides for efficiency and convenience but also creates opportunities for malicious activity. The presentation will address cyber threats, recent trends and how to engage with the FBI in the event of a cyber incident.

  5. 9:05 – Validation of Cybersecurity Resources Security, in almost any industry, can be an incredibly challenging proposition. A safe and secure work environment is not impossible, but it is much more than just “guns, guards and gates.” It requires subject matter expertise in a broad spectrum of subjects including operational, physical, network and cyber security controls while meeting and exceeding a myriad of ever evolving regulations from just as broad a spectrum of agencies promulgating such rules and standards. In this presentation, we will explore some of the more common issues regarding day to day workplace security and how the addressing of these issues is necessary for the continued safe provision of services for staff, clients and visitors to our facilities.

  6. 10:55 – The Value in Public Private Partnerships in Cybersecurity While incidents can happen at any time and any place, the relationships and shared resources that public and private partnerships provide can greatly assist in detecting, discouraging and when necessary defending your security sensitive areas and key resources should an adverse event occur. Cultivating public and private relationships ahead of time, familiarity with key agency stakeholders and responders, how they each operate and knowing what to look for and who to report incidents to are the best defenses for protecting your areas and for recovering should an incident occur. One step every person responsible for security and emergency management in their organization should consider is developing relationships with law enforcement and emergency management agencies in your area through active participation in professional associations, by inviting public agencies to visit your business, and working together to share important information so that organization leaders know about the proactive security measures being taken to ensure a positive experience and to mitigate risks before they can happen. Remember, good security is a business enabler, not just an overhead cost.”

  7. 12:30 – Buffet Lunch / Lunch Keynote: SheLeadsTech – “InTech for Girls” INTech is a 501(c)3 nonprofit whose mission is to INFORM and INSPIRE girls to INNOVATE in the technology industry. Khalia Braswell, a 2013 NC State computer science graduate, started the nonprofit organization to expose middle-school aged girls to coding. INTech has hosted several camps in Charlotte, as well as numerous cities in South Carolina and California, and held its first camp at NC State in June 2017. INTech Camp does very important work in inspiring young girls and attracting them to the computer technology industry.

  8. 1:30 – A Step-by-Step Approach to Securing Data Files The proliferation of sensitive data stored in files continues to accelerate at exponential rates, creating an ever-increasing attack vector. Users are extracting sensitive data from applications and creating new content, including documents, reports and presentations stored across various ungoverned repositories such as file shares and cloud storage systems. How can your organization leverage identity information about users, applications and files, to more quickly identify risks and address compliance issues? During this presentation, attendees will: • Discover how to identify sensitive data stored in files and applications • Understand risky permissions and access models • Learn an effective approach for applying security policies and controls • Explore strategies for complying with the GDPR, HIPPA, PCI, NYS DFS, etc.

  9. 2:50 – Performing a Cyber Risk Assessment • Managing cyber risk in today’s digital environment is extremely challenging regardless of your industry. In response to the growing frequency and severity of cyber-attacks, many organizations have decided it’s time to focus more resources on reducing cyber risk, starting with a cyber risk assessment. This approach to proactively dealing with the risk of cyber-attacks increases the organization’s awareness of the potential impacts and costs, and enables them to take actions that reduce the overall risk to the organization, minimize the impact of cyber-attacks, and help ensure the continuity of essential services. • In this session: • • Participants will gain an understanding of the root causes of security breaches and how this is impacting the changing regulatory landscape. • • We will also review the most popular cyber governance frameworks

  10. Speaker Bio • Bryan Warren • Bryan Warren holds a bachelor’s degree in Criminal Justice, an MBA with a focus on legal foundations of healthcare and has over 29 years of healthcare security experience. He is a contributor to numerous publications and has served on several national taskforces including the U.S. Centers for Disease Control and the Dept. of Health and Human Services Office of Infrastructure Protection. Bryan is a Past President of the International Association for Healthcare Security and Safety (IAHSS), a Sector Chief in the FBI’s Infragard program in the Charlotte N.C. region and most recently has been involved with the creation of Workplace Violence standards and best practices for US businesses through OSHA and other regulatory agencies.

  11. Speaker Bio • Brian N. Cyprian • Brian N. Cyprian has been a Special Agent since 2005 and supervisor for the Charlotte Cyber Task Force since March 2016. Cyprian develops strategy to defeat cyber adversaries and to protect U.S. critical infrastructure. He is responsible for informing critical stakeholders and citizens, specifically those who are located North Carolina, of vulnerabilities and schemes. Both criminal and national security computer intrusions are investigated by the Charlotte Cyber Task Force and emphasis is placed on proactively developing relationships prior to cyber incidents. Prior to reporting to Charlotte, Cyprian was assigned to FBI Headquarters, Cyber Division, where he managed national security computer intrusion investigations. Cyprian has a B.S. in Computer Information Systems and a MBA from Texas A&M University –Commerce. He has several computer certifications, to include the CISSP and GIAC’s Certified Intrusion Analyst.

  12. Speaker Bio • Tom Tollerton • Tom Tollerton is a IT Advisory Senior Manager for Dixon Hughes Goodman (DHG). Tom has 15+ years of experience in the cybersecurity field, manages the firm’s cybersecurity services, specializing in cyber risk assessments, PCI compliance assessments and data breach incident response. • Tom’s experience includes performing cybersecurity risk assessments, PCI compliance assessments for Fortune 500 merchants and financial institutions, SOC 1 and SOC 2 reporting, targeted system security assessments, and data breach incident response. • Tom advises on development of holistic security governance and risk management programs integrated into IT and business operations across a wide variety of industries including financial institutions, retail merchants, technology service providers, healthcare entities, manufacturers, insurance companies, professional services, government contractors, and state and local government agencies.

  13. Speaker Bio • James Kidwell • James leads Novolex’s IT Governance and Compliance program and collaborates with leadership, IT and business teams to provide high quality strategic advisory and support services for IT internal controls, cybersecurity, information security, governance, risk and compliance. • James has over 20 years of increasing responsibility technical and management experience in higher education, telecommunications, healthcare, manufacturing and food service. He holds a Juris Doctor degree from Salmon P. Chase College of Law, a Bachelor’s degree in Philosophy with a Business Administration Minor from Northern Kentucky University, and he maintains ISACA’s Certified Information Systems Auditor certification. • James serves the community through volunteer leadership on Charlotte area and national professional organization chapter Boards and committees, including ISACA, Cloud Security Alliance and InfraGard. He is enthusiastic about public-private partnerships to advance our related professions and protect our nation’s critical infrastructure sectors. • James can be reached at james.kidwell [at] novolex.com or (980) 498-4113.

  14. Speaker Bio • Joseph Szczerba • Joseph Szczerba is currently a Supervisory Intelligence Analyst and serves as the Intelligence Program Coordinator for FBI Charlotte. Mr. Szczerba is responsible for managing the FBI intelligence production and integration across the state of North Carolina. Mr. Szczerba also has led intelligence teams during fast-paced, critically important situations in response to National Security and Criminal threats within the FBI Charlotte domain. • Mr. Szczerba has extensive experience briefing domestic and international intelligence leaders on cyber threats and trends, including a former FBI Director, a former United States Director of National Intelligence, and international directors of intelligence from across Central and South America at the United Nations Office on Drugs and Crime in Panama City, Panama. • Previous to his current position, Mr. Szczerba led a hybrid Cyber Intelligence Team within FBI Charlotte and he was the FBI Strategic Cyber Domain Manager for the Southeast United States in Jacksonville, Florida. Mr. Szczerba started his FBI career in the Counterterrorism Division at FBI Headquarters in Washington, DC. • Mr. Szczerba received his Juris Doctor degree from the University of Buffalo and is admitted to the bar in the District of Columbia. He completed his Bachelor’s Degree in History and American Studies at St. John Fisher College in Rochester, NY. Mr. Szczerba holds multiple certifications, including CISM, CISSP, GPEN, and GCIH.

  15. Speaker Bio • Jeff Spivey • Jeff Spivey, a career security professional, is founder/CEO of Security Risk Management, Inc., a security consultancy providing unique perspectives of Security’s role in business and enterprise risk management. Mr. Spivey’s served four years as International Vice President of ISACA’s Board of Directors. Recently, Vice President of RiskIQ a leading edge Cyber Security Risk Intelligence service used by global banks and enterprises emerging to understand technology risk. Senior Advisor for AGINGO, a super fast Blockchain start up in Charlotte. • Following six years’ service as a police officer, Mr. Spivey entered the private sector where he was responsible for management of various business operations for NCNB (now Bank of America) and quickly rose to senior security management of the multi-state banking system. In 1989. Mr. Spivey established Security Risk Management, Inc. to provide strategic insight and program development for diverse banking, corporate and governmental clients. Information and Information systems is exposed to the new risk of cyber security. Mr. Spivey's unique understanding of security and his perspective of how security should enable the business provides a framework for leveraging and exploiting IT Cybersecurity risks to the advantage of the enterprise. • Mr. Spivey holds the highest certifications in the IT and security management professions, including the CRISC certification from ISACA (Information Systems Auditing and Control Association) and Board Certified as a Certified Protection Professional (CPP) from ASIS International. The author of the Bank Security Desk Reference and contributor of articles in professional journals; he has been a featured speaker at many security and IT risk management and counter-terrorism conferences worldwide. Mr. Spivey is certified through Sandia Laboratories to assess business risk in critical infrastructure. He has a thorough understanding of both traditional and cyber security issues and where companies should best manage security related risk to make the company more profitable for their shareholders. In addition to currently serving in leadership as an International Vice President on ISACA’s Board of Directors for several years, Mr. Spivey was past International President and Chairman of the Board of ASIS International, the world’s largest professional security association. Currently a member of the U.S. State Department’s Overseas Security Advisory Council (OSAC), past member of the United States Justice Department’s Judicial Security Advisory Council and a founding member of the Cloud Security Alliance (www.cloudsecurityalliance.org).

  16. Speaker Bio • TarlonKhoubyari • TarlonKhoubyari is the Program Director of INTech Camp for Girls where she coordinates the high school program and inspires the next generation of female engineers. Her technology journey began in programs like INTech which fueled her passion for technology. She is currently pursuing her degree in Information Systems at UNC Greensboro as an online student and has a technology-lifestyle blog, Is Anyone Really Listening? and techytk on Instagram.

  17. Speaker Bio • Stephen W. Head • Stephen has broad-based experience in IT audit management, information security and management consulting spanning a variety of industries. He has led numerous engagements pertaining to regulatory compliance, IT governance and aligning controls with multiple internationally recognized standards and frameworks. • Stephen is the author of the internationally recognized Internal Auditing Manual as well as Practical IT Auditing, both published by Thomson Reuters. Stephen is a former ISACA Charlotte Chapter President and ISACA International Vice President. He served for two terms as the International Chair of the ISACA Standards Board, and was instrumental in the creation and rollout of the CISM certification. He also served on the AICPA National Accreditation Commission and was a member of the AICPA Information Technology Executive Committee.

  18. Speaker Bio • Mike Sheeran • Mike has worked for almost a decade helping organizations struggling to address risk and governance initiatives with a focus on unstructured data. He works with SailPoint customers to address challenges with unstructured data both on-premises and in the cloud.

  19. ISACA Charlotte Chapter Vision & Mission • VISION STATEMENT • To be the recognized leader in the Carolinas for IT governance, control and assurance. • MISSION STATEMENT • To promote and support professional development of members through cost-effective education, networking opportunities, and certification preparation and maintenance. • Cultivate membership within business and academic communities, and partner with other professional associations in the Carolinas. • Develop professional leaders through board, committee, and educational opportunities. • Promote knowledge sharing to keep members informed of IT governance, control and assurance opportunities and changes. • Promote IT governance and control framework to business and academic communities. • Emphasize IT security and governance disciplines, while maintaining core assurance focus.

  20. Upcoming ISACA, Charlotte Chapter Events

  21. Upcoming ISACA, Charlotte Chapter Events 03.12.19 – Emerging Technology & Leading Practices (8 CPEs) 06.04.19 – Annual General Meeting & Topic(s) TBD (8 CPEs) 09.10.19 – Common Theme TBD (8 CPEs) 10.15.19 – Joint IIA/ISACA CPE Event 12.03.19 – 7th Annual Cybersecurity Conference (8 CPEs)

  22. We Value your Feedback • Send us your training wants and needs • CPE and Social Events • Topics • Training Formats • Speakers • Sponsors • Tell us what you like and dislike about Chapter Programs • Venue Locations • Catering • Any other thoughts regarding ISACA Chapter Programs Contact: programs@charlotteisaca.org

More Related